在 docker 容器中创建对等通道失败并显示:身份无效:x509:未知授权机构签署的证书
Peer Channel Create in docker container fails with: identity is not valid: x509: certificate signed by unknown authority
我正在为 Hyperledger Fabric 1.4 的区块链培训联盟学习 course。*
我正在尝试在开发测试网络上启动频道,但不断收到以下错误:
2020-07-07 01:41:48.496 UTC [cauthdsl] deduplicate -> ERRO 34f Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority) for identity 0
我在 中看到网络时间同步问题可能会导致此问题。我在容器和主机 VM 上的时间似乎确实不同,所以我在启动网络之前在主机 VM 上安装了 ntpdate 和 运行 sudo ntpdate pool.ntp.org。这解决了时间问题,但上面的错误仍然存在。
根据 Nikhil Gupta's post,此错误表明“订购服务无法识别作为请求参数传递的 MSP ID。”
“订购服务识别了您的 MSP ID,但无法验证您的证书是由您组织的证书颁发机构之一颁发的。”
我正在使用 cryptogen 和 configtxgen 来创建我的工件,如下所示:
$cryptogen generate --config=./crypto-config.yaml
然后我编辑 docker-compose.yml 以包含新生成的 sk 值并继续:
$configtxgen -profile DefaultBlockOrderingService -outputBlock ./config/genesis.block -configPath $PWD
$configtxgen -profile btaMembersOnly -outputCreateChannelTx ./config/btamembersonly.tx -channelID btamembersonly
成功创建创世块和通道 t运行saction 工件后,我启动网络:
$docker-compose -f docker-compose.yml up -d Devorderer.btacoin.com Andy.BTA.btacoin.com GeneralCA.btacoin.com cli
andy@ubuntu-server:~/fabric/network$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f406f488ede5 hyperledger/fabric-peer "peer node start" 4 seconds ago Up 1 second 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp Andy.BTA.btacoin.com
0900795b1368 hyperledger/fabric-tools "/bin/bash" 4 seconds ago Up 2 seconds cli
c4946b315b08 hyperledger/fabric-orderer "orderer" 6 seconds ago Up 3 seconds 0.0.0.0:7050->7050/tcp Devorderer.btacoin.com
2e66b1d981f5 hyperledger/fabric-ca "sh -c 'fabric-ca-se…" 6 seconds ago Up 3 seconds 0.0.0.0:7054->7054/tcp GeneralCA.btacoin.com
然后我登录到管理端并尝试启动频道:
$docker exec -it Andy.BTA.btacoin.com bash
#cd /etc/hyperledger/configtx
#export CORE_PEER_LOCALMSPID=BTAMSP
#export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin@BTA.btacoin.com/msp
#peer channel create -o Devorderer.btacoin.com:7050 -f /etc/hyperledger/configtx/btamembersonly.tx -c btamembersonly
此时,我得到以下错误:
Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'btamembersonly', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
此时orderer节点日志出现开头提到的错误:
2020-07-07 01:57:04.947 UTC [cauthdsl] deduplicate -> ERRO 34f Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority) for identity 0
2020-07-07 01:57:04.947 UTC [cauthdsl] func1 -> DEBU 350 0xc00046e820 gate 1594087024947536840 evaluation starts
2020-07-07 01:57:04.947 UTC [cauthdsl] func2 -> DEBU 351 0xc00046e820 signed by 0 principal evaluation starts (used [false])
2020-07-07 01:57:04.947 UTC [cauthdsl] func2 -> DEBU 352 0xc00046e820 principal evaluation fails
2020-07-07 01:57:04.947 UTC [cauthdsl] func1 -> DEBU 353 0xc00046e820 gate 1594087024947536840 evaluation fails
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 354 Signature set did not satisfy policy /Channel/Application/BTAMSP/Admins
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 355 == Done Evaluating *cauthdsl.policy Policy /Channel/Application/BTAMSP/Admins
2020-07-07 01:57:04.947 UTC [policies] func1 -> DEBU 356 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ BTAMSP/Admins ]
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 357 Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 358 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy
2020-07-07 01:57:04.947 UTC [orderer.common.broadcast] ProcessMessage -> WARN 359 [channel: btamembersonly] Rejecting broadcast of config message from 172.18.0.4:56024 because of error: error validating channel creation transaction for new channel 'btamembersonly', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
2020-07-07 01:57:04.947 UTC [orderer.common.server] func1 -> DEBU 35a Closing Broadcast stream
2020-07-07 01:57:04.947 UTC [comm.grpc.server] 1 -> INFO 35b streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=172.18.0.4:56024 grpc.code=OK grpc.call_duration=12.196088ms
2020-07-07 01:57:04.960 UTC [common.deliver] Handle -> WARN 35c Error reading from 172.18.0.4:56022: rpc error: code = Canceled desc = context canceled
2020-07-07 01:57:04.961 UTC [orderer.common.server] func1 -> DEBU 35d Closing Deliver stream
2020-07-07 01:57:04.961 UTC [comm.grpc.server] 1 -> INFO 35e streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.18.0.4:56022 error="rpc error: code = Canceled desc = context canceled" grpc.code=Canceled grpc.call_duration=27.125361ms
2020-07-07 01:57:04.964 UTC [grpc] infof -> DEBU 35f transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2020-07-07 01:57:04.964 UTC [grpc] infof -> DEBU 360 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
我不太确定下一步应该去哪里进行故障排除。
我的设置如下(如果遗漏任何关键信息,请告诉我):
andy@ubuntu-server:~/fabric/network$ tree -L 2
.
├── config
│ ├── btamembersonly.tx
│ └── genesis.block
├── configtx.yaml
├── crypto-config
│ ├── ordererOrganizations
│ └── peerOrganizations
├── crypto-config.yaml
├── defaults
│ ├── core.yaml
│ └── orderer.yaml
└── docker-compose.yml
docker-compose.yml:
andy@ubuntu-server:~/fabric/network$ cat -n docker-compose.yml
1 version: '2'
2
3 networks:
4 btacoin:
5
6 services:
7 GeneralCA.btacoin.com:
8 container_name: GeneralCA.btacoin.com
9 image: hyperledger/fabric-ca
10 command: sh -c 'fabric-ca-server start -b btaCA:SimplePassword' #startup command
11 environment:
12 - FABRIC_CA_SERVER_CA_NAME=GeneralCA.btacoin.com
13 - FABRIC_LOGGING_SPEC=debug
14 - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
15 - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.BTA.btacoin.com-cert.pem
16 - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/ccb94b9473ef97a36b7d83beeb80583e9a2bda50ca5a392071b3c96185948ed7_sk
17 volumes:
18 - ./crypto-config/peerOrganizations/BTA.btacoin.com/ca/:/etc/hyperledger/fabric-ca-server-config
19 ports:
20 - 7054:7054
21 networks:
22 - btacoin
23
24 Devorderer.btacoin.com:
25 container_name: Devorderer.btacoin.com
26 image: hyperledger/fabric-orderer
27 command: orderer #startup command
28 environment:
29 - FABRIC_LOGGING_SPEC=info
30 - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
31 - ORDERER_GENERAL_GENESISMETHOD=file
32 - FABRIC_LOGGING_SPEC=debug
33 - ORDERER_GENERAL_LOCALMSPID=btacoinOrderersMSP
34 - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
35 - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
36
37 volumes:
38 - ./config/:/etc/hyperledger/configtx
39 - ./crypto-config/ordererOrganizations/btacoin.com/orderers/Devorderer.btacoin.com/:/etc/hyperledger/msp/orderer
40 - ./crypto-config/peerOrganizations/BTA.btacoin.com/peers/Andy.BTA.btacoin.com/:/etc/hyperledger/msp/BTA
41 ports:
42 - 7050:7050
43 networks:
44 - btacoin
45
46 Andy.BTA.btacoin.com:
47 container_name: Andy.BTA.btacoin.com
48 image: hyperledger/fabric-peer
49 command: peer node start #startup command
50 environment:
51 - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_btacoin
52 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
53 - FABRIC_LOGGING_SPEC=debug
54 - CORE_PEER_ID=Andy.BTA.btacoin.com
55 - CORE_PEER_ADDRESS=Andy.BTA.btacoin.com:7051
56 - CORE_PEER_LOCALMSPID=BTAMSP
57 - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
58
59 volumes:
60 - /var/run/:/host/var/run/
61 - ./crypto-config/peerOrganizations/BTA.btacoin.com/peers/Andy.BTA.btacoin.com/msp:/etc/hyperledger/msp/peer
62 - ./crypto-config/peerOrganizations/BTA.btacoin.com/users:/etc/hyperledger/msp/users
63 - ./config:/etc/hyperledger/configtx
64 - ./../cc:/etc/hyperledger/chaincode
65 - ./chaincode:/etc/hyperledger/chaincode #Referenced in the Student Lab Guide
66 ports:
67 - 7051:7051
68 - 7053:7053
69 depends_on:
70 - Devorderer.btacoin.com
71 networks:
72 - btacoin
73
74 cli:
75 container_name: cli
76 image: hyperledger/fabric-tools
77 command: /bin/bash #startup command
78 tty: true
79 environment:
80 - GOPATH=/opt/gopath/src
81 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
82 - FABRIC_LOGGING_SPEC=debug
83 - CORE_PEER_ID=cli
84 - CORE_PEER_ADDRESS=Andy.BTA.btacoin.com:7051
85 - CORE_PEER_LOCALMSPID=BTAMSP
86 - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/BTA.btacoin.com/user/Admin@BTA.btacoin.com/msp
87
88 volumes:
89 - /var/run/:/host/var/run/
90 - ./../cc/:/opt/gopath/src/
91 - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
92 # - ./cryptoconfig:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
93 - ./config:/etc/hyperledger/configtx
94 depends_on:
95 - Devorderer.btacoin.com
96 networks:
97 - btacoin
configtx.yaml:
andy@ubuntu-server:~/fabric/network$ cat -n configtx.yaml
1 Organizations:
2 - &btacoinOrderers
3 Name: btacoinOrderersMSP
4 ID: btacoinOrderersMSP
5 MSPDir: crypto-config/ordererOrganizations/btacoin.com/msp
6 - &BTA
7 Name: BTAMSP
8 ID: BTAMSP
9 MSPDir: crypto-config/ordererOrganizations/btacoin.com/msp
10 AnchorPeers:
11 - Host: Andy.BTA.btacoin.com
12 Port: 7051
13
14 Application: &ApplicationDefaults
15 Organizations:
16
17 Orderer: &DevModeOrdering
18 OrdererType: solo
19 Addresses:
20 - Devorderer.btacoin.com:7050
21 BatchTimeout: 1s
22 BatchSize:
23 MaxMessageCount: 1
24
25 Channel:
26
27 Profiles:
28 DefaultBlockOrderingService:
29 Orderer:
30 <<: *DevModeOrdering
31 Organizations:
32 - *btacoinOrderers
33 Consortiums:
34 NetworkConsortium: #Note, in the video, this was called SampleConsortium
35 Organizations:
36 - *BTA
37 btaMembersOnly:
38 Consortium: NetworkConsortium #Note, in the video, this was called SampleConsortium
39 Application:
40 <<: *ApplicationDefaults
41 Organizations:
42 - *BTA
43
加密-config.yaml:
andy@ubuntu-server:~/fabric/network$ cat -n crypto-config.yaml
1 #Note: crypto-config is only used for development purposes, NOT for production purposes
2 #For production, you should have the Certificate Authority manage things!
3 OrdererOrgs:
4 - Name: btacoinOrderers
5 Domain: btacoin.com
6 Specs:
7 - Hostname: Devorderer
8
9 PeerOrgs:
10 - Name: BTA
11 Domain: BTA.btacoin.com
12 Specs:
13 - Hostname: Andy
14 Template:
15 Count: 1
16 Users:
17 Count: 1
docker-compose.yml中使用的 CA 证书值:
andy@ubuntu-server:~/fabric/network$ ls ./crypto-config/peerOrganizations/BTA.btacoin.com/ca
ca.BTA.btacoin.com-cert.pem ccb94b9473ef97a36b7d83beeb80583e9a2bda50ca5a392071b3c96185948ed7_sk
orderer.yaml 和 core.yaml 来自:
https://s3.us-east-2.amazonaws.com/fabric-masterclass/orderer.yaml
https://s3.us-east-2.amazonaws.com/fabric-masterclass/core.yaml
Docker 图片来自:
docker pull hyperledger/fabric-peer
docker pull hyperledger/fabric-orderer
docker pull hyperledger/fabric-ca
docker pull hyperledger/fabric-tools
*该课程是自学的,没有可用的论坛或课程支持。如果有别的渠道求助,我就不会post了。 (在 post 到这里之前,我试着给课程创建者发电子邮件寻求帮助。)
According to Nikhil Gupta's post, this error indicates that "the MSP ID that was passed as a parameter with the request was not recognized by the ordering service."
实际上,这不是真的。如果你仔细阅读这个post,你会看到错误
ERRO 02d Principal deserialization failure
(the supplied identity is not valid: x509: certificate usigned by unknown authority)
实际上表明MSPID 是系统识别的,实际上是您的证书无效。因此,要么是 MSPID 与证书不匹配,要么是 CA 在您的通道配置中没有为该 MSPID 适当地颁发证书。
在你的例子中,基于这是一个课程练习,而不是一个生产网络,我猜想网络可能已经被引导了多次,但没有正确清理其间所有持久化的工件脚步。我鼓励您确保所有 docker 容器,尤其是 docker 卷已被删除,并尝试在干净的环境中重现此故障。您包含的 docker-compose 会枚举卷,您可以通过 docker volume ls 查看它们,并且您可以使用 docker volume rm $(docker volume ls -q).
之类的命令删除它们
正如我在评论中提到的,课程创建者向我发送了一份官方 YAML 文件的副本以供比较。将这些文件与我的文件进行比较后,我发现 我在 configtx.yaml 中为对等点输入了错误的 MSP。
我没有指向同行的 MSP,而是指向订购者的 MSP!
原文(有误):
6 - &BTA
7 Name: BTAMSP
8 ID: BTAMSP
9 MSPDir: crypto-config/ordererOrganizations/btacoin.com/msp
10 AnchorPeers:
11 - Host: Andy.BTA.btacoin.com
12 Port: 7051
更正行:
9 MSPDir: crypto-config/peerOrganizations/BTA.btacoin.com/msp
修复此行后,我能够成功创建新频道。
我正在为 Hyperledger Fabric 1.4 的区块链培训联盟学习 course。*
我正在尝试在开发测试网络上启动频道,但不断收到以下错误:
2020-07-07 01:41:48.496 UTC [cauthdsl] deduplicate -> ERRO 34f Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority) for identity 0
我在 ntpdate 和 运行 sudo ntpdate pool.ntp.org。这解决了时间问题,但上面的错误仍然存在。
根据 Nikhil Gupta's post,此错误表明“订购服务无法识别作为请求参数传递的 MSP ID。”
“订购服务识别了您的 MSP ID,但无法验证您的证书是由您组织的证书颁发机构之一颁发的。”
我正在使用 cryptogen 和 configtxgen 来创建我的工件,如下所示:
$cryptogen generate --config=./crypto-config.yaml
然后我编辑 docker-compose.yml 以包含新生成的 sk 值并继续:
$configtxgen -profile DefaultBlockOrderingService -outputBlock ./config/genesis.block -configPath $PWD
$configtxgen -profile btaMembersOnly -outputCreateChannelTx ./config/btamembersonly.tx -channelID btamembersonly
成功创建创世块和通道 t运行saction 工件后,我启动网络:
$docker-compose -f docker-compose.yml up -d Devorderer.btacoin.com Andy.BTA.btacoin.com GeneralCA.btacoin.com cli
andy@ubuntu-server:~/fabric/network$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f406f488ede5 hyperledger/fabric-peer "peer node start" 4 seconds ago Up 1 second 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp Andy.BTA.btacoin.com
0900795b1368 hyperledger/fabric-tools "/bin/bash" 4 seconds ago Up 2 seconds cli
c4946b315b08 hyperledger/fabric-orderer "orderer" 6 seconds ago Up 3 seconds 0.0.0.0:7050->7050/tcp Devorderer.btacoin.com
2e66b1d981f5 hyperledger/fabric-ca "sh -c 'fabric-ca-se…" 6 seconds ago Up 3 seconds 0.0.0.0:7054->7054/tcp GeneralCA.btacoin.com
然后我登录到管理端并尝试启动频道:
$docker exec -it Andy.BTA.btacoin.com bash
#cd /etc/hyperledger/configtx
#export CORE_PEER_LOCALMSPID=BTAMSP
#export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin@BTA.btacoin.com/msp
#peer channel create -o Devorderer.btacoin.com:7050 -f /etc/hyperledger/configtx/btamembersonly.tx -c btamembersonly
此时,我得到以下错误:
Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'btamembersonly', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
此时orderer节点日志出现开头提到的错误:
2020-07-07 01:57:04.947 UTC [cauthdsl] deduplicate -> ERRO 34f Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority) for identity 0
2020-07-07 01:57:04.947 UTC [cauthdsl] func1 -> DEBU 350 0xc00046e820 gate 1594087024947536840 evaluation starts
2020-07-07 01:57:04.947 UTC [cauthdsl] func2 -> DEBU 351 0xc00046e820 signed by 0 principal evaluation starts (used [false])
2020-07-07 01:57:04.947 UTC [cauthdsl] func2 -> DEBU 352 0xc00046e820 principal evaluation fails
2020-07-07 01:57:04.947 UTC [cauthdsl] func1 -> DEBU 353 0xc00046e820 gate 1594087024947536840 evaluation fails
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 354 Signature set did not satisfy policy /Channel/Application/BTAMSP/Admins
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 355 == Done Evaluating *cauthdsl.policy Policy /Channel/Application/BTAMSP/Admins
2020-07-07 01:57:04.947 UTC [policies] func1 -> DEBU 356 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ BTAMSP/Admins ]
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 357 Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
2020-07-07 01:57:04.947 UTC [policies] Evaluate -> DEBU 358 == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy
2020-07-07 01:57:04.947 UTC [orderer.common.broadcast] ProcessMessage -> WARN 359 [channel: btamembersonly] Rejecting broadcast of config message from 172.18.0.4:56024 because of error: error validating channel creation transaction for new channel 'btamembersonly', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
2020-07-07 01:57:04.947 UTC [orderer.common.server] func1 -> DEBU 35a Closing Broadcast stream
2020-07-07 01:57:04.947 UTC [comm.grpc.server] 1 -> INFO 35b streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Broadcast grpc.peer_address=172.18.0.4:56024 grpc.code=OK grpc.call_duration=12.196088ms
2020-07-07 01:57:04.960 UTC [common.deliver] Handle -> WARN 35c Error reading from 172.18.0.4:56022: rpc error: code = Canceled desc = context canceled
2020-07-07 01:57:04.961 UTC [orderer.common.server] func1 -> DEBU 35d Closing Deliver stream
2020-07-07 01:57:04.961 UTC [comm.grpc.server] 1 -> INFO 35e streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.18.0.4:56022 error="rpc error: code = Canceled desc = context canceled" grpc.code=Canceled grpc.call_duration=27.125361ms
2020-07-07 01:57:04.964 UTC [grpc] infof -> DEBU 35f transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2020-07-07 01:57:04.964 UTC [grpc] infof -> DEBU 360 transport: loopyWriter.run returning. connection error: desc = "transport is closing"
我不太确定下一步应该去哪里进行故障排除。
我的设置如下(如果遗漏任何关键信息,请告诉我):
andy@ubuntu-server:~/fabric/network$ tree -L 2
.
├── config
│ ├── btamembersonly.tx
│ └── genesis.block
├── configtx.yaml
├── crypto-config
│ ├── ordererOrganizations
│ └── peerOrganizations
├── crypto-config.yaml
├── defaults
│ ├── core.yaml
│ └── orderer.yaml
└── docker-compose.yml
docker-compose.yml:
andy@ubuntu-server:~/fabric/network$ cat -n docker-compose.yml
1 version: '2'
2
3 networks:
4 btacoin:
5
6 services:
7 GeneralCA.btacoin.com:
8 container_name: GeneralCA.btacoin.com
9 image: hyperledger/fabric-ca
10 command: sh -c 'fabric-ca-server start -b btaCA:SimplePassword' #startup command
11 environment:
12 - FABRIC_CA_SERVER_CA_NAME=GeneralCA.btacoin.com
13 - FABRIC_LOGGING_SPEC=debug
14 - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
15 - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.BTA.btacoin.com-cert.pem
16 - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/ccb94b9473ef97a36b7d83beeb80583e9a2bda50ca5a392071b3c96185948ed7_sk
17 volumes:
18 - ./crypto-config/peerOrganizations/BTA.btacoin.com/ca/:/etc/hyperledger/fabric-ca-server-config
19 ports:
20 - 7054:7054
21 networks:
22 - btacoin
23
24 Devorderer.btacoin.com:
25 container_name: Devorderer.btacoin.com
26 image: hyperledger/fabric-orderer
27 command: orderer #startup command
28 environment:
29 - FABRIC_LOGGING_SPEC=info
30 - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
31 - ORDERER_GENERAL_GENESISMETHOD=file
32 - FABRIC_LOGGING_SPEC=debug
33 - ORDERER_GENERAL_LOCALMSPID=btacoinOrderersMSP
34 - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
35 - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
36
37 volumes:
38 - ./config/:/etc/hyperledger/configtx
39 - ./crypto-config/ordererOrganizations/btacoin.com/orderers/Devorderer.btacoin.com/:/etc/hyperledger/msp/orderer
40 - ./crypto-config/peerOrganizations/BTA.btacoin.com/peers/Andy.BTA.btacoin.com/:/etc/hyperledger/msp/BTA
41 ports:
42 - 7050:7050
43 networks:
44 - btacoin
45
46 Andy.BTA.btacoin.com:
47 container_name: Andy.BTA.btacoin.com
48 image: hyperledger/fabric-peer
49 command: peer node start #startup command
50 environment:
51 - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_btacoin
52 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
53 - FABRIC_LOGGING_SPEC=debug
54 - CORE_PEER_ID=Andy.BTA.btacoin.com
55 - CORE_PEER_ADDRESS=Andy.BTA.btacoin.com:7051
56 - CORE_PEER_LOCALMSPID=BTAMSP
57 - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
58
59 volumes:
60 - /var/run/:/host/var/run/
61 - ./crypto-config/peerOrganizations/BTA.btacoin.com/peers/Andy.BTA.btacoin.com/msp:/etc/hyperledger/msp/peer
62 - ./crypto-config/peerOrganizations/BTA.btacoin.com/users:/etc/hyperledger/msp/users
63 - ./config:/etc/hyperledger/configtx
64 - ./../cc:/etc/hyperledger/chaincode
65 - ./chaincode:/etc/hyperledger/chaincode #Referenced in the Student Lab Guide
66 ports:
67 - 7051:7051
68 - 7053:7053
69 depends_on:
70 - Devorderer.btacoin.com
71 networks:
72 - btacoin
73
74 cli:
75 container_name: cli
76 image: hyperledger/fabric-tools
77 command: /bin/bash #startup command
78 tty: true
79 environment:
80 - GOPATH=/opt/gopath/src
81 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
82 - FABRIC_LOGGING_SPEC=debug
83 - CORE_PEER_ID=cli
84 - CORE_PEER_ADDRESS=Andy.BTA.btacoin.com:7051
85 - CORE_PEER_LOCALMSPID=BTAMSP
86 - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/BTA.btacoin.com/user/Admin@BTA.btacoin.com/msp
87
88 volumes:
89 - /var/run/:/host/var/run/
90 - ./../cc/:/opt/gopath/src/
91 - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
92 # - ./cryptoconfig:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
93 - ./config:/etc/hyperledger/configtx
94 depends_on:
95 - Devorderer.btacoin.com
96 networks:
97 - btacoin
configtx.yaml:
andy@ubuntu-server:~/fabric/network$ cat -n configtx.yaml
1 Organizations:
2 - &btacoinOrderers
3 Name: btacoinOrderersMSP
4 ID: btacoinOrderersMSP
5 MSPDir: crypto-config/ordererOrganizations/btacoin.com/msp
6 - &BTA
7 Name: BTAMSP
8 ID: BTAMSP
9 MSPDir: crypto-config/ordererOrganizations/btacoin.com/msp
10 AnchorPeers:
11 - Host: Andy.BTA.btacoin.com
12 Port: 7051
13
14 Application: &ApplicationDefaults
15 Organizations:
16
17 Orderer: &DevModeOrdering
18 OrdererType: solo
19 Addresses:
20 - Devorderer.btacoin.com:7050
21 BatchTimeout: 1s
22 BatchSize:
23 MaxMessageCount: 1
24
25 Channel:
26
27 Profiles:
28 DefaultBlockOrderingService:
29 Orderer:
30 <<: *DevModeOrdering
31 Organizations:
32 - *btacoinOrderers
33 Consortiums:
34 NetworkConsortium: #Note, in the video, this was called SampleConsortium
35 Organizations:
36 - *BTA
37 btaMembersOnly:
38 Consortium: NetworkConsortium #Note, in the video, this was called SampleConsortium
39 Application:
40 <<: *ApplicationDefaults
41 Organizations:
42 - *BTA
43
加密-config.yaml:
andy@ubuntu-server:~/fabric/network$ cat -n crypto-config.yaml
1 #Note: crypto-config is only used for development purposes, NOT for production purposes
2 #For production, you should have the Certificate Authority manage things!
3 OrdererOrgs:
4 - Name: btacoinOrderers
5 Domain: btacoin.com
6 Specs:
7 - Hostname: Devorderer
8
9 PeerOrgs:
10 - Name: BTA
11 Domain: BTA.btacoin.com
12 Specs:
13 - Hostname: Andy
14 Template:
15 Count: 1
16 Users:
17 Count: 1
docker-compose.yml中使用的 CA 证书值:
andy@ubuntu-server:~/fabric/network$ ls ./crypto-config/peerOrganizations/BTA.btacoin.com/ca
ca.BTA.btacoin.com-cert.pem ccb94b9473ef97a36b7d83beeb80583e9a2bda50ca5a392071b3c96185948ed7_sk
orderer.yaml 和 core.yaml 来自:
https://s3.us-east-2.amazonaws.com/fabric-masterclass/orderer.yaml
https://s3.us-east-2.amazonaws.com/fabric-masterclass/core.yaml
Docker 图片来自:
docker pull hyperledger/fabric-peer
docker pull hyperledger/fabric-orderer
docker pull hyperledger/fabric-ca
docker pull hyperledger/fabric-tools
*该课程是自学的,没有可用的论坛或课程支持。如果有别的渠道求助,我就不会post了。 (在 post 到这里之前,我试着给课程创建者发电子邮件寻求帮助。)
According to Nikhil Gupta's post, this error indicates that "the MSP ID that was passed as a parameter with the request was not recognized by the ordering service."
实际上,这不是真的。如果你仔细阅读这个post,你会看到错误
ERRO 02d Principal deserialization failure
(the supplied identity is not valid: x509: certificate usigned by unknown authority)
实际上表明MSPID 是系统识别的,实际上是您的证书无效。因此,要么是 MSPID 与证书不匹配,要么是 CA 在您的通道配置中没有为该 MSPID 适当地颁发证书。
在你的例子中,基于这是一个课程练习,而不是一个生产网络,我猜想网络可能已经被引导了多次,但没有正确清理其间所有持久化的工件脚步。我鼓励您确保所有 docker 容器,尤其是 docker 卷已被删除,并尝试在干净的环境中重现此故障。您包含的 docker-compose 会枚举卷,您可以通过 docker volume ls 查看它们,并且您可以使用 docker volume rm $(docker volume ls -q).
正如我在评论中提到的,课程创建者向我发送了一份官方 YAML 文件的副本以供比较。将这些文件与我的文件进行比较后,我发现 我在 configtx.yaml 中为对等点输入了错误的 MSP。 我没有指向同行的 MSP,而是指向订购者的 MSP!
原文(有误):
6 - &BTA
7 Name: BTAMSP
8 ID: BTAMSP
9 MSPDir: crypto-config/ordererOrganizations/btacoin.com/msp
10 AnchorPeers:
11 - Host: Andy.BTA.btacoin.com
12 Port: 7051
更正行:
9 MSPDir: crypto-config/peerOrganizations/BTA.btacoin.com/msp
修复此行后,我能够成功创建新频道。