Search code examples
hyperledger-fabrichyperledgerhyperledger-fabric-cahyperledger-fabric-sdk-js

Error: access denied for [JoinChain][mychannel]: [Failed verifying proposal's creator satisfies MSP policy [Admins]: [This identity is not an admin]]

joinChannel.js gives the following error:

Successfully loaded peeradmin from persistence
{ block:
   { header:
      { number: [Object],
        previous_hash: [Object],
        data_hash: [Object] },
     data: { data: [Array] },
     metadata: { metadata: [Array] } } }
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: access denied for [JoinChain][mychannel]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]]
not good

Exactly, what is the error complaining about? I am having trouble pinpointing whether it's the peer admin private key, peer admin cert, peer tls cert, or some other configuration. I took the peer admin cert and added it to the IBP dashboard and did "Sync Certificates". What some things to check to make sure I am indeed specifying the correct credentials for the admin?

var Fabric_Client = require('fabric-client');
var path = require('path');
var fs = require('fs');

var fabric_client = new Fabric_Client();

var ordererTLSCert = fs.readFileSync('./orderercert.pem');

var peerAdminKey = Buffer.from(fs.readFileSync('./keystore-1.pem')).toString();
// var peerAdminCert =  Buffer.from(fs.readFileSync('./admincert-1.pem')).toString()
var peerAdminCert = Buffer.from(fs.readFileSync('./signcert-1.pem')).toString();

fabric_client.setAdminSigningIdentity(peerAdminKey, peerAdminCert, 'org2');

var channel = fabric_client.newChannel('mychannel');
var peer = fabric_client.newPeer('grpcs://169.xx.xx.xx:xxxxx', {
  pem: peerTlsCert,
  'ssl-target-name-override': null,
});
var orderer = fabric_client.newOrderer(
  'grpcs://nfxxx-orderer.us08.blockchain.ibm.com:xxxxx',
  {
    pem: Buffer.from(ordererTLSCert).toString(),
    'ssl-target-name-override': null,
  }
);

channel.addPeer(peer);
channel.addOrderer(orderer);

var tx_id = null;

tx_id = fabric_client.newTransactionID(true);
let g_request = {
  txId: tx_id,
  // orderer,
};
channel
  .getGenesisBlock(g_request)
  .then(block => {
    console.log({ block });
    tx_id = fabric_client.newTransactionID(true);
    let j_request = {
      targets: peer,
      block,
      txId: tx_id,
    };
    return channel.joinChannel(j_request, 30000);
  })
  .then(results => {
    console.log(results);
    if (results && results[0].response && results[0].response.status == 200) {
      // good
      console.log('good');
    } else {
      console.log('not good');
      // not good
    }
  })
  .catch(err => {
    console.error(err);
  });
Solution

  • When you join a peer to a channel, the transaction needs to be signed using the peer local admin. The local admin is identified by its certificate residing in the peer's msp/admincerts folder.