Warm tip: This article is reproduced from serverfault.com, please click
hyperledger hyperledger-fabric

How to change affiliation name on ca-server HLF?

发布于 2020-12-16 11:56:29

Based on Hyperledger Fabric First Network (v1.4) i changed names to peers, Orgs, CAs etc. There is no problem on the containers or to generate certificates the channel works fine.

# ca's docker-compose.yaml
ca.NewOrg:
  image: hyperledger/fabric-ca:$IMAGE_TAG
  environment:
    - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
    - FABRIC_CA_SERVER_CA_NAME=ca-NewOrg
    - FABRIC_CA_SERVER_TLS_ENABLED=true
    - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.NewOrg.example.com-cert.pem
    - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${byfn_CA1_PRIVATE_KEY}
    - FABRIC_CA_SERVER_PORT=7054
  ports:
    - "7054:7054"
  command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.NewOrg.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${byfn_CA1_PRIVATE_KEY} -b NewOrg:NewOrgpw -d'
  volumes:
    - ./crypto-config/peerOrganizations/NewOrg.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca_peerNewOrg

The admin is register fined. but i cannot enroll the users. I am using node sdk to enroll them.

const secret = await ca.register({ affiliation: orgname.toLowerCase() +'.department1', enrollmentID: username, role: 'client' }, adminIdentity);

but if i replace orgname.toLowerCase() +'.department1' to org1.department1 is enrolled

However, is needed to use the new organizations names and not org1, org2 etc.

Finally this is a part of

docker logs ca_peerNewOrg

Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc0004f80a0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}

Questioner
HectorCode
Viewed
0
分享
myeongkil kim 2020-12-17 18:57:55

I can see Affiliations:map[org1:[department1 department2] org2:[department1]], which is the default value set when affiliation is not set in fabric-ca.

# hyperledger/fabric-ca/cmd/fabric-ca-server/config.go
# in 'defaultCfgTemplate' value

affiliations:
   org1:
      - department1
      - department2
   org2:
      - department1

In other words, looking at your current situation, it seems that you have not added affiliation separately.

# default fabric ca's log
2020/12/17 10:16:56 [DEBUG] DB: Add affiliation org1
2020/12/17 10:16:56 [DEBUG] Affiliation 'org1' added
2020/12/17 10:16:56 [DEBUG] DB: Add affiliation org1.department1
2020/12/17 10:16:56 [DEBUG] Affiliation 'org1.department1' added
2020/12/17 10:16:56 [DEBUG] DB: Add affiliation org1.department2
2020/12/17 10:16:56 [DEBUG] Affiliation 'org1.department2' added
2020/12/17 10:16:56 [DEBUG] Successfully loaded affiliations table

Here are two ways to solve your problem.

1. Fabric-ca environment variable setting

This can be solved by setting the initial settings.

There are two things to consider. in the case of fabric-ca affiliation, it cannot be set with the input parameters of the fabric-ca-server commands in docker-compose, and it is not even possible to set through docker-compose's environment.
why? FABRIC_CA_SERVER_AFFILIATIONS in environment variables

so, We have one way.
Initial setup using configuration file.

1-1) writing fabric-ca-server-config.yaml

fabric-ca-server-config.yaml

  • The link is fabric-samples v2.0, but fabric-ca has no changes and the configuration form is the same.
# hyperledger/fabric-samples/first-network/fabric-ca-server-config.yaml
...
affiliations:
   org1:
      - department1
      - department2
   neworg:
      - test_department
...

1-2) updating docker-compose.yaml

I used release-1.4 of hyperledger/fabric-samples to match your version.

# hyperledger/fabric-samples/first-network/docker-compose-ca.yaml

services:
  ca0:
    image: hyperledger/fabric-ca:1.4
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org1
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/<your_ca_org1_private_key>
      - FABRIC_CA_SERVER_PORT=7054
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/<your_ca_org1_private_key> -b admin:adminpw -d'
    volumes:
     # mounting fabric-ca-server-config.yaml file, to ca_peerOrg1 container's $FABRIC_CA_HOME path
      - ./fabric-ca-server-config.yaml:/etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
      - ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca_peerOrg1
    networks:
      - byfn

1-3) Fabric-CA Up

cd $GOPATH/src/github.com/hyperledger/fabric-samples/first-network && docker-compose -f ./docker-compose-ca.yaml up -d

1-4) Checks configuration of Fabric-CA

results

$ docker logs ca_peerOrg1

2020/12/17 10:41:05 [DEBUG] Loading affiliations table
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation org1
2020/12/17 10:41:05 [DEBUG] Affiliation 'org1' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation org1.department1
2020/12/17 10:41:05 [DEBUG] Affiliation 'org1.department1' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation org1.department2
2020/12/17 10:41:05 [DEBUG] Affiliation 'org1.department2' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation neworg
2020/12/17 10:41:05 [DEBUG] Affiliation 'neworg' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation neworg.test_department
2020/12/17 10:41:05 [DEBUG] Affiliation 'neworg.test_department' added
2020/12/17 10:41:05 [DEBUG] Successfully loaded affiliations table

1-5) Run your code(registerUser) & success!

// Register the user, enroll the user, and import the new identity into the wallet.
const secret = await ca.register({ affiliation: 'neworg.test_department', enrollmentID: 'user1', role: 'client' }, adminIdentity);
const enrollment = await ca.enroll({ enrollmentID: 'user1', enrollmentSecret: secret });
const userIdentity = X509WalletMixin.createIdentity('Org1MSP', enrollment.certificate, enrollment.key.toBytes());
await wallet.import('user1', userIdentity);
console.log('Successfully registered and enrolled admin user "user1" and imported it into the wallet');

$ node registerUser.js

Wallet path: /Users/myeongkil/Project/src/github.com/hyperledger/fabric-samples/fabcar/javascript/wallet
Successfully registered and enrolled admin user "user1" and imported it into the wallet

2. Add authorized users

The fabric-ca-client has an affiliation command, which can be added. See the commands and links below. dynamically-updating-affiliations

HectorCode 2020-12-20 16:42:54

thank you! Really useful answer

热门帖子

1
C++新手,求助一个关于怎么使用第三方库的问题
2
关于英语学习的重要性的思考
3
出美版 iPhone 13promax, V 友 4600 吧
4
这里分享一个免费的在线 PDF 总结工具: NoteGPT
5
没想到 Arc 浏览器对网络要求如此严格
6
深陷消费主义陷阱的背后,是我空洞的灵魂
7
做了一个以凡人修仙传境界为基础的 Github 统计卡片
8
从程序员角度思考一下,为什么我的支付宝能收到其他人的 12306 购票推送消息
9
[上海] 招中级前端开发工程师
10
澳大利亚🇦🇺归来~第一次去南半球,虽然看过很多次照片,亲临大洋路时仍觉震撼

热门github

1
Implementation of paper - YOLOv9: Learning What You Want to Learn Using Programmable Gradient Information
2
A Windows and Office activator using HWID / Ohook / KMS38 / Online KMS activation methods, with a focus on open-source code and fewer antivirus detections.
3
Get up and running with Llama 2, Mistral, Gemma, and other large language models.
4
该项目可以让你通过订阅的方式使用Cloudflare WARP+,自动获取流量。This project enables you to use Cloudflare WARP+ through subscription, automatically acquiring traffic.
5
Multi functional app to find duplicates, empty folders, similar images etc.
6
Xray panel supporting multi-protocol multi-user expire day & traffic & ip limit (Vmess & Vless & Trojan & ShadowSocks & Wireguard)
7
The Free Software Media System
8
lightweight, standalone C++ inference engine for Google's Gemma models.
9
📚 Freely available programming books
10
A collective list of free APIs
11
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
12
🎓 Path to a free self-taught education in Computer Science!
13
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
14
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
15
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.