我正在尝试向对等组织 Org1MSP 添加新组织。我修改了 msp 目录中存在的 config.yaml 文件。文件修改后内容如下:
OrganizationalUnitIdentifiers:
- Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: TEST
修改后,我生成了genesis.block和channel.tx。我正在使用 docker 来引导我的网络。问题是当我引导网络时,排序者抛出错误并退出。 orderer的日志如下所示:
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] satisfiesPrincipalInternalPreV13 -> DEBU 05b Checking if identity satisfies role [CLIENT] for Org1MSP
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] Validate -> DEBU 05c MSP Org1MSP validating identity
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05d MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05e MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.704 UTC [msp] getCertificationChain -> DEBU 05f MSP Org1MSP getting certification chain
orderer.example.com | 2018-10-24 22:00:45.705 UTC [orderer/commmon/multichannel] newLedgerResources -> PANI 060 Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid: The identity is not valid under this MSP [Org1MSP]: could not validate identity's OUs: none of the identity's organizational units [[0xc4204e9ad0]] are in MSP Org1MSP
orderer.example.com | panic: Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid: The identity is not valid under this MSP [Org1MSP]: could not validate identity's OUs: none of the identity's organizational units [[0xc4204e9ad0]] are in MSP Org1MSP
orderer.example.com |
orderer.example.com | goroutine 1 [running]:
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc4200f0630, 0x0, 0x0, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:229 +0x4f4
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc42017a1e0, 0x4, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1, 0x0, 0x0, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0xf6
orderer.example.com | github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(0xc42017a1e0, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159 +0x79
orderer.example.com | github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(0xc42017a1e8, 0xe14c6d, 0x27, 0xc4204af958, 0x1, 0x1)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/common/flogging/zap.go:74 +0x60
orderer.example.com | github.com/hyperledger/fabric/orderer/common/multichannel.(*Registrar).newLedgerResources(0xc4202725a0, 0xc420178e60, 0xc420178e60)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/multichannel/registrar.go:256 +0x2ea
orderer.example.com | github.com/hyperledger/fabric/orderer/common/multichannel.NewRegistrar(0xea36a0, 0xc42000c3a0, 0xc4202567b0, 0xe9b060, 0x15a78b0, 0xc42017a2f0, 0x1, 0x1, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/multichannel/registrar.go:142 +0x312
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.initializeMultichannelRegistrar(0xc420100580, 0xe9b060, 0x15a78b0, 0xc42017a2f0, 0x1, 0x1, 0x0)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:258 +0x250
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.Start(0xdf7a5a, 0x5, 0xc420100580)
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:96 +0x226
orderer.example.com | github.com/hyperledger/fabric/orderer/common/server.Main()
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:75 +0x1d6
orderer.example.com | main.main()
orderer.example.com | /opt/gopath/src/github.com/hyperledger/fabric/orderer/main.go:15 +0x20
orderer.example.com exited with code 2
我正在使用 Hyperledger Fabric v1.3
完整的日志可以在这里找到:https://hastebin.com/ujiluvupox.php
如果您有任何建议,请告诉我。 任何帮助/评论将不胜感激。
最佳答案
编辑您的config.yaml MSP 中的文件要求 cacerts/ca.org1.example.com-cert.pem 颁发的所有证书有OU TEST .
如果您使用以下内容检查 MSP 目录中的管理证书:
openssl x509 -noout -text -in msp/admincerts/Admin\@org1.example.com-cert.pem | grep OU
您应该能够看到您的证书的 OU。最有可能的是,您的管理证书没有设置此 OU,因此它不会被视为由您的 MSP 有效颁发(因此,在 Bootstrap 上设置 MSP 时出错)。
如果您使用cryptogen引导您的网络,那么你应该编辑你的 crypto-config.yaml文件。在您的组织下,添加 CA元素,带有 OrganizationalUnit: <YOUR_OU>子元素。例如:
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
CA:
OrganizationalUnit: TEST
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
我还要注意,如果您使用 cryptogen为了引导您的环境,那么很可能需要 MSP 内的 OU config.yaml文件是不必要的。当尝试与现有组织的 CA 服务器集成时,从 CA 获取特定 OU 是最有用的,该服务器可能会出于其他目的颁发证书,但并非所有这些证书都应适用于 Fabric。
关于hyperledger-fabric - 在对等组织中实现组织单位标识符会导致订购者 panic 并退出,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52982952/