带有 SoftHSM 的 Fabric-CA:无法初始化 BCCSP PKCS11:配置无效。 不能为零
[英]Fabric-CA with SoftHSM: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil
问题描述
I have followed softHSM2 repo to install and initialize the token but when I start the fabric-ca-server container with PKCS11 env variables I get Could not initialize BCCSP PKCS11: Invalid config.
我已经按照softHSM2 存储库安装和初始化令牌,但是当我使用 PKCS11 环境变量启动 fabric-ca-server 容器时,我得到了无法初始化 BCCSP PKCS11:无效的配置。 It must not be nil.它不能为零。 according to fabric-ca docs just 4 (default, library, pin, label) env variables are required to use SoftHSM but I tried to add all the fields mentioned under pkcs11 but the issue persists, not sure what part of config is nil.根据 fabric-ca 文档,使用 SoftHSM 只需要 4 个(默认、库、引脚、标签)环境变量,但我尝试添加 pkcs11 下提到的所有字段,但问题仍然存在,不确定配置的哪一部分为零。
docker-compose-ca.yaml docker-compose-ca.yaml
version: '2'
networks:
org1_network:
external:
name: org1_network
services:
ca_org1:
image: hyperledger/fabric-ca:latest
environment:
- GODEBUG=netdns=go
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_BCCSP_DEFAULT=PKCS11
- FABRIC_CA_SERVER_BCCSP_PKCS11_HASH=SHA2
- FABRIC_CA_SERVER_BCCSP_PKCS11_SECURITY=256
- FABRIC_CA_SERVER_BCCSP_PKCS11_LIBRARY=/etc/hyperledger/fabric/libsofthsm2.so
- FABRIC_CA_SERVER_BCCSP_PKCS11_PIN=98765432
- FABRIC_CA_SERVER_BCCSP_PKCS11_FILEKEYSTORE_KEYSTORE=/etc/hyperledger/fabric-ca-server/msp
- SOFTHSM2_CONF=/etc/hyperledger/fabric/config.file
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b org1:adminpw -d'
volumes:
- ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
- ../../softhsm/config.file:/etc/hyperledger/fabric/config.file
- /../../../usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
container_name: ca_org1
networks:
- org1_network
config.file配置文件
# SoftHSM v2 configuration file
directories.tokendir = /tmp/
objectstore.backend = file
objectstore.umask = 0077
# ERROR, WARNING, INFO, DEBUG
log.level = DEBUG
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
# Enable and disable PKCS#11 mechanisms using slots.mechanisms.
slots.mechanisms = ALL
# If the library should reset the state on fork
library.reset_on_fork = false
fabric-ca-org1-container logs fabric-ca-org1-container 日志
2021/07/11 21:22:08 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2021/07/11 21:22:08 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Set log level:
2021/07/11 21:22:08 [INFO] Server Version: 1.5.1-snapshot-38527387
2021/07/11 21:22:08 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/07/11 21:22:08 [DEBUG] Making server filenames absolute
2021/07/11 21:22:08 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:1.5.1-snapshot-38527387 Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca.org1.example.com Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc00033e210 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[dc6f304f9d43 localhost] KeyRequest:0xc0000bf520 CA:0xc0001d5bf0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****@<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc0001d5e00 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2021/07/11 21:22:08 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Checking configuration file version '1.5.1-snapshot-38527387' against server version: '1.5.1-snapshot-38527387'
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:0xc0001d5e60 PluginOpts:<nil> Pkcs11Opts:<nil>}
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc00035ee10 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/07/11 21:22:08 [DEBUG] Closing server DBs
Error: Failed to get BCCSP with opts: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil.
1 个解决方案
解决方案1
0 2021-07-12 06:47:34
I would recommend modifying the config file of fabric-ca-server (fabric-ca-server-config.yaml) instead of trying to override entries in it via environment variables which is what you are trying to do.我建议修改 fabric-ca-server (fabric-ca-server-config.yaml) 的配置文件,而不是尝试通过环境变量覆盖其中的条目,而这正是您要执行的操作。 I believe the problem is you can't override entries that aren't actually defined in the config file.我相信问题是您无法覆盖实际上未在配置文件中定义的条目。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.