创建频道时出错,但此策略需要满足 'Writers' 子策略中的 1 个:权限被拒绝
Error creating channel but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
我在创建频道时遇到错误:
Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
订货人说了以下内容
WARN 025 [channel: testchannel] Rejecting broadcast of config message from 192.168.0.121:39954 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
我在对等容器中使用这个命令:
export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/crypto-config/peer/msp/users/admin/msp/
peer channel create -c testchannel -f testchannel.tx --outputBlock testchannel.block --tls --cafile /etc/hyperledger/crypto-config/peer/tls-msp/cacerts/192-168-0-114-7054.pem -o 192.168.0.124:7050
我的频道政策如下:
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
我正在使用带有 3 个节点和 v 1.4.1 的 etcdraft
编辑 1:
我没有 CLI 容器,我应该从那个 CLI 容器做吗?
现在我正在从对等容器执行所有这些命令。
编辑 2:
如果我在管理员的msp文件夹中添加带有管理员证书的admincerts文件夹:
- 管理员
- msp
- 管理员证书
- 签名证书
- ...
我收到错误:
此政策需要满足 'Writers' 个子政策中的 1 个:权限被拒绝
但如果我不添加它,我会收到错误消息:
此策略需要满足 'Admins' 子策略中的 1 个:权限被拒绝
已修复,所以这是政策的问题。我不得不在 confitx.yml 编辑组织级别的政策。
我将任何成员添加为 reader 和作者,仅将管理员添加为管理员
- &Example
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Example
# ID to load the MSP definition as
ID: ExampleMSP
MSPDir: <pathtomsp>
Policies:
Readers:
Type: Signature
Rule: "OR('ExampleMSP.member')"
Writers:
Type: Signature
Rule: "OR('ExampleMSP.member')"
Admins:
Type: Signature
Rule: "OR('ExampleMSP.admin')"
我在创建频道时遇到错误:
Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
订货人说了以下内容
WARN 025 [channel: testchannel] Rejecting broadcast of config message from 192.168.0.121:39954 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
我在对等容器中使用这个命令:
export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/crypto-config/peer/msp/users/admin/msp/
peer channel create -c testchannel -f testchannel.tx --outputBlock testchannel.block --tls --cafile /etc/hyperledger/crypto-config/peer/tls-msp/cacerts/192-168-0-114-7054.pem -o 192.168.0.124:7050
我的频道政策如下:
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
我正在使用带有 3 个节点和 v 1.4.1 的 etcdraft
编辑 1:
我没有 CLI 容器,我应该从那个 CLI 容器做吗? 现在我正在从对等容器执行所有这些命令。
编辑 2:
如果我在管理员的msp文件夹中添加带有管理员证书的admincerts文件夹:
- 管理员
- msp
- 管理员证书
- 签名证书
- ...
- msp
我收到错误:
此政策需要满足 'Writers' 个子政策中的 1 个:权限被拒绝
但如果我不添加它,我会收到错误消息:
此策略需要满足 'Admins' 子策略中的 1 个:权限被拒绝
已修复,所以这是政策的问题。我不得不在 confitx.yml 编辑组织级别的政策。
我将任何成员添加为 reader 和作者,仅将管理员添加为管理员
- &Example
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Example
# ID to load the MSP definition as
ID: ExampleMSP
MSPDir: <pathtomsp>
Policies:
Readers:
Type: Signature
Rule: "OR('ExampleMSP.member')"
Writers:
Type: Signature
Rule: "OR('ExampleMSP.member')"
Admins:
Type: Signature
Rule: "OR('ExampleMSP.admin')"