Hyperledger fabric peer 更新失败:签名集不满足策略
Hyperledger fabric peer update failed: signature set did not satisfy policy
我的 HLF 网络有两个组织(每个组织一个对等体)和 3 个订单类型为 raft 的订单节点。对于第一个加入的组织和同行,更新工作没有任何问题,但对于第二个组织,我在同行更新中遇到了一些麻烦
这是我用于对等更新的命令
peer channel update \
-o orderer1.base.order:7050 \
-c basechannel \
-f ./channel-artifacts/BaseRightOrg.tx \
--tls \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/orderers/orderer1.base.order/msp/tlscacerts/tlsca.base.order-cert.pem
我收到的错误是
Error: got unexpected status: BAD_REQUEST -- error applying config
update to existing channel 'basechannel': error authorizing update:
error validating DeltaSet: policy for [Group]
/Channel/Application/RightOrgMSP not satisfied: signature set did not
satisfy policy
这是上述组织
的configtx部分
- &Org2
Name: RightOrgMSP
ID: RightOrgMSP
MSPDir: crypto-config/peerOrganizations/base.right/msp
Policies:
Readers:
Type: Signature
Rule: "OR('RightOrgMSP.admin', 'RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('RightOrgMSP.admin','RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('LeftOrgMSP.admin','RightOrgMSP.peer')"
Endorsement:
Type: Signature
Rule: "OR('RightOrgMSP.peer')"
AnchorPeers:
- Host: peer1.base.right
Port: 9051
cafile
/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/orderers/orderer1.base.order/msp/tlscacerts/tlsca.base.order-cert.pem
在上一行更改证书位置和密钥。
在组织下的 configtx 中,您应该只指定该组织的管理员,而不是两者。
&Org2
Name: RightOrgMSP
ID: RightOrgMSP
MSPDir: crypto-config/peerOrganizations/base.right/msp
Policies:
Readers:
Type: Signature
Rule: "OR('RightOrgMSP.admin', 'RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('RightOrgMSP.admin','RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('RightOrgMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('RightOrgMSP.peer')"
AnchorPeers:
- Host: peer1.base.right
Port: 9051
虽然检查您的频道应用政策部分,但问题不在于此,如果是管理员下的多数管理员,则此频道更新必须由两个组织签署。一旦被所有在这种情况下占多数的交易签名,您的更新将起作用。
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
如果您仍然无法执行,请分享您的完整配置。
文件 (./channel-artifacts/BaseRightOrg.tx) 应由属于频道的组织的 all/majority 管理员按顺序签名(即一个接一个的相同文件)。那么只有更新才会成功。
尝试对通道的每个节点使用以下命令:
对端通道signconfigtx -f ./channel-artifacts/BaseRightOrg.tx
签名后,您可以更新频道。
我的 HLF 网络有两个组织(每个组织一个对等体)和 3 个订单类型为 raft 的订单节点。对于第一个加入的组织和同行,更新工作没有任何问题,但对于第二个组织,我在同行更新中遇到了一些麻烦
这是我用于对等更新的命令
peer channel update \
-o orderer1.base.order:7050 \
-c basechannel \
-f ./channel-artifacts/BaseRightOrg.tx \
--tls \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/orderers/orderer1.base.order/msp/tlscacerts/tlsca.base.order-cert.pem
我收到的错误是
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'basechannel': error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application/RightOrgMSP not satisfied: signature set did not satisfy policy
这是上述组织
的configtx部分
- &Org2
Name: RightOrgMSP
ID: RightOrgMSP
MSPDir: crypto-config/peerOrganizations/base.right/msp
Policies:
Readers:
Type: Signature
Rule: "OR('RightOrgMSP.admin', 'RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('RightOrgMSP.admin','RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('LeftOrgMSP.admin','RightOrgMSP.peer')"
Endorsement:
Type: Signature
Rule: "OR('RightOrgMSP.peer')"
AnchorPeers:
- Host: peer1.base.right
Port: 9051
cafile
/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/orderers/orderer1.base.order/msp/tlscacerts/tlsca.base.order-cert.pem
在上一行更改证书位置和密钥。
在组织下的 configtx 中,您应该只指定该组织的管理员,而不是两者。
&Org2
Name: RightOrgMSP
ID: RightOrgMSP
MSPDir: crypto-config/peerOrganizations/base.right/msp
Policies:
Readers:
Type: Signature
Rule: "OR('RightOrgMSP.admin', 'RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('RightOrgMSP.admin','RightOrgMSP.peer', 'RightOrgMSP.client','RightOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('RightOrgMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('RightOrgMSP.peer')"
AnchorPeers:
- Host: peer1.base.right
Port: 9051
虽然检查您的频道应用政策部分,但问题不在于此,如果是管理员下的多数管理员,则此频道更新必须由两个组织签署。一旦被所有在这种情况下占多数的交易签名,您的更新将起作用。
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
如果您仍然无法执行,请分享您的完整配置。
文件 (./channel-artifacts/BaseRightOrg.tx) 应由属于频道的组织的 all/majority 管理员按顺序签名(即一个接一个的相同文件)。那么只有更新才会成功。
尝试对通道的每个节点使用以下命令:
对端通道signconfigtx -f ./channel-artifacts/BaseRightOrg.tx
签名后,您可以更新频道。