在 java chaincode 包提交期间,我在两个对等点之一上收到此错误:
Shutting down the chaincode stream.UNAVAILABLE: io exception
io.grpc.StatusRuntimeException: UNAVAILABLE: io exception
Channel Pipeline:
Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at io.grpc.netty.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1927)
at io.grpc.netty.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:848)
at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:564)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1131)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我正在尝试使用下面的 crypto-config.yaml 使用 cryptogen 工具来设置证书和文件夹结构的生产网络
OrdererOrgs:
- Name: OrdererOrg
Domain: crp.com
EnableNodeOUs: true
Specs:
- Hostname: orderer
SANS:
- orderer.crp.com
- 209.227.229.165
- Hostname: orderer1
SANS:
- orderer1.crp.com
- 209.227.229.165
- Hostname: orderer2
SANS:
- orderer2.crp.com
- 209.227.229.165
PeerOrgs:
- Name: CrpOrg
Domain: crp.com
EnableNodeOUs: true
Specs:
- Hostname: peer
SANS:
- peer.crp.com
- 209.227.229.165
Template:
Count: 0
Users:
Count: 1
- Name: CoripetOrg
Domain: coripet.it
EnableNodeOUs: true
Specs:
- Hostname: peer
SANS:
- peer.coripet.it
- 209.227.229.165
Template:
Count: 0
Users:
Count: 1
这是我的 docker compose 文件
networks:
prod:
name: prod-fabric-network
services:
peer.crp.com:
image: hyperledger/fabric-peer:latest
container_name: peer.crp.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- CORE_GENERAL_LOGLEVEL=INFO
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_ID=peer.crp.com
- CORE_PEER_ADDRESS=peer.crp.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer.crp.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer.crp.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer.crp.com:7051
- CORE_PEER_LOCALMSPID=CrpOrgMSP
- CORE_PEER_PROFILE_ENABLED=true
volumes:
- /root/gridsig-network/organizations/peerOrganizations/crp.com/peers/peer.crp.com/msp:/etc/hyperledger/fabric/msp
- /root/gridsig-network/organizations/peerOrganizations/crp.com/peers/peer.crp.com/tls:/etc/hyperledger/fabric/tls
- /root/gridsig-network/organizations/peerOrganizations/crp.com/peers/peer.crp.com:/etc/hyperledger/production
- /var/run/docker.sock:/host/var/run/docker.sock
ports:
- "7051:7051"
- "7052:7052"
networks:
- prod
depends_on:
- couchdb.peer.crp.com
peer.coripet.it:
image: hyperledger/fabric-peer:latest
container_name: peer.coripet.it
environment:
- FABRIC_LOGGING_SPEC=INFO
- CORE_GENERAL_LOGLEVEL=INFO
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_ID=peer.coripet.it
- CORE_PEER_ADDRESS=peer.coripet.it:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer.coripet.it:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer.coripet.it:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer.coripet.it:7054
- CORE_PEER_LOCALMSPID=CoripetOrgMSP
- CORE_PEER_PROFILE_ENABLED=true
volumes:
- /root/gridsig-network/organizations/peerOrganizations/coripet.it/peers/peer.coripet.it/msp:/etc/hyperledger/fabric/msp
- /root/gridsig-network/organizations/peerOrganizations/coripet.it/peers/peer.coripet.it/tls:/etc/hyperledger/fabric/tls
- /root/gridsig-network/organizations/peerOrganizations/coripet.it/peers/peer.coripet.it:/etc/hyperledger/production
- /var/run/docker.sock:/host/var/run/docker.sock
ports:
- "7054:7051"
- "7055:7052"
networks:
- prod
depends_on:
- couchdb.peer.coripet.it
orderer.crp.com:
image: hyperledger/fabric-orderer:3.0
container_name: orderer.crp.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LOGLEVEL=INFO
volumes:
- /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer.crp.com:/etc/hyperledger/fabric
ports:
- "7050:7050"
- "8443:8443"
- "7053:7053"
networks:
- prod
orderer1.crp.com:
image: hyperledger/fabric-orderer:3.0
container_name: orderer1.crp.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LOGLEVEL=INFO
volumes:
- /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer1.crp.com:/etc/hyperledger/fabric
ports:
- "8050:7050"
- "9443:8443"
- "8053:7053"
networks:
- prod
orderer2.crp.com:
image: hyperledger/fabric-orderer:3.0
container_name: orderer2.crp.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LOGLEVEL=INFO
volumes:
- /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer2.crp.com:/etc/hyperledger/fabric
ports:
- "8051:7050"
- "10443:8443"
- "9053:7053"
networks:
- prod
然后,在运行 compose 开始后,我按照以下步骤操作:
通道是由下面这个configtx.yaml生成的
Organizations:
- &OrdererOrg
Name: OrdererOrg
SkipAsForeign: false
ID: OrdererOrgMSP
MSPDir: /root/gridsig-network/organizations/ordererOrganizations/crp.com/msp
Policies: &OrdererOrgPolicies
Readers:
Type: Signature
Rule: "OR('OrdererOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererOrgMSP.admin')"
OrdererEndpoints:
- orderer.crp.com:7050
- orderer1.crp.com:8050
- orderer2.crp.com:8051
- &CrpOrg
Name: CrpOrg
SkipAsForeign: false
ID: CrpOrgMSP
MSPDir: /root/gridsig-network/organizations/peerOrganizations/crp.com/msp
Policies: &CrpOrgPolicies
Readers:
Type: Signature
Rule: "OR('CrpOrgMSP.admin', 'CrpOrgMSP.member', 'CrpOrgMSP.peer', 'CrpOrgMSP.client')"
Writers:
Type: Signature
Rule: "OR('CrpOrgMSP.admin', 'CrpOrgMSP.client')"
Admins:
Type: Signature
Rule: "OR('CrpOrgMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('CrpOrgMSP.peer')"
AnchorPeers:
- Host: peer.crp.com
Port: 7051
- &CoripetOrg
Name: CoripetOrg
SkipAsForeign: false
ID: CoripetOrgMSP
MSPDir: /root/gridsig-network/organizations/peerOrganizations/coripet.it/msp
Policies: &CoripetOrgPolicies
Readers:
Type: Signature
Rule: "OR('CoripetOrgMSP.admin', 'CoripetOrgMSP.member', 'CoripetOrgMSP.peer', 'CoripetOrgMSP.client')"
Writers:
Type: Signature
Rule: "OR('CoripetOrgMSP.admin', 'CoripetOrgMSP.client')"
Admins:
Type: Signature
Rule: "OR('CoripetOrgMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('CoripetOrgMSP.peer')"
AnchorPeers:
- Host: peer.coripet.it
Port: 7051
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- orderer.crp.com:7050
- orderer1.crp.com:8050
- orderer2.crp.com:8051
MaxChannels: 0
EtcdRaft:
Consenters:
- Host: orderer.crp.com
Port: 7050
ClientTLSCert: /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer.crp.com/tls/server.crt
ServerTLSCert: /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer.crp.com/tls/server.crt
- Host: orderer1.crp.com
Port: 8050
ClientTLSCert: /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer1.crp.com/tls/server.crt
ServerTLSCert: /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer1.crp.com/tls/server.crt
- Host: orderer2.crp.com
Port: 8051
ClientTLSCert: /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer2.crp.com/tls/server.crt
ServerTLSCert: /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer2.crp.com/tls/server.crt
Options:
TickInterval: 500ms
ElectionTick: 10
HeartbeatTick: 1
MaxInflightBlocks: 5
SnapshotIntervalSize: 16 MB
Profiles:
CrpChannel:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- <<: *OrdererOrg
Capabilities: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *CrpOrg
Policies:
<<: *CrpOrgPolicies
Admins:
Type: Signature
Rule: "OR('CrpOrgMSP.member')"
- <<: *CoripetOrg
Policies:
<<: *CoripetOrgPolicies
Admins:
Type: Signature
Rule: "OR('CoripetOrgMSP.member')"
在使用以下命令进行链码部署时,我仅在两个对等点之一上出现错误:
peer lifecycle chaincode commit -o orderer.crp.com:7050 --channelID crpchannel --name smart_contract_1 --version 1.0 --sequence 1 --tls true --cafile /root/gridsig-network/organizations/ordererOrganizations/crp.com/orderers/orderer.crp.com/tls/ca.crt --peerAddresses peer.crp.com:7051 --tlsRootCertFiles /root/gridsig-network/organizations/peerOrganizations/crp.com/peers/peer.crp.com/tls/ca.crt --peerAddresses peer.coripet.it:7054 --tlsRootCertFiles /root/gridsig-network/organizations/peerOrganizations/coripet.it/peers/peer.coripet.it/tls/ca.crt --signature-policy "OR('CrpOrgMSP.peer', 'CoripetOrgMSP.peer')"
第一个对等部署 (peer.crp.com) 日志似乎与一些 TLS 错误配合良好
INFO [lifecycle] QueryChaincodeDefinition -> Successfully queried chaincode name 'smart_contract_1' with definition {sequence: 1, endorsement info: (version: '1.0', plugin: 'escc', init required: false), validation info: (plugin: 'vscc', policy: '0a34120c120a080112020800120208011a0f120d0a094372704f72674d535010031a1312110a0d436f72697065744f72674d53501003'), collections: ()},
INFO [lifecycle] QueryOrgApprovals -> org CoripetOrgMSP's mismatch items are []
INFO [lifecycle] QueryOrgApprovals -> org CrpOrgMSP's mismatch items are []
INFO [endorser] callChaincode -> finished chaincode: _lifecycle duration: 0ms channel=crpchannel txID=b8424f73
INFO [comm.grpc.server] 1 -> unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.28.0.1:53386 grpc.peer_subject="CN=peer.crp.com,L=San Francisco,ST=California,C=US" grpc.code=OK grpc.call_duration=1.498406ms
INFO [grpc] Infof -> [transport] [server-transport 0xc003395520] Closing: EOF
INFO [grpc] Infof -> [transport] [server-transport 0xc003395520] loopyWriter exiting with error: transport closed by client
INFO [grpc] Infof -> [transport] [server-transport 0xc003395380] Closing: EOF
INFO [grpc] Infof -> [transport] [server-transport 0xc003395380] loopyWriter exiting with error: transport closed by client
ERRO [core.comm] ServerHandshake -> Server TLS handshake failed in 135.306152ms with error remote error: tls: internal error server=ChaincodeServer remoteaddress=172.28.0.1:55180
INFO [grpc] AddTraceEvent -> [core] [Server #2]grpc: Server.Serve failed to create ServerTransport: connection error: desc = "ServerHandshake(\"172.28.0.1:55180\") failed: remote error: tls: internal error"
相反,第二个节点 (peer.coripet.it) 链码执行失败:
WARN [lifecycle] Work -> could not launch chaincode 'smart_contract_1:d8a346da3120ddfddcc616633369aaa81649d8d7af6f3c35cdc413648e14a461': chaincode registration failed: container exited with 0
这些是失败执行容器的结束日志:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
有人可以帮助我理解我做错了什么?
解决了!这是错误的对等地址:端口映射, 更改这些环境变量,所有链代码对等容器都会运行良好:
对等peer.coripet.it 将链码端口(默认为 7052)映射为 docker 容器外部的 7055。