Date   

Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere - Fri, 01/24/2020 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Hyperledger Fabric Documentation Workgroup call - Eastern hemisphere

When:
Friday, 24 January 2020
6:00am to 7:00am
(GMT+00:00) Europe/London

Where:
https://zoom.us/j/6223336701

Organizer:
a_o-dowd@... +441962816761

Description:
Documentation workgroup call.
Agenda, minutes and recordings: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group


configtxlator: error: open /dev/stdout: permission denied, try --help

Siddharth Jain
 

Hello

I have a simple question. I am trying to copy the output of configtxlator but get this error

```
$ configtxlator proto_decode --input ./foo.block --type common.Block | pbcopy -
configtxlator: error: open /dev/stdout: permission denied, try --help
```

I also tried using sudo but it still gives the error. For comparison below does not give me any error

```

$ echo "Hello World" | pbcopy -

```

Does anyone know how I can fix this? thanks


Re: Peer/Orderer memory usage

Baohua Yang
 

There's a known goroutine leakage in 1.4.4. You may need to apply this patchset.


On Thu, Jan 23, 2020 at 7:42 AM Eryargi, Hakan via Lists.Hyperledger.Org <hakan.eryargi=accenture.com@...> wrote:

Hi,

 

During our performance tests, we noticed that, both peers’ and orderers’ memory usage is increasing under load and they do not release the claimed memory when the load is removed.

 

Is this expected? Anything we can do about it on the configuration side?

 

Peers: Up to 15G -> This is especially very high

Orderers: Up to 4G

 

Fabric version: 1.4.4

 

Thanks,

Hakan

 

 

 

 




This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com



--
Best wishes!

Baohua Yang


Hyperledger Project Quarterly Update Due #tsc-project-update - Thu, 01/23/2020 #tsc-project-update #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Hyperledger Project Quarterly Update Due #tsc-project-update

When:
Thursday, 23 January 2020

Organizer:
community-architects@...

Description:
Please file a project status report for the TSC here:

https://wiki.hyperledger.org/display/TSC/Project+Status+Updates


Chaincode gets instantiated but not able to invoke or list it #fabric #fabric-chaincode

Mrudav Shukla
 

I have a 3 Organisation (2 Normal Organization and 1 Orderer Organization) architecture on aws-eks. Each of the organizations has their own ca and tlsca. I have been able to generate the genesis block, the msp anchor transactions and the peers are able to join and create the channel as well as install the chaincode.

I am, however, facing issues when I instantiate the chaincode. The chaincode gets instantiated as seen from the docker-in-docker container. However, when I try to list the instantiated chaincode it does not come up.

I have gone through the following issues:
  1. https://stackoverflow.com/questions/56735065/chaincode-is-instantiated-but-doesnt-appear-in-the-list-of-instantiated-codes
  2. https://stackoverflow.com/questions/46045970/why-peer-chaincode-instantiate-execuate-many-times-successfully/46048140#46048140
  3. https://stackoverflow.com/questions/46035198/why-chaincode-instantiate-success-but-query-failed
These issues hint at errors in ordering service endpoints. I am using raft with 3 nodes and these nodes are able to connect with each other. Apart from this, when I submit peer chaincode fetch command from the peer or the cli container for fetching the block from the orderering service (node 1, 2 or 3), I am able to retrieve the blocks.

However, when I try to list the chaincode it shows nothing.

Following are the logs that I'm getting on peer:

2020-01-23 17:30:42.834 UTC [ConnProducer] NewConnection -> DEBU be6c Creating a new connection
2020-01-23 17:30:42.837 UTC [grpc] infof -> DEBU be6d transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2020-01-23 17:30:42.837 UTC [grpc] DialContext -> DEBU be6e parsed scheme: ""
2020-01-23 17:30:42.838 UTC [grpc] DialContext -> DEBU be6f scheme "" not registered, fallback to default scheme
2020-01-23 17:30:42.838 UTC [grpc] watcher -> DEBU be70 ccResolverWrapper: sending new addresses to cc: [{raft2orderer.<domain>.in:7050 0  <nil>}]
2020-01-23 17:30:42.838 UTC [grpc] switchBalancer -> DEBU be71 ClientConn switching balancer to "pick_first"
2020-01-23 17:30:42.839 UTC [grpc] HandleSubConnStateChange -> DEBU be72 pickfirstBalancer: HandleSubConnStateChange: 0xc000368a60, CONNECTING
2020-01-23 17:30:42.850 UTC [grpc] HandleSubConnStateChange -> DEBU be73 pickfirstBalancer: HandleSubConnStateChange: 0xc000368a60, READY
2020-01-23 17:30:42.850 UTC [ConnProducer] NewConnection -> DEBU be74 Connected to {raft2orderer.<domain>.in:7050 [OrdererMSP]}
2020-01-23 17:30:42.850 UTC [deliveryClient] connect -> DEBU be75 Connected to raft2orderer.<domain>.in:7050
2020-01-23 17:30:42.850 UTC [deliveryClient] connect -> DEBU be76 Establishing gRPC stream with raft2orderer.<domain>.in:7050 ...
2020-01-23 17:30:42.851 UTC [deliveryClient] afterConnect -> DEBU be77 Entering
2020-01-23 17:30:42.851 UTC [deliveryClient] RequestBlocks -> INFO be78 Starting deliver with block [1] for channel <channel_name>
2020-01-23 17:30:42.851 UTC [msp] GetDefaultSigningIdentity -> DEBU be79 Obtaining default signing identity
2020-01-23 17:30:42.851 UTC [msp] GetDefaultSigningIdentity -> DEBU be7a Obtaining default signing identity
2020-01-23 17:30:42.851 UTC [msp.identity] Sign -> DEBU be7b Sign: plaintext: 0AC1090A3B08051A0608C2B0A7F10522...01120D1A0B08FFFFFFFFFFFFFFFFFF01 
2020-01-23 17:30:42.851 UTC [msp.identity] Sign -> DEBU be7c Sign: digest: D8737137258DF932B21B3D16CC73C7A34FC652912476A90C14AAC8E3094E24D2 
2020-01-23 17:30:42.852 UTC [deliveryClient] afterConnect -> DEBU be7d Exiting
2020-01-23 17:30:42.853 UTC [blocksProvider] DeliverBlocks -> ERRO be7e [channel_name] Got error &{FORBIDDEN}
2020-01-23 17:30:43.884 UTC [gossip.comm] func1 -> DEBU be7f Got message: GossipMessage: tag:EMPTY hello:<nonce:9881102125581302162 msg_type:IDENTITY_MSG > , Envelope: 17 bytes, Signature: 0 bytes
Following are the logs that I'm getting on orderer:

2020-01-23 15:20:26.159 UTC [comm.grpc.server] 1 -> INFO 640 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=10.1.128.81:24518 grpc.peer_subject="CN=peer1OrgA.<domain>.in,OU=peer,O=Organization,L=Bengaluru,ST=Karnataka,C=IN" grpc.code=OK grpc.call_duration=997.532µs
2020-01-23 15:20:26.914 UTC [common.deliver] deliverBlocks -> WARN 641 [channel: <channel_name>] Client authorization revoked for deliver request from 10.1.128.81:50256: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
The following are the snippets from my configtx.yaml file:

Channel Policies:

Channel: &ChannelDefaults

    Policies:

        Readers:

            Type: ImplicitMeta

            Rule: "ANY Readers"

        Writers:

            Type: ImplicitMeta

            Rule: "ANY Writers"

        Admins:

            Type: ImplicitMeta

            Rule: "MAJORITY Admins"

    Capabilities:

        <<: *ChannelCapabilities

Application Policies:

Application: &ApplicationDefaults

    Organizations:

    Policies:

        Readers:

            Type: ImplicitMeta

            Rule: "ANY Readers"

        Writers:

            Type: ImplicitMeta

            Rule: "ANY Writers"

        Admins:

            Type: ImplicitMeta

            Rule: "MAJORITY Admins"

    Capabilities:

        <<: *ApplicationCapabilities

Organizations:

Organizations:

    - &Orderer

        Name: Orderer

        ID: OrdererMSP

        MSPDir: ordererOrganizations/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR('OrdererMSP.member')"

            Writers:

                Type: Signature

                Rule: "OR('OrdererMSP.member')"

            Admins:

                Type: Signature

                Rule: "OR('OrdererMSP.admin')"

    - &Orga

        Name: Orga

        ID: OrgaMSP

        MSPDir: peerOrganizations/orga.<domain>.in/msp

        Policies:

            Readers:

                Type: Signature

                Rule: "OR(‘OrgaMSP.admin', ‘OrgaMSP.peer', ‘OrgaMSP.client')"

            Writers:

                Type: Signature

                Rule: "OR(‘OrgaMSP.admin', ‘OrgaMSP.client')"

            Admins:

                Type: Signature

                Rule: "OR(‘OrgaMSP.admin')"

        AnchorPeers:

            - Host: peer0orga.<domain>.in

              Port: 7051

Capabilities:

Capabilities:

    Channel: &ChannelCapabilities

        V1_4_3: true

        V1_3: false

        V1_1: false

    Orderer: &OrdererCapabilities

        V1_4_2: true

        V1_1: false

    Application: &ApplicationCapabilities

        V1_4_2: true

        V1_3: false

        V1_2: false

        V1_1: false


I have also enabled the NodeOUs and set the config.yaml at appropriate MSPs except for the Orderer. From the logs it looks like peer is trying to fetch blocks from the orderer but the orderer gives back 403 error to the peer. The Channel/Readers policy states allow "ANY Readers" and the requesting identity peer/admin does have appropriate rights for this. 

Any ideas where I am getting this wrong?


Re: #fabric-questions Fabric Networking #fabric-questions

Nye Liu <nye@...>
 

If you plan on running a p2p node on the public internet, ideally it should be secured such that a firewall (other than possibly a simple port whitelist at the router) isn't needed.

If you believe a firewall is needed, put them all in a shared VPN or put each in a DMZ each with a public address and only allow the protocol ports (or ssh if you don't have a jump box in the DMZ). If you run a patchwork of NAT/forwarding hacks, you are inevitably going to run into DNS/TLS issues unless you are very careful.

In my experience, people generally overly rely on firewalls instead of addressing node security directly.

On 1/23/2020 10:24 AM, Cavell wrote:
Apologies for the confusion in my wording,

I accidentally used firewall instead of router. Since the nodes are in different locations, its hard to access them without port forwarding them. From an initial glance, it seems like to build the network, I'll need to port forward all the nodes and make the publicly accessible to deploy them in different locations. I'm concerned about the security risks of doing so since anyone can access the nodes so long as they have the public address and port number.

Thanks for the quick responses,
Cavell Teng


#fabric-questions Fabric Networking #fabric-questions

Cavell
 

Apologies for the confusion in my wording,

I accidentally used firewall instead of router. Since the nodes are in different locations, its hard to access them without port forwarding them. From an initial glance, it seems like to build the network, I'll need to port forward all the nodes and make the publicly accessible to deploy them in different locations. I'm concerned about the security risks of doing so since anyone can access the nodes so long as they have the public address and port number.

Thanks for the quick responses,
Cavell Teng


Documentation Workgroup: Agenda for Friday, 24 Jan

Anthony O'Dowd <a_o-dowd@...>
 

Hello!

We will hold the documentation workgroup call this Friday, both Western and Eastern hemispheres.  A big welcome to everyone - another great turn out last week - thanks to everyone who attended!

The summary minutes for last week's meeting: https://wiki.hyperledger.org/display/fabric/Meetings

You can read all about the call at https://wiki.hyperledger.org/display/fabric/2020+01+17+DWG+Agenda It included an update on V2 from Pam and Joe, an overview of the ledger API from Matthew, Commercial paper network updates from Nik, and a discussion on rationalizing introductory material, also from Nik. You can catch up via the recording: https://wiki.hyperledger.org/display/fabric/Recordings

You'll see that there are lots of interesting items for this week: https://wiki.hyperledger.org/display/fabric/2020+01+24+DWG+Agenda
Please feel free to contribute using the wiki!

You can also help build next week's agenda: https://wiki.hyperledger.org/display/fabric/2020+01+31+DWG+Agenda

Really looking forward to more great work on Fabric documentation in 2020!

Pam, Anthony,  Joe, Nik

Meeting Details
-------------
Please use the following link to attend the meeting:  https://zoom.us/j/6223336701

The meeting times are as follows: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group

Meeting 112A: Friday 24 Jan
                    1130 India Standard Time
                   1400 China Standard Time
                   1500 Japan Standard Time
                   1700 Australia Eastern Time
                   1400 Singapore Time
                   1000 Gulf Standard Time
                   0900 Moscow Standard Time
                   0600 Greenwich Mean Time
                   0700 Central European Time    

Meeting 113B: Friday 24 Jan
              1000 Central Daylight Time
                   1100 Eastern Daylight Time
                   0800 Pacific Daylight Time
                   1300 Brasil Time (BRT)
                   1600 Greenwich Mean Time
                   1700 Central European Time
                   1800 Moscow Standard Time

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Peer/Orderer memory usage

Eryargi, Hakan
 

Hi,

 

During our performance tests, we noticed that, both peers’ and orderers’ memory usage is increasing under load and they do not release the claimed memory when the load is removed.

 

Is this expected? Anything we can do about it on the configuration side?

 

Peers: Up to 15G -> This is especially very high

Orderers: Up to 4G

 

Fabric version: 1.4.4

 

Thanks,

Hakan

 

 

 

 




This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com


Hyperledger Nexus Repository Sunset

Brett T Logan <brett.t.logan@...>
 

As we close out the migration of Hyperledger Fabric and its supporting projects off of Gerrit and Jenkins to GitHub and Azure Pipeline's, our final task was to retire the use of Nexus for serving non-release artifacts. We are replacing the self-hosted Nexus repo with an enterprise Artifactory instance hosted by JFrog.
 
With the migration to Artifactory complete the Linux Foundation will sunset nexus.hyperledger.org and nexus3.hyperledger.org effective FEBRUARY 1st
 
While the community should be largely unaffected by this change as the artifacts are mostly used in CI, there are a few pieces of chaincode that consume Maven libraries from Nexus that we modified to now pull from Artifactory in Fabric-Samples. If you are running Java chaincode from the Fabric-Samples repository that you cloned prior to January 20th, you should update your POM.xml or build.gradle files to point to https://hyperledger.jfrog.io/hyperledger/fabric-maven instead of Nexus, or reclone the Fabric-Samples repository.
 
As of today, we have also retired the Hyperledger Jenkins server and the Hyperledger Gerrit server.
 
Thank you,
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 


Pluggable DBMS

Trevor Lee Oakley <trevor@...>
 

I saw that DBMS is pluggable in the docs. I saw also couchdb is used for private db, but can we use any db, eg oracle or sql server?
 
 
Trevor
 
 


Re: Blockchain and Machine learning #fabric-chaincode #hyperledger-fabric #couchdb

David Enyeart
 

From the Fabric docs:

"If you want to build a dashboard or collect aggregate data as part of your application, you can query an off-chain database that replicates the data from your blockchain network. This will allow you to query and analyze the blockchain data in a data store optimized for your needs, without degrading the performance of your network or disrupting transactions. To achieve this, applications may use block or chaincode events to write transaction data to an off-chain database or analytics engine. For each block received, the block listener application would iterate through the block transactions and build a data store using the key/value writes from each valid transaction’s rwset. The Peer channel-based event services provide replayable events to ensure the integrity of downstream data stores."

Related tutorial and sample:

https://hyperledger.github.io/fabric-sdk-node/release-1.4/tutorial-channel-events.html

https://github.com/hyperledger/fabric-samples/tree/master/off_chain_data



Dave Enyeart

"Shabana Basharat via Lists.Hyperledger.Org" ---01/22/2020 11:34:48 PM---Hi everyone, "Blockchain and Machine learning Integration" is the hot topic today. can we integrate

From: "Shabana Basharat via Lists.Hyperledger.Org" <shabana.basharat=yahoo.com@...>
To: fabric@...
Cc: fabric@...
Date: 01/22/2020 11:34 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Blockchain and Machine learning #fabric-chaincode #hyperledger-fabric #couchdb
Sent by: fabric@...





Hi everyone,
"Blockchain and Machine learning Integration" is the hot topic today. can we integrate machine learning libraries in fabric ??? can we deploy machine model inside chain code? As we all know fabric supports three languages and machine learning is mostly deployed in python so how we can integrate ??? what about data sets of assets on which we want to predict something ,how we can achieve?
I need guidance and discussion on this topic please elaborate .

Thanks




Blockchain and Machine learning #fabric-chaincode #hyperledger-fabric #couchdb

Shabana Basharat
 

Hi everyone,
 "Blockchain and Machine learning Integration" is the hot topic today. can we integrate machine learning libraries in fabric ??? can we deploy machine model inside chain code?  As we all know fabric supports three languages and machine learning is mostly deployed in python so how we can integrate ??? what about data sets of assets on which we want to predict something ,how we can achieve?
I need guidance and discussion on this topic please elaborate .

Thanks


Re: #fabric-questions Fabric Networking #fabric-questions

Nye Liu <nye@...>
 

You didn't mention if you are having NAT traversal issues or straight up firewall issues.

If the latter, opening ports should be sufficient.

If the former, put it in a DMZ with real public ip addresses and ditch NAT entirely.

NAT is a cancer, and never interacts well with p2p protocols.


Re: #fabric-questions Fabric Networking #fabric-questions

Yacov
 

I can only say that port forwarding anchor peers alone won't get you much, because peers try to connect to one another forming a full mesh of an undirected graph (peers p and qhave a single connection between them, either from p to qor from q to p).
Anchor peers are just for bootstrapping membership across organizations.





From:        "Cavell" <cavellt@...>
To:        fabric@...
Date:        01/23/2020 03:05 AM
Subject:        [EXTERNAL] [Hyperledger Fabric] #fabric-questions Fabric Networking
Sent by:        fabric@...




Hi,

I've been trying to setup a fabric network spread across multiple locations. One of the major issues has been locating and communicating with peer nodes behind firewalls. The only solutions I've come up with have been setting up a VPN and joining all the nodes to that or port forwarding some of the nodes (anchor peers and orderers) so that some communication can occur. The first one is usable now, but becomes a nightmare to manage if the network expands. The second is a security risk. Am I missing something obvious? Is there a better alternative to what I'm doing?

Thanks for any help given,
Cavell Teng




#fabric-questions Fabric Networking #fabric-questions

Cavell
 

Hi,

I've been trying to setup a fabric network spread across multiple locations. One of the major issues has been locating and communicating with peer nodes behind firewalls. The only solutions I've come up with have been setting up a VPN and joining all the nodes to that or port forwarding some of the nodes (anchor peers and orderers) so that some communication can occur. The first one is usable now, but becomes a nightmare to manage if the network expands. The second is a security risk. Am I missing something obvious? Is there a better alternative to what I'm doing? 

Thanks for any help given,
Cavell Teng


Re: JIRA Cleanup

Matthew Sykes
 

Items that were labeled on Jan 13 have now been closed out. Apologies for the JIRA spam.

If an issue was closed that should not have been, please feel free to reopen it.

Thanks.

On Mon, Jan 13, 2020 at 10:56 AM Matthew Sykes via Lists.Hyperledger.Org <matthew.sykes=gmail.com@...> wrote:
I have finished labeling JIRA items associated with the Fabric project. If you find an item with a `stale-item` label that you believe should not be closed out next week, please remove the label and add a comment indicating why it is still relevant.

Thanks.

On Thu, Jan 9, 2020 at 7:07 PM Matthew Sykes via Lists.Hyperledger.Org <matthew.sykes=gmail.com@...> wrote:
As part of our v2 shutdown (and my own new year resolution to be better about doing my chores), we'll be doing some work to close out old JIRA work items.

Over the next few days, open items that have not had a meaningful update in more than 9 months will be tagged with a 'stale-item' label. One week after that process has completed, any open items with that label will be closed out.

If a JIRA item you are interested in gets tagged and you want to stop it from being closed, please comment on the issue with information about why it is still relevant and remove the tag. This will indicate further discussion is warranted and we will defer closing the item pending that discussion.

Since the issues are simply being closed and not deleted, if something falls through the crack, we can always reopen as necessary.

Thanks.

--
Matthew Sykes



--
Matthew Sykes
matthew.sykes@...



--
Matthew Sykes
matthew.sykes@...


Re: Downtime for updates of WIKI & JIRA

Tim Johnson <tijohnson@...>
 

All updates have been completed and both servers are back on-line.

On 1/22/20 8:06 AM, Tim Johnson wrote:
The update of JIRA (jira.hyperledger.org) has been completed.

The update of WIKI (wiki.hyperledger.org) is still underway. We expect
to be complete within the hour.

Tim


hyperledger fabric-ca-client through javascript registering more than one user using the same admin identity but unable to access channel from User2 , User3 and so forth #fabric-ca

maruti praturi
 

Everything works fine when I have just "user1" who is registered using the following lines of code

const secret = await ca.register({ affiliation: 'org1.department1', enrollmentID: 'user1', role: 'client', extra: 'client1'}, adminIdentity);
const enrollment = await ca.enroll({ enrollmentID: 'user1', enrollmentSecret: secret });
const userIdentity = fabric_network_1.X509WalletMixin.createIdentity('Org1MSP', enrollment.certificate, enrollment.key.toBytes());
await wallet.import('user1', userIdentity);

When I add one more user "user2", it gets registered. But when I try to discover the channel, while running this below line of code

const network = await gateway.getNetwork('mychannel');

I get the below error

[Channel.js]: Channel:mychannel received discovery error:access denied

I have declared 2 users in count in crypto-config.yaml, still, I am getting this error.


Downtime for updates of WIKI & JIRA

Tim Johnson <tijohnson@...>
 

The update of JIRA (jira.hyperledger.org) has been completed.

The update of WIKI (wiki.hyperledger.org) is still underway. We expect
to be complete within the hour.

Tim

3861 - 3880 of 11437