尝试设置 Hyperledger Fabric 网络:错误的 TLS [已解决]
Trying to set up a Hyperledger Fabric network: bad TLS [SOLVED]
几天来我一直在尝试建立一个 Hyperledger Fabric 网络。我正在使用 Hyperledger 的 2.0.0 版,这一切都是 运行ning 在一个使用 Docker 的机器上。经过艰难的进步,这是现在困扰我的部分。我以为我已经解决了大部分问题。这是文档中 "Your first network" 的变体,仅更改了几个名称。有两个同行和五个订购者。当我查看带有 docker logs <container name> 的第一个订购者的日志时,我得到了这个,这并不好:
(See below for an example.)
有关信息,我的 docker-compose-cli.yaml 的开头看起来像这样,因为明确添加订单似乎消除了一些错误:
version: '2'
volumes:
orderer.diro.umontreal.ca:
orderer2.diro.umontreal.ca:
orderer3.diro.umontreal.ca:
orderer4.diro.umontreal.ca:
orderer5.diro.umontreal.ca:
peer0.med1.diro.umontreal.ca:
peer1.med1.diro.umontreal.ca:
peer0.med2.diro.umontreal.ca:
peer1.med2.diro.umontreal.ca:
networks:
byfn:
services:
orderer.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer.diro.umontreal.ca
networks:
- byfn
orderer2.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer2.diro.umontreal.ca
networks:
- byfn
orderer3.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer3.diro.umontreal.ca
networks:
- byfn
orderer4.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer4.diro.umontreal.ca
networks:
- byfn
orderer5.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer5.diro.umontreal.ca
networks:
- byfn
我的 crypto-config.yaml 的开头是这样的:
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
- Name: Orderer2
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer2
- Name: Orderer3
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer3
- Name: Orderer4
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer4
- Name: Orderer5
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer5
这是我的一部分 configx.yaml:
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.diro.umontreal.ca
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/server.crt
- Host: orderer2.diro.umontreal.ca
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/server.crt
- Host: orderer3.diro.umontreal.ca
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/tls/server.crt
- Host: orderer4.diro.umontreal.ca
Port: 10050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/tls/server.crt
- Host: orderer5.diro.umontreal.ca
Port: 11050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/tls/server.crt
Addresses:
- orderer.diro.umontreal.ca:7050
- orderer2.diro.umontreal.ca:8050
- orderer3.diro.umontreal.ca:9050
- orderer4.diro.umontreal.ca:10050
- orderer5.diro.umontreal.ca:11050
最初,所有 ClientTLSCert 和 ServerTLSCert 具有相同的值,但我更改了 ClientTLSCert 值,认为他们的参数是一个文件没有意义那叫 server.crt.
但我的订购者日志中仍然存在所有错误。也许这很正常,但看起来不正常。怎么了?
编辑:
根据下面的评论,我将 configtx.yaml 改为:
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/
我让 docker-compose-base.yaml 开始于:
version: '2'
services:
orderer.diro.umontreal.ca:
container_name: orderer.diro.umontreal.ca
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
- orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
ports:
- 7050:7050
orderer2.diro.umontreal.ca:
container_name: orderer2.diro.umontreal.ca
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
- orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
ports:
- 8050:8050
然后像这样继续为每个订购者使用不同的端口和不同的路径。这些是在 docker-compose-cli.yamlh 中调用和扩展的订购者但是,当我检查第一个订购者的日志时,我仍然得到:
Version: 2.0.0
Commit SHA: 0432c3e
Go version: go1.13.4
OS/Arch: linux/amd64
2020-03-11 19:11:39.757 UTC [orderer.common.server] Main -> INFO 020 Beginning to serve requests
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 021 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57256
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 022 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33190
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 023 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54038
2020-03-11 19:11:39.966 UTC [orderer.consensus.etcdraft] apply -> INFO 024 Applied config change to add node 1, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 025 Applied config change to add node 2, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 026 Applied config change to add node 3, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 027 Applied config change to add node 4, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 028 Applied config change to add node 5, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:40.765 UTC [core.comm] ServerHandshake -> ERRO 029 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54068
2020-03-11 19:11:41.115 UTC [core.comm] ServerHandshake -> ERRO 02a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55468
2020-03-11 19:11:42.278 UTC [core.comm] ServerHandshake -> ERRO 02b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54086
2020-03-11 19:11:44.408 UTC [core.comm] ServerHandshake -> ERRO 02c TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57326
2020-03-11 19:11:44.630 UTC [core.comm] ServerHandshake -> ERRO 02d TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54104
2020-03-11 19:11:47.384 UTC [core.comm] ServerHandshake -> ERRO 02e TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33268
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] Step -> INFO 02f 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 030 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] poll -> INFO 031 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 032 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 033 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 034 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 035 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 036 Failed to send StepRequest to 2, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 037 Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 038 Failed to send StepRequest to 4, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:49.344 UTC [core.comm] ServerHandshake -> ERRO 039 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54126
2020-03-11 19:11:50.057 UTC [core.comm] ServerHandshake -> ERRO 03a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57358
2020-03-11 19:11:51.337 UTC [core.comm] ServerHandshake -> ERRO 03b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55534
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] Step -> INFO 03c 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 03d 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] poll -> INFO 03e 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 03f 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 040 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 041 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 042 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:56.829 UTC [core.comm] ServerHandshake -> ERRO 043 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54158
2020-03-11 19:11:57.314 UTC [core.comm] ServerHandshake -> ERRO 044 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33314
2020-03-11 19:12:01.805 UTC [core.comm] ServerHandshake -> ERRO 045 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57392
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] Step -> INFO 046 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 047 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] poll -> INFO 048 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 049 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04a 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04b 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04c 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 04d Failed to send StepRequest to 5, because: aborted channel=byfn-sys-channel node=1
是的,我确实 p运行e docker 容器和卷。
解决方案:Docker
所以这个问题以一种非常令人惊讶的方式解决了。看来问题出在 docker 上。我经常 运行 docker container prune 和 docker volume prune,但是 运行ning docker rmi -f $(docker images -q) 让一切正常。我想它相当于 docker images prunne 或类似的东西。我还没有尝试过。无论如何,在尝试之后,一切正常。
所以这个问题以一种非常令人惊讶的方式解决了。问题似乎出在 docker 上。我经常有 运行 docker container prune 和 docker volume prune,但是 运行ning docker rmi -f $(docker images -q) 让一切正常。我想它相当于 docker images prunne 或类似的东西。我还没有尝试过。无论如何,在尝试之后,一切正常,即使在重新启动后也能继续工作。
几天来我一直在尝试建立一个 Hyperledger Fabric 网络。我正在使用 Hyperledger 的 2.0.0 版,这一切都是 运行ning 在一个使用 Docker 的机器上。经过艰难的进步,这是现在困扰我的部分。我以为我已经解决了大部分问题。这是文档中 "Your first network" 的变体,仅更改了几个名称。有两个同行和五个订购者。当我查看带有 docker logs <container name> 的第一个订购者的日志时,我得到了这个,这并不好:
(See below for an example.)
有关信息,我的 docker-compose-cli.yaml 的开头看起来像这样,因为明确添加订单似乎消除了一些错误:
version: '2'
volumes:
orderer.diro.umontreal.ca:
orderer2.diro.umontreal.ca:
orderer3.diro.umontreal.ca:
orderer4.diro.umontreal.ca:
orderer5.diro.umontreal.ca:
peer0.med1.diro.umontreal.ca:
peer1.med1.diro.umontreal.ca:
peer0.med2.diro.umontreal.ca:
peer1.med2.diro.umontreal.ca:
networks:
byfn:
services:
orderer.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer.diro.umontreal.ca
networks:
- byfn
orderer2.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer2.diro.umontreal.ca
networks:
- byfn
orderer3.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer3.diro.umontreal.ca
networks:
- byfn
orderer4.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer4.diro.umontreal.ca
networks:
- byfn
orderer5.diro.umontreal.ca:
extends:
file: base/docker-compose-base.yaml
service: orderer.diro.umontreal.ca
container_name: orderer5.diro.umontreal.ca
networks:
- byfn
我的 crypto-config.yaml 的开头是这样的:
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
- Name: Orderer2
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer2
- Name: Orderer3
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer3
- Name: Orderer4
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer4
- Name: Orderer5
Domain: diro.umontreal.ca
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer5
这是我的一部分 configx.yaml:
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.diro.umontreal.ca
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/server.crt
- Host: orderer2.diro.umontreal.ca
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/server.crt
- Host: orderer3.diro.umontreal.ca
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/tls/server.crt
- Host: orderer4.diro.umontreal.ca
Port: 10050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/tls/server.crt
- Host: orderer5.diro.umontreal.ca
Port: 11050
ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/tls/server.crt
Addresses:
- orderer.diro.umontreal.ca:7050
- orderer2.diro.umontreal.ca:8050
- orderer3.diro.umontreal.ca:9050
- orderer4.diro.umontreal.ca:10050
- orderer5.diro.umontreal.ca:11050
最初,所有 ClientTLSCert 和 ServerTLSCert 具有相同的值,但我更改了 ClientTLSCert 值,认为他们的参数是一个文件没有意义那叫 server.crt.
但我的订购者日志中仍然存在所有错误。也许这很正常,但看起来不正常。怎么了?
编辑:
根据下面的评论,我将 configtx.yaml 改为:
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/
MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/
我让 docker-compose-base.yaml 开始于:
version: '2'
services:
orderer.diro.umontreal.ca:
container_name: orderer.diro.umontreal.ca
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
- orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
ports:
- 7050:7050
orderer2.diro.umontreal.ca:
container_name: orderer2.diro.umontreal.ca
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
- ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
- orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
ports:
- 8050:8050
然后像这样继续为每个订购者使用不同的端口和不同的路径。这些是在 docker-compose-cli.yamlh 中调用和扩展的订购者但是,当我检查第一个订购者的日志时,我仍然得到:
Version: 2.0.0
Commit SHA: 0432c3e
Go version: go1.13.4
OS/Arch: linux/amd64
2020-03-11 19:11:39.757 UTC [orderer.common.server] Main -> INFO 020 Beginning to serve requests
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 021 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57256
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 022 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33190
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 023 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54038
2020-03-11 19:11:39.966 UTC [orderer.consensus.etcdraft] apply -> INFO 024 Applied config change to add node 1, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 025 Applied config change to add node 2, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 026 Applied config change to add node 3, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 027 Applied config change to add node 4, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 028 Applied config change to add node 5, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:40.765 UTC [core.comm] ServerHandshake -> ERRO 029 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54068
2020-03-11 19:11:41.115 UTC [core.comm] ServerHandshake -> ERRO 02a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55468
2020-03-11 19:11:42.278 UTC [core.comm] ServerHandshake -> ERRO 02b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54086
2020-03-11 19:11:44.408 UTC [core.comm] ServerHandshake -> ERRO 02c TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57326
2020-03-11 19:11:44.630 UTC [core.comm] ServerHandshake -> ERRO 02d TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54104
2020-03-11 19:11:47.384 UTC [core.comm] ServerHandshake -> ERRO 02e TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33268
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] Step -> INFO 02f 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 030 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] poll -> INFO 031 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 032 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 033 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 034 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 035 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 036 Failed to send StepRequest to 2, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 037 Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 038 Failed to send StepRequest to 4, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:49.344 UTC [core.comm] ServerHandshake -> ERRO 039 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54126
2020-03-11 19:11:50.057 UTC [core.comm] ServerHandshake -> ERRO 03a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57358
2020-03-11 19:11:51.337 UTC [core.comm] ServerHandshake -> ERRO 03b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55534
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] Step -> INFO 03c 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 03d 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] poll -> INFO 03e 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 03f 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 040 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 041 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 042 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:56.829 UTC [core.comm] ServerHandshake -> ERRO 043 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54158
2020-03-11 19:11:57.314 UTC [core.comm] ServerHandshake -> ERRO 044 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33314
2020-03-11 19:12:01.805 UTC [core.comm] ServerHandshake -> ERRO 045 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57392
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] Step -> INFO 046 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 047 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] poll -> INFO 048 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 049 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04a 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04b 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04c 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 04d Failed to send StepRequest to 5, because: aborted channel=byfn-sys-channel node=1
是的,我确实 p运行e docker 容器和卷。
解决方案:Docker
所以这个问题以一种非常令人惊讶的方式解决了。看来问题出在 docker 上。我经常 运行 docker container prune 和 docker volume prune,但是 运行ning docker rmi -f $(docker images -q) 让一切正常。我想它相当于 docker images prunne 或类似的东西。我还没有尝试过。无论如何,在尝试之后,一切正常。
所以这个问题以一种非常令人惊讶的方式解决了。问题似乎出在 docker 上。我经常有 运行 docker container prune 和 docker volume prune,但是 运行ning docker rmi -f $(docker images -q) 让一切正常。我想它相当于 docker images prunne 或类似的东西。我还没有尝试过。无论如何,在尝试之后,一切正常,即使在重新启动后也能继续工作。