问题描述

我正在尝试使用以下命令在HLF中创建频道

I am trying to create a channel in HLF using the following command

peer channel create -o orderer1.base:7050 -c basechannel -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/base.order/tlsca/tlsca.base.order-cert.pem

但是由于此错误而失败

无法将StepRequest发送到3，因为:rpc错误:code = desc不可用=所有SubConns都在TransientFailure中，最新的 连接错误:连接错误:desc =传输:身份验证 握手失败:x509:证书对orderer3.base.order有效， orderer3，而不是orderer3.base" channel = basechannel node = 1

Failed to send StepRequest to 3, because: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for orderer3.base.order, orderer3, not orderer3.base" channel=basechannel node=1

这是configtx.yaml

Raft:
        <<: *ChannelDefaults
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            OrdererType: etcdraft
            EtcdRaft:
                Consenters:
                - Host: orderer1.base
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls/server.crt
                - Host: orderer2.base
                  Port: 8050
                  ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls/server.crt
                - Host: orderer3.base
                  Port: 9050
                  ClientTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls/server.crt
            Addresses:
                - orderer1.base:7050
                - orderer2.base:8050
                - orderer3.base:9050

docker-compose.yaml

orderer1.base:
    extends:
      file: base.yaml
      service: orderer-base
    container_name: orderer1.base
    environment:
      - ORDERER_GENERAL_LISTENPORT=7050
    networks:
    - byfn
    volumes:
        - ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/msp:/var/hyperledger/orderer/msp
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer1.base.order/tls:/var/hyperledger/orderer/tls
        - orderer1.base.order:/var/hyperledger/production/orderer
    ports:
    - 7050:7050
  orderer2.base:
    extends:
      file: base.yaml
      service: orderer-base
    container_name: orderer2.base
    environment:
      - ORDERER_GENERAL_LISTENPORT=8050
    networks:
    - byfn
    volumes:
        - ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/msp:/var/hyperledger/orderer/msp
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer2.base.order/tls:/var/hyperledger/orderer/tls
        - orderer2.base.order:/var/hyperledger/production/orderer
    ports:
    - 8050:8050

  orderer3.base:
    extends:
      file: base.yaml
      service: orderer-base
    container_name: orderer3.base
    environment:
      - ORDERER_GENERAL_LISTENPORT=9050
    networks:
    - byfn
    volumes:
        - ./artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/msp:/var/hyperledger/orderer/msp
        - ./crypto-config/ordererOrganizations/base.order/orderers/orderer3.base.order/tls:/var/hyperledger/orderer/tls
        - orderer3.base.order:/var/hyperledger/production/orderer
    ports:
    - 9050:9050

base.yaml

orderer-base:
    image: hyperledger/fabric-orderer:$IMAGE_TAG
    environment:
      - FABRIC_LOGGING_SPEC=DEBUG
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - CORE_LOGGING_LEVEL=debug
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer

推荐答案

您正在错误映射端口.它必须是:

You are mapping ports uncorrectly.It must be:

orderer1 7050:7050

orderer1 7050:7050

orderer2 8050:7050

orderer2 8050:7050

orderer3 9050:7050

orderer3 9050:7050

并从每个订购者中删除环境LISTEN_PORT，以便默认始终为7050.这意味着，对于订购者2，您要将容器内部端口7050映射到外部8050.

And remove the environment LISTEN_PORT from every orderer so that the default is always 7050.This means that, in case of orderer 2, you are mapping container inner port 7050 to the external 8050.

还要在您的 configtx.yaml 中进行相同的修改，因此您将拥有3个端口7050.只需避免修改容器的内部端口，您就可以随意修改外部端口.

Also modify in your configtx.yaml the same thing, so you will have 3 ports 7050.Just avoid modifying internal ports for containers, you are free to modify external ones.

这篇关于Hyperledger Fabric:传输:身份验证握手失败:x509:通道创建证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！