docker 尝试设置超级分类账结构网络:错误TLS

qv7cva1a  于 2023-03-07  发布在  Docker
关注(0)|答案(1)|浏览(117)

我已经试着建立一个Hyperledger Fabric网络好几天了。我使用的是Hyperledger的2.0.0版本,并且这一切都是在一台使用Docker的机器上运行的。经过艰难的进展,这是现在难住我的部分。我以为我已经解决了大部分问题。这是来自文档的"你的第一个网络"的变体。只更改了几个名称。有两个对等体和五个订购者。当我查看第一个订购者的日志时,我得到了以下内容,这并不好:

(See below for an example.)

作为参考,我的docker-compose-cli.yaml的开头如下所示,因为显式添加订单似乎可以消除一些错误:

version: '2'

volumes:
  orderer.diro.umontreal.ca:
  orderer2.diro.umontreal.ca:
  orderer3.diro.umontreal.ca:
  orderer4.diro.umontreal.ca:
  orderer5.diro.umontreal.ca:
  peer0.med1.diro.umontreal.ca:
  peer1.med1.diro.umontreal.ca:
  peer0.med2.diro.umontreal.ca:
  peer1.med2.diro.umontreal.ca:

networks:
  byfn:

services:

  orderer.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer.diro.umontreal.ca
    networks:
      - byfn

  orderer2.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer2.diro.umontreal.ca
    networks:
      - byfn

 orderer3.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer3.diro.umontreal.ca
    networks:
      - byfn

  orderer4.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer4.diro.umontreal.ca
    networks:
      - byfn

  orderer5.diro.umontreal.ca:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.diro.umontreal.ca
    container_name: orderer5.diro.umontreal.ca
    networks:
      - byfn

我的crypto-config.yaml的开头如下所示:

OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer
  - Name: Orderer2
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer2
  - Name: Orderer3
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer3
  - Name: Orderer4
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer4
  - Name: Orderer5
    Domain: diro.umontreal.ca
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer5

这是我的configx.yaml的一部分:

SampleMultiNodeEtcdRaft:
    <<: *ChannelDefaults
    Capabilities:
        <<: *ChannelCapabilities
    Orderer:
        <<: *OrdererDefaults
        OrdererType: etcdraft
        EtcdRaft:
            Consenters:
            - Host: orderer.diro.umontreal.ca
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/server.crt
            - Host: orderer2.diro.umontreal.ca
              Port: 8050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/server.crt
            - Host: orderer3.diro.umontreal.ca
              Port: 9050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/tls/server.crt
            - Host: orderer4.diro.umontreal.ca
              Port: 10050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/tls/server.crt
            - Host: orderer5.diro.umontreal.ca
              Port: 11050
              ClientTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/tlscacerts/tlsca.diro.umontreal.ca-cert.pem
              ServerTLSCert: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/tls/server.crt
        Addresses:
            - orderer.diro.umontreal.ca:7050
            - orderer2.diro.umontreal.ca:8050
            - orderer3.diro.umontreal.ca:9050
            - orderer4.diro.umontreal.ca:10050
            - orderer5.diro.umontreal.ca:11050

最初,所有的ClientTLSCertServerTLSCert都有相同的值,但是我改变了ClientTLSCert的值,认为它们的参数是一个名为server.crt的文件是没有意义的。
但是我的订单日志中仍然有错误。也许这是正常的,但是看起来不正常。出了什么问题?
编辑:
根据下面的注解,我将configtx.yaml更改为:

Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg

        # ID to load the MSP definition as
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer3.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer4.diro.umontreal.ca/msp/
        MSPDir: crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer5.diro.umontreal.ca/msp/

我让docker-compose-base.yaml以如下形式开始:

version: '2'

services:

  orderer.diro.umontreal.ca:
    container_name: orderer.diro.umontreal.ca
    extends:
      file: peer-base.yaml
      service: orderer-base
    volumes:
        - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
        - orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
    ports:
      - 7050:7050

  orderer2.diro.umontreal.ca:
    container_name: orderer2.diro.umontreal.ca
    extends:
      file: peer-base.yaml
      service: orderer-base
    volumes:
        - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/msp:/var/hyperledger/orderer/msp
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/orderers/orderer2.diro.umontreal.ca/tls/:/var/hyperledger/orderer/tls
        - ../crypto-config/ordererOrganizations/diro.umontreal.ca/tlsca:/var/hyperledger/orderer/tlsca
        - orderer.diro.umontreal.ca:/var/hyperledger/production/orderer
    ports:
      - 8050:8050

继续这样,给每个订购者一个不同的端口和路径,这些是在docker-compose-cli.yaml h中调用和扩展的订购者,但是当我检查第一个订购者的日志时,我得到:

Version: 2.0.0
 Commit SHA: 0432c3e
 Go version: go1.13.4
 OS/Arch: linux/amd64
2020-03-11 19:11:39.757 UTC [orderer.common.server] Main -> INFO 020 Beginning to serve requests
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 021 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57256
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 022 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33190
2020-03-11 19:11:39.759 UTC [core.comm] ServerHandshake -> ERRO 023 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54038
2020-03-11 19:11:39.966 UTC [orderer.consensus.etcdraft] apply -> INFO 024 Applied config change to add node 1, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 025 Applied config change to add node 2, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.967 UTC [orderer.consensus.etcdraft] apply -> INFO 026 Applied config change to add node 3, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 027 Applied config change to add node 4, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:39.968 UTC [orderer.consensus.etcdraft] apply -> INFO 028 Applied config change to add node 5, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=1
2020-03-11 19:11:40.765 UTC [core.comm] ServerHandshake -> ERRO 029 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54068
2020-03-11 19:11:41.115 UTC [core.comm] ServerHandshake -> ERRO 02a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55468
2020-03-11 19:11:42.278 UTC [core.comm] ServerHandshake -> ERRO 02b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54086
2020-03-11 19:11:44.408 UTC [core.comm] ServerHandshake -> ERRO 02c TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57326
2020-03-11 19:11:44.630 UTC [core.comm] ServerHandshake -> ERRO 02d TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54104
2020-03-11 19:11:47.384 UTC [core.comm] ServerHandshake -> ERRO 02e TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33268
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] Step -> INFO 02f 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 030 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.758 UTC [orderer.consensus.etcdraft] poll -> INFO 031 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 032 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 033 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 034 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 035 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:47.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 036 Failed to send StepRequest to 2, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 037 Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:47.760 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 038 Failed to send StepRequest to 4, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.diro.umontreal.ca\")" channel=byfn-sys-channel node=1
2020-03-11 19:11:49.344 UTC [core.comm] ServerHandshake -> ERRO 039 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54126
2020-03-11 19:11:50.057 UTC [core.comm] ServerHandshake -> ERRO 03a TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57358
2020-03-11 19:11:51.337 UTC [core.comm] ServerHandshake -> ERRO 03b TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.3:55534
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] Step -> INFO 03c 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 03d 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] poll -> INFO 03e 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 03f 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 040 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 041 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:55.759 UTC [orderer.consensus.etcdraft] campaign -> INFO 042 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:11:56.829 UTC [core.comm] ServerHandshake -> ERRO 043 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.2:54158
2020-03-11 19:11:57.314 UTC [core.comm] ServerHandshake -> ERRO 044 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.4:33314
2020-03-11 19:12:01.805 UTC [core.comm] ServerHandshake -> ERRO 045 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.22.0.5:57392
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] Step -> INFO 046 1 is starting a new election at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] becomePreCandidate -> INFO 047 1 became pre-candidate at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] poll -> INFO 048 1 received MsgPreVoteResp from 1 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 049 1 [logterm: 1, index: 5] sent MsgPreVote request to 3 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04a 1 [logterm: 1, index: 5] sent MsgPreVote request to 4 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04b 1 [logterm: 1, index: 5] sent MsgPreVote request to 5 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.758 UTC [orderer.consensus.etcdraft] campaign -> INFO 04c 1 [logterm: 1, index: 5] sent MsgPreVote request to 2 at term 1 channel=byfn-sys-channel node=1
2020-03-11 19:12:03.759 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 04d Failed to send StepRequest to 5, because: aborted channel=byfn-sys-channel node=1

是的,我确实修剪了 Docker 的容器和卷。

f87krz0w

f87krz0w1#

所以这个问题以一种非常令人惊讶的方式得到了解决。看起来这个问题是与docker有关的。我经常运行docker container prunedocker volume prune,但是运行docker rmi -f $(docker images -q)使一切都正常工作。我想它相当于docker images prunne或类似的东西。我还没有尝试过。无论如何,在尝试之后,一切都正常工作,甚至在重新启动后继续工作。

相关问题