Hyperledger fabric 隐式策略评估失败-满足0个子策略,但此策略需要';管理员';待满足的子政策
我正在尝试从CLI容器创建通道 我已为CORE\u PEER\u LOCALMSPID=Org1MSP和CORE\u PEER\u MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/PEER/crypto/PeerorOrganizations/org1.com/users设置了正确的值/Admin@org1.com/无国界医生 但当尝试创建频道时,我从订购者日志中得到以下错误Hyperledger fabric 隐式策略评估失败-满足0个子策略,但此策略需要';管理员';待满足的子政策,hyperledger-fabric,Hyperledger Fabric,我正在尝试从CLI容器创建通道 我已为CORE\u PEER\u LOCALMSPID=Org1MSP和CORE\u PEER\u MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/PEER/crypto/PeerorOrganizations/org1.com/users设置了正确的值/Admin@org1.com/无国界医生 但当尝试创建频道时,我从订购者日志中得到以下错误 标识0不满足主体:此标识不是管理员 响应消息是
标识0不满足主体:此标识不是管理员验证DeltaSet时出错:[组]/频道/应用程序的策略未满足:隐式策略评估失败-满足0个子策略,但此策略需要满足“管理员”子策略中的1个子策略# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/org1.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.com
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org2.com
Port: 9051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.3.x
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.3.0 or later.
V1_3: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V1.1 orderer capabilities, ensure that all
# orderers on a channel are at v1.1.0 or later.
V1_1: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.3 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.3.
V1_3: true
# V1.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.2 (note, this need not be set if
# later version capabilities are set)
V1_2: false
# V1.1 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.1 (note, this need not be set if
# later version capabilities are set).
V1_1: false
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.org1.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "ANY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.org1.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer.org1.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer.org1.com/tls/server.crt
- Host: orderer2.org1.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer2.org1.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer2.org1.com/tls/server.crt
- Host: orderer3.org1.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer3.org1.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer3.org1.com/tls/server.crt
- Host: orderer4.org1.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer4.org1.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer4.org1.com/tls/server.crt
- Host: orderer5.org1.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer5.org1.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/org1.com/orderers/orderer5.org1.com/tls/server.crt
Addresses:
- orderer.org1.com:7050
- orderer2.org1.com:7050
- orderer3.org1.com:7050
- orderer4.org1.com:7050
- orderer5.org1.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
#版权归IBM公司所有。保留所有权利。
#
#SPDX许可证标识符:Apache-2.0
#
---
################################################################################
#
#第节:组织
#
#-本节定义了不同的组织标识,这些标识将
#稍后将在配置中引用。
#
################################################################################
组织:
#SampleOrg使用sampleconfig定义MSP。永远不要使用它
#但可作为其他定义的模板
-&orderorg
#DefaultOrg定义sampleconfig中使用的组织
#fabric.git开发环境的
姓名:OrderOrg
#将MSP定义加载为的ID
ID:ordermsp
#MSPDir是包含MSP配置的文件系统路径
MSPDir:crypto-config/orderOrganizations/org1.com/msp
#策略在配置树的这个级别定义策略集
#对于组织策略,其规范路径通常为
#/频道///
政策:
读者:
类型:签名
规则:“或('ordermsp.member')”
作者:
类型:签名
规则:“或('ordermsp.member')”
管理员:
类型:签名
规则:“或('ordermsp.admin')”
-&Org1
#DefaultOrg定义sampleconfig中使用的组织
#fabric.git开发环境的
名称:Org1MSP
#将MSP定义加载为的ID
ID:Org1MSP
MSPDir:crypto-config/peerOrganizations/org1.com/msp
#策略在配置树的这个级别定义策略集
#对于组织策略,其规范路径通常为
#/频道///
政策:
读者:
类型:签名
规则:“或('Org1MSP.admin','Org1MSP.peer','Org1MSP.client')”
作者:
类型:签名
规则:“或('Org1MSP.admin','Org1MSP.client')”
管理员:
类型:签名
规则:“或('Org1MSP.admin')”
#将此标志设置为true。
主持人:
#主持人定义可以使用的对等点的位置
#用于跨组织的闲聊交流。注意,此值仅为
#编码在应用程序部分上下文中的genesis块中
-主持人:peer0.org1.com
港口:7051
-&Org2
#DefaultOrg定义sampleconfig中使用的组织
#fabric.git开发环境的
名称:Org2MSP
#将MSP定义加载为的ID
ID:Org2MSP
MSPDir:crypto-config/peerOrganizations/org2.com/msp
#策略在配置树的这个级别定义策略集
#对于组织策略,其规范路径通常为
#/频道///
政策:
读者:
类型:签名
规则:“或('Org2MSP.admin','Org2MSP.peer','Org2MSP.client')”
作者:
类型:签名
规则:“或('Org2MSP.admin','Org2MSP.client')”
管理员:
类型:签名
规则:“或('Org2MSP.admin')”
主持人:
#主持人定义可以使用的对等点的位置
#用于跨组织的闲聊交流。注意,此值仅为
#编码在应用程序部分上下文中的genesis块中
-主持人:peer0.org2.com
港口:9051
################################################################################
#
#第节:能力
#
#-本节定义了结构网络的功能。这是一个新的
#从v1.1.0开始的概念,不应在具有
#v1.0.x对等方和订购方。功能定义了必须使用的功能
#在结构二进制文件中显示,以便该二进制文件安全地参与
#结构网络。例如,如果添加了新的MSP类型,则更新的二进制文件
#可能会识别和验证此类型的签名,而
#没有此支持的二进制文件将无法验证这些文件
#交易。这可能导致结构二进制文件的不同版本
#有不同的世界状态。相反,定义通道的功能
#通知那些没有此功能的二进制文件它们必须停止
#处理事务,直到事务升级。适用于v1.0.x(如有)
#已定义功能(包括关闭所有功能的映射)
#然后v1.0.x对等机将故意崩溃。
#
################################################################################
能力:
#渠道功能适用于订购方和对等方,并且必须
#支持