Я пытаюсь создать сеть с 3 орг (у каждого по 3 пира), двумя узлами заказов с Кафкой и зоокейпером в ткани 1.4.3.
тогда, когда я делаюодноранговое создание канала с
docker exec cli peer channel create -o orderer0.example.com:7050 -c $CHANNEL_NAME -f $ARTIFACTS_DIR/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
ниже ошибка происходит в cli
Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
, и это журналы докера orderer0
2019-10-12 09:01:16.513 UTC [orderer.consensus.kafka] setupChannelConsumerForChannel -> INFO 011 [channel: channel.first] Setting up the channel consumer for this channel (start offset: -2)...
2019-10-12 09:01:16.524 UTC [orderer.consensus.kafka] startThread -> INFO 012 [channel: channel.first] Channel consumer set up successfully
2019-10-12 09:01:16.543 UTC [orderer.consensus.kafka] startThread -> INFO 013 [channel: channel.first] Start phase completed successfully
2019-10-12 09:01:18.537 UTC [orderer.common.broadcast] ProcessMessage -> WARN 014 [channel: channel.first] Rejecting broadcast of config message from 172.18.0.29:35290 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
2019-10-12 09:01:18.537 UTC [comm.grpc.server] 1 -> INFO 015 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=172.18.0.29:35290 grpc.code=OK grpc.call_duration=1.888934ms
2019-10-12 09:01:18.541 UTC [common.deliver] Handle -> WARN 016 Error reading from 172.18.0.29:35288: rpc error: code = Canceled desc = context canceled
2019-10-12 09:01:18.542 UTC [comm.grpc.server] 1 -> INFO 017 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.18.0.29:35288 error="rpc error: code = Canceled desc = context canceled" grpc.code=Canceled grpc.call_duration=10.552989ms
dicectories
|──directories
| └──────artifacts
| | └──────channel.tx
| | └──────genesis.block
| |
| └──────bin
| | └──────crypto-config
| | | └──────...
| | └──────...
| |
| └──────network
| └──────docker-compose-mq.yaml
| └──────docker-compose-orderer.yaml
| └──────...
Я читал некоторые подобные решения в здесь , но я еще не решил его.
Это мои части configtx.yaml
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ./crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ./crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
и это docker-compose-cli.yaml
cli:
container_name: cli
image: hyperledger/fabric-tools:1.4.3
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=$SYS_CHANNEL
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ../artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
- ../chaincode:/opt/gopath/src/github.com/hyperledger/fabric/chaincode
#- ./:/etc/hyperledger/fabric
crypto-config.yaml
OrdererOrgs:
- Name: Orderer
Domain: example.com
EnableNodeOUs: true
Specs:
- Hostname: orderer
Template:
Count: 2
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
Template:
Count: 3
Users:
Count: 1
docker-compose-orderer.yaml
version: '2'
networks:
blockchain_network:
services:
orderer0.example.com:
container_name: orderer0.example.com
image: hyperledger/fabric-orderer:1.4.3
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
- ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
- ORDERER_KAFKA_VERBOSE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
networks:
- blockchain_network
# orderer1 is same with upside
Iхочу узнать, почему возникает эта ошибка и как их решить.