{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做自己的国王 的问题《Questions on hyperledger fabric MSP setting》','https://www.manongdao.com/q-968726.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Background
I am studying the hyperledger fabic tutorial: Building Your First Network (BYFN), and studying the details of the scripts. The source codes can be found here.
Question
The commandbyfn.sh generate runs cryptogen generate ./config=./crypto-config.yaml and then generates certificates. A directory crypto-config/ is produced with sub-directories ordererOrganization/ and peerOrganizations/.
In the path crypto-config/peerOrganizations/org1.example.com/. It consists of
ca/msp/peerstlsca/users/
I have difficulties in understanding the structures in this directory.
Q1: There are certs and private keys in ca/, msp/ and tlsa/. But what are they representing? and why do we need them? It confuses me because inside directory of peer/, there are also msp/ and tls/.
Q2: What is the purpose of users/ directory? (I only know the network has peers and orderers). Are user and admin representing the end-users for this organization? and what is the difference between user and admin? Take this network picture for example, where are user and admin?
Many Thanks
So, public channel configuration is loaded only with what is found under
msp/. This is used to verify certificates of clients, and network nodes (peers, orderers).The
ca/folder just represents what a CA would have had it exited. Thetlsca/folder is basically used to define the same thing theca/folder, only for TLS certificates. In fabric, there is a different certificate chain for TLS and for enrollment certificates.Now, the
peers,orderers,userscontain the material for the local MSP of the node, as well as its signing identity (certificate, and private key).The
useris basically anyone that can authenticate to fabric as a client, and an admin is a special type of users who is authorized to sign transactions that have administrative changes on the organization it belongs to, like - adding anchor peers when sending a configuration transaction to the orderer, or - instantiating chaincode.