Hyperledger fabric Hyperledger结构:如何使组织同时具有对等节点和订购方节点?
我正在构建一个Hyperledger结构网络,并试图使一个组织同时拥有一个对等节点和一个订购节点。我使用cryptogen生成证书和密钥,并且只创建一个组织作为“对等组织”。我有一个网络,它有6个组织——其中5个有一个对等组织,一个有一个订购者的订购者组织。然后,我获取了这些配置文件,删除了order组织,并将order端点添加到一个对等组织中。我现在得到一个错误 打印到屏幕上: 错误:未能为订购者创建交付客户端:订购者客户端未能连接到本地主机:7050:未能创建新连接:超出上下文截止日期 运行“docker logs Order.orgname.domain”时出现错误消息 2020-08-17 23:56:43.834 UTC[order.common.server]Main->INFO 00d开始为请求提供服务 2020-08-17 23:56:51.317 UTC[core.comm]服务器握手->ERRO 00e TLS握手失败,出现错误远程错误:TLS:bad certificate server=Orderer remoteaddress=172.21.0.1:32892 我的configtx.yaml文件Hyperledger fabric Hyperledger结构:如何使组织同时具有对等节点和订购方节点?,hyperledger-fabric,hyperledger,Hyperledger Fabric,Hyperledger,我正在构建一个Hyperledger结构网络,并试图使一个组织同时拥有一个对等节点和一个订购节点。我使用cryptogen生成证书和密钥,并且只创建一个组织作为“对等组织”。我有一个网络,它有6个组织——其中5个有一个对等组织,一个有一个订购者的订购者组织。然后,我获取了这些配置文件,删除了order组织,并将order端点添加到一个对等组织中。我现在得到一个错误 打印到屏幕上: 错误:未能为订购者创建交付客户端:订购者客户端未能连接到本地主机:7050:未能创建新连接:超出上下文截止日期 运行
Organizations:
- &orgname
Name: orgnameMSP
SkipAsForeign: false
ID: orgnameMSP
MSPDir: crypto-config/peerOrganizations/orgname.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.peer', 'PSUMSP.client')"
Writers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.client')"
Admins:
Type: Signature
Rule: "OR('orgnameMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgnameMSP.member')"
OrdererEndpoints:
- orderer.orgname.domain:7050
AnchorPeers:
- Host: peer0.orgname.domain
Port: 7051
- &orgname2
Name: orgname2MSP
ID: orgname2MSP
MSPDir: crypto-config/peerOrganizations/orgname2.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.peer', 'orgname2MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname2MSP.peer')"
AnchorPeers:
- Host: peer0.orgname2.domain
Port: 8051
- &orgname3
Name: orgname3MSP
ID: orgname3MSP
MSPDir: crypto-config/peerOrganizations/orgname3.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.peer', 'orgname3MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname3MSP.peer')"
AnchorPeers:
- Host: peer0.orgname3.domain
Port: 9051
- &orgname4
Name: orgname4
ID: orgname4MSP
MSPDir: crypto-config/peerOrganizations/orgname4.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.peer', 'orgname4MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname4MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname4MSP.peer')"
AnchorPeers:
- Host: peer0.orgname4.domain
Port: 10051
- &orgname5
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/orgname5.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.peer', 'orgname5MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname5MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname5MSP.peer')"
AnchorPeers:
- Host: peer0.orgname5.domain
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
# V2_0: true
V1_4_2: true
Orderer: &OrdererCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
EtcdRaft:
Consenters:
- Host: orderer.orgname.domain
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
Addresses:
- orderer.orgname.domain:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
BasicChannel:
Consortium: MyConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *orgname
Capabilities:
<<: *ChannelCapabilities
Consortiums:
MyConsortium:
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
version: "2"
networks:
network2.3:
services:
ca-orgname:
container_name: ca.orgname.domain
hostname: ca.orgname.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname.domain-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname2:
container_name: ca.orgname2.domain
hostname: ca.orgname2.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname2.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname2.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname3:
container_name: ca.orgname3.domain
hostname: ca.orgname3.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname3.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname3.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname4:
container_name: ca.orgname4.domain
hostname: ca.orgname4.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname4.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname4.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname5:
container_name: ca.orgname5.domain
hostname: ca.orgname5.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname5.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname5.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.orgname.domain
container_name: orderer.orgname.domain
image: hyperledger/fabric-orderer:latest
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.orgname.domain:
container_name: peer0.orgname.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgnameMSP
- CORE_PEER_ID=peer0.orgname.domain
- CORE_PEER_ADDRESS=peer0.orgname.domain:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname.domain:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname.domain:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname.domain:7051
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.orgname2.domain:
container_name: peer0.orgname2.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname2MSP
- CORE_PEER_ID=peer0.orgname2.domain
- CORE_PEER_ADDRESS=peer0.orgname2.domain:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname2.domain:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname2.domain:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname2.domain:8051
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.orgname3.domain:
container_name: peer0.orgname3.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname3MSP
- CORE_PEER_ID=peer0.orgname3.domain
- CORE_PEER_ADDRESS=peer0.orgname3.domain:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname3.domain:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname3.domain:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname3.domain:9051
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.orgname4.domain:
container_name: peer0.orgname4.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname4MSP
- CORE_PEER_ID=peer0.orgname4.domain
- CORE_PEER_ADDRESS=peer0.orgname4.domain:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname4.domain:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname4.domain:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname4.domain:10051
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.orgname5.domain:
container_name: peer0.orgname5.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname5MSP
- CORE_PEER_ID=peer0.orgname5.domain
- CORE_PEER_ADDRESS=peer0.orgname5.domain:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname5.domain:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname5.domain:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname5.domain:11051
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
PeerOrgs:
- Name: orgname
Domain: orgname.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname2
Domain: orgname2.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname3
Domain: orgname3.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname4
Domain: orgname4.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname5
Domain: orgname5.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
我的crypto-config.yaml文件
Organizations:
- &orgname
Name: orgnameMSP
SkipAsForeign: false
ID: orgnameMSP
MSPDir: crypto-config/peerOrganizations/orgname.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.peer', 'PSUMSP.client')"
Writers:
Type: Signature
Rule: "OR('orgnameMSP.admin', 'orgnameMSP.client')"
Admins:
Type: Signature
Rule: "OR('orgnameMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgnameMSP.member')"
OrdererEndpoints:
- orderer.orgname.domain:7050
AnchorPeers:
- Host: peer0.orgname.domain
Port: 7051
- &orgname2
Name: orgname2MSP
ID: orgname2MSP
MSPDir: crypto-config/peerOrganizations/orgname2.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.peer', 'orgname2MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname2MSP.admin', 'orgname2MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname2MSP.peer')"
AnchorPeers:
- Host: peer0.orgname2.domain
Port: 8051
- &orgname3
Name: orgname3MSP
ID: orgname3MSP
MSPDir: crypto-config/peerOrganizations/orgname3.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.peer', 'orgname3MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname3MSP.admin', 'orgname3MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname3MSP.peer')"
AnchorPeers:
- Host: peer0.orgname3.domain
Port: 9051
- &orgname4
Name: orgname4
ID: orgname4MSP
MSPDir: crypto-config/peerOrganizations/orgname4.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.peer', 'orgname4MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname4MSP.admin', 'orgname4MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname4MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname4MSP.peer')"
AnchorPeers:
- Host: peer0.orgname4.domain
Port: 10051
- &orgname5
Name: Fly-Us-HospitalityMSP
ID: Fly-Us-HospitalityMSP
MSPDir: crypto-config/peerOrganizations/orgname5.domain/msp
Policies:
Readers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.peer', 'orgname5MSP.client')"
Writers:
Type: Signature
Rule: "OR('orgname5MSP.admin', 'orgname5MSP.client')"
Admins:
Type: Signature
Rule: "OR('orgname5MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('orgname5MSP.peer')"
AnchorPeers:
- Host: peer0.orgname5.domain
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
# V2_0: true
V1_4_2: true
Orderer: &OrdererCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationCapabilities
# V2_0: true
V1_4_2: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
EtcdRaft:
Consenters:
- Host: orderer.orgname.domain
Port: 7050
ClientTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
ServerTLSCert: crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls/server.crt
Addresses:
- orderer.orgname.domain:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
BasicChannel:
Consortium: MyConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
Capabilities:
<<: *ApplicationCapabilities
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *orgname
Capabilities:
<<: *ChannelCapabilities
Consortiums:
MyConsortium:
Organizations:
- *orgname
- *orgname2
- *orgname3
- *orgname4
- *orgname5
version: "2"
networks:
network2.3:
services:
ca-orgname:
container_name: ca.orgname.domain
hostname: ca.orgname.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname.domain-cert.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname2:
container_name: ca.orgname2.domain
hostname: ca.orgname2.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname2.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname2.domain-cert.pem
- FABRIC_CA_SERVER_PORT=8054
ports:
- "8054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname2.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname3:
container_name: ca.orgname3.domain
hostname: ca.orgname3.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname3.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname3.domain-cert.pem
- FABRIC_CA_SERVER_PORT=9054
ports:
- "9054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname3.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname4:
container_name: ca.orgname4.domain
hostname: ca.orgname4.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname4.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname4.domain-cert.pem
- FABRIC_CA_SERVER_PORT=10054
ports:
- "10054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname4.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
ca-orgname5:
container_name: ca.orgname5.domain
hostname: ca.orgname5.domain
extends:
file: docker-ca-base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca.orgname5.domain
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlscs.orgname5.domain-cert.pem
- FABRIC_CA_SERVER_PORT=11054
ports:
- "11054:7054"
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/orgname5.domain/tslca/:/etc/hyperledger/fabric-ca-server-tls
orderer.orgname.domain
container_name: orderer.orgname.domain
image: hyperledger/fabric-orderer:latest
dns_search: .
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=PSUMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_LISTENPORT=7050
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderers
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/genesis.block
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/var/hyperledger/orderer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.orgname.domain:
container_name: peer0.orgname.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgnameMSP
- CORE_PEER_ID=peer0.orgname.domain
- CORE_PEER_ADDRESS=peer0.orgname.domain:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname.domain:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname.domain:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname.domain:7051
volumes:
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname.domain/peers/peer0.orgname.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 7051:7051
peer0.orgname2.domain:
container_name: peer0.orgname2.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname2MSP
- CORE_PEER_ID=peer0.orgname2.domain
- CORE_PEER_ADDRESS=peer0.orgname2.domain:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname2.domain:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname2.domain:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname2.domain:8051
volumes:
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname2.domain/peers/peer0.orgname2.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 8051:8051
peer0.orgname3.domain:
container_name: peer0.orgname3.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname3MSP
- CORE_PEER_ID=peer0.orgname3.domain
- CORE_PEER_ADDRESS=peer0.orgname3.domain:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname3.domain:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname3.domain:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname3.domain:9051
volumes:
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname3.domain/peers/peer0.orgname3.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 9051:9051
peer0.orgname4.domain:
container_name: peer0.orgname4.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname4MSP
- CORE_PEER_ID=peer0.orgname4.domain
- CORE_PEER_ADDRESS=peer0.orgname4.domain:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname4.domain:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname4.domain:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname4.domain:10051
volumes:
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname4.domain/peers/peer0.orgname4.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 10051:10051
peer0.orgname5.domain:
container_name: peer0.orgname5.domain
extends:
file: docker-peer-base.yaml
service: peer-base
environment:
- CORE_PEER_LOCALMSPID=orgname5MSP
- CORE_PEER_ID=peer0.orgname5.domain
- CORE_PEER_ADDRESS=peer0.orgname5.domain:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgname5.domain:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgname5.domain:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgname5.domain:11051
volumes:
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/msp:/etc/hyperledger/crypto/peer/msp
- ./crypto-config/peerOrganizations/orgname5.domain/peers/peer0.orgname5.domain/tls:/etc/hyperledger/crypto/peer/tls
- /var/run:/host/var/run
- ../channel-artifacts:/etc/hyperledger/channel
ports:
- 11051:11051
PeerOrgs:
- Name: orgname
Domain: orgname.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname2
Domain: orgname2.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname3
Domain: orgname3.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname4
Domain: orgname4.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
- Name: orgname5
Domain: orgname5.domain
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
Users:
Count: 1
任何帮助都将不胜感激
更新:
因此,我更改了cryptoconfig.yaml的配置,在对等方/订购方组织中创建了两个对等方。一个我指定为订购者,另一个作为对等者。这消除了TLS错误,但现在我的背书策略有一个错误
020-08-20 14:29:09.699 PDT[channelCmd]InitCmdFactory->INFO 001背书人和订购人连接已初始化
错误:获取意外状态:禁止--隐式策略评估失败-满足0个子策略,但此策略要求满足“编写者”子策略中的1个子策略:权限被拒绝
其余的文件都是相同的,只是我将orderer TLS文件更改为指向新指定的“orderer”(实际上是cryptogen的对等方)文件。TLS的问题通过在orgname下创建两个对等方并为orderer指定一个来解决。我不明白为什么不能对对等节点和订购方节点使用相同的证书,但它现在可以工作了
我在更新中遇到的第二个问题是通过使背书政策更加宽松来解决的。对于configtx.yaml文件中的每个组织,我将读卡器、写卡器和背书设置为需要任何成员签名。错误为“坏证书”,您是否使用docker compose文件?你能更新你的帖子来上传吗?对我来说,是因为你没有在相应的服务器上安装正确的证书peer@jnaworld223你能分享你的
crypto-config.yaml
文件吗?@Popopame是的,我正在使用docker compose文件。我不认为我错过了任何一卷,但我可能错了。我已经编辑了文章以包含它。@alpha我已经编辑了文章以包含它。@jnasworld223您可以在SANS
下添加127.0.0.1
并重新创建加密配置目录吗?我通常在SANS
下使用order1.example.com
和peer1.myorg.com
等名称,然后在/etc/hosts
中添加127.0.0.1 order1.example.com
等映射。最近我遇到了一个与tls证书相关的问题,尽管localhost
已经存在于SANS
下,但是在SANS
下添加了127.0.0.1
为我解决了这个问题。