Hyperledger Fabric：如何編輯成員服務（fabric-membersrvc）用戶和密碼

Question

我有一個測試應用程序已完成並且在Hyperledger Fabric下工作。它運行在安全模式下，並使用admin/Xurw3yU9zI0l憑證......這些憑證似乎是默認的，並在某處進行了硬編碼。一切正常。我使用fabric-peer和fabric-membersrvc docker（v.0.6）。

存儲管理員用戶名和密碼的位置（這樣我可以在將Fabric端口打開到世界之前更改它們並添加新用戶）？我無法將其作爲用於調出網絡結構的任何docker-compose文件和基礎子文件中的參數。任何文檔解釋這和成員（角色，權限）如何工作？感謝任何方向。

編輯：

讓我在這裏添加此作爲參考。這是目前可用的v0.6 docker中示例membersrvc.yaml文件的內容。雖然不是一個完整的文檔，它允許理解這些概念。如果我理解正確，則將這些數據複製到用戶註冊表中，然後根據註釋中說明的規則進行編輯（添加用戶，...）。有關這方面的更多信息肯定會有很大幫助！ :-)：

# Default users to be registered with the CA on first launch. The role is a binary OR 
# of the different roles a user can have: 
# 
# - simple client such as a wallet: CLIENT 
# - non-validating peer: PEER 
# - validating client: VALIDATOR 
# - auditing client: AUDITOR 
# 
eca: 
     # This hierarchy is used to create the Pre-key tree, affiliations is the top of this hierarchy, 'banks_and_institutions' is used to create the key associated to auditors of both banks and 
     # institutions, 'banks' is used to create a key associated to auditors of banks, 'bank_a' is used to create a key associated to auditors of bank_a, etc. 
     affiliations: 
      banks_and_institutions: 
       banks: 
        - bank_a 
        - bank_b 
        - bank_c 
       institutions: 
        - institution_a 
     users: 
       # 
       # The fields of each user are as follows: 
       # <EnrollmentID>: <system_role (1:client, 2: peer, 4: validator, 8: auditor)> <EnrollmentPWD> <Affiliation> <Affiliation_Role> <JSON_Metadata> 
       # 
       # The optional JSON_Metadata field is of the following format: 
       # { "registrar": { "roles": <array-of-role-names>, "delegateRoles": <array-of-role-names> } } 
       # The 'registrar' section is used to control access to registration of new users directly via the ECAA.RegisterUser GRPC call. 
       # (See the 'fabric/membersrvc/protos/ca.proto' file for the definition of ECAA.RegisterUser.) 
       # Note that this also controls who can register users via the client SDK. 
       # 
       # Only users with a 'registrar' section may be a registrar to register other users. In particular, 
       # 1) the "roles" field specifies which member roles may be registered by this user, and 
       # 2) the "delegateRoles" field specifies which member roles may become the "roles" field of registered users. 
       # The valid role names are "client", "peer", "validator", and "auditor". 
       # 
       # Example1: 
       # The 'admin' user below can register clients, peers, validators, or auditors; furthermore, the 'admin' user can register other 
       # users who can then register clients only. 
       # 
       # Example2: 
       # The 'WebAppAdmin' user below can register clients only, but none of the users registered by this user can register other users. 
       # 
       admin: 1 Xurw3yU9zI0l institution_a '{"registrar":{"roles":["client","peer","validator","auditor"],"delegateRoles":["client"]}}' 
       WebAppAdmin: 1 DJY27pEnl16d institution_a '{"registrar":{"roles":["client"]}}' 
       lukas: 1 NPKYL39uKbkj bank_a 
       system_chaincode_invoker: 1 DRJ20pEql15a institution_a 
       diego: 1 DRJ23pEQl16a institution_a 
       jim: 1 6avZQLwcUe9b bank_a 
       binhn: 1 7avZQLwcUe9q institution_a 

       # Users for asset transfer with roles test located at 
       # sdk/node/test/unit/asset-mgmt-with-roles.js 
       alice: 1 CMS10pEQlB16 bank_a 
       bob: 1 NOE63pEQbL25 bank_a 
       assigner: 1 Tc43PeqBl11 bank_a 

       vp: 4 f3489fy98ghf 

       test_vp0: 4 MwYpmSRjupbT 
       test_vp1: 4 5wgHK9qqYaPy 
       test_vp2: 4 vQelbRvja7cJ 
       test_vp3: 4 9LKqKH5peurL 
       test_vp4: 4 Pqh90CEW5juZ 
       test_vp5: 4 FfdvDkAdY81P 
       test_vp6: 4 QiXJgHyV4t7A 
       test_vp7: 4 twoKZouEyLyB 
       test_vp8: 4 BxP7QNh778gI 
       test_vp9: 4 wu3F1EwJWHvQ 

# Uncomment this section to activate devnet setup as specficied in 
# devnet-setup.md 
# 
#    vp0: 4 vp0_secret 
#    vp1: 4 vp1_secret 

       test_user0: 1 MS9qrN8hFjlE bank_a 
       test_user1: 1 jGlNl6ImkuDo institution_a 
       test_user2: 1 zMflqOKezFiA bank_c 
       test_user3: 1 vWdLCE00vJy0 bank_a 
       test_user4: 1 4nXSrfoYGFCP institution_a 
       test_user5: 1 yg5DVhm0er1z bank_b 
       test_user6: 1 b7pmSxzKNFiw bank_a 
       test_user7: 1 YsWZD4qQmYxo institution_a 
       test_user8: 1 W8G0usrU7jRk bank_a 
       test_user9: 1 H80SiB5ODKKQ institution_a 

       test_nvp0: 2 iywrPBDEPl0K bank_a 
       test_nvp1: 2 DcYXuRSocuqd institution_a 
       test_nvp2: 2 flpChShlY7xt bank_c 
       test_nvp3: 2 jeruawMomclo bank_a 
       test_nvp4: 2 RMYVxSZCk370 institution_a 
       test_nvp5: 2 XHYVCIJGZGK7 bank_b 
       test_nvp6: 2 4cIn63j8ahYp bank_a 
       test_nvp7: 2 E7FAJUtWVn2h institution_a 
       test_nvp8: 2 LJu8DkUilBEH bank_a 
       test_nvp9: 2 VlEsBsiyXSjw institution_a 

Answer 1

要將其他用戶添加或更改管理員密碼，您可以創建自己的membersrvc.yml並使用它，當你使用泊塢窗開始membersrvc。

您可以編輯撰寫文件映射本地membersrv.file，如：

membersrvc: 
    # try 'docker ps' to see the container status after starting this compose 
    container_name: membersrvc 
    image: hyperledger/fabric-membersrvc 
    command: membersrvc 
    expose: 
    - "7054" 
    ports: 
    - "7054:7054" 
    environment: 
    - MEMBERSRVC_CA_ACA_ENABLED=true 
    - MEMBERSRVC_CA_TCA_ATTRIBUTE-ENCRYPTION_ENABLED=true 
    volumes: 
    - /[path to your membersrvc.yml file]/membersrvc.yaml:/opt/gopath/src/github.com/hyperledger/fabric/membersrvc/membersrvc.yaml 

這裏是CA上的文檔：http://hyperledger-fabric.readthedocs.io/en/stable/Setup/ca-setup/