创建频道时出错,但此政策要求满足“作家”子政策中的1个:拒绝权限

时间:2019-07-20 11:48:14

标签: hyperledger-fabric hyperledger

创建频道时出错:

Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied

订购者说以下

WARN 025 [channel: testchannel] Rejecting broadcast of config message from 192.168.0.121:39954 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied

我在对等容器中使用以下命令:

export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/crypto-config/peer/msp/users/admin/msp/

peer channel create -c testchannel -f testchannel.tx --outputBlock testchannel.block --tls --cafile /etc/hyperledger/crypto-config/peer/tls-msp/cacerts/192-168-0-114-7054.pem -o 192.168.0.124:7050

我对频道的政策如下:

Channel: &ChannelDefaults
    # Policies defines the set of policies at this level of the config tree
    # For Channel policies, their canonical path is 
    Policies:
        # Who may invoke the 'Deliver' API
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        # Who may invoke the 'Broadcast' API
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        # By default, who may modify elements at this config level
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    # Capabilities describes the channel level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    Capabilities:
        <<: *ChannelCapabilities

我正在使用3个节点和1.4.1版的etcdraft

编辑1:

我没有Cli容器,应该从cli容器中使用吗? 现在,我正在从对等容器中执行所有这些命令。

编辑2:

如果我在admin的msp文件夹上添加带有admin证书的admincerts文件夹:

  • 管理员
    • msp
      • 管理员证书
      • 签名证书
      • ...

我得到了错误:

此政策要求满足“作家”子政策中的1个:拒绝权限

但是,如果我不添加它,则会收到错误消息:

此政策要求满足“管理员”子政策中的1个:拒绝权限

1 个答案:

答案 0 :(得分:0)

解决了这个问题,所以这是政策问题。我必须在confitx.yml上编辑组织级别的政策。

我添加了任何成员作为读写者,仅将管理员作为管理员

    - &Example
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Example

        # ID to load the MSP definition as
        ID: ExampleMSP

        MSPDir: <pathtomsp>

        Policies:
            Readers:
                Type: Signature
                Rule: "OR('ExampleMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('ExampleMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('ExampleMSP.admin')"
相关问题
最新问题