Hyperledger Fabric 注册和注册管理员不工作
Hyperledger Fabric enroll & register admin not working
我正在尝试注册管理员以执行对等操作。
这是 bash 代码:
#!/bin/bash
user=""
pass=""
org=""
type=""
tlscerts="/chainset/hyperledger-config/crypto-config/ordererOrganizations/default.svc.cluster.local/msp/tlscacerts/ca-root-7054.pem"
fabric-ca-client enroll -u http://admin:adminpw@ca-root:7054
fabric-ca-client register --id.name ${user} --id.secret ${pass} --id.type ${type} --id.affiliation ${org} --id.attrs 'hf.Revoker=true,admin=true:ecert' -u http://ca-root:7054 --tls.certfiles ${tlscerts}
export FABRIC_CA_CLIENT_HOME=/chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/
fabric-ca-client enroll -u http://${user}:${pass}@ca-root:7054 --id.affiliation ${org} --tls.certfiles ${tlscerts}
mv /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/cert.pem /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/${user}@${org}-cert.pem
mkdir /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/
cp /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/* /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/
当我尝试创建新频道时出现此错误:
Description: error validating channel creation transaction for new channel 'newchannelf', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
这是我的 configtx.yml 配置。我不知道是这个配置文件中的策略有问题还是我没有正确注册和注册用户。
Organizations:
- &orderer
Name: orderer
ID: orderer
MSPDir: crypto-config/ordererOrganizations/default.svc.cluster.local/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orderer.member')"
Writers:
Type: Signature
Rule: "OR('orderer.member')"
Admins:
Type: Signature
Rule: "OR('orderer.admin')"
- &org1
Name: org1
ID: org1
MSPDir: crypto-config/peerOrganizations/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Writers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Admins:
Type: Signature
Rule: "OR('org1.admin')"
AnchorPeers:
- Host: peer0-org1-service
Port: 7051
- &org2
Name: org2
ID: org2
MSPDir: crypto-config/peerOrganizations/org2/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Writers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Admins:
Type: Signature
Rule: "OR('org2.admin')"
AnchorPeers:
- Host: peer0-org2-service
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
Orderer: &OrdererCapabilities
V1_4_2: true
Application: &ApplicationCapabilities
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
- *orderer
- *org1
- *org2
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
- Host: orderer1-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
- Host: orderer2-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
Addresses:
- orderer0-service:7050
- orderer1-service:7050
- orderer2-service:7050
BatchTimeout: 1s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
- *orderer
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *orderer
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *orderer
Consortiums:
MAIN:
Organizations:
- *org1
- *org2
MainChannel:
<<: *ChannelDefaults
Consortium: MAIN
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
这是正在发生的事情:
您通过创建 MAIN 联盟创建了一个 system channel(即 orderer genesis 区块)。现在系统频道是在那个时候用 peer 组织 MSP 创建的。接下来,在网络启动后,您进入 org1/users 并创建了一个管理员身份。您更新了对等方的本地 MSP,但已经存在的 system channel 从未更新过。
可能的解决方案:
- 在设置网络之前
org1/users 内更新管理员凭据。
- 通过创建
channel update 交易,使用 admin2 凭据 post 部署更新系统通道配置。
- 启用 NodeOU,以便动态生成的任何管理员身份 post 网络部署可以执行
admin 相关事务。
我正在尝试注册管理员以执行对等操作。 这是 bash 代码:
#!/bin/bash
user=""
pass=""
org=""
type=""
tlscerts="/chainset/hyperledger-config/crypto-config/ordererOrganizations/default.svc.cluster.local/msp/tlscacerts/ca-root-7054.pem"
fabric-ca-client enroll -u http://admin:adminpw@ca-root:7054
fabric-ca-client register --id.name ${user} --id.secret ${pass} --id.type ${type} --id.affiliation ${org} --id.attrs 'hf.Revoker=true,admin=true:ecert' -u http://ca-root:7054 --tls.certfiles ${tlscerts}
export FABRIC_CA_CLIENT_HOME=/chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/
fabric-ca-client enroll -u http://${user}:${pass}@ca-root:7054 --id.affiliation ${org} --tls.certfiles ${tlscerts}
mv /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/cert.pem /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/${user}@${org}-cert.pem
mkdir /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/
cp /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/signcerts/* /chainset/hyperledger-config/crypto-config/peerOrganizations/${org}/users/${user}@${org}/msp/admincerts/
当我尝试创建新频道时出现此错误:
Description: error validating channel creation transaction for new channel 'newchannelf', could not successfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
这是我的 configtx.yml 配置。我不知道是这个配置文件中的策略有问题还是我没有正确注册和注册用户。
Organizations:
- &orderer
Name: orderer
ID: orderer
MSPDir: crypto-config/ordererOrganizations/default.svc.cluster.local/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orderer.member')"
Writers:
Type: Signature
Rule: "OR('orderer.member')"
Admins:
Type: Signature
Rule: "OR('orderer.admin')"
- &org1
Name: org1
ID: org1
MSPDir: crypto-config/peerOrganizations/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Writers:
Type: Signature
Rule: "OR('org1.admin', 'org1.peer', 'org1.client', 'org1.member')"
Admins:
Type: Signature
Rule: "OR('org1.admin')"
AnchorPeers:
- Host: peer0-org1-service
Port: 7051
- &org2
Name: org2
ID: org2
MSPDir: crypto-config/peerOrganizations/org2/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Writers:
Type: Signature
Rule: "OR('org2.admin', 'org2.peer', 'org2.client', 'org2.member')"
Admins:
Type: Signature
Rule: "OR('org2.admin')"
AnchorPeers:
- Host: peer0-org2-service
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
Orderer: &OrdererCapabilities
V1_4_2: true
Application: &ApplicationCapabilities
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
- *orderer
- *org1
- *org2
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer0.default.svc.cluster.local/tls/server.crt
- Host: orderer1-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer1.default.svc.cluster.local/tls/server.crt
- Host: orderer2-service
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/default.svc.cluster.local/orderers/orderer2.default.svc.cluster.local/tls/server.crt
Addresses:
- orderer0-service:7050
- orderer1-service:7050
- orderer2-service:7050
BatchTimeout: 1s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
- *orderer
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *orderer
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *orderer
Consortiums:
MAIN:
Organizations:
- *org1
- *org2
MainChannel:
<<: *ChannelDefaults
Consortium: MAIN
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
这是正在发生的事情:
您通过创建 MAIN 联盟创建了一个 system channel(即 orderer genesis 区块)。现在系统频道是在那个时候用 peer 组织 MSP 创建的。接下来,在网络启动后,您进入 org1/users 并创建了一个管理员身份。您更新了对等方的本地 MSP,但已经存在的 system channel 从未更新过。
可能的解决方案:
- 在设置网络之前
org1/users内更新管理员凭据。 - 通过创建
channel update交易,使用admin2凭据 post 部署更新系统通道配置。 - 启用 NodeOU,以便动态生成的任何管理员身份 post 网络部署可以执行
admin相关事务。