【发布时间】:2021-01-02 16:43:26
【问题描述】:
网络配置:
我有一个包含 5 个组织和 6 个通道的 Hyperledger Fabric 网络。每个组织都有一个对等点,排序者是对等组织之一(名为 PSU)的一部分。所有组织都是“uam.psu.registration”、“fuh.vertiport.operations”和“air.traffic.control”频道的成员。除一个 (PSU) 之外的所有频道都是频道“fuh.financial.operations”的成员。除了 Fly-Us-Hospitality 之外的所有组织都是“vehicle.telemetry”频道的一部分。只有 PSU 是“secure.airspace”频道的一部分。
问题:
我成功创建了所有频道并将组织加入相应频道,没有错误。然后我尝试更新锚节点。对于每个组织,对于它参与的每个频道,我都会运行 peer channel update -o localhost:7050 --ordererTLSHostnameOverrider orderer.psu.secure.airspace -c <channel_name> -f ./channel-artifacts/<channel_name>/<org>MSPanchors.tx --tls true --cafile $ORDERER_CA,其中 $ORDERER_CA 已正确设置。
它没有在终端上显示任何错误消息,但在 logspout 上我看到了
peer0.boeing.secure.airspace.com|2020-09-15 19:58:10.384 UTC [gossip.comm] authenticateRemotePeer -> ERRO 001 验证来自 172.29.0.2:59660 的签名失败:隐式策略评估失败 - 0子策略已满足,但此策略需要满足“读者”子策略中的 1 个
peer0.boeing.secure.airspace.com|2020-09-15 19:58:10.384 UTC [gossip.comm] GossipStream -> ERRO 002 身份验证失败:隐式策略评估失败 - 满足 0 个子策略,但是此政策需要满足“读者”子政策之一
对于上面提到的每个peer channel update... 命令。有人知道为什么我会看到这个吗?
这是我的 configtx.yaml 文件:
Organizations:
- &PSU
Name: PSUMSP
SkipAsForeign: false
ID: PSUMSP
MSPDir: crypto-config/peerOrganizations/psu.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Writers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Admins:
Type: Signature
Rule: "OR('PSUMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('PSUMSP.member')"
OrdererEndpoints:
- orderer.psu.secure.airspace.com:7050
AnchorPeers:
- Host: peer0.psu.secure.airspace.com
Port: 7051
- &Boeing
Name: BoeingMSP
ID: BoeingMSP
MSPDir: crypto-config/peerOrganizations/boeing.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Writers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Admins:
Type: Signature
Rule: "OR('BoeingMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('BoeingMSP.member')"
AnchorPeers:
- Host: peer0.boeing.secure.airspace.com
Port: 8051
- &Uber
Name: UberMSP
ID: UberMSP
MSPDir: crypto-config/peerOrganizations/uber.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('UberMSP.member')"
Writers:
Type: Signature
Rule: "OR('UberMSP.member')"
Admins:
Type: Signature
Rule: "OR('UberMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('UberMSP.member')"
AnchorPeers:
- Host: peer0.uber.secure.airspace.com
Port: 9051
- &AirBus
Name: AirBusMSP
ID: AirBusMSP
MSPDir: crypto-config/peerOrganizations/airbus.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Writers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Admins:
Type: Signature
Rule: "OR('AirBusMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('AirBusMSP.member')"
AnchorPeers:
- Host: peer0.airbus.secure.airspace.com
Port: 10051
- &Fly-Us-Hospitality
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/msP
Policies:
Readers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Writers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Admins:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
AnchorPeers:
- Host: peer0.fly-us-hospitality.secure.airspace.com
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.psu.secure.airspace.com
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
- *PSU
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
RegistrationProfile:
Consortium:
GeneralChannel:
Consortium: GeneralConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
VehicleOperationsChannel:
Consortium: VehicleOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
Capabilities:
<<: *ApplicationCapabilities
FinancialOperationsChannel:
Consortium: FinancialOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
SecureAirspaceChannel:
Consortium: SecureAirspaceConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *PSU
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SecureAirspaceConsortium:
Organizations:
- *PSU
FinancialOperationsConsortium:
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
VehicleOperationsConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
GeneralConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
还有我的 docker-compose.yaml 文件
version: "2"
#networks:
# network3.1:
services:
ca-psu:
container_name: ca.psu.secure.airspace.com
hostname: ca.psu.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.psu.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-boeing:
container_name: ca.boeing.secure.airspace.com
hostname: ca.boeing.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.boeing.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-uber:
container_name: ca.uber.secure.airspace.com
hostname: ca.uber.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.uber.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-airbus:
container_name: ca.airbus.secure.airspace.com
hostname: ca.airbus.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.airbus.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-fly-us-hospitality:
container_name: ca.fly-us-hospitality.secure.airspace.com
hostname: ca.fly-us-hospitality.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.fly-us-hospitality.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.psu.secure.airspace.com:
container_name: orderer.psu.secure.airspace.com
image: hyperledger/fabric-orderer:2.2
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=ERROR
- FABRIC_LOGGING_SPEC=ERROR
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.psu.secure.airspace.com:
container_name: peer0.psu.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=PSUMSP
- CORE_PEER_ID=peer0.psu.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.psu.secure.airspace.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.psu.secure.airspace.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.psu.secure.airspace.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.psu.secure.airspace.com:7051
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.boeing.secure.airspace.com:
container_name: peer0.boeing.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=BoeingMSP
- CORE_PEER_ID=peer0.boeing.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.boeing.secure.airspace.com:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.boeing.secure.airspace.com:8051
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.uber.secure.airspace.com:
container_name: peer0.uber.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=UberMSP
- CORE_PEER_ID=peer0.uber.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.uber.secure.airspace.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.uber.secure.airspace.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.uber.secure.airspace.com:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.uber.secure.airspace.com:9051
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.airbus.secure.airspace.com:
container_name: peer0.airbus.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=AirBusMSP
- CORE_PEER_ID=peer0.airbus.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.airbus.secure.airspace.com:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.airbus.secure.airspace.com:10051
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.fly-us-hospitality.secure.airspace.com:
container_name: peer0.fly-us-hospitality.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=Fly-Us-HospitalityMSP
- CORE_PEER_ID=peer0.fly-us-hospitality.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.fly-us-hospitality.secure.airspace.com:11051
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
在执行每个peer channel update ..命令之前,我更新了对应的环境变量:
CORE_PEER_LOCALMSPID=MSP
CORE_PEER_TLS_ROOTCERT_FILE=/peerOrganizations/
CORE_PEER_MSPCONFIGPATH=/peerOrganizations/
CORE_PEER_ADDRESS=本地主机:
注意:我不隶属于我在此网络中使用其名称的任何公司。
【问题讨论】:
-
错误来自configtx文件;您尝试更新频道的配置文件没有阅读器功能,但很难看出错误来自哪里......您从哪里执行此事务?如果我没记错的话,并且使用您的 congitx 配置,锚点添加事务需要代表您尝试将锚点添加到的组织执行,所以如果您想将锚点添加到波音公司,从波音同行执行交易。
-
@Popopame 如何确保以该对等方的身份执行命令?我一直在更改所有环境变量,如 CORE_PEER_LOCALMSPID、CORE_PEER_MSPCONFIGPATH 等以匹配相应的组织,然后从 shell 运行所有对等命令。够了吗?
-
您在哪个环境中工作?如果你在学习环境中进行测试,比如 docker-compose,我建议创建一个 cli peer,它会更容易与你的网络交互,并且大多数超级账本结构教程都是这样制作的。现在对于变量,如果一切设置正确,它应该可以工作,就像在您授权的 configtx 中一样,您能否在发出命令之前列出您设置的所有环境变量? :)
-
Poponame 提到,@jnasworld223 可以详细分享一个组织的配置吗?我了解您正在使用 docker-compose,那么,您能否分享一个组织(例如波音)的 docker-compose 配置?在执行上述命令之前,您还可以分享 de env 变量及其值吗?我了解到您使用的是 2.x 版本
-
感谢您的帮助。是的,我使用 docker-compose 来配置所有内容,并且我使用的是 fabric 2.2。我添加了 compose.yaml 文件和我在 OP 上更新的所有环境变量。为什么推荐使用 cli peer?与直接在主机系统上运行命令相比,这有什么优势?
标签: hyperledger-fabric hyperledger