试图建立Hyperledger Fabric网络：TLS错误[已解决]

Question

我几天来一直在尝试建立Hyperledger Fabric网络。我正在使用Hyperledger的2.0.0版本，并且所有这些都在使用Docker的一次缓存中运行。经过艰苦的努力，这就是现在困扰我的部分。我以为我大部分时间都花光了。这是文档中“您的第一个网络”的变体，仅更改了一些名称。有两个同行和五个订购者。当我用docker logs <container name>查看第一个订购者的日志时，我得到了，这不好：

(See below for an example.)

作为参考，我的docker-compose-cli.yaml的开头看起来像这样，因为明确添加订单似乎消除了一些错误：

version: '2'

volumes:
  orderer.diro.umontreal.ca:
  orderer2.diro.umontreal.ca:
  orderer3.diro.umontreal.ca:
  orderer4.diro.umontreal.ca:
  orderer5.diro.umontreal.ca:
  peer0.med1.diro.umontreal.ca:
  peer1.med1.diro.umontreal.ca:
  peer0.med2.diro.umontreal.ca:
  peer1.med2.diro.umontreal.ca:

networks:
  byfn:

services:

  orderer.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer.diro.umontreal.ca
    networks:
      - byfn

  orderer2.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer2.diro.umontreal.ca
    networks:
      - byfn

 orderer3.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer3.diro.umontreal.ca
    networks:
      - byfn

  orderer4.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer4.diro.umontreal.ca
    networks:
      - byfn

  orderer5.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer5.diro.umontreal.ca
    networks:
      - byfn

我的crypto-config.yaml的开头看起来像这样：

OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer
  - Name: Orderer2
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer2
  - Name: Orderer3
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer3
  - Name: Orderer4
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer4
  - Name: Orderer5
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer5

这是我的configx.yaml的一部分：

SampleMultiNodeEtcdRaft:
    <<: *ChannelDefaults
    Capabilities:
        <<: *ChannelCapabilities
    Orderer:
        <<: *OrdererDefaults
        OrdererType: etcdraft
        EtcdRaft:
            Consenters:
            - Host: orderer.diro.umontreal.ca
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/server.crt
            - Host: orderer2.diro.umontreal.ca
              Port: 8050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/server.crt
            - Host: orderer3.diro.umontreal.ca
              Port: 9050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/tls/server.crt
            - Host: orderer4.diro.umontreal.ca
              Port: 10050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/tls/server.crt
            - Host: orderer5.diro.umontreal.ca
              Port: 11050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/tls/server.crt
        Addresses:
            - orderer.diro.umontreal.ca:7050
            - orderer2.diro.umontreal.ca:8050
            - orderer3.diro.umontreal.ca:9050
            - orderer4.diro.umontreal.ca:10050
            - orderer5.diro.umontreal.ca:11050

[最初，所有ClientTLSCert和ServerTLSCert都具有相同的值，但是我更改了ClientTLSCert的值，细想一下，它们的参数是一个名为server.crt的文件是没有意义的。

但是我的订购者日志中仍然有所有错误。也许这很正常，但看起来并不正常。怎么了？

编辑：

基于下面的评论，我将configtx.yaml更改为开头：

Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg

        # ID to load the MSP definition as
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/

我将docker-compose-base.yaml开头为：

version: '2'

services:

  orderer.diro.umontreal.ca:
    container_name: orderer.diro.umontreal.ca
    extends:
      file: peer-base.yaml
      service: orderer-base
    volumes:
        - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
        - orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
    ports:
      - 7050:7050

  orderer2.diro.umontreal.ca:
    container_name: orderer2.diro.umontreal.ca
    extends:
      file: peer-base.yaml
      service: orderer-base
    volumes:
        - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
        - orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
    ports:
      - 8050:8050

然后像这样继续，为每个订购者使用不同的端口和不同的路径。这些是在docker-compose-cli.yaml h中调用并扩展的订购者，但是，当我检查第一个订购者的日志时，我得到：

 Version: 2.0.0
 Commit SHA: 0432c3e
 Go version: go1.13.4
 OS/Arch: linux/amd64
2020-03-11 19:11:39.757 UTC [orderer.common.server] Main -> INFO 020 Beginning to serve requests
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 021 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57256
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 022 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33190
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 023 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54038
2020-03-11 19:11:39.966 UTC [orderer.consensus.etcdraft] apply -> INFO 024 Applied config change to add node 1, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 025 Applied config change to add node 2, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 026 Applied config change to add node 3, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 027 Applied config change to add node 4, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 028 Applied config change to add node 5, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:40.765 UTC [core.comm] ServerHandshake -> ERRO 029 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54068
2020-03-11 19:11:41.115 UTC [core.comm] ServerHandshake -> ERRO 02a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55468
2020-03-11 19:11:42.278 UTC [core.comm] ServerHandshake -> ERRO 02b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54086
2020-03-11 19:11:44.408 UTC [core.comm] ServerHandshake -> ERRO 02c TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57326
2020-03-11 19:11:44.630 UTC [core.comm] ServerHandshake -> ERRO 02d TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54104
2020-03-11 19:11:47.384 UTC [core.comm] ServerHandshake -> ERRO 02e TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33268
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] Step -> INFO 02f 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 030 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] poll -> INFO 031 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 032 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 033 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 034 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 035 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 036 Failed to send StepRequest to 2, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 037 Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 038 Failed to send StepRequest to 4, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:49.344 UTC [core.comm] ServerHandshake -> ERRO 039 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54126
2020-03-11 19:11:50.057 UTC [core.comm] ServerHandshake -> ERRO 03a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57358
2020-03-11 19:11:51.337 UTC [core.comm] ServerHandshake -> ERRO 03b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55534
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] Step -> INFO 03c 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 03d 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] poll -> INFO 03e 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 03f 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 040 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 041 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 042 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:56.829 UTC [core.comm] ServerHandshake -> ERRO 043 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54158
2020-03-11 19:11:57.314 UTC [core.comm] ServerHandshake -> ERRO 044 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33314
2020-03-11 19:12:01.805 UTC [core.comm] ServerHandshake -> ERRO 045 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57392
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] Step -> INFO 046 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 047 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] poll -> INFO 048 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 049 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04a 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04b 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04c 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 04d Failed to send StepRequest to 5, because: aborted channel=byfn-sys-channel node=1

是的，我确实修剪了Docker容器和卷。

解决方案：Docker

因此，这是以非常令人惊讶的方式解决的。看来问题出在docker。我已经定期运行docker container prune和docker volume prune，但是运行docker rmi -f $(docker images -q)可使一切正常。我想它等于docker images prunne或类似的东西。我还没有尝试过。无论如何，尝试了之后，一切都正常了。

Answer 1

因此，这是以非常令人惊讶的方式解决的。看来问题出在docker。我已经定期运行docker container prune和docker volume prune，但是运行docker rmi -f $(docker images -q)可使一切正常。我想它等于docker images prunne或类似的东西。我还没有尝试过。无论如何，尝试了之后，一切都可以正常工作，即使重新启动后也可以继续工作。

试图建立Hyperledger Fabric网络：TLS错误[已解决]

问题描述投票：0回答：1

1个回答

最新问题

试图建立Hyperledger Fabric网络：TLS错误[已解决]

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1