如何使用 Raft Cluster 修复 HLF 中的 "Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM"
How to fix "Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM" in HLF with Raft Cluster
我正在尝试建立一个 Hyperledger Fabric 网络,排序节点为 Raft(集群中有 3 个节点)。我在云端使用 Kubernetes 和 Helm。
当它是单节点 Raft 设置时一切正常。但是,对于多节点设置,我收到以下错误。
[orderer.common.cluster] createReplicator -> PANI 3f4 Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM:
panic: Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM:
goroutine 15 [running]:
github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc0000f1ce0, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:229 +0x515
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc000140158, 0x4, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0xf6
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(0xc000140158, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159 +0x79
github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(0xc000140160, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1)
/opt/gopath/src/github.com/hyperledger/fabric/common/flogging/zap.go:74 +0x60
github.com/hyperledger/fabric/orderer/common/server.(*replicationInitiator).createReplicator(0xc0001c8ba0, 0xc0003ce340, 0xc00031a9a0, 0xb)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:60 +0x30c
github.com/hyperledger/fabric/orderer/common/server.(*replicationInitiator).ReplicateChains(0xc0001c8ba0, 0xc0003ce340, 0xc00031a000, 0x1, 0x1, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:117 +0x1ca
github.com/hyperledger/fabric/orderer/common/server.(*inactiveChainReplicator).replicateDisabledChains(0xc0003701e0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:224 +0x1f5
github.com/hyperledger/fabric/orderer/common/server.(*inactiveChainReplicator).run(0xc0003701e0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:202 +0x42
created by github.com/hyperledger/fabric/orderer/common/server.initializeEtcdraftConsenter
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:637 +0x3fc
其他配置如下
configtx.yaml
MultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
Consenters:
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
Consenters:
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
Addresses:
- myorg-orderer-hlf-ord:7050
- myorg-orderer2-hlf-ord:7050
- myorg-orderer3-hlf-ord:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *myorg
我找到了解决这个问题的方法。
我必须解决两个问题才能使其正常工作。
- 我在 orderer 的 helm 设置中遗漏了一些 TLS 环境变量。
ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE: "/var/hyperledger/tls/server/pair/tls.crt"
ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY: "/var/hyperledger/tls/server/pair/tls.key"
ORDERER_GENERAL_CLUSTER_ROOTCAS: "/var/hyperledger/tls/server/cert/cacert.pem"
- configtx.yaml YAML 配置中的语法错误。我多次重复
Consenters
键。
我正在尝试建立一个 Hyperledger Fabric 网络,排序节点为 Raft(集群中有 3 个节点)。我在云端使用 Kubernetes 和 Helm。
当它是单节点 Raft 设置时一切正常。但是,对于多节点设置,我收到以下错误。
[orderer.common.cluster] createReplicator -> PANI 3f4 Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM:
panic: Failed creating puller config from bootstrap block: unable to decode TLS certificate PEM:
goroutine 15 [running]:
github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc0000f1ce0, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:229 +0x515
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc000140158, 0x4, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0xf6
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(0xc000140158, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1)
/opt/gopath/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159 +0x79
github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(0xc000140160, 0x1047e13, 0x36, 0xc000289c50, 0x1, 0x1)
/opt/gopath/src/github.com/hyperledger/fabric/common/flogging/zap.go:74 +0x60
github.com/hyperledger/fabric/orderer/common/server.(*replicationInitiator).createReplicator(0xc0001c8ba0, 0xc0003ce340, 0xc00031a9a0, 0xb)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:60 +0x30c
github.com/hyperledger/fabric/orderer/common/server.(*replicationInitiator).ReplicateChains(0xc0001c8ba0, 0xc0003ce340, 0xc00031a000, 0x1, 0x1, 0x0, 0x0, 0x0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:117 +0x1ca
github.com/hyperledger/fabric/orderer/common/server.(*inactiveChainReplicator).replicateDisabledChains(0xc0003701e0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:224 +0x1f5
github.com/hyperledger/fabric/orderer/common/server.(*inactiveChainReplicator).run(0xc0003701e0)
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/onboarding.go:202 +0x42
created by github.com/hyperledger/fabric/orderer/common/server.initializeEtcdraftConsenter
/opt/gopath/src/github.com/hyperledger/fabric/orderer/common/server/main.go:637 +0x3fc
其他配置如下
configtx.yaml
MultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
Consenters:
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
Consenters:
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
Addresses:
- myorg-orderer-hlf-ord:7050
- myorg-orderer2-hlf-ord:7050
- myorg-orderer3-hlf-ord:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *myorg
我找到了解决这个问题的方法。
我必须解决两个问题才能使其正常工作。
- 我在 orderer 的 helm 设置中遗漏了一些 TLS 环境变量。
ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE: "/var/hyperledger/tls/server/pair/tls.crt"
ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY: "/var/hyperledger/tls/server/pair/tls.key"
ORDERER_GENERAL_CLUSTER_ROOTCAS: "/var/hyperledger/tls/server/cert/cacert.pem"
- configtx.yaml YAML 配置中的语法错误。我多次重复
Consenters
键。