организации с несколькими заказчиками - PullRequest
3 голосов
/ 04 мая 2020

У меня есть две организации для заказа (type = Raft). один из них имеет два заказа, а второй - три заказа, в configtx.yaml есть MSP Ordererorg1MSP и Ordererorg2MSP. мой configtx.taml:

Organizations:
    - &Ordererorg1
        Name: Ordererorg1MSP
        ID: Ordererorg1MSP
        MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Ordererorg1MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('Ordererorg1MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('Ordererorg1MSP.admin')"
    - &Orgorg1
        Name: Orgorg1MSP
        ID: Orgorg1MSP
        MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.peer', 'Orgorg1MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Orgorg1MSP.admin')"
        AnchorPeers:
            - Host: peer1.org1.example.com
              Port: 2050
    - &Ordererorg2
        Name: Ordererorg2MSP
        ID: Ordererorg2MSP
        MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Ordererorg2MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('Ordererorg2MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('Ordererorg2MSP.admin')"
    - &Orgorg2
        Name: Orgorg2MSP
        ID: Orgorg2MSP
        MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.peer', 'Orgorg2MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Orgorg2MSP.admin')"
        AnchorPeers:
            - Host: peer1.org2.example.com
              Port: 2050
Capabilities:
    Channel: &ChannelCapabilities
        V1_4_3: true
        V1_3: false
        V1_1: false
    Orderer: &OrdererCapabilities
        V1_4_2: true
        V1_1: false
    Application: &ApplicationCapabilities
        V1_4_2: true
        V1_3: false
        V1_2: false
        V1_1: false
Application: &ApplicationDefaults
    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
    Capabilities:
        <<: *ApplicationCapabilities
Orderer: &OrdererDefaults
    OrdererType: etcdraft
    Addresses:
                - peer1.org1.orderer.example.com:7050
                - peer1.org2.orderer.example.com:7050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 99 MB
        PreferredMaxBytes: 512 KB
    EtcdRaft:
        Consenters:
                    - Host: peer1.org1.orderer.example.com
                      Port: 7050
                      ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
                      ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
                    - Host: peer1.org2.orderer.example.com
                      Port: 7050
                      ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
                      ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
    Capabilities:
        <<: *ChannelCapabilities

Profiles:
    Channel:
        Consortium: SampleConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                    - *Orgorg1
                    - *Orgorg2
            Capabilities:
                <<: *ApplicationCapabilities

    OrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults

            Organizations:
                - *Ordererorg1
                - *Ordererorg2
            Capabilities:
                <<: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - <<: *Ordererorg1
                - <<: *Ordererorg2
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Orgorg1
                    - *Orgorg2

, когда я хочу создать канал, я сталкиваюсь с ошибкой, и в журналах отладки говорится:

2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7b9 0xc0007edbe0 gate 1588594370452563334 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7ba 0xc0007edbe0 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7bb 0xc0007edbe0 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7bc 0xc0007edbe0 gate 1588594370452563334 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bd Signature set did not satisfy policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7be == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bf == Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers ==
2020-05-04 12:12:50.452 UTC [cauthdsl] deduplicate -> ERRO 7c0 Principal deserialization failure (MSP OrdererMSP is unknown) for identity 0
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c1 0xc0007fe250 gate 1588594370452661614 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c2 0xc0007fe250 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c3 0xc0007fe250 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c4 0xc0007fe250 gate 1588594370452661614 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c5 Signature set did not satisfy policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c6 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7c7 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Ordererorg1MSP/Readers Ordererorg2MSP/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c8 Signature set did not satisfy policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c9 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7ca Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Application/Readers Consortiums/Readers Orderer/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cb Signature set did not satisfy policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cc == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [orderer.common.msgprocessor] Apply -> DEBU 7cd SigFilter evaluation failed: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied, policyName: /Channel/Readers, ConsensusState: STATE_NORMAL
2020-05-04 12:12:50.452 UTC [common.deliver] deliverBlocks -> WARN 7ce [channel: greenwebgenesis] Client authorization revoked for deliver request from 10.0.1.36:33346: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied

Я предполагаю, что в каждой сети fabri c мы может иметь только одну организацию заказа под MSP OrdererMSP. это правильно?

Может кто-нибудь, пожалуйста, помогите мне в этом?

Ответы [ 2 ]

1 голос
/ 09 мая 2020

В журналах вы получаете Principal deserialization failure (MSP OrdererMSP is unknown), но в файле configtx.yaml вы не используете OrdererMSP, поэтому проверьте значение ORDERER_GENERAL_LOCALMSPID в docker файле.

1 голос
/ 05 мая 2020

Ошибка: вы удалили orderer orgs из консорциума

Consortiums:
    SampleConsortium:
        Organizations:
            - *Orgorg1
            - *Orgorg2

Исправление ошибки:

    Consortiums:
        SampleConsortium:
            Organizations:
                - *Orgorg1
                - *Orgorg2
                - *Ordererorg1
                - *Ordererorg2

Я исправил политики также, если вы точно упомянули одноранговый узел и клиент, а затем выданный тип сертификата также должен быть равноправным и клинт, так что сделайте это членом, и вы хороши для go.

Пожалуйста, найдите исправленный configtx.yaml

Organizations:
    - &Ordererorg1
        Name: Ordererorg1MSP
        ID: Ordererorg1MSP
        MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Ordererorg1MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('Ordererorg1MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('Ordererorg1MSP.admin')"
    - &Orgorg1
        Name: Orgorg1MSP
        ID: Orgorg1MSP
        MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Orgorg1MSP.member'"
            Writers:
                Type: Signature
                Rule: "OR('Orgorg1MSP.member'"
            Admins:
                Type: Signature
                Rule: "OR('Orgorg1MSP.admin')"
        AnchorPeers:
            - Host: peer1.org1.example.com
              Port: 2050
    - &Ordererorg2
        Name: Ordererorg2MSP
        ID: Ordererorg2MSP
        MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Ordererorg2MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('Ordererorg2MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('Ordererorg2MSP.admin')"
    - &Orgorg2
        Name: Orgorg2MSP
        ID: Orgorg2MSP
        MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Orgorg2MSP.member'"
            Writers:
                Type: Signature
                Rule: "OR('Orgorg2MSP.member'"
            Admins:
                Type: Signature
                Rule: "OR('Orgorg2MSP.admin')"
        AnchorPeers:
            - Host: peer1.org2.example.com
              Port: 2050
Capabilities:
    Channel: &ChannelCapabilities
        V1_4_3: true
        V1_3: false
        V1_1: false
    Orderer: &OrdererCapabilities
        V1_4_2: true
        V1_1: false
    Application: &ApplicationCapabilities
        V1_4_2: true
        V1_3: false
        V1_2: false
        V1_1: false
Application: &ApplicationDefaults
    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
    Capabilities:
        <<: *ApplicationCapabilities
Orderer: &OrdererDefaults
    OrdererType: etcdraft
    Addresses:
                - peer1.org1.orderer.example.com:7050
                - peer1.org2.orderer.example.com:7050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 99 MB
        PreferredMaxBytes: 512 KB
    EtcdRaft:
        Consenters:
                    - Host: peer1.org1.orderer.example.com
                      Port: 7050
                      ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
                      ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
                    - Host: peer1.org2.orderer.example.com
                      Port: 7050
                      ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
                      ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
    Capabilities:
        <<: *ChannelCapabilities

Profiles:
    Channel:
        Consortium: SampleConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                    - *Orgorg1
                    - *Orgorg2
            Capabilities:
                <<: *ApplicationCapabilities

    OrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *Ordererorg1
                - *Ordererorg2
            Capabilities:
                <<: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - <<: *Ordererorg1
                - <<: *Ordererorg2
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Orgorg1
                    - *Orgorg2
                    - *Ordererorg1
                    - *Ordererorg2

Я написал книгу: Если вы знаете больше о мастеринге в Hyperledger fabri c, вы можете получить здесь: - https://leanpub.com/masteringhyperledgerfabric - https://amzn.to/2Yyl1aS

Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...