通过节点 sdk 创建 Hyperledger Fabric 通道

【问题标题】:Hyperledger fabric channel creation through node sdk通过节点 sdk 创建 Hyperledger Fabric 通道
【发布时间】:2019-10-07 13:59:19
【问题描述】:

我正在尝试通过超级账本结构节点 sdk 创建通道,但出现以下错误。

由于错误而拒绝从 172.25.0.1:34196 广播配置消息:验证新频道“arun1”的频道创建事务时出错,无法成功将更新应用于模板配置:授权更新时出错:验证 DeltaSet 时出错:[组] /Channel/Application 不满足:隐式策略评估失败 - 满足 0 个子策略,但此策略需要满足 1 个“管理员”子策略

这是我的节点方法

try {
    console.log("api hit");
    // Create a new file system based wallet for managing identities.
    const walletPath = path.join(process.cwd(), 'wallet');
    const wallet = new FileSystemWallet(walletPath);
    console.log(`Wallet path: ${walletPath}`);

    // Check to see if we've already enrolled the user.
    const userExists = await wallet.exists('user2');

    if (!userExists) {
        console.log('An identity for the user "user2" does not exist in the wallet');
        console.log('Run the registerUser.js application before retrying');
        return;
    }

    // Create a new gateway for connecting to our peer node.
    const gateway = new Gateway();

    await gateway.connect(ccpPath, { wallet, identity: 'user2', discovery: { enabled: false, asLocalhost: true } });
    var client = gateway.getClient()

    // first read in the file, this gives us a binary config envelope
    let envelope_bytes = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/channel-artifacts/channel1.tx'));
    let adminKey = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/pem.key'));
    let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/cacerts/ca.org1.example.com-cert.pem'));
    client.setAdminSigningIdentity(adminKey.toString(),adminCert.toString(),"Org1MSP")
    console.log(`admin key=====   ${adminKey}`);
    console.log(`admin cert=====   ${adminCert}`);
    // have the nodeSDK extract out the config update
    var signatures = new Array();

    var config_update = client.extractChannelConfig(envelope_bytes);
    var configSignature=client.signChannelConfig(config_update)

    signatures.push(configSignature);
    // create an orderer object to represent the orderer of the network
    var orderer=client.getOrderer("orderer.example.com") 
    let request = {
        config: config_update, //the binary config
        signatures: signatures, // the collected signatures
        name: 'arun1', // the channel name
        orderer: orderer, //the orderer from above
        txId: client.newTransactionID(true) //the generated transaction id
    };
    console.log(`configupdate${config_update}`);

    // this call will return a Promise
    console.log("Transaction sent 2");
    const result = await client.createChannel(request)
    return {
        status: 200,
        data: {
            data: JSON.parse(result.toString())
        }
    };

} catch (error) {
    console.error(`Failed to evaluate transaction: ${error}`);
    //  process.exit(1);
    return {
        status: 400,
        data: {
            data: `${error}`
        }
    };
}

这是我的 connection.json

    {
    "name": "first-network-org1",
    "version": "1.0.0",
    "client": {
        "organization": "Org1",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300"
                }
            }
        }
    },
    "organizations": {
        "Org1": {
            "mspid": "Org1MSP",
            "adminPrivateKey": {
                "path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/pem.key"
            },
            "signedCert": {
                "path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/cacerts/ca.org1.example.com-cert.pem"
            },
            "peers": [
                "peer0.org1.example.com",
                "peer1.org1.example.com"
            ],
            "certificateAuthorities": [
                "ca.org1.example.com"
            ]

        }
    },
    "orderers": {
        "orderer.example.com": {
            "url": "grpcs://localhost:7050",
            "tlsCACerts": {
                "path": "crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"
            },
            "grpcOptions": {
                "ssl-target-name-override": "orderer.example.com"
            }
        }

    },
    "peers": {
        "peer0.org1.example.com": {
            "url": "grpcs://localhost:7051",
            "tlsCACerts": {
                "path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
            },
            "grpcOptions": {
                "ssl-target-name-override": "peer0.org1.example.com"
            }
        },
        "peer1.org1.example.com": {
            "url": "grpcs://localhost:8051",
            "tlsCACerts": {
                "path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
            },
            "grpcOptions": {
                "ssl-target-name-override": "peer1.org1.example.com"
            }
        }
    },
    "certificateAuthorities": {
        "ca.org1.example.com": {
            "url": "https://localhost:7054",
            "caName": "ca-org1",
            "tlsCACerts": {
                "path": "crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
            },
            "httpOptions": {
                "verify": false
            }
        }
    }
}

【问题讨论】:

    标签: hyperledger-fabric


    【解决方案1】:

    我发现我的 admincert 路径错误

        let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/cacerts/ca.org1.example.com-cert.pem'));

    将 cacerts 替换为 admincerts

        let adminCert = fs.readFileSync(path.join(__dirname, '..','..','..','fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/admincerts/Admin@org1.example.com-cert.pem'));

    【讨论】:

      【解决方案2】:

      我认为这可能是 Fabric 安全性的问题,而不是您的代码。

      您的 Fabric 设置如何,您使用的是 configtx.yaml 的“旧”副本吗?我不知道它是什么时候改变的,但是现在你需要在 configtx.yaml 中指定通道策略,所以你需要在文件中的配置文件部分下有一个诸如 <<: *ChannelDefaults 之类的行。比如:

      Profiles:

ThreeOrgsOrdererGenesis:
    <<: *ChannelDefaults
    Orderer:
        <<: *OrdererDefaults
        Organizations:
            - *OrdererOrg
        Capabilities:
            <<: *OrdererCapabilities
    Consortiums:
        constrade:
            Organizations:
                - *Org1
                - *Org2
                - *Org3
ThreeOrgsChannel:
    Consortium: constrade
    <<: *ChannelDefaults
    Application:
        <<: *ApplicationDefaults
        Organizations:
            - *Org1
            - *Org2
            - *Org3
        Capabilities:
            <<: *ApplicationCapabilities

      您显然需要在文件的ChannelDefaults 部分中定义的策略。

      fabric-samples 中最新的 first-network 示例文件格式正确。

      【讨论】:

        【解决方案3】:

        根据您的错误响应,它正在拒绝,因为您在创建新频道时没有通过管理员凭据。

        这是一个结构频道作者政策,只有管理员可以创建频道

                "adminPrivateKey": {
            "path": "/home/arun/Hyperledger_1.4.2/fabric-samples/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/pem.key

        你确定 pem.key 吗?

        【讨论】:

          猜你喜欢
          • 2019-06-11
          • 2019-05-21
          • 2018-06-19
          • 2020-12-15
          • 2019-07-26
          • 1970-01-01
          • 2019-02-04
          • 2019-01-06
          • 1970-01-01
          相关资源
          最近更新 更多
          热门标签
          Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode