Error validating channel creation transaction for new channel creation at a Hyperledger Fabric Network

Question

Background

I am trying to finish the Fabric CA Operations Guide tutorial in order to better understand the details of a TLS setup. However, I am stuck at the Create and Join Channel part.

A similar question was asked here at peer-channel-creation-fails-in-hyperledger-fabric, but sometimes the same errors can have different causes.

I followed the instructions at the aforementioned solution without success. The error I keep getting when I try to create the channel is:

Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group]  /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

Environment

My versions for Docker images are:

• Docker engine version: 19.03.8;
• Docker CA image and version: hyperledger/fabric-ca:1.4.6;
• Docker Peer image and version: hyperledger/fabric-peer:2.0;
• Docker Orderer image and version: hyperledger/fabric-orderer:2.0;
• Docker Tools (CLI) image and version: hyperledger/fabric-tools:2.0.
  

Reproducing the error

I created a repository at GitHub where I put the codes referenced by the links: fabric-ca-operations-guide.

1. I start by executing tearup-docker-cas.sh to create all the Docker images for the CAs and consequently the directory structures at /tmp/hyperledger/:

   curl -sSL https://raw.githubusercontent.com/hanesbarbosa/fabric-ca-operations-guide/master/tearup-docker-cas.sh | bash -s

2. When I check that every image is up and running by issuing the command docker ps I create the crypto material using setup-crypto.sh:

   curl -sSL https://raw.githubusercontent.com/hanesbarbosa/fabric-ca-operations-guide/master/setup-crypto.sh | bash -s

3. Then I download the configtx.yaml file to my current directory:

   curl -sSL https://raw.githubusercontent.com/hanesbarbosa/fabric-ca-operations-guide/master/configtx.yaml -o ./configtx.yaml

4. Now I am ready to set the environment variable FABRIC_CFG_PATH so that I can create the genesis block and channel transaction by the create_genesis_block_channel_tx.sh script. The artifacts will be available at /tmp/hyperledger/org0/orderer/:

   curl -sSL https://raw.githubusercontent.com/hanesbarbosa/fabric-ca-operations-guide/master/create_genesis_block_channel_tx.sh | bash -s

5. Since the genesis block is available, now we can create the orderer image using tearup-docker-peers.sh. This script also creates all the peers and cli containers tools:

   curl -sSL https://raw.githubusercontent.com/hanesbarbosa/fabric-ca-operations-guide/master/tearup-docker-peers.sh | bash -s

After the step 5 I am ready to create the channel. Therefore I use the following command to use the cli-org1 container:

docker exec -it cli-org1 bash -c "export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp; peer channel create -c mychannel -f /tmp/hyperledger/assets/mychannel.tx -o orderer1-org0:7050 --outputBlock /tmp/hyperledger/assets/mychannel.block --tls --cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem"

At this point I get the error:

Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group]  /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

When I want to clean up everything for a fresh start I just execute:

curl -sSL https://raw.githubusercontent.com/hanesbarbosa/fabric-ca-operations-guide/master/teardown-docker.sh | bash -s

Fixing Attempts

• I always try a new attempt with a fresh set of crypto materials and images, so I always run the step 6 from the Reproducing the error section before trying again;
• I create the channel at the step 4 as the admin of the organization;
• I make sure the orderer has the TLS root signing certificate listed (everybody is using the same CA for TLS certs);
• The environment variable ORDERER_GENERAL_LOGLEVEL is set to "debug" at the orderer image, so that I can have more detailed errors;
• I tried to sign the channel creation transaction (mychannel.tx) before issuing the command peer channel create to make sure it was not a lack of signature, but the error mentions a /Channel/Application group policy, that in this case is an Implicit Meta type, where the rule is "ANY Admins";

    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Application policies, their canonical path is
    #   /Channel/Application/<PolicyName>

    Policies: &ApplicationDefaultPolicies
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "ANY Admins"