我使用二进制文件手动配置了Hyperledger Fabric环境(不使用Docker或Fabric示例脚本)。我成功部署了1个订购者节点和2个对等节点(每个组织一个对等节点),但是创建通道失败。 我使用了crytogen作为加密材料,并使用cryptotxgen创建了创世块和渠道交易。
订购者日志:
2019-01-06 19:01:05.601 UTC [cauthdsl] func1 -> DEBU 176 0xc0001b8ea0 gate 1546801265601901160 evaluation starts
2019-01-06 19:01:05.601 UTC [cauthdsl] func2 -> DEBU 177 0xc0001b8ea0 signed by 0 principal evaluation starts (used [false])
2019-01-06 19:01:05.601 UTC [cauthdsl] func2 -> DEBU 178 0xc0001b8ea0 processing identity 0 with bytes of ebff60
2019-01-06 19:01:05.602 UTC [cauthdsl] func2 -> DEBU 179 0xc0001b8ea0 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected OrdererMSP, got TheChainMSP)
2019-01-06 19:01:05.602 UTC [cauthdsl] func2 -> DEBU 17a 0xc0001b8ea0 principal evaluation fails
2019-01-06 19:01:05.602 UTC [cauthdsl] func2 -> DEBU 17b 0xc0001b8ea0 signed by 1 principal evaluation starts (used [false])
2019-01-06 19:01:05.602 UTC [cauthdsl] func2 -> DEBU 17c 0xc0001b8ea0 processing identity 0 with bytes of ebff60
2019-01-06 19:01:05.602 UTC [cauthdsl] func2 -> DEBU 17d 0xc0001b8ea0 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected OrdererMSP, got TheChainMSP)
2019-01-06 19:01:05.602 UTC [cauthdsl] func2 -> DEBU 17e 0xc0001b8ea0 principal evaluation fails
2019-01-06 19:01:05.602 UTC [cauthdsl] func1 -> DEBU 17f 0xc0001b8ea0 gate 1546801265601901160 evaluation fails
2019-01-06 19:01:05.602 UTC [policies] Evaluate -> DEBU 180 Signature set did not satisfy policy /Channel/Orderer/OrdererTheChain/Writers
2019-01-06 19:01:05.602 UTC [policies] Evaluate -> DEBU 181 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererTheChain/Writers
2019-01-06 19:01:05.602 UTC [policies] func1 -> DEBU 182 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererTheChain.Writers ]
2019-01-06 19:01:05.602 UTC [policies] Evaluate -> DEBU 183 Signature set did not satisfy policy /Channel/Orderer/Writers
2019-01-06 19:01:05.602 UTC [policies] Evaluate -> DEBU 184 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Writers
2019-01-06 19:01:05.602 UTC [policies] func1 -> DEBU 185 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Consortiums.Writers Orderer.Writers ]
2019-01-06 19:01:05.602 UTC [policies] Evaluate -> DEBU 186 Signature set did not satisfy policy /Channel/Writers
2019-01-06 19:01:05.602 UTC [policies] Evaluate -> DEBU 187 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers
2019-01-06 19:01:05.602 UTC [orderer.common.broadcast] ProcessMessage -> WARN 188 [channel: privatechannel] Rejecting broadcast of config message from 127.0.0.1:53992 because of error: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
2019-01-06 19:01:05.602 UTC [orderer.common.server] func1 -> DEBU 189 Closing Broadcast stream
2019-01-06 19:01:05.602 UTC [comm.grpc.server] 1 -> INFO 18a streaming call completed {"grpc.start_time": "2019-01-06T19:01:05.599Z", "grpc.service": "orderer.AtomicBroadcast", "grpc.method": "Broadcast", "grpc.peer_address": "127.0.0.1:53992", "grpc.code": "OK", "grpc.call_duration": "3.042122ms"}
2019-01-06 19:01:05.605 UTC [common.deliver] Handle -> WARN 18b Error reading from 127.0.0.1:53988: rpc error: code = Canceled desc = context canceled
2019-01-06 19:01:05.605 UTC [grpc] warningf -> DEBU 18c transport: http2Server.HandleStreams failed to read frame: read tcp 127.0.0.1:7050->127.0.0.1:53992: read: connection reset by peer
2019-01-06 19:01:05.605 UTC [orderer.common.server] func1 -> DEBU 18d Closing Deliver stream
2019-01-06 19:01:05.605 UTC [grpc] infof -> DEBU 18f transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2019-01-06 19:01:05.605 UTC [comm.grpc.server] 1 -> INFO 18e streaming call completed {"grpc.start_time": "2019-01-06T19:01:05.599Z", "grpc.service": "orderer.AtomicBroadcast", "grpc.method": "Deliver", "grpc.peer_address": "127.0.0.1:53988", "error": "rpc error: code = Canceled desc = context canceled", "grpc.code": "Canceled", "grpc.call_duration": "6.48536ms"}
2019-01-06 19:01:05.605 UTC [grpc] infof -> DEBU 190 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
对等渠道创建日志:
2019-01-06 19:21:13.795 UTC [msp] setupSigningIdentity -> DEBU 035 Signing identity expires at 2029-01-03 00:49:00 +0000 UTC
2019-01-06 19:21:13.795 UTC [msp] Validate -> DEBU 036 MSP TheChainMSP validating identity
2019-01-06 19:21:13.795 UTC [msp] GetDefaultSigningIdentity -> DEBU 037 Obtaining default signing identity
2019-01-06 19:21:13.795 UTC [grpc] DialContext -> DEBU 038 parsed scheme:""
2019-01-06 19:21:13.795 UTC [grpc] DialContext -> DEBU 039 scheme "" not registered, fallback to default scheme
2019-01-06 19:21:13.795 UTC [grpc] watcher -> DEBU 03a ccResolverWrapper: sending new addresses to cc: [{localhost:7050 0 <nil>}]
2019-01-06 19:21:13.795 UTC [grpc] switchBalancer -> DEBU 03b ClientConn switching balancer to "pick_first"
2019-01-06 19:21:13.796 UTC [grpc] HandleSubConnStateChange -> DEBU 03c pickfirstBalancer: HandleSubConnStateChange: 0xc00032a490, CONNECTING
2019-01-06 19:21:13.798 UTC [grpc] HandleSubConnStateChange -> DEBU 03d pickfirstBalancer: HandleSubConnStateChange: 0xc00032a490, READY
2019-01-06 19:21:13.798 UTC [channelCmd] InitCmdFactory -> INFO 03e Endorser and orderer connections initialized
2019-01-06 19:21:13.799 UTC [msp] GetDefaultSigningIdentity -> DEBU 03f Obtaining default signing identity
2019-01-06 19:21:13.800 UTC [msp] GetDefaultSigningIdentity -> DEBU 040 Obtaining default signing identity
2019-01-06 19:21:13.800 UTC [msp.identity] Sign -> DEBU 041 Sign: plaintext: 0A96060A0B546865436861696E4D5350...53616D706C65436F6E736F727469756D
2019-01-06 19:21:13.800 UTC [msp.identity] Sign -> DEBU 042 Sign: digest: EDB773D3B4483F960DA91D9CE5E21CA9F0512B808C9AE15B56B2CB1CE663B494
2019-01-06 19:21:13.800 UTC [msp] GetDefaultSigningIdentity -> DEBU 043 Obtaining default signing identity
2019-01-06 19:21:13.800 UTC [msp] GetDefaultSigningIdentity -> DEBU 044 Obtaining default signing identity
2019-01-06 19:21:13.800 UTC [msp.identity] Sign -> DEBU 045 Sign: plaintext: 0AD2060A1A08021A0608A9AAC9E10522...898F89F93F5DEF87555ED63A455E5CFF
2019-01-06 19:21:13.800 UTC [msp.identity] Sign -> DEBU 046 Sign: digest: BAA15E471F224FBF378D144154CF6B126823800A73EF3F9122CB30888C69645F
2019-01-06 19:21:13.800 UTC [grpc] DialContext -> DEBU 047 parsed scheme: ""
2019-01-06 19:21:13.800 UTC [grpc] DialContext -> DEBU 048 scheme "" not registered, fallback to default scheme
2019-01-06 19:21:13.800 UTC [grpc] watcher -> DEBU 049 ccResolverWrapper: sending new addresses to cc: [{localhost:7050 0 <nil>}]
2019-01-06 19:21:13.800 UTC [grpc] switchBalancer -> DEBU 04a ClientConn switching balancer to "pick_first"
2019-01-06 19:21:13.800 UTC [grpc] HandleSubConnStateChange -> DEBU 04b pickfirstBalancer: HandleSubConnStateChange: 0xc000242cc0, CONNECTING
2019-01-06 19:21:13.801 UTC [grpc] HandleSubConnStateChange -> DEBU 04c pickfirstBalancer: HandleSubConnStateChange: 0xc000242cc0, READY
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
我没有使用TLS
我的服务器是ubuntu 16.04,即时通讯使用的是Hyperledger Fabric v1.4版本2(12月20日)。我尝试创建新的加密材料并修改configtx.yaml文件,但没有一个起作用,我遇到了相同的错误。
crypto-config.yaml:
OrdererOrgs:
- Name: Orderer
Domain: thechain.tech
Specs:
- Hostname: orderer
PeerOrgs:
- Name: AirMed Foundation
Domain: airmedfoundation.tech
Template:
Count: 2
Users:
Count: 3
- Name: The Chain
Domain: thechain.tech
Template:
Count: 2
Users:
Count: 3
configtxgen.yaml:
---
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.3.x
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.3.0 or later.
V1_3: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V1.1 orderer capabilities, ensure that all
# orderers on a channel are at v1.1.0 or later.
V1_1: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.3 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.3.
V1_3: true
# V1.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.2 (note, this need not be set if
# later version capabilities are set)
V1_2: false
# V1.1 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.1 (note, this need not be set if
# later version capabilities are set).
V1_1: false
Organizations:
- &OrdererOrg
Name: OrdererTheChain
ID: OrdererMSP
MSPDir: /home/medical/fabric/crypto-material/crypto-config/ordererOrganizations/thechain.tech/orderers/orderer.thechain.tech/msp
AdminPrincipal: Role.ADMIN
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.admin', 'OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.admin', 'OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &TheChainOrg
Name: TheChain
ID: TheChainMSP
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: 127.0.0.1
Port: 7051
MSPDir: /home/medical/fabric/crypto-material/crypto-config/peerOrganizations/thechain.tech/users/Admin@thechain.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('TheChainMSP.admin', 'TheChainMSP.peer', 'TheChainMSP.client')"
Writers:
Type: Signature
Rule: "OR('TheChainMSP.admin', 'TheChainMSP.client')"
Admins:
Type: Signature
Rule: "OR('TheChainMSP.admin')"
- &AirMedFoundationOrg
Name: AirMedFoundation
ID: AirMedFoundationMSP
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: 127.0.0.1
Port: 17051
MSPDir: /home/medical/fabric/crypto-material/crypto-config/peerOrganizations/airmedfoundation.tech/users/Admin@airmedfoundation.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AirMedFoundationMSP.admin', 'AirMedFoundationMSP.peer', 'AirMedFoundationMSP.client')"
Writers:
Type: Signature
Rule: "OR('AirMedFoundationMSP.admin', 'AirMedFoundationMSP.client')"
Admins:
Type: Signature
Rule: "OR('AirMedFoundationMSP.admin')"
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start.
# Available types are "solo" and "kafka".
OrdererType: solo
Addresses:
- localhost:7050
# Batch Timeout: The amount of time to wait before creating a batch.
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block.
BatchSize:
# Max Message Count: The maximum number of messages to permit in a
# batch.
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch. If the "kafka" OrdererType is
# selected, set 'message.max.bytes' and 'replica.fetch.max.bytes' on the
# Kafka brokers to a value that is larger than this one.
AbsoluteMaxBytes: 98 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the
# preferred max bytes will result in a batch larger than preferred max
# bytes.
PreferredMaxBytes: 512 KB
# Max Channels is the maximum number of channels to allow on the ordering
# network. When set to 0, this implies no maximum number of channels.
MaxChannels: 0
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects. Edit
# this list to identify the brokers of the ordering service.
# NOTE: Use IP:port notation.
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
- kafka3:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network.
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
# Capabilities describes the orderer level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *TheChainOrg
- *AirMedFoundationOrg
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *TheChainOrg
- *AirMedFoundationOrg
Capabilities:
<<: *ApplicationCapabilities
我发现这个问题也有类似的问题 peer channel creation fails in Hyperledger Fabric,我尝试了他的解决方案,但没有任何改变。我认为问题出在政策问题上,我的同龄人没有使用正确的凭据签署交易,但是我不知道如何解决。
答案 0 :(得分:0)
订购者日志:
2019-01-06 19:01:05.602 UTC [policies] func1 -> DEBU 185 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Consortiums.Writers Orderer.Writers]
同行记录:
错误:got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied
它清楚地表明您无权创建频道
为什么: Hyperledger结构以安全的方式设计 对于每项操作,您都需要有效的授权和认证
方法: 请在创建频道时添加管理员凭据
提示: 如果使用CLI,则在创建通道时添加管理员私钥和证书。
帮助:如果您需要更多详细信息,请随时在此处评论,我非常乐意为您提供帮助