Hyperledger Fabric: Bir kuruluşu hem eş hem de sipariş düğümleri nasıl yapabilirim?
Aug 18 2020
Bir Hyperledger Fabric ağı oluşturuyorum ve bir kuruluşun hem bir eş düğümü hem de bir sipariş düğümü olmasını sağlamaya çalışıyorum. Sertifikaları ve anahtarları oluşturmak için kriptogen kullanıyorum ve "eş organizasyon" olarak yalnızca bir organizasyon oluşturuyorum. Tek bir sipariş verene sahip 5'i tek bir eş ve bir sipariş veren kuruluş olmak üzere 6 kuruluşa sahip bir ağım vardı. Sonra bu yapılandırma dosyalarını aldım ve sipariş veren kuruluşu kaldırdım ve emsal kuruluşlardan birine bir sipariş uç noktası ekledim. Şimdi bir hata alıyorum.
ekrana yazdırıldı:
Hata: sipariş veren için teslim istemcisi oluşturulamadı: sipariş veren istemci localhost'a bağlanamadı: 7050: yeni bağlantı oluşturulamadı: bağlam son tarihi aşıldı
"Docker logs orderer.orgname.domain" çalıştırılırken gelen hata iletisi
2020-08-17 23: 56: 43.834 UTC [orderer.common.server] Ana -> INFO 00d Talepleri sunmaya başlıyor
2020-08-17 23: 56: 51.317 UTC [core.comm] ServerHandshake -> ERRO 00e TLS el sıkışması uzaktan hata hatasıyla başarısız oldu: tls: bozuk sertifika sunucusu = Orderer remoteaddress = 172.21.0.1: 32892
configtx.yaml dosyam
Organizations:
- &orgname
Name: orgnameMSP
SkipAsForeign: false
ID: orgnameMSP
MSPDir: crypto-config/peerOrganizations/orgname.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.peer', 'PSUMSP.client')"
Writers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.client')"
Admins:
Type: Signature
Rule: "OR('orgnameMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgnameMSP.member')"
OrdererEndpoints:
- orderer.orgname.domain:7050
AnchorPeers:
- Host: peer0.orgname.domain
Port: 7051
- &orgname2
Name: orgname2MSP
ID: orgname2MSP
MSPDir: crypto-config/peerOrganizations/orgname2.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.peer', 'orgname2MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname2MSP.peer')"
AnchorPeers:
- Host: peer0.orgname2.domain
Port: 8051
- &orgname3
Name: orgname3MSP
ID: orgname3MSP
MSPDir: crypto-config/peerOrganizations/orgname3.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.peer', 'orgname3MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname3MSP.peer')"
AnchorPeers:
- Host: peer0.orgname3.domain
Port: 9051
- &orgname4
Name: orgname4
ID: orgname4MSP
MSPDir: crypto-config/peerOrganizations/orgname4.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.peer', 'orgname4MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname4MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname4MSP.peer')"
AnchorPeers:
- Host: peer0.orgname4.domain
Port: 10051
- &orgname5
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/orgname5.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.peer', 'orgname5MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname5MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname5MSP.peer')"
AnchorPeers:
- Host: peer0.orgname5.domain
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
# V2_0: true
V1_4_2: true
Orderer: &OrdererCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
EtcdRaft:
Consenters:
- Host: orderer.orgname.domain
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
Addresses:
- orderer.orgname.domain:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
BasicChannel:
Consortium: MyConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *orgname
Capabilities:
<<: *ChannelCapabilities
Consortiums:
MyConsortium:
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
Docker-compose.yaml dosyam
version: "2"
networks:
network2.3:
services:
ca-orgname:
container_name: ca.orgname.domain
hostname: ca.orgname.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname.domain-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname2:
container_name: ca.orgname2.domain
hostname: ca.orgname2.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname2.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname2.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname3:
container_name: ca.orgname3.domain
hostname: ca.orgname3.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname3.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname3.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname4:
container_name: ca.orgname4.domain
hostname: ca.orgname4.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname4.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname4.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname5:
container_name: ca.orgname5.domain
hostname: ca.orgname5.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname5.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname5.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.orgname.domain
container_name: orderer.orgname.domain
image: hyperledger/fabric-orderer:latest
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.orgname.domain:
container_name: peer0.orgname.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgnameMSP
- CORE_PEER_ID=peer0.orgname.domain
- CORE_PEER_ADDRESS=peer0.orgname.domain:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname.domain:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname.domain:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname.domain:7051
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.orgname2.domain:
container_name: peer0.orgname2.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname2MSP
- CORE_PEER_ID=peer0.orgname2.domain
- CORE_PEER_ADDRESS=peer0.orgname2.domain:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname2.domain:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname2.domain:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname2.domain:8051
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.orgname3.domain:
container_name: peer0.orgname3.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname3MSP
- CORE_PEER_ID=peer0.orgname3.domain
- CORE_PEER_ADDRESS=peer0.orgname3.domain:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname3.domain:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname3.domain:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname3.domain:9051
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.orgname4.domain:
container_name: peer0.orgname4.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname4MSP
- CORE_PEER_ID=peer0.orgname4.domain
- CORE_PEER_ADDRESS=peer0.orgname4.domain:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname4.domain:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname4.domain:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname4.domain:10051
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.orgname5.domain:
container_name: peer0.orgname5.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname5MSP
- CORE_PEER_ID=peer0.orgname5.domain
- CORE_PEER_ADDRESS=peer0.orgname5.domain:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname5.domain:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname5.domain:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname5.domain:11051
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
Crypto-config.yaml dosyam
PeerOrgs:
- Name: orgname
Domain: orgname.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname2
Domain: orgname2.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname3
Domain: orgname3.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname4
Domain: orgname4.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname5
Domain: orgname5.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
Herhangi bir yardım çok takdir edilecektir.
GÜNCELLEME: Bu yüzden, eş / sipariş organizasyonunda iki eş oluşturmak için cryptoconfig.yaml yapılandırmamı değiştirdim. Birini sipariş veren, diğeri emsal olarak belirledim. Bu, TLS hatasından kurtuldu, ancak şimdi onay politikamda bir hata var.
020-08-20 14: 29: 09.699 PDT [channelCmd] InitCmdFactory -> INFO 001 Onaylayıcı ve siparişçi bağlantıları başlatıldı Hata: beklenmedik duruma geldi: FORBIDDEN - örtük politika değerlendirmesi başarısız oldu - 0 alt politika karşılandı, ancak bu politika 1 gerektirir "Yazarlar" alt politikalarının yerine getirilmesi: izin reddedildi
Dosyaların geri kalanı aynı, ancak sipariş eden TLS dosyalarını yeni belirlenmiş "düzenleyici" (aslında kriptogen söz konusu olduğunda bir eş) dosyalarına işaret edecek şekilde değiştirdim.
Yanıtlar
jnasworld223 Aug 22 2020 at 06:47
TLS ile ilgili sorun, organizasyon adı altında iki eş oluşturarak ve siparişi veren için bir eş belirleyerek çözüldü. Hem eş hem de düzenleyici düğüm için aynı sertifikaları neden kullanamadığımı tam olarak anlamıyorum, ancak şu anda çalışıyor.
Güncellememdeki ikinci sorun, onay politikalarını daha izin verici hale getirerek çözüldü. Configtx.yaml dosyamdaki her kuruluş için, herhangi bir üye imzası gerektirecek şekilde Okuyucular, Yazarlar ve Onaylar ayarlıyorum.
Donovan, Şarkılarından 1'ini The Beatles'ın "Lucy in the Sky with Diamonds" şarkısıyla karşılaştırdı
Gene Simmons, KISS Çizgi Romanlarının Potansiyel Olarak "İnsanlığı Yeniden Yaratabileceğini" Söyledi
Tom Girardi Dolandırıcılık Suçlamalarından Yargılanma Yetkisinin Belirlenmesi İçin Duruşmaya Katıldı
Charly Reynolds Yakın Zamandaki Vokal Kord Ameliyatını Açıkladı: 'Şarkı Söylemekte Sorun Yaşıyordum'