«Ошибка основной десериализации» при попытке зарегистрировать новый канал в моей пустой сети hyperledger - PullRequest
0 голосов
/ 03 мая 2018

Я пытаюсь настроить конфигурацию гиперледжера на основе kafka для одной организации.

У меня есть рабочая сеть докеров, которая позволяет контейнерам связываться. Настройка kafka / zookeeper также работает нормально; Заказчик регистрирует и распознает все четыре узла кафки. Проблема, с которой я сталкиваюсь при попытке создать новый канал в пустой настройке.

Команды, которые я запускаю для запуска сети:

cryptogen generate --config=crypto-config.yaml

configtxgen -profile MyFakeOrgGenesis -outputBlock ./channel-artifacts/genesis.block


configtxgen -profile Channel1 -outputCreateChannelTx ./channel-artifacts/channel1.tx -channelID channel1

configtxgen -profile Channel2 -outputCreateChannelTx ./channel-artifacts/channel2.tx -channelID channel2

# has to be done to update the CA certificate filename

SK_FILE=$(basename $(ls ./crypto-config/peerOrganizations/myfakeorg.si/ca/*_sk))                                                                                                                 

sed -i "s#FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/.*#FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/$SK_FILE#" dockers/docker-compose.yml


docker-compose -f dockers/kafka-compose.yml up -d       
docker-compose -f dockers/docker-compose.yml up -d       

Затем, внутри ограничителя, я запускаю:

peer channel create -o orderer.myfakeorg.si:7050 channel1 -f /etc/hyperledger/channel-artifacts/channel1.tx --cafile $PWD/crypto/ordererOrganizations/myfakeorg.si/msp/tlscacerts/tlsca.myfakeorg.si-cert.pem  -c channel1                                                                                                                                                                                                   

Это неизменно терпит неудачу с:

2018-05-03 12:34:56.518 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP                                                                                                                                                        
2018-05-03 12:34:56.518 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-05-03 12:34:56.529 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized                                                                                                                              
2018-05-03 12:34:56.529 UTC [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP                                                                                                                                                        
2018-05-03 12:34:56.531 UTC [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity                                                                                                                                    
2018-05-03 12:34:56.532 UTC [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP                                                                                                                                                        
2018-05-03 12:34:56.532 UTC [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity                                                                                                                                    
2018-05-03 12:34:56.532 UTC [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AFE050A084C756369734D535012F105...0A0E47445052436F6E736F727469756D                                                                                              
2018-05-03 12:34:56.533 UTC [msp/identity] Sign -> DEBU 009 Sign: digest: CBAC9B6A3A06426802DFB81D1196DCF28534A52BA369095151BE6DB954A6A7E3                                                                                                    
2018-05-03 12:34:56.534 UTC [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP                                                                                                                                                        
2018-05-03 12:34:56.534 UTC [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity                                                                                                                                    
2018-05-03 12:34:56.534 UTC [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP                                                                                                                                                        
2018-05-03 12:34:56.534 UTC [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity
2018-05-03 12:34:56.535 UTC [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AB4060A1408021A0608F083ACD70522...C96F9F62C4F53749F47ECFC3A16F88F4 
2018-05-03 12:34:56.535 UTC [msp/identity] Sign -> DEBU 00f Sign: digest: 388F95E877FB3442AA20001CC212777DB2BC38F70799B9D463C19488B64C2B77 
Error: got unexpected status: BAD_REQUEST -- error authorizing update: error validating DeltaSet: policy for [Group]  /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining          

Поскольку эти ошибки преднамеренно расплывчаты, так как другой ответ указывает , вот параллельный журнал из контейнера заказа:

2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 158 Manager Channel looking up path []
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 159 Manager Channel has managers Application
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15a Manager Channel has managers Orderer
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15b Manager Channel looking up path [Application]
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15c Manager Channel has managers Application
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15d Manager Channel has managers Orderer
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15e Manager Channel/Application looking up path []
2018-05-03 11:56:41.344 UTC [policies] Manager -> DEBU 15f Manager Channel/Application has managers MyFakeOrg
2018-05-03 11:56:41.344 UTC [policies] Evaluate -> DEBU 160 == Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy ==
2018-05-03 11:56:41.345 UTC [policies] Evaluate -> DEBU 161 This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2018-05-03 11:56:41.345 UTC [policies] Evaluate -> DEBU 162 == Evaluating *cauthdsl.policy Policy /Channel/Application/MyFakeOrg/Admins ==
2018-05-03 11:56:41.345 UTC [msp] DeserializeIdentity -> INFO 163 Obtaining identity
2018-05-03 11:56:41.345 UTC [msp/identity] newIdentity -> DEBU 164 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICADCCAaegAwIBAgIQH+Mp3PmmcdYcZoN8XriCajAKBggqhkjOPQQDAjBjMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzERMA8GA1UEChMIbHVjaXMuc2kxFDASBgNVBAMTC2NhLmx1Y2lzLnNp
MB4XDTE4MDUwMzExNTAzMVoXDTI4MDQzMDExNTAzMVowUzELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xFzAV
BgNVBAMMDkFkbWluQGx1Y2lzLnNpMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
LsW17T+/PpQgw18Ay1AvP7UAzgq69Sy7wb1GenjldLY9Hl8t7MhsIFBbLFkKmFNt
C46y7GzQxE8i+0MmLEHQ4qNNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQC
MAAwKwYDVR0jBCQwIoAgMvtJKVZDbuxG0YsjgcPEL/VcD9eFFsHjZ00YvQ/r7ccw
CgYIKoZIzj0EAwIDRwAwRAIgBz1Sy+XFOqO7jv9qUh6q8KPkHnmtNu3Ru2E3sMHG
rGoCIHm9wfwK5jm2bsZUvYNvV0Skch2swe7Fc+EBlwQsVbKR
-----END CERTIFICATE-----
2018-05-03 11:56:41.346 UTC [cauthdsl] deduplicate -> ERRO 165 Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.myfakeorg.si")) for identity 0a084c756369734d535012f1052d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d49494341444343416165674177494241674951482b4d7033506d6d636459635a6f4e3858726943616a414b42676771686b6a4f50515144416a426a4d5173770a435159445651514745774a56557a45544d4245474131554543424d4b5132467361575a76636d3570595445574d4251474131554542784d4e5532467549455a790a5957356a61584e6a627a45524d4138474131554543684d496248566a61584d7563326b784644415342674e5642414d5443324e684c6d783159326c7a4c6e4e700a4d423458445445344d4455774d7a45784e54417a4d566f58445449344d44517a4d4445784e54417a4d566f77557a454c4d416b474131554542684d4356564d780a457a415242674e5642416754436b4e6862476c6d62334a7561574578466a415542674e564241635444564e6862694247636d467559326c7a59323878467a41560a42674e5642414d4d446b466b62576c755147783159326c7a4c6e4e704d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741450a4c73573137542b2f507051677731384179314176503755417a6771363953793777623147656e6a6c644c5939486c3874374d6873494642624c466b4b6d464e740a4334367937477a51784538692b304d6d4c45485134714e4e4d45737744675944565230504151482f42415144416765414d41774741315564457745422f7751430a4d4141774b7759445652306a42435177496f41674d76744a4b565a44627578473059736a676350454c2f5663443965464673486a5a30305976512f72376363770a436759494b6f5a497a6a3045417749445277417752414967427a3153792b58464f714f376a76397155683671384b506b486e6d744e75335275324533734d48470a72476f4349486d397766774b356a6d3262735a5576594e765630536b6368327377653746632b45426c77517356624b520a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a
2018-05-03 11:56:41.346 UTC [cauthdsl] func1 -> DEBU 166 0xc42000ee48 gate 1525348601346256695 evaluation starts
2018-05-03 11:56:41.346 UTC [cauthdsl] func2 -> DEBU 167 0xc42000ee48 signed by 0 principal evaluation starts (used [false])
2018-05-03 11:56:41.346 UTC [cauthdsl] func2 -> DEBU 168 0xc42000ee48 principal evaluation fails
2018-05-03 11:56:41.346 UTC [cauthdsl] func1 -> DEBU 169 0xc42000ee48 gate 1525348601346256695 evaluation fails
2018-05-03 11:56:41.346 UTC [policies] Evaluate -> DEBU 16a Signature set did not satisfy policy /Channel/Application/MyFakeOrg/Admins
2018-05-03 11:56:41.346 UTC [policies] Evaluate -> DEBU 16b == Done Evaluating *cauthdsl.policy Policy /Channel/Application/MyFakeOrg/Admins
2018-05-03 11:56:41.346 UTC [policies] func1 -> DEBU 16c Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ MyFakeOrg.Admins ]
2018-05-03 11:56:41.347 UTC [policies] Evaluate -> DEBU 16d Signature set did not satisfy policy /Channel/Application/ChannelCreationPolicy
2018-05-03 11:56:41.347 UTC [policies] Evaluate -> DEBU 16e == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Application/ChannelCreationPolicy

И все соответствующие файлы конфигурации:

configtx.yaml:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

---
################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

    MyFakeOrgGenesis:
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *MyFakeOrg
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            ABCDConsortium:
                Organizations:
                    - *MyFakeOrg

    Channel1:
        Consortium: ABCDConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *MyFakeOrg

    Channel2:
        Consortium: ABCDConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *MyFakeOrg

################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &MyFakeOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: MyFakeOrg

        # ID to load the MSP definition as
        ID: MyFakeOrgMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/myfakeorg.si/msp


################################################################################
#
#   SECTION: Orderer
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults

    # Orderer Type: The orderer implementation to start
    # Available types are "solo" and "kafka"
    OrdererType: kafka 

    Addresses:
        - orderer.myfakeorg.si:7050

    # Batch Timeout: The amount of time to wait before creating a batch
    BatchTimeout: 4s

    # Batch Size: Controls the number of messages batched into a block
    BatchSize:

        # Max Message Count: The maximum number of messages to permit in a batch
        MaxMessageCount: 1000

        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
        # the serialized messages in a batch.
        AbsoluteMaxBytes: 99 MB

        # Preferred Max Bytes: The preferred maximum number of bytes allowed for
        # the serialized messages in a batch. A message larger than the preferred
        # max bytes will result in a batch larger than preferred max bytes.
        PreferredMaxBytes: 4096 KB

    Kafka:
        # Brokers: A list of Kafka brokers to which the orderer connects
        # NOTE: Use IP:port notation
        Brokers:
            - kafka0:9092
            - kafka1:9092
            - kafka2:9092
            - kafka3:9092
    # Organizations is the list of orgs which are defined as participants on
    # the orderer side of the network
    Organizations:

################################################################################
#
#   SECTION: Application
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults

    # Organizations is the list of orgs which are defined as participants on
    # the application side of the network
    Organizations:
        - *MyFakeOrg

Capabilities:
    Global: &ChannelCapabilities
        V1_1: true
    Orderer: &OrdererCapabilities
        V1_1: true

крипто-config.yaml:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: MyFakeOrg
    Domain: myfakeorg.si
    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org1
  # ---------------------------------------------------------------------------
  - Name: MyFakeOrg
    Domain: myfakeorg.si
    # ---------------------------------------------------------------------------
    # "Specs"
    # ---------------------------------------------------------------------------
    # Uncomment this section to enable the explicit definition of hosts in your
    # configuration.  Most users will want to use Template, below
    #
    # Specs is an array of Spec entries.  Each Spec entry consists of two fields:
    #   - Hostname:   (Required) The desired hostname, sans the domain.
    #   - CommonName: (Optional) Specifies the template or explicit override for
    #                 the CN.  By default, this is the template:
    #
    #                              "{{.Hostname}}.{{.Domain}}"
    #
    #                 which obtains its values from the Spec.Hostname and
    #                 Org.Domain, respectively.
    # ---------------------------------------------------------------------------
    # Specs:
    #   - Hostname: foo # implicitly "foo.org1.example.com"
    #     CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
    #   - Hostname: bar
    #   - Hostname: baz
    # ---------------------------------------------------------------------------
    # "Template"
    # ---------------------------------------------------------------------------
    # Allows for the definition of 1 or more hosts that are created sequentially
    # from a template. By default, this looks like "peer%d" from 0 to Count-1.
    # You may override the number of nodes (Count), the starting index (Start)
    # or the template used to construct the name (Hostname).
    #
    # Note: Template and Specs are not mutually exclusive.  You may define both
    # sections and the aggregate nodes will be created for you.  Take care with
    # name collisions
    # ---------------------------------------------------------------------------
    Template:
      Count: 1
      # Start: 5
      # Hostname: {{.Prefix}}{{.Index}} # default
    # ---------------------------------------------------------------------------
    # "Users"
    # ---------------------------------------------------------------------------
    # Count: The number of user accounts _in addition_ to Admin
    # ---------------------------------------------------------------------------
    Users:
      Count: 0

докер-compose.yml:

#
# Copyright IBM Corp All Rights Reserved
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'

networks:
  default:
    external:
      name: hledger-myfakeorg

services:
  ca.myfakeorg.si:
    image: hyperledger/fabric-ca:x86_64-1.1.0
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca.myfakeorg.si
      - FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.myfakeorg.si-cert.pem
      - FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/32fb492956436eec46d18b2381c3c42ff55c0fd78516c1e3674d18bd0febedc7_sk
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./../crypto-config/peerOrganizations/myfakeorg.si/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca.myfakeorg.si
    networks:
      - default

  orderer.myfakeorg.si:
    container_name: orderer.myfakeorg.si
    image: hyperledger/fabric-orderer:x86_64-1.1.0
    environment:
      - ORDERER_GENERAL_LOGLEVEL=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
      - ORDERER_GENERAL_LOCALMSPID=MyFakeOrgMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
    command: orderer
    ports:
      - 7050:7050
    volumes:
        - ./../channel-artifacts/:/etc/hyperledger/configtx
        - ./../crypto-config/ordererOrganizations/myfakeorg.si/orderers/orderer.myfakeorg.si/:/etc/hyperledger/msp/orderer

        - ./../crypto-config/peerOrganizations/myfakeorg.si/peers/peer0.myfakeorg.si/:/etc/hyperledger/msp/peer0
    networks:
      - default

  peer0.myfakeorg.si:
    container_name: peer0.myfakeorg.si
    image: hyperledger/fabric-peer:x86_64-1.1.0
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_PEER_ID=peer0.myfakeorg.si
      - CORE_LOGGING_PEER=debug
      - CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_LOCALMSPID=MyFakeOrgMSP
      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
      - CORE_PEER_ADDRESS=peer0.myfakeorg.si:7051
      # # the following setting starts chaincode containers on the same
      # # bridge network as the peers
      # # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_default
      - CORE_LEDGER_STATE_STATEDATABASE=CouchDB
      - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
      # The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
      # provide the credentials for ledger to connect to CouchDB.  The username and password must
      # match the username and password set for the associated CouchDB.
      - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
      - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: peer node start
    # command: peer node start --peer-chaincodedev=true
    ports:
      - 7051:7051
      - 7053:7053
    volumes:
        - /var/run/:/host/var/run/
        - ./../crypto-config/peerOrganizations/myfakeorg.si/peers/peer0.myfakeorg.si/msp:/etc/hyperledger/msp/peer
        - ./../crypto-config/peerOrganizations/myfakeorg.si/users:/etc/hyperledger/msp/users
        - ./../channel-artifacts/:/etc/hyperledger/configtx
    depends_on:
      - orderer.myfakeorg.si
      - couchdb
    networks:
      - default

  couchdb:
    container_name: couchdb
    image: hyperledger/fabric-couchdb:x86_64-0.4.7
    # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
    # for CouchDB.  This will prevent CouchDB from operating in an "Admin Party" mode.
    environment:
      - COUCHDB_USER=
      - COUCHDB_PASSWORD=
    ports:
      - 5984:5984
    networks:
      - default

  cli:
    container_name: cli
    image: hyperledger/fabric-tools:x86_64-1.1.0
    tty: true
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.myfakeorg.si:7051
      - CORE_PEER_LOCALMSPID=MyFakeOrgMSP
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/myfakeorg.si/users/Admin@myfakeorg.si/msp
      - CORE_CHAINCODE_KEEPALIVE=10
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./../../chaincode/:/opt/gopath/src/github.com/
        - ./../crypto-config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./../channel-artifacts:/etc/hyperledger/channel-artifacts
    networks:
        - default
    #depends_on:
    #  - orderer.myfakeorg.si
    #  - peer0.myfakeorg.si
    #  - couchdb

Кафка-Compose-base.yml:

version: '2'

services:

    zookeeper:
        image: hyperledger/fabric-zookeeper
        ports:
            - 2181
            - 2888
            - 3888

    kafka:
        image: hyperledger/fabric-kafka
        environment:
            - KAFKA_LOG_RETENTION_MS=-1
            - KAFKA_MESSAGE_MAX_BYTES=103809024
            - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
            - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
            - KAFKA_DEFAULT_REPLICATION_FACTOR=2
            - KAFKA_MIN_INSYNC_REPLICAS=2
        ports:
            - 9092

Кафка-compose.yml:

version: '2'

networks:
    default:
        external:
            name: hledger-myfakeorg


services:

    zookeeper0:
        extends:
            file: kafka-compose-base.yml
            service: zookeeper
        container_name: zookeeper0
        environment:
            - ZOO_MY_ID=1
            - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
        networks:
            - default
    zookeeper1:
        extends:
            file: kafka-compose-base.yml
            service: zookeeper
        container_name: zookeeper1
        environment:
            - ZOO_MY_ID=2
            - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
        networks:
            - default

    zookeeper2:
        extends:
            file: kafka-compose-base.yml
            service: zookeeper
        container_name: zookeeper2
        environment:
            - ZOO_MY_ID=3
            - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
        networks:
            - default

    kafka0:
        extends:
            file: kafka-compose-base.yml
            service: kafka
        container_name: kafka0
        environment:
            - KAFKA_BROKER_ID=0
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        networks:
            - default
    kafka1:
        extends:
            file: kafka-compose-base.yml
            service: kafka
        container_name: kafka1
        environment:
            - KAFKA_BROKER_ID=1
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        networks:
            - default
    kafka2:
        extends:
            file: kafka-compose-base.yml
            service: kafka
        container_name: kafka2
        environment:
            - KAFKA_BROKER_ID=2
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        networks:
            - default

    kafka3:
        extends:
            file: kafka-compose-base.yml
            service: kafka
        container_name: kafka3
        environment:
            - KAFKA_BROKER_ID=3
            - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
        depends_on:
            - zookeeper0
            - zookeeper1
            - zookeeper2
        networks:
            - default

Есть две особенности, которые я могу придумать в отношении этой сети.

  • Существует только одна «организация», или, точнее, организации-партнеры и организации-заказчики - это одно и то же (криптографический материал, по-видимому, все еще создается дважды).

  • Нет заявленных якорных пиров для каналов. Насколько я понимаю, эта функция предназначена для общения между организациями, что в данном случае не требуется.

Возможно, какое-либо из этих двух архитектурных решений является причиной моей проблемы? Или есть какая-то другая техническая проблема? Аналогичная конфигурация работала в режиме «соло».

Любая помощь будет принята с благодарностью.

Ответы [ 2 ]

0 голосов
/ 04 марта 2019

Есть много полезной информации об этой проблеме десериализации Здесь основная проблема заключается в том, что сертификат не был распознан.

Теперь у меня возникла та же проблема, но тем не менее этот поток не дал мне нужного мне решения. Вы хотите проверить, можете ли вы найти решение по ссылке.

В любом случае, в любом случае, я почти случайно обнаружил, что сбой при создании моего канала состоял в том, что я установил неверную переменную для CORE_PEER_LOCALMSPID в конфигурации контейнера cli.

Поэтому, если вы не нашли решения, попробуйте также проверить и эту переменную.

0 голосов
/ 03 мая 2018

Существует некоторая проблема с вашим сертификатом администратора, так как после декодирования сертификата ясно, что сертификат администратора, который вы используете для создания канала, подписан каким-то другим центром сертификации (ca.lucis.si, lucis.si). ) не известна службе заказа и другим компонентам и, следовательно, выдает ошибку, говоря о сертификате, подписанном неизвестным органом. Поскольку создание канала выполняется посредством транзакции через один из системных кодов цепей, удостоверение отправителя транзакции проверяется, и сертификат идентификации должен быть подписан зарегистрированным центром сертификации, и в вашем случае выдаваемый вами сертификат выдается / подписан незарегистрированным центром сертификации. Вот почему вы не можете создать канал.

Вы можете декодировать любой сертификат в кодировке pem, чтобы узнать, кто подписал этот сертификат, с помощью онлайн-декодера, такого как Этот онлайн-сертификат Cert . Просто вставьте туда сертификат, закодированный в pem, и вы увидите информацию о подписи, которая подтверждает, что издатель ca неизвестен вашей сети, что приводит к ошибке при создании канала.

...