10 Fabric-sdk-go创建通道时连接orderer出现错误
网络环境:
tcp 0 0 ubuntu:domain *:* LISTEN -
tcp 0 0 localhost:ipp *:* LISTEN -
tcp6 0 0 [::]:7050 [::]:* LISTEN -
tcp6 0 0 [::]:7051 [::]:* LISTEN -
tcp6 0 0 [::]:8051 [::]:* LISTEN -
tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN -
tcp6 0 0 [::]:9051 [::]:* LISTEN -
tcp6 0 0 [::]:zabbix-trapper [::]:* LISTEN - docker容器列表
9840eb307233 hyperledger/fabric-peer:1.4.6 "peer node start" 5 hours ago Up 5 hours 0.0.0.0:8051->7051/tcp peer1.org1.example.com
a05df5289ee6 hyperledger/fabric-peer:1.4.6 "peer node start" 5 hours ago Up 5 hours 0.0.0.0:10051->7051/tcp peer1.org2.example.com
ac87a29766e2 hyperledger/fabric-peer:1.4.6 "peer node start" 5 hours ago Up 5 hours 0.0.0.0:7051->7051/tcp peer0.org1.example.com
f62d617920c2 hyperledger/fabric-peer:1.4.6 "peer node start" 5 hours ago Up 5 hours 0.0.0.0:9051->7051/tcp peer0.org2.example.com
b1db61093899 hyperledger/fabric-orderer:1.4.6 "orderer" 5 hours ago Up 5 hours 0.0.0.0:7050->7050/tcp orderer.example.com
出错的部分代码
channelReq := resmgmt.SaveChannelRequest{ChannelID: info.ChannelID, ChannelConfigPath: info.ChannelConfig, SigningIdentities: []msp.SigningIdentity{adminIdentity}}
// save channel response with transaction ID
_, err = resMgmtClient.SaveChannel(channelReq, resmgmt.WithRetry(retry.DefaultResMgmtOpts), resmgmt.WithOrdererEndpoint(info.OrdererOrgName))
if err != nil {
return fmt.Errorf("创建应用通道失败: %v", err)
}info
initInfo := &sdkInit.InitInfo{
ChannelID: "sdkchannel",
ChannelConfig: os.Getenv("GOPATH") + "/src/myfabric/channel-artifacts/channel.tx",
OrgAdmin: "Admin",
OrgName: "Org1",
OrdererOrgName: "orderer.example.com",
}
config.yaml文件
orderers:
orderer.example.com:
# [Optional] Default: Infer from hostname
url: orderer.example.com:7050
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
#ssl-target-name-override: orderer.example.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: /home/arthur/go/src/myfabric/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
.......
orderer:
- pattern: (\w+)orderer.example.com(\w*)
urlSubstitutionExp: grpc://orderer.example.com:7050
sslTargetOverrideUrlSubstitutionExp: orderer.example.com
mappedHost: orderer.example.com报错信息 create channel failed: SendEnvelope failed: calling orderer 'orderer.example.com:7050' failed: Orderer Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection timed out [orderer.example.com:7050]
Orderer节点日志信息
2020-03-22 04:53:30.882 UTC [core.comm] ServerHandshake -> ERRO 6d8 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38226
2020-03-22 04:53:30.884 UTC [grpc] handleRawConn -> DEBU 6d9 grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38226": remote error: tls: bad certificate
2020-03-22 04:53:31.881 UTC [core.comm] ServerHandshake -> ERRO 6da TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38230
2020-03-22 04:53:31.882 UTC [grpc] handleRawConn -> DEBU 6db grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38230": remote error: tls: bad certificate
2020-03-22 04:53:33.800 UTC [core.comm] ServerHandshake -> ERRO 6dc TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38234
2020-03-22 04:53:33.800 UTC [grpc] handleRawConn -> DEBU 6dd grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38234": remote error: tls: bad certificate
2020-03-22 04:53:36.623 UTC [core.comm] ServerHandshake -> ERRO 6de TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38238
2020-03-22 04:53:36.624 UTC [grpc] handleRawConn -> DEBU 6df grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38238": remote error: tls: bad certificate
2020-03-22 04:53:40.002 UTC [core.comm] ServerHandshake -> ERRO 6e0 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38242
2020-03-22 04:53:40.002 UTC [grpc] handleRawConn -> DEBU 6e1 grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38242": remote error: tls: bad certificate
2020-03-22 05:15:59.952 UTC [core.comm] ServerHandshake -> ERRO 6e2 TLS handshake failed with error tls: first record does not look like a TLS handshake server=Orderer remoteaddress=172.20.0.3:56396
2020-03-22 05:15:59.953 UTC [grpc] handleRawConn -> DEBU 6e3 grpc: Server.Serve failed to complete security handshake from "172.20.0.3:56396": tls: first record does not look like a TLS handshake
2020-03-22 05:26:43.787 UTC [core.comm] ServerHandshake -> ERRO 6e4 TLS handshake failed with error tls: first record does not look like a TLS handshake server=Orderer remoteaddress=172.20.0.3:56406
2020-03-22 05:26:43.787 UTC [grpc] handleRawConn -> DEBU 6e5 grpc: Server.Serve failed to complete security handshake from "172.20.0.3:56406": tls: first record does not look like a TLS handshake
最佳答案 2020-04-13 20:29
应该是证书问题。
调整日志级别为 DEBUG , 查看详细的信息。
export FABRIC_LOGGING_SPEC=DEBUG可能的问题: 证书中不包含 IP(用域名代替)、 指定了错误的证书、TLS 功能未正确开启
张小雨
- 程序猿
