如何解决在 Hyperledger Fabric v1.4 上为所有组织使用 1 个中央证书颁发机构需要什么?
基于 Hyperldeger Fabric 创建了一个网络,其中有:1 个 orderer、1 个 ca、1 个 couchdb、1 个 cli、1 个 peer
之后,添加了一个新组织,其中包含:1 个 peer、1 个 couchdb 和 1 个 cli
直到这个阶段没有错误。所有的容器都在运行。然后是注册 ca 管理员。还是没有问题。管理员连接没有问题。我想为新组织创建管理员。
enrollandregisterNewAdmin.js
const gateway = new Gateway();
await gateway.connect(ccpPath,{ wallet,identity: 'admin',discovery: { enabled: true,asLocalhost: true } });
const ca = gateway.getClient().getCertificateAuthority();
const adminIdentity = gateway.getCurrentIdentity();
const secret = await ca.register({
affiliation: 'org1.department1',enrollmentID: 'adminOrg3',role: 'client',attrs: [ {"name": "hf.Registrar.Roles","value": "client"},{"name": "hf.Registrar.DelegateRoles",{"name": "hf.Revoker","value": "true"},{"name": "hf.IntermediateCA",{"name": "hf.GenCRL",{"name": "hf.AffiliationMgr",{"name": "hf.Registrar.Attributes","value": "hf.Registrar.Roles,hf.Registrar.DelegateRoles,hf.Revoker,hf.IntermediateCA,hf.GenCRL,hf.Registrar.Attributes,hf.AffiliationMgr"} ] },adminIdentity);
const enrollment = await ca.enroll({ enrollmentID: 'adminOrg3',enrollmentSecret: secret});
const userIdentity = X509WalletMixin.createIdentity('Org3MSP',enrollment.certificate,enrollment.key.toBytes());
await wallet.import('adminOrg3',userIdentity);
最后,'adminOrg3' 的证书没有错误地导入到钱包中。但是当我尝试使用“adminOrg3”调用/查询时。我收到此错误:
[Channel.js]:Channel:byfn 收到发现错误:访问被拒绝 [Channel.js]:错误:Channel:byfn 发现错误:访问被拒绝 错误:[网络]:_initializeInternalChannel:无法初始化通道。尝试联系 1 个对等点。最后一个错误是错误:频道:byfn 发现错误:拒绝访问
当钱包存在于之前的部署中时,这是一个常见错误。但是每次网络重启都会删除钱包。
docker 日志 peer0.org3.example.com
2021-02-22 10:21:09.588 UTC [cauthdsl] deduplicate -> ERRO 082 Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority) for identity 0
我的新组织配置文件 docker-compose-org3.yaml
version: '2'
volumes:
peer0.org3.example.com:
networks:
byfn:
services:
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base/peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_ADDRESS=peer0.org3.example.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:11051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org3.example.com:/var/hyperledger/production
ports:
- 11051:11051
networks:
- byfn
Org3cli:
container_name: Org3cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=Org3cli
- CORE_PEER_ADDRESS=peer0.org3.example.com:11051
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./org3-artifacts/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./crypto-config/peerOrganizations/org1.example.com:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com
-./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
depends_on:
- peer0.org3.example.com
networks:
- byfn
在同一隶属关系下是否可以存在不同的 MSP?
是否需要对配置文件进行任何更改?
解决方法
只是为了澄清一些事情......
- 在尝试与新组织用户建立联系之前,您是否在频道中添加了新组织?
- 您是否在 docker 容器中运行对等节点并使用卷进行对等文件系统映射? - 可能会发生peer仍然加载旧频道的内容...
-茨维坦
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。