Не удалось создать одноранговый канал в Hyperledger Fabric

Question

Я использую CA для создания фабричной сети.

Это Мой код ,

Когда я создаю канал в cli (Использование run-bootstrap.sh), он сообщит о следующей ошибке:

+ peer channel create --logging-level=DEBUG -c mychannel -f /data/channel.tx -o orderer1-org0:7050 --tls --cafile /data/org0-ca-chain.pem --clientauth --keyfile /data/tls/peer1-org1-cli-client.key --certfile /data/tls/peer1-org1-cli-client.crt
2018-05-19 02:49:52.296 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-05-19 02:49:52.296 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-05-19 02:49:52.302 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-05-19 02:49:52.303 UTC [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP
2018-05-19 02:49:52.303 UTC [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity
2018-05-19 02:49:52.303 UTC [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP
2018-05-19 02:49:52.303 UTC [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity
2018-05-19 02:49:52.303 UTC [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AA2080A076F7267314D53501296082D...53616D706C65436F6E736F727469756D 
2018-05-19 02:49:52.303 UTC [msp/identity] Sign -> DEBU 009 Sign: digest: AFCB3764EA16712F5DD3D56491753AA17C062107BB371788AFB177C05D9CD709 
2018-05-19 02:49:52.304 UTC [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP
2018-05-19 02:49:52.304 UTC [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity
2018-05-19 02:49:52.304 UTC [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP
2018-05-19 02:49:52.304 UTC [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity
2018-05-19 02:49:52.304 UTC [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AD9080A1508021A0608D0A1FED70522...4DB934071B4655355F2BA0A72ABA54FD 
2018-05-19 02:49:52.304 UTC [msp/identity] Sign -> DEBU 00f Sign: digest: 545FE64385AEB4E8B4D1D3F8F815A3CA44953FE37ED5CBA43BBF3B616B74A720 
Error: got unexpected status: BAD_REQUEST -- error authorizing update: error validating DeltaSet: policy for [Group]  /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
Usage:
  peer channel create [flags]

Flags:
  -c, --channelID string   In case of a newChain command, the channel ID to create.
  -f, --file string        Configuration transaction file generated by a tool such as configtxgen for submitting to orderer
  -t, --timeout int        Channel creation timeout (default 5)

Global Flags:
      --cafile string                       Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
      --certfile string                     Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
      --clientauth                          Use mutual TLS when communicating with the orderer endpoint
      --keyfile string                      Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
      --logging-level string                Default logging level and overrides, see core.yaml for full syntax
  -o, --orderer string                      Ordering service endpoint
      --ordererTLSHostnameOverride string   The hostname override to use when validating the TLS connection to the orderer.
      --tls                                 Use TLS when communicating with the orderer endpoint
  -v, --version                             Display current version of fabric peer server

Как видите, я использую следующую команду для создания канала:

peer channel create --logging-level=DEBUG -c mychannel -f /data/channel.tx -o orderer1-org0:7050 --tls --cafile /data/org0-ca-chain.pem --clientauth --keyfile /data/tls/peer1-org1-cli-client.key --certfile /data/tls/peer1-org1-cli-client.crt

Каталог сертификата выглядит следующим образом:

data/
├── channel.tx
├── logs
│   ├── run.fail
│   ├── run.log
│   └── run.sum
├── org0-ca-chain.pem
├── org1-anchors.tx
├── org1-ca-chain.pem
├── org2-anchors.tx
├── org2-ca-chain.pem
├── orgs
│   └── org1
│       ├── admin
│       │   ├── fabric-ca-client-config.yaml
│       │   └── msp
│       │       ├── admincerts
│       │       │   └── cert.pem
│       │       ├── cacerts
│       │       │   └── ica-org1-7054.pem
│       │       ├── intermediatecerts
│       │       │   └── ica-org1-7054.pem
│       │       ├── keystore
│       │       │   └── 5c24090c568fe1ea99c9cc138cfa40cb291fbf45bf101a5a84b088a651bce9ca_sk
│       │       └── signcerts
│       │           └── cert.pem
│       └── msp
│           └── admincerts
│               └── cert.pem
└── tls
    ├── peer1-org1-cli-client.crt
    ├── peer1-org1-cli-client.key
    ├── peer1-org2-cli-client.crt
    ├── peer1-org2-cli-client.key
    ├── peer2-org1-cli-client.crt
    ├── peer2-org1-cli-client.key
    ├── peer2-org2-cli-client.crt
    └── peer2-org2-cli-client.key

А log Заказчик регистрирует:

2018-05-19 02:49:52.329 UTC [cauthdsl] func2 -> DEBU 2bf 0xc42000ed38 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected org2MSP, got org1MSP)
2018-05-19 02:49:52.329 UTC [cauthdsl] func2 -> DEBU 2c0 0xc42000ed38 principal evaluation fails
2018-05-19 02:49:52.329 UTC [cauthdsl] func1 -> DEBU 2c1 0xc42000ed38 gate 1526698192329854685 evaluation fails
2018-05-19 02:49:52.329 UTC [policies] Evaluate -> DEBU 2c2 Signature set did not satisfy policy /Channel/Application/org2/Admins
2018-05-19 02:49:52.329 UTC [policies] Evaluate -> DEBU 2c3 == Done Evaluating *cauthdsl.policy Policy /Channel/Application/org2/Admins
2018-05-19 02:49:52.330 UTC [policies] func1 -> DEBU 2c4 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ org1.Admins org2.Admins ]
2018-05-19 02:49:52.330 UTC [policies] Evaluate -> DEBU 2c5 Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
2018-05-19 02:49:52.330 UTC [policies] Evaluate -> DEBU 2c6 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy
2018-05-19 02:49:52.330 UTC [orderer/common/broadcast] Handle -> WARN 2c7 [channel: mychannel] Rejecting broadcast of config message from 120.92.210.105:38776 because of error: error authorizing update: error validating DeltaSet: policy for [Group]  /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
2018-05-19 02:49:52.330 UTC [orderer/common/server] func1 -> DEBU 2c8 Closing Broadcast stream
2018-05-19 02:49:52.334 UTC [common/deliver] Handle -> WARN 2c9 Error reading from 120.92.210.105:38774: rpc error: code = Canceled desc = context canceled
2018-05-19 02:49:52.334 UTC [orderer/common/server] func1 -> DEBU 2ca Closing Deliver stream

Почему?

Answer 1

Я уже решил, эта проблема вызвана повторной регистрацией CA для получения сертификата, он должен использовать ранее полученный сертификат.

Answer 2

Обычно /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining указывает, что сертификат, используемый для авторизации создания канала, не имеет прав администратора.

Я бы попытался установить CORE_PEER_MSPCONFIGPATH на /data/orgs/org1/msp/admincerts/cert.pem и посмотреть, будет ли это соответствовать этому пороговому значению подполитики.