Hyperledger Fabric Raft 订购者设置失败,通道创建时身份验证握手失败

Hyperledger Fabric Raft Orderer Setup Failed with authentication handshake failure on channel create

我正在创建一个使用 raft 作为排序服务的 HLF 网络。

 peer channel create -o ProdOrderer1_ProdOrdr_com:7050 -c masterchannel -f ./configtx/masterchannel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/msp/tlscacerts/tlsca.ProdOrdr_com-cert.pem

但它 returns 在 peer cli 中出现以下错误。

 2020-02-14 06:00:09.733 UTC [grpc] watcher -> DEBU 039 ccResolverWrapper: sending new addresses to cc: [{ProdOrderer1_ProdOrdr_com:7050 0  <nil>}]
 2020-02-14 06:00:09.733 UTC [grpc] switchBalancer -> DEBU 03a ClientConn switching balancer to "pick_first"
 2020-02-14 06:00:09.733 UTC [grpc] HandleSubConnStateChange -> DEBU 03b pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
 2020-02-14 06:00:09.736 UTC [grpc] createTransport -> DEBU 03c grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
 2020-02-14 06:00:09.736 UTC [grpc] HandleSubConnStateChange -> DEBU 03d pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
 2020-02-14 06:00:10.734 UTC [grpc] HandleSubConnStateChange -> DEBU 03e pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
 2020-02-14 06:00:10.738 UTC [grpc] createTransport -> DEBU 03f grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.StancOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
 2020-02-14 06:00:10.738 UTC [grpc] HandleSubConnStateChange -> DEBU 040 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
 2020-02-14 06:00:12.121 UTC [grpc] HandleSubConnStateChange -> DEBU 041 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, CONNECTING
 2020-02-14 06:00:12.124 UTC [grpc] createTransport -> DEBU 042 grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...
 2020-02-14 06:00:12.124 UTC [grpc] HandleSubConnStateChange -> DEBU 043 pickfirstBalancer: HandleSubConnStateChange: 0xc0002d9e80, TRANSIENT_FAILURE
 Error: failed to create deliver client: orderer client failed to connect to ProdOrderer1_ProdOrdr_com:7050: failed to create new connection: context deadline exceeded

我已经检查了 peer & orderer 的日志 containers.The orderer 容器的日志报告了 tls bad certificate 错误。

2020-02-14 06:22:33.504 UTC [core.comm] ServerHandshake -> ERRO 2849 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.23.4:18725

2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] probeEndpoint -> WARN 2853 Failed connecting to {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----
2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] func1 -> WARN 2854 Received error of type 'failed to create new connection: context deadline exceeded' from {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----

我附上加密-config.yaml,configtx.yaml,docker-compose.yaml以供参考。

加密-config.yaml

            OrdererOrgs:
              - Name: ProdOrderer
                Domain: ProdOrdr_com
                Specs:
                 - Hostname: ProdOrderer1
                   SANS:
                     - "localhost"
                     - "127.0.0.1"
                - Hostname: ProdOrderer2
                   SANS:
                     - "localhost"
                     - "127.0.0.1"
                - Hostname: ProdOrderer3
                   SANS:
                     - "localhost"
                     - "127.0.0.1"

             PeerOrgs:
                 - Name: ProdOrg

                 - Name: ProdOrgA

configtx.yaml

Organizations:
  - &OrdererOrg
      Name: ProdOrderer
      ID: ProdOrdererMSP
      MSPDir: crypto-config/ordererOrganizations/ProdOrdr_com/msp
      Policies:
         Readers:
            Type: Signature
            Rule: "OR('ProdOrdererMSP.member')"
         Writers:
            Type: Signature
            Rule: "OR('ProdOrdererMSP.member')"
         Admins:
            Type: Signature
            Rule:  "OR('ProdOrdererMSP.admin')"
    - &ProdOrg
        Name: ProdOrg
        ID: ProdOrgMSP
        MSPDir: crypto-config/peerOrganizations/peerProd_com/msp
        Policies:
             Readers:
                    Type: Signature
                    Rule: "OR('ProdOrgMSP.admin','ProdOrgMSP.peer', 'ProdOrgMSP.client')"
             Writers:
                    Type: Signature
                    Rule: "OR('ProdOrgMSP.admin', 'ProdOrgMSP.client')"
             Admins:
                    Type: Signature
                    Rule: "OR('ProdOrgMSP.admin')"
             AnchorPeers:
                  - Host: HOSTA_peerProd_com
                    Port: 7051
       - &ProdOrgA
              Name: ProdOrgA
              ID: ProdOrgAMSP
              MSPDir: crypto-config/peerOrganizations/peerProdA_com/msp
              Policies:
                Readers:
                    Type: Signature
                    Rule: "OR('ProdOrgAMSP.admin','ProdOrgAMSP.peer', 'ProdOrgAMSP.client')"
                    Writers:
                       Type: Signature
                       Rule: "OR('ProdOrgAMSP.admin', 'ProdOrgAMSP.client')"
                    Admins:
                       Type: Signature
                       Rule: "OR('ProdOrgAMSP.admin')"
                    AnchorPeers:
                       - Host: HOSTA_peerProdA_com
                         Port: 7051

        Capabilities:
                     Channel: &ChannelCapabilities
                        V1_4_3: true
                        V1_3: false
                        V1_1: false
                    Orderer: &OrdererCapabilities
                        V1_4_2: true
                        V1_1: false
                   Application: &ApplicationCapabilities
                        V1_4_2: true
                        V1_3: false
                        V1_2: false
                        V1_1: false
        Application: &ApplicationDefaults

                  Organizations:
                  Policies:
                      Readers:
                        Type: ImplicitMeta
                        Rule: "ANY Readers"
                      Writers:
                        Type: ImplicitMeta
                        Rule: "ANY Writers"
                      Admins:
                        Type: ImplicitMeta
                        Rule: "MAJORITY Admins"

                 Capabilities:
                      <<: *ApplicationCapabilities


       Orderer: &OrdererDefaults

                 OrdererType: solo
                 Addresses:
                    - ProdOrderer1_ProdOrdr_com:7050
                 BatchTimeout: 2s
                 BatchSize:
                 MaxMessageCount: 10
                 AbsoluteMaxBytes: 99 MB
                 PreferredMaxBytes: 512 KB
                 Kafka:
                   Brokers:
                     - 127.0.0.1:9092

                 EtcdRaft:
                    Consenters:
                      - Host:  ProdOrderer1_ProdOrdr_com
                        Port: 7050
                        ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
                       ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
                      - Host: ProdOrderer2_ProdOrdr_com
                        Port: 7050
                        ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
                        ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
                      - Host: ProdOrderer3_ProdOrdr_com
                        Port: 7050
                        ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
                        ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt


                 Organizations:
                        Policies:
                              Readers:
                                   Type: ImplicitMeta
                                   Rule: "ANY Readers"
                              Writers:
                                  Type: ImplicitMeta
                                  Rule: "ANY Writers"
                              Admins:
                                  Type: ImplicitMeta
                                  Rule: "MAJORITY Admins"
                         BlockValidation:
                             Type: ImplicitMeta
                             Rule: "ANY Writers"

                   Channel: &ChannelDefaults
                      Policies:
                         Readers:
                            Type: ImplicitMeta
                            Rule: "ANY Readers"
                         Writers:
                            Type: ImplicitMeta
                            Rule: "ANY Writers"
                         Admins:
                            Type: ImplicitMeta
                            Rule: "MAJORITY Admins"
                     Capabilities:
                          <<: *ChannelCapabilities

           Profiles:

                     OrdererGenesis:
                          <<: *ChannelDefaults
                         Orderer:
                              <<: *OrdererDefaults
                         Organizations:
                          - *OrdererOrg
                         Capabilities:
                              <<: *OrdererCapabilities
                         Consortiums:
                              SampleConsortium:
                                 Organizations:
                                     - *ProdOrg
                                     - *ProdOrgA

                          OrgChannel:
                             Consortium: SampleConsortium
                             Application:
                                 <<: *ApplicationDefaults
                             Organizations:
                               - *ProdOrg
                               - *ProdOrgA
                               Capabilities:
                                   <<: *ApplicationCapabilities

                         SampleDevModeKafka:
                               <<: *ChannelDefaults
                               Capabilities:
                                    <<: *ChannelCapabilities
                               Orderer:
                                    <<: *OrdererDefaults
                               OrdererType: kafka
                               Kafka:
                                     Brokers:
                                        - kafka.example.com:9092

                               Organizations:
                                    - *OrdererOrg
                                Capabilities:
                                 <<: *OrdererCapabilities
                                Application:
                                   <<: *ApplicationDefaults
                                Organizations:
                                   - <<: *OrdererOrg
                                Consortiums:
                                    SampleConsortium:
                                Organizations:
                                 - *ProdOrg
                                 - *ProdOrgA


                       SampleMultiNodeEtcdRaft:
                             <<: *ChannelDefaults
                             Capabilities:
                                 <<: *ChannelCapabilities
                             Orderer:
                                 <<: *OrdererDefaults
                                 OrdererType: etcdraft
                                 EtcdRaft:
                                       Consenters:
                                             - Host:  ProdOrderer1_ProdOrdr_com
                                               Port: 7050
                                               ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
                                               ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
                                            - Host:  ProdOrderer2_ProdOrdr_com
                                              Port: 7050
                                              ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
                                              ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
                                            - Host:  ProdOrderer3_ProdOrdr_com
                                                 Port: 7050
                                                 ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
                                                 ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt

                             Addresses:
                              -  ProdOrderer1_ProdOrdr_com:7050
                              -  ProdOrderer2_ProdOrdr_com:7050
                              -  ProdOrderer3_ProdOrdr_com:7050

                      Organizations:
                             - *OrdererOrg
                             Capabilities:
                                   <<: *OrdererCapabilities
                             Application:
                                    <<: *ApplicationDefaults
                            Organizations:
                                   - <<: *OrdererOrg
                            Consortiums:
                                SampleConsortium:
                                   Organizations:
                                        - *ProdOrg
                                        - *ProdOrgA

Docker-compose.yaml 文件

我使用 docker-swarm 创建了网络。

                    version: "3.4"
                    networks:
                       dev:
                       attachable: true

                    services:
                       ProdOrderer1_ProdOrdr_com:
                       container_name: ProdOrderer1_ProdOrdr_com
                       image: hyperledger/fabric-orderer:1.4.4
                       environment:
                          - ORDERER_GENERAL_LOGLEVEL=info
                          - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
                          - ORDERER_GENERAL_GENESISMETHOD=file
                          - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
                          - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer1/msp
                          # enabled TLS
                          - ORDERER_GENERAL_TLS_ENABLED=true
                          - ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
                          - ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
                          - ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
                          - ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
                          - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
                          - ORDERER_KAFKA_VERBOSE=true
                          - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
                          - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
                          - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
                         - FABRIC_LOGGING_SPEC=DEBUG
                         volumes:
                           - /opt/ProdNode/config/:/etc/hyperledger/configtx
                           - /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com:/etc/hyperledger/orderer1
                           - /opt/ProdNode/hyp-data/orderer1:/var/hyperledger/production/orderer1
                 working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
                 command: orderer
                 ports:
                    - 7050:7050
                deploy:
                   replicas: 1
                placement:
                   constraints:
                     - node.id == wohcakp6rt413tvqtnsd77o81
                depends_on: 
                restart: always
                networks:
                    - dev

         ProdOrderer2_ProdOrdr_com:
               container_name: ProdOrderer2_ProdOrdr_com
               image: hyperledger/fabric-orderer:1.4.4
               environment:
                   - ORDERER_GENERAL_LOGLEVEL=info
                   - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
                   - ORDERER_GENERAL_GENESISMETHOD=file
                   - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
                   - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer2/msp
                  # enabled TLS
                  - ORDERER_GENERAL_TLS_ENABLED=true
                  - ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
                  - ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
                  - ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
                  - ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
                  - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
                  - ORDERER_KAFKA_VERBOSE=true
                  - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
                  - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
                  - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
                  - FABRIC_LOGGING_SPEC=DEBUG
            volumes:
                - /opt/ProdNode/config/:/etc/hyperledger/configtx
                - /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com:/etc/hyperledger/orderer2
                - /opt/ProdNode/hyp-data/orderer2:/var/hyperledger/production/orderer2
            working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
            command: orderer
            ports:
                - 8050:7050
            deploy:
               replicas: 1
            placement:
            constraints:
               - node.id == wohcakp6rt413tvqtnsd77o81
           depends_on: 
           restart: always
           networks:
              - dev

         ProdOrderer3_ProdOrdr_com:
         container_name: ProdOrderer3_ProdOrdr_com


        ca_ProdOrg:
           image: hyperledger/fabric-ca:1.4.4
           environment:
                 - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
                 - FABRIC_CA_SERVER_CA_NAME=ca_ProdOrg
                 - FABRIC_CA_SERVER_TLS_ENABLED=true
                 - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem
                 - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk
           ports:
             - "7054:7054"
           command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk -b admina:adminpw -d'
           volumes:
                - /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/ca/:/etc/hyperledger/fabric-ca-server-config
          container_name: ca_ProdOrg
          networks:
                - dev
          deploy:
              replicas: 1
         placement:
             constraints:
                - node.id == wohcakp6rt413tvqtnsd77o81
         restart: always
         depends_on: 
                - ProdOrderer1_ProdOrdr_com
                - ProdOrderer2_ProdOrdr_com
                - ProdOrderer1_ProdOrdr_com
       HOSTA_peerProd_com:
             container_name: HOSTA_peerProd_com
             image: hyperledger/fabric-peer:1.4.4
             environment:
                 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
                 - CORE_PEER_ID=HOSTA_peerProd_com
                 - CORE_PEER_LOCALMSPID=ProdOrgMSP
                 - CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
                 - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb_HOSTA_peerProd_com:5984
                 - CORE_PEER_GOSSIP_BOOTSTRAP=HOSTA_peerProd_com:7051
                 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=HOSTA_peerProd_com:7051
                 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
                 - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=swarm_dev
                 - CORE_LOGGING_PEER=INFO
                 - CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
                 - CORE_PEER_GOSSIP_USELEADERELECTION=true
                 - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
                 - CORE_PEER_GOSSIP_ORGLEADER=false
                 - CORE_PEER_PROFILE_ENABLED=true
                 #TLS Settings 
                 - CORE_PEER_TLS_ENABLED=true
                 - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
                 - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
                 - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
                 #Couch DB config
                - CORE_LEDGER_STATE_STATEDATABASE=CouchDB
                - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
                - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=P@ss123
           volumes:
              - /var/run/:/host/var/run/
              - /opt/ProdNode/config/:/etc/hyperledger/configtx
              - /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com:/etc/hyperledger/peer
              - /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/users:/etc/hyperledger/users
              - /opt/ProdNode/hyp-data/peer-1_1/:/var/hyperledger/production
           working_dir: /opt/gopath/src/github.com/hyperledger/peer
           command: peer node start
           deploy:
             replicas: 1
             placement:
                 constraints:
                   - node.id == wohcakp6rt413tvqtnsd77o81
           restart: always
           ports:
                 - 7051:7051
                 - 7053:7053
          depends_on:
                - ProdOrderer1_ProdOrdr_com
                - ProdOrderer2_ProdOrdr_com
                - ProdOrderer1_ProdOrdr_com
                - couchdb_HOSTA_peerProd_com
                - ca_ProdOrg
         networks:
               - dev

        couchdb_HOSTA_peerProd_com:
            container_name: couchdb_HOSTA_peerProd_com


          ca_ProdOrgA:
             image: hyperledger/fabric-ca:1.4.4

            HOSTA_peerProdA_com:
             container_name: HOSTA_peerProdA_com
             image: hyperledger/fabric-peer:1.4.4

          couchdb_HOSTA_peerProdA_com:
             container_name: couchdb_HOSTA_peerProdA_com


        cli:
          container_name: cli
          image: hyperledger/fabric-tools:1.4.4
          tty: true
          environment:
              - GOPATH=/opt/gopath
              - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
              - FABRIC_LOGGING_SPEC=DEBUG
              - CORE_PEER_ID=cli
              - CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
              - CORE_PEER_LOCALMSPID=ProdOrgMSP
              - CORE_PEER_TLS_ENABLED=true #Should be kept to true if not running event listenr
              - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.crt
              - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.key
             - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/ca.crt
             - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/users/Admin@peerProd_com/msp
           - CORE_CHAINCODE_KEEPALIVE=10
        working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
        command: /bin/bash
        deploy:
           replicas: 1
           placement:
               constraints:
                   - node.id == wohcakp6rt413tvqtnsd77o81
        volumes:
             - /var/run/:/host/var/run/
             - ./../chaincode/:/opt/gopath/src/github.com/chaincode/
             - ./crypto-config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
             - ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/configtx
             - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
       networks:
           - dev
       depends_on:
          - ProdOrderer1_ProdOrdr_com
          - ProdOrderer2_ProdOrdr_com
          - ProdOrderer3_ProdOrdr_com
          - HOSTA_peerProd_com
          - HOSTA_peerProdA_com

谁能帮我解决我面临的错误?

以下错误消息说明了一切:

2020-02-14 06:00:12.124 UTC [grpc] createTransport -> DEBU 042 grpc: addrConn.createTransport failed to connect to {ProdOrderer1_ProdOrdr_com:7050 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for ProdOrderer1.ProdOrdr_com, ProdOrderer1, localhost, not ProdOrderer1_ProdOrdr_com". Reconnecting...

您用于连接的主机名 - ProdOrderer1_ProdOrdr_com - 与 TLS 证书中的有效名称不匹配。 cryptogen 的工作方式是它使用 '{{.Hostname}}.{{.Domain}}' 格式自动添加 CommonName,因此 ProdOrderer1.ProdOrdr_com。由于 Docker Swarm 的命名规则,我假设您使用了不同的命名约定,所以如果您真的需要使用 ProdOrderer1_ProdOrdr_com 那么您将需要修改您的crypto-config.yaml 覆盖用于生成每个证书中使用的 CommonName 的模板:

OrdererOrgs:
  - Name: ProdOrderer
    Domain: ProdOrdr_com
    Specs:
      - Hostname: ProdOrderer1
        CommonName: '{{.Hostname}}_{{.Domain}}'
        SANS:
          - localhost
          - 127.0.0.1
      - Hostname: ProdOrderer2
        CommonName: '{{.Hostname}}_{{.Domain}}'
        SANS:
          - localhost
          - 127.0.0.1
      - Hostname: ProdOrderer3
        CommonName: '{{.Hostname}}_{{.Domain}}'
        SANS:
          - localhost
          - 127.0.0.1