在多主机上部署 Hyperledger Fabric 时,TLS 握手失败并出现错误 EOF

问题描述 投票:0回答:1

我正在尝试开发一个包,允许用户在多主机上动态部署 Hyperledger Fabric 对等节点和排序节点。

源代码已上传here以进一步澄清问题。您可以按照以下描述重现我遇到的问题。

首先,我在GCP上设置了两台机器,两台机器的环境设置如下图所示:

(https://i.stack.imgur.com/Q9Z4r.png)

然后我在它们之间设置 docker swarm,并使用覆盖网络。

我在两台机器上构建容器,但使用不同的组织名称和主机名。

然后我在第一台机器上创建一个通道,部署链码并调用它。到目前为止,一切都很好。剩下的是将第二个主机/组织添加到通道的一些简单步骤:第一个组织签署更新的配置包括组织二并更新通道,最后第二个主机/组织通过创世块加入通道。

但是,当我查看 docker 日志时,双方不断出现错误:

在第二台机器上,

...
orderer0.130.211.248.179    | 2023-08-28 06:42:37.014 UTC 043e WARN [orderer.common.cluster.puller] probeEndpoint -> Failed connecting to {"CAs":[{"Expired":false,"Issuer":"self","Subject":"CN=fabric-ca-server,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US"}],"Endpoint":"orderer0.34.81.53.133:7050"}: failed to create new connection: context deadline exceeded channel=biscechannel1
orderer0.130.211.248.179    | 2023-08-28 06:42:37.014 UTC 043f WARN [orderer.common.cluster.puller] func1 -> Received error of type 'failed to create new connection: context deadline exceeded' from orderer0.34.81.53.133:7050 channel=biscechannel1
orderer0.130.211.248.179    | 2023-08-28 06:42:37.014 UTC 0440 WARN [orderer.common.cluster.puller] connectToSomeEndpoint -> Could not connect to any endpoint of [{"CAs":[{"Expired":false,"Issuer":"self","Subject":"CN=fabric-ca-server,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US"}],"Endpoint":"orderer0.34.81.53.133:7050"}] channel=biscechannel1
orderer0.130.211.248.179    | 2023-08-28 06:42:37.014 UTC 0441 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 5.000078214s with error: context canceled remoteaddress=10.0.1.5:7050
peer0.130.211.248.179       | 2023-08-28 06:42:37.414 UTC 02c2 WARN [peer.blocksprovider] DeliverBlocks -> Could not connect to ordering service: could not dial endpoint 'orderer0.34.81.53.133:7050': failed to create new connection: context deadline exceeded channel=biscechannel1
peer0.130.211.248.179       | 2023-08-28 06:42:37.415 UTC 02c3 WARN [peer.blocksprovider] DeliverBlocks -> Disconnected from ordering service. Attempt to re-connect in 5m4.771s channel=biscechannel1
peer0.130.211.248.179       | 2023-08-28 06:42:37.415 UTC 02c4 ERRO [comm.tls] ClientHandshake -> Client TLS handshake failed after 2.998565787s with error: context canceled remoteaddress=10.0.1.5:7050
...

在第一台机器上,

...
orderer0.34.81.53.133    | 2023-08-28 06:42:14.125 UTC 0abb INFO [orderer.consensus.etcdraft] hup -> 1 is starting a new election at term 2 channel=biscechannel1 node=1
orderer0.34.81.53.133    | 2023-08-28 06:42:14.125 UTC 0abc INFO [orderer.consensus.etcdraft] becomePreCandidate -> 1 became pre-candidate at term 2 channel=biscechannel1 node=1
orderer0.34.81.53.133    | 2023-08-28 06:42:14.125 UTC 0abd INFO [orderer.consensus.etcdraft] poll -> 1 received MsgPreVoteResp from 1 at term 2 channel=biscechannel1 node=1
orderer0.34.81.53.133    | 2023-08-28 06:42:14.125 UTC 0abe INFO [orderer.consensus.etcdraft] campaign -> 1 [logterm: 2, index: 8] sent MsgPreVote request to 2 at term 2 channel=biscechannel1 node=1
orderer0.34.81.53.133    | 2023-08-28 06:42:14.125 UTC 0abf ERRO [orderer.consensus.etcdraft] logSendFailure -> Failed to send StepRequest to 2, because: EOF channel=biscechannel1 node=1
orderer0.34.81.53.133    | 2023-08-28 06:42:17.008 UTC 0ac0 ERRO [core.comm] ServerHandshake -> Server TLS handshake failed in 4.99736537s with error EOF server=Orderer remoteaddress=10.0.1.11:54756
...

它们似乎无法相互访问,但是当我尝试从另一台机器上的容器 ping 一台机器上的容器时,它实际上有效。

在该网站和 Hyperledger Discord 频道上搜索后,大多数人表示他们通过调整 CA 来解决 TLS 握手问题。但正如你在日志中看到的,如果这是一个 CA 问题,以我有限的经验,我认为应该有像 

tls: bad certificate
x509: certificate signed by unknown authority
这样的消息,但它只是说 
TLS handshake failed with error EOF
。我知道这并不意味着它一定不是 CA 问题,但无论有没有这个假设,我都找不到问题所在。

我录制了一个视频来演示整个过程在这里

请提供帮助或尝试提供一些解决此问题的想法。提前非常感谢。

docker hyperledger-fabric hyperledger docker-swarm ca
1个回答
0
投票

它们在同一个 docker 实例中运行?在我看来,这就像不同网络中的主机或没有名称解析的主机。

Docker 容器可以到达每个容器,因为它有一个按容器名称的“内部 dns 解析器”,但如果没有,则仅使用没有 DNS 解析的名称是不可能的。也许 HLF 主机(CA 服务器、Orderer 和 Peers)也可以通过直接 IP 连接进行连接,但这很不寻常,并且这取决于 yaml 配置文件(configtx.yaml、orderer.yaml、core.yaml)中的调整

如果你想更好地理解,可以看一下我的项目:https://github.com/hectordufau/dockerfabricwizard/

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.