我创建了一个结构网络,它运行良好。我想更新oderer配置,例如batchtimeout
在运行中的网络中。我已按照本教程在运行时更新通道配置。本教程适用于添加新组织。但是当我更新订购者配置时,我得到了如下错误
错误:状态发生意外:BAD_REQUEST-将配置更新应用于现有通道“ mychannel”时出错:授权更新:错误验证DeltaSet:未满足[Value] / Channel / Orderer / BatchTimeout的策略:隐式策略评估失败-0子-符合政策,但此政策要求满足“管理员”子政策中的1个
我从所有组织管理员(例如org1和org2)中选择了信封.pb文件。请帮助我。
注意:为此,我使用了fabric-samples第一网络。
编辑:我已经用org1和org2签署了pb文件。我还通过导出以下变量与订购者签署了文件
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin\@example.com/msp/ CORE_PEER_ADDRESS=orderer.example.com:7050 CORE_PEER_LOCALMSPID=OrdererMSP CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
日志
11-28 09:13:57.207 UTC [policies] Manager -> DEBU cc4 Manager Channel/Orderer looking up path [] 2019-11-28 09:13:57.207 UTC [policies] Manager -> DEBU cc5 Manager Channel/Orderer has managers OrdererOrg 2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc6 == Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins == 2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc7 This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign 2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc8 == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins == 2019-11-28 09:13:57.207 UTC [cauthdsl] deduplicate -> WARN cc9 De-duplicating identity [OrdererMSP95598fd8d4ea9aa73dad2aee5bc32375d01e3ed9da0a25c2f64ae1067af7ac74] at index 1 in signature set 2019-11-28 09:13:57.207 UTC [cauthdsl] deduplicate -> WARN cca De-duplicating identity [OrdererMSP95598fd8d4ea9aa73dad2aee5bc32375d01e3ed9da0a25c2f64ae1067af7ac74] at index 2 in signature set 2019-11-28 09:13:57.208 UTC [cauthdsl] func1 -> DEBU ccb 0xc000c99ef0 gate 1574932437208001961 evaluation starts 2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU ccc 0xc000c99ef0 signed by 0 principal evaluation starts (used [false false false]) 2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU ccd 0xc000c99ef0 processing identity 0 with bytes of a1f390 2019-11-28 09:13:57.208 UTC [msp] satisfiesPrincipalInternalV143 -> DEBU cce Checking if identity has been named explicitly as an admin for OrdererMSP 2019-11-28 09:13:57.208 UTC [msp] satisfiesPrincipalInternalV143 -> DEBU ccf Checking if identity carries the admin ou for OrdererMSP 2019-11-28 09:13:57.208 UTC [msp] Validate -> DEBU cd0 MSP OrdererMSP validating identity 2019-11-28 09:13:57.208 UTC [msp] getCertificationChain -> DEBU cd1 MSP OrdererMSP getting certification chain 2019-11-28 09:13:57.208 UTC [msp] hasOURole -> DEBU cd2 MSP OrdererMSP checking if the identity is a client 2019-11-28 09:13:57.208 UTC [msp] getCertificationChain -> DEBU cd3 MSP OrdererMSP getting certification chain 2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU cd4 0xc000c99ef0 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP] 2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU cd5 0xc000c99ef0 principal evaluation fails 2019-11-28 09:13:57.208 UTC [cauthdsl] func1 -> DEBU cd6 0xc000c99ef0 gate 1574932437208001961 evaluation fails 2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cd7 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins 2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cd8 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins 2019-11-28 09:13:57.208 UTC [policies] func1 -> DEBU cd9 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ] 2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cda Signature set did not satisfy policy /Channel/Orderer/Admins 2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cdb == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins 2019-11-28 09:13:57.208 UTC [orderer.common.broadcast] ProcessMessage -> WARN cdc [channel: mychannel] Rejecting broadcast of config message from 172.25.0.7:42570 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/Orderer/BatchTimeout not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied 2019-11-28 09:13:57.208 UTC [orderer.common.server] func1 -> DEBU cdd Closing Broadcast stream 2019-11-28 09:13:57.208 UTC [comm.grpc.server] 1 -> INFO cde streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=172.25.0.7:42570 grpc.code=OK grpc.call_duration=1.864323ms 2019-11-28 09:13:57.209 UTC [grpc] warningf -> DEBU cdf transport: http2Server.HandleStreams failed to read frame: read tcp 172.25.0.3:7050->172.25.0.7:42570: read: connection reset by peer 2019-11-28 09:13:57.209 UTC [grpc] infof -> DEBU ce0 transport: loopyWriter.run returning. connection error: desc = "transport is closing" 2019-11-28 09:13:57.209 UTC [grpc] infof -> DEBU ce1 transport: loopyWriter.run returning. connection error: desc = "transport is closing" 2019-11-28 09:13:57.209 UTC [common.deliver] Handle -> WARN ce2 Error reading from 172.25.0.7:42568: rpc error: code = Canceled desc = context canceled 2019-11-28 09:13:57.209 UTC [orderer.common.server] func1 -> DEBU ce3 Closing Deliver stream 2019-11-28 09:13:57.209 UTC [comm.grpc.server] 1 -> INFO ce4 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.25.0.7:42568 error="rpc error: code = Canceled desc = context canceled" grpc.code=Canceled grpc.call_duration=4.921585ms
更新的环境
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key CORE_PEER_LOCALMSPID=OrdererMSP CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt CORE_PEER_TLS_ENABLED=true CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/ CORE_PEER_ID=cli CORE_PEER_ADDRESS=orderer.example.com:7050
小智.. 6
我面临着同样的问题,但是在BatchSize更新上。
您可以在下面看到订购者日志:
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6e This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6f == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins == 2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d70 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 1 in signature set 2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d71 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 2 in signature set 2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d72 0xc000453620 gate 1574940522768302200 evaluation starts 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d73 0xc000453620 signed by 0 principal evaluation starts (used [false false false]) 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d74 0xc000453620 processing identity 0 with bytes of fd5830 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d75 0xc000453620 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP] 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d76 0xc000453620 principal evaluation fails 2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d77 0xc000453620 gate 1574940522768302200 evaluation fails 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d78 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d79 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins 2019-11-28 11:28:42.768 UTC [policies] func1 -> DEBU d7a Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ] 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7b Signature set did not satisfy policy /Channel/Orderer/Admins 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7c == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins 2019-11-28 11:28:42.768 UTC [orderer.common.broadcast] ProcessMessage -> WARN d7d [channel: mychannel] Rejecting broadcast of config message from 172.29.0.7:43756 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/Orderer/BatchSize not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
我试图OrganizationalUnit: ADMIN
在crypto-config.yaml
文件中添加,以修复- The identity does not contain OU [ADMIN]
。OU已添加,但这对我没有帮助。
我还尝试将msp/admincerts
订购者签名证书复制到以修复- The identity is not an admin under this MSP [OrdererMSP]
,例如
cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_HOME}/msp/admincerts
希望以上步骤对您有所帮助,我仍在调查频道配置更新中的问题。??
我面临着同样的问题,但是在BatchSize更新上。
您可以在下面看到订购者日志:
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6e This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6f == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins == 2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d70 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 1 in signature set 2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d71 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 2 in signature set 2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d72 0xc000453620 gate 1574940522768302200 evaluation starts 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d73 0xc000453620 signed by 0 principal evaluation starts (used [false false false]) 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d74 0xc000453620 processing identity 0 with bytes of fd5830 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d75 0xc000453620 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP] 2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d76 0xc000453620 principal evaluation fails 2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d77 0xc000453620 gate 1574940522768302200 evaluation fails 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d78 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d79 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins 2019-11-28 11:28:42.768 UTC [policies] func1 -> DEBU d7a Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ] 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7b Signature set did not satisfy policy /Channel/Orderer/Admins 2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7c == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins 2019-11-28 11:28:42.768 UTC [orderer.common.broadcast] ProcessMessage -> WARN d7d [channel: mychannel] Rejecting broadcast of config message from 172.29.0.7:43756 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/Orderer/BatchSize not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
我试图OrganizationalUnit: ADMIN
在crypto-config.yaml
文件中添加,以修复- The identity does not contain OU [ADMIN]
。OU已添加,但这对我没有帮助。
我还尝试将msp/admincerts
订购者签名证书复制到以修复- The identity is not an admin under this MSP [OrdererMSP]
,例如
cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_HOME}/msp/admincerts
希望以上步骤对您有所帮助,我仍在调查频道配置更新中的问题。??