Re: problem creating channel: 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies
|
Nikhil Gupta
Hi Anoop, Seems like there is a problem with your crypto config, and the node OU's are not quite right. See this example: https://github.com/hyperledger/fabric-samples/blob/master/test-network/organizations/cryptogen/crypto-config-org2.yaml Nik -----fabric@... wrote: ----- To: fabric@... From: "Anoop Vijayan" Sent by: fabric@... Date: 12/13/2019 06:21AM Subject: [EXTERNAL] Re: [Hyperledger Fabric] problem creating channel: 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies Hello guys, Are there any updates on this? In my case, I was trying to modify: BatchSize.value.max_message_count I tried adding the OU to crypto-config.yaml and ran `./byfn generate`. This brought, ``` openssl x509 -in crypto-config/ordererOrganizations/example.com/users/Admin@.../msp/signcerts/Admin@example.com-cert.pem -text|grep OU Issuer: C = US, ST = California, L = San Francisco, O = example.com, OU = admin, CN = ca.example.com Subject: C = US, ST = California, L = San Francisco, OU = admin + OU = client, CN = Admin@... ``` However, when I ran `./byfn up`, the end-to-end script fails with channel creation. ``` Build your first network (BYFN) end-to-end test Channel name : mychannel + peer channel create -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem Creating channel... + res=1 + set +x 2019-12-13 10:48:39.024 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized Error: got unexpected status: FORBIDDEN -- implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied: permission denied !!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!! ========= ERROR !!! FAILED to execute End-2-End Scenario =========== ERROR !!!! Test failed ``` Orderer logs: ``` 2019-12-13 11:16:51.438 UTC [cauthdsl] func2 -> DEBU 44e 0xc0009731a0 identity 0 does not satisfy principal: could not validate identity's OUs: the identity must be a client, a peer, an orderer or an admin identity to be valid, not a combination of them. OUs: [[0xc000a01020 0xc000a01050]], MSP: [OrdererMSP] 2019-12-13 11:16:51.438 UTC [cauthdsl] func2 -> DEBU 44f 0xc0009731a0 principal evaluation fails ``` Anyone can reproduce this problem with `.first-network/byfn.sh`. I have nothing special here :) Is there a proper procedure for this at all? Or am I looking at a wrong place? Thanks, - Anoop
|
|
|