hyperledger-fabric - 支持 Peer 不签署来自 cli 容器的链码实例化
问题描述
我所做的修改不是三个组织,而是我只开始一个。我能够创建和启动 docker 容器、创建频道并加入频道。然后我安装了链码,但是当我尝试实例化链码时遇到了问题。错误通常是:Error: error endorsing chaincode: rpc error: code = Unknown desc = access denied: channel [mychannel] creator org [Org1Msp]
当我查看 peer0.org1.example.com 的 docker 日志时,我遇到了 2018-10-29 01:22:43.494 UTC [protoutils] ValidateProposalMessage -> WARN 228 channel [mychannel]:MSP 错误:提供的身份不是有效:x509:证书由未知权威签名(可能是因为“x509:ECDSA 验证失败”,同时尝试验证候选权威证书“ca.org1.example.com”)我也在类似的情况下在禁用 TLS 的情况下运行它,或同样的问题。
我能够成功运行 fabric-samples 中的示例,例如 fab-car、basic network 和 edX 课程中的 tuna-app 示例。当我自己做事时,我必须忽略一些东西。任何帮助表示赞赏,即使只是告诉我去哪里看。
我觉得值得一提的是我正在努力完成的事情。我的目标是能够创建一个具有许多同行的单一组织,并且目前是 SOLO 进行排序。欢迎任何建议。
除了更改组织的数量外,一切都严格遵循。我将包括我正在使用的所有文件,因为我希望它有所帮助。
peer-base.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example_basic_network
#- CORE_LOGGING_LEVEL=INFO
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
docker-compose-base.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
#- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org1.example.com:/var/hyperledger/production
ports:
- 7051:7051
- 7053:7053
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org1.example.com
- CORE_PEER_ADDRESS=peer1.org1.example.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:8051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls
- peer1.org1.example.com:/var/hyperledger/production
ports:
- 8051:7051
- 8053:7053
peer2.org1.example.com:
container_name: peer2.org1.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer2.org1.example.com
- CORE_PEER_ADDRESS=peer2.org1.example.com:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2.org1.example.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer2.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer2.org1.example.com/tls:/etc/hyperledger/fabric/tls
- peer2.org1.example.com:/var/hyperledger/production
ports:
- 9051:7051
- 9053:7053
我用来自动运行 build.sh 命令的 bash 脚本是: ./build.sh -g ./build.sh -l
#!/bin/bash
# define some things up here
export CHANNEL_NAME=mychannel
CHANNEL_NAME=mychannel
function generate_material()
{
echo -e "======\n Generating Crypto material \n======="
cryptogen generate --config=./crypto-config.yaml
echo -e "======\n Creating channel artifacts \n======="
export FABRIC_CFG_PATH=$PWD
mkdir channel-artifacts
configtxgen -profile NsolOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
echo "Should say Writing genesis block above"
configtxgen -profile NsolChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
echo "Should say writing new channel tx above"
configtxgen -profile NsolChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
echo "Should say writing anchor peer update above"
}
function launch_dockers()
{
echo "Starting up docker containers"
CHANNEL_NAME=$CHANNEL_NAME docker-compose -f docker-compose-cli.yaml up -d
echo "going to display the containers"
docker ps
}
function run_cli()
{
echo "entering docker container ' cli '"
docker exec -it cli bash
}
function clean()
{
rm -rf crypto-config
rm -rf channel-artifacts
docker rm -f $(docker ps -aq)
echo "cleaned"
exit
}
if [ "$1" == '-c' ]; then
clean
elif [ "$1" == '-g' ]; then
generate_material
elif [ "$1" == '-l' ]; then
launch_dockers
elif [ "$1" == '-t' ]; then
run_cli
else
echo "usage:"
echo "-c : clean note, may need to run as root"
echo "-g : generate materials"
echo "-l : launch dockers"
echo "-t : run cli with script"
fi
最后,为了方便起见,在脚本中包含的 cli docker 容器上运行的代码。cli.sh
#!/bin/bash
# ! This script is run inside the cli container
# this script is meant to be carried over to the cli container.
# from there it will run at start up and execute the commands to create the
# channel
cd ..
export CHANNEL_NAME=mychannel
CHANNEL_NAME=mychannel
#peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx
#peer channel join -b mychannel.block
#peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx
#peer chaincode install -n chaincodez -v 1.0 -p github.com/chaincode/chaincode_example02/go/
#peer chaincode instantiate -o orderer.example.com:7050 -C $CHANNEL_NAME -n chaincodez -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('Org1MSP.member')"
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
#
peer channel join -b mychannel.block
#
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
#
peer chaincode install -n nncc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
#
peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n nncc -v 1.0 -c '{"Args":[""]}' -P "OR ('Org1MSP.member')"
#
echo "FINISHED??"
# run this to keep the container alive
/bin/bash
解决方案
那么,您的 cli.sh 是否在 cli 容器内运行?
您确定 MSP 和证书的环境路径,例如:
CORE_PEER_MSPCONFIGPATH
CORE_PEER_TLS_ROOTCERT_FILE
cli 容器的指向 admin 或 org1 的证书?
推荐阅读
- c# - Windows 服务在 1 天后停止工作
- php - Phalcon项目索引找不到控制器,服务器错误为404 not found
- c# - 使用 TokenValidationParameters 的目的是什么?
- python - 如何修复以下错误。TypeError: __init__() 得到了一个意想不到的关键字参数“n_iter”
- c - 为什么远程方法签名与 RPC 中的规范不同?
- reactjs - 从 react-redux 5.0.7 更新到 6 个连接的组件后没有收到更新
- css - Bootstrap css 图像中心和导航栏与品牌内联折叠
- android - 订阅后一次性对象为空
- python - 熊猫用日期绘图
- c# - SVG曲线的接口与区分联合