[英]Hyperledger Fabric 2.3 connection issue
查詢分類帳時遇到問題。 這是我們的網絡的布局方式。 corp 網絡內的 kubernetes 集群上有 2 個組織,網絡內的 azure vm 上的 docker 集群上也有一個。 azure vm 節點和 k8s 集群節點通過 nginx 服務器相互通信。 現在,這種精心設置背后的原因是因為我們的供應鏈用例需要來自不同公司的合作伙伴加入我們的網絡。 因此,為了模擬公司網絡之外的外部合作伙伴,我們使用 azure vm。 由於我們計划將實現生產化,因此我們無法使用 Fabric 加密配置生成的證書並獲得使用我們公司的中間證書和根證書頒發的新證書。 現在在這個網絡設置上安裝了鏈碼,啟用了背書策略,可以在所有 3 個節點上完美運行。 我們正在使用 Fabric 2.3.0
現在我遇到的第一個問題是在 connection.json 文件中使用的 TLS 證書。 這已通過鏈接此處的 SO 帖子中描述的證書來解決。 當前的問題是 nodejs 代碼能夠連接到組織,但無法執行任何讀取或寫入操作。 在下面的 JS 代碼中,如果我取消注釋 channel.getPeer() 響應的控制台日志,它會正確打印整個對等 object。
這是我的連接。json。 10.100.xx.xx ip都是k8s集群的pods,public.ip.address是nginx服務器的ip
{
"name": "byfn",
"version": "1.0.0",
"client": {
"organization": "ORG2MSP",
"connection": {
"timeout": {
"peer": {
"endorser": "10000"
},
"orderer": "10000"
}
}
},
"channels": {
"supplychain": {
"orderers": [
"ord1.orderers.org1.com",
"ord2.orderers.org1.com",
"ord3.orderers.org1.com"
],
"peers": {
"peer1.peers.org1.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer1.peers.org3.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer1.peers.org2.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"ORG2MSP": {
"mspid": "ORG2MSP",
"peers": [
"peer1.peers.org2.com",
"peer2.peers.org2.com"
]
}
},
"orderers": {
"ord1.orderers.org1.com": {
"url": "grpcs://10.100.xxx.xxx:7050",
"grpcOptions": {
"ssl-target-name-override": "ord1.orderers.org1.com",
"request-timeout": 12000
},
"tlsCACerts": {
"path": "temp.pem"
}
},
"ord2.orderers.org1.com": {
"url": "grpcs://10.100.xxx.xxx:7050",
"grpcOptions": {
"ssl-target-name-override": "ord2.orderers.org1.com",
"request-timeout": 12000
},
"tlsCACerts": {
"path": "temp.pem"
}
},
"ord3.orderers.org1.com": {
"url": "grpcs://10.100.xxx.xxx:7050",
"grpcOptions": {
"ssl-target-name-override": "ord3.orderers.org1.com",
"request-timeout": 12000
},
"tlsCACerts": {
"path": "temp.pem"
}
}
},
"peers": {
"peer1.peers.org1.com": {
"url": "grpcs://10.100.xxx.xxx:7051",
"grpcOptions": {
"ssl-target-name-override": "peer1.peers.org1.com",
"request-timeout": 12000,
"grpc.keepalive_time_ms": 600000
},
"tlsCACerts": {
"path": "temp.pem"
}
},
"peer1.peers.org3.com": {
"url": "grpcs://public.ip.address:7051",
"grpcOptions": {
"ssl-target-name-override": "peer1.peers.org3.com",
"request-timeout": 12000,
"grpc.keepalive_time_ms": 600000
},
"tlsCACerts": {
"path": "temp.pem"
}
},
"peer1.peers.org2.com": {
"url": "grpcs://10.100.xxx.xxx:7051",
"grpcOptions": {
"ssl-target-name-override": "peer1.peers.org2.com",
"request-timeout": 12000,
"grpc.keepalive_time_ms": 600000
},
"tlsCACerts": {
"path": "temp.pem"
}
}
}
}
這是我的代碼
'use strict';
const { Wallets, Gateway } = require('fabric-network');
const fs = require('fs');
const path = require('path');
const ccpPath = path.resolve(__dirname,'connection.json');
const ccpJSON = fs.readFileSync(ccpPath, 'utf8');
const ccp = JSON.parse(ccpJSON);
async function main(){
try {
// const walletPath = path.join(process.cwd(), 'wallet');
const wallet = await Wallets.newFileSystemWallet('wallet');
// console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.get('usernew');
const tlsExists = await wallet.get('tlsid');
if (!userExists) {
console.log('An identity for the user "usernew" does not exist in the wallet');
return;
}
if (!tlsExists) {
console.log('An identity for the user "tls" does not exist in the wallet');
return;
}
console.log("Here");
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccp, { wallet, identity: 'usernew', discovery: { enabled: false, asLocalhost: false }, clientTlsIdentity: 'tlsid' });
console.log("Here1");
// Get the network (channel) our contract is deployed to.
const network = await gateway.getNetwork('supplychain');
console.log("Here2");
//Get the channel object to fetch out peers
const channel = network.getChannel();
console.log("Here3");
//Get peers for endorsement
//channel.getEndorsers();
const org1Peer = channel.getPeer('peer1.peers.org1.com');
//console.log(org1Peer);
const org2Peer = channel.getPeer('peer1.peers.org2.com');
//console.log(org2Peer);
const org3Peer = channel.getPeer('peer1.peers.org3.com');
//console.log(org3Peer);
// All the above logs print correct information
// Get the contract from the network.
const contract = network.getContract('mycontract');
const result = await contract.evaluateTransaction('queryAllObjects');
console.log(`Transaction has been evaluated, result is: ${result.toString()}`);
} catch (error) {
console.error(`Failed to evaluate transaction: ${error}`);
}
}
main()
這是加密文件夾樹
C:.
├───peers.org1.com
│ └───users
│ ├───Admin@peers.org1.com
│ │ ├───msp
│ │ │ ├───admincerts
│ │ │ ├───cacerts
│ │ │ ├───intermediatecerts
│ │ │ ├───keystore
│ │ │ ├───signcerts
│ │ │ ├───tlscacerts
│ │ │ └───tlsintermediatecerts
│ │ └───tls
│ └───User1@peers.org1.com
│ ├───msp
│ │ ├───admincerts
│ │ ├───cacerts
│ │ ├───intermediatecerts
│ │ ├───keystore
│ │ ├───signcerts
│ │ ├───tlscacerts
│ │ └───tlsintermediatecerts
│ └───tls
├───peers.org2.com
│ └───users
│ ├───Admin@peers.org2.com
│ │ ├───msp
│ │ │ ├───admincerts
│ │ │ ├───cacerts
│ │ │ ├───intermediatecerts
│ │ │ ├───keystore
│ │ │ ├───signcerts
│ │ │ ├───tlscacerts
│ │ │ └───tlsintermediatecerts
│ │ └───tls
│ └───User1@peers.org2.com
│ ├───msp
│ │ ├───admincerts
│ │ ├───cacerts
│ │ ├───intermediatecerts
│ │ ├───keystore
│ │ ├───signcerts
│ │ ├───tlscacerts
│ │ └───tlsintermediatecerts
│ └───tls
└───peers.org3.com
└───users
├───Admin@peers.org3.com
│ ├───msp
│ │ ├───admincerts
│ │ ├───cacerts
│ │ ├───intermediatecerts
│ │ ├───keystore
│ │ ├───signcerts
│ │ ├───tlscacerts
│ │ └───tlsintermediatecerts
│ └───tls
└───User1@peers.org3.com
├───msp
│ ├───admincerts
│ ├───cacerts
│ ├───intermediatecerts
│ ├───keystore
│ ├───signcerts
│ ├───tlscacerts
│ └───tlsintermediatecerts
└───tls
上面連接文件中使用的 temp.pem 是通過附加如下所示的 ica.pem 和 ca.pem 來准備的。 這是證書如何查找 Org2。 其他 2 個組織看起來相似。 msp/tlscacerts/ca.pem
Issuer: C=XX, ST=XXXX, L=XXXX, O=MyCompany, OU=Cybersecurity, CN=MyCompany Root Certificate Authority 2018
Validity
Not Before: Jul 23 17:07:45 2018 GMT
Not After : Jul 23 17:17:44 2043 GMT
Subject: C=XX, ST=XXXX, L=XXXX, O=MyCompany, OU=Cybersecurity, CN=MyCompany Root Certificate Authority
msp/tlsintermediatecerts/ica.pem
Issuer: C=XX, ST=XXXX, L=XXXX, O=MyCompany, OU=Cybersecurity, CN=MyCompany Root Certificate Authority 2018
Validity
Not Before: Nov 14 21:26:35 2018 GMT
Not After : Nov 14 21:36:35 2025 GMT
Subject: C=XX, ST=XXXX, L=XXXX, O=MyCompany, CN=MyCompany Issuing CA 101
tls/server.crt
Issuer: C=XX, ST=XXXX, L=XXXX, O=MyCompany, CN=MyCompany Issuing CA 101
Validity
Not Before: Jan 18 20:30:30 2021 GMT
Not After : Jan 18 20:30:30 2023 GMT
Subject: C=XX, ST=XXXX, L=XXXX, O=MyCompany Inc., OU=org2client, CN=*.peers.org2.com
.
.
.
X509v3 Subject Alternative Name:
DNS:*.peers.org2.com
Org2 NodeJs 日志
2021-02-25T10:21:33.736Z - error: [Endorser]: sendProposal[peer1.peers.org2.com] - Received error response from: grpcs://10.100.xxx.xxx:7051 error: Error: 2 UNKNOWN: error validating proposal: access denied: channel [supplychain] creator org [ORG2MSP]
2021-02-25T10:21:33.738Z - error: [Endorser]: sendProposal[peer1.peers.org2.com] - rejecting with: Error: 2 UNKNOWN: error validating proposal: access denied: channel [supplychain] creator org [ORG2MSP]
2021-02-25T10:21:33.738Z - error: [SingleQueryHandler]: evaluate: message=Query failed. Errors: ["Error: 2 UNKNOWN: error validating proposal: access denied: channel [supplychain] creator org [ORG2MSP]"], stack=FabricError: Query failed. Errors: ["Error: 2 UNKNOWN: error validating proposal: access denied: channel [supplychain] creator org [ORG2MSP]"]
at SingleQueryHandler.evaluate (/fabric23/node_modules/fabric-network/lib/impl/query/singlequeryhandler.js:47:23)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async Transaction.evaluate (/fabric23/node_modules/fabric-network/lib/transaction.js:276:25)
at async main (/fabric23/test.js:67:25), name=FabricError
Failed to evaluate transaction: FabricError: Query failed. Errors: ["Error: 2 UNKNOWN: error validating proposal: access denied: channel [supplychain] creator org [ORG2MSP]"]
Org2 對等日志
2021-02-25 10:21:33.732 UTC [endorser] Validate -> WARN 08f access denied: creator's signature over the proposal is not valid: The signature is invalid channel=supplychain txID=01bde838 mspID=ORG2MSP
2021-02-25 10:21:33.732 UTC [comm.grpc.server] 1 -> INFO 090 unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.23.238.200:40928 grpc.peer_subject="CN=*.peers.org3.com,OU=org3client,O=MyCompany Inc.,L=XXXX,ST=XXXX,C=XX" error="error validating proposal: access denied: channel [supplychain] creator org [ORG2MSP]" grpc.code=Unknown grpc.call_duration=12.335491ms
Org3 對等日志
2021-02-26 13:42:26.081 UTC [gossip.channel] publishStateInfo -> DEBU 6155d8 Empty membership, no one to publish state info to
2021-02-26 13:42:26.493 UTC [core.comm] ServerHandshake -> DEBU 6155d9 Server TLS handshake completed in 49.605106ms server=PeerServer remoteaddress=public.ip.address:291542021-02-26 13:42:26.597 UTC [grpc] InfoDepth -> DEBU 6155da [transport]transport: loopyWriter.run returning. connection error: desc = "transport is closing"
2021-02-26 13:42:26.927 UTC [gossip.channel] publishStateInfo -> DEBU 6155db Empty membership, no one to publish state info to
我還嘗試在 azure vm 上的 docker 群上部署相同的代碼。 但是,當我使用此處的 SO 帖子中給出的錯誤證書時,它給出了與我得到的相同的錯誤
您可以檢查的一些要點:
最好的問候, 茨維坦
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.