docker - TLS 握手失败并出现错误远程错误:tls: bad certificate server=Orderer remoteaddress=192.168.1.249:35230
问题描述
我正在尝试在多机上部署超级账本结构(v1.4.3)单人模式,角色-ip映射如下:
orderer 192.168.1.251
peer0.org1 192.168.1.249
peer0.org2 192.168.1.248
peer1.org1 192.168.1.247
peer1.org2 192.168.1.246
我复制fabric-samples/first-network到first,并删除一些文件,该first文件夹包含:
├── base
│ ├── docker-compose-base.yaml
│ └── peer-base.yaml
├── channel-artifacts
├── configtx.yaml
├── crypto-config.yaml
├── docker-compose-cli.yaml
byfn.sh
我保持crypto-config.yamland 与给configtx.yaml定相同fabric-samples,只是更改docker-compose-cli.yaml.
的:orderer_docker-compose-cli.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
orderer.example.com:
networks:
byfn:
services:
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
的:peer0.org1_docker-compose-cli.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
peer0.org1.example.com:
networks:
byfn:
services:
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
extra_hosts:
- "orderer.example.com:192.168.1.251"
- "peer1.org1.example.com:192.168.1.247"
- "peer0.org2.example.com:192.168.1.248"
- "peer1.org2.example.com:192.168.1.246"
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=$SYS_CHANNEL
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
#- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051 # change in different peer
- CORE_PEER_LOCALMSPID=Org1MSP # change in different peer
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt # change in different peer and org
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key # change in different peer and org
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt # change in different peer and org
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp # change in different org
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.example.com
networks:
- byfn
extra_hosts:
- "orderer.example.com:192.168.1.251"
- "peer0.org1.example.com:192.168.1.249"
- "peer1.org1.example.com:192.168.1.247"
- "peer0.org2.example.com:192.168.1.248"
- "peer1.org2.example.com:192.168.1.246"
其他对等方更改为上述 yaml 文件中的注释。我使用./byfn.sh generate在每个peer和orderer上生成channel-artifacts,然后在peer0.org1(192.168.1.249)cli容器中,我成功安装了chaincode但是当我实例化chaincode时我看到orderer控制台抛出错误:
[core.comm] ServerHandshake -> ERRO 009 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=192.168.1.249:58812
我注意到错误也发生在同行之间,我尝试了几种来自互联网的方法,但都失败了。任何人都可以帮助我吗?也欢迎任何在 kafka 模式下部署 hyperledger fabric 的教程!
此致!
解决方案
最后我通过-channelID mychannel在创建genesis.block. 我不知道为什么,所以如果有任何建议,请在这里评论。