0

我正在尝试注册和注册管理员以执行对等操作。这是 bash 代码:

#!/bin/bash
user="$1"
pass="$2"
org="$3"
type="$4"
tlscerts="/chainset/hyperledger-config/crypto-config/ordererOrganizations/default.svc.cluster.local/msp/tlscacerts/ca-root-7054.pem"

fabric-ca-client enroll -u http://admin:adminpw@ca-root:7054

fabric-ca-client register --id.name ${user} --id.secret ${pass} --id.type ${type} --id.affiliation ${org} --id.attrs 'hf.Revoker=true,admin=true:ecert' -u http://ca-root:7054 --tls.certfiles ${tlscerts}

export FABRIC_CA_CLIENT_HOME=/chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/
fabric-ca-client enroll -u http://${user}:${pass}@ca-root:7054 --id.affiliation ${org} --tls.certfiles ${tlscerts} 

mv /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/cert.pem /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/${user}@${org}-cert.pem
mkdir /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/
cp /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/* /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/

当我尝试创建一个新频道时,我收到此错误:

Description: error validating channel creation transaction for new channel 'newchannelf', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group]  /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

这是我的 configtx.yml 配置。我不知道是这个配置文件中的策略有问题,还是我没有正确注册和注册用户。

Organizations:
  - &orderer
    Name: orderer
    ID: orderer
    MSPDir: crypto-config/ordererOrganizations/default.svc.cluster.local/msp
    Policies:
      Readers:
        Type: Signature
        Rule: "OR('orderer.member')"
      Writers:
        Type: Signature
        Rule: "OR('orderer.member')"
      Admins:
        Type: Signature
        Rule: "OR('orderer.admin')"

  - &org1
    Name: org1
    ID: org1
    MSPDir: crypto-config/peerOrganizations/org1/msp
    Policies:
      Readers:
        Type: Signature
        Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
      Writers:
        Type: Signature
        Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
      Admins:
        Type: Signature
        Rule: "OR('org1.admin')"
    AnchorPeers:
      - Host: peer0-org1-service
        Port: 7051

  - &org2
    Name: org2
    ID: org2
    MSPDir: crypto-config/peerOrganizations/org2/msp
    Policies:
      Readers:
        Type: Signature
        Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
      Writers:
        Type: Signature
        Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
      Admins:
        Type: Signature
        Rule: "OR('org2.admin')"
    AnchorPeers:
      - Host: peer0-org2-service
        Port: 7051

Capabilities:
  Channel: &ChannelCapabilities
    V1_4_3: true

  Orderer: &OrdererCapabilities
    V1_4_2: true

  Application: &ApplicationCapabilities
    V1_4_2: true

Application: &ApplicationDefaults
  Organizations:
    - *orderer
    - *org1
    - *org2

  Policies:
    Readers:
      Type: ImplicitMeta
      Rule: "ANY Readers"
    Writers:
      Type: ImplicitMeta
      Rule: "ANY Writers"
    Admins:
      Type: ImplicitMeta
      Rule: "ANY Admins"
    BlockValidation:
      Type: ImplicitMeta
      Rule: "ANY Writers"

  Capabilities:
    <<: *ApplicationCapabilities

Orderer: &OrdererDefaults

  OrdererType: etcdraft
  EtcdRaft:
    Consenters:
      - Host: orderer0-service
        Port: 7050
        ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
        ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
      - Host: orderer1-service
        Port: 7050
        ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
        ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
      - Host: orderer2-service
        Port: 7050
        ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
        ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
  Addresses:
    - orderer0-service:7050
    - orderer1-service:7050
    - orderer2-service:7050

  BatchTimeout: 1s
  BatchSize:
    MaxMessageCount: 10
    AbsoluteMaxBytes: 99 MB
    PreferredMaxBytes: 512 KB

  Kafka:
    Brokers:
      - 127.0.0.1:9092

  Organizations:
    - *orderer

  Policies:
    Readers:
      Type: ImplicitMeta
      Rule: "ANY Readers"
    Writers:
      Type: ImplicitMeta
      Rule: "ANY Writers"
    Admins:
      Type: ImplicitMeta
      Rule: "MAJORITY Admins"
    BlockValidation:
      Type: ImplicitMeta
      Rule: "ANY Writers"

Channel: &ChannelDefaults

  Policies:
    Readers:
      Type: ImplicitMeta
      Rule: "ANY Readers"
    Writers:
      Type: ImplicitMeta
      Rule: "ANY Writers"
    Admins:
      Type: ImplicitMeta
      Rule: "ANY Admins"

  Capabilities:
    <<: *ChannelCapabilities

Profiles:

  OrdererGenesis:
    <<: *ChannelDefaults
    Capabilities:
      <<: *ChannelCapabilities
    Orderer:
      <<: *OrdererDefaults
      Organizations:
        - *orderer
      Capabilities:
        <<: *OrdererCapabilities
    Application:
      <<: *ApplicationDefaults
      Organizations:
        - <<: *orderer
    Consortiums:
      MAIN:
        Organizations:
          - *org1
          - *org2

  MainChannel:
    <<: *ChannelDefaults
    Consortium: MAIN
    Application:
      <<: *ApplicationDefaults
      Organizations:
        - *org1
        - *org2
      Capabilities:
        <<: *ApplicationCapabilities
4

1 回答 1

1

这是正在发生的事情:

您通过创建联盟创建了一个system channel(即orderer genesis块) 。MAIN现在,系统通道是由当时的peer组织 MSP 创建的。随后,在网络启动后,您进入org1/users并创建了一个管理员身份。您更新了对等方的本地 MSP,但system channel从未更新过已经存在的 MSP。

可能的解决方案:

  1. org1/users在设置网络之前更新管理员凭据。
  2. admin2通过创建channel update事务,使用部署后的凭据更新系统通道配置。
  3. 启用 NodeOU,以便在网络部署后动态生成的任何管理员身份都可以执行admin相关事务。
于 2020-04-13T08:23:02.760 回答