Я создаю HLF-сеть с плотом в качестве службы заказа & контейнеры orderer. Журналы контейнера orderer сообщают об ошибке tls bad certificate.
2020-02-14 06:22:33.504 UTC [core.comm] ServerHandshake -> ERRO 2849 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.23.4:18725
2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] probeEndpoint -> WARN 2853 Failed connecting to {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----
2020-02-14 06:22:35.859 UTC [orderer.common.cluster.puller] func1 -> WARN 2854 Received error of type 'failed to create new connection: context deadline exceeded' from {ProdOrderer4_ProdOrdr_com:7050 [-----BEGIN CERTIFICATE-----
Я прилагаю crypto-config.yaml, configtx.yaml, docker -compose.yaml для справки.
crypto-config.yaml
OrdererOrgs:
- Name: ProdOrderer
Domain: ProdOrdr_com
Specs:
- Hostname: ProdOrderer1
SANS:
- "localhost"
- "127.0.0.1"
- Hostname: ProdOrderer2
SANS:
- "localhost"
- "127.0.0.1"
- Hostname: ProdOrderer3
SANS:
- "localhost"
- "127.0.0.1"
PeerOrgs:
- Name: ProdOrg
- Name: ProdOrgA
configtx.yaml
Organizations:
- &OrdererOrg
Name: ProdOrderer
ID: ProdOrdererMSP
MSPDir: crypto-config/ordererOrganizations/ProdOrdr_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('ProdOrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('ProdOrdererMSP.admin')"
- &ProdOrg
Name: ProdOrg
ID: ProdOrgMSP
MSPDir: crypto-config/peerOrganizations/peerProd_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrgMSP.admin','ProdOrgMSP.peer', 'ProdOrgMSP.client')"
Writers:
Type: Signature
Rule: "OR('ProdOrgMSP.admin', 'ProdOrgMSP.client')"
Admins:
Type: Signature
Rule: "OR('ProdOrgMSP.admin')"
AnchorPeers:
- Host: HOSTA_peerProd_com
Port: 7051
- &ProdOrgA
Name: ProdOrgA
ID: ProdOrgAMSP
MSPDir: crypto-config/peerOrganizations/peerProdA_com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin','ProdOrgAMSP.peer', 'ProdOrgAMSP.client')"
Writers:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin', 'ProdOrgAMSP.client')"
Admins:
Type: Signature
Rule: "OR('ProdOrgAMSP.admin')"
AnchorPeers:
- Host: HOSTA_peerProdA_com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- ProdOrderer1_ProdOrdr_com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
EtcdRaft:
Consenters:
- Host: ProdOrderer1_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer2_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer3_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
OrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ProdOrg
- *ProdOrgA
Capabilities:
<<: *ApplicationCapabilities
SampleDevModeKafka:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Kafka:
Brokers:
- kafka.example.com:9092
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: ProdOrderer1_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer2_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com/tls/server.crt
- Host: ProdOrderer3_ProdOrdr_com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer3.ProdOrdr_com/tls/server.crt
Addresses:
- ProdOrderer1_ProdOrdr_com:7050
- ProdOrderer2_ProdOrdr_com:7050
- ProdOrderer3_ProdOrdr_com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ProdOrg
- *ProdOrgA
Docker -compose.yaml file
Я создал сеть с использованием docker -warm.
version: "3.4"
networks:
dev:
attachable: true
services:
ProdOrderer1_ProdOrdr_com:
container_name: ProdOrderer1_ProdOrdr_com
image: hyperledger/fabric-orderer:1.4.4
environment:
- ORDERER_GENERAL_LOGLEVEL=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer1/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
- ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer1/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer1/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer1/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
volumes:
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer1.ProdOrdr_com:/etc/hyperledger/orderer1
- /opt/ProdNode/hyp-data/orderer1:/var/hyperledger/production/orderer1
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 7050:7050
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
depends_on:
restart: always
networks:
- dev
ProdOrderer2_ProdOrdr_com:
container_name: ProdOrderer2_ProdOrdr_com
image: hyperledger/fabric-orderer:1.4.4
environment:
- ORDERER_GENERAL_LOGLEVEL=info
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer2/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
- ORDERER_GENERAL_LOCALMSPID=ProdOrdererMSP
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer2/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer2/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer2/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
volumes:
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/ordererOrganizations/ProdOrdr_com/orderers/ProdOrderer2.ProdOrdr_com:/etc/hyperledger/orderer2
- /opt/ProdNode/hyp-data/orderer2:/var/hyperledger/production/orderer2
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 8050:7050
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
depends_on:
restart: always
networks:
- dev
ProdOrderer3_ProdOrdr_com:
container_name: ProdOrderer3_ProdOrdr_com
ca_ProdOrg:
image: hyperledger/fabric-ca:1.4.4
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca_ProdOrg
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.peerProd_com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/21a106a45dfc8c3d350d16832bd6923fbc037b278ba94c4084f2a698548cf311_sk -b admina:adminpw -d'
volumes:
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_ProdOrg
networks:
- dev
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
restart: always
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer1_ProdOrdr_com
HOSTA_peerProd_com:
container_name: HOSTA_peerProd_com
image: hyperledger/fabric-peer:1.4.4
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=HOSTA_peerProd_com
- CORE_PEER_LOCALMSPID=ProdOrgMSP
- CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb_HOSTA_peerProd_com:5984
- CORE_PEER_GOSSIP_BOOTSTRAP=HOSTA_peerProd_com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=HOSTA_peerProd_com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=swarm_dev
- CORE_LOGGING_PEER=INFO
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
#TLS Settings
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
#Couch DB config
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=P@ss123
volumes:
- /var/run/:/host/var/run/
- /opt/ProdNode/config/:/etc/hyperledger/configtx
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com:/etc/hyperledger/peer
- /opt/ProdNode/crypto-config/peerOrganizations/peerProd_com/users:/etc/hyperledger/users
- /opt/ProdNode/hyp-data/peer-1_1/:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/peer
command: peer node start
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
restart: always
ports:
- 7051:7051
- 7053:7053
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer1_ProdOrdr_com
- couchdb_HOSTA_peerProd_com
- ca_ProdOrg
networks:
- dev
couchdb_HOSTA_peerProd_com:
container_name: couchdb_HOSTA_peerProd_com
ca_ProdOrgA:
image: hyperledger/fabric-ca:1.4.4
HOSTA_peerProdA_com:
container_name: HOSTA_peerProdA_com
image: hyperledger/fabric-peer:1.4.4
couchdb_HOSTA_peerProdA_com:
container_name: couchdb_HOSTA_peerProdA_com
cli:
container_name: cli
image: hyperledger/fabric-tools:1.4.4
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=HOSTA_peerProd_com:7051
- CORE_PEER_LOCALMSPID=ProdOrgMSP
- CORE_PEER_TLS_ENABLED=true #Should be kept to true if not running event listenr
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/peers/HOSTA.peerProd_com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerProd_com/users/Admin@peerProd_com/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
deploy:
replicas: 1
placement:
constraints:
- node.id == wohcakp6rt413tvqtnsd77o81
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode/
- ./crypto-config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/configtx
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
networks:
- dev
depends_on:
- ProdOrderer1_ProdOrdr_com
- ProdOrderer2_ProdOrdr_com
- ProdOrderer3_ProdOrdr_com
- HOSTA_peerProd_com
- HOSTA_peerProdA_com
Может ли кто-нибудь помочь мне устранить ошибку, с которой я сталкиваюсь?