Fatal编程技术网

Hyperledger fabric 使用Hyperledger结构添加自定义节点OU

hyperledger-fabric

Hyperledger fabric 使用Hyperledger结构添加自定义节点OU,hyperledger-fabric,hyperledger-fabric-ca,organizational-unit,Hyperledger Fabric,Hyperledger Fabric Ca,Organizational Unit,我试图在configtx.yaml文件中的策略定义中添加自定义节点OU。configtx.yaml文件的应用程序部分提供了策略定义,如下所示: Application: &ApplicationDefaults # Organizations is the list of orgs which are defined as participants on # the application side of the network ACLs: &ACLsDefault p

我试图在configtx.yaml文件中的策略定义中添加自定义节点OU。configtx.yaml文件的应用程序部分提供了策略定义,如下所示:

Application: &ApplicationDefaults

# Organizations is the list of orgs which are defined as participants on
# the application side of the network
ACLs: &ACLsDefault
    peer/Propose: /Channel/Application/Checkous

Organizations:

# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
#   /Channel/Application/<PolicyName>
Policies:
    Readers:
        Type: ImplicitMeta
        Rule: "ANY Readers"
    Writers:
        Type: ImplicitMeta
        Rule: "ANY Writers"
    Admins:
        Type: ImplicitMeta
        Rule: "MAJORITY Admins"
    Checkous:
        Type: Signature
        Rule: "OR('Org1MSP.admin', 'Org1MSP.client', 'Org1MSP.dept')"

Capabilities:
    <<: *ApplicationCapabilities

NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: orderer
  DeptOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: dept
然后,当我尝试创建通道配置块时,收到以下错误:

#################################################################
### Generating channel configuration transaction 'channel.tx' ###
#################################################################
+ configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel
2020-02-17 05:17:02.346 UTC [common.tools.configtxgen] main -> INFO 001 Loading configuration
2020-02-17 05:17:02.518 UTC [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: /home/chintanr11/fabric-samples/first-network/configtx.yaml
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen.localconfig] completeInitialization -> INFO 003 orderer type: solo
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen.localconfig] LoadTopLevel -> INFO 004 Loaded configuration: /home/chintanr11/fabric-samples/first-network/configtx.yaml
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 005 Generating new channel configtx
2020-02-17 05:17:02.680 UTC [common.tools.configtxgen] main -> FATA 006 Error on outputChannelCreateTx: could not generate default config template: error parsing configuration: could not create application group: error adding policies to application group: invalid signature policy rule 'OR('Org1MSP.admin', 'Org1MSP.client', 'Org1MSP.dept')': Unable to parse numeric value '.' to float64
+ res=1
+ set +x
Failed to generate channel configuration transaction...
注意:我已在我的config.yaml文件中添加了此OU的定义,该文件位于:
~/fabric samples/first network/crypto config/peerOrganizations/org1.example.com/msp
。该文件如下所示:

Application: &ApplicationDefaults

# Organizations is the list of orgs which are defined as participants on
# the application side of the network
ACLs: &ACLsDefault
    peer/Propose: /Channel/Application/Checkous

Organizations:

# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
#   /Channel/Application/<PolicyName>
Policies:
    Readers:
        Type: ImplicitMeta
        Rule: "ANY Readers"
    Writers:
        Type: ImplicitMeta
        Rule: "ANY Writers"
    Admins:
        Type: ImplicitMeta
        Rule: "MAJORITY Admins"
    Checkous:
        Type: Signature
        Rule: "OR('Org1MSP.admin', 'Org1MSP.client', 'Org1MSP.dept')"

Capabilities:
    <<: *ApplicationCapabilities

NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: orderer
  DeptOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: dept
  • 创建通道块时出现的上述错误意味着什么?有什么解决方法吗
  • 如何可能使用Fabric CA(而不是cryptogen)在网络中使用自定义节点OU
    • 不能使用“自定义”节点输出标识符。结构策略仅支持以下角色:

    • $MSPID.admin
    • $MSPID.member
    • $MSPID.peer
    • $MSPID.client
    • $MSPID.order
    这意味着您只能使用内置的节点OU标识符:

    • 客户识别器
    • 窥视标识符
    • 管理员标识符
    • 订单标识符
    不能使用“自定义”节点标识符。结构策略仅支持以下角色:

    • $MSPID.admin
    • $MSPID.member
    • $MSPID.peer
    • $MSPID.client
    • $MSPID.order
    这意味着您只能使用内置的节点OU标识符:

    • 客户识别器
    • 窥视标识符
    • 管理员标识符
    • 订单标识符
    定义一个MSP以容纳所有组织成员的成员资格。MSP的配置将包括根CA、中间CA和管理员证书的列表;成员身份将包括成员所属的组织单位(OU)。然后可以定义策略来捕获特定OU的成员,这些策略可以构成通道的读/写策略或链码的背书策略。最后一句话是什么意思?它说我可以使用自定义OU创建一个策略&该组织仍然有一个MSP。我是对还是错?这应该从文档中删除。它指的是尚未实现的不同功能。感谢您指出,请定义一个MSP以容纳所有组织成员的成员资格。MSP的配置将包括根CA、中间CA和管理员证书的列表;成员身份将包括成员所属的组织单位(OU)。然后可以定义策略来捕获特定OU的成员,这些策略可以构成通道的读/写策略或链码的背书策略。最后一句话是什么意思?它说我可以使用自定义OU创建一个策略&该组织仍然有一个MSP。我是对还是错?这应该从文档中删除。它指的是尚未实现的不同功能。谢谢你指出这一点