我一直在尝试按照此处的说明创建一个新频道(基于现有频道),并让一个现有的对等方加入该频道。 https://fabric-sdk-node.github.io/tutorial-channel-create.html
我遇到的错误是在newChannel.joinChannel(j_request)上。加薪[JoinChain][composerchannel2]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]]
但是我不知道如何确保当前用户是管理员。
我的网络基于Fabric样本目录中的basic-network。我使用fabcar示例中的脚本注册了管理员。见下文。然后,我试图确保管理员用户是当前提交加入通道请求的用户,如下所示:
const setAdminAsUser = async () => {
try {
const admin = await fabric_client.getUserContext('admin', true)
return fabric_client.setUserContext(admin, true)
} catch(error) {
console.log('Error setting admin as user', error)
}
}
然后,我邀请同行加入频道的功能如下(尽管请注意,只有一个组织和一个同行):
const invitePeerToChannel = async () => {
console.log('invite peer to channel')
var newChannel = fabric_client.newChannel('composerchannel2');
var orderer = fabric_client.newOrderer('grpc://localhost:7050');
var peer = fabric_client.newPeer('grpc://localhost:7051');
newChannel.addOrderer(orderer);
newChannel.addPeer(peer);
tx_id = fabric_client.newTransactionID(true);
let g_request = {
txId: tx_id
};
// get the genesis block from the orderer
newChannel.getGenesisBlock(g_request).then((block) =>{
genesis_block = block;
tx_id = fabric_client.newTransactionID(true);
let j_request = {
targets: ['localhost:7051'],
block: genesis_block,
txId: tx_id
};
console.log(JSON.stringify(j_request))
// send genesis block to the peer
return newChannel.joinChannel(j_request);
}).then((results) =>{
if(results && results.response && results.response.status == 200) {
console.log('Joined correctly')
} else {
console.log('Failed', results)
}
});
}
基于fabcar示例的用于注册管理员的功能:
const enrollAdmin = () => {
// create the key value store as defined in the fabric-client/config/default.json 'key-value-store' setting
return Fabric_Client.newDefaultKeyValueStore({ path: store_path}).then((state_store) => {
// assign the store to the fabric client
fabric_client.setStateStore(state_store);
var crypto_suite = Fabric_Client.newCryptoSuite();
// use the same location for the state store (where the users' certificate are kept)
// and the crypto store (where the users' keys are kept)
var crypto_store = Fabric_Client.newCryptoKeyStore({path: store_path});
crypto_suite.setCryptoKeyStore(crypto_store);
fabric_client.setCryptoSuite(crypto_suite);
var tlsOptions = {
trustedRoots: [],
verify: false
};
// be sure to change the http to https when the CA is running TLS enabled
fabric_ca_client = new Fabric_CA_Client('http://localhost:7054', tlsOptions , 'ca.org1.example.com', crypto_suite);
// first check to see if the admin is already enrolled
return fabric_client.getUserContext('admin', true);
}).then((user_from_store) => {
if (user_from_store && user_from_store.isEnrolled()) {
console.log('Successfully loaded admin from persistence');
admin_user = user_from_store;
return null;
} else {
// need to enroll it with CA server
return fabric_ca_client.enroll({
enrollmentID: 'admin',
enrollmentSecret: 'adminpw'
}).then((enrollment) => {
console.log('Successfully enrolled admin user "admin"');
return fabric_client.createUser(
{username: 'admin',
mspid: 'Org1MSP',
cryptoContent: { privateKeyPEM: enrollment.key.toBytes(), signedCertPEM: enrollment.certificate }
});
}).then((user) => {
admin_user = user;
return fabric_client.setUserContext(admin_user);
}).catch((err) => {
console.error('Failed to enroll and persist admin. Error: ' + err.stack ? err.stack : err);
throw new Error('Failed to enroll admin');
});
}
}).then(() => {
console.log('Assigned the admin user to the fabric client ::' + admin_user.toString());
}).catch((err) => {
console.error('Failed to enroll admin: ' + err);
});
}
使用教程文档击打一堵砖墙,因此任何帮助都是绝妙的!
编辑:
这是我当前生成配置更新然后对其进行签名的方式。这是基于SDK教程的。
// This takes a config file that includes the organisations that will be added to the channel
const encodeChannelConfig = () => {
return new Promise((resolve, reject) => {
console.log('encoding channel config')
var config_json = fs.readFileSync("./newChannel.json");
config_json = JSON.stringify(JSON.parse(config_json))
superagent.post('http://127.0.0.1:7059/protolator/encode/common.ConfigUpdate',
config_json)
.buffer()
.end((err, res) => {
if(err) {
return;
}
resolve(res.body);
});
})
}
const signChannelConfig = (encodedChannelConfig) => {
return new Promise((resolve, reject) => {
console.log('signing channel config')
var signature = fabric_client.signChannelConfig(encodedChannelConfig);
signatures.push(signature);
resolve(signatures);
})
}
答案 0 :(得分:1)
如果还没有,请尝试在fabric_client上执行setAdminSigningIdentity。
https://fabric-sdk-node.github.io/Client.html#setAdminSigningIdentity
当您使用true选项执行newTransactionID时,这将允许使用管理员凭据。
请注意,此管理员与来自CA的管理员用户不同,并且私钥和证书是由cryptogen生成的,并且可能位于类似的目录中
crypto-config / peerOrganizations / org1 / users / Admin @ org1 / msp / keystore
crypto-config / peerOrganizations / org1 / users / Admin @ org1 / msp / signcerts