在对等组织中实施组织单元标识符会导致排序者恐慌并退出
Implementation of Organization Unit Identifier in peer organisation causes orderer panic and exit
我正在尝试将新组织添加到同行组织 Org1MSP。我修改了存在于 msp 目录中的 config.yaml 文件。文件修改后内容如下:
OrganizationalUnitIdentifiers:
- Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: TEST
修改后,我生成了一个genesis.block和channel.tx。我正在使用 docker 到 bootstrap 我的网络。问题是当我 bootstrap 我的网络时,订购者抛出错误并退出。 orderer的日志如下:
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] satisfiesPrincipalInternalPreV13 -> DEBU 05b Checking if identity satisfies role [CLIENT] for Org1MSP
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] Validate -> DEBU 05c MSP Org1MSP validating identity
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05d MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05e MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05f MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.705 UTC [orderer/commmon/multichannel] newLedgerResources -> PANI 060 Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid: The identity is not valid under this MSP [Org1MSP]: could not validate identity's OUs: none of the identity's organizational units [[0xc4204e9ad0]] are in MSP Org1MSP
orderer.example.com | panic: Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid: The identity is not valid under this MSP [Org1MSP]: could not validate identity's OUs: none of the identity's organizational units [[0xc4204e9ad0]] are in MSP Org1MSP
orderer.example.com |
orderer.example.com | goroutine 1 [running]:
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc4200f0630, 0x0, 0x0, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:229 +0x4f4
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc42017a1e0, 0x4, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1, 0x0, 0x0, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0xf6
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(0xc42017a1e0, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159 +0x79
orderer.example.com | github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(0xc42017a1e8, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/common/flogging/zap.go:74 +0x60
orderer.example.com | github.com/hyperledger/fabric/orderer/common/multichannel.(*Registrar).newLedgerResources(0xc4202725a0, 0xc420178e60, 0xc420178e60)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/multichannel/registrar.go:256 +0x2ea
orderer.example.com | github.com/hyperledger/fabric/orderer/common/multichannel.NewRegistrar(0xea36a0, 0xc42000c3a0, 0xc4202567b0, 0xe9b060, 0x15a78b0, 0xc42017a2f0, 0x1, 0x1, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/multichannel/registrar.go:142 +0x312
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.initializeMultichannelRegistrar(0xc420100580, 0xe9b060, 0x15a78b0, 0xc42017a2f0, 0x1, 0x1, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:258 +0x250
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.Start(0xdf7a5a, 0x5, 0xc420100580)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:96 +0x226
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.Main()
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:75 +0x1d6
orderer.example.com | main.main()
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/main.go:15 +0x20
orderer.example.com exited with code 2
我正在使用 Hyperledger Fabric v1.3
可以在这里找到完整的日志:https://hastebin.com/ujiluvupox.php
如果您有任何建议,请告诉我。
任何 help/comment 将不胜感激。
所以,我认为问题出在加密 material 上。如果您在 MSP 配置中启用 NodeOU,则在使用 cryptogen 生成加密 material 时也必须启用它。请看一下https://github.com/hyperledger/fabric/blob/a980c8f659051280c4e71f92fc6808ccff49e5d1/common/tools/cryptogen/main.go#L108 and https://github.com/hyperledger/fabric/blob/a980c8f659051280c4e71f92fc6808ccff49e5d1/common/tools/cryptogen/main.go#L192。希望这可以帮助。
在 MSP 中对 config.yaml 文件的编辑要求 cacerts/ca.org1.example.com-cert.pem 颁发的所有证书都具有 OU TEST.
如果您使用类似以下内容检查 MSP 目录中的管理员证书:
openssl x509 -noout -text -in msp/admincerts/Admin\@org1.example.com-cert.pem | grep OU
您应该能够看到证书的 OU。很可能,您的管理员证书没有设置此 OU,因此它不被认为是由您的 MSP 有效颁发的(因此,在 bootstrap 上设置 MSP 时出错)。
如果您使用 cryptogen bootstrapping 您的网络,那么您应该编辑 crypto-config.yaml 文件。在您的组织下,添加一个 CA 元素和一个 OrganizationalUnit: <YOUR_OU> 子元素。例如:
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
CA:
OrganizationalUnit: TEST
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
我还要注意,如果您使用 cryptogen 来 bootstrapping 您的环境,那么很可能不需要在 MSP 的 config.yaml 文件中使用 OU。在尝试与现有组织的 CA 服务器集成时,从您的 CA 请求特定的 OU 是最有用的,这可能会颁发用于其他目的的证书,但并非所有证书都应该对 Fabric 有效。
我正在尝试将新组织添加到同行组织 Org1MSP。我修改了存在于 msp 目录中的 config.yaml 文件。文件修改后内容如下:
OrganizationalUnitIdentifiers:
- Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: TEST
修改后,我生成了一个genesis.block和channel.tx。我正在使用 docker 到 bootstrap 我的网络。问题是当我 bootstrap 我的网络时,订购者抛出错误并退出。 orderer的日志如下:
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] satisfiesPrincipalInternalPreV13 -> DEBU 05b Checking if identity satisfies role [CLIENT] for Org1MSP
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] Validate -> DEBU 05c MSP Org1MSP validating identity
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05d MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05e MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05f MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.705 UTC [orderer/commmon/multichannel] newLedgerResources -> PANI 060 Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid: The identity is not valid under this MSP [Org1MSP]: could not validate identity's OUs: none of the identity's organizational units [[0xc4204e9ad0]] are in MSP Org1MSP
orderer.example.com | panic: Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid: The identity is not valid under this MSP [Org1MSP]: could not validate identity's OUs: none of the identity's organizational units [[0xc4204e9ad0]] are in MSP Org1MSP
orderer.example.com |
orderer.example.com | goroutine 1 [running]:
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc4200f0630, 0x0, 0x0, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:229 +0x4f4
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc42017a1e0, 0x4, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1, 0x0, 0x0, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0xf6
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(0xc42017a1e0, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159 +0x79
orderer.example.com | github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(0xc42017a1e8, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/common/flogging/zap.go:74 +0x60
orderer.example.com | github.com/hyperledger/fabric/orderer/common/multichannel.(*Registrar).newLedgerResources(0xc4202725a0, 0xc420178e60, 0xc420178e60)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/multichannel/registrar.go:256 +0x2ea
orderer.example.com | github.com/hyperledger/fabric/orderer/common/multichannel.NewRegistrar(0xea36a0, 0xc42000c3a0, 0xc4202567b0, 0xe9b060, 0x15a78b0, 0xc42017a2f0, 0x1, 0x1, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/multichannel/registrar.go:142 +0x312
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.initializeMultichannelRegistrar(0xc420100580, 0xe9b060, 0x15a78b0, 0xc42017a2f0, 0x1, 0x1, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:258 +0x250
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.Start(0xdf7a5a, 0x5, 0xc420100580)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:96 +0x226
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.Main()
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:75 +0x1d6
orderer.example.com | main.main()
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/main.go:15 +0x20
orderer.example.com exited with code 2
我正在使用 Hyperledger Fabric v1.3
可以在这里找到完整的日志:https://hastebin.com/ujiluvupox.php
如果您有任何建议,请告诉我。 任何 help/comment 将不胜感激。
所以,我认为问题出在加密 material 上。如果您在 MSP 配置中启用 NodeOU,则在使用 cryptogen 生成加密 material 时也必须启用它。请看一下https://github.com/hyperledger/fabric/blob/a980c8f659051280c4e71f92fc6808ccff49e5d1/common/tools/cryptogen/main.go#L108 and https://github.com/hyperledger/fabric/blob/a980c8f659051280c4e71f92fc6808ccff49e5d1/common/tools/cryptogen/main.go#L192。希望这可以帮助。
在 MSP 中对 config.yaml 文件的编辑要求 cacerts/ca.org1.example.com-cert.pem 颁发的所有证书都具有 OU TEST.
如果您使用类似以下内容检查 MSP 目录中的管理员证书:
openssl x509 -noout -text -in msp/admincerts/Admin\@org1.example.com-cert.pem | grep OU
您应该能够看到证书的 OU。很可能,您的管理员证书没有设置此 OU,因此它不被认为是由您的 MSP 有效颁发的(因此,在 bootstrap 上设置 MSP 时出错)。
如果您使用 cryptogen bootstrapping 您的网络,那么您应该编辑 crypto-config.yaml 文件。在您的组织下,添加一个 CA 元素和一个 OrganizationalUnit: <YOUR_OU> 子元素。例如:
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
CA:
OrganizationalUnit: TEST
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
我还要注意,如果您使用 cryptogen 来 bootstrapping 您的环境,那么很可能不需要在 MSP 的 config.yaml 文件中使用 OU。在尝试与现有组织的 CA 服务器集成时,从您的 CA 请求特定的 OU 是最有用的,这可能会颁发用于其他目的的证书,但并非所有证书都应该对 Fabric 有效。