我正在构建Hyperledger Fabric网络,并且试图使组织同时具有对等节点和订购节点。我正在使用cryptogen生成证书和密钥,并且仅创建一个组织作为“对等组织”。我有一个拥有6个组织的网络,其中-5个组织只有一个同级,一个订购者组织只有一个订购者。然后,我获取了这些配置文件并删除了订购者组织,并向其中一个对等组织添加了订购者端点。我现在遇到错误。
打印到屏幕上:
错误:无法为订购者创建交付客户端:订购者客户端无法连接到本地主机:7050:未能创建新的连接:超出了上下文期限
运行“ docker logs orderer.orgname.domain”时出现错误消息
2020-08-17 23:56:43.834 UTC [orderer.common.server]主-> INFO 00d开始处理请求
2020-08-17 23:56:51.317 UTC [core.comm] ServerHandshake-> ERRO 00e TLS握手失败,并显示错误远程错误:tls:错误的证书server = Orderer remoteaddress = 172.21.0.1:32892
我的configtx.yaml文件
Organizations:
- &orgname
Name: orgnameMSP
SkipAsForeign: false
ID: orgnameMSP
MSPDir: crypto-config/peerOrganizations/orgname.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.peer', 'PSUMSP.client')"
Writers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.client')"
Admins:
Type: Signature
Rule: "OR('orgnameMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgnameMSP.member')"
OrdererEndpoints:
- orderer.orgname.domain:7050
AnchorPeers:
- Host: peer0.orgname.domain
Port: 7051
- &orgname2
Name: orgname2MSP
ID: orgname2MSP
MSPDir: crypto-config/peerOrganizations/orgname2.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.peer', 'orgname2MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname2MSP.peer')"
AnchorPeers:
- Host: peer0.orgname2.domain
Port: 8051
- &orgname3
Name: orgname3MSP
ID: orgname3MSP
MSPDir: crypto-config/peerOrganizations/orgname3.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.peer', 'orgname3MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname3MSP.peer')"
AnchorPeers:
- Host: peer0.orgname3.domain
Port: 9051
- &orgname4
Name: orgname4
ID: orgname4MSP
MSPDir: crypto-config/peerOrganizations/orgname4.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.peer', 'orgname4MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname4MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname4MSP.peer')"
AnchorPeers:
- Host: peer0.orgname4.domain
Port: 10051
- &orgname5
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/orgname5.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.peer', 'orgname5MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname5MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname5MSP.peer')"
AnchorPeers:
- Host: peer0.orgname5.domain
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
# V2_0: true
V1_4_2: true
Orderer: &OrdererCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
EtcdRaft:
Consenters:
- Host: orderer.orgname.domain
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
Addresses:
- orderer.orgname.domain:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
BasicChannel:
Consortium: MyConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *orgname
Capabilities:
<<: *ChannelCapabilities
Consortiums:
MyConsortium:
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
我的docker-compose.yaml文件
version: "2"
networks:
network2.3:
services:
ca-orgname:
container_name: ca.orgname.domain
hostname: ca.orgname.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname.domain-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname2:
container_name: ca.orgname2.domain
hostname: ca.orgname2.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname2.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname2.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname3:
container_name: ca.orgname3.domain
hostname: ca.orgname3.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname3.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname3.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname4:
container_name: ca.orgname4.domain
hostname: ca.orgname4.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname4.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname4.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname5:
container_name: ca.orgname5.domain
hostname: ca.orgname5.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname5.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname5.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.orgname.domain
container_name: orderer.orgname.domain
image: hyperledger/fabric-orderer:latest
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.orgname.domain:
container_name: peer0.orgname.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgnameMSP
- CORE_PEER_ID=peer0.orgname.domain
- CORE_PEER_ADDRESS=peer0.orgname.domain:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname.domain:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname.domain:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname.domain:7051
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.orgname2.domain:
container_name: peer0.orgname2.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname2MSP
- CORE_PEER_ID=peer0.orgname2.domain
- CORE_PEER_ADDRESS=peer0.orgname2.domain:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname2.domain:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname2.domain:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname2.domain:8051
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.orgname3.domain:
container_name: peer0.orgname3.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname3MSP
- CORE_PEER_ID=peer0.orgname3.domain
- CORE_PEER_ADDRESS=peer0.orgname3.domain:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname3.domain:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname3.domain:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname3.domain:9051
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.orgname4.domain:
container_name: peer0.orgname4.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname4MSP
- CORE_PEER_ID=peer0.orgname4.domain
- CORE_PEER_ADDRESS=peer0.orgname4.domain:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname4.domain:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname4.domain:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname4.domain:10051
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.orgname5.domain:
container_name: peer0.orgname5.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname5MSP
- CORE_PEER_ID=peer0.orgname5.domain
- CORE_PEER_ADDRESS=peer0.orgname5.domain:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname5.domain:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname5.domain:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname5.domain:11051
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
我的crypto-config.yaml文件
PeerOrgs:
- Name: orgname
Domain: orgname.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname2
Domain: orgname2.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname3
Domain: orgname3.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname4
Domain: orgname4.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname5
Domain: orgname5.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
任何帮助将不胜感激。
更新: 因此,我更改了cryptoconfig.yaml的配置,以在对等方/订购者组织中创建两个对等方。我指定一位为订购者,另一位为同行。这消除了TLS错误,但现在我的背书政策出现了错误。
020-08-20 14:29:09.699 PDT [channelCmd] InitCmdFactory-> INFO 001已初始化Endorser和Orderer连接 错误:状态发生意外:已禁止-隐式策略评估失败-满足0个子策略,但是此策略需要满足“作家”子策略中的1个:权限被拒绝
其余的文件是相同的,除了我将订购者TLS文件更改为指向新指定的“订购者”(实际上是与加密货币有关的对等实体)文件。
答案 0 :(得分:0)
通过在组织orgname下创建两个对等方,并为订购者指定一个对等方,解决了TLS问题。我不完全理解为什么我不能同时对等节点和订购者节点使用相同的证书,但是它现在可以正常工作。
我在更新中遇到的第二个问题是通过使认可政策更加宽松来解决的。对于configtx.yaml文件中的每个组织,我将“读者”,“作者”和“背书”设置为要求任何成员签名。