无法更新订购者配置中的batchtimeout？

我创建了一个结构网络，它运行良好。我想更新oderer配置，例如batchtimeout在运行中的网络中。我已按照本教程在运行时更新通道配置。本教程适用于添加新组织。但是当我更新订购者配置时，我得到了如下错误

错误：状态发生意外：BAD_REQUEST-将配置更新应用于现有通道“ mychannel”时出错：授权更新：错误验证DeltaSet：未满足[Value] / Channel / Orderer / BatchTimeout的策略：隐式策略评估失败-0子-符合政策，但此政策要求满足“管理员”子政策中的1个

我从所有组织管理员（例如org1和org2）中选择了信封.pb文件。请帮助我。

注意：为此，我使用了fabric-samples第一网络。

编辑：我已经用org1和org2签署了pb文件。我还通过导出以下变量与订购者签署了文件

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin\@example.com/msp/

CORE_PEER_ADDRESS=orderer.example.com:7050

CORE_PEER_LOCALMSPID=OrdererMSP

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt

日志

11-28 09:13:57.207 UTC [policies] Manager -> DEBU cc4 Manager Channel/Orderer looking up path []
2019-11-28 09:13:57.207 UTC [policies] Manager -> DEBU cc5 Manager Channel/Orderer has managers OrdererOrg
2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc6 == Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins ==
2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc7 This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2019-11-28 09:13:57.207 UTC [policies] Evaluate -> DEBU cc8 == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins ==
2019-11-28 09:13:57.207 UTC [cauthdsl] deduplicate -> WARN cc9 De-duplicating identity [OrdererMSP95598fd8d4ea9aa73dad2aee5bc32375d01e3ed9da0a25c2f64ae1067af7ac74] at index 1 in signature set
2019-11-28 09:13:57.207 UTC [cauthdsl] deduplicate -> WARN cca De-duplicating identity [OrdererMSP95598fd8d4ea9aa73dad2aee5bc32375d01e3ed9da0a25c2f64ae1067af7ac74] at index 2 in signature set
2019-11-28 09:13:57.208 UTC [cauthdsl] func1 -> DEBU ccb 0xc000c99ef0 gate 1574932437208001961 evaluation starts
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU ccc 0xc000c99ef0 signed by 0 principal evaluation starts (used [false false false])
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU ccd 0xc000c99ef0 processing identity 0 with bytes of a1f390
2019-11-28 09:13:57.208 UTC [msp] satisfiesPrincipalInternalV143 -> DEBU cce Checking if identity has been named explicitly as an admin for OrdererMSP
2019-11-28 09:13:57.208 UTC [msp] satisfiesPrincipalInternalV143 -> DEBU ccf Checking if identity carries the admin ou for OrdererMSP
2019-11-28 09:13:57.208 UTC [msp] Validate -> DEBU cd0 MSP OrdererMSP validating identity
2019-11-28 09:13:57.208 UTC [msp] getCertificationChain -> DEBU cd1 MSP OrdererMSP getting certification chain
2019-11-28 09:13:57.208 UTC [msp] hasOURole -> DEBU cd2 MSP OrdererMSP checking if the identity is a client
2019-11-28 09:13:57.208 UTC [msp] getCertificationChain -> DEBU cd3 MSP OrdererMSP getting certification chain
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU cd4 0xc000c99ef0 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP]
2019-11-28 09:13:57.208 UTC [cauthdsl] func2 -> DEBU cd5 0xc000c99ef0 principal evaluation fails
2019-11-28 09:13:57.208 UTC [cauthdsl] func1 -> DEBU cd6 0xc000c99ef0 gate 1574932437208001961 evaluation fails
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cd7 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cd8 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 09:13:57.208 UTC [policies] func1 -> DEBU cd9 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ]
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cda Signature set did not satisfy policy /Channel/Orderer/Admins
2019-11-28 09:13:57.208 UTC [policies] Evaluate -> DEBU cdb == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins
2019-11-28 09:13:57.208 UTC [orderer.common.broadcast] ProcessMessage -> WARN cdc [channel: mychannel] Rejecting broadcast of config message from 172.25.0.7:42570 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value]  /Channel/Orderer/BatchTimeout not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
2019-11-28 09:13:57.208 UTC [orderer.common.server] func1 -> DEBU cdd Closing Broadcast stream
2019-11-28 09:13:57.208 UTC [comm.grpc.server] 1 -> INFO cde streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=172.25.0.7:42570 grpc.code=OK grpc.call_duration=1.864323ms
2019-11-28 09:13:57.209 UTC [grpc] warningf -> DEBU cdf transport: http2Server.HandleStreams failed to read frame: read tcp 172.25.0.3:7050->172.25.0.7:42570: read: connection reset by peer
2019-11-28 09:13:57.209 UTC [grpc] infof -> DEBU ce0 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2019-11-28 09:13:57.209 UTC [grpc] infof -> DEBU ce1 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2019-11-28 09:13:57.209 UTC [common.deliver] Handle -> WARN ce2 Error reading from 172.25.0.7:42568: rpc error: code = Canceled desc = context canceled
2019-11-28 09:13:57.209 UTC [orderer.common.server] func1 -> DEBU ce3 Closing Deliver stream
2019-11-28 09:13:57.209 UTC [comm.grpc.server] 1 -> INFO ce4 streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.25.0.7:42568 error="rpc error: code = Canceled desc = context canceled" grpc.code=Canceled grpc.call_duration=4.921585ms

更新的环境

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
    CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
    CORE_PEER_LOCALMSPID=OrdererMSP
    CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
    CORE_PEER_TLS_ENABLED=true
    CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/
    CORE_PEER_ID=cli
    CORE_PEER_ADDRESS=orderer.example.com:7050

小智.. 6

我面临着同样的问题，但是在BatchSize更新上。

您可以在下面看到订购者日志：

2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6e This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6f == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins ==
2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d70 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 1 in signature set
2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d71 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 2 in signature set
2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d72 0xc000453620 gate 1574940522768302200 evaluation starts
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d73 0xc000453620 signed by 0 principal evaluation starts (used [false false false])
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d74 0xc000453620 processing identity 0 with bytes of fd5830
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d75 0xc000453620 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP]
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d76 0xc000453620 principal evaluation fails
2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d77 0xc000453620 gate 1574940522768302200 evaluation fails
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d78 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d79 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 11:28:42.768 UTC [policies] func1 -> DEBU d7a Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ]
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7b Signature set did not satisfy policy /Channel/Orderer/Admins
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7c == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins
2019-11-28 11:28:42.768 UTC [orderer.common.broadcast] ProcessMessage -> WARN d7d [channel: mychannel] Rejecting broadcast of config message from 172.29.0.7:43756 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value]  /Channel/Orderer/BatchSize not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

我试图OrganizationalUnit: ADMIN在crypto-config.yaml文件中添加，以修复- The identity does not contain OU [ADMIN]。OU已添加，但这对我没有帮助。

我还尝试将msp/admincerts订购者签名证书复制到以修复- The identity is not an admin under this MSP [OrdererMSP]，例如 cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_HOME}/msp/admincerts

希望以上步骤对您有所帮助，我仍在调查频道配置更新中的问题。??

我面临着同样的问题，但是在BatchSize更新上。

您可以在下面看到订购者日志：

2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6e This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d6f == Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins ==
2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d70 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 1 in signature set
2019-11-28 11:28:42.768 UTC [cauthdsl] deduplicate -> WARN d71 De-duplicating identity [OrdererMSPde02f61469eb325656c1a87232aeff9f44728b59015fccc5995bd849935812cb] at index 2 in signature set
2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d72 0xc000453620 gate 1574940522768302200 evaluation starts
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d73 0xc000453620 signed by 0 principal evaluation starts (used [false false false])
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d74 0xc000453620 processing identity 0 with bytes of fd5830
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d75 0xc000453620 identity 0 does not satisfy principal: The identity is not an admin under this MSP [OrdererMSP]: The identity does not contain OU [ADMIN], MSP: [OrdererMSP]
2019-11-28 11:28:42.768 UTC [cauthdsl] func2 -> DEBU d76 0xc000453620 principal evaluation fails
2019-11-28 11:28:42.768 UTC [cauthdsl] func1 -> DEBU d77 0xc000453620 gate 1574940522768302200 evaluation fails
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d78 Signature set did not satisfy policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d79 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/OrdererOrg/Admins
2019-11-28 11:28:42.768 UTC [policies] func1 -> DEBU d7a Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ OrdererOrg/Admins ]
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7b Signature set did not satisfy policy /Channel/Orderer/Admins
2019-11-28 11:28:42.768 UTC [policies] Evaluate -> DEBU d7c == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Admins
2019-11-28 11:28:42.768 UTC [orderer.common.broadcast] ProcessMessage -> WARN d7d [channel: mychannel] Rejecting broadcast of config message from 172.29.0.7:43756 because of error: error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value]  /Channel/Orderer/BatchSize not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

我试图OrganizationalUnit: ADMIN在crypto-config.yaml文件中添加，以修复- The identity does not contain OU [ADMIN]。OU已添加，但这对我没有帮助。

我还尝试将msp/admincerts订购者签名证书复制到以修复- The identity is not an admin under this MSP [OrdererMSP]，例如 cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_HOME}/msp/admincerts

希望以上步骤对您有所帮助，我仍在调查频道配置更新中的问题。??