Hyperledger Fabric : 조직을 피어 및 주문자 노드로 만들려면 어떻게해야합니까?
Aug 18 2020
저는 Hyperledger Fabric 네트워크를 구축 중이며 조직에 피어 노드와 주문 노드를 모두 갖도록 노력하고 있습니다. 저는 cryptogen을 사용하여 인증서와 키를 생성하고 있으며 "동료 조직"으로 하나의 조직 만 만들고 있습니다. 6 개 조직이있는 네트워크가 하나 있었는데 그중 5 개 조직에는 단일 피어가 있고 하나의 주문자 조직이 있습니다. 그런 다음 이러한 구성 파일을 가져 와서 orderer 조직을 제거하고 orderer 엔드 포인트를 피어 조직 중 하나에 추가했습니다. 이제 오류가 발생합니다.
화면에 인쇄 :
오류 : orderer에 대한 배달 클라이언트를 만들지 못했습니다. orderer 클라이언트가 localhost : 7050에 연결하지 못했습니다. 새 연결을 만들지 못했습니다. 컨텍스트 기한이 초과되었습니다.
"docker logs orderer.orgname.domain"실행시 오류 메시지
2020-08-17 23 : 56 : 43.834 UTC [orderer.common.server] Main-> INFO 00d 요청 처리 시작
2020-08-17 23 : 56 : 51.317 UTC [core.comm] ServerHandshake-> ERRO 00e TLS 핸드 셰이크가 원격 오류 오류로 실패했습니다 : tls : 잘못된 인증서 서버 = Orderer remoteaddress = 172.21.0.1 : 32892
내 configtx.yaml 파일
Organizations:
- &orgname
Name: orgnameMSP
SkipAsForeign: false
ID: orgnameMSP
MSPDir: crypto-config/peerOrganizations/orgname.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.peer', 'PSUMSP.client')"
Writers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.client')"
Admins:
Type: Signature
Rule: "OR('orgnameMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgnameMSP.member')"
OrdererEndpoints:
- orderer.orgname.domain:7050
AnchorPeers:
- Host: peer0.orgname.domain
Port: 7051
- &orgname2
Name: orgname2MSP
ID: orgname2MSP
MSPDir: crypto-config/peerOrganizations/orgname2.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.peer', 'orgname2MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname2MSP.peer')"
AnchorPeers:
- Host: peer0.orgname2.domain
Port: 8051
- &orgname3
Name: orgname3MSP
ID: orgname3MSP
MSPDir: crypto-config/peerOrganizations/orgname3.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.peer', 'orgname3MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname3MSP.peer')"
AnchorPeers:
- Host: peer0.orgname3.domain
Port: 9051
- &orgname4
Name: orgname4
ID: orgname4MSP
MSPDir: crypto-config/peerOrganizations/orgname4.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.peer', 'orgname4MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname4MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname4MSP.peer')"
AnchorPeers:
- Host: peer0.orgname4.domain
Port: 10051
- &orgname5
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/orgname5.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.peer', 'orgname5MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname5MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname5MSP.peer')"
AnchorPeers:
- Host: peer0.orgname5.domain
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
# V2_0: true
V1_4_2: true
Orderer: &OrdererCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
EtcdRaft:
Consenters:
- Host: orderer.orgname.domain
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
Addresses:
- orderer.orgname.domain:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
BasicChannel:
Consortium: MyConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *orgname
Capabilities:
<<: *ChannelCapabilities
Consortiums:
MyConsortium:
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
내 docker-compose.yaml 파일
version: "2"
networks:
network2.3:
services:
ca-orgname:
container_name: ca.orgname.domain
hostname: ca.orgname.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname.domain-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname2:
container_name: ca.orgname2.domain
hostname: ca.orgname2.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname2.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname2.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname3:
container_name: ca.orgname3.domain
hostname: ca.orgname3.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname3.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname3.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname4:
container_name: ca.orgname4.domain
hostname: ca.orgname4.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname4.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname4.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname5:
container_name: ca.orgname5.domain
hostname: ca.orgname5.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname5.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname5.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.orgname.domain
container_name: orderer.orgname.domain
image: hyperledger/fabric-orderer:latest
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.orgname.domain:
container_name: peer0.orgname.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgnameMSP
- CORE_PEER_ID=peer0.orgname.domain
- CORE_PEER_ADDRESS=peer0.orgname.domain:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname.domain:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname.domain:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname.domain:7051
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.orgname2.domain:
container_name: peer0.orgname2.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname2MSP
- CORE_PEER_ID=peer0.orgname2.domain
- CORE_PEER_ADDRESS=peer0.orgname2.domain:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname2.domain:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname2.domain:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname2.domain:8051
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.orgname3.domain:
container_name: peer0.orgname3.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname3MSP
- CORE_PEER_ID=peer0.orgname3.domain
- CORE_PEER_ADDRESS=peer0.orgname3.domain:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname3.domain:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname3.domain:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname3.domain:9051
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.orgname4.domain:
container_name: peer0.orgname4.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname4MSP
- CORE_PEER_ID=peer0.orgname4.domain
- CORE_PEER_ADDRESS=peer0.orgname4.domain:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname4.domain:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname4.domain:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname4.domain:10051
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.orgname5.domain:
container_name: peer0.orgname5.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname5MSP
- CORE_PEER_ID=peer0.orgname5.domain
- CORE_PEER_ADDRESS=peer0.orgname5.domain:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname5.domain:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname5.domain:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname5.domain:11051
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
내 crypto-config.yaml 파일
PeerOrgs:
- Name: orgname
Domain: orgname.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname2
Domain: orgname2.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname3
Domain: orgname3.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname4
Domain: orgname4.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname5
Domain: orgname5.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
어떤 도움이라도 대단히 감사하겠습니다.
업데이트 : 그래서 저는 cryptoconfig.yaml의 구성을 변경하여 피어 / 주문자 조직에 두 개의 피어를 만들었습니다. 하나는 주문자, 다른 하나는 피어로 지정했습니다. 이렇게하면 TLS 오류가 제거되었지만 이제는 보증 정책에 오류가 있습니다.
020-08-20 14 : 29 : 09.699 PDT [channelCmd] InitCmdFactory-> INFO 001 Endorser 및 Orderer 연결이 초기화 됨 오류 : 예상치 못한 상태 획득 : FORBIDDEN-암시 적 정책 평가 실패-0 개의 하위 정책이 충족되었지만이 정책에는 1이 필요합니다. 충족해야 할 '작가'하위 정책 중 : 허가 거부
나머지 파일은 동일합니다. 단, orderer TLS 파일이 새로 지정된 "orderer"(실제로는 cryptogen에 관한 피어) 파일을 가리 키도록 변경했습니다.
답변
jnasworld223 Aug 22 2020 at 06:47
TLS의 문제는 조직 조직 이름 아래에 두 개의 피어를 만들고 주문자에 대해 하나를 지정하여 해결되었습니다. 피어 노드와 주문자 노드 모두에 동일한 인증서를 사용할 수없는 이유를 정확히 이해하지 못했지만 지금은 작동하고 있습니다.
업데이트에서 두 번째 문제는 보증 정책을보다 관대하게 만들어 해결했습니다. 내 configtx.yaml 파일의 각 조직에 대해 회원 서명을 요구하도록 Readers, Writers 및 Endorsements를 설정했습니다.