在引导网络时收到错误- 紧急情况:验证引导程序块失败:初始化channelconfig失败:无法创建渠道联盟子组配置:设置MSP管理器失败:提供的身份无效:x509:证书由未知授权机构签名。此错误特定于TLS CA根证书。 (TLSCA的加密/ ca-cert)。我在这里缺少什么吗?遵循Fabric CA Operations指南,以在多主机环境中实施网络。
Docker日志-
2020-07-07 01:48:45.066 UTC [localconfig] completeInitialization -> WARN 001 General.GenesisFile should be replaced by General.BootstrapFile
2020-07-07 01:48:45.066 UTC [localconfig] completeInitialization -> INFO 002 Kafka.Version unset, setting to 0.10.2.0
2020-07-07 01:48:45.066 UTC [orderer.common.server] prettyPrintStruct -> INFO 003 Orderer config values:
General.ListenAddress = "0.0.0.0"
General.ListenPort = 7050
General.TLS.Enabled = true
General.TLS.PrivateKey = "/etc/hyperledger/ordererorg/ord1/tls-msp/keystore/key.pem"
General.TLS.Certificate = "/etc/hyperledger/ordererorg/ord1/tls-msp/signcerts/cert.pem"
General.TLS.RootCAs = [/etc/hyperledger/ordererorg/ord1/tls-msp/tlscacerts/tls-ca-tls-cvs-org-7054.pem]
General.TLS.ClientAuthRequired = false
General.TLS.ClientRootCAs = []
General.Cluster.ListenAddress = ""
General.Cluster.ListenPort = 0
General.Cluster.ServerCertificate = ""
General.Cluster.ServerPrivateKey = ""
General.Cluster.ClientCertificate = "/etc/hyperledger/ordererorg/ord1/tls-msp/signcerts/cert.pem"
General.Cluster.ClientPrivateKey = "/etc/hyperledger/ordererorg/ord1/tls-msp/keystore/key.pem"
General.Cluster.RootCAs = [/etc/hyperledger/ordererorg/ord1/tls-msp/tlscacerts/tls-ca-tls-cvs-org-7054.pem]
General.Cluster.DialTimeout = 5s
General.Cluster.RPCTimeout = 7s
General.Cluster.ReplicationBufferSize = 20971520
General.Cluster.ReplicationPullTimeout = 5s
General.Cluster.ReplicationRetryTimeout = 5s
General.Cluster.ReplicationBackgroundRefreshInterval = 5m0s
General.Cluster.ReplicationMaxRetries = 12
General.Cluster.SendBufferSize = 10
General.Cluster.CertExpirationWarningThreshold = 168h0m0s
General.Cluster.TLSHandshakeTimeShift = 0s
General.Keepalive.ServerMinInterval = 1m0s
General.Keepalive.ServerInterval = 2h0m0s
General.Keepalive.ServerTimeout = 20s
General.ConnectionTimeout = 0s
General.GenesisMethod = "file"
General.GenesisFile = "/etc/hyperledger/ordererorg/ord1/genesis.block"
General.BootstrapMethod = "file"
General.BootstrapFile = "/etc/hyperledger/ordererorg/ord1/genesis.block"
General.Profile.Enabled = false
General.Profile.Address = "0.0.0.0:6060"
General.LocalMSPDir = "/etc/hyperledger/ordererorg/ord1/msp"
General.LocalMSPID = "OrdererMSP"
General.BCCSP.ProviderName = "SW"
General.BCCSP.SwOpts.SecLevel = 256
General.BCCSP.SwOpts.HashFamily = "SHA2"
General.BCCSP.SwOpts.Ephemeral = true
General.BCCSP.SwOpts.FileKeystore.KeyStorePath = ""
General.BCCSP.SwOpts.DummyKeystore =
General.BCCSP.SwOpts.InmemKeystore =
General.Authentication.TimeWindow = 15m0s
General.Authentication.NoExpirationChecks = false
FileLedger.Location = "/var/hyperledger/production/orderer"
FileLedger.Prefix = "hyperledger-fabric-ordererledger"
Kafka.Retry.ShortInterval = 5s
Kafka.Retry.ShortTotal = 10m0s
Kafka.Retry.LongInterval = 5m0s
Kafka.Retry.LongTotal = 12h0m0s
Kafka.Retry.NetworkTimeouts.DialTimeout = 10s
Kafka.Retry.NetworkTimeouts.ReadTimeout = 10s
Kafka.Retry.NetworkTimeouts.WriteTimeout = 10s
Kafka.Retry.Metadata.RetryMax = 3
Kafka.Retry.Metadata.RetryBackoff = 250ms
Kafka.Retry.Producer.RetryMax = 3
Kafka.Retry.Producer.RetryBackoff = 100ms
Kafka.Retry.Consumer.RetryBackoff = 2s
Kafka.Verbose = true
Kafka.Version = 0.10.2.0
Kafka.TLS.Enabled = false
Kafka.TLS.PrivateKey = ""
Kafka.TLS.Certificate = ""
Kafka.TLS.RootCAs = []
Kafka.TLS.ClientAuthRequired = false
Kafka.TLS.ClientRootCAs = []
Kafka.SASLPlain.Enabled = false
Kafka.SASLPlain.User = ""
Kafka.SASLPlain.Password = ""
Kafka.Topic.ReplicationFactor = 1
Debug.BroadcastTraceDir = "data/logs"
Debug.DeliverTraceDir = ""
Consensus = map[SnapDir:/var/hyperledger/production/orderer/etcdraft/snapshot WALDir:/var/hyperledger/production/orderer/etcdraft/wal]
Operations.ListenAddress = "127.0.0.1:8443"
Operations.TLS.Enabled = false
Operations.TLS.PrivateKey = ""
Operations.TLS.Certificate = ""
Operations.TLS.RootCAs = []
Operations.TLS.ClientAuthRequired = false
Operations.TLS.ClientRootCAs = []
Metrics.Provider = "disabled"
Metrics.Statsd.Network = "udp"
Metrics.Statsd.Address = "127.0.0.1:8125"
Metrics.Statsd.WriteInterval = 30s
Metrics.Statsd.Prefix = ""
2020-07-07 01:48:45.078 UTC [orderer.common.server] initializeServerConfig -> INFO 004 Starting orderer with TLS enabled
2020-07-07 01:48:45.088 UTC [fsblkstorage] NewProvider -> INFO 005 Creating new file ledger directory at /var/hyperledger/production/orderer/chains
2020-07-07 01:48:45.092 UTC [orderer.common.server] Main -> PANI 006 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority
goroutine 1 [running]:
github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc0001c8580, 0x0, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/zapcore/entry.go:230 +0x545
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).log(0xc0001ae310, 0x1191704, 0x100c164, 0x25, 0xc00033f910, 0x1, 0x1, 0x0, 0x0, 0x0)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:234 +0x100
github.com/hyperledger/fabric/vendor/go.uber.org/zap.(*SugaredLogger).Panicf(...)
/go/src/github.com/hyperledger/fabric/vendor/go.uber.org/zap/sugar.go:159
github.com/hyperledger/fabric/common/flogging.(*FabricLogger).Panicf(...)
/go/src/github.com/hyperledger/fabric/common/flogging/zap.go:74
github.com/hyperledger/fabric/orderer/common/server.Main()
/go/src/github.com/hyperledger/fabric/orderer/common/server/main.go:130 +0x1354
main.main()
/go/src/github.com/hyperledger/fabric/cmd/orderer/main.go:15 +0x20
configtx.yaml-
---
Organizations:
- &OrdererMSP
Name: OrdererMSP
ID: OrdererMSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/orderer.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- ord1.ordererorg.cvs.org:7050
- ord2.ordererorg.cvs.org:7050
- ord3.ordererorg.cvs.org:7050
- &TestOrg1MSP
Name: TestOrg1MSP
ID: TestOrg1MSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/TestOrg1.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('TestOrg1MSP.admin', 'TestOrg1MSP.peer', 'TestOrg1MSP.client')"
Writers:
Type: Signature
Rule: "OR('TestOrg1MSP.admin', 'TestOrg1MSP.client')"
Admins:
Type: Signature
Rule: "OR('TestOrg1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('TestOrg1MSP.peer')"
AnchorPeers:
- Host: peer1.TestOrg1.cvs.org
Port: 7051
- &TestOrg2MSP
Name: TestOrg2MSP
ID: TestOrg2MSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/TestOrg2.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('TestOrg2MSP.admin', 'TestOrg2MSP.peer', 'TestOrg2MSP.client')"
Writers:
Type: Signature
Rule: "OR('TestOrg2MSP.admin', 'TestOrg2MSP.client')"
Admins:
Type: Signature
Rule: "OR('TestOrg2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('TestOrg2MSP.peer')"
AnchorPeers:
- Host: peer1.TestOrg2.cvs.org
Port: 7051
- &TestOrg3MSP
Name: TestOrg3MSP
ID: TestOrg3MSP
MSPDir: /home/ubuntu/fabric-samples/cvs/OrgMSP/TestOrg3.cvs.org/msp
Policies:
Readers:
Type: Signature
Rule: "OR('TestOrg3MSP.admin', 'TestOrg3MSP.peer', 'TestOrg3MSP.client')"
Writers:
Type: Signature
Rule: "OR('TestOrg3MSP.admin', 'TestOrg3MSP.client')"
Admins:
Type: Signature
Rule: "OR('TestOrg3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('TestOrg3MSP.peer')"
AnchorPeers:
- Host: peer1.TestOrg3.cvs.org
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: ord1.ordererorg.cvs.org
Port: 7050
ClientTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord1.ordererorg.cvs.org/cert.pem
ServerTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord1.ordererorg.cvs.org/cert.pem
- Host: ord2.ordererorg.cvs.org
Port: 7050
ClientTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord2.ordererorg.cvs.org/cert.pem
ServerTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord2.ordererorg.cvs.org/cert.pem
- Host: ord3.ordererorg.cvs.org
Port: 7050
ClientTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord3.ordererorg.cvs.org/cert.pem
ServerTLSCert: /home/ubuntu/fabric-samples/cvs/OrgMSP/ord3.ordererorg.cvs.org/cert.pem
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
ThreeOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *TestOrg1MSP
- *TestOrg2MSP
- *TestOrg3MSP
Capabilities:
<<: *ApplicationCapabilities
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
Addresses:
- ord1.ordererorg.cvs.org:7050
- ord2.ordererorg.cvs.org:7050
- ord3.ordererorg.cvs.org:7050
Organizations:
- *OrdererMSP
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererMSP
Consortiums:
SampleConsortium:
Organizations:
- *TestOrg1MSP
- *TestOrg2MSP
- *TestOrg3MSP
channel1:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *TestOrg1MSP
- *TestOrg2MSP
Capabilities:
<<: *ApplicationCapabilities
channel2:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *TestOrg2MSP
- *TestOrg3MSP
Capabilities:
<<: *ApplicationCapabilities
答案 0 :(得分:0)
如果不看您的代码,我不能说太多。但是看起来您的证书无效或过期(加密材料)。 您需要确保将相同的加密材料用于生成创世记块,创建通道和订购者。尝试重新生成加密材料,看看它是否有效。