Hyperledger fabric HLF：网络上受限制的频道创建策略_Hyperledger Fabric_Hyperledger

Hyperledger fabric HLF：网络上受限制的频道创建策略

hyperledger-fabric

Hyperledger fabric HLF：网络上受限制的频道创建策略,hyperledger-fabric,hyperledger,Hyperledger Fabric,Hyperledger,我创建了一个由4个组织（Org1、Org2、Org3、Org4）和一个订购者组成的网络，以织物样本的测试网络为基础，它工作得非常好。我想要实现的是，除了Org1和Org2之外，没有其他组织能够在这个网络中创建频道。为此，我修改了configtx.yaml文件，用writer策略或（'Org1MSP.admin'，'Org2MSP.admin'）生成orderer genesis块。下面是“我的订购者”部分的完整定义配置文件：configtx.yaml Orderer: &Orderer

我创建了一个由4个组织（Org1、Org2、Org3、Org4）和一个订购者组成的网络，以织物样本的测试网络为基础，它工作得非常好。我想要实现的是，除了Org1和Org2之外，没有其他组织能够在这个网络中创建频道。为此，我修改了configtx.yaml文件，用writer策略或（'Org1MSP.admin'，'Org2MSP.admin'）生成orderer genesis块。下面是“我的订购者”部分的完整定义

配置文件：configtx.yaml

Orderer: &OrdererDefaults

    OrdererType: etcdraft
    
    Addresses:
        - orderer.pinkflyod.com:8051

    EtcdRaft:
        Consenters:
        - Host: orderer.pinkflyod.com
          Port: 8051
          ClientTLSCert: ../organizations/orderer/organization/ordererOrganizations/pinkflyod.com/orderers/orderer.pinkflyod.com/tls/server.crt
          ServerTLSCert: ../organizations/orderer/organization/ordererOrganizations/pinkflyod.com/orderers/orderer.pinkflyod.com/tls/server.crt

    BatchTimeout: 2s

    BatchSize:

        MaxMessageCount: 10

        AbsoluteMaxBytes: 99 MB

        PreferredMaxBytes: 512 KB

    Organizations:

    #   /Channel/Orderer/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: Signature
            Rule: "OR('Org1MSP.admin', 'Org2MSP.admin')"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

在建立网络后，我使用下面的命令创建通道事务

configtxgen -profile FourOrgChannel -outputCreateChannelTx ../shipping-network/organizations/network/channel-artifacts/${CHANNEL_NAME}.tx -channelID $CHANNEL_NAME

然后我用下面的命令执行通道事务

export FABRIC_CFG_PATH=../shipping-network/organizations/org1/conf
export CORE_PEER_MSPCONFIGPATH=../shipping-network/organizations/custom/organization/peerOrganizations/org1.metallica.gov/users/Admin@org1.metallica.gov/msp
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=../shipping-network/organizations/custom/organization/peerOrganizations/org1.metallica.gov/peers/peer0.org1.metallica.gov/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:7151

peer channel signconfigtx -o localhost:8051 --ordererTLSHostnameOverride orderer.pinkflyod.com -f ../shipping-network/organizations/network/channel-artifacts/${CHANNEL_NAME}.tx  --tls --cafile ${ORDERER_CA}

在下面命令的帮助下，我能够将通道事务转换为json

configtxgen -inspectChannelCreateTx ../shipping-network/organizations/network/channel-artifacts/${CHANNEL_NAME}.tx

我可以看到Org1MSP签名在签名部分

    "signatures": [
        {
            "signature": "MEQCIDSAC....",
            "signature_header": {
                "creator": {
                    "id_bytes": "LS0tLS1CRU............",
                    "mspid": "Org1MSP"
                },
                "nonce": "CT8rDfPk6fU+yd+8yY995lBoEP4bZb7n"
            }
        }
    ]

我用这个签名的通道事务文件执行下面的命令

export FABRIC_CFG_PATH=../shipping-network/organizations/org1/conf
export CORE_PEER_MSPCONFIGPATH=../shipping-network/organizations/custom/organization/peerOrganizations/org1.metallica.gov/users/Admin@org1.metallica.gov/msp
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=../shipping-network/organizations/custom/organization/peerOrganizations/org1.metallica.gov/peers/peer0.org1.metallica.gov/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:7151



peer channel create -o localhost:8051 -c $CHANNEL_NAME --ordererTLSHostnameOverride orderer.pinkflyod.com -f ../shipping-network/organizations/network/channel-artifacts/${CHANNEL_NAME}.tx --outputBlock ../shipping-network/organizations/network/channel-artifacts/${CHANNEL_NAME}.block --tls --cafile ${ORDERER_CA}

但我得到以下错误：

Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied

我可以在Orderer节点上看到下面生成的日志日志：

我不知道我做错了什么。有人能帮忙或提供一些想法吗

Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied

orderer.pinkflyod.com|2021-04-26 02:29:51.320 UTC [policies] SignatureSetToValidIdentities -> WARN 032 De-duplicating identity [Org1MSP665dcec5968498f2f030ffd7d233f3e2aa30715a87b7b08b814e00513c5a4d21] at index 1 in signature set
orderer.pinkflyod.com|2021-04-26 02:29:51.323 UTC [orderer.common.broadcast] ProcessMessage -> WARN 033 [channel: mychannel] Rejecting broadcast of config message from 172.20.0.1:47624 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
orderer.pinkflyod.com|2021-04-26 02:29:51.323 UTC [comm.grpc.server] 1 -> INFO 034 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=172.20.0.1:47624 grpc.code=OK grpc.call_duration=11.633188ms