TL;DR如何解决这个错误:;创建通道时出错:策略不满足"?
故障排除问题我有:
- orderTLSHostnameOverride使用什么值
- 策略规则中应使用哪些名称
- 它们应该首先在哪里定义
- 我的CLI中是否缺少/使用了错误的环境变量
- 除了configtx.yaml,我还应该在哪里查找问题
更新2020-9-22BNikhil Gupta表示,这是用于提交请求的证书的问题。
在更深入地查看了Orderer服务器日志后,我发现了确认:
2020-09-22 22:09:54.351 UTC [policies] SignatureSetToValidIdentities -> WARN 471 invalid identity: certificate subject=CN=peer0.org1.example.com,OU=COP,L=San Francisco,ST=California,C=US serialnumber=268337738708423250738667250199689187829 error="the supplied identity is not valid: x509: certificate signed by unknown authority"
奇怪的是,我从来没有使用过CN值";peer0.org1.example.com;(我清空了我的整个项目目录——我一次也没用过这个名字!(
在这篇文章之后,尝试拉取系统生成块来检查所使用的根证书,但得到了一个Expect block, but got status: &{FORBIDDEN}错误。我相信这意味着我的MSP有问题(参考文献1和2(。
我想知道这是否是由我的Peer和Orderer节点各自使用自己的CA引起的?
更新2020-9-22A我尝试使用admincert而不是NodeOU,认为这可以帮助我解决问题。相反,我得到了一个错误:;当没有设置管理员ou分类时,必须声明管理员">
(我将对等管理员用户signcerts cert.pem复制到organizations/ordererOrganizations/ORG/msp/admincerts文件夹,以及对订单管理员执行了相同操作。(
我正试图在一个新的自定义网络上创建一个结构通道(根据本文使用CLI(,但收到以下错误:
/Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied.
这是我用来创建通道的命令:
peer channel create -o $host:1050 -c $CHANNEL_NAME --ordererTLSHostnameOverride OEM_Orderer -f ./channel-artifacts/${CHANNEL_NAME}.tx --outputBlock ./channel-artifacts/${CHANNEL_NAME}.block --tls --cafile $ORDERER_CA
我不确定我是否使用了";orderTLSHostnameOverride"(我尝试过使用Orderer Docker Service名称、Orderer MSPID和Orderer Org名称。(
以下是输出的相关部分:
2020-09-18 19:30:45.877 UTC [grpc] WithKeepaliveParams -> DEBU 030 Adjusting keepalive ping interval to minimum period of 10s
2020-09-18 19:30:45.877 UTC [grpc] Infof -> DEBU 031 parsed scheme: ""
2020-09-18 19:30:45.877 UTC [grpc] Infof -> DEBU 032 scheme "" not registered, fallback to default scheme
2020-09-18 19:30:45.878 UTC [grpc] Infof -> DEBU 033 ccResolverWrapper: sending update to cc: {[{oem.scm.cloudns.asia:1050 <nil> 0 <nil>}] <nil> <nil>}
2020-09-18 19:30:45.878 UTC [grpc] Infof -> DEBU 034 ClientConn switching balancer to "pick_first"
2020-09-18 19:30:45.878 UTC [grpc] Infof -> DEBU 035 Channel switches to new LB policy "pick_first"
2020-09-18 19:30:45.879 UTC [grpc] Infof -> DEBU 036 Subchannel Connectivity change to CONNECTING
2020-09-18 19:30:45.879 UTC [grpc] Infof -> DEBU 037 Subchannel picks a new address "oem.scm.cloudns.asia:1050" to connect
2020-09-18 19:30:45.880 UTC [grpc] UpdateSubConnState -> DEBU 038 pickfirstBalancer: HandleSubConnStateChange: 0xc0004bdbe0, {CONNECTING <nil>}
2020-09-18 19:30:45.880 UTC [grpc] Infof -> DEBU 039 Channel Connectivity change to CONNECTING
2020-09-18 19:30:45.888 UTC [grpc] Infof -> DEBU 03a Subchannel Connectivity change to READY
2020-09-18 19:30:45.888 UTC [grpc] UpdateSubConnState -> DEBU 03b pickfirstBalancer: HandleSubConnStateChange: 0xc0004bdbe0, {READY <nil>}
2020-09-18 19:30:45.889 UTC [grpc] Infof -> DEBU 03c Channel Connectivity change to READY
Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'supply-chain-network', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
与此输出相关的其他问题:
- 是否"DEBU 032方案"未注册、回退到默认方案";表示无法使用我定义的策略
- 这句话似乎表明了一个问题:;DEBU 038 pickfirstBalancer:HandleSubConnStateChange:0xc0004bdbe0,{CONNECTING}">
Configtx.yaml:(结尾的一些行被注释掉以进行故障排除(
1 # Copyright IBM Corp. All Rights Reserved.
2 #
3 # SPDX-License-Identifier: Apache-2.0
4 #
5 # Pulled from: https://raw.githubusercontent.com/hyperledger/fabric/master/sampleconfig/configtx.yaml
6 ---
7 ################################################################################
8 #
9 # ORGANIZATIONS
10 #
11 # This section defines the organizational identities that can be referenced
12 # in the configuration profiles.
13 #
14 ################################################################################
15 Organizations:
16
17 - &Orderer-OEM
18 Name: Orderer-OEM
19 SkipAsForeign: false
20 ID: Orderer-OEM-MSP
21 MSPDir: ./organizations/ordererOrganizations/OEM/msp/
22 Policies: &Orderer-OEMPolicies
23 Readers:
24 Type: Signature
25 Rule: "OR('Orderer-OEM-MSP.member')"
26 Writers:
27 Type: Signature
28 Rule: "OR('Orderer-OEM-MSP.member')"
29 Admins:
30 Type: Signature
31 Rule: "OR('Orderer-OEM-MSP.admin')"
32 Endorsement:
33 Type: Signature
34 Rule: "OR('Orderer-OEM-MSP.member')"
35 OrdererEndpoints:
36 - OEM_Orderer:1050
37
38 - &OEM
39 Name: OEM
40 SkipAsForeign: false
41 ID: OEM-MSP
42 MSPDir: ./organizations/peerOrganizations/OEM/msp/
43 Policies: &OEMPolicies
44 Readers:
45 Type: Signature
46 Rule: "OR('OEM-MSP.admin','OEM-MSP.peer','OEM-MSP.client')"
47 Writers:
48 Type: Signature
49 Rule: "OR('OEM-MSP.admin','OEM-MSP.client')"
50 Admins:
51 Type: Signature
52 Rule: "OR('OEM-MSP.admin')"
53 Endorsement:
54 Type: Signature
55 Rule: "OR('OEM-MSP.peer')"
56 AnchorPeers:
57 - Host: $host
58 Port: 1051
59
60
61 - &S11
62 Name: S11
63 SkipAsForeign: false
64 ID: S11-MSP
65 MSPDir: ./organizations/peerOrganizations/S11/msp
66 Policies: &S11Policies
67 Readers:
68 Type: Signature
69 Rule: "OR('S11-MSP.admin','S11-MSP.peer','S11-MSP.client')"
70 Writers:
71 Type: Signature
72 Rule: "OR('S11-MSP.admin','S11-MSP.client')"
73 Admins:
74 Type: Signature
75 Rule: "OR('S11-MSP.admin')"
76 Endorsement:
77 Type: Signature
78 Rule: "OR('S11-MSP.peer')"
79 AnchorPeers:
80 - Host: $host2
81 Port: 1051
82
83
84
85 Capabilities:
86 Channel: &ChannelCapabilities
87 V2_0: true
88
89 Orderer: &OrdererCapabilities
90 V2_0: true
91
92 Application: &ApplicationCapabilities
93 V2_0: true
94
95 ################################################################################
96 #
97 # APPLICATION
98 #
99 # This section defines the values to encode into a config transaction or
100 # genesis block for application-related parameters.
101 #
102 ################################################################################
103 Application: &ApplicationDefaults #policy defaults for system resources
104 ACLs: &ACLsDefault
105
106 _lifecycle/CheckCommitReadiness: /Channel/Application/Writers
107 _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
108 _lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
109 _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers
110 lscc/ChaincodeExists: /Channel/Application/Readers
111 lscc/GetDeploymentSpec: /Channel/Application/Readers
112 lscc/GetChaincodeData: /Channel/Application/Readers
113 lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
114 qscc/GetChainInfo: /Channel/Application/Readers
115 qscc/GetBlockByNumber: /Channel/Application/Readers
116 qscc/GetBlockByHash: /Channel/Application/Readers
117 qscc/GetTransactionByID: /Channel/Application/Readers
118 qscc/GetBlockByTxID: /Channel/Application/Readers
119 cscc/GetConfigBlock: /Channel/Application/Readers
120 peer/Propose: /Channel/Application/Writers
121 peer/ChaincodeToChaincode: /Channel/Application/Writers
122 event/Block: /Channel/Application/Readers
123 event/FilteredBlock: /Channel/Application/Readers
124
125 Organizations: # lists the orgs participating on the application side of the network.
126 - *OEM
127 - *S11
128
129 # Policies defines the set of policies at this level of the config tree
130 # For Application policies, their canonical path is
131 # /Channel/Application/<PolicyName>
132 Policies: &ApplicationDefaultPolicies
133 LifecycleEndorsement:
134 Type: ImplicitMeta
135 Rule: "MAJORITY Endorsement"
136 Endorsement:
137 Type: ImplicitMeta
138 Rule: "MAJORITY Endorsement"
139 Readers:
140 Type: ImplicitMeta
141 Rule: "ANY Readers"
142 Writers:
143 Type: ImplicitMeta
144 Rule: "ANY Writers"
145 Admins:
146 Type: ImplicitMeta
147 Rule: "MAJORITY Admins"
148
149 # Capabilities describes the application level capabilities, see the
150 # dedicated Capabilities section elsewhere in this file for a full
151 # description
152 Capabilities:
153 <<: *ApplicationCapabilities
154
155 ################################################################################
156 #
157 # ORDERER
158 #
159 # This section defines the values to encode into a config transaction or
160 # genesis block for orderer related parameters.
161 #
162 ################################################################################
163 Orderer: &OrdererDefaults
164
165 OrdererType: solo
166
167 BatchTimeout: 2s
168
169 BatchSize:
170
171 MaxMessageCount: 500
172
173 AbsoluteMaxBytes: 10 MB
174
175 PreferredMaxBytes: 2 MB
176
177 MaxChannels: 0 #0=unlimited number of channels allowed
178
179
180 # EtcdRaft defines configuration which must be set when the "etcdraft"
181 # orderertype is chosen.
182 EtcdRaft:
183 # The set of Raft replicas for this network. For the etcd/raft-based
184 # implementation, we expect every replica to also be an OSN. Therefore,
185 # a subset of the host:port items enumerated in this list should be
186 # replicated under the Orderer.Addresses key above.
187 Consenters:
188 - Host: Orderer-OEM
189 Port: 1050
190 ClientTLSCert: ./organizations/ordererOrganizations/OEM/orderers/Orderer2/tls/server.crt
191 ServerTLSCert: ./organizations/ordererOrganizations/OEM/orderers/Orderer2/tls/server.crt
192 # - Host: Orderer-S11
193 # Port: 7050
194 # ClientTLSCert: ./organizations/ordererOrganizations/S11/orderers/Orderer1/tls/server.crt
195 # ServerTLSCert: ./organizations/ordererOrganizations/S11/orderers/Orderer1/tls/server.crt
196 # - Host: raft2.example.com
197 # Port: 7050
198 # ClientTLSCert: path/to/ClientTLSCert2
199 # ServerTLSCert: path/to/ServerTLSCert2
200
201 Options:
202 TickInterval: 500ms
203
204 ElectionTick: 10
205
206 HeartbeatTick: 1
207
208 MaxInflightBlocks: 5
209
210 SnapshotIntervalSize: 16 MB
211
212 # Organizations lists the orgs participating on the orderer side of the
213 # network.
214 Organizations:
215
216 # Policies defines the set of policies at this level of the config tree
217 # For Orderer policies, their canonical path is
218 # /Channel/Orderer/<PolicyName>
219 Policies:
220 Readers:
221 Type: ImplicitMeta
222 Rule: "ANY Readers"
223 Writers:
224 Type: ImplicitMeta
225 Rule: "ANY Writers"
226 Admins:
227 Type: ImplicitMeta
228 Rule: "MAJORITY Admins"
229 # BlockValidation specifies what signatures must be included in the block
230 # from the orderer for the peer to validate it.
231 BlockValidation:
232 Type: ImplicitMeta
233 Rule: "ANY Writers"
234
235 Capabilities:
236 <<: *OrdererCapabilities
237
238 ################################################################################
239 #
240 # CHANNEL
241 #
242 # This section defines the values to encode into a config transaction or
243 # genesis block for channel related parameters.
244 #
245 ################################################################################
246 Channel: &ChannelDefaults
247 # Policies defines the set of policies at this level of the config tree
248 # For Channel policies, their canonical path is
249 # /Channel/<PolicyName>
250 Policies:
251 # Who may invoke the 'Deliver' API
252 Readers:
253 Type: ImplicitMeta
254 Rule: "ANY Readers"
255 # Who may invoke the 'Broadcast' API
256 Writers:
257 Type: ImplicitMeta
258 Rule: "ANY Writers"
259 # By default, who may modify elements at this config level
260 Admins:
261 Type: ImplicitMeta
262 Rule: "MAJORITY Admins"
263
264
265 # Capabilities describes the channel level capabilities, see the
266 # dedicated Capabilities section elsewhere in this file for a full
267 # description
268 Capabilities:
269 <<: *ChannelCapabilities
270
271 ################################################################################
272 #
273 # PROFILES
274 #
275 # Different configuration profiles may be encoded here to be specified as
276 # parameters to the configtxgen tool. The profiles which specify consortiums
277 # are to be used for generating the orderer genesis block. With the correct
278 # consortium members defined in the orderer genesis block, channel creation
279 # requests may be generated with only the org member names and a consortium
280 # name.
281 #
282 ################################################################################
283 Profiles:
284
285 # SampleDevModeEtcdRaft defines a configuration that differs from the
286 # SampleDevModeSolo one only in that it uses the etcd/raft-based orderer.
287 SampleDevModeEtcdRaft:
288 <<: *ChannelDefaults
289 Orderer:
290 <<: *OrdererDefaults
291 OrdererType: etcdraft
292 Organizations:
293 - <<: *Orderer-OEM
294 Policies:
295 <<: *Orderer-OEMPolicies
296 Admins:
297 Type: Signature
298 Rule: "OR('Orderer-OEM-MSP.admin')"
299 # Rule: "OR('Orderer-OEM.admin')"
300 Application:
301 <<: *ApplicationDefaults
302 Organizations:
303 - <<: *OEM
304 # - <<: *S11
305 Policies:
306 <<: *OEMPolicies
307 Admins:
308 Type: Signature
309 # Rule: "OR('OEM-MSP.admin','S11-MSP.admin')"
310 Rule: "OR('OEM-MSP.admin')"
311 # Rule: "OR('OEM.admin')"
312 Consortiums:
313 SupplyChain:
314 Organizations:
315 - <<: *OEM
316 # - <<: *S11
317 Policies:
318 <<: *OEMPolicies
319 Admins:
320 Type: Signature
321 # Rule: "OR('OEM-MSP.admin','S11-MSP.admin')"
322 Rule: "OR('OEM-MSP.admin')"
323 # Rule: "OR('OEM.admin')"
324
325 SampleSupplyChainChannel:
326 Consortium: SupplyChain
327 <<: *ChannelDefaults
328 Application:
329 <<: *ApplicationDefaults
330 Organizations:
331 - <<: *OEM
332 # - <<: *S11
333 # Policies:
334 # <<: *OEMPolicies
335 # Admins:
336 # Type: Signature
337 # Rule: "OR('OEM-MSP.admin','S11-MSP.admin')"
Peer、Orderer和cli的Docker文件:
1 version: '3.8'
2
3 services:
4
5 Peer:
6 image: hyperledger/fabric-peer:2.2
7 ports:
8 - "8051:8051"
9 networks:
10 - scm-test
11 #depends_on: #is ignored when deploying a stack in swarm mode
12 # - Orderer
13 deploy: #options may be removed if not required
14 mode: replicated #global=1 container/node; replicated=specific # distributed per requirements
15 replicas: 1 #can only be used with replicated mode
16 placement:
17 constraints:
18 - "node.role==manager"
19 - "node.hostname==OEM"
20 #max_replicas_per_node: 1
21 endpoint_mode: vip #options are vip (virtual IP) or dnsrr (DNS round-robin)
22 environment:
23 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
24 - FABRIC_LOGGING_SPEC=DEBUG #change to INFO if too verbose (once working)
25 - CORE_Peer_TLS_ENABLED=true
26 - CORE_Peer_PROFILE_ENABLED=true
27 - CORE_Peer_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
28 - CORE_Peer_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
29 - CORE_Peer_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
30 # Peer specific variables
31 - CORE_Peer_ID=Peer2
32 - CORE_Peer_ADDRESS=$host:8051
33 - CORE_Peer_LISTENADDRESS=0.0.0.0:8051
34 - CORE_Peer_CHAINCODEADDRESS=$host:8052
35 - CORE_Peer_CHAINCODELISTENADDRESS=0.0.0.0:8052
36 - CORE_Peer_GOSSIP_BOOTSTRAP=$host:8051
37 - CORE_Peer_GOSSIP_EXTERNALENDPOINT=$host:8051
38 - CORE_Peer_LOCALMSPID=OEM-MSP
39 command: peer node start
40 volumes:
41 - /var/run/:/host/var/run/
42 - ./organizations/peerOrganizations/$ORG/peers/$Peer2/msp:/etc/hyperledger/fabric/msp
43 - ./organizations/peerOrganizations/$ORG/peers/$Peer2/tls:/etc/hyperledger/fabric/tls
44 - ./organizations/peerOrganizations/$ORG/peers/$Peer2/peerData:/var/hyperledger/production
45 # working_dir:
46 container_name: Peer2 #is ignored when deploying a stack in swarm mode
47
48
49 Orderer:
50 image: hyperledger/fabric-orderer:2.2
51 ports:
52 - "1050:1050"
53 networks:
54 - scm-test
55 deploy: #options may be removed if not required
56 mode: replicated #global=1 container/node; replicated=specific # distributed per requirements
57 replicas: 1 #can only be used with replicated mode
58 placement:
59 constraints:
60 - "node.role==manager"
61 - "node.hostname==OEM"
62 endpoint_mode: vip #options are vip (virtual IP) or dnsrr (DNS round-robin)
63 environment:
64 - FABRIC_LOGGING_SPEC=DEBUG
65 - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
66 - ORDERER_GENERAL_LISTENPORT=1050
67 - ORDERER_GENERAL_GENESISMETHOD=file
68 - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block/genesis_block.pb
69 - ORDERER_GENERAL_LOCALMSPID=Orderer-OEM-MSP
70 - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
71 - ORDERER_GENERAL_TLS_ENABLED=true
72 - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
73 - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
74 - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
75 - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
76 - ORDERER_KAFKA_VERBOSE=true
77 - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
78 - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
79 - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
80 command: orderer
81 volumes:
82 - ./system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
83 - ./organizations/ordererOrganizations/$ORG/orderers/$Orderer2/msp:/var/hyperledger/orderer/msp
84 - ./organizations/ordererOrganizations/$ORG/orderers/$Orderer2/tls/:/var/hyperledger/orderer/tls
85 - ./organizations/ordererOrganizations/$ORG/orderers/$Orderer2/ordererData:/var/hyperledger/production/orderer
86 container_name: Orderer2 #is ignored when deploying a stack in swarm mode
87
88
89 cli:
90 image: hyperledger/fabric-tools:2.2
91 networks:
92 - scm-test
93 depends_on: #is ignored when deploying a stack in swarm mode
94 - Peer
95 deploy: #options may be removed if not required
96 mode: replicated #global=1 container/node; replicated=specific # distributed per requirements
97 replicas: 1 #can only be used with replicated mode
98 placement:
99 constraints:
100 - "node.role==manager"
101 - "node.hostname==OEM"
102 #max_replicas_per_node: 1
103 endpoint_mode: vip #options are vip (virtual IP) or dnsrr (DNS round-robin)
104 tty: true
105 stdin_open: true
106 environment:
107 - GOPATH=/opt/gopath
108 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
109 - FABRIC_LOGGING_SPEC=DEBUG #change to INFO if too verbose (once working)
110 - CORE_Peer_ID=cli
111 - CORE_Peer_ADDRESS=$host:8051
112 - CORE_PEER_LOCALMSPID=OEM-MSP
113 # - CORE_Peer_mspConfigPath=/etc/hyperledger/AdminMsp
114 # - CORE_Peer_mspConfigPath=/etc/hyperledger/organizations/ordererOrganizations/$ORG/users/Admin@${$Orderer2}/msp/
115 - CORE_Peer_mspConfigPath=/etc/hyperledger/organizations/peerOrganizations/$ORG/users/Admin@${ORG}/msp/
116 - CORE_CHAINCODE_KEEPALIVE=10
117 - CORE_Peer_TLS_ENABLED=true
118 - CORE_Peer_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
119 - CORE_Peer_PROFILE_ENABLED=true
120 - CORE_Peer_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
121 - CORE_Peer_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
122 - CORE_Peer_LISTENADDRESS=0.0.0.0:8051
123 - CORE_Peer_CHAINCODEADDRESS=$host:8052
124 - CORE_Peer_CHAINCODELISTENADDRESS=0.0.0.0:8052
125 - CORE_Peer_GOSSIP_BOOTSTRAP=$host:8051
126 - CORE_Peer_GOSSIP_EXTERNALENDPOINT=$host:8051
127 #Environment varibles used for channel creation:
128 - ORDERER_CA=/etc/hyperledger/fabric/organizations/ordererOrganizations/$ORG/orderers/$Orderer2/msp/tlscacerts/tlsca.${Orderer2}-cert.pem #WARNING hardcoded
129 - host=$host
130 - ORG=$ORG
131 - orgmsp=Orderer-OEM-MSP #WARNING HARDCODED!
132 - CHANNEL_NAME=supply-chain-network #WARNING HARDCODED!
133 command: /bin/bash
134 volumes:
135 - /var/run/:/host/var/run/
136 - ./organizations/peerOrganizations:/etc/hyperledger/fabric/organizations/peerOrganizations
137 - ./organizations/ordererOrganizations:/etc/hyperledger/fabric/organizations/ordererOrganizations
138 - ./organizations/peerOrganizations/$ORG/peers/$Peer2/tls:/etc/hyperledger/fabric/tls
139 - ./channel-artifacts:/etc/hyperledger/fabric/channel-artifacts
140 working_dir: /etc/hyperledger/fabric/
141
142
143 networks:
144 scm-test:
145 external: true #true indicates network has been created outside of compose; compose does not attempt to create it
由于您的错误表明不满足Admin子策略,这可能表明您试图以非Admin用户的身份创建频道。可以尝试向"管理员"提供附加的管理参数;对等信道创建";
--clientauth --keyfile $ORDERER_CONF/Admin@${ORGANIZATION}/tls/client.key
--certfile $ORDERER_CONF/Admin@${ORGANIZATION}/tls/client.crt
可以在orderOrganizations/..中找到这些证书。。