I am trying to add a new Org to an existing Hyperledger fabric network.
The initial network is created by the byfn.sh script that stands up an Orderer and Org1 & Org2.
I have followed this example on Medium.com to create the update protobuf file. Everything that requires configtxgen, cryptogen and configtxlator is done as per this example. However, when it comes to executing the command peer channel signconfigtx -f org3_update_in_envelope.pb, I would like to do that using the Fabric Node SDK.
A point to note here is that if I execute the peer channel ... commands from the cli container command line, the channel update goes through, so I know that the file org3_update_in_envelope.pb is not corrupted.
Using this tutorial and some guidance from this question, I have the following code:
let envelope_pb_file_name = '/tmp/' + json.msp + '_update_in_envelope.pb'; // the pb file we create using command line
let envelope_bytes = fs.readFileSync(envelope_pb_file_name);
if (envelope_bytes === undefined) {
throw new Error(`Could not read the protobuffer file ${envelope_pb_file_name}. Error`);
}
// have the nodeSDK extract out the config update
let config_update = client.extractChannelConfig(envelope_bytes);
let signature = client.signChannelConfig(config_update);
let signatures = [];
signatures.push(signature);
//let orderers = this.loanNetwork.getChannel().getOrderers();
let orderer, ordererName = "orderer.example.com:7050";
const ORDERER_URL = 'grpcs://localhost:7050';
const data = fs.readFileSync(SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem').toString();
orderer = client.newOrderer(ORDERER_URL,
{
'pem': Buffer.from(data).toString(),
'ssl-target-name-override': 'orderer.example.com'
});
let mspId = client.getMspid(); // mspId shows "OrdererMSP" after this call is executed
const keyPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/keystore';
let keyFile, keyFileAry = fs.readdirSync(keyPath).filter(fn => fn.endsWith('_sk'));
for (let f of keyFileAry) {
keyFile = f;
break;
}
keyFile = path.join(keyPath,keyFile);
const keyPEM = fs.readFileSync(keyFile).toString();
const certPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/Admin@example.com/msp/signcerts';
let certFile, certFileAry = fs.readdirSync(certPath).filter(fn => fn.endsWith('.pem'));
for (let f of certFileAry) {
certFile = f;
break;
}
certFile = path.join(certPath,certFile);
const certPEM = fs.readFileSync(certFile).toString();
client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP");
if (orderer === undefined) {
throw new Error(`Could not find an orderer associated with channel ${orgJSON.channel}. Error.`)
}
let tx_id = client.newTransactionID();
let request = {
config: config_update, //the binary config
// envelope: envelope_bytes,
signatures: signatures, // the collected signatures
name: orgJSON.channel, // the channel name
orderer: orderer, //the orderer from above
txId: tx_id //the generated transaction id
};
let addOrgResult = await client.updateChannel(request);
addOrgResult variable shows the following error:
info: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
status: FORBIDDEN
Orderer logs show this:
2020-01-17 21:49:21.620 UTC [cauthdsl] deduplicate -> ERRO 057 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 058 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 059 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [orderer.common.broadcast] ProcessMessage -> WARN 05a [channel: mychannel] Rejecting broadcast of config message from 192.168.208.1:56556 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
Going through Nikhil Gupta's helpful response to this question, it appears that this error is due to
The error before the policy warning, ERRO 021 Principal deserialization failure (MSP SampleOrg is unknown) for identity 0, indicates that the MSP ID that was passed as a parameter with the request was not recognized by the ordering service. This could be a result of passing the wrong MSP ID to the command. This error may also indicate that your organization has not joined the consortium hosted by the ordering service system channel. If you are updating an application channel, this error could occur if your organization is not yet a member of the channel you are trying to update.
However, I am not sure how to proceed because I have connected to the network (Gateway.connect) using the Admin@example.com identity. Additionally, I am also calling client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP"); before making the update.
Any help would be greatly appreciated. Thank you.
