时间戳

首页 > 解决方案 > 支持 Peer 不签署来自 cli 容器的链码实例化

hyperledger-fabric - 支持 Peer 不签署来自 cli 容器的链码实例化

问题描述

首先,我正在关注本教程: https ://github.com/CATechnologies/blockchain-tutorials/wiki/Tutorial:-Hyperledger-Fabric-v1.1-%E2%80%93-Create-a-Development-Business- zLinux 上的网络

我所做的修改不是三个组织,而是我只开始一个。我能够创建和启动 docker 容器、创建频道并加入频道。然后我安装了链码,但是当我尝试实例化链码时遇到了问题。错误通常是:Error: error endorsing chaincode: rpc error: code = Unknown desc = access denied: channel [mychannel] creator org [Org1Msp]

当我查看 peer0.org1.example.com 的 docker 日志时,我遇到了 2018-10-29 01:22:43.494 UTC [protoutils] ValidateProposalMessage -> WARN 228 channel [mychannel]:MSP 错误:提供的身份不是有效:x509:证书由未知权威签名(可能是因为“x509:ECDSA 验证失败”,同时尝试验证候选权威证书“ca.org1.example.com”)我也在类似的情况下在禁用 TLS 的情况下运行它,或同样的问题。

我能够成功运行 fabric-samples 中的示例,例如 fab-car、basic network 和 edX 课程中的 tuna-app 示例。当我自己做事时,我必须忽略一些东西。任何帮助表示赞赏,即使只是告诉我去哪里看。

我觉得值得一提的是我正在努力完成的事情。我的目标是能够创建一个具有许多同行的单一组织,并且目前是 SOLO 进行排序。欢迎任何建议。

除了更改组织的数量外,一切都严格遵循。我将包括我正在使用的所有文件,因为我希望它有所帮助。

peer-base.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  peer-base:
    image: hyperledger/fabric-peer
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=example_basic_network
        #- CORE_LOGGING_LEVEL=INFO
      - CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_TLS_ENABLED=false
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start

docker-compose-base.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:

  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer
    environment:
      - ORDERER_GENERAL_LOGLEVEL=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=false
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
      #- orderer.example.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - peer0.org1.example.com:/var/hyperledger/production
    ports:
      - 7051:7051
      - 7053:7053

  peer1.org1.example.com:
    container_name: peer1.org1.example.com
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer1.org1.example.com
      - CORE_PEER_ADDRESS=peer1.org1.example.com:8051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:8051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - peer1.org1.example.com:/var/hyperledger/production

    ports:
      - 8051:7051
      - 8053:7053

  peer2.org1.example.com:
    container_name: peer2.org1.example.com
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer2.org1.example.com
      - CORE_PEER_ADDRESS=peer2.org1.example.com:9051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2.org1.example.com:9051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/org1.example.com/peers/peer2.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/org1.example.com/peers/peer2.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - peer2.org1.example.com:/var/hyperledger/production

    ports:
      - 9051:7051
      - 9053:7053

我用来自动运行 build.sh 命令的 bash 脚本是: ./build.sh -g ./build.sh -l

#!/bin/bash

# define some things up here
export CHANNEL_NAME=mychannel

CHANNEL_NAME=mychannel




function generate_material()
{

   echo -e "======\n  Generating Crypto material \n======="
   cryptogen generate --config=./crypto-config.yaml


   echo -e "======\n  Creating channel artifacts \n======="
   export FABRIC_CFG_PATH=$PWD
   mkdir channel-artifacts
   configtxgen -profile NsolOrdererGenesis -outputBlock ./channel-artifacts/genesis.block


   echo "Should say Writing genesis block above"


   configtxgen -profile NsolChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME

   echo "Should say writing new channel tx above"

   configtxgen -profile NsolChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP

   echo "Should say writing anchor peer update above"


}

function launch_dockers()
{
   echo "Starting up docker containers"
   CHANNEL_NAME=$CHANNEL_NAME docker-compose -f docker-compose-cli.yaml up -d
   echo "going to display the containers"
   docker ps
}

function run_cli()
{
   echo "entering docker container ' cli '"
   docker exec -it cli bash   
}


function clean() 
{
   rm -rf crypto-config
   rm -rf channel-artifacts
   docker rm -f $(docker ps -aq)
   echo "cleaned"
   exit
}



if [ "$1" == '-c' ]; then
   clean
elif [ "$1" == '-g' ]; then
   generate_material
elif [ "$1" == '-l' ]; then
   launch_dockers
elif [ "$1" == '-t' ]; then
   run_cli
else
   echo "usage:"
   echo "-c   :   clean note, may need to run as root"
   echo "-g   :   generate materials"
   echo "-l   :   launch dockers"
   echo "-t   :   run cli with script"
fi

最后,为了方便起见,在脚本中包含的 cli docker 容器上运行的代码。cli.sh

#!/bin/bash
# ! This script is run inside the cli container
# this script is meant to be carried over to the cli container.
# from there it will run at start up and execute the commands to create the 
# channel
cd ..
export CHANNEL_NAME=mychannel
CHANNEL_NAME=mychannel


#peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx

#peer channel join -b mychannel.block

#peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx 

#peer chaincode install -n chaincodez -v 1.0 -p github.com/chaincode/chaincode_example02/go/

#peer chaincode instantiate -o orderer.example.com:7050  -C $CHANNEL_NAME -n chaincodez -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('Org1MSP.member')"




peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
#
peer channel join -b mychannel.block
#
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
#
peer chaincode install -n nncc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
#
peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n nncc -v 1.0 -c '{"Args":[""]}' -P "OR ('Org1MSP.member')"
#

echo "FINISHED??"


# run this to keep the container alive
/bin/bash

标签: hyperledger-fabrichyperledger

解决方案

那么,您的 cli.sh 是否在 cli 容器内运行?

您确定 MSP 和证书的环境路径,例如:

CORE_PEER_MSPCONFIGPATH 

CORE_PEER_TLS_ROOTCERT_FILE

cli 容器的指向 admin 或 org1 的证书?

推荐阅读