对等通道创建 - 仅评估失败 0 个策略得到满足 Hyperledger Fabric

【问题标题】:peer channel create - evaluation failed only 0 policies were satisfied Hyperledger Fabric对等通道创建 - 仅评估失败 0 个策略得到满足 Hyperledger Fabric
【发布时间】:2020-02-14 17:18:51
【问题描述】:

我正在运行 Hyperledger Fabric v1.2。我有一个 orderer、ca、kafka 和 peers 在不同的服务器上运行。生成证书并将其放置在服务器上各自的位置,然后我生成创世块和通道 tx 文件,然后启动 orderer 和 peers。

但是,当我使用以下命令创建通道时,我会在订购者日志的底部收到以下消息。 

./peer channel create -o orderer1.example.com:7050 -c mychannel -f /etc/hyperledger/fabric/channels/mychannel.tx

到目前为止,一切似乎都还可以,并且工作正常。

2018-08-21 19:25:30.957 UTC [cauthdsl] func2 -> DEBU 1a5 0xc42000e740 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected SampleOrg, got SampleOrgMSP)
2018-08-21 19:25:30.957 UTC [cauthdsl] func2 -> DEBU 1a6 0xc42000e740 principal evaluation fails
2018-08-21 19:25:30.957 UTC [cauthdsl] func1 -> DEBU 1a7 0xc42000e740 gate 1534879530956937482 evaluation fails
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1a8 Signature set did not satisfy policy /Channel/Application/SampleOrg/Admins
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1a9 == Done Evaluating *cauthdsl.policy Policy /Channel/Application/SampleOrg/Admins
2018-08-21 19:25:30.957 UTC [policies] func1 -> DEBU 1aa Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ SampleOrg.Admins ]
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1ab Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
2018-08-21 19:25:30.957 UTC [policies] Evaluate -> DEBU 1ac == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy
2018-08-21 19:25:30.957 UTC [orderer/common/broadcast] Handle -> WARN 1ad [channel: mychannel] Rejecting broadcast of config message from xxx.xxx.xxx.xxx:1234 because of error: error authorizing update: error validating DeltaSet: policy for [Group]  /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
2018-08-21 19:25:30.957 UTC [orderer/common/server] func1 -> DEBU 1ae Closing Broadcast stream
2018-08-21 19:25:30.959 UTC [grpc] Printf -> DEBU 1af transport: http2Server.HandleStreams failed to read frame: read tcp xxx.xxx.xxx.xxx:7050->xxx.xxx.xxx.xxx:1234: read: connection reset by peer
2018-08-21 19:25:30.959 UTC [common/deliver] Handle -> WARN 1b0 Error reading from xxx.xxx.xxx.xxx:1234: rpc error: code = Canceled desc = context canceled
2018-08-21 19:25:30.959 UTC [orderer/common/server] func1 -> DEBU 1b1 Closing Deliver stream

我认为这是在订购者的 configtx 文件中声明策略的方式,但我不确定。

configtx.yaml 中的部分

Organizations:
    - &SampleOrdererOrg
        Name: SampleOrdererOrg
        ID: SampleOrdererMSP
        MSPDir: /etc/hyperledger/orderer1/msp
        Policies: &SampleOrgPolicies
            Readers:
                Type: Signature
                Rule: "OR('SampleOrdererOrg.member')"
            Writers:
                Type: Signature
                Rule: "OR('SampleOrdererOrg.member')"
            Admins:
                Type: Signature
                Rule: "OR('SampleOrdererOrg.admin')"


    - &SampleOrg
        Name: SampleOrg
        ID: SampleOrgMSP
        MSPDir: /etc/hyperledger/org/msp/
        Policies: &SampleOrgPolicies
            Readers:
                Type: Signature
                Rule: "OR('SampleOrg.member')"
            Writers:
                Type: Signature
                Rule: "OR('SampleOrg.member')"
            Admins:
                Type: Signature
                Rule: "OR('SampleOrg.admin')"
        AnchorPeers:
            - Host: peer1.example.com
              Port: 7051
            - Host: peer2.example.com
              Port: 7051
            - Host: peer3.example.com
              Port: 7051



Profiles:
    SampleKafkaDev:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            OrdererType: kafka
            Organizations:
                - <<: *SampleOrg
                  Policies:
                      <<: *SampleOrgPolicies
                      Admins:
                          Type: Signature
                          Rule: "OR('SampleOrg.member')"
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - <<: *SampleOrg
                  Policies:
                      <<: *SampleOrgPolicies
                      Admins:
                          Type: Signature
                          Rule: "OR('SampleOrg.member')"
        Consortiums:
            SampleConsortium:
                Organizations:
                    - <<: *SampleOrg
                      Policies:
                          <<: *SampleOrgPolicies
                          Admins:
                              Type: Signature
                              Rule: "OR('SampleOrg.member')"

    MyChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *SampleOrg

【问题讨论】:

    标签: hyperledger-fabric hyperledger


    【解决方案1】:

    据我所知,策略配置中的规则预计将提供ID,在您的示例中使用name

    只需尝试通过以下方式更新配置中的所有规则:

    Policies:
   <<: *SampleOrgPolicies
   Admins:
       Type: Signature
       Rule: "OR('SampleOrgMSP.member')"

    (使用SampleOrgMSP 代替SampleOrgSampleOrdererMSP 代替SampleOrdererOrg 等)

    更新

    第二步:

    “peer”从“core.yaml”加载配置,通常这个文件位于“/etc/hyperledger/fabric/”。在此文件中尝试查找属性“localMspId: SampleOrg”并将 SampleOrg 替换为您的 Orderer MSP Id

    第三步:

    频道只能创建一次。为了验证通道是否存在,我们可以尝试从对等点之一加入它:

    • 验证环境变量CORE_PEER_ADDRESS配置是否正确,export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
    • peer channel join -b /opt/gopath/src/github.com/hyperledger/fabric/peer/mychannel.block
    • 现在您可以检查对等点是否有关于频道peer channel getinfo -c mychannel 的信息

    【讨论】:

    • 我试过这个,它在日志中给了我以下信息。 2018-08-23 14:21:34.698 UTC [policies] Evaluate -&gt; DEBU 1f4 == Evaluating *cauthdsl.policy Policy /Channel/Application/SampleOrgMSP/Writers == 2018-08-23 14:21:34.698 UTC [cauthdsl] deduplicate -&gt; ERRO 1f5 Principal deserialization failure (MSP SampleOrg is unknown) for identity 0a124f6d6e6974756465436f72654...(rest of log continues with identity)
    • 那是另一个问题。 “peer”从“core.yaml”加载配置,通常这个文件位于“/etc/hyperledger/fabric/”。在此文件中尝试查找属性“localMspId: SampleOrg”并将 SampleOrg 替换为 OrdererMSP
    • 我在 orderer 上的环境变量中将其更改为相同的 SampleOrgMSP,这似乎纠正了该错误,但现在 orderer 日志在运行 peer channel create 命令后显示:error authorizing update: error validating ReadSet: readset expected key [Group] /Channel/Application at version 0, but got version 1 我想也就是说渠道已经存在。有没有办法查看它的存储位置并删除它?我不记得它被创建过,除非它在我生成创世块和通道 tx 文件时在幕后做某事。
    • 你好@SergeyBalashevich,我听从了你的建议,但是我省略了对策略的锚引用:&lt;&lt;: *SampleOrgPolicies。我找不到任何关于使用这种参考的文档。 您能描述一下用法或链接到正确的文档吗? 现在我有不同的错误:BAD_REQUEST -- error applying config update to existing channel 'mychannel': error authorizing update: error validating ReadSet: existing config does not contain element for [Value] /Channel/Consortium but was in the read set 但这是另一个问题的故事。
    【解决方案2】:

    似乎除了@Sergey Balashevich 推荐的修复之外,创世块的创建给我带来了问题。我使用以下命令生成它:./configtxgen -profile MyChannel -channelID mychannel -outputCreateChannelTx configtx/channel.tx。这导致创建了一个频道并阻止我完成对等频道创建命令。

    【讨论】:

      猜你喜欢
      • 2018-01-25
      • 1970-01-01
      • 1970-01-01
      • 2019-05-21
      • 2021-03-26
      • 1970-01-01
      • 2019-07-26
      • 1970-01-01
      • 2019-02-04
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode