问题
Im using Hyperledger Composer over Hyperledger Fabric to deploy a .bna file. The problem comes when creating networkAdmin cards for the different organizations, they are not able to access the network.
Background
The project structure is as follows:
- Organizations:
- exporter01 with one peer and one CA
- maritimeAgency01 with one peer and one CA
- terminal01 with one peer and one CA
- terrestrialTransport01 with one peer and one CA
The steps towards the problem are as follows:
- Create the PeerAdmin card using the admin certificate and privateKey files under /msp/keystore/ for every organization
- Installed the network archive using
composer network install ...for every organization peer using the PeerAdmin card - Requested identities for every networkAdmin specified on the
composer network start ...command (one for every org) - Started the network for all peers using
composer network start \ --card PeerAdmin@$NETWORK_NAME-exporter01 \ --networkName $NETWORK_NAME \ --networkVersion $NETWORK_VERSION \ -o endorsementPolicyFile=./endorsement-policy.json \ -A exporter01 \ -C $TMP_BASEDIR/exporter01/admin-pub.pem \ -A maritimeAgency01 \ -C $TMP_BASEDIR/maritimeAgency01/admin-pub.pem \ -A terminal01 \ -C $TMP_BASEDIR/terminal01/admin-pub.pem \ -A terrestrialTransport01 \ -C $TMP_BASEDIR/terrestrialTransport01/admin-pub.pem
Problem
After using composer card create ... with the following
- connectionProfile.json (the same used to create the PeerAdmin card)
- user: the same as the
-Aflag in thecomposer network start ... - certificate: the same as the
-Cflag in thecomposer network start ... - privateKey: the corresponding to the certificate generated by
composer identity request ...
And importing it with composer card import ... the card is successfully imported. But when using composer network ping -c <created networkAdmin card> the command fails with the following message
Error: Error trying to ping. Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Exporter01MSP]
Any ideas why could this be happening? Thanks!
回答1:
After two weeks found the error. Logging it here for the community.
It was a Hyperledger-Fabric configuration error.
When using multiple CA's (one for each org) you must add the certificates to the orderer docker container as an env variable ORDERER_GENERAL_TLS_ROOTCAS or any identity issued by those CA's won't be able to connect.
Found the solution in the following fabric-sample Repo line 55. Don't forget to link the volumes (lines 63-64).
来源:https://stackoverflow.com/questions/51329602/hyperledger-composer-getting-access-denied-when-pinging-network-admin-card