如何解决Hyperledger Fabric:更新锚点对等实体时如何解决“满足0个子策略”的问题?
网络配置:
我有一个Hyperledger Fabric网络,具有5个组织和6个渠道。每个组织都有一个对等组织,而订购者是其中一个对等组织(称为PSU)的一部分。所有组织都是“ uam.psu.registration”,“ fuh.vertiport.operations”和“ air.traffic.control”通道的成员。除一个(PSU)之外,所有其他频道都是“ fuh.financial.operations”频道的成员。除Fly-Us-Hospitality之外的所有组织都是“ vehicle.telemetry”频道的一部分。只有PSU是“ secure.airspace”频道的一部分。
问题:
我成功创建了所有渠道,并将组织正确地加入了相应的渠道。然后,我尝试更新锚点对等点。对于每个组织,对于其参与的每个渠道,我都运行peer channel update -o localhost:7050 --ordererTLSHostnameOverrider orderer.psu.secure.airspace -c <channel_name> -f ./channel-artifacts/<channel_name>/<org>MSPanchors.tx --tls true --cafile $ORDERER_CA,其中已正确设置$ ORDERER_CA。
它在终端上没有显示任何错误消息,但是在logspout上我看到了
peer0.boeing.secure.airspace.com | 2020-09-15 19:58:10.384 UTC [gossip.comm] authenticateRemotePeer-> ERRO 001验证来自172.29.0.2:59660的签名失败:隐式策略评估失败-0子策略已得到满足,但该政策要求满足“读者”子策略中的1个
peer0.boeing.secure.airspace.com | 2020-09-15 19:58:10.384 UTC [gossip.comm] GossipStream-> ERRO 002身份验证失败:隐式策略评估失败-满足0个子策略,但是该政策要求满足“读者”子政策中的1个子政策
对于上述每个peer channel update...命令。有人对我为什么看到这个有任何想法吗?
这是我的configtx.yaml文件:
Organizations:
- &PSU
Name: PSUMSP
SkipAsForeign: false
ID: PSUMSP
MSPDir: crypto-config/peerOrganizations/psu.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Writers:
Type: Signature
Rule: "OR('PSUMSP.member')"
Admins:
Type: Signature
Rule: "OR('PSUMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('PSUMSP.member')"
OrdererEndpoints:
- orderer.psu.secure.airspace.com:7050
AnchorPeers:
- Host: peer0.psu.secure.airspace.com
Port: 7051
- &Boeing
Name: BoeingMSP
ID: BoeingMSP
MSPDir: crypto-config/peerOrganizations/boeing.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Writers:
Type: Signature
Rule: "OR('BoeingMSP.member')"
Admins:
Type: Signature
Rule: "OR('BoeingMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('BoeingMSP.member')"
AnchorPeers:
- Host: peer0.boeing.secure.airspace.com
Port: 8051
- &Uber
Name: UberMSP
ID: UberMSP
MSPDir: crypto-config/peerOrganizations/uber.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('UberMSP.member')"
Writers:
Type: Signature
Rule: "OR('UberMSP.member')"
Admins:
Type: Signature
Rule: "OR('UberMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('UberMSP.member')"
AnchorPeers:
- Host: peer0.uber.secure.airspace.com
Port: 9051
- &AirBus
Name: AirBusMSP
ID: AirBusMSP
MSPDir: crypto-config/peerOrganizations/airbus.secure.airspace.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Writers:
Type: Signature
Rule: "OR('AirBusMSP.member')"
Admins:
Type: Signature
Rule: "OR('AirBusMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('AirBusMSP.member')"
AnchorPeers:
- Host: peer0.airbus.secure.airspace.com
Port: 10051
- &Fly-Us-Hospitality
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/msP
Policies:
Readers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Writers:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
Admins:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Fly-Us-HospitalityMSP.member')"
AnchorPeers:
- Host: peer0.fly-us-hospitality.secure.airspace.com
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.psu.secure.airspace.com
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls/server.crt
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
- *PSU
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
RegistrationProfile:
Consortium:
GeneralChannel:
Consortium: GeneralConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
VehicleOperationsChannel:
Consortium: VehicleOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
Capabilities:
<<: *ApplicationCapabilities
FinancialOperationsChannel:
Consortium: FinancialOperationsConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
Capabilities:
<<: *ApplicationCapabilities
SecureAirspaceChannel:
Consortium: SecureAirspaceConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *PSU
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *PSU
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SecureAirspaceConsortium:
Organizations:
- *PSU
FinancialOperationsConsortium:
Organizations:
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
VehicleOperationsConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
GeneralConsortium:
Organizations:
- *PSU
- *Boeing
- *Uber
- *AirBus
- *Fly-Us-Hospitality
还有我的docker-compose.yaml文件
version: "2"
#networks:
# network3.1:
services:
ca-psu:
container_name: ca.psu.secure.airspace.com
hostname: ca.psu.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.psu.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.psu.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-boeing:
container_name: ca.boeing.secure.airspace.com
hostname: ca.boeing.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.boeing.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.boeing.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-uber:
container_name: ca.uber.secure.airspace.com
hostname: ca.uber.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.uber.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.uber.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-airbus:
container_name: ca.airbus.secure.airspace.com
hostname: ca.airbus.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.airbus.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.airbus.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-fly-us-hospitality:
container_name: ca.fly-us-hospitality.secure.airspace.com
hostname: ca.fly-us-hospitality.secure.airspace.com
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.fly-us-hospitality.secure.airspace.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.fly-us-hospitality.secure.airspace.com-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.psu.secure.airspace.com:
container_name: orderer.psu.secure.airspace.com
image: hyperledger/fabric-orderer:2.2
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=ERROR
- FABRIC_LOGGING_SPEC=ERROR
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/orderer.psu.secure.airspace.com/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.psu.secure.airspace.com:
container_name: peer0.psu.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=PSUMSP
- CORE_PEER_ID=peer0.psu.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.psu.secure.airspace.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.psu.secure.airspace.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.psu.secure.airspace.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.psu.secure.airspace.com:7051
volumes:
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/psu.secure.airspace.com/peers/peer0.psu.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.boeing.secure.airspace.com:
container_name: peer0.boeing.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=BoeingMSP
- CORE_PEER_ID=peer0.boeing.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.boeing.secure.airspace.com:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.boeing.secure.airspace.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.boeing.secure.airspace.com:8051
volumes:
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/boeing.secure.airspace.com/peers/peer0.boeing.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.uber.secure.airspace.com:
container_name: peer0.uber.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=UberMSP
- CORE_PEER_ID=peer0.uber.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.uber.secure.airspace.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.uber.secure.airspace.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.uber.secure.airspace.com:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.uber.secure.airspace.com:9051
volumes:
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/uber.secure.airspace.com/peers/peer0.uber.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.airbus.secure.airspace.com:
container_name: peer0.airbus.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=AirBusMSP
- CORE_PEER_ID=peer0.airbus.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.airbus.secure.airspace.com:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.airbus.secure.airspace.com:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.airbus.secure.airspace.com:10051
volumes:
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/airbus.secure.airspace.com/peers/peer0.airbus.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.fly-us-hospitality.secure.airspace.com:
container_name: peer0.fly-us-hospitality.secure.airspace.com
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=Fly-Us-HospitalityMSP
- CORE_PEER_ID=peer0.fly-us-hospitality.secure.airspace.com
- CORE_PEER_ADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.fly-us-hospitality.secure.airspace.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.fly-us-hospitality.secure.airspace.com:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.fly-us-hospitality.secure.airspace.com:11051
volumes:
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/fly-us-hospitality.secure.airspace.com/peers/peer0.fly-us-hospitality.secure.airspace.com/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
在执行每个peer channel update ..命令之前,我先更新相应的环境变量:
CORE_PEER_LOCALMSPID = MSP
CORE_PEER_TLS_ROOTCERT_FILE = / peerOrganizations /
CORE_PEER_MSPCONFIGPATH = / peerOrganizations /
CORE_PEER_ADDRESS =本地主机:
注意:我与该网络中使用我的名字的公司无关。
解决方法
在执行peer update命令之前,请检查下面的env变量。
# change Org1MSP to your org msp name
export CORE_PEER_LOCALMSPID="Org1MSP"
# here org name accordingly
export CORE_PEER_MSPCONFIGPATH=${PWD}/crypto-config/peerOrganizations/org1.com/users/Admin@org1.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/crypto-config/peerOrganizations/org1.com/peers/peer1.org1.com/tls/ca.crt
以上数值仅供参考。您必须检查它们是否指向正确的路径。