我已经完成测试应用并在Hyperledger Fabric下工作。它运行在安全模式下并使用admin / Xurw3yU9zI0l凭据......这些似乎是默认的并且在某处硬编码。一切正常。我使用fabric-peer和fabric-membersrvc docker(v.0.6)。
存储管理员用户名和密码在哪里(所以我可以在打开Fabric端口之前更改它们并添加新用户)?我无法在用于调出网络结构的任何docker-compose文件和基本子文件中找到它作为参数。任何解释这个的文档以及membersrv(角色,权限)如何工作?感谢您的任何指示。
编辑:
让我在此添加此内容作为参考。这是目前v0.6 docker中示例membersrvc.yaml文件的内容。虽然不是一个完整的文档,但它可以理解这些概念。如果我理解正确,这些数据将被复制到用户注册表中,然后可以根据注释中说明的规则进行编辑(添加用户......)。有关这方面的任何更多信息肯定会有很大帮助! :-):
# Default users to be registered with the CA on first launch. The role is a binary OR
# of the different roles a user can have:
#
# - simple client such as a wallet: CLIENT
# - non-validating peer: PEER
# - validating client: VALIDATOR
# - auditing client: AUDITOR
#
eca:
# This hierarchy is used to create the Pre-key tree, affiliations is the top of this hierarchy, 'banks_and_institutions' is used to create the key associated to auditors of both banks and
# institutions, 'banks' is used to create a key associated to auditors of banks, 'bank_a' is used to create a key associated to auditors of bank_a, etc.
affiliations:
banks_and_institutions:
banks:
- bank_a
- bank_b
- bank_c
institutions:
- institution_a
users:
#
# The fields of each user are as follows:
# <EnrollmentID>: <system_role (1:client, 2: peer, 4: validator, 8: auditor)> <EnrollmentPWD> <Affiliation> <Affiliation_Role> <JSON_Metadata>
#
# The optional JSON_Metadata field is of the following format:
# { "registrar": { "roles": <array-of-role-names>, "delegateRoles": <array-of-role-names> } }
# The 'registrar' section is used to control access to registration of new users directly via the ECAA.RegisterUser GRPC call.
# (See the 'fabric/membersrvc/protos/ca.proto' file for the definition of ECAA.RegisterUser.)
# Note that this also controls who can register users via the client SDK.
#
# Only users with a 'registrar' section may be a registrar to register other users. In particular,
# 1) the "roles" field specifies which member roles may be registered by this user, and
# 2) the "delegateRoles" field specifies which member roles may become the "roles" field of registered users.
# The valid role names are "client", "peer", "validator", and "auditor".
#
# Example1:
# The 'admin' user below can register clients, peers, validators, or auditors; furthermore, the 'admin' user can register other
# users who can then register clients only.
#
# Example2:
# The 'WebAppAdmin' user below can register clients only, but none of the users registered by this user can register other users.
#
admin: 1 Xurw3yU9zI0l institution_a '{"registrar":{"roles":["client","peer","validator","auditor"],"delegateRoles":["client"]}}'
WebAppAdmin: 1 DJY27pEnl16d institution_a '{"registrar":{"roles":["client"]}}'
lukas: 1 NPKYL39uKbkj bank_a
system_chaincode_invoker: 1 DRJ20pEql15a institution_a
diego: 1 DRJ23pEQl16a institution_a
jim: 1 6avZQLwcUe9b bank_a
binhn: 1 7avZQLwcUe9q institution_a
# Users for asset transfer with roles test located at
# sdk/node/test/unit/asset-mgmt-with-roles.js
alice: 1 CMS10pEQlB16 bank_a
bob: 1 NOE63pEQbL25 bank_a
assigner: 1 Tc43PeqBl11 bank_a
vp: 4 f3489fy98ghf
test_vp0: 4 MwYpmSRjupbT
test_vp1: 4 5wgHK9qqYaPy
test_vp2: 4 vQelbRvja7cJ
test_vp3: 4 9LKqKH5peurL
test_vp4: 4 Pqh90CEW5juZ
test_vp5: 4 FfdvDkAdY81P
test_vp6: 4 QiXJgHyV4t7A
test_vp7: 4 twoKZouEyLyB
test_vp8: 4 BxP7QNh778gI
test_vp9: 4 wu3F1EwJWHvQ
# Uncomment this section to activate devnet setup as specficied in
# devnet-setup.md
#
# vp0: 4 vp0_secret
# vp1: 4 vp1_secret
test_user0: 1 MS9qrN8hFjlE bank_a
test_user1: 1 jGlNl6ImkuDo institution_a
test_user2: 1 zMflqOKezFiA bank_c
test_user3: 1 vWdLCE00vJy0 bank_a
test_user4: 1 4nXSrfoYGFCP institution_a
test_user5: 1 yg5DVhm0er1z bank_b
test_user6: 1 b7pmSxzKNFiw bank_a
test_user7: 1 YsWZD4qQmYxo institution_a
test_user8: 1 W8G0usrU7jRk bank_a
test_user9: 1 H80SiB5ODKKQ institution_a
test_nvp0: 2 iywrPBDEPl0K bank_a
test_nvp1: 2 DcYXuRSocuqd institution_a
test_nvp2: 2 flpChShlY7xt bank_c
test_nvp3: 2 jeruawMomclo bank_a
test_nvp4: 2 RMYVxSZCk370 institution_a
test_nvp5: 2 XHYVCIJGZGK7 bank_b
test_nvp6: 2 4cIn63j8ahYp bank_a
test_nvp7: 2 E7FAJUtWVn2h institution_a
test_nvp8: 2 LJu8DkUilBEH bank_a
test_nvp9: 2 VlEsBsiyXSjw institution_a
答案 0 :(得分:3)
要添加其他用户或更改管理员密码,您可以创建自己的membersrvc.yml,并在使用docker启动membersrvc时使用它。
您可以编辑撰写文件以映射本地membersrv.file,例如:
membersrvc:
# try 'docker ps' to see the container status after starting this compose
container_name: membersrvc
image: hyperledger/fabric-membersrvc
command: membersrvc
expose:
- "7054"
ports:
- "7054:7054"
environment:
- MEMBERSRVC_CA_ACA_ENABLED=true
- MEMBERSRVC_CA_TCA_ATTRIBUTE-ENCRYPTION_ENABLED=true
volumes:
- /[path to your membersrvc.yml file]/membersrvc.yaml:/opt/gopath/src/github.com/hyperledger/fabric/membersrvc/membersrvc.yaml
以下是有关CA的文档:http://hyperledger-fabric.readthedocs.io/en/stable/Setup/ca-setup/