Блог

Главная - Вопросы по программированию - Сбой фиксации кода цепочки — ошибка: tls: первая запись не похожа на рукопожатие TLS удаленный адрес=VM_IPADDRESS:9051

Сбой фиксации кода цепочки — ошибка: tls: первая запись не похожа на рукопожатие TLS удаленный адрес=VM_IPADDRESS:9051

#docker-compose #hyperledger-fabric #tls1.2 #hyperledger-fabric-ca

Вопрос:

Я создал многоузловую настройку в hyperledger fabric 2.2.2 в 2 разных облачных виртуальных машинах.

 Step 1 : Generated identities using fabricca for all components.
Step 2: Started all components
Step 3: Created Channel from org1
Step 4: Added org2 to the channel by following steps from official doc ( add org3 to channel )
Step 5: Created fabcar chaincode package
Step 6: Installed chaincode package on org1 peer and org2 peer
Step 7: Query installed chaincodes
Step 8: chaincode approveformyorg for org1 and org2
Step 9: Chaincode readyforcommitness for both orgs
Step 10: Commit chaincode

До тех пор, пока шаг 9 не будет успешным, но на шаге 10 я столкнусь с ошибкой ниже:

 t look like a TLS handshake remoteaddress=VM_IPADDRESS:9051
2021-07-09 19:57:12.576 UTC [comm.tls] ClientHandshake -> ERRO 002 Client TLS handshake failed after 358.788µs with error: tls: first record does not look like a TLS handshake remoteaddress=VM_IPADDRESS:9051
2021-07-09 19:57:14.189 UTC [comm.tls] ClientHandshake -> ERRO 003 Client TLS handshake failed after 294.866µs with error: tls: first record does not look like a TLS handshake remoteaddress=VM_IPADDRESS:9051
Error: failed to retrieve endorser client for commit: endorser client failed to connect to VM_IPADDRESS:9051: failed to create new connection: context deadline exceeded

Команда, которую я запускаю, чтобы зафиксировать цепной код

 ./bin/peer lifecycle chaincode commit -o localhost:7050 --channelID mychannel --signature-policy 'OR('''Org1MSP.peer''', '''Org2MSP.peer''')' --name fabcarjaxfinal --version 1.0 --sequence 1 --init-required --tls --cafile /home/user1/org1/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses localhost:7051 --tlsRootCertFiles /home/user1/org1/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses VM_IPADDRESS:9051 --tlsRootCertFiles /home/user1/org1/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt

Я выполняю вышеуказанную команду из vm1, где размещен org1. Я попытался запустить то же самое с vm2, где размещен org2, я получаю ту же ошибку, но ip-адрес vm1 приходит с ошибкой.

Создание удостоверений для орг1:

 function createOrg1() {
  echo "Enrolling the CA admin"
  mkdir -p organizations/peerOrganizations/org1.example.com/

  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/

  set -x
  ./bin/fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: orderer' >${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml

  echo "Registering peer0"
  set -x
  ./bin/fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  echo "Registering user"
  set -x
  ./bin/fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  echo "Registering the org admin"
  set -x
  ./bin/fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  echo "Generating the peer0 msp"
  set -x
  ./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --csr.hosts peer0.org1.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml

  echo "Generating the peer0-tls certificates"
  set -x
  ./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/tlsca
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/ca
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem

  echo "Generating the user msp"
  set -x
  ./bin/fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml

  echo "Generating the org admin msp"
  set -x
  ./bin/fabric-ca-client enroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org1/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml
}

Generating identities for org2:

 function createOrg2() {
  echo "Enrolling the CA admin"
  mkdir -p organizations/peerOrganizations/org2.example.com/

  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/

  set -x
  ./bin/fabric-ca-client enroll -u https://admin:adminpw@localhost:11054 --caname ca-org2 --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org2.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org2.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org2.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/localhost-11054-ca-org2.pem
    OrganizationalUnitIdentifier: orderer' >${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml

  echo "Registering peer0"
  set -x
  ./bin/fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  echo "Registering user"
  set -x
  ./bin/fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  echo "Registering the org admin"
  set -x
  ./bin/fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  echo "Generating the peer0 msp"
  set -x
  ./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp --csr.hosts peer0.org2.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml

  echo "Generating the peer0-tls certificates"
  set -x
  ./bin/fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/tlsca
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/ca
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/cacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem

  echo "Generating the user msp"
  set -x
  ./bin/fabric-ca-client enroll -u https://user1:user1pw@localhost:11054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/config.yaml

  echo "Generating the org admin msp"
  set -x
  ./bin/fabric-ca-client enroll -u https://org2admin:org2adminpw@localhost:11054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org2/tls-cert.pem
  { set  x; } 2>/dev/null

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml
}

Я указал localhost при создании удостоверений, нужно ли мне указывать ip-адрес виртуальной машины или имя хоста ? В этом ли причина вышеуказанной ошибки ? Кроме того, если мы фиксируем цепной код из org1, мы должны добавить сертификаты tls org2-в режиме реального времени будет ли org2 обмениваться сертификатами tls с org1 ?

Комментарии:

1. Это работает нормально, в настройках : hyperledger ткани.readthedocs.Ио/ванная/релиз-2.2/… . (читать до конца каждой линии, и убедитесь, что вы следовали сверху вниз) jagadeesh.блокчейн — много возможностей здесь, мои предложения, очистить все образы Docker , см. Баш профиль, если вы уже определили некоторые экспорта, или проверить свой экспорт и т. д. , выполните действия, как определяется здесь hyperledger ткани.readthedocs.Ио/ванная/релиз-2.2/…

Метки: