在Composer中设置网络时遇到一些问题。这是一个单一组织,我一直在关注并改编多组织教程https://hyperledger.github.io/composer/v0.19/tutorials/deploy-to-fabric-multi-org,以尝试使TLS正常工作。
当我尝试导入卡时,出现以下错误:
错误:无法从连接配置文件创建客户端。错误:需要PEM编码的证书。 命令失败
我已经在我的connection.json文件中检查了TLS证书:
{
"name": "my-network",
"x-type": "hlfv1",
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300",
"eventHub": "300",
"eventReg": "300"
},
"orderer": "300"
}
}
},
"channels": {
"mychannel": {
"orderers": [
"orderer.my-network"
],
"peers": {
"peer0.org1.my-network": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org1.my-network": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer2.org1.my-network": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.my-network",
"peer1.org1.my-network",
"peer2.org1.my-network"
],
"certificateAuthorities": [
"ca.org1.my-network"
]
}
},
"orderers": {
"orderer.my-network": {
"url": "grpcs://localhost:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.my-network"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICNTCCAdugAwIBAgIQKU7mM3knkhRfWjNtvaGaFDAKBggqhkjOPQQDAjBsMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEUMBIGA1UEChMLbG9nLW5ldHdvcmsxGjAYBgNVBAMTEXRsc2NhLmxv\nZy1uZXR3b3JrMB4XDTE4MTIwMjE3NTAwNloXDTI4MTEyOTE3NTAwNlowbDELMAkG\nA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu\nY2lzY28xFDASBgNVBAoTC2xvZy1uZXR3b3JrMRowGAYDVQQDExF0bHNjYS5sb2ct\nbmV0d29yazBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMtii2eOX2OjBtn9a0sT\nQBItTcmtxjmb2Rh4zf0140rZz0NipSeUpNjAxO2KH8CkYvqcByMJ6qz8gmQ9McAC\n7x2jXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB\n/wQFMAMBAf8wKQYDVR0OBCIEIKPPDTwOmt+IBPVylKfQ3ceqOrSiJBHclABKn5v2\n4Y6MMAoGCCqGSM49BAMCA0gAMEUCIQC5mQ5fJsj20JdX2F5dWpR+YQprbj+dIcST\noCM1L8lHYAIgI0Oq5VO6ucOMMw5e9CDsiCYU40sMAlgAJEYX/5AaZ1M=\n-----END CERTIFICATE-----\n"
}
}
},
"peers": {
"peer0.org1.my-network": {
"url": "grpcs://localhost:7051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.my-network"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICSDCCAe+gAwIBAgIQUzZZpkSRmpv6cj8Bta1BezAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5sb2ctbmV0d29yazEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5sb2ctbmV0d29yazAeFw0xODEyMDIxNzUwMDZaFw0yODExMjkxNzUw\nMDZaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmxvZy1uZXR3b3JrMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmxvZy1uZXR3b3JrMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEIdyjFaWd9I3kU+Kdh9z+vJttthzyFLPgcoXBWAT18zX7r7fRLxcBMF9d\nQazzpz2A55YG5rCm5NAeV3ugkHy5AaNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgYtzVJNNdNjo+\n4FVhytdhGQr1fT6PbXfV0mKt3AU2g48wCgYIKoZIzj0EAwIDRwAwRAIgH7ADGx8D\nZsyTbeZ12S+1tMRmGo1tx6xpPzUGYx7hcGcCICDps+r+lvHeTaKVpENDPJaj5hcd\nOXkvHWYb2/sMguGc\n-----END CERTIFICATE-----\n"
}
},
"peer1.org1.my-network": {
"url": "grpcs://localhost:8051",
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.my-network"
},
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICSDCCAe+gAwIBAgIQUzZZpkSRmpv6cj8Bta1BezAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5sb2ctbmV0d29yazEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5sb2ctbmV0d29yazAeFw0xODEyMDIxNzUwMDZaFw0yODExMjkxNzUw\nMDZaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmxvZy1uZXR3b3JrMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmxvZy1uZXR3b3JrMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEIdyjFaWd9I3kU+Kdh9z+vJttthzyFLPgcoXBWAT18zX7r7fRLxcBMF9d\nQazzpz2A55YG5rCm5NAeV3ugkHy5AaNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgYtzVJNNdNjo+\n4FVhytdhGQr1fT6PbXfV0mKt3AU2g48wCgYIKoZIzj0EAwIDRwAwRAIgH7ADGx8D\nZsyTbeZ12S+1tMRmGo1tx6xpPzUGYx7hcGcCICDps+r+lvHeTaKVpENDPJaj5hcd\nOXkvHWYb2/sMguGc\n-----END CERTIFICATE-----\n"
}
},
"peer2.org1.my-network": {
"url": "grpcs://localhost:9051",
"gprcOptions": {
"ssl-target-name-override": "peer2.org1.my-network"
},
"tlsCerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIICSDCCAe+gAwIBAgIQUzZZpkSRmpv6cj8Bta1BezAKBggqhkjOPQQDAjB2MQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5sb2ctbmV0d29yazEfMB0GA1UEAxMWdGxz\nY2Eub3JnMS5sb2ctbmV0d29yazAeFw0xODEyMDIxNzUwMDZaFw0yODExMjkxNzUw\nMDZaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmxvZy1uZXR3b3JrMR8wHQYD\nVQQDExZ0bHNjYS5vcmcxLmxvZy1uZXR3b3JrMFkwEwYHKoZIzj0CAQYIKoZIzj0D\nAQcDQgAEIdyjFaWd9I3kU+Kdh9z+vJttthzyFLPgcoXBWAT18zX7r7fRLxcBMF9d\nQazzpz2A55YG5rCm5NAeV3ugkHy5AaNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1Ud\nJQQIMAYGBFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgYtzVJNNdNjo+\n4FVhytdhGQr1fT6PbXfV0mKt3AU2g48wCgYIKoZIzj0EAwIDRwAwRAIgH7ADGx8D\nZsyTbeZ12S+1tMRmGo1tx6xpPzUGYx7hcGcCICDps+r+lvHeTaKVpENDPJaj5hcd\nOXkvHWYb2/sMguGc\n-----END CERTIFICATE-----\n"
}
}
},
"certificateAuthorities": {
"ca.org1.my-network": {
"url": "http://localhost:7054",
"caName": "ca_peerOrg1",
"httpOptions": {
"verify": false
}
}
}
}
我还没有包含Couchdb,docker-compose-cli.yaml在下面:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
byfn:
services:
ca.org1.my-network:
container_name: ca_peerOrg1
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.my-network-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/cc074f628fe7cb97e8147a8824fa564ddced245c324be7fb7660ee6fccf9cea2_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.my-network-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/cc074f628fe7cb97e8147a8824fa564ddced245c324be7fb7660ee6fccf9cea2_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.my-network/ca/:/etc/hyperledger/fabric-ca-server-config
networks:
- byfn
# Should be either 3, 5 or 7 zookeepers to avoid split-brain scenarios, and larger than 1 to avoid a single point of failure
zookeeper0:
container_name: zookeeper0
image: hyperledger/fabric-zookeeper
environment:
- ZOO_MY_ID=1
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
ports:
- 2181
- 2888
- 3888
networks:
- byfn
zookeeper1:
container_name: zookeeper1
image: hyperledger/fabric-zookeeper
environment:
- ZOO_MY_ID=2
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
ports:
- 2181
- 2888
- 3888
networks:
- byfn
zookeeper2:
container_name: zookeeper2
image: hyperledger/fabric-zookeeper
environment:
- ZOO_MY_ID=3
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
command: /bin/bash -c 'sleep 6000000000000000000'
ports:
- 2181
- 2888
- 3888
networks:
- byfn
# Should be at least 4 nodes in the kafka cluster for crash tollerance
kafka0:
image: hyperledger/fabric-kafka
container_name: kafka0
environment:
- KAFKA_LOG_RETENTION_MS=-1
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_BROKER_ID=0
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
- KAFKA_DEFAULT_REPLICATION_FACTOR=3
- KAFKA_MIN_INSYNC_REPLICAS=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
ports:
- 9092
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
links:
- zookeeper0:zookeeper0
- zookeeper1:zookeeper1
- zookeeper2:zookeeper2
networks:
- byfn
kafka1:
image: hyperledger/fabric-kafka
container_name: kafka1
environment:
- KAFKA_LOG_RETENTION_MS=-1
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_BROKER_ID=1
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
- KAFKA_DEFAULT_REPLICATION_FACTOR=3
- KAFKA_MIN_INSYNC_REPLICAS=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
ports:
- 9092
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
links:
- zookeeper0:zookeeper0
- zookeeper1:zookeeper1
- zookeeper2:zookeeper2
networks:
- byfn
kafka2:
image: hyperledger/fabric-kafka
container_name: kafka2
environment:
- KAFKA_LOG_RETENTION_MS=-1
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_BROKER_ID=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
- KAFKA_DEFAULT_REPLICATION_FACTOR=3
- KAFKA_MIN_INSYNC_REPLICAS=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
ports:
- 9092
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
links:
- zookeeper0:zookeeper0
- zookeeper1:zookeeper1
- zookeeper2:zookeeper2
networks:
- byfn
kafka3:
image: hyperledger/fabric-kafka
container_name: kafka3
environment:
- KAFKA_LOG_RETENTION_MS=-1
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_BROKER_ID=3
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
- KAFKA_DEFAULT_REPLICATION_FACTOR=3
- KAFKA_MIN_INSYNC_REPLICAS=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
ports:
- 9092
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
links:
- zookeeper0:zookeeper0
- zookeeper1:zookeeper1
- zookeeper2:zookeeper2
networks:
- byfn
orderer.my-network:
extends:
file: base/docker-compose-base.yaml
service: orderer.my-network
container_name: orderer.my-network
depends_on:
- kafka0
- kafka1
- kafka2
- kafka3
links:
- kafka0:kafka0
- kafka1:kafka1
- kafka2:kafka2
- kafka3:kafka3
networks:
- byfn
peer0.org1.my-network:
container_name: peer0.org1.my-network
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.my-network
networks:
- byfn
peer1.org1.my-network:
container_name: peer1.org1.my-network
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.my-network
networks:
- byfn
peer2.org1.my-network:
container_name: peer2.org1.my-network
extends:
file: base/docker-compose-base.yaml
service: peer2.org1.my-network
networks:
- byfn
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.my-network:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/peers/peer0.org1.my-network/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/peers/peer0.org1.my-network/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/peers/peer0.org1.my-network/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.my-network/users/Admin@org1.my-network/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
# command: /bin/bash -c './scripts/script.sh ${CHANNEL_NAME} ${DELAY} ${LANG}; sleep $TIMEOUT'
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.my-network
- peer0.org1.my-network
- peer1.org1.my-network
- peer2.org1.my-network
networks:
- byfn
我不是使用byfn.sh来启动网络,而是使用以下方法手动启动:
docker-compose -f docker-compose-cli.yaml up -d
我尚未加载任何示例链码。我已经加入订购者和三个对等方到CLI中的频道。
启动网络时,证书颁发机构是否缺少某些内容?
在执行此操作时会遇到困难,因此非常感谢您的帮助。
非常感谢。
答案 0 :(得分:1)
您的peer2.org1.my-network定义有误,您在应该将tlsCerts指定为tlsCACerts的情况下指定了该变量。
答案 1 :(得分:0)
我也面临着同样的问题:
✖安装业务网络。这可能需要一分钟...
错误:需要PEM编码的证书。命令失败
而且,在我的情况下,缺少 tlsCACerts pem证书
"tlsCACerts": {
"pem": ""
}
我使用以下命令提取了证书:
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt > ca-orderer.txt
并将ca-orderer.txt文件的内容粘贴到上述tlsCACerts pem属性中。