Hyperledger Fabric-通过添加新的组织来更新通道配置

我正在尝试向现有的Hyperledger架构网络中添加新的组织。

初始网络是由代表订购者以及Org1和Org2的byfn.sh脚本创建的。

我已在Medium.com上遵循此example来创建更新protobuf文件。按照此示例完成需要configtxgen，cryptogen和configtxlator的所有操作。但是，在执行命令peer channel signconfigtx -f org3_update_in_envelope.pb时，我想使用Fabric Node SDK进行此操作。

这里需要注意的一点是，如果我从cli容器命令行执行peer channel ...命令，则通道更新将继续进行，因此我知道org3_update_in_envelope.pb文件没有损坏。

使用此tutorial和此question的一些指导，我有以下代码：

 let envelope_pb_file_name = '/tmp/' + json.msp + '_update_in_envelope.pb'; // the pb file we create using command line
        let envelope_bytes = fs.readFileSync(envelope_pb_file_name);

        if (envelope_bytes === undefined) {
            throw new Error(`Could not read the protobuffer file ${envelope_pb_file_name}. Error`);
        }
        // have the nodeSDK extract out the config update
        let config_update = client.extractChannelConfig(envelope_bytes);
        let signature = client.signChannelConfig(config_update);
        let signatures = [];
        signatures.push(signature);
        //let orderers = this.loanNetwork.getChannel().getOrderers();
        let orderer, ordererName = "orderer.example.com:7050";
        const ORDERER_URL = 'grpcs://localhost:7050';
        const data = fs.readFileSync(SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem').toString();

            orderer = client.newOrderer(ORDERER_URL,
            {
                'pem': Buffer.from(data).toString(),
                'ssl-target-name-override': 'orderer.example.com'
            });

        let mspId = client.getMspid(); // mspId shows "OrdererMSP" after this call is executed

        const keyPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/keystore';
        let keyFile, keyFileAry = fs.readdirSync(keyPath).filter(fn => fn.endsWith('_sk'));

        for (let f of keyFileAry) {
            keyFile = f;
            break;

        }

        keyFile = path.join(keyPath,keyFile);
        const keyPEM = fs.readFileSync(keyFile).toString();

        const certPath = SyndLoanConfig.chainconfig.networkpath + '/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/signcerts';
        let certFile, certFileAry = fs.readdirSync(certPath).filter(fn => fn.endsWith('.pem'));

        for (let f of certFileAry) {
            certFile = f;
            break;

        }
        certFile = path.join(certPath,certFile);
        const certPEM = fs.readFileSync(certFile).toString();

        client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP");

        if (orderer === undefined) {
            throw new Error(`Could not find an orderer associated with channel ${orgJSON.channel}. Error.`)
        }

        let tx_id = client.newTransactionID();
        let request = {
            config: config_update, //the binary config
            // envelope: envelope_bytes,
            signatures: signatures, // the collected signatures
            name: orgJSON.channel, // the channel name
            orderer: orderer, //the orderer from above
            txId: tx_id //the generated transaction id
        };

        let addOrgResult = await client.updateChannel(request);

addOrgResult变量显示以下错误：

info: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied     
status: FORBIDDEN

订购者日志显示此：

2020-01-17 21:49:21.620 UTC [cauthdsl] deduplicate -> ERRO 057 Principal deserialization failure (MSP  is unknown) for identity 0
 2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 058 Principal deserialization failure (MSP  is unknown) for identity 0
 2020-01-17 21:49:21.621 UTC [cauthdsl] deduplicate -> ERRO 059 Principal deserialization failure (MSP  is unknown) for identity 0
 2020-01-17 21:49:21.621 UTC [orderer.common.broadcast] ProcessMessage -> WARN 05a [channel: mychannel] Rejecting broadcast of config message from 192.168.208.1:56556 because of error: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied

[通过Nikhil Gupta对此question的有用回复，看来此错误是由于

策略警告前的错误，ERRO 021负责人标识0的反序列化失败（MSP SampleOrg未知），表示与参数一起作为参数传递的MSP ID订购服务无法识别该请求。这可能是将错误的MSP ID传递给命令的结果。此错误也可能表示您的组织尚未加入托管的财团通过订购服务系统渠道。如果您要更新应用程序渠道，如果您的组织是还不是您要更新的频道的成员。

但是，由于使用[email protected] identity连接到网络（Gateway.connect），所以我不确定如何继续。此外，在进行更新之前，我还要致电client.setAdminSigningIdentity(keyPEM, certPEM, "OrdererMSP");。

任何帮助将不胜感激。谢谢。