我有两个订购组织(类型=木筏)。其中一个有两个订购者,第二个有三个订购者,在configtx.yaml中有Ordererorg1MSP和Ordererorg2MSP个MSP。
我的configtx.taml:
Organizations:
- &Ordererorg1
Name: Ordererorg1MSP
ID: Ordererorg1MSP
MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg1MSP.admin')"
- &Orgorg1
Name: Orgorg1MSP
ID: Orgorg1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.peer', 'Orgorg1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Orgorg1MSP.admin', 'Orgorg1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Orgorg1MSP.admin')"
AnchorPeers:
- Host: peer1.org1.example.com
Port: 2050
- &Ordererorg2
Name: Ordererorg2MSP
ID: Ordererorg2MSP
MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg2MSP.admin')"
- &Orgorg2
Name: Orgorg2MSP
ID: Orgorg2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.peer', 'Orgorg2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Orgorg2MSP.admin', 'Orgorg2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Orgorg2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 2050
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- peer1.org1.orderer.example.com:7050
- peer1.org2.orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
EtcdRaft:
Consenters:
- Host: peer1.org1.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
- Host: peer1.org2.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orgorg1
- *Orgorg2
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Ordererorg1
- *Ordererorg2
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Ordererorg1
- <<: *Ordererorg2
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
当我想创建频道时,遇到错误,调试日志显示:
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7b9 0xc0007edbe0 gate 1588594370452563334 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7ba 0xc0007edbe0 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7bb 0xc0007edbe0 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7bc 0xc0007edbe0 gate 1588594370452563334 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bd Signature set did not satisfy policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7be == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg2MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7bf == Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers ==
2020-05-04 12:12:50.452 UTC [cauthdsl] deduplicate -> ERRO 7c0 Principal deserialization failure (MSP OrdererMSP is unknown) for identity 0
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c1 0xc0007fe250 gate 1588594370452661614 evaluation starts
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c2 0xc0007fe250 signed by 0 principal evaluation starts (used [false])
2020-05-04 12:12:50.452 UTC [cauthdsl] func2 -> DEBU 7c3 0xc0007fe250 principal evaluation fails
2020-05-04 12:12:50.452 UTC [cauthdsl] func1 -> DEBU 7c4 0xc0007fe250 gate 1588594370452661614 evaluation fails
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c5 Signature set did not satisfy policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c6 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/Ordererorg1MSP/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7c7 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Ordererorg1MSP/Readers Ordererorg2MSP/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c8 Signature set did not satisfy policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7c9 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Readers
2020-05-04 12:12:50.452 UTC [policies] func1 -> DEBU 7ca Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Application/Readers Consortiums/Readers Orderer/Readers ]
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cb Signature set did not satisfy policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [policies] Evaluate -> DEBU 7cc == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Readers
2020-05-04 12:12:50.452 UTC [orderer.common.msgprocessor] Apply -> DEBU 7cd SigFilter evaluation failed: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied, policyName: /Channel/Readers, ConsensusState: STATE_NORMAL
2020-05-04 12:12:50.452 UTC [common.deliver] deliverBlocks -> WARN 7ce [channel: greenwebgenesis] Client authorization revoked for deliver request from 10.0.1.36:33346: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
我想在每个光纤网络中,在OrdererMSP的MSP下我们只能有一个订购组织。正确吗?
有人可以帮我吗?
答案 0 :(得分:2)
在日志中您获得Principal deserialization failure (MSP OrdererMSP is unknown),但在configtx.yaml文件中,您没有使用OrdererMSP,因此请检查docker文件中的ORDERER_GENERAL_LOCALMSPID的值。
答案 1 :(得分:1)
Mistake:您已从财团中删除了订购者组织
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
错误校正:
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
- *Ordererorg1
- *Ordererorg2
如果您期望提及对等方和客户端,那么我也已更正了策略,那么颁发的证书类型也应为对等方和克林特,因此使其成为成员,您就很乐意了。
请找到更正的configtx.yaml
Organizations:
- &Ordererorg1
Name: Ordererorg1MSP
ID: Ordererorg1MSP
MSPDir: crypto-config/ordererOrganizations/org1.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg1MSP.admin')"
- &Orgorg1
Name: Orgorg1MSP
ID: Orgorg1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg1MSP.member'"
Writers:
Type: Signature
Rule: "OR('Orgorg1MSP.member'"
Admins:
Type: Signature
Rule: "OR('Orgorg1MSP.admin')"
AnchorPeers:
- Host: peer1.org1.example.com
Port: 2050
- &Ordererorg2
Name: Ordererorg2MSP
ID: Ordererorg2MSP
MSPDir: crypto-config/ordererOrganizations/org2.orderer.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Ordererorg2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Ordererorg2MSP.admin')"
- &Orgorg2
Name: Orgorg2MSP
ID: Orgorg2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orgorg2MSP.member'"
Writers:
Type: Signature
Rule: "OR('Orgorg2MSP.member'"
Admins:
Type: Signature
Rule: "OR('Orgorg2MSP.admin')"
AnchorPeers:
- Host: peer1.org2.example.com
Port: 2050
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- peer1.org1.orderer.example.com:7050
- peer1.org2.orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
EtcdRaft:
Consenters:
- Host: peer1.org1.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.orderer.example.com/orderers/peer1.org1.orderer.example.com/tls/server.crt
- Host: peer1.org2.orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org2.orderer.example.com/orderers/peer1.org2.orderer.example.com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
Channel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orgorg1
- *Orgorg2
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Ordererorg1
- *Ordererorg2
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *Ordererorg1
- <<: *Ordererorg2
Consortiums:
SampleConsortium:
Organizations:
- *Orgorg1
- *Orgorg2
- *Ordererorg1
- *Ordererorg2
我已经写过书:如果您了解有关Hyperledger架构掌握的更多信息,可以从这里获得: -https://leanpub.com/masteringhyperledgerfabric -https://amzn.to/2Yyl1aS