У меня есть работающий тест tnet с externalTLS в кластере Kubernetes. Настройка работает, так как я могу безупречно использовать интерфейс командной строки для вызова и запроса цепного кода.
Однако в Node я могу зарегистрировать личность, но не могу успешно выполнить gateway.connect(...). Сообщения об ошибках от клиента и однорангового узла мне ничего не говорят.
Скрипт
'use strict';
const FabricCAServices = require('fabric-ca-client');
const { Wallets, Gateway } = require('fabric-network');
const fs = require('fs');
const path = require('path');
const ccp = require('../gateway/connection.json');
const caConfig = require('../gateway/ca-config.json');
const user = 'benchmark';
const userpw = 'benchmarkPW';
const mspID = 'Org1MSP';
async function createWallet() {
try {
const walletPath = path.join(process.cwd(), 'identity/wallet');
const wallet = await Wallets.newFileSystemWallet(walletPath);
return wallet;
} catch (error) {
console.error(`Error: ${error}`);
}
}
async function enrollUser(wallet) {
try {
const caInfo = ccp.certificateAuthorities[caConfig.url];
const caTLSCACerts = caInfo.tlsCACerts.pem;
let ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, caInfo.caName);
// Check to see if we've already enrolled the user.
const userExists = await wallet.get(user);
if (userExists) {
console.log(`An identity for the client user "${user}" already exists in the wallet`);
} else {
// Enroll signing material
let enrollment = await ca.enroll({ enrollmentID: user, enrollmentSecret: userpw });
let x509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.key.toBytes(),
},
mspId: mspID,
type: 'X.509',
};
await wallet.put(user, x509Identity);
console.log(`Successfully enrolled msp for user "${user}" and imported it into the wallet`);
ca = new FabricCAServices(caInfo.url, { trustedRoots: caTLSCACerts, verify: false }, `TLS${caInfo.caName}`);
enrollment = await ca.enroll({ enrollmentID: user, enrollmentSecret: userpw, profile: 'tls' });
x509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.key.toBytes(),
},
mspId: mspID,
type: 'X.509',
};
await wallet.put(`${user}-tls`, x509Identity);
console.log(`Successfully enrolled tls-msp for user "${user}" and imported it into the wallet`);
}
} catch (error) {
console.error(`Error enrolling user "${user}": ${error}`);
process.exit(1);
}
}
async function startBenchmark(wallet) {
try {
const gateway = new Gateway();
const connectionOptions = {
identity: user,
clientTlsIdentity: `${user}-tls`,
wallet: wallet,
discovery: { enabled: true, asLocalhost: false },
};
await gateway.connect(ccp, connectionOptions);
gateway.disconnect();
} catch (error) {
console.error(`Got error:": ${error}`);
process.exit(1);
}
}
async function main() {
try {
const wallet = await createWallet();
await enrollUser(wallet);
await startBenchmark(wallet);
} catch (error) {
console.error(`Error: ${error}`);
process.exit(1);
}
}
main();
соединение. json
{
"name": "Org1MSPprofile",
"description": "Network on OpenShift/K8s",
"version": "1.0.0",
"client": {
"organization": "Org1MSP"
},
"organizations": {
"Org1MSP": {
"mspid": "Org1MSP",
"certificateAuthorities": [
"worker2.example.com:30051"
],
"peers": [
"worker2.example.com:30151"
]
}
},
"peers": {
"worker2.example.com:30151": {
"url": "grpcs://worker2.example.com:30151",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nxxxx==\n-----END CERTIFICATE-----"
},
"grpcOptions": {
"ssl-target-name-override": "worker2.example.com"
}
}
},
"certificateAuthorities": {
"worker2.example.com:30051": {
"url": "https://worker2.example.com:30051",
"caName": "CA",
"tlsCACerts": {
"pem": [
"-----BEGIN CERTIFICATE-----\nxxxx==\n-----END CERTIFICATE-----"
]
},
"httpOptions": {
"verify": false
}
}
}
}
Вывод в консоль
> node ./src/index.js
2020-08-06T15:00:26.046Z - debug: Successfully constructed a winston logger with configurations debug=console, info=console
2020-08-06T15:00:26.276Z - debug: [crypto_ecdsa_aes]: Hash algorithm: SHA2, hash output size: 256
2020-08-06T15:00:26.552Z - debug: [crypto_ecdsa_aes]: Hash algorithm: SHA2, hash output size: 256
2020-08-06T15:00:26.555Z - debug: [FabricCAClient.js]: Successfully constructed Fabric CA client from options - { caname: 'CA',
protocol: 'https',
hostname: 'worker2.example.com',
port: 30051,
tlsOptions:
{ trustedRoots:
[ '-----BEGIN CERTIFICATE-----\nxxxx==\n-----END CERTIFICATE-----' ],
verify: false } }
2020-08-06T15:00:26.555Z - debug: [FabricCAClientService.js]: Successfully constructed Fabric CA service client: endpoint - {"protocol":"https","hostname":"worker2.example.com","port":30051}
2020-08-06T15:00:26.682Z - debug: [crypto_ecdsa_aes]: generateKey, store.setValue
2020-08-06T15:00:26.687Z - debug: [FabricCAClientService.js]: successfully generated key pairs
2020-08-06T15:00:26.785Z - debug: [FabricCAClientService.js]: successfully generated csr
2020-08-06T15:00:26.786Z - debug: [FabricCAClient.js]: CONNECTION_TIMEOUT = 3000, SO_TIMEOUT = infinite
2020-08-06T15:00:27.103Z - debug: [FabricCAClientService.js]: successfully enrolled benchmark
Successfully enrolled msp for user "benchmark" and imported it into the wallet
2020-08-06T15:00:27.109Z - debug: [crypto_ecdsa_aes]: Hash algorithm: SHA2, hash output size: 256
2020-08-06T15:00:27.110Z - debug: [FabricCAClient.js]: Successfully constructed Fabric CA client from options - { caname: 'TLSCA',
protocol: 'https',
hostname: 'worker2.example.com',
port: 30051,
tlsOptions:
{ trustedRoots:
[ '-----BEGIN CERTIFICATE-----\nxxxx==\n-----END CERTIFICATE-----' ],
verify: false } }
2020-08-06T15:00:27.110Z - debug: [FabricCAClientService.js]: Successfully constructed Fabric CA service client: endpoint - {"protocol":"https","hostname":"worker2.example.com","port":30051}
2020-08-06T15:00:27.174Z - debug: [crypto_ecdsa_aes]: generateKey, store.setValue
2020-08-06T15:00:27.175Z - debug: [FabricCAClientService.js]: successfully generated key pairs
2020-08-06T15:00:27.255Z - debug: [FabricCAClientService.js]: successfully generated csr
2020-08-06T15:00:27.255Z - debug: [FabricCAClient.js]: CONNECTION_TIMEOUT = 3000, SO_TIMEOUT = infinite
2020-08-06T15:00:27.489Z - debug: [FabricCAClientService.js]: successfully enrolled benchmark
Successfully enrolled tls-msp for user "benchmark" and imported it into the wallet
2020-08-06T15:00:27.492Z - debug: [Gateway]: in Gateway constructor
2020-08-06T15:00:27.495Z - debug: [Gateway]: connect - start
2020-08-06T15:00:27.495Z - debug: [Gateway]: connection options: {"identity":"benchmark","tlsInfo":{"certificate":"-----BEGIN CERTIFICATE-----\nxxxx/o=\n-----END CERTIFICATE-----\n","key":"-----BEGIN PRIVATE KEY-----\r\nxxxx\r\n-----END PRIVATE KEY-----\r\n"},"wallet":{"providerRegistry":{"providers":{}},"store":{"storePath":"/home/user/test/benchmark/identity/wallet"}},"discovery":{"enabled":true,"asLocalhost":false}}
2020-08-06T15:00:27.496Z - debug: [Client]: Client.constructor[gateway client] - start
2020-08-06T15:00:27.496Z - debug: [Gateway]: connect - setting identity from wallet
2020-08-06T15:00:27.498Z - debug: [crypto_ecdsa_aes]: createKeyFromRaw - start
2020-08-06T15:00:27.500Z - debug: [crypto_ecdsa_aes]: createKeyFromRaw - have the key [Circular]
2020-08-06T15:00:27.500Z - debug: [crypto_ecdsa_aes]: createKeyFromRaw - start
2020-08-06T15:00:27.502Z - debug: [crypto_ecdsa_aes]: createKeyFromRaw - have the key [Circular]
2020-08-06T15:00:27.503Z - debug: [Gateway]: connect - setting tlsInfo
2020-08-06T15:00:27.503Z - debug: [Client]: setTlsClientCertAndKey: gateway client - start
2020-08-06T15:00:27.503Z - debug: [Gateway]: connect - NetworkConfig loading client from ccp
2020-08-06T15:00:27.504Z - debug: [NetworkConfig]: loadFromConfig - start
2020-08-06T15:00:27.504Z - debug: [NetworkConfig]: buildPeer - start - worker2.example.com:30151
2020-08-06T15:00:27.504Z - debug: [NetworkConfig]: findPeerMspid - start for worker2.example.com:30151
2020-08-06T15:00:27.504Z - debug: [NetworkConfig]: findPeerMspid - checking peer worker2.example.com:30151 in org Org1MSP
2020-08-06T15:00:27.504Z - debug: [NetworkConfig]: findPeerMspid - found mspid Org1MSP for worker2.example.com:30151
2020-08-06T15:00:27.505Z - debug: [NetworkConfig]: buildOptions - start
2020-08-06T15:00:27.505Z - debug: [Client]: newEndpoint: gateway client - start
2020-08-06T15:00:27.505Z - debug: [Client]: getConnectionOptions: gateway client - start
2020-08-06T15:00:27.506Z - debug: [Client]: newEndpoint: gateway client grpc-wait-for-ready-timeout set to 3000
2020-08-06T15:00:27.506Z - debug: [Client]: newEndpoint: gateway client - ssl_target_name_override: worker2.example.com
2020-08-06T15:00:27.507Z - debug: [Endpoint]: Endpoint.constructor - start
2020-08-06T15:00:27.508Z - debug: [Client]: new endpoint url: grpcs://worker2.example.com:30151
2020-08-06T15:00:27.508Z - debug: [NetworkConfig]: buildPeer - about to connect to endorser worker2.example.com:30151 url:grpcs://worker2.example.com:30151 mspid:Org1MSP
2020-08-06T15:00:27.508Z - debug: [Client]: getEndorser: gateway client start name:worker2.example.com:30151
2020-08-06T15:00:27.508Z - debug: [Client]: getEndorser: gateway client create endorser name:worker2.example.com:30151
2020-08-06T15:00:27.509Z - debug: [Endorser]: Endorser.constructor[worker2.example.com:30151] - start
2020-08-06T15:00:27.509Z - debug: [Client]: getEndorser: gateway client return endorser name:worker2.example.com:30151
2020-08-06T15:00:27.509Z - debug: [ServiceEndpoint]: connect[Endorser-worker2.example.com:30151] - start
2020-08-06T15:00:27.509Z - debug: [ServiceEndpoint]: connect[Endorser-worker2.example.com:30151] - create the grpc service for worker2.example.com:30151
2020-08-06T15:00:27.513Z - debug: [ServiceEndpoint]: waitForReady - start Endorser-worker2.example.com:30151 - grpcs://worker2.example.com:30151
2020-08-06T15:00:27.513Z - debug: [ServiceEndpoint]: waitForReady - promise running worker2.example.com:30151 - grpcs://worker2.example.com:30151
2020-08-06T15:00:30.514Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: worker2.example.com:30151, url:grpcs://worker2.example.com:30151, connected:false, connectAttempted:true
2020-08-06T15:00:30.514Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: worker2.example.com:30151, url:grpcs://worker2.example.com:30151, connected:false, connectAttempted:true
2020-08-06T15:00:30.514Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server worker2.example.com:30151 url:grpcs://worker2.example.com:30151 timeout:3000
2020-08-06T15:00:30.514Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server worker2.example.com:30151 url:grpcs://worker2.example.com:30151 timeout:3000
2020-08-06T15:00:30.514Z - error: [NetworkConfig]: buildPeer - Unable to connect to the endorser worker2.example.com:30151 due to Error: Failed to connect before the deadline on Endorser- name: worker2.example.com:30151, url:grpcs://worker2.example.com:30151, connected:false, connectAttempted:true
2020-08-06T15:00:30.514Z - error: [NetworkConfig]: buildPeer - Unable to connect to the endorser worker2.example.com:30151 due to Error: Failed to connect before the deadline on Endorser- name: worker2.example.com:30151, url:grpcs://worker2.example.com:30151, connected:false, connectAttempted:true
2020-08-06T15:00:30.514Z - debug: [NetworkConfig]: loadFromConfig - end
2020-08-06T15:00:30.514Z - debug: [Gateway]: connect - end
2020-08-06T15:00:30.515Z - debug: [Gateway]: in disconnect
Журнал одноранговых узлов
[36m2020-08-06 15:09:29.718 UTC [grpc] Warning -> DEBU bba5[0m grpc: Server.Serve failed to create ServerTransport: connection error: desc = "transport: http2Server.HandleStreams failed to receive the preface from client: EOF"
[36m2020-08-06 15:09:30.904 UTC [grpc] Warning -> DEBU bba6[0m grpc: Server.Serve failed to create ServerTransport: connection error: desc = "transport: http2Server.HandleStreams failed to receive the preface from client: EOF"
[36m2020-08-06 15:09:32.344 UTC [gossip.discovery] periodicalSendAlive -> DEBU bbaf[0m Sleeping 5s
[36m2020-08-06 15:09:32.743 UTC [grpc] Warning -> DEBU bbb0[0m grpc: Server.Serve failed to create ServerTransport: connection error: desc = "transport: http2Server.HandleStreams failed to receive the preface from client: EOF"
Итак, что-то достигает однорангового узла. Я просто не понимаю, почему соединение не может быть установлено.
Контрольный список:
- Приведено tlscacert org1 в соединении. json? проверить
- Зарегистрирован идентификатор TLS для клиента? проверить
- Предоставлял ли шлюз идентификатор TLS? проверить
- Пробовали
httpOptions.verify = false в соединении. json для однорангового узла? проверить - Пробовали оба,
user и ${user}-tls в качестве идентификатора шлюза? проверить
Есть идеи?
Версии: Пир: 2.1 Узел - fabri c -ca-client: "^ 2.2.0" Узел - fabri c -network: "^ 2.2.0"
С уважением