官方的hyperledger fabric v1.0.0使用docker进行了简单的演示。这是链接。
我正在做的是避免使用docker并直接在机器上运行它们。感谢上一个问题的答案,我已经成功推出了1个独立订购者和两个同行,每个都来自一个组织。
这是orderer的配置orderer.yaml的一部分,我确信tls相关路径设置正确。
General:
# Ledger Type: The ledger type to provide to the orderer.
# Two non-production ledger types are provided for test purposes only:
# - ram: An in-memory ledger whose contents are lost on restart.
# - json: A simple file ledger that writes blocks to disk in JSON format.
# Only one production ledger type is provided:
# - file: A production file-based ledger.
LedgerType: file
# Listen address: The IP on which to bind to listen.
ListenAddress: 127.0.0.1
# Listen port: The port on which to bind to listen.
ListenPort: 7040
# TLS: TLS settings for the GRPC server.
TLS:
Enabled: true
PrivateKey: ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
Certificate: ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
RootCAs:
- ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
ClientAuthEnabled: false
ClientRootCAs:
# Log Level: The level at which to log. This accepts logging specifications
# per: fabric/docs/Setup/logging-control.md
LogLevel: debug
但是,当我想使用命令创建频道时如下:
export FABRIC_CFG_PATH=$PWD
export CHANNEL_NAME=my_channel
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=127.0.0.1:7001
peer channel create -o 127.0.0.1:7040 -c $CHANNEL_NAME -f channel-artifacts/channel.tx --tls true --cafile $ORDERER_CA >&log.txt
日志报告错误如下:
Error: Error connecting due to rpc error: code = Internal desc = connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs"
我认为这与tls配置问题有关。我不太熟悉它。任何人都可以帮我解决这个简单的问题并给我一个简单的解释吗?
答案 0 :(得分:3)
错误是由于主机名验证在TLS层失败引起的。 TLS证书没有IP主题备用名称(SAN) - 它们只有基于DNS的SAN。
最简单的方法是将主机条目添加到 / etc / hosts 文件中(假设您在Linux或macOS上运行)。假设您在同一台计算机上运行所有内容,然后将以下行添加到 / etc / hosts 应解决您的问题:
/users:
get:
tags:
- "Users"
summary: "Retrieve list of users"
produces:
- "application/json"
parameters:
- name: "tenantIdentifier"
in: "query"
required: true
type: "array"
items:
type: "string"
enum:
- "default"
responses:
200:
description: "successful operation"
400:
description: "Invalid status value"
security:
- basicAuth: []
post:
tags:
- "Users"
summary: "Adds new application user."
description: "Note: Password information is not required (or processed). Password details at present are auto-generated and then sent to the email account given (which is why it can take a few seconds to complete)."
consumes:
- "application/json"
produces:
- "application/json"
parameters:
- name: "tenantIdentifier"
in: "query"
description: ""
required: true
type: "array"
items:
type: "string"
enum:
- "default"
- in: "body"
name: "body"
description: "Mandatory Fields: username, firstname, lastname, email, officeId, roles, sendPasswordToEmail"
required: true
schema:
$ref: "#/definitions/StructureForCreateUSer"
responses:
400:
description: ""
404:
description: ""
security:
- basicAuth: []
然后确保使用主机名而不是IP地址:
127.0.0.1 localhost orderer peer0.org1.example.com peer0.org2.example.com