search

hyperledger-archives / fabric

THIS IS A READ-ONLY historic repository. Current development is at https://gerrit.hyperledger.org/r/#/admin/projects/fabric . pull requests not accepted
https://gerrit.hyperledger.org/
Apache License 2.0
1.17k stars 1.01k forks source link

TLS error #2414

Open zhangyijie7758 opened 7 years ago

zhangyijie7758 commented 7 years ago

This is my configuration

membersrvc.yaml:
  server:
        gomaxprocs: -1
        rootpath: "/var/hyperledger/production"
        cadir: ".membersrvc"
        port: ":7054"

        # TLS certificate and key file paths
        tls:
            cert:
                file: "/var/hyperledger/share/tlsca.crt"
            key:
                file: "/var/hyperledger/share/tlsca.key"

security:
    # Either 256 or 384   (note: must be the exact same value as specified in the core.yaml file)
    level: 256

    # Either SHA2 or SHA3 (note: must be the exact same value as specified in the core.yaml file)
    hashAlgorithm: SHA3

    # The server host CN (Common Name) to be used (needs to match the TLS Server Certificate)
    serverhostoverride: OBC

    # Boolean (true/false) value indicating whether TLS should be used between the client and
    # the various CA services (ECA, TCA, TLSCA, ACA)
    tls_enabled: true

    # A PEM-encoded (X509 v3, Base64) certificate to use for establishing the TLS connection
    # between the client and the ACA service
    client:
       cert:
           file:_

core.yaml
    tls:
        enabled:  true
        cert:
            file: "/var/hyperledger/share/tlsca.crt"
        key:
            file: "/var/hyperledger/share/tlsca.key"
        # The server name use to verify the hostname returned by TLS handshake
        serverhostoverride: OBC

    # PKI member services properties
    pki:
        eca:
            paddr: localhost:7054
        tca:
            paddr: localhost:7054
        tlsca:
            paddr: localhost:7054
        tls:
            enabled: true
            rootcert:
                file: "/var/hyperledger/share/tlsca.crt"
            # The server name use to verify the hostname returned by TLS handshake
            serverhostoverride: OBC

docker-compose.yml

membersrvc:
  image: hyperledger/fabric-membersrvc:x86_64-0.6.1-preview
  volumes:
  - /c/Users/xps15/share:/var/hyperledger/share
  - /c/Users/xps15/share/membersrvc.yaml:/opt/gopath/src/github.com/hyperledger/fabric/membersrvc/membersrvc.yaml
  ports:
    - "7054:7054"
  command: membersrvc

vp0:
  image: hyperledger/fabric-peer:x86_64-0.6.1-preview
  volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - /c/Users/xps15/share:/var/hyperledger/share
  - /c/Users/xps15/share/core.yaml:/opt/gopath/src/github.com/hyperledger/fabric/peer/core.yaml
  ports:
    - "7050:7050"
    - "7051:7051"
    - "7052:7052"
  environment:
    - CORE_PEER_ADDRESSAUTODETECT=true
    - CORE_VM_ENDPOINT=unix:///var/run/docker.sock
    - CORE_LOGGING_LEVEL=DEBUG
    - CORE_PEER_PKI_ECA_PADDR=membersrvc:7054
    - CORE_PEER_PKI_TCA_PADDR=membersrvc:7054
    - CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054
    - CORE_PEER_PKI_TLS_ENABLED=true
    - CORE_PEER_PKI_TLS_ROOTCERT_FILE=/var/hyperledger/share/tlsca.crt
    - CORE_PEER_PKI_TLS_SERVERHOSTOVERRIDE=OBC
    - CORE_SECURITY_ENABLED=true
    - CORE_SECURITY_PRIVACY=false
    - CORE_CHAINCODE_STARTUPTIMEOUT=600000
    - CORE_PEER_ID=vp0
    - CORE_SECURITY_ENROLLID=test_vp0
    - CORE_SECURITY_ENROLLSECRET=MwYpmSRjupbT
  command: sh  -c "sleep 30; peer node start"

when run docker-compose up, membersrvc start successful, but peer can't connect membersrvc. Is there any document refer to tls setting ? official document is not details。

exception like: 33mvp0_1 | 07:10:02.768 [crypto] Debugf -> DEBU 013 [validator.test_vp0] Keystore opened at [/var/hyperledger/production/crypto/validator/test_vp0/ks]...done vp0_1 | 07:10:02.768 [crypto] Debug -> DEBU 014 [validator.test_vp0] Registering node crypto engine... vp0_1 | 07:10:02.768 [crypto] Debug -> DEBU 015 [validator.test_vp0] Initiliazing TLS... vp0_1 | 07:10:02.768 [crypto] Debugf -> DEBU 016 [validator.test_vp0] Loading external certificate at [/var/hyperledger/share/tlsca.crt]... vp0_1 | 07:10:02.769 [crypto] Debug -> DEBU 017 [validator.test_vp0] Initiliazing TLS...Done vp0_1 | 07:10:02.769 [crypto] Debug -> DEBU 018 [validator.test_vp0] Getting ECA client... vp0_1 | 07:10:02.769 [crypto] Debugf -> DEBU 019 [validator.test_vp0] Dial to addr:[membersrvc:7054], with serverName:[OBC]... vp0_1 | 07:10:02.769 [crypto] Debug -> DEBU 01a [validator.test_vp0] TLS enabled... vp0_1 | 07:10:02.769 [crypto] Debug -> DEBU 01b [validator.test_vp0] Getting ECA client...done vp0_1 | 07:10:12.775 [crypto] Errorf -> ERRO 01c [validator.test_vp0] Failed requesting read certificate [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure]. vp0_1 | 07:10:12.775 [crypto] Errorf -> ERRO 01d [validator.test_vp0] Failed requesting ECA certificate [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure]. vp0_1 | 07:10:12.775 [crypto] Errorf -> ERRO 01e [validator.test_vp0] Failed getting ECA certificate [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure]. vp0_1 | 07:10:12.775 [crypto] Errorf -> ERRO 01f [validator.test_vp0] Failed retrieving ECA certs chain [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure]. vp0_1 | 07:10:12.775 [crypto] Errorf -> ERRO 020 [validator.test_vp0] Failed registering node crypto engine [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure]. vp0_1 | 07:10:12.775 [crypto] Errorf -> ERRO 021 [validator.test_vp0] Failed registering peer [test_vp0]: [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure] vp0_1 | 07:10:12.775 [crypto] Errorf -> ERRO 022 [validator.test_vp0] Failed registering [test_vp0]: [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure] vp0_1 | 07:10:12.775 [crypto] RegisterValidator -> ERRO 023 Failed registering validator [test_vp0] with name [test_vp0] [rpc error: code = 14 desc = grpc: RPC fai