Apache kafka &引用;主体反序列化失败“;尝试在我的空白hyperledger网络上注册新频道时
我正在尝试使用单个组织设置基于卡夫卡的hyperledger配置 我有一个工作的docker网络,允许容器通信。卡夫卡/动物园管理员的设置似乎也运行良好;orderer记录并识别所有四个kafka节点。我遇到的问题发生在尝试在空白设置上创建新频道时 我运行以引导网络的命令有:Apache kafka &引用;主体反序列化失败“;尝试在我的空白hyperledger网络上注册新频道时,apache-kafka,docker-compose,hyperledger-fabric,Apache Kafka,Docker Compose,Hyperledger Fabric,我正在尝试使用单个组织设置基于卡夫卡的hyperledger配置 我有一个工作的docker网络,允许容器通信。卡夫卡/动物园管理员的设置似乎也运行良好;orderer记录并识别所有四个kafka节点。我遇到的问题发生在尝试在空白设置上创建新频道时 我运行以引导网络的命令有: cryptogen generate --config=crypto-config.yaml configtxgen -profile MyFakeOrgGenesis -outputBlock ./channel-ar
cryptogen generate --config=crypto-config.yaml
configtxgen -profile MyFakeOrgGenesis -outputBlock ./channel-artifacts/genesis.block
configtxgen -profile Channel1 -outputCreateChannelTx ./channel-artifacts/channel1.tx -channelID channel1
configtxgen -profile Channel2 -outputCreateChannelTx ./channel-artifacts/channel2.tx -channelID channel2
# has to be done to update the CA certificate filename
SK_FILE=$(basename $(ls ./crypto-config/peerOrganizations/myfakeorg.si/ca/*_sk))
sed -i "s#FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/.*#FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/$SK_FILE#" dockers/docker-compose.yml
docker-compose -f dockers/kafka-compose.yml up -d
docker-compose -f dockers/docker-compose.yml up -d
peer channel create -o orderer.myfakeorg.si:7050 channel1 -f /etc/hyperledger/channel-artifacts/channel1.tx --cafile $PWD/crypto/ordererOrganizations/myfakeorg.si/msp/tlscacerts/tlsca.myfakeorg.si-cert.pem -c channel1
2018-05-03 12:34:56.518 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-05-03 12:34:56.518 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-05-03 12:34:56.529 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-05-03 12:34:56.529 UTC [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP
2018-05-03 12:34:56.531 UTC [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity
2018-05-03 12:34:56.532 UTC [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP
2018-05-03 12:34:56.532 UTC [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity
2018-05-03 12:34:56.532 UTC [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AFE050A084C756369734D535012F105...0A0E47445052436F6E736F727469756D
2018-05-03 12:34:56.533 UTC [msp/identity] Sign -> DEBU 009 Sign: digest: CBAC9B6A3A06426802DFB81D1196DCF28534A52BA369095151BE6DB954A6A7E3
2018-05-03 12:34:56.534 UTC [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP
2018-05-03 12:34:56.534 UTC [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity
2018-05-03 12:34:56.534 UTC [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP
2018-05-03 12:34:56.534 UTC [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity
2018-05-03 12:34:56.535 UTC [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AB4060A1408021A0608F083ACD70522...C96F9F62C4F53749F47ECFC3A16F88F4
2018-05-03 12:34:56.535 UTC [msp/identity] Sign -> DEBU 00f Sign: digest: 388F95E877FB3442AA20001CC212777DB2BC38F70799B9D463C19488B64C2B77
Error: got unexpected status: BAD_REQUEST -- error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 158 Manager Channel looking up path []
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 159 Manager Channel has managers Application
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15a Manager Channel has managers Orderer
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15b Manager Channel looking up path [Application]
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15c Manager Channel has managers Application
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15d Manager Channel has managers Orderer
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15e Manager Channel/Application looking up path []
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15f Manager Channel/Application has managers MyFakeOrg
2018-05-03 11:56:41.344 UTC [policies] Evaluate -> DEBU 160 == Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy ==
2018-05-03 11:56:41.345 UTC [policies] Evaluate -> DEBU 161 This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2018-05-03 11:56:41.345 UTC [policies] Evaluate -> DEBU 162 == Evaluating *cauthdsl.policy Policy /Channel/Application/MyFakeOrg/Admins ==
2018-05-03 11:56:41.345 UTC [msp] DeserializeIdentity -> INFO 163 Obtaining identity
2018-05-03 11:56:41.345 UTC [msp/identity] newIdentity -> DEBU 164 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICADCCAaegAwIBAgIQH+Mp3PmmcdYcZoN8XriCajAKBggqhkjOPQQDAjBjMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzERMA8GA1UEChMIbHVjaXMuc2kxFDASBgNVBAMTC2NhLmx1Y2lzLnNp
MB4XDTE4MDUwMzExNTAzMVoXDTI4MDQzMDExNTAzMVowUzELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFzAV
BgNVBAMMDkFkbWluQGx1Y2lzLnNpMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
LsW17T+/PpQgw18Ay1AvP7UAzgq69Sy7wb1GenjldLY9Hl8t7MhsIFBbLFkKmFNt
C46y7GzQxE8i+0MmLEHQ4qNNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQC
MAAwKwYDVR0jBCQwIoAgMvtJKVZDbuxG0YsjgcPEL/VcD9eFFsHjZ00YvQ/r7ccw
CgYIKoZIzj0EAwIDRwAwRAIgBz1Sy+XFOqO7jv9qUh6q8KPkHnmtNu3Ru2E3sMHG
rGoCIHm9wfwK5jm2bsZUvYNvV0Skch2swe7Fc+EBlwQsVbKR
-----END CERTIFICATE-----
2018-05-03 11:56:41.346 UTC [cauthdsl] deduplicate -> ERRO 165 Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.myfakeorg.si")) for identity 0a084c756369734d535012f1052d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d49494341444343416165674177494241674951482b4d7033506d6d636459635a6f4e3858726943616a414b42676771686b6a4f50515144416a426a4d5173770a435159445651514745774a56557a45544d4245474131554543424d4b5132467361575a76636d3570595445574d4251474131554542784d4e5532467549455a790a5957356a61584e6a627a45524d4138474131554543684d496248566a61584d7563326b784644415342674e5642414d5443324e684c6d783159326c7a4c6e4e700a4d423458445445344d4455774d7a45784e54417a4d566f58445449344d44517a4d4445784e54417a4d566f77557a454c4d416b474131554542684d4356564d780a457a415242674e5642416754436b4e6862476c6d62334a7561574578466a415542674e564241635444564e6862694247636d467559326c7a59323878467a41560a42674e5642414d4d446b466b62576c755147783159326c7a4c6e4e704d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741450a4c73573137542b2f507051677731384179314176503755417a6771363953793777623147656e6a6c644c5939486c3874374d6873494642624c466b4b6d464e740a4334367937477a51784538692b304d6d4c45485134714e4e4d45737744675944565230504151482f42415144416765414d41774741315564457745422f7751430a4d4141774b7759445652306a42435177496f41674d76744a4b565a44627578473059736a676350454c2f5663443965464673486a5a30305976512f72376363770a436759494b6f5a497a6a3045417749445277417752414967427a3153792b58464f714f376a76397155683671384b506b486e6d744e75335275324533734d48470a72476f4349486d397766774b356a6d3262735a5576594e765630536b6368327377653746632b45426c77517356624b520a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a
2018-05-03 11:56:41.346 UTC [cauthdsl] func1 -> DEBU 166 0xc42000ee48 gate 1525348601346256695 evaluation starts
2018-05-03 11:56:41.346 UTC [cauthdsl] func2 -> DEBU 167 0xc42000ee48 signed by 0 principal evaluation starts (used [false])
2018-05-03 11:56:41.346 UTC [cauthdsl] func2 -> DEBU 168 0xc42000ee48 principal evaluation fails
2018-05-03 11:56:41.346 UTC [cauthdsl] func1 -> DEBU 169 0xc42000ee48 gate 1525348601346256695 evaluation fails
2018-05-03 11:56:41.346 UTC [policies] Evaluate -> DEBU 16a Signature set did not satisfy policy /Channel/Application/MyFakeOrg/Admins
2018-05-03 11:56:41.346 UTC [policies] Evaluate -> DEBU 16b == Done Evaluating *cauthdsl.policy Policy /Channel/Application/MyFakeOrg/Admins
2018-05-03 11:56:41.346 UTC [policies] func1 -> DEBU 16c Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ MyFakeOrg.Admins ]
2018-05-03 11:56:41.347 UTC [policies] Evaluate -> DEBU 16d Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
2018-05-03 11:56:41.347 UTC [policies] Evaluate -> DEBU 16e == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
MyFakeOrgGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *MyFakeOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
ABCDConsortium:
Organizations:
- *MyFakeOrg
Channel1:
Consortium: ABCDConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *MyFakeOrg
Channel2:
Consortium: ABCDConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *MyFakeOrg
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &MyFakeOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: MyFakeOrg
# ID to load the MSP definition as
ID: MyFakeOrgMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/myfakeorg.si/msp
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: kafka
Addresses:
- orderer.myfakeorg.si:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 4s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 1000
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 4096 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
- kafka3:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
- *MyFakeOrg
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
#
# Copyright IBM Corp All Rights Reserved
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
default:
external:
name: hledger-myfakeorg
services:
ca.myfakeorg.si:
image: hyperledger/fabric-ca:x86_64-1.1.0
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.myfakeorg.si
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.myfakeorg.si-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/32fb492956436eec46d18b2381c3c42ff55c0fd78516c1e3674d18bd0febedc7_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./../crypto-config/peerOrganizations/myfakeorg.si/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.myfakeorg.si
networks:
- default
orderer.myfakeorg.si:
container_name: orderer.myfakeorg.si
image: hyperledger/fabric-orderer:x86_64-1.1.0
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=MyFakeOrgMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 7050:7050
volumes:
- ./../channel-artifacts/:/etc/hyperledger/configtx
- ./../crypto-config/ordererOrganizations/myfakeorg.si/orderers/orderer.myfakeorg.si/:/etc/hyperledger/msp/orderer
- ./../crypto-config/peerOrganizations/myfakeorg.si/peers/peer0.myfakeorg.si/:/etc/hyperledger/msp/peer0
networks:
- default
peer0.myfakeorg.si:
container_name: peer0.myfakeorg.si
image: hyperledger/fabric-peer:x86_64-1.1.0
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.myfakeorg.si
- CORE_LOGGING_PEER=debug
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_PEER_LOCALMSPID=MyFakeOrgMSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_PEER_ADDRESS=peer0.myfakeorg.si:7051
# # the following setting starts chaincode containers on the same
# # bridge network as the peers
# # https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_default
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
# The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
# provide the credentials for ledger to connect to CouchDB. The username and password must
# match the username and password set for the associated CouchDB.
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
volumes:
- /var/run/:/host/var/run/
- ./../crypto-config/peerOrganizations/myfakeorg.si/peers/peer0.myfakeorg.si/msp:/etc/hyperledger/msp/peer
- ./../crypto-config/peerOrganizations/myfakeorg.si/users:/etc/hyperledger/msp/users
- ./../channel-artifacts/:/etc/hyperledger/configtx
depends_on:
- orderer.myfakeorg.si
- couchdb
networks:
- default
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb:x86_64-0.4.7
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=
- COUCHDB_PASSWORD=
ports:
- 5984:5984
networks:
- default
cli:
container_name: cli
image: hyperledger/fabric-tools:x86_64-1.1.0
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.myfakeorg.si:7051
- CORE_PEER_LOCALMSPID=MyFakeOrgMSP
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/myfakeorg.si/users/Admin@myfakeorg.si/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../../chaincode/:/opt/gopath/src/github.com/
- ./../crypto-config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./../channel-artifacts:/etc/hyperledger/channel-artifacts
networks:
- default
#depends_on:
# - orderer.myfakeorg.si
# - peer0.myfakeorg.si
# - couchdb
version: '2'
networks:
default:
external:
name: hledger-myfakeorg
services:
zookeeper0:
extends:
file: kafka-compose-base.yml
service: zookeeper
container_name: zookeeper0
environment:
- ZOO_MY_ID=1
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
networks:
- default
zookeeper1:
extends:
file: kafka-compose-base.yml
service: zookeeper
container_name: zookeeper1
environment:
- ZOO_MY_ID=2
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
networks:
- default
zookeeper2:
extends:
file: kafka-compose-base.yml
service: zookeeper
container_name: zookeeper2
environment:
- ZOO_MY_ID=3
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
networks:
- default
kafka0:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka0
environment:
- KAFKA_BROKER_ID=0
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
kafka1:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka1
environment:
- KAFKA_BROKER_ID=1
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
kafka2:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka2
environment:
- KAFKA_BROKER_ID=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
kafka3:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka3
environment:
- KAFKA_BROKER_ID=3
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
version: '2'
services:
zookeeper:
image: hyperledger/fabric-zookeeper
ports:
- 2181
- 2888
- 3888
kafka:
image: hyperledger/fabric-kafka
environment:
- KAFKA_LOG_RETENTION_MS=-1
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
- KAFKA_DEFAULT_REPLICATION_FACTOR=2
- KAFKA_MIN_INSYNC_REPLICAS=2
ports:
- 9092
#
# Copyright IBM Corp All Rights Reserved
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
default:
external:
name: hledger-myfakeorg
services:
ca.myfakeorg.si:
image: hyperledger/fabric-ca:x86_64-1.1.0
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.myfakeorg.si
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.myfakeorg.si-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/32fb492956436eec46d18b2381c3c42ff55c0fd78516c1e3674d18bd0febedc7_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./../crypto-config/peerOrganizations/myfakeorg.si/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.myfakeorg.si
networks:
- default
orderer.myfakeorg.si:
container_name: orderer.myfakeorg.si
image: hyperledger/fabric-orderer:x86_64-1.1.0
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=MyFakeOrgMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 7050:7050
volumes:
- ./../channel-artifacts/:/etc/hyperledger/configtx
- ./../crypto-config/ordererOrganizations/myfakeorg.si/orderers/orderer.myfakeorg.si/:/etc/hyperledger/msp/orderer
- ./../crypto-config/peerOrganizations/myfakeorg.si/peers/peer0.myfakeorg.si/:/etc/hyperledger/msp/peer0
networks:
- default
peer0.myfakeorg.si:
container_name: peer0.myfakeorg.si
image: hyperledger/fabric-peer:x86_64-1.1.0
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.myfakeorg.si
- CORE_LOGGING_PEER=debug
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_PEER_LOCALMSPID=MyFakeOrgMSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_PEER_ADDRESS=peer0.myfakeorg.si:7051
# # the following setting starts chaincode containers on the same
# # bridge network as the peers
# # https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_default
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
# The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
# provide the credentials for ledger to connect to CouchDB. The username and password must
# match the username and password set for the associated CouchDB.
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
volumes:
- /var/run/:/host/var/run/
- ./../crypto-config/peerOrganizations/myfakeorg.si/peers/peer0.myfakeorg.si/msp:/etc/hyperledger/msp/peer
- ./../crypto-config/peerOrganizations/myfakeorg.si/users:/etc/hyperledger/msp/users
- ./../channel-artifacts/:/etc/hyperledger/configtx
depends_on:
- orderer.myfakeorg.si
- couchdb
networks:
- default
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb:x86_64-0.4.7
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=
- COUCHDB_PASSWORD=
ports:
- 5984:5984
networks:
- default
cli:
container_name: cli
image: hyperledger/fabric-tools:x86_64-1.1.0
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.myfakeorg.si:7051
- CORE_PEER_LOCALMSPID=MyFakeOrgMSP
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/myfakeorg.si/users/Admin@myfakeorg.si/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../../chaincode/:/opt/gopath/src/github.com/
- ./../crypto-config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./../channel-artifacts:/etc/hyperledger/channel-artifacts
networks:
- default
#depends_on:
# - orderer.myfakeorg.si
# - peer0.myfakeorg.si
# - couchdb
version: '2'
networks:
default:
external:
name: hledger-myfakeorg
services:
zookeeper0:
extends:
file: kafka-compose-base.yml
service: zookeeper
container_name: zookeeper0
environment:
- ZOO_MY_ID=1
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
networks:
- default
zookeeper1:
extends:
file: kafka-compose-base.yml
service: zookeeper
container_name: zookeeper1
environment:
- ZOO_MY_ID=2
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
networks:
- default
zookeeper2:
extends:
file: kafka-compose-base.yml
service: zookeeper
container_name: zookeeper2
environment:
- ZOO_MY_ID=3
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
networks:
- default
kafka0:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka0
environment:
- KAFKA_BROKER_ID=0
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
kafka1:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka1
environment:
- KAFKA_BROKER_ID=1
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
kafka2:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka2
environment:
- KAFKA_BROKER_ID=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
kafka3:
extends:
file: kafka-compose-base.yml
service: kafka
container_name: kafka3
environment:
- KAFKA_BROKER_ID=3
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- default
- 只有一个“组织”,或者更确切地说,对等方和订购方组织是同一个组织(加密材料似乎仍然生成了两次)
- 没有为频道声明锚节点。据我所知,这个特性是为跨组织的交流而设计的,在这种情况下这是不必要的
非常感谢您的帮助。您的管理员证书存在一些问题,因为在解码证书时,您用于创建频道的管理员证书显然是由其他CA(CA.lucis.si,lucis.si)签名的订购服务和其他组件不知道,因此它抛出错误,称证书由未知机构签名。由于通道创建是通过一个系统链码通过交易完成的,因此交易提交者的身份将被验证,身份证书应由注册的证书颁发机构签署,并且在您的情况下,您提供的证书由未注册的证书颁发机构颁发/签署。这就是为什么你不能真正创建一个频道
您可以使用联机解码器(如)对任何pem编码的证书进行解码,以查看谁签署了此证书。只要将您的pem编码证书粘贴到那里,您就会看到签名信息,确认您的网络不知道颁发者ca,从而导致频道创建失败。这实际上是正确的域名,但是,我只是在配置文件中替换了我的公司名,以免不必要地公开它。所以ca的docker主机名实际上应该是ca.lucis.si。然而,据我所知,我应该将公共组件(用于在CA容器上签名的密钥)添加到所有容器上的已接受根CA?