hyperledger-fabric - 对等通道创建 - 仅评估失败 0 个策略得到满足 Hyperledger Fabric
问题描述
我正在运行 Hyperledger Fabric v1.2。我有一个 orderer、ca、kafka 和 peers 在不同的服务器上运行。生成证书并将其放置在服务器上各自的位置,然后我生成创世块和通道 tx 文件,然后启动排序节点和对等节点。
但是,当我使用以下命令创建通道时,我会在 orderer 日志的底部收到以下消息。
./peer channel create -o orderer1.example.com:7050 -c mychannel -f /etc/hyperledger/fabric/channels/mychannel.tx
到目前为止,一切似乎都很好并且工作正常。
2018-08-21 19:25:30.957 UTC [cauthdsl] func2 -> DEBU 1a5 0xc42000e740 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected SampleOrg, got SampleOrgMSP)
2018-08-21 19:25:30.957 UTC [cauthdsl] func2 -> DEBU 1a6 0xc42000e740 principal evaluation fails
2018-08-21 19:25:30.957 UTC [cauthdsl] func1 -> DEBU 1a7 0xc42000e740 gate 1534879530956937482 evaluation fails
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1a8 Signature set did not satisfy policy /Channel/Application/SampleOrg/Admins
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1a9 == Done Evaluating *cauthdsl.policy Policy /Channel/Application/SampleOrg/Admins
2018-08-21 19:25:30.957 UTC [policies] func1 -> DEBU 1aa Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ SampleOrg.Admins ]
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1ab Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1ac == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy
2018-08-21 19:25:30.957 UTC [orderer/common/broadcast] Handle -> WARN 1ad [channel: mychannel] Rejecting broadcast of config message from xxx.xxx.xxx.xxx:1234 because of error: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
2018-08-21 19:25:30.957 UTC [orderer/common/server] func1 -> DEBU 1ae Closing Broadcast stream
2018-08-21 19:25:30.959 UTC [grpc] Printf -> DEBU 1af transport: http2Server.HandleStreams failed to read frame: read tcp xxx.xxx.xxx.xxx:7050->xxx.xxx.xxx.xxx:1234: read: connection reset by peer
2018-08-21 19:25:30.959 UTC [common/deliver] Handle -> WARN 1b0 Error reading from xxx.xxx.xxx.xxx:1234: rpc error: code = Canceled desc = context canceled
2018-08-21 19:25:30.959 UTC [orderer/common/server] func1 -> DEBU 1b1 Closing Deliver stream
我认为这是在订购者的 configtx 文件中声明策略的方式,但我不确定。
configtx.yaml 中的部分
Organizations:
- &SampleOrdererOrg
Name: SampleOrdererOrg
ID: SampleOrdererMSP
MSPDir: /etc/hyperledger/orderer1/msp
Policies: &SampleOrgPolicies
Readers:
Type: Signature
Rule: "OR('SampleOrdererOrg.member')"
Writers:
Type: Signature
Rule: "OR('SampleOrdererOrg.member')"
Admins:
Type: Signature
Rule: "OR('SampleOrdererOrg.admin')"
- &SampleOrg
Name: SampleOrg
ID: SampleOrgMSP
MSPDir: /etc/hyperledger/org/msp/
Policies: &SampleOrgPolicies
Readers:
Type: Signature
Rule: "OR('SampleOrg.member')"
Writers:
Type: Signature
Rule: "OR('SampleOrg.member')"
Admins:
Type: Signature
Rule: "OR('SampleOrg.admin')"
AnchorPeers:
- Host: peer1.example.com
Port: 7051
- Host: peer2.example.com
Port: 7051
- Host: peer3.example.com
Port: 7051
Profiles:
SampleKafkaDev:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Consortiums:
SampleConsortium:
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
MyChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *SampleOrg
解决方案
据我记得,策略配置中的规则预计ID
将提供,在您的示例name
中使用。
只需尝试通过以下方式更新配置中的所有规则:
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrgMSP.member')"
(使用SampleOrgMSP
代替SampleOrg
,SampleOrdererMSP
代替SampleOrdererOrg
等)
更新:
第2步:
“peer”从“core.yaml”加载配置,通常这个文件位于“/etc/hyperledger/fabric/”。在此文件中尝试查找属性“localMspId:SampleOrg”并将 SampleOrg 替换为您的 Orderer MSP Id
第 3 步:
频道只能创建一次。为了验证通道是否存在,我们可以尝试从对等点之一加入它:
- 验证环境变量 CORE_PEER_ADDRESS 是否配置正确,
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer channel join -b /opt/gopath/src/github.com/hyperledger/fabric/peer/mychannel.block
- 现在您可以检查对等点是否具有有关通道的信息
peer channel getinfo -c mychannel
推荐阅读
- google-bigquery - 使用数组数组插入 Bigquery 表
- sql - 必须出现在sql的group by子句中
- android - React-Native:redux-saga:在发布模式下无法访问选择器中的静态类
- javascript - 在时间网格全日历垂直资源视图中使第一列保持粘性
- python - [Odoo][v10] 在 Odoo v10 中为 Python 中的关注者添加订阅类型
- excel - 属性进入所有元素
- django - Django 多个数据库外键
- c# - 如何获取 ListView 项目对其作为静态资源创建的数据模板 ViewModel 的引用?
- ios - 当前上下文视图控制器的编程屏幕截图
- mongodb - 通过将它们与参考进行比较来清理集合中的文档