我遵循的步骤:
1)用1-ca(即root ca),1-orderer,1-peer和1-couchdb启动织物
2)我将shell附加到ca是root,并将2个命令激活到
注册中间ca.
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name ica --id.attrs '"hf.Registrar.Roles=user,peer",hf.Revoker=true,hf.IntermediateCA=true' --id.secret icapw
3)我按如下方式启动了ca1容器:
services:
ca1.example.com:
image: hyperledger/fabric-ca:x86_64-1.1.0
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_PORT=8054
- FABRIC_CA_SERVER_CA_NAME=ca1.example.com
ports:
- "8054:8054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -u http://ica:icapw@ca.example.com:7054'
container_name: ca1.example.com
networks:
- basic
但它总是创建默认证书,所以我从容器中删除所有,然后再次启动命令,当我尝试使用该中间ca注册管理员时,它会给我以下错误:
signed certificate with serial number 619423114660023963149266564884451731119475746692
ca1.example.com | 2018/09/20 06:38:53 [INFO] 127.0.0.1:47144 POST /enroll 500 0 "Certificate signing failure: Failed to insert record intodatabase: attempt to write a readonly database"
我不确定我遵循的流程.所以建议我遵循的确切步骤,如果步骤正确,那么这个错误的原因.
我按照文档:https://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.htm
最佳答案
假设你有一个Root Fabric-CA(让我们称之为RCA)服务器启动并运行.
根据我的理解,您正在尝试启动一个中间结构-CA服务器,该服务器将附加到上面的RCA.
我尝试的是以下内容.
version: '2'
networks: fabric-ca:
services:
ica:
container_name: ica
image: hyperledger/fabric-ca
command: /bin/bash -c '/scripts/start-intermediate-ca.sh 2>&1 | tee /data/logs/ica.log'
environment:
- FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca
- FABRIC_CA_SERVER_CA_NAME=ica
- FABRIC_CA_SERVER_INTERMEDIATE_TLS_CERTFILES=/data/rca-ca-cert.pem
- FABRIC_CA_SERVER_CSR_HOSTS=ica
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_DEBUG=true
- BOOTSTRAP_USER_PASS=ica-admin:ica-adminpw
- PARENT_URL=https://rca-admin:rca-adminpw@rca:7054
- TARGET_CHAINFILE=/data/ica-ca-chain.pem
volumes:
- ./data:/data
- ./scripts:/scripts
- ./data/fabric_ca_test/ica:/etc/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 10.10.10.101:7055:7054
请注意脚本start-intermediate-ca.sh的使用
#!/bin/bash
#
set -e
# Initialize the intermediate CA
fabric-ca-server init -b $BOOTSTRAP_USER_PASS -u $PARENT_URL
# Copy the intermediate CA's certificate chain to the data directory to be used by others
cp $FABRIC_CA_SERVER_HOME/ca-chain.pem $TARGET_CHAINFILE
# Start the intermediate CA
fabric-ca-server start --config $FABRIC_CA_SERVER_HOME/fabric-ca-server-config.yaml
这也可以在Hyperledger Fabric示例中提供的示例中获得.
Fabric CA Samples in fabric-samples github Repository
通过它.它是一个全面的例子.
你应该能够调整一下来处理你的场景.