问题描述
我正在尝试在结构中的架构下进行操作,其中一个对等点位于在第一台机器(服务器/系统)中建立的网络的另一台机器上,
I was trying below architecture in fabric where one peer is on another machine rest of the network set up in first machine(server/system),
在创建频道并将每个对等方添加到频道后,显示如下日志,当我尝试示例网络时情况并非如此,该日志曾经说对等方加入了频道,当我检查对等方的日志时,它说:
after creating channel while adding each peer to the channel shows a log as below which was not the case when i tried sample network, the log used to say peer joined to channel, also when i check the logs of peer it says :
网络已启用tls,已提供tls证书并设置了环境变量.
The network is tls enabled , tls certificates are provided and environment variables were set.
Channel-setup.sh
Channel-setup.sh
# Channel creation
echo "========== Creating channel: "$CHANNEL_NAME" =========="
#peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile /opt$
# peer0.org1 channel join
echo "========== Joining peer0.org1.example.com to channel mychannel =========="
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.e$
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.or$
peer channel join -b ${CHANNEL_NAME}.block
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls $CORE_PEER_TLS$
# peer1.org1 channel join
echo "========== Joining peer1.org1.example.com to channel mychannel =========="
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.e$
export CORE_PEER_ADDRESS=peer1.org1.example.com:7051
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer1.or$
peer channel join -b ${CHANNEL_NAME}.block
# peer0.org2 channel join
echo "========== Joining peer0.org2.example.com to channel mychannel =========="
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.e$
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.or$
peer channel join -b ${CHANNEL_NAME}.block
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls $CORE_PEER_TLS$
# peer1.org2 channel join
echo "========== Joining peer1.org2.example.com to channel mychannel =========="
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.e$
export CORE_PEER_ADDRESS=peer1.org2.example.com:7051
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.or$
推荐答案
出现问题的原因是,TLS证书不包含IP SAN(IP主题备用名称).这是TLS证书中的一个字段,其基本内容为:证书已颁发给主机,其IP为:< 1.2.3.4>"
The reason for your problem, is that the TLS certificate(s) don't contain IP SANs (IP subject alternative names).This is a field in the TLS certificate that basically says: "The certificate was issued to a host that its IP is: <1.2.3.4>"
如果您使用版本v1.0的加密货币生成了证书,则它不支持在证书中添加IP SAN.但是,v1.1版的加密货币确实支持它,因此,如果使用它,则TLS证书中将具有IP SAN.
In case you generated the certificates using cryptogen of version v1.0, it doesn't support adding IP SANs into the certificate.However, cryptogen of version v1.1 does support it, so if you use it - you'll have IP SANs in the TLS certificates.
解决问题的另一种方法是使用主机名(DNS名称)代替IP地址,并使用任何版本的密码原.如果这样做,则证书将包含DNS SAN(证书中所有版本的加密原都对DNS SAN进行编码).
Another way of solving your problem, is using hostnames (DNS names) instead of IP addresses, and using any version of cryptogen.If you do that - the certificate would contain DNS SANs (all version of cryptogen encode DNS SANs in the certificates).
这篇关于对等点未加入通道,并出现TLS连接错误(IP SAN错误)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!