对等链码实例化-实例化策略违规:签名集不符合策略

时间:2018-08-24 14:16:10

标签: hyperledger-fabric hyperledger

我正在使用Hyperledger Fabric v1.2。我正在尝试实例化单个对等方上的链码,而我的configtx.yaml中仅为我的网络指定了一个组织和一个订购者组织。我尚未在configtx.yaml中对ACL进行任何更改,因此默认情况下将其设置为

当我运行此命令时:

./peer chaincode instantiate -o orderer1.example.com:7050  -C devchannel -n jmo01 -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('SampleOrgMSP.member')" --cafile /etc/hyperledger/fabric/msp/peer1/msp/cacerts/cert.pem

它在同级中引发以下错误:

Error: could not assemble transaction, err Proposal response was not successful, error code 500, msg instantiation policy violation: signature set did not satisfy policy

configtx.yaml中的配置文件:

Profiles:
    # SampleDevModeKafka defines a configuration that differs from the
    # SampleDevModeSolo one only in that it uses the Kafka-based orderer.
    SampleOrgGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            OrdererType: kafka
            Organizations:
                - <<: *SampleOrg
                  Policies:
                      <<: *SampleOrgPolicies
                      Admins:
                          Type: Signature
                          Rule: "OR('SampleOrgMSP.member')"
        Consortiums:
            SampleConsortium:
                Organizations:
                    - <<: *SampleOrg
                      Policies:
                          <<: *SampleOrgPolicies
                          Admins:
                              Type: Signature
                              Rule: "OR('SampleOrgMSP.member')"

    MyChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *SampleOrg

configtx.yaml顶部的“组织”部分:

Organizations:
    - &SampleOrdererOrg
        Name: SampleOrdererOrg
        ID: SampleOrdererOrgMSP
        MSPDir: /etc/hyperledger/msp/orderer1/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('SampleOrdererOrgMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('SampleOrdererOrgMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('SampleOrdererOrgMSP.admin')"
            BlockValidation:
                Type: Signature
                Rule: "OR('SampleOrdererOrgMSP.member')"
    - &SampleOrg
        Name: SampleOrgMSP
        ID: SampleOrgMSP

        # MSPDir is the filesystem path which contains the MSP configuration.
        MSPDir: /etc/hyperledger/org/msp
        Policies: &SampleOrgPolicies
            Readers:
                Type: Signature
                Rule: "OR('SampleOrgMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('SampleOrgMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('SampleOrgMSP.admin')"
        AnchorPeers:
            - Host: peer1.example.com
              Port: 7051
            - Host: peer2.example.com
              Port: 7051
            - Host: peer3.example.com
              Port: 7051

我认为这与我执行实例化命令的方式有关,也许我没有正确设置策略。其中一项政策要求某种类型的org用户完成实例化,但是我不确定它是其成员或admin所在的哪一个,然后我应该指定哪个org msp。

1 个答案:

答案 0 :(得分:2)

实例化请求必须由组织的管理员签名。在上面的配置中,您需要使用/etc/hyperledger/org/msp(在上面的配置中SampleOrg的MSPDir属性)中对应于管理员公共密钥的私钥进行签名。

在CLI模式下运行peer时,需要确保设置两个关键属性。我们将使用环境变量来简化它:

CORE_PEER_LOCALMSPID -您组织的此MSP ID。就您而言,它看起来像是SampleOrgMSP

CORE_PEER_MSPCONFIGPATH -这是包含用于签名交易的标识的目录。该目录将包含使用X509 MSP结构的文件:

admincerts
cacerts
keystore
signcerts

由于您是客户,所以keystoresigncerts是最重要的。 keystore包含私钥,signcerts包含对应的公钥。 signcerts中的公钥应与admincerts/etc/hyperledger/org/msp中的公钥(渠道定义中组织的MSP信息。

相关问题
最新问题