Hyperledger Fabric Raft 订购者设置失败,通道创建时身份验证握手失败
Hyperledger Fabric Raft Orderer Setup Failed with authentication handshake failure on channel create
我正在创建一个使用 raft 作为排序服务的 HLF 网络。
peer channel create -o ProdOrderer1_ProdOrdr_com:7050 -c masterchannel -f ./configtx/masterchannel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/msp/tlscacerts/tlsca.ProdOrdr_com-cert.pem
但它 returns 在 peer cli 中出现以下错误。
2020-02-14 06:00:09.733 UTC [grpc] watcher -> DEBU 039 ccResolverWrapper: sending new addresses to cc: [{ProdOrderer1_ProdOrdr_com:7050 0 <nil>}]
2020-02-14 06:00:09.733 UTC [grpc] switchBalancer -> DEBU 03a ClientConn switching balancer to "pick_first"
2020-02-14 06:00:09.733 UTC [grpc] HandleSubConnStateChange -> DEBU 03b pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
2020-02-14 06:00:09.736 UTC [grpc] createTransport -> DEBU 03c grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
2020-02-14 06:00:09.736 UTC [grpc] HandleSubConnStateChange -> DEBU 03d pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
2020-02-14 06:00:10.734 UTC [grpc] HandleSubConnStateChange -> DEBU 03e pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
2020-02-14 06:00:10.738 UTC [grpc] createTransport -> DEBU 03f grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.StancOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
2020-02-14 06:00:10.738 UTC [grpc] HandleSubConnStateChange -> DEBU 040 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
2020-02-14 06:00:12.121 UTC [grpc] HandleSubConnStateChange -> DEBU 041 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
2020-02-14 06:00:12.124 UTC [grpc] createTransport -> DEBU 042 grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
2020-02-14 06:00:12.124 UTC [grpc] HandleSubConnStateChange -> DEBU 043 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
Error: failed to create deliver client: orderer client failed to connect to ProdOrderer1_ProdOrdr_com:7050: failed to create new connection: context deadline exceeded
我已经检查了 peer & orderer 的日志 containers.The orderer 容器的日志报告了 tls bad certificate 错误。
2020-02-14 06:22:33.504 UTC [core.comm] ServerHandshake -> ERRO 2849 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.23.4:18725
2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] probeEndpoint -> WARN 2853 Failed connecting to {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----
2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] func1 -> WARN 2854 Received error of type 'failed to create new connection: context deadline exceeded' from {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----
我附上加密-config.yaml,configtx.yaml,docker-compose.yaml以供参考。
加密-config.yaml
OrdererOrgs:
- Name: ProdOrderer
Domain: ProdOrdr_com
Specs:
- Hostname: ProdOrderer1
SANS:
- "localhost"
- "127.0.0.1"
- Hostname: ProdOrderer2
SANS:
- "localhost"
- "127.0.0.1"
- Hostname: ProdOrderer3
SANS:
- "localhost"
- "127.0.0.1"
PeerOrgs:
- Name: ProdOrg
- Name: ProdOrgA
configtx.yaml
Organizations:
- &OrdererOrg
Name: ProdOrderer
ID: ProdOrdererMSP
MSPDir: crypto-config/ordererOrganizations/ProdOrdr_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('ProdOrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('ProdOrdererMSP.admin')"
- &ProdOrg
Name: ProdOrg
ID: ProdOrgMSP
MSPDir: crypto-config/peerOrganizations/peerProd_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrgMSP.admin','ProdOrgMSP.peer', 'ProdOrgMSP.client')"
Writers:
Type: Signature
Rule: "OR('ProdOrgMSP.admin', 'ProdOrgMSP.client')"
Admins:
Type: Signature
Rule: "OR('ProdOrgMSP.admin')"
AnchorPeers:
- Host: HOSTA_peerProd_com
Port: 7051
- &ProdOrgA
Name: ProdOrgA
ID: ProdOrgAMSP
MSPDir: crypto-config/peerOrganizations/peerProdA_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin','ProdOrgAMSP.peer', 'ProdOrgAMSP.client')"
Writers:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin', 'ProdOrgAMSP.client')"
Admins:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin')"
AnchorPeers:
- Host: HOSTA_peerProdA_com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- ProdOrderer1_ProdOrdr_com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
EtcdRaft:
Consenters:
- Host: ProdOrderer1_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer2_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer3_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
OrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ProdOrg
- *ProdOrgA
Capabilities:
<<: *ApplicationCapabilities
SampleDevModeKafka:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Kafka:
Brokers:
- kafka.example.com:9092
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: ProdOrderer1_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer2_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer3_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
Addresses:
- ProdOrderer1_ProdOrdr_com:7050
- ProdOrderer2_ProdOrdr_com:7050
- ProdOrderer3_ProdOrdr_com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
Docker-compose.yaml 文件
我使用 docker-swarm 创建了网络。
version: "3.4"
networks:
dev:
attachable: true
services:
ProdOrderer1_ProdOrdr_com:
container_name: ProdOrderer1_ProdOrdr_com
image: hyperledger/fabric-orderer:1.4.4
environment:
- ORDERER_GENERAL_LOGLEVEL=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer1/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
- ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
volumes:
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com:/etc/hyperledger/orderer1
- /opt/ProdNode/hyp-data/orderer1:/var/hyperledger/production/orderer1
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 7050:7050
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
depends_on:
restart: always
networks:
- dev
ProdOrderer2_ProdOrdr_com:
container_name: ProdOrderer2_ProdOrdr_com
image: hyperledger/fabric-orderer:1.4.4
environment:
- ORDERER_GENERAL_LOGLEVEL=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer2/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
- ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
volumes:
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com:/etc/hyperledger/orderer2
- /opt/ProdNode/hyp-data/orderer2:/var/hyperledger/production/orderer2
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 8050:7050
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
depends_on:
restart: always
networks:
- dev
ProdOrderer3_ProdOrdr_com:
container_name: ProdOrderer3_ProdOrdr_com
ca_ProdOrg:
image: hyperledger/fabric-ca:1.4.4
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca_ProdOrg
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk -b admina:adminpw -d'
volumes:
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_ProdOrg
networks:
- dev
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
restart: always
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer1_ProdOrdr_com
HOSTA_peerProd_com:
container_name: HOSTA_peerProd_com
image: hyperledger/fabric-peer:1.4.4
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=HOSTA_peerProd_com
- CORE_PEER_LOCALMSPID=ProdOrgMSP
- CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb_HOSTA_peerProd_com:5984
- CORE_PEER_GOSSIP_BOOTSTRAP=HOSTA_peerProd_com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=HOSTA_peerProd_com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=swarm_dev
- CORE_LOGGING_PEER=INFO
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
#TLS Settings
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
#Couch DB config
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=P@ss123
volumes:
- /var/run/:/host/var/run/
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com:/etc/hyperledger/peer
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/users:/etc/hyperledger/users
- /opt/ProdNode/hyp-data/peer-1_1/:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/peer
command: peer node start
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
restart: always
ports:
- 7051:7051
- 7053:7053
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer1_ProdOrdr_com
- couchdb_HOSTA_peerProd_com
- ca_ProdOrg
networks:
- dev
couchdb_HOSTA_peerProd_com:
container_name: couchdb_HOSTA_peerProd_com
ca_ProdOrgA:
image: hyperledger/fabric-ca:1.4.4
HOSTA_peerProdA_com:
container_name: HOSTA_peerProdA_com
image: hyperledger/fabric-peer:1.4.4
couchdb_HOSTA_peerProdA_com:
container_name: couchdb_HOSTA_peerProdA_com
cli:
container_name: cli
image: hyperledger/fabric-tools:1.4.4
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
- CORE_PEER_LOCALMSPID=ProdOrgMSP
- CORE_PEER_TLS_ENABLED=true #Should be kept to true if not running event listenr
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/users/Admin@peerProd_com/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode/
- ./crypto-config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/configtx
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
networks:
- dev
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer3_ProdOrdr_com
- HOSTA_peerProd_com
- HOSTA_peerProdA_com
谁能帮我解决我面临的错误?
以下错误消息说明了一切:
2020-02-14 06:00:12.124 UTC [grpc] createTransport -> DEBU 042 grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
您用于连接的主机名 - ProdOrderer1_ProdOrdr_com - 与 TLS 证书中的有效名称不匹配。 cryptogen 的工作方式是它使用 '{{.Hostname}}.{{.Domain}}' 格式自动添加 CommonName,因此 ProdOrderer1.ProdOrdr_com。由于 Docker Swarm 的命名规则,我假设您使用了不同的命名约定,所以如果您真的需要使用 ProdOrderer1_ProdOrdr_com 那么您将需要修改您的crypto-config.yaml 覆盖用于生成每个证书中使用的 CommonName 的模板:
OrdererOrgs:
- Name: ProdOrderer
Domain: ProdOrdr_com
Specs:
- Hostname: ProdOrderer1
CommonName: '{{.Hostname}}_{{.Domain}}'
SANS:
- localhost
- 127.0.0.1
- Hostname: ProdOrderer2
CommonName: '{{.Hostname}}_{{.Domain}}'
SANS:
- localhost
- 127.0.0.1
- Hostname: ProdOrderer3
CommonName: '{{.Hostname}}_{{.Domain}}'
SANS:
- localhost
- 127.0.0.1
我正在创建一个使用 raft 作为排序服务的 HLF 网络。
peer channel create -o ProdOrderer1_ProdOrdr_com:7050 -c masterchannel -f ./configtx/masterchannel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/msp/tlscacerts/tlsca.ProdOrdr_com-cert.pem
但它 returns 在 peer cli 中出现以下错误。
2020-02-14 06:00:09.733 UTC [grpc] watcher -> DEBU 039 ccResolverWrapper: sending new addresses to cc: [{ProdOrderer1_ProdOrdr_com:7050 0 <nil>}]
2020-02-14 06:00:09.733 UTC [grpc] switchBalancer -> DEBU 03a ClientConn switching balancer to "pick_first"
2020-02-14 06:00:09.733 UTC [grpc] HandleSubConnStateChange -> DEBU 03b pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
2020-02-14 06:00:09.736 UTC [grpc] createTransport -> DEBU 03c grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
2020-02-14 06:00:09.736 UTC [grpc] HandleSubConnStateChange -> DEBU 03d pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
2020-02-14 06:00:10.734 UTC [grpc] HandleSubConnStateChange -> DEBU 03e pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
2020-02-14 06:00:10.738 UTC [grpc] createTransport -> DEBU 03f grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.StancOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
2020-02-14 06:00:10.738 UTC [grpc] HandleSubConnStateChange -> DEBU 040 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
2020-02-14 06:00:12.121 UTC [grpc] HandleSubConnStateChange -> DEBU 041 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
2020-02-14 06:00:12.124 UTC [grpc] createTransport -> DEBU 042 grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
2020-02-14 06:00:12.124 UTC [grpc] HandleSubConnStateChange -> DEBU 043 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
Error: failed to create deliver client: orderer client failed to connect to ProdOrderer1_ProdOrdr_com:7050: failed to create new connection: context deadline exceeded
我已经检查了 peer & orderer 的日志 containers.The orderer 容器的日志报告了 tls bad certificate 错误。
2020-02-14 06:22:33.504 UTC [core.comm] ServerHandshake -> ERRO 2849 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.23.4:18725
2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] probeEndpoint -> WARN 2853 Failed connecting to {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----
2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] func1 -> WARN 2854 Received error of type 'failed to create new connection: context deadline exceeded' from {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----
我附上加密-config.yaml,configtx.yaml,docker-compose.yaml以供参考。
加密-config.yaml
OrdererOrgs:
- Name: ProdOrderer
Domain: ProdOrdr_com
Specs:
- Hostname: ProdOrderer1
SANS:
- "localhost"
- "127.0.0.1"
- Hostname: ProdOrderer2
SANS:
- "localhost"
- "127.0.0.1"
- Hostname: ProdOrderer3
SANS:
- "localhost"
- "127.0.0.1"
PeerOrgs:
- Name: ProdOrg
- Name: ProdOrgA
configtx.yaml
Organizations:
- &OrdererOrg
Name: ProdOrderer
ID: ProdOrdererMSP
MSPDir: crypto-config/ordererOrganizations/ProdOrdr_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('ProdOrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('ProdOrdererMSP.admin')"
- &ProdOrg
Name: ProdOrg
ID: ProdOrgMSP
MSPDir: crypto-config/peerOrganizations/peerProd_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrgMSP.admin','ProdOrgMSP.peer', 'ProdOrgMSP.client')"
Writers:
Type: Signature
Rule: "OR('ProdOrgMSP.admin', 'ProdOrgMSP.client')"
Admins:
Type: Signature
Rule: "OR('ProdOrgMSP.admin')"
AnchorPeers:
- Host: HOSTA_peerProd_com
Port: 7051
- &ProdOrgA
Name: ProdOrgA
ID: ProdOrgAMSP
MSPDir: crypto-config/peerOrganizations/peerProdA_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin','ProdOrgAMSP.peer', 'ProdOrgAMSP.client')"
Writers:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin', 'ProdOrgAMSP.client')"
Admins:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin')"
AnchorPeers:
- Host: HOSTA_peerProdA_com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- ProdOrderer1_ProdOrdr_com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
EtcdRaft:
Consenters:
- Host: ProdOrderer1_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer2_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer3_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
OrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ProdOrg
- *ProdOrgA
Capabilities:
<<: *ApplicationCapabilities
SampleDevModeKafka:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Kafka:
Brokers:
- kafka.example.com:9092
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: ProdOrderer1_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer2_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer3_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
Addresses:
- ProdOrderer1_ProdOrdr_com:7050
- ProdOrderer2_ProdOrdr_com:7050
- ProdOrderer3_ProdOrdr_com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
Docker-compose.yaml 文件
我使用 docker-swarm 创建了网络。
version: "3.4"
networks:
dev:
attachable: true
services:
ProdOrderer1_ProdOrdr_com:
container_name: ProdOrderer1_ProdOrdr_com
image: hyperledger/fabric-orderer:1.4.4
environment:
- ORDERER_GENERAL_LOGLEVEL=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer1/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
- ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
volumes:
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com:/etc/hyperledger/orderer1
- /opt/ProdNode/hyp-data/orderer1:/var/hyperledger/production/orderer1
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 7050:7050
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
depends_on:
restart: always
networks:
- dev
ProdOrderer2_ProdOrdr_com:
container_name: ProdOrderer2_ProdOrdr_com
image: hyperledger/fabric-orderer:1.4.4
environment:
- ORDERER_GENERAL_LOGLEVEL=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer2/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
- ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
volumes:
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com:/etc/hyperledger/orderer2
- /opt/ProdNode/hyp-data/orderer2:/var/hyperledger/production/orderer2
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 8050:7050
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
depends_on:
restart: always
networks:
- dev
ProdOrderer3_ProdOrdr_com:
container_name: ProdOrderer3_ProdOrdr_com
ca_ProdOrg:
image: hyperledger/fabric-ca:1.4.4
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca_ProdOrg
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk -b admina:adminpw -d'
volumes:
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_ProdOrg
networks:
- dev
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
restart: always
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer1_ProdOrdr_com
HOSTA_peerProd_com:
container_name: HOSTA_peerProd_com
image: hyperledger/fabric-peer:1.4.4
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=HOSTA_peerProd_com
- CORE_PEER_LOCALMSPID=ProdOrgMSP
- CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb_HOSTA_peerProd_com:5984
- CORE_PEER_GOSSIP_BOOTSTRAP=HOSTA_peerProd_com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=HOSTA_peerProd_com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=swarm_dev
- CORE_LOGGING_PEER=INFO
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
#TLS Settings
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
#Couch DB config
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=P@ss123
volumes:
- /var/run/:/host/var/run/
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com:/etc/hyperledger/peer
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/users:/etc/hyperledger/users
- /opt/ProdNode/hyp-data/peer-1_1/:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/peer
command: peer node start
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
restart: always
ports:
- 7051:7051
- 7053:7053
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer1_ProdOrdr_com
- couchdb_HOSTA_peerProd_com
- ca_ProdOrg
networks:
- dev
couchdb_HOSTA_peerProd_com:
container_name: couchdb_HOSTA_peerProd_com
ca_ProdOrgA:
image: hyperledger/fabric-ca:1.4.4
HOSTA_peerProdA_com:
container_name: HOSTA_peerProdA_com
image: hyperledger/fabric-peer:1.4.4
couchdb_HOSTA_peerProdA_com:
container_name: couchdb_HOSTA_peerProdA_com
cli:
container_name: cli
image: hyperledger/fabric-tools:1.4.4
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
- CORE_PEER_LOCALMSPID=ProdOrgMSP
- CORE_PEER_TLS_ENABLED=true #Should be kept to true if not running event listenr
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/users/Admin@peerProd_com/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode/
- ./crypto-config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/configtx
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
networks:
- dev
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer3_ProdOrdr_com
- HOSTA_peerProd_com
- HOSTA_peerProdA_com
谁能帮我解决我面临的错误?
以下错误消息说明了一切:
2020-02-14 06:00:12.124 UTC [grpc] createTransport -> DEBU 042 grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
您用于连接的主机名 - ProdOrderer1_ProdOrdr_com - 与 TLS 证书中的有效名称不匹配。 cryptogen 的工作方式是它使用 '{{.Hostname}}.{{.Domain}}' 格式自动添加 CommonName,因此 ProdOrderer1.ProdOrdr_com。由于 Docker Swarm 的命名规则,我假设您使用了不同的命名约定,所以如果您真的需要使用 ProdOrderer1_ProdOrdr_com 那么您将需要修改您的crypto-config.yaml 覆盖用于生成每个证书中使用的 CommonName 的模板:
OrdererOrgs:
- Name: ProdOrderer
Domain: ProdOrdr_com
Specs:
- Hostname: ProdOrderer1
CommonName: '{{.Hostname}}_{{.Domain}}'
SANS:
- localhost
- 127.0.0.1
- Hostname: ProdOrderer2
CommonName: '{{.Hostname}}_{{.Domain}}'
SANS:
- localhost
- 127.0.0.1
- Hostname: ProdOrderer3
CommonName: '{{.Hostname}}_{{.Domain}}'
SANS:
- localhost
- 127.0.0.1