Hyperledger Fabric手动生成CA证书搭建Fabric网络 ~ 任晓东的官方网站

newonexd commented 4 years ago

https://ifican.top/2019/12/08/blog/fabric/Hyperledger_Fabric%E6%89%8B%E5%8A%A8%E7%94%9F%E6%88%90CA%E8%AF%81%E4%B9%A6%E6%90%AD%E5%BB%BAFabric%E7%BD%91%E7%BB%9C/

lililill commented 4 years ago

写的很详细,支持

newonexd commented 4 years ago

@lililill 写的很详细,支持

谢谢

lililill commented 4 years ago

你确定这个可以跑通吗,我找到好几处错误的地方

newonexd commented 4 years ago

@lililill 你确定这个可以跑通吗,我找到好几处错误的地方跑通之后才写的博客，错误的地方麻烦指出一下，我看是不是写错了还是本来就是这样

Fateasstring commented 4 years ago

在5.1 创建与加入通道执行创建通道命令： peer channel create -c mychannel -f /tmp/hyperledger/channel.tx -o orderer-org0:7050 --outputBlock /tmp/hyperledger/mychannel.block --tls --cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem

报错： Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

是否是没有定义背书策略的原因？还是因为$GOPATH/src/github.com/caDemo/org1/adminuser/msp文件夹下的config.yaml没有配置？请问你知道这个问题怎么解决吗？

newonexd commented 4 years ago

在5.1 创建与加入通道执行创建通道命令： peer channel create -c mychannel -f /tmp/hyperledger/channel.tx -o orderer-org0:7050 --outputBlock /tmp/hyperledger/mychannel.block --tls --cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem

报错： Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

是否是没有定义背书策略的原因？还是因为$GOPATH/src/github.com/caDemo/org1/adminuser/msp文件夹下的config.yaml没有配置？请问你知道这个问题怎么解决吗？

是的，需要config.yaml文件，大概率都是这个原因。当然也有可能是其他原因

hanlaohan commented 4 years ago

创建通道时报错 Error: got unexpected status: SERVICE_UNAVAILABLE -- no Raft leader 检查日志发现是各个Orderer之间无法连接，全部是 transport: error while dialing: dial tcp 172.26.0.11:9050: connect: connection refused.之类的错误，不知道什么原因

newonexd commented 4 years ago

创建通道时报错 Error: got unexpected status: SERVICE_UNAVAILABLE -- no Raft leader 检查日志发现是各个Orderer之间无法连接，全部是 transport: error while dialing: dial tcp 172.26.0.11:9050: connect: connection refused.之类的错误，不知道什么原因

先检查一下你的各个docker容器是否能通信，这个问题应该是docker配置文件问题，看一下docker是否在同一个网络下

hanlaohan commented 4 years ago

创建通道时报错 Error: got unexpected status: SERVICE_UNAVAILABLE -- no Raft leader 检查日志发现是各个Orderer之间无法连接，全部是 transport: error while dialing: dial tcp 172.26.0.11:9050: connect: connection refused.之类的错误，不知道什么原因

先检查一下你的各个docker容器是否能通信，这个问题应该是docker配置文件问题，看一下docker是否在同一个网络下

看起来不像，我所有配置文件都是一个模板生成的，其中网络配置是固定的： `version: "3.6"

volumes: orderer${ORDERER_ORD}.xtrader.com:

networks: fabric_net: name: xt_fabric_net driver: bridge

services: orderer${ORDERER_ORD}.xtrader.com: image: hyperledger/fabric-orderer container_name: orderer${ORDERER_ORD}.xtrader.com environment:

FABRIC_LOGGING_SPEC=INFO
ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
ORDERER_GENERAL_GENESISMETHOD=file
ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
ORDERER_GENERAL_LOCALMSPID=OrdererMSP
ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
enabled TLS
ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true
ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: orderer networks:
fabric_net volumes:
$FABRIC_DATA_HOME/channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
$FABRIC_DATA_HOME/crypto-config/ordererOrganizations/xtrader.com/orderers/orderer${ORDERER_ORD}.xtrader.com/msp:/var/hyperledger/orderer/msp
$FABRIC_DATA_HOME/crypto-config/ordererOrganizations/xtrader.com/orderers/orderer${ORDERER_ORD}.xtrader.com/tls:/var/hyperledger/orderer/tls
orderer${ORDERER_ORD}.xtrader.com:/var/hyperledger/production/orderer

ports:
${ORDERER_PORT}:7050 extra_hosts: ${EXTRA_HOSTS-ORDERER}

` 我刚把几个orderer.yaml合并成一个，结果还是一样进入cli后，也是可以ping通各个 orderer?.xtrader.com

newonexd commented 4 years ago

创建通道时报错 Error: got unexpected status: SERVICE_UNAVAILABLE -- no Raft leader 检查日志发现是各个Orderer之间无法连接，全部是 transport: error while dialing: dial tcp 172.26.0.11:9050: connect: connection refused.之类的错误，不知道什么原因

先检查一下你的各个docker容器是否能通信，这个问题应该是docker配置文件问题，看一下docker是否在同一个网络下

看起来不像，我所有配置文件都是一个模板生成的，其中网络配置是固定的： `version: "3.6"

volumes: orderer${ORDERER_ORD}.xtrader.com:

networks: fabric_net: name: xt_fabric_net driver: bridge

services: orderer${ORDERER_ORD}.xtrader.com: image: hyperledger/fabric-orderer container_name: orderer${ORDERER_ORD}.xtrader.com environment:

FABRIC_LOGGING_SPEC=INFO

ORDERER_GENERAL_LISTENADDRESS=0.0.0.0

ORDERER_GENERAL_GENESISMETHOD=file

ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block

ORDERER_GENERAL_LOCALMSPID=OrdererMSP

ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
enabled TLS

ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true

ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key

ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt

ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]

ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt

ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key

ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: orderer networks:

fabric_net volumes:

$FABRIC_DATA_HOME/channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block

$FABRIC_DATA_HOME/crypto-config/ordererOrganizations/xtrader.com/orderers/orderer${ORDERER_ORD}.xtrader.com/msp:/var/hyperledger/orderer/msp

$FABRIC_DATA_HOME/crypto-config/ordererOrganizations/xtrader.com/orderers/orderer${ORDERER_ORD}.xtrader.com/tls:/var/hyperledger/orderer/tls

orderer${ORDERER_ORD}.xtrader.com:/var/hyperledger/production/orderer
ports:
  - ${ORDERER_PORT}:7050
extra_hosts:
  ${EXTRA_HOSTS-ORDERER}
` 我刚把几个orderer.yaml合并成一个，结果还是一样进入cli后，也是可以ping通各个 orderer?.xtrader.com

我这篇文章并不是使用的raft共识，所以configtx.yaml配置文件并不相同。configtx.yaml文件末尾处不知道你有没有配置raft的相关配置
建议将日志级别先改为debug，可能会有更详细的报错信息 3.关于raft的集群搭建，建议你看这篇文章,也是手动搭建网络的。

hanlaohan commented 4 years ago

嗨，前两天就是按 Hyperledger Fabric动态配置Raft节点那篇文章一步一步弄的，第一部分到最后就出这个问题，昨天我又把TLS CA独立出来，所有TLS证书都由这个TLS CA颁发，结果还是一样，不知道问题到底出在哪里

newonexd / newonexd.github.io

Hyperledger Fabric手动生成CA证书搭建Fabric网络 ~ 任晓东的官方网站 #25

enabled TLS

- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true

enabled TLS

- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true