我已经使用BYFN网络设置了一个Fabric网络。
我还通过使用https://hyperledger-fabric.readthedocs.io/en/release-1.1/channel_update_tutorial.html的EYFN教程添加了一个额外的Org3。
现在,我想为Org3单独启动一个CA服务器,因此我将文件 docker-compose-cas-org.yaml 定义为
version: '2'
networks:
byfn:
services:
ca4:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-Org3
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk
ports:
- "10054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org3.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg3
networks:
- byfn
我已将 FABRIC_CA_SERVER_TLS_KEYFIL E替换为Org3的crypto-config中的CA密钥文件
当我使用命令- docker-compose -f docker-compose-cas-org.yaml up 启动ca时,我得到的日志是:
Creating ca_peerOrg3 ... done
Attaching to ca_peerOrg3
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Created default configuration file at /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Server Version: 1.1.0
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] Server Levels: &{Identity:1 Affiliation:1 Certificate:1}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Making server filenames absolute
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:1.1.0 Cfg:{Identities:{AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca-Org3 Keyfile:/etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk Certfile:/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem Chainfile:ca-chain.pem} Signing:0xc4202efa40 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[f27e76c85edd localhost] KeyRequest:<nil> CA:0xc4202c9e60 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.Registrar.DelegateRoles:peer,orderer,client,user hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1 hf.Registrar.Roles:peer,orderer,client,user] }]} Affiliations:map[org2:[department1] org1:[department1 department2]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc4202d5050 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** Profile: Label: CSR:<nil> CAName: AttrReqs:[] }} CRL:{Expiry:24h0m0s}}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Checking configuration file version '1.1.0' against server version: '1.1.0'
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initializing BCCSP: &{ProviderName:SW SwOpts:0xc4202d50b0 PluginOpts:<nil> Pkcs11Opts:<nil>}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 Ephemeral:false FileKeystore:0xc4202fdcf0 DummyKeystore:<nil>}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Initialize key material
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Making CA filenames absolute
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] Root CA certificate request: {CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[f27e76c85edd localhost] KeyRequest:0xc42030c500 CA:0xc4202c9e60 SerialNumber:}
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] generating key: &{A:ecdsa S:256}
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] generate key from request: algo=ecdsa, size=256
ca_peerOrg3 | 2018/08/01 06:27:51 [INFO] encoded CSR
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] validating configuration
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:51 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] signed certificate with serial number 59275873815985971796998828375691992517475407195
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] The CA key and certificate were generated for CA ca-Org3
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] The key was stored by BCCSP provider 'SW'
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] The certificate is at: /etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing DB
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing 'sqlite3' database at '/etc/hyperledger/fabric-ca-server/fabric-ca-server.db'
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Using sqlite database, connect to database in home (/etc/hyperledger/fabric-ca-server/fabric-ca-server.db) directory
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating SQLite database (/etc/hyperledger/fabric-ca-server/fabric-ca-server.db) if it does not exist...
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating users table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating affiliations table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating certificates table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating properties table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully opened sqlite3 DB
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Checking database schema...
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Update SQLite schema, if using outdated schema
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Upgrade identities table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating users table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Upgrade affiliation table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating affiliations table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Upgrade certificates table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Creating certificates table if it does not exist
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing identity registry
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initialized DB identity registry
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Get properties [identity.level affiliation.level certificate.level]
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Checking database levels 'map[affiliation.level:0 certificate.level:0 identity.level:0]' against server levels '&{Identity:1 Affiliation:1 Certificate:1}'
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Loading identity table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Loading identity 'admin'
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Getting identity admin
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Max enrollment value verification - User specified max enrollment: 0, CA max enrollment: -1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add identity admin
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully added identity admin to the database
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Registered identity: { Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:-1 Attrs:map[hf.Registrar.Roles:peer,orderer,client,user hf.Registrar.DelegateRoles:peer,orderer,client,user hf.Revoker:1 hf.IntermediateCA:1 hf.GenCRL:1 hf.Registrar.Attributes:* hf.AffiliationMgr:1] }
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully loaded identity table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Loading affiliations table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org2
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org2' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org2.department1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org2.department1' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org1' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org1.department1
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org1.department1' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] DB: Add affiliation org1.department2
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Affiliation 'org1.department2' added
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Successfully loaded affiliations table
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Checking and performing migration, if needed
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Updating database level to &{Identity:1 Affiliation:1 Certificate:1}
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] Initialized sqlite3 database at /etc/hyperledger/fabric-ca-server/fabric-ca-server.db
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Initializing enrollment signer
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validating configuration
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] validate local profile
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] profile is valid
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] CA initialization successful
ca_peerOrg3 | 2018/08/01 06:27:52 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] 1 CA instance(s) running on server
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] TLS is enabled
ca_peerOrg3 | 2018/08/01 06:27:52 [DEBUG] Closing server DBs
ca_peerOrg3 | Error: File specified by 'tls.keyfile' does not exist: /etc/hyperledger/fabric-ca-server-config/d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk
ca_peerOrg3 exited with code 1
错误提示:错误:“ tls.keyfile”指定的文件不存在:/ etc / hyperledger / fabric-ca-server-config / d86d58e3f0b24d63a18fc22c93f9cdd109afee8543a12e67b232a2fe3548444a_sk ca_peerOrg3退出,代码为1
我不确定这是什么错误,是否错过了某个步骤。
帮助。 谢谢
答案 0 :(得分:0)
弄清楚了。我的docker compose yaml文件中的卷指向错误的crypto-config文件夹位置,对其进行了更改并起作用。
答案 1 :(得分:0)
我也有类似的问题。启动网络后,我的docker ca_peer容器停止了。 就像我为Skadoosh所说的那样,将FABRIC_CA_SERVER_TLS_KEYFILE设置为crypto-config ca文件! 谢谢您的提示!