Hyperledger-Composer:获取“访问被拒绝" ping网络管理卡时 [英] Hyperledger-Composer: Getting "access denied" when pinging network admin card
问题描述
我在Hyperledger Fabric上使用Hyperledger Composer部署 .bna 文件.当为不同的组织创建 networkAdmin 卡时,就会出现问题,它们无法访问网络.
Im using Hyperledger Composer over Hyperledger Fabric to deploy a .bna file. The problem comes when creating networkAdmin cards for the different organizations, they are not able to access the network.
项目结构如下:
- 组织:
- exporter01,具有一个对等方和一个CA
- maritimeAgency01,具有一个对等方和一个CA
- terminal01,有一个对等方和一个CA
- 具有一个对等方和一个CA的terrestrialTransport01
- Organizations:
- exporter01 with one peer and one CA
- maritimeAgency01 with one peer and one CA
- terminal01 with one peer and one CA
- terrestrialTransport01 with one peer and one CA
解决此问题的步骤如下:
The steps towards the problem are as follows:
- 使用/msp/keystore/下的admin 证书和 privateKey 文件创建 PeerAdmin 卡组织
- 使用 PeerAdmin 卡为每个组织对等方使用
composer network install ...
安装网络归档文件. - 在
composer network start ...
命令上指定的每个networkAdmin的请求身份(每个组织一个) - 使用
为所有对等点启动网络composer network start \ --card PeerAdmin@$NETWORK_NAME-exporter01 \ --networkName $NETWORK_NAME \ --networkVersion $NETWORK_VERSION \ -o endorsementPolicyFile=./endorsement-policy.json \ -A exporter01 \ -C $TMP_BASEDIR/exporter01/admin-pub.pem \ -A maritimeAgency01 \ -C $TMP_BASEDIR/maritimeAgency01/admin-pub.pem \ -A terminal01 \ -C $TMP_BASEDIR/terminal01/admin-pub.pem \ -A terrestrialTransport01 \ -C $TMP_BASEDIR/terrestrialTransport01/admin-pub.pem
- Create the PeerAdmin card using the admin certificate and privateKey files under /msp/keystore/ for every organization
- Installed the network archive using
composer network install ...
for every organization peer using the PeerAdmin card - Requested identities for every networkAdmin specified on the
composer network start ...
command (one for every org) - Started the network for all peers using
composer network start \ --card PeerAdmin@$NETWORK_NAME-exporter01 \ --networkName $NETWORK_NAME \ --networkVersion $NETWORK_VERSION \ -o endorsementPolicyFile=./endorsement-policy.json \ -A exporter01 \ -C $TMP_BASEDIR/exporter01/admin-pub.pem \ -A maritimeAgency01 \ -C $TMP_BASEDIR/maritimeAgency01/admin-pub.pem \ -A terminal01 \ -C $TMP_BASEDIR/terminal01/admin-pub.pem \ -A terrestrialTransport01 \ -C $TMP_BASEDIR/terrestrialTransport01/admin-pub.pem
问题
将
composer card create ...
与以下内容一起使用Problem
After using
composer card create ...
with the following- connectionProfile.json (用于创建 PeerAdmin 卡的相同文件)
- 用户:与
composer network start ...
中的 - 证书:与
composer network start ...
中的 - privateKey:与
composer identity request ...
生成的证书相对应
-A
标志相同-C
标志相同- connectionProfile.json (the same used to create the PeerAdmin card)
- user: the same as the
-A
flag in thecomposer network start ...
- certificate: the same as the
-C
flag in thecomposer network start ...
- privateKey: the corresponding to the certificate generated by
composer identity request ...
并用
composer card import ...
导入卡已成功导入. 但是在使用composer network ping -c <created networkAdmin card>
时命令失败,并显示以下消息And importing it with
composer card import ...
the card is successfully imported. But when usingcomposer network ping -c <created networkAdmin card>
the command fails with the following messageError: Error trying to ping. Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Exporter01MSP]
任何想法为什么会发生这种情况? 谢谢!
Any ideas why could this be happening? Thanks!
推荐答案
两周后发现错误.在社区登录.
这是Hyperledger-Fabric配置错误.
After two weeks found the error. Logging it here for the community.
It was a Hyperledger-Fabric configuration error.
使用多个CA(每个组织一个)时,必须将证书作为env变量添加到订购者docker容器中,否则这些CA颁发的任何身份将无法连接.
When using multiple CA's (one for each org) you must add the certificates to the orderer docker container as an env variable
ORDERER_GENERAL_TLS_ROOTCAS
or any identity issued by those CA's won't be able to connect.在以下 fabric-sample Repo 第55行.不要忘记链接这些卷(第63-64行).
Found the solution in the following fabric-sample Repo line 55. Don't forget to link the volumes (lines 63-64).
这篇关于Hyperledger-Composer:获取“访问被拒绝" ping网络管理卡时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!