0

我已经使用 BYFN 网络设置了 Fabric 网络。

我还通过使用https://hyperledger-fabric.readthedocs.io/en/release-1.1/channel_update_tutorial.html的 EYFN 教程添加了一个额外的 Org3

现在我想为 Org3 单独启动一个 CA 服务器,所以我将文件docker-compose-cas-org.yaml 定义

version: '2'

networks:
  byfn:
services:
  ca4:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-Org3
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk
    ports:
      - "10054:7054"
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk -b admin:adminpw -d'
    volumes:
      - ./crypto-config/peerOrganizations/org3.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca_peerOrg3
    networks:
      - byfn

我已将FABRIC_CA_SERVER_TLS_KEYFIL E 替换为 Org3 的 crypto-config 中的 CA 密钥文件

当我使用命令启动 ca 时 - docker-compose -f docker-compose-cas-org.yaml up我得到日志说:

Creating ca_peerOrg3 ... done
Attaching to ca_peerOrg3
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Created default configuration file at /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Server Version: 1.1.0
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Making server filenames absolute
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-Org3 Keyfile:/etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem Chainfile:ca-chain.pem} Signing:0xc4202efa40 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[f27e76c85edd localhost] KeyRequest:<nil> CA:0xc4202c9e60 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.DelegateRoles:peer,orderer,client,user hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1 hf.Registrar.Roles:peer,orderer,client,user]  }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }}  } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }}  } CSP:0xc4202d5050 Client:<nil> Intermediate:{ParentServer:{ URL: CAName:  } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** Profile: Label: CSR:<nil> CAName: AttrReqs:[]  }} CRL:{Expiry:24h0m0s}}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Checking configuration file version '1.1.0' against server version: '1.1.0'
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc4202d50b0 PluginOpts:<nil> Pkcs11Opts:<nil>}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc4202fdcf0 DummyKeystore:<nil>}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initialize key material
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Making CA filenames absolute
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Root CA certificate request: {CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[f27e76c85edd localhost] KeyRequest:0xc42030c500 CA:0xc4202c9e60 SerialNumber:}
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] generating key: &{A:ecdsa S:256}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] generate key from request: algo=ecdsa, size=256
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] encoded CSR
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] validating configuration
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] signed certificate with serial number 59275873815985971796998828375691992517475407195
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] The CA key and certificate were generated for CA ca-Org3
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] The key was stored by BCCSP provider 'SW'
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] The certificate is at: /etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing DB
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing 'sqlite3' database at '/etc/hyperledger/fabric-ca-server/fabric-ca-server.db'
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Using sqlite database, connect to database in home (/etc/hyperledger/fabric-ca-server/fabric-ca-server.db) directory
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating SQLite database (/etc/hyperledger/fabric-ca-server/fabric-ca-server.db) if it does not exist...
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating users table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating affiliations table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating certificates table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating properties table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully opened sqlite3 DB
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Checking database schema...
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Update SQLite schema, if using outdated schema
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Upgrade identities table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating users table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Upgrade affiliation table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating affiliations table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Upgrade certificates table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating certificates table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing identity registry
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initialized DB identity registry
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Get properties [identity.level affiliation.level certificate.level]
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Checking database levels 'map[affiliation.level:0 certificate.level:0 identity.level:0]' against server levels '&{Identity:1 Affiliation:1 Certificate:1}'
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Loading identity table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Loading identity 'admin'
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Getting identity admin
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Max enrollment value verification - User specified max enrollment: 0, CA max enrollment: -1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add identity admin
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully added identity admin to the database
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Registered identity: { Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:-1 Attrs:map[hf.Registrar.Roles:peer,orderer,client,user hf.Registrar.DelegateRoles:peer,orderer,client,user hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1]  }
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully loaded identity table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Loading affiliations table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org2
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org2' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org2.department1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org2.department1' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org1' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org1.department1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org1.department1' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org1.department2
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org1.department2' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully loaded affiliations table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Checking and performing migration, if needed
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Updating database level to &{Identity:1 Affiliation:1 Certificate:1}
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] Initialized sqlite3 database at /etc/hyperledger/fabric-ca-server/fabric-ca-server.db
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing enrollment signer
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validating configuration
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] CA initialization successful
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] 1 CA instance(s) running on server
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] TLS is enabled
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Closing server DBs
ca_peerOrg3 | Error: File specified by 'tls.keyfile' does not exist: /etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk
ca_peerOrg3 exited with code 1

错误说:错误:'tls.keyfile'指定的文件不存在:/etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk ca_peerOrg3 exited with code 1

我不确定这里的错误是什么,我错过了一步还是什么。

帮助 。谢谢

4

2 回答 2

0

弄清楚了 。我的 docker compose yaml 文件中的卷指向了错误的 crypto-config 文件夹位置,更改了它并且它工作了。

于 2018-08-02T04:37:32.283 回答
0

我有一个类似的问题。启动网络后,我的 docker ca_peer 容器停止了。正如 Skadoosh 提到的,刚刚为我将 FABRIC_CA_SERVER_TLS_KEYFILE 设置为 crypto-config ca 文件!谢谢你的提示!

于 2018-08-28T09:09:44.313 回答