如何使用docker-compose启动中间ca?

前端之家收集整理的这篇文章主要介绍了如何使用docker-compose启动中间ca?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我遵循的步骤:

1)用1-ca(即root ca),1-orderer,1-peer和1-couchdb启动织物

2)我将shell附加到ca是root,并将2个命令激活到
    注册中间ca.

  fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
  fabric-ca-client register --id.name ica --id.attrs '"hf.Registrar.Roles=user,peer",hf.Revoker=true,hf.IntermediateCA=true' --id.secret icapw

3)我按如下方式启动了ca1容​​器:

services:
  ca1.example.com:
    image: hyperledger/fabric-ca:x86_64-1.1.0
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_PORT=8054
      - FABRIC_CA_SERVER_CA_NAME=ca1.example.com
    ports:
      - "8054:8054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -u http://ica:icapw@ca.example.com:7054'
    container_name: ca1.example.com
    networks:
      - basic

但它总是创建默认证书,所以我从容器中删除所有,然后再次启动命令,当我尝试使用该中间ca注册管理员时,它会给我以下错误

signed certificate with serial number 619423114660023963149266564884451731119475746692
ca1.example.com    | 2018/09/20 06:38:53 [INFO] 127.0.0.1:47144 POST /enroll 500 0 "Certificate signing failure: Failed to insert record intodatabase: attempt to write a readonly database"

我不确定我遵循的流程.所以建议我遵循的确切步骤,如果步骤正确,那么这个错误的原因.

我按照文档:https://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.htm

最佳答案
假设你有一个Root Fabric-CA(让我们称之为RCA)服务器启动并运行.

根据我的理解,您正在尝试启动一个中间结构-CA服务器,该服务器将附加到上面的RCA.

我尝试的是以下内容.

version: '2'
networks:  fabric-ca:

services:

ica:
container_name: ica
image: hyperledger/fabric-ca
command: /bin/bash -c '/scripts/start-intermediate-ca.sh 2>&1 | tee /data/logs/ica.log'
environment:
  - FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca
  - FABRIC_CA_SERVER_CA_NAME=ica
  - FABRIC_CA_SERVER_INTERMEDIATE_TLS_CERTFILES=/data/rca-ca-cert.pem
  - FABRIC_CA_SERVER_CSR_HOSTS=ica
  - FABRIC_CA_SERVER_TLS_ENABLED=true
  - FABRIC_CA_SERVER_DEBUG=true
  - BOOTSTRAP_USER_PASS=ica-admin:ica-adminpw
  - PARENT_URL=https://rca-admin:rca-adminpw@rca:7054
  - TARGET_CHAINFILE=/data/ica-ca-chain.pem
volumes:
  - ./data:/data
  - ./scripts:/scripts
  - ./data/fabric_ca_test/ica:/etc/hyperledger/fabric-ca
networks:
  - fabric-ca
ports:
  - 10.10.10.101:7055:7054

请注意脚本start-intermediate-ca.sh的使用

#!/bin/bash
#
set -e

# Initialize the intermediate CA
fabric-ca-server init -b $BOOTSTRAP_USER_PASS -u $PARENT_URL

# Copy the intermediate CA's certificate chain to the data directory to be used by others
cp $FABRIC_CA_SERVER_HOME/ca-chain.pem $TARGET_CHAINFILE

# Start the intermediate CA
fabric-ca-server start --config $FABRIC_CA_SERVER_HOME/fabric-ca-server-config.yaml

这也可以在Hyperledger Fabric示例中提供的示例中获得.
Fabric CA Samples in fabric-samples github Repository

通过它.它是一个全面的例子.

你应该能够调整一下来处理你的场景.

猜你在找的Docker相关文章