Hyperledger Fabric: Bagaimana cara membuat organisasi menjadi node peer dan orderer?
Aug 18 2020
Saya membangun jaringan Fabric Hyperledger, dan saya mencoba membuat organisasi memiliki node rekan dan node pemesanan. Saya menggunakan cryptogen untuk menghasilkan sertifikat dan kunci, dan saya hanya membuat satu organisasi sebagai "organisasi rekan". Saya memiliki satu jaringan yang memiliki 6 organisasi - 5 di antaranya memiliki satu organisasi rekan dan satu organisasi pemesan dengan satu pemesan. Kemudian saya mengambil file konfigurasi ini dan menghapus organisasi pemesan dan menambahkan titik akhir pemesan ke salah satu organisasi rekan. Saya sekarang mendapatkan kesalahan.
dicetak ke layar:
Kesalahan: gagal membuat klien pengiriman untuk pemesan: klien pemesan gagal terhubung ke localhost: 7050: gagal membuat koneksi baru: batas waktu konteks terlampaui
Pesan kesalahan dari menjalankan "docker logs orderer.orgname.domain"
2020-08-17 23: 56: 43.834 UTC [orderer.common.server] Utama -> INFO 00d Mulai melayani permintaan
2020-08-17 23: 56: 51.317 UTC [core.comm] ServerHandshake -> ERRO 00e TLS handshake gagal dengan error remote error: tls: bad certificate server = Orderer remoteaddress = 172.21.0.1: 32892
file configtx.yaml saya
Organizations:
- &orgname
Name: orgnameMSP
SkipAsForeign: false
ID: orgnameMSP
MSPDir: crypto-config/peerOrganizations/orgname.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.peer', 'PSUMSP.client')"
Writers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.client')"
Admins:
Type: Signature
Rule: "OR('orgnameMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgnameMSP.member')"
OrdererEndpoints:
- orderer.orgname.domain:7050
AnchorPeers:
- Host: peer0.orgname.domain
Port: 7051
- &orgname2
Name: orgname2MSP
ID: orgname2MSP
MSPDir: crypto-config/peerOrganizations/orgname2.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.peer', 'orgname2MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname2MSP.peer')"
AnchorPeers:
- Host: peer0.orgname2.domain
Port: 8051
- &orgname3
Name: orgname3MSP
ID: orgname3MSP
MSPDir: crypto-config/peerOrganizations/orgname3.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.peer', 'orgname3MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname3MSP.peer')"
AnchorPeers:
- Host: peer0.orgname3.domain
Port: 9051
- &orgname4
Name: orgname4
ID: orgname4MSP
MSPDir: crypto-config/peerOrganizations/orgname4.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.peer', 'orgname4MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname4MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname4MSP.peer')"
AnchorPeers:
- Host: peer0.orgname4.domain
Port: 10051
- &orgname5
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/orgname5.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.peer', 'orgname5MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname5MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname5MSP.peer')"
AnchorPeers:
- Host: peer0.orgname5.domain
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
# V2_0: true
V1_4_2: true
Orderer: &OrdererCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
EtcdRaft:
Consenters:
- Host: orderer.orgname.domain
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
Addresses:
- orderer.orgname.domain:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
BasicChannel:
Consortium: MyConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *orgname
Capabilities:
<<: *ChannelCapabilities
Consortiums:
MyConsortium:
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
File buruh pelabuhan-compose.yaml saya
version: "2"
networks:
network2.3:
services:
ca-orgname:
container_name: ca.orgname.domain
hostname: ca.orgname.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname.domain-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname2:
container_name: ca.orgname2.domain
hostname: ca.orgname2.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname2.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname2.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname3:
container_name: ca.orgname3.domain
hostname: ca.orgname3.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname3.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname3.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname4:
container_name: ca.orgname4.domain
hostname: ca.orgname4.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname4.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname4.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname5:
container_name: ca.orgname5.domain
hostname: ca.orgname5.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname5.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname5.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.orgname.domain
container_name: orderer.orgname.domain
image: hyperledger/fabric-orderer:latest
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.orgname.domain:
container_name: peer0.orgname.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgnameMSP
- CORE_PEER_ID=peer0.orgname.domain
- CORE_PEER_ADDRESS=peer0.orgname.domain:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname.domain:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname.domain:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname.domain:7051
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.orgname2.domain:
container_name: peer0.orgname2.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname2MSP
- CORE_PEER_ID=peer0.orgname2.domain
- CORE_PEER_ADDRESS=peer0.orgname2.domain:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname2.domain:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname2.domain:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname2.domain:8051
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.orgname3.domain:
container_name: peer0.orgname3.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname3MSP
- CORE_PEER_ID=peer0.orgname3.domain
- CORE_PEER_ADDRESS=peer0.orgname3.domain:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname3.domain:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname3.domain:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname3.domain:9051
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.orgname4.domain:
container_name: peer0.orgname4.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname4MSP
- CORE_PEER_ID=peer0.orgname4.domain
- CORE_PEER_ADDRESS=peer0.orgname4.domain:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname4.domain:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname4.domain:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname4.domain:10051
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.orgname5.domain:
container_name: peer0.orgname5.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname5MSP
- CORE_PEER_ID=peer0.orgname5.domain
- CORE_PEER_ADDRESS=peer0.orgname5.domain:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname5.domain:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname5.domain:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname5.domain:11051
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
File crypto-config.yaml saya
PeerOrgs:
- Name: orgname
Domain: orgname.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname2
Domain: orgname2.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname3
Domain: orgname3.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname4
Domain: orgname4.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname5
Domain: orgname5.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
Bantuan apa pun akan sangat dihargai.
PEMBARUAN: Jadi saya mengubah konfigurasi cryptoconfig.yaml saya untuk membuat dua rekan di organisasi peer / pemesan. Satu saya tunjuk sebagai pemesan, yang lainnya sebagai rekan. Ini menghilangkan kesalahan TLS, tetapi sekarang saya memiliki kesalahan dengan kebijakan dukungan saya.
020-08-20 14: 29: 09.699 PDT [channelCmd] InitCmdFactory -> INFO 001 Koneksi endorser dan pemesan diinisialisasi Kesalahan: mendapat status tidak terduga: DILARANG - evaluasi kebijakan implisit gagal - 0 sub-kebijakan terpenuhi, tetapi kebijakan ini memerlukan 1 dari sub-kebijakan 'Penulis' yang harus dipenuhi: izin ditolak
Sisa dari file adalah sama, kecuali saya mengubah file TLS pemesan untuk menunjuk ke file "pemesan" baru yang ditunjuk (sebenarnya peer sejauh menyangkut cryptogen).
Jawaban
jnasworld223 Aug 22 2020 at 06:47
Masalah dengan TLS diselesaikan dengan membuat dua rekan di bawah nama organisasi, dan menunjuk satu untuk pemesan. Saya tidak mengerti persis mengapa saya tidak dapat menggunakan sertifikat yang sama untuk node peer dan orderer, tetapi sekarang berfungsi.
Masalah kedua yang saya miliki dalam pembaruan saya diselesaikan dengan membuat kebijakan dukungan lebih permisif. Untuk setiap organisasi di file configtx.yaml saya, saya menetapkan Pembaca, Penulis, dan Pengesahan untuk meminta tanda tangan anggota.
Kiat Pemilik Anjing yang Bermanfaat: Mengapa Penting untuk Membiarkan Anjing Anda Mengendus di Jalan
Taylor Sheridan Baru Menambahkan 1 Bintang 'Yellowstone' Favoritnya ke Pemeran 'Lawmen: Bass Reeves'