Re: problem creating channel: 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies


Nikhil Gupta
 

Hi Anoop,

Seems like there is a problem with your crypto config, and the node OU's are not quite right.


Nik



-----fabric@... wrote: -----
To: fabric@...
From: "Anoop Vijayan"
Sent by: fabric@...
Date: 12/13/2019 06:21AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] problem creating channel: 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies

Hello guys,
  Are there any updates on this?
In my case, I was trying to modify: BatchSize.value.max_message_count

  I tried adding the OU to crypto-config.yaml and ran `./byfn generate`.
This brought, 
```
        Issuer: C = US, ST = California, L = San Francisco, O = example.com, OU = admin, CN = ca.example.com
        Subject: C = US, ST = California, L = San Francisco, OU = admin + OU = client, CN = Admin@...
```
However, when I ran `./byfn up`, the end-to-end script fails with channel creation.
```
Build your first network (BYFN) end-to-end test
 
Channel name : mychannel
+ peer channel create -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
Creating channel...
+ res=1
+ set +x
2019-12-13 10:48:39.024 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied
!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
========= ERROR !!! FAILED to execute End-2-End Scenario ===========
 
ERROR !!!! Test failed
```
Orderer logs:
```
2019-12-13 11:16:51.438 UTC [cauthdsl] func2 -> DEBU 44e 0xc0009731a0 identity 0 does not satisfy principal: could not validate identity's OUs: the identity must be a client, a peer, an orderer or an admin identity to be valid, not a combination of them. OUs: [[0xc000a01020 0xc000a01050]], MSP: [OrdererMSP]
2019-12-13 11:16:51.438 UTC [cauthdsl] func2 -> DEBU 44f 0xc0009731a0 principal evaluation fails
```

Anyone can reproduce this problem with `.first-network/byfn.sh`. I have nothing special here :)
Is there a proper procedure for this at all? Or am I looking at a wrong place?

Thanks,
 - Anoop

Join fabric@lists.hyperledger.org to automatically receive all group messages.