为什么deliverBlocks会因策略评估错误而失败? [英] Why deliverBlocks fail with policy evaluation error?

问题描述

我正在基于2.0快照运行光纤网络，订购者拒绝了带有禁止错误的块.
知道配置有什么问题吗?

I'm running a fabric network based on the 2.0 snapshot, The orderer rejects the blocks with a forbidden error.
Any idea what is wrong in the configuration?

Organizations:
    - &orderer
        Name: orderer
        ID: orderer
        MSPDir: crypto-config/ordererOrganizations/example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: OR('orderer.member')
            Writers:
                Type: Signature
                Rule: OR('orderer.member')
            Admins:
                Type: Signature
                Rule: OR('orderer.admin')


    - &partya
        Name: partya
        ID: partya
        MSPDir: crypto-config/peerOrganizations/partya.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: OR('partya.admin', 'partya.peer', 'partya.client')
            Writers:
                Type: Signature
                Rule: OR('partya.admin', 'partya.client')
            Admins:
                Type: Signature
                Rule: OR('partya.admin')
        AnchorPeers:
            - Host: partya
              Port: 7051

    - &partyb
        Name: partyb
        ID: partyb
        MSPDir: crypto-config/peerOrganizations/partyb.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: OR('partyb.admin', 'partyb.peer', 'partyb.client')
            Writers:
                Type: Signature
                Rule: OR('partyb.admin', 'partyb.client')
            Admins:
                Type: Signature
                Rule: OR('partyb.admin')
        AnchorPeers:
            - Host: partyb
              Port: 7051

    - &partyc
        Name: partyc
        ID: partyc
        MSPDir: crypto-config/peerOrganizations/partyc.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: OR('partyc.admin', 'partyc.peer', 'partyc.client')
            Writers:
                Type: Signature
                Rule: OR('partyc.admin', 'partyc.client')
            Admins:
                Type: Signature
                Rule: OR('partyc.admin')
        AnchorPeers:
            - Host: partyc
              Port: 7051

Capabilities:
    Channel: &ChannelCapabilities
        V2_0: true
    Orderer: &OrdererCapabilities
        V1_1: true

Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: ANY Readers
        Writers:
            Type: ImplicitMeta
            Rule: ANY Writers
        Admins:
            Type: ImplicitMeta
            Rule: MAJORITY Admins

Orderer: &OrdererDefaults
    OrdererType: solo
    Capabilities:
        V1_1: true
    Addresses:
        - owneraorderer:7050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 99 MB
        PreferredMaxBytes: 512 KB
    Policies:
        Readers:
          Type: ImplicitMeta
          Rule: ANY Readers
        Writers:
          Type: ImplicitMeta
          Rule: ANY Writers
        Admins:
          Type: ImplicitMeta
          Rule: MAJORITY Admins
        BlockValidation:
            Type: ImplicitMeta
            Rule: ANY Writers
    Organizations:

Application: &ApplicationDefaults
    Capabilities:
        V2_0: true
    Policies:
        Readers:
          Type: ImplicitMeta
          Rule: ANY Readers
        Writers:
          Type: ImplicitMeta
          Rule: ANY Writers
        Admins:
          Type: ImplicitMeta
          Rule: MAJORITY Admins
    Organizations:

Profiles:
    OwneraNetGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *orderer
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *partya
                    - *partyb
                    - *partyc
    OwneraChannel:
        <<: *ChannelDefaults
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *partya
                - *partyb
                - *partyc

建立网络时出现以下错误:

owneraorderer | 2019-04-03 08:18:51.595 UTC [common.deliver] deliverBlocks -> WARN 10242 [channel: identities] Client authorization revoked for deliver request from 172.18.0.2:46308: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
partyc       | 2019-04-03 08:18:51.597 UTC [blocksProvider] DeliverBlocks -> ERRO 2a1 [identities] Got error &{FORBIDDEN}

推荐答案

对我来说，它是通过创建config.yaml文件来解决的，例如:

for me it was solved by creating config.yaml files like the example:

./crypto-config/peerOrganizations/org1.example.com/msp/config.yaml./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/config.yaml./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml./crypto-config/peerOrganizations/org2.example.com/msp/config.yaml./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/config.yaml

./crypto-config/peerOrganizations/org1.example.com/msp/config.yaml ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/config.yaml ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml ./crypto-config/peerOrganizations/org2.example.com/msp/config.yaml ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/config.yaml

这篇关于为什么deliverBlocks会因策略评估错误而失败?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！