Я использую пользовательскую сеть Hyperledger Fabric с включенным протоколом TLS во всех сеансах связи. Все отлично смотрится внутри организации, и CLI может подключаться к своим коллегам по организации с поддержкой TLS и CLIENTAUTH. Это состояние сети:
org1
- peer0
anchor: true
tls_enabled: true
tls_clientauth_enabled: true
- peer1
tls_enabled: true
tls_clientauth_enabled: true
- orderer0
tls_enabled: true
tls_clientauth_enabled: false
org2
- peer0
anchor: true
tls_enabled: true
tls_clientauth_enabled: true
- peer1
tls_enabled: true
tls_clientauth_enabled: true
- orderer0
tls_enabled: true
tls_clientauth_enabled: false
org3
- orderer0
tls_enabled: true
tls_clientauth_enabled: false
Однако, когда я запускаю канал, в котором участвуют несколько организаций, я получаю ошибки, связанные с Gossip и TLS hanshake. Это пример (журнал с peer0.org1):
2019-10-07 10:01:45.615 UTC [gossip.service] func1 -> INFO 046 Elected as a leader, starting delivery service for channel global
2019-10-07 10:01:48.620 UTC [ConnProducer] NewConnection -> ERRO 047 Failed connecting to {orderer0.org2:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:51.622 UTC [ConnProducer] NewConnection -> ERRO 048 Failed connecting to {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:54.638 UTC [ConnProducer] NewConnection -> ERRO 049 Failed connecting to {orderer0.org3:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:54.638 UTC [ConnProducer] NewConnection -> ERRO 04a Could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:01:54.638 UTC [deliveryClient] connect -> ERRO 04b Failed obtaining connection: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:01:54.638 UTC [deliveryClient] try -> WARN 04c Got error: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}] , at 1 attempt. Retrying in 1s
2019-10-07 10:01:58.640 UTC [ConnProducer] NewConnection -> ERRO 04d Failed connecting to {orderer0.org2:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:59.833 UTC [core.comm] ServerHandshake -> ERRO 04e TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.24:54590
2019-10-07 10:02:00.828 UTC [core.comm] ServerHandshake -> ERRO 04f TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.24:54604
2019-10-07 10:02:01.642 UTC [ConnProducer] NewConnection -> ERRO 050 Failed connecting to {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:02:02.609 UTC [core.comm] ServerHandshake -> ERRO 051 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.24:54624
2019-10-07 10:02:04.647 UTC [ConnProducer] NewConnection -> ERRO 052 Failed connecting to {orderer0.org3:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:02:04.647 UTC [ConnProducer] NewConnection -> ERRO 053 Could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:02:04.647 UTC [deliveryClient] connect -> ERRO 054 Failed obtaining connection: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:02:04.647 UTC [deliveryClient] try -> WARN 055 Got error: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}] , at 2 attempt. Retrying in 2s
2019-10-07 10:02:04.755 UTC [core.comm] ServerHandshake -> ERRO 056 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.19:48822
2019-10-07 10:02:05.755 UTC [core.comm] ServerHandshake -> ERRO 057 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.19:48836
2019-10-07 10:02:07.118 UTC [core.comm] ServerHandshake -> ERRO 058 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.19:48854
2019-10-07 10:02:09.651 UTC [ConnProducer] NewConnection -> ERRO 059 Failed connecting to {orderer0.org2:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:02:10.595 UTC [gossip.gossip] func1 -> WARN 05a Deep probe of peer0.org2:7051 failed: context deadline exceeded
github.com/hyperledger/fabric/gossip/gossip.(*gossipServiceImpl).learnAnchorPeers.func1
/opt/gopath/src/github.com/hyperledger/fabric/gossip/gossip/gossip_impl.go:251
github.com/hyperledger/fabric/gossip/discovery.(*gossipDiscoveryImpl).Connect.func1
/opt/gopath/src/github.com/hyperledger/fabric/gossip/discovery/discovery_impl.go:153
runtime.goexit
/opt/go/src/runtime/asm_amd64.s:1333
2019-10-07 10:02:10.595 UTC [gossip.discovery] func1 -> WARN 05b Could not connect to Endpoint: peer0.org2:7051, InternalEndpoint: peer0.org2:7051, PKI-ID: <nil>, Metadata: : context deadline exceeded
Как я могу это решить? Я попытался поделиться CA Pems между orgs и установить CORE_PEER_TLS_CLIENTROOTCAS_FILES на "/public/org1/ca-chain.pem /public/org2/ca-chain.pem /public/org3/ca-chain.pem", но это не работает. Нужно ли добавлять клиентский сертификат для каждого узла / клиента в каждый из моих узлов? Где? Эта проблема не связана с TLS? Я действительно потерян.
Спасибо.