我正在尝试注册&注册管理员以执行对等操作。这是bash代码:
#!/bin/bash
user="$1"
pass="$2"
org="$3"
type="$4"
tlscerts="/chainset/hyperledger-config/crypto-config/ordererOrganizations/default.svc.cluster.local/msp/tlscacerts/ca-root-7054.pem"
fabric-ca-client enroll -u http://admin:adminpw@ca-root:7054
fabric-ca-client register --id.name ${user} --id.secret ${pass} --id.type ${type} --id.affiliation ${org} --id.attrs 'hf.Revoker=true,admin=true:ecert' -u http://ca-root:7054 --tls.certfiles ${tlscerts}
export FABRIC_CA_CLIENT_HOME=/chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/
fabric-ca-client enroll -u http://${user}:${pass}@ca-root:7054 --id.affiliation ${org} --tls.certfiles ${tlscerts}
mv /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/cert.pem /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/${user}@${org}-cert.pem
mkdir /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/
cp /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/* /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/
当我试图创建一个新的频道时,我得到了这个错误:
Description: error validating channel creation transaction for new channel 'newchannelf', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
这是我的configtx.yml配置。我不知道是这个配置文件中的策略有问题,还是我没有注册&正确注册用户。
Organizations:
- &orderer
Name: orderer
ID: orderer
MSPDir: crypto-config/ordererOrganizations/default.svc.cluster.local/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orderer.member')"
Writers:
Type: Signature
Rule: "OR('orderer.member')"
Admins:
Type: Signature
Rule: "OR('orderer.admin')"
- &org1
Name: org1
ID: org1
MSPDir: crypto-config/peerOrganizations/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Writers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Admins:
Type: Signature
Rule: "OR('org1.admin')"
AnchorPeers:
- Host: peer0-org1-service
Port: 7051
- &org2
Name: org2
ID: org2
MSPDir: crypto-config/peerOrganizations/org2/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Writers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Admins:
Type: Signature
Rule: "OR('org2.admin')"
AnchorPeers:
- Host: peer0-org2-service
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
Orderer: &OrdererCapabilities
V1_4_2: true
Application: &ApplicationCapabilities
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
- *orderer
- *org1
- *org2
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
- Host: orderer1-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
- Host: orderer2-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
Addresses:
- orderer0-service:7050
- orderer1-service:7050
- orderer2-service:7050
BatchTimeout: 1s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
- *orderer
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *orderer
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *orderer
Consortiums:
MAIN:
Organizations:
- *org1
- *org2
MainChannel:
<<: *ChannelDefaults
Consortium: MAIN
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
这就是正在发生的事情:
您通过创建MAIN联盟创建了system channel(即orderer genesis块(。现在,系统通道是与peer组织MSP一起创建的。接下来,在网络启动后,您进入org1/users并创建一个管理员身份。您更新了对等方的本地MSP,但已存在的system channel从未更新。
可能的解决方案:
- 在设置网络之前更新
org1/users中的管理员凭据 - 通过创建
channel update事务,在部署后使用admin2凭据更新系统通道配置 - 启用NodeOU,以便在网络部署后动态生成的任何管理员身份都可以执行与
admin相关的事务