I am trying to add custom Node OU in policy definition inside the configtx.yaml file. The policy definition is present in Application section of configtx.yaml file as follows:
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
ACLs: &ACLsDefault
peer/Propose: /Channel/Application/Checkous
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Checkous:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client', 'Org1MSP.dept')"
Capabilities:
<<: *ApplicationCapabilities
I already generated the crypto-material using cryptogen tool. As you can see I am also using the custom policy inside one of the ACLs.
Next, I created the orderer genesis block.
##########################################################
######### Generating Orderer Genesis block ##############
##########################################################
CONSENSUS_TYPE=solo
+ '[' solo == solo ']'
+ configtxgen -profile TwoOrgsOrdererGenesis -channelID byfn-sys-channel -outputBlock ./channel-artifacts/genesis.block
2020-02-17 05:17:01.991 UTC [common.tools.configtxgen] main -> INFO 001 Loading configuration
2020-02-17 05:17:02.150 UTC [common.tools.configtxgen.localconfig] completeInitialization -> INFO 002 orderer type: solo
2020-02-17 05:17:02.150 UTC [common.tools.configtxgen.localconfig] Load -> INFO 003 Loaded configuration: /home/chintanr11/fabric-samples/first-network/configtx.yaml
2020-02-17 05:17:02.309 UTC [common.tools.configtxgen.localconfig] completeInitialization -> INFO 004 orderer type: solo
2020-02-17 05:17:02.309 UTC [common.tools.configtxgen.localconfig] LoadTopLevel -> INFO 005 Loaded configuration: /home/chintanr11/fabric-samples/first-network/configtx.yaml
2020-02-17 05:17:02.311 UTC [common.tools.configtxgen] doOutputBlock -> INFO 006 Generating genesis block
2020-02-17 05:17:02.311 UTC [common.tools.configtxgen] doOutputBlock -> INFO 007 Writing genesis block
+ res=0
+ set +x
Followed by which, when I try to create channel configuration block, I receive the following error:
#################################################################
### Generating channel configuration transaction 'channel.tx' ###
#################################################################
+ configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel
2020-02-17 05:17:02.346 UTC [common.tools.configtxgen] main -> INFO 001 Loading configuration
2020-02-17 05:17:02.518 UTC [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: /home/chintanr11/fabric-samples/first-network/configtx.yaml
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen.localconfig] completeInitialization -> INFO 003 orderer type: solo
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen.localconfig] LoadTopLevel -> INFO 004 Loaded configuration: /home/chintanr11/fabric-samples/first-network/configtx.yaml
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 005 Generating new channel configtx
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen] main -> FATA 006 Error on outputChannelCreateTx: could not generate default config template: error parsing configuration: could not create application group: error adding policies to application group: invalid signature policy rule 'OR('Org1MSP.admin', 'Org1MSP.client', 'Org1MSP.dept')': Unable to parse numeric value '.' to float64
+ res=1
+ set +x
Failed to generate channel configuration transaction...
NOTE: I have added the definition for this OU in my config.yaml file located at: ~/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/msp
. The file looks as follows:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
DeptOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: dept
You cannot use "custom" NodeOU identifiers. Fabric policies only support the following roles:
This means you can only use the built-in Node OU identifiers: