Я строю сеть Hyperledger fabri c с тремя узлами и одним заказчиком с Solo в качестве службы заказа. Каждый из узлов имеет CA, couchDB, Cli и одноранговый узел. Узел заказа имеет только ca. Когда я настраиваю, у меня возникает проблема с TLS-рукопожатием, а также появляется предупреждающее сообщение, в котором говорится, что не удается достичь внешних конечных точек.
[gossip.discovery] func1 -> WARN 160 Could not connect to Endpoint: peer0.bc-node1.example.com:7051, InternalEndpoint: peer0.bc-node1.example.com:7051, PKI-ID: <nil>, Metadata: : context deadline exceeded
[core.comm] ServerHandshake -> ERRO 169 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=IP:53632 (Orderer)
Я прикрепил docker -compose-base:
version: '2'
services:
orderer:
image: hyperledger/fabric-orderer
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=network_byfn
- ORDERER_HOME=/var/hyperledger/orderer
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_LEDGERTYPE=ram
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/configs/genesis.block
- CONFIGTX_ORDERER_ORDERERTYPE=solo
- CONFIGTX_ORDERER_BATCHSIZE_MAXMESSAGECOUNT=10
- CONFIGTX_ORDERER_BATCHTIMEOUT=2s
- CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
# TLS settings
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_TLS_CLIENTAUTHREQUIRED=false
- ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@example.com/tls/ca.crt
- ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@example.com/tls/client.crt
- ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@example.com/tls/client.key
volumes:
- ../channel-artifacts/:/var/hyperledger/configs
- ../crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- '7050'
peer:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_NETWORKID=net
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=network_byfn
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_MSPCONFIGPATH=/var/hyperledger/msp
#- CORE_LEDGER_STATE_STATEDATABASE=LevelDB
- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_GOSSIP=WARNING
- CORE_LOGGING_MSP=DEBUG
# TLS settings
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=false
- CORE_PEER_TLS_CERT_FILE=/var/hyperledger/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/var/hyperledger/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/var/hyperledger/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- $GOPATH/src/github.com/hyperledger/fabric/:/opt/gopath/src/github.com/hyperledger/fabric/
- ../crypto-config/:/var/hyperledger/configs
- ../channel-artifacts/:/var/hyperledger/configs
command: peer node start
ports:
- '7051'
- '7053'
docker -compose для node3
version: '2'
networks:
byfn:
services:
peer0.bc-node3.example.com:
extends:
file: docker-compose-base.yml
service: peer
container_name: peer0.bc-node3.example.com
environment:
- GODEBUG=netdns=go
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.bc-node3.example.com:7052
- CORE_PEER_ID=peer0.bc-node3.example.com
- CORE_PEER_ADDRESS=peer0.bc-node3.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.bc-node1.example.com:7051
- CORE_PEER_GOOSIP_EXTERNALENDPOINT=peer0.bc-node3.example.com:7051
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_LOCALMSPID=OrgGIMSP
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@bc-node3.example.com/tls/ca.crt
- CORE_PEER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@bc-node3.example.com/tls/client.crt
- CORE_PEER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@bc-node3.example.com/tls/client.key
volumes:
- ./crypto-config/peerOrganizations/bc-node3.example.com/peers/peer0.bc-node3.example.com/msp:/var/hyperledger/msp
- ./crypto-config/peerOrganizations/bc-node3.example.com/peers/peer0.bc-node3.example.com/tls:/var/hyperledger/tls
- ./crypto-config/peerOrganizations/bc-node3.example.com/users:/var/hyperledger/users
- ./channel-artifacts/:/var/hyperledger/configs
extra_hosts:
- "bc-nodeorderer.example.com:IP"
- "peer0.bc-node1.example.com:IP"
- "peer0.bc-node2.example.com:IP"
networks:
byfn:
aliases:
- net
ports:
- 7051:7051
- 7053:7053
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.bc-node3.example.com:7051
- CORE_PEER_LOCALMSPID=OrgGIMSP
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/bc-nodeI.example.com/users/Admin@bc-node3.example.com/msp
- CORE_CHAINCODE_KEEPALIVE=10
extra_hosts:
- "bc-nodeorderer.example.com:IP"
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ../Fabmbse/chaincode/:/opt/gopath/src/github.com/chaincode
- $GOPATH/src/github.com/hyperledger/fabric/:/opt/gopath/src/github.com/hyperledger/fabric/
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts/
depends_on:
- peer0.bc-node3.example.com
networks:
- byfn
Остальные узлы аналогичны, за исключением - CORE_PEER_GOOSIP_EXTERNALENDPOINT был удален и -CORE_PEER_GOOSIP_BOOTSTRAP = peer0.b c -node3 .example.com: 7051
Файл ca:
version: '2'
networks:
byfn:
services:
ca0:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org3
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.bc-node3.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY}
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.bc-node3.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${BYFN_CA1_PRIVATE_KEY} -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/bc-node3.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg3
networks:
- byfn
The configtx file:
Организации:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &OrgG1
Name: OrgG1MSP
ID: OrgG1MSP
MSPDir: crypto-config/peerOrganizations/bc-node1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrgG1MSP.admin', 'OrgG1MSP.peer', 'OrgG1MSP.client')"
Writers:
Type: Signature
Rule: "OR('OrgG1MSP.admin', 'OrgG1MSP.client')"
Admins:
Type: Signature
Rule: "OR('OrgG1MSP.admin')"
AnchorPeers:
- Host: peer0.bc-node1.example.com
Port: 7051
- &OrgG2
Name: OrgG2MSP
ID: OrgG2MSP
MSPDir: crypto-config/peerOrganizations/bc-node2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrgG2MSP.admin', 'OrgG2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('OrgG2MSP.admin', 'OrgG2MSP.client')"
Admins:
Type: Signature
Rule: "OR('OrgG2MSP.admin')"
AnchorPeers:
- Host: peer0.bc-node2.example.com
Port: 7051
- &OrgG3
Name: OrgGIMSP
ID: OrgGIMSP
MSPDir: crypto-config/peerOrganizations/bc-nodeI.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrgG3MSP.admin', 'OrgG3MSP.peer', 'OrgG3MSP.client')"
Writers:
Type: Signature
Rule: "OR('OrgG3MSP.admin', 'OrgG3MSP.client')"
Admins:
Type: Signature
Rule: "OR('OrgG3MSP.admin')"
AnchorPeers:
- Host: peer0.bc-node3.example.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- bc-nodeorderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
ThreeOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *OrgG3
- *OrgG1
- *OrgG2
ChannelAll:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *OrgG1
- *OrgG2
- *OrgG3
Capabilities:
<<: *ApplicationCapabilities
ChannelI1:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *OrgG1
- *OrgG3
Capabilities:
<<: *ApplicationCapabilities
ChannelI2:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *OrgG2
- *OrgG3
Capabilities:
<<: *ApplicationCapabilities
Я не уверен, в чем заключается ошибка, которую я пробовал все остальные предложения. Есть предложения или советы? Заранее спасибо