我正在尝试向现有的Hyperledger架构网络中添加新的组织。
初始网络是由代表订购者以及Org1和Org2的byfn.sh脚本创建的。
我已在Medium.com上遵循此example来创建更新protobuf文件。按照此示例完成需要configtxgen,cryptogen和configtxlator的所有操作。但是,在执行命令peer channel signconfigtx -f org3_update_in_envelope.pb
时,我想使用Fabric Node SDK进行此操作。
这里需要注意的一点是,如果我从cli容器命令行执行peer channel ...
命令,则通道更新将继续进行,因此我知道org3_update_in_envelope.pb文件没有损坏。
使用此tutorial和此question的一些指导,我有以下代码:
let envelope_pb_file_name = '/tmp/' + json.msp + '_update_in_envelope.pb'; // the pb file we create using command line
let envelope_bytes = fs.readFileSync(envelope_pb_file_name);
if (envelope_bytes === undefined) {
throw new Error(`Could not read the protobuffer file ${envelope_pb_file_name}. Error`);
}
// have the nodeSDK extract out the config update
let config_update = client.extractChannelConfig(envelope_bytes);
let signature = client.signChannelConfig(config_update);
let signatures = [];
signatures.push(signature);
//let orderers = this.loanNetwork.getChannel().getOrderers();
let orderer, ordererName = "orderer.example.com:7050";
const ORDERER_URL = 'grpcs://localhost:7050';
const data = fs.readFileSync(SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem').toString();
orderer = client.newOrderer(ORDERER_URL,
{
'pem': Buffer.from(data).toString(),
'ssl-target-name-override': 'orderer.example.com'
});
let mspId = client.getMspid(); // mspId shows "OrdererMSP" after this call is executed
const keyPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/keystore';
let keyFile, keyFileAry = fs.readdirSync(keyPath).filter(fn => fn.endsWith('_sk'));
for (let f of keyFileAry) {
keyFile = f;
break;
}
keyFile = path.join(keyPath,keyFile);
const keyPEM = fs.readFileSync(keyFile).toString();
const certPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/signcerts';
let certFile, certFileAry = fs.readdirSync(certPath).filter(fn => fn.endsWith('.pem'));
for (let f of certFileAry) {
certFile = f;
break;
}
certFile = path.join(certPath,certFile);
const certPEM = fs.readFileSync(certFile).toString();
client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP");
if (orderer === undefined) {
throw new Error(`Could not find an orderer associated with channel ${orgJSON.channel}. Error.`)
}
let tx_id = client.newTransactionID();
let request = {
config: config_update, //the binary config
// envelope: envelope_bytes,
signatures: signatures, // the collected signatures
name: orgJSON.channel, // the channel name
orderer: orderer, //the orderer from above
txId: tx_id //the generated transaction id
};
let addOrgResult = await client.updateChannel(request);
addOrgResult变量显示以下错误:
info: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
status: FORBIDDEN
订购者日志显示此:
2020-01-17 21:49:21.620 UTC [cauthdsl] deduplicate -> ERRO 057 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 058 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 059 Principal deserialization failure (MSP is unknown) for identity 0
2020-01-17 21:49:21.621 UTC [orderer.common.broadcast] ProcessMessage -> WARN 05a [channel: mychannel] Rejecting broadcast of config message from 192.168.208.1:56556 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
[通过Nikhil Gupta对此question的有用回复,看来此错误是由于
策略警告前的错误,ERRO 021负责人标识0的反序列化失败(MSP SampleOrg未知),表示与参数一起作为参数传递的MSP ID订购服务无法识别该请求。这可能是将错误的MSP ID传递给命令的结果。此错误也可能表示您的组织尚未加入托管的财团通过订购服务系统渠道。如果您要更新应用程序渠道,如果您的组织是还不是您要更新的频道的成员。
但是,由于使用[email protected] identity
连接到网络(Gateway.connect),所以我不确定如何继续。此外,在进行更新之前,我还要致电client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP");
。
任何帮助将不胜感激。谢谢。
用于更新频道的默认策略需要多数,这意味着您需要Org1管理员和Org2管理员的签名,然后Org1或Org2才能将实际的配置更新发送给订购者。
这意味着您需要运行
let config_update = client.extractChannelConfig(envelope_bytes);
let signature = client.signChannelConfig(config_update);
let signatures = [];
signatures.push(signature);
同时作为Org1管理员和Org2管理员。
然后您可以以Org1管理员或Org2管理员(但不能以Orderer管理员的身份)将交易提交给订购者。