1.各個環節使用msp的類型
configtx.yaml建立創始區塊使用的是組織的msp
例: example.com/msp
orderer啟動 orderer.yaml使用的是orderer節點的msp
例:example.com/orderers/orderer.example.com/msp/
peer啟動 core.yaml使用的是peer節點的msp
例: org1.example.com/peers/peer0.org1.example.com/msp
peer指令建立應用通道,打包鍊碼,安裝鍊碼,審議鍊碼,送出鍊碼使用的是使用者admin的msp
例: org1.example.com/users/[email protected]/msp
注意CORE_PEER_MSPCONFIGPATH就是設定peer或admin的msp變量,在啟動peer或已管理者身份執行peer指令時,務必注意不能用錯。一般peer node start時,不要指定此變量,會重寫core.yaml中的值
2.org1.example.com(組織)目錄下以下四個檔案内容相同
users/[email protected]/msp/signcerts/[email protected] 根本來源,以下四個全複制此出處users/[email protected]/msp/admincerts/[email protected] [email protected](admin,client)的管理者證書
msp/admincerts/[email protected] Org1組織的管理者證書
peers/peer0.org1.example.com/msp/admincerts/[email protected] peer0節點的管理者證書
3.approveformyorg鍊碼時報錯Error: timed out waiting for txid on all peers
主要是peer和orderer通信不暢導緻,作者犯錯是因為configtx.yaml中Organizations.OrdererOrg.OrdererEndpoints位址寫錯了
4.常見錯誤首先找的幾點
常見錯誤主要檢查configtx.yaml
1.政策中設定
2.組織名大小寫
3.組織名群組織ID用混
5.安裝并送出後的鍊碼容器無法啟動
以下情況是,已經安裝好運作完畢,但又重置了資料後報錯。删除鍊碼鏡像依然不起作用,但重新開機伺服器後,症狀消失。
Error: could not assemble transaction: proposal response was not successful, error code 500, msg error in simulation: failed to execute transaction 6754c2559d6d803c1787d8a8c158b29c9d0aff5c0520c4d07689c0211155dcfc: could not launch chaincode sacc_1:b33357c4012471d8bd96ba48fd2a12ada5fedfbfd6d623590295778500a0368d: error starting container: error starting container: API error (403): endpoint with name dev1-peer0.org1.example.com-sacc_1-b33357c4012471d8bd96ba48fd2a12ada5fedfbfd6d623590295778500a0368d already exists in network host
6.CORE_PEER_TLS_ROOTCERT_FILE
以下路徑均可用,是TLS的根證書,且以下檔案中内容完全相同
${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/cacerts/0-0-0-0-7055.pem # Fabric CA server 簽發的msp時生成的
${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt #組織的tls根證書
${PWD}/../organizations/peerOrganizations/org1.example.com/users/[email protected]/tls/ca.crt #cryptogen 工具生成的msp中包含的
7.如何檢視鍊碼中的log輸出
1. docker ps 找到對應鍊碼版本的容器ID
2. docker logs -f 容器ID
8.鍊碼PackageID
同樣鍊碼,鍊碼中任何變化(包括注釋,或多一個空格)都會形成不同的PackageID,但在不同的peer上有不同的PackageID值并不影響鍊碼審議和送出。
9.鍊碼更新版本
在鍊碼更新時,如果舊版本審議時有參數--init-required,則新版本的鍊碼審議時--init-required也必須要有,否則審議通不過
10.啟動多排序節點時orderer無法啟動
報錯
panic: field raftpb.Message.type has invalid type: got raftpb.MessageType, want pointer
更換go版本到1.14.6以上,并重新編譯生成peer order等指令
11.query查詢連碼,應是查本地peer的資料,不會向orderer請求(猜測)
peer chaincode query -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc -c '{"Args":["query","a"]}'
#此處-o orderer.example.com:7050沒有任何意義,應直接寫
peer chaincode query --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc -c '{"Args":["query","a"]}'
12 報錯Error: error getting endorser client for channel: endorser client failed to connect to peer0.org1.example.com:7051: failed to create new connection: context deadline exceeded
在于使用Fabric ca client時,沒有加參數--csr.hosts peer0.org1.example.com
13 報錯Got error while attempting to receive blocks: received bad status FORBIDDEN from orderer channel=channel1 orderer-address=orderer.example.com:7050
需要在加密素材的所有msp中加上config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
14 檢視證書資訊
openssl x509 -in cert.pem -noout -text
15 failed to create channel context: failed to get client context to create channel client: user not found
對于完全有Fabric CA生成的加密素材組成的MSP,在Go SDK時需要在配置檔案中加上users,其中的Admin及User1就是SDK中需要的user
organizations:
# Org1:
Org1MSP:
mspid: Org1MSP
# This org's MSP store (absolute path or relative to client.cryptoconfig)
# cryptoPath: peerOrganizations/org1.example.com/users/[email protected]/msp
cryptoPath: ../organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
peers:
- peer0.org1.example.com
users:
Admin:
cert:
path: ../organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/signcerts/cert.pem
User1:
cert:
path: ../organizations/peerOrganizations/org1.example.com/users/user3/msp/signcerts/cert.pem
OrdererOrg:
# Membership Service Provider ID for this organization
mspID: OrdererMSP
# Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode)
# cryptoPath: ordererOrganizations/example.com/users/{username}@example.com/msp
cryptoPath: ../organizations/ordererOrganizations/example.com/users/admin1/msp/
users:
Admin:
cert:
path: ../organizations/ordererOrganizations/example.com/users/admin1/msp/signcerts/cert.pem
16.在更新鍊碼的第一步,打包鍊碼時label是否需要修改
最好修改,因為即便不修改也可以安裝成功,但會出現無法區分的情況如下
[email protected]:~/work/example/peer$ peer lifecycle chaincode queryinstalled
Installed chaincodes on peer:
Package ID: test3:b9efba86a3cdffd5677d562e626de525ae71b740e5b84e3cd66b119860b2cc6e, Label: test3
Package ID: test3:91b5357c7086eab253be5fbf775c4dace42603d5d568f7401f934b7c28266e25, Label: test3
![Hyperledger Fabric(術語表)[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)