时间戳

首页 > 解决方案 > Hyperledger Fabric:尝试加入对等通道时出现“错误:错误的建议响应 500:访问被拒绝”

hyperledger-fabric - Hyperledger Fabric:尝试加入对等通道时出现“错误:错误的建议响应 500:访问被拒绝”

问题描述

搭建了一个网络,将 orderers 添加到了这里引用为的通道中:channelname 容器上挂载了以下文件夹

# docker-compose.yaml
    volumes:
      - "~/container-volumes/$docker_peer0/production:/var/hyperledger/production"
      - "~/organizations/peerOrganizations/$company/peers/$docker_peer0/msp:/etc/hyperledger/fabric/msp"
      - "~/organizations/peerOrganizations/$company/peers/$docker_peer0/tls:/etc/hyperledger/fabric/tls"

尝试将对等方加入频道,但给出了bad proposal response 500: access denied.

  1. 使用以下命令构建通道配置块:
./configtxgen -profile SampleAppChannelEtcdRaft -outputBlock genesis_block.pb -channelID channelname
  1. 接下来使用以下命令将订购者加入频道,并使用角色 admin 注册的身份
./osnadmin channel join --channel-id channelname  --config-block ~/Downloads/bin/genesis_block.pb -o localhost:9440 --ca-file $OSN_TLS_CA_ROOT_CERT --client-cert $ADMIN_TLS_SIGN_CERT --client-key $ADMIN_TLS_PRIVATE_KEY
  1. 接下来,我将生成的 genesis_block.pb 复制到容器上的已安装文件夹中,以便以下命令可以访问它,我们使用该命令将对等方加入通道:
docker exec -it peer0 peer channel join -b /var/hyperledger/production/genesis_block.pb -o vm01:9440 --clientauth --cafile /etc/hyperledger/fabric/msp/tls/tls-ca-cert.pem --certfile /etc/hyperledger/fabric/msp/user/peer-admin/tls/cert.pem --keyfile /etc/hyperledger/fabric/msp/user/peer-admin/tls/key.pem

[channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proposal failed (err: bad proposal response 500: access denied for [JoinChain][channelname]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [The identity is not an admin under this MSP [org1msp]: The identity does not contain OU [ADMIN], MSP: [org1msp]]])

用于此命令的管理员是在 TLS-CA 和组织 CA 中注册的 peer-admin。OU 的 config.yaml 也存在于 peer-admin msp 中。

我还尝试将其设置CORE_PEER_MSPCONFIGPATH为 peer-admin (peer0/msp/user/peer-admin/msp) 的 msp 目录,但这会导致容器在启动时硬退出。结构链码 500 访问错误

我似乎无法弄清楚哪里出了问题,是否与--cafile--certfile或者--keyfile您必须在 peer channel join 命令或其他内容中进行设置有关?

编辑:

这是配置文件。

  $docker_peer1_service_name:
    image: hyperledger/fabric-peer:2.3
    container_name: $docker_peer1_container_name
    environment:
      - FABRIC_CFG_PATH=/etc/hyperledger/fabric
      - CORE_PEER_ID=$docker_peer1
      - CORE_PEER_NETWORKID=test
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7081
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7082
      - CORE_PEER_CHAINCODEADDRESS=localhost:7082
      - CORE_PEER_ADDRESS=localhost:7081
      - CORE_PEER_MSPCONFIGPATH=msp
      - CORE_PEER_LOCALMSPID=$company
      - CORE_PEER_FILESYSTEMPATH=/var/hyperledger/production
      - CORE_PEER_GOSSIP_BOOTSTRAP=127.0.0.1:7091
      - CORE_PEER_GOSSIP_ENDPOINT=localhost:7081
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=localhost:7081
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/cert.pem
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/key.pem
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/tls-ca-cert.pem
      - CORE_PEER_TLS_CLIENTROOTCAS_FILES=tls/tls-ca-cert.pem
      - CORE_PEER_TLS_CLIENTCERT_FILE=/etc/hyperledger/fabric/tls/cert.pem
      - CORE_PEER_TLS_CLIENTKEY_FILE=/etc/hyperledger/fabric/tls/key.pem
      - CORE_PEER_LEDGER_STATE_STATEDATABASE=CouchDB
      - CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer1-couchdb:5985
      - CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_USERNAME=$docker_peer1_couchdb_username
      - CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=$docker_peer1_couchdb_pass
      - CORE_PEER_LEDGER_SNAPSHOTS=var/hyperledger/production/snapshots
      #- CORE_PEER_OPERATIONS_LISTENADDRESS=127.0.0.1:9443
      #- CORE_PEER_OPERATIONS_TLS_ENABLED=true
      #- CORE_PEER_OPERATIONS_TLS_CERT_FILE=
      #- CORE_PEER_OPERATIONS_TLS_KEY_FILE=
      #- CORE_PEER_OPERATIONS_TLS_CLIENTAUTHREQUIRED=true
      - CORE_PEER_METRICS_PROVIDER=disabled
      #- CORE_PEER_METRICS_STATSD_ADDRESS=127.0.0.1:8125
      #- FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=127.0.0.1:9444
    ports:
      - "7081:7081"
      - "7082:7082"
      - "7091:7091"
    volumes:
      - "~/container-volumes/$docker_peer1/production:/var/hyperledger/production"
      - "~/organizations/peerOrganizations/$company/peers/$docker_peer1/msp:/etc/hyperledger/fabric/msp"
      - "~/organizations/peerOrganizations/$company/peers/$docker_peer1/tls:/etc/hyperledger/fabric/tls"

标签: hyperledger-fabrichyperledger

解决方案

我相信您需要在运行peer channel join ...命令时设置要使用的 MSPID。

尝试设置CORE_PEER_LOCALMSPIDorg1msp

推荐阅读