stackoom
  简体   繁体   中英

Error joining channel from peer: This identity is not an admin

 原文  2019-09-25 14:44:13       hyperledger-fabric/ hyperledger

Question

I know the problem "This identity is not an admin" is widely reported, but this is a specific case. I have read a lot of issues here and at Jira and I see no problem close to mine.

What I am trying to do is to join a channel from a peer in a full custom Hyperledger 1.4 network where I have not used cryptogen. The problem I am getting is exactly this one:

2019-09-25 14:02:43.340 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proposal failed (err: bad proposal response 500: access denied for [JoinChain][global]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]])

I know that I have to use an admin identity to make the channel connection proposal, which I am doing by enrolling as the org admin. Once it is done, I just join the peer (code below). Of course, CORE_PEER_ variables are correctly set and ADMIN_NAME and ADMIN_PASSWORD exist.

# Get admin identity
ORG_ADMIN_HOME=/data/orgs/${ORG}/admin
ORG_ADMIN_CERT=/data/orgs/${ORG}/msp/admincerts/cert.pem
if [[ ! -d ${ORG_ADMIN_HOME} ]]; then
    echo "[INFO] Enrolling admin '${ADMIN_NAME}' with ${CA_NAME} ..."
    export FABRIC_CA_CLIENT_HOME=${ORG_ADMIN_HOME}

    fabric-ca-client enroll -d -u https://${ADMIN_NAME}:${ADMIN_PASSWORD}@${CA_URL}

    mkdir -p $(dirname "${ORG_ADMIN_CERT}")
    cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_CERT}
    mkdir ${ORG_ADMIN_HOME}/msp/admincerts
    cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_HOME}/msp/admincerts
fi
export CORE_PEER_MSPCONFIGPATH=${ORG_ADMIN_HOME}/msp

# Join channel
peer channel join -b ${GENESIS_FILE}

I got the admin identity by register it before this with another script that does the next:

# Enroll CA Admin
export FABRIC_CA_CLIENT_HOME=$HOME/cas/${CA_NAME}
fabric-ca-client enroll -d -u ${ENROLLMENT_URL}

# Register ORG Admin
fabric-ca-client register -d --id.name ${ADMIN_NAME} --id.secret ${ADMIN_PASSWORD} --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"

My question is, if I registered the Org Admin and I am able to enroll as it, why do I get the This identity is not an admin error? Does it have any sense?

Thank you

EDIT: What I am doing right now (It is reduced, not a direct copy of the code, so there are some changes mainly related to paths and folders).

I run a container called register-org that does the following:

# Enroll as CA Admin
fabric-ca-client enroll -d -u ${ENROLLMENT_URL}

# Get CA Certs
fabric-ca-client getcacert -d -u https://${CA_URL} -M ${ORG_MSP_DIR}

# Register Org Admin
fabric-ca-client register -d --id.name ${ADMIN_NAME} --id.secret ${ADMIN_PASSWORD} --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"

# Enroll as Org Admin
fabric-ca-client enroll -d -u https://${ADMIN_NAME}:${ADMIN_PASSWORD}@${CA_URL}

# I download then ${ORG_ADMIN_HOME}/msp/admincerts/cert.pem and save it

The next container is the peer itself, where I do:

# I upload the CERT.PEM file to ${CORE_PEER_MSPCONFIGPATH}/admincerts/cert.pem

# Generate Server TLS Key and Certs
fabric-ca-client enroll -d --enrollment.profile tls -u ${ENROLLMENT_URL} -M /tmp/tls --csr.hosts ${PEER_HOST}

# Generate Client TLS Key and Certificate
fabric-ca-client enroll -d --enrollment.profile tls -u ${ENROLLMENT_URL} -M /tmp/tls --csr.hosts ${PEER_HOST}

# Enroll peer
fabric-ca-client enroll -d -u ${ENROLLMENT_URL} -M ${CORE_PEER_MSPCONFIGPATH}

# Start peer
peer node start

Finally, I run the join-peer-channel container, where I do:

# I upload the CERT.PEM file to ${CORE_PEER_MSPCONFIGPATH}/admincerts/cert.pem

# Enroll as Org Admin
fabric-ca-client enroll -d -u https://${ADMIN_NAME}:${ADMIN_PASS}@${CA_URL}

# Join the channel
peer channel join -b ${GENESIS_FILE}

# AND IT FAILS AGAIN.

1 answers

solution1
 1 ACCPTED  2019-09-27 10:58:28

Are you sure that the admin's certificate is really in the peer's admin folder?

cp ${ORG_ADMIN_HOME}/msp/signcerts/* ${ORG_ADMIN_HOME}/msp/admincerts

Are you doing this inside the peer container/VM?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Admin identity error when joining new peers to a channel channel Got error &{FORBIDDEN} while joining new peer to a channel Could an organization with no peer joining a channel? How to enable discover role when joining a channel from a peer “ Error: proposal failed ” when joining another peer to my channel in Hyperledger Fabric Peer fails to join the channel due to identity problems Recreate channel for orderer from peer channel information hyperledger fabric: “peer” not recognized during channel creation & joining - first network Chaincode Invoke by admin identity not in channel configuration Hyperledger Fabric Peer 2 Peer- error in channel start up
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM