Hyperledger fabric:transport:身份验证握手失败:x509:通道创建证书
Hyperledger fabric:transport: authentication handshake failed: x509: certificate on channel create
我正在尝试使用以下命令在 HLF 中创建频道
peer channel create -o orderer1.base:7050 -c basechannel -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/tlsca/tlsca.base.order-cert.pem
但是由于这个错误而失败了
Failed to send StepRequest to 2, because: rpc error: code =
Unavailable desc = all SubConns are in TransientFailure, latest
connection error: connection error: desc = "transport: authentication
handshake failed: x509: certificate is valid for orderer2.base.order,
orderer2, not orderer2.base" channel=basechannel node=1
Failed to send StepRequest to 3, because: rpc error: code =
Unavailable desc = all SubConns are in TransientFailure, latest
connection error: connection error: desc = "transport: authentication
handshake failed: x509: certificate is valid for orderer3.base.order,
orderer3, not orderer3.base" channel=basechannel node=1
这是 configtx.yaml
中的 raft 配置
Raft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1.base
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
- Host: orderer2.base
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
- Host: orderer3.base
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
Addresses:
- orderer1.base:7050
- orderer2.base:8050
- orderer3.base:9050
docker-compose.yaml
中的容器配置
orderer1.base:
extends:
file: base.yaml
service: orderer-base
container_name: orderer1.base
environment:
- ORDERER_GENERAL_LISTENPORT=7050
networks:
- byfn
volumes:
- ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls:/var/hyperledger/orderer/tls
- orderer1.base.order:/var/hyperledger/production/orderer
ports:
- 7050:7050
orderer2.base:
extends:
file: base.yaml
service: orderer-base
container_name: orderer2.base
environment:
- ORDERER_GENERAL_LISTENPORT=8050
networks:
- byfn
volumes:
- ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls:/var/hyperledger/orderer/tls
- orderer2.base.order:/var/hyperledger/production/orderer
ports:
- 8050:8050
orderer3.base:
extends:
file: base.yaml
service: orderer-base
container_name: orderer3.base
environment:
- ORDERER_GENERAL_LISTENPORT=9050
networks:
- byfn
volumes:
- ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls:/var/hyperledger/orderer/tls
- orderer3.base.order:/var/hyperledger/production/orderer
ports:
- 9050:9050
base.yaml
orderer-base:
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- CORE_LOGGING_LEVEL=debug
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
您没有正确映射端口。
必须是:
订购者 1 7050:7050
订购者 2 8050:7050
订购者 3 9050:7050
并从每个订购者中删除环境 LISTEN_PORT,以便默认值始终为 7050。
这意味着,对于订购者 2,您正在将容器内部端口 7050 映射到外部 8050。
也在你的configtx.yaml中修改同样的东西,所以你将有3个端口7050。
只需避免修改容器的内部端口,您可以自由修改外部端口。
我正在尝试使用以下命令在 HLF 中创建频道
peer channel create -o orderer1.base:7050 -c basechannel -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/tlsca/tlsca.base.order-cert.pem
但是由于这个错误而失败了
Failed to send StepRequest to 2, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for orderer2.base.order, orderer2, not orderer2.base" channel=basechannel node=1
Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for orderer3.base.order, orderer3, not orderer3.base" channel=basechannel node=1
这是 configtx.yaml
Raft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1.base
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
- Host: orderer2.base
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
- Host: orderer3.base
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
Addresses:
- orderer1.base:7050
- orderer2.base:8050
- orderer3.base:9050
docker-compose.yaml
orderer1.base:
extends:
file: base.yaml
service: orderer-base
container_name: orderer1.base
environment:
- ORDERER_GENERAL_LISTENPORT=7050
networks:
- byfn
volumes:
- ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls:/var/hyperledger/orderer/tls
- orderer1.base.order:/var/hyperledger/production/orderer
ports:
- 7050:7050
orderer2.base:
extends:
file: base.yaml
service: orderer-base
container_name: orderer2.base
environment:
- ORDERER_GENERAL_LISTENPORT=8050
networks:
- byfn
volumes:
- ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls:/var/hyperledger/orderer/tls
- orderer2.base.order:/var/hyperledger/production/orderer
ports:
- 8050:8050
orderer3.base:
extends:
file: base.yaml
service: orderer-base
container_name: orderer3.base
environment:
- ORDERER_GENERAL_LISTENPORT=9050
networks:
- byfn
volumes:
- ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls:/var/hyperledger/orderer/tls
- orderer3.base.order:/var/hyperledger/production/orderer
ports:
- 9050:9050
base.yaml
orderer-base:
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- CORE_LOGGING_LEVEL=debug
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
您没有正确映射端口。 必须是:
订购者 1 7050:7050
订购者 2 8050:7050
订购者 3 9050:7050
并从每个订购者中删除环境 LISTEN_PORT,以便默认值始终为 7050。
这意味着,对于订购者 2,您正在将容器内部端口 7050 映射到外部 8050。
也在你的configtx.yaml中修改同样的东西,所以你将有3个端口7050。 只需避免修改容器的内部端口,您可以自由修改外部端口。