10 Fabric-sdk-go创建通道时连接orderer出现错误

网络环境:

tcp        0      0 ubuntu:domain           *:*                     LISTEN      -               
tcp        0      0 localhost:ipp           *:*                     LISTEN      -               
tcp6       0      0 [::]:7050               [::]:*                  LISTEN      -               
tcp6       0      0 [::]:7051               [::]:*                  LISTEN      -               
tcp6       0      0 [::]:8051               [::]:*                  LISTEN      -               
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN      -               
tcp6       0      0 [::]:9051               [::]:*                  LISTEN      -               
tcp6       0      0 [::]:zabbix-trapper     [::]:*                  LISTEN      -    

docker容器列表

9840eb307233        hyperledger/fabric-peer:1.4.6                                                                          "peer node start"        5 hours ago         Up 5 hours          0.0.0.0:8051->7051/tcp    peer1.org1.example.com
a05df5289ee6        hyperledger/fabric-peer:1.4.6                                                                          "peer node start"        5 hours ago         Up 5 hours          0.0.0.0:10051->7051/tcp   peer1.org2.example.com
ac87a29766e2        hyperledger/fabric-peer:1.4.6                                                                          "peer node start"        5 hours ago         Up 5 hours          0.0.0.0:7051->7051/tcp    peer0.org1.example.com
f62d617920c2        hyperledger/fabric-peer:1.4.6                                                                          "peer node start"        5 hours ago         Up 5 hours          0.0.0.0:9051->7051/tcp    peer0.org2.example.com
b1db61093899        hyperledger/fabric-orderer:1.4.6                                                                       "orderer"                5 hours ago         Up 5 hours          0.0.0.0:7050->7050/tcp    orderer.example.com

出错的部分代码

channelReq := resmgmt.SaveChannelRequest{ChannelID: info.ChannelID, ChannelConfigPath: info.ChannelConfig, SigningIdentities: []msp.SigningIdentity{adminIdentity}}
    // save channel response with transaction ID
    _, err = resMgmtClient.SaveChannel(channelReq, resmgmt.WithRetry(retry.DefaultResMgmtOpts), resmgmt.WithOrdererEndpoint(info.OrdererOrgName))
    if err != nil {
        return fmt.Errorf("创建应用通道失败: %v", err)
    }

info

initInfo := &sdkInit.InitInfo{

        ChannelID:     "sdkchannel",
        ChannelConfig: os.Getenv("GOPATH") + "/src/myfabric/channel-artifacts/channel.tx",

        OrgAdmin:       "Admin",
        OrgName:        "Org1",
        OrdererOrgName: "orderer.example.com",
    }

config.yaml文件

orderers:
  orderer.example.com:
    # [Optional] Default: Infer from hostname
    url: orderer.example.com:7050

    # these are standard properties defined by the gRPC library
    # they will be passed in as-is to gRPC client constructor
    grpcOptions:
      #ssl-target-name-override: orderer.example.com
      # These parameters should be set in coordination with the keepalive policy on the server,
      # as incompatible settings can result in closing of connection.
      # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
      keep-alive-time: 0s
      keep-alive-timeout: 20s
      keep-alive-permit: false
      fail-fast: false
      # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
      allow-insecure: false

    tlsCACerts:
      # Certificate location absolute path
      path: /home/arthur/go/src/myfabric/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem

.......
orderer:
    - pattern: (\w+)orderer.example.com(\w*)
      urlSubstitutionExp: grpc://orderer.example.com:7050
      sslTargetOverrideUrlSubstitutionExp: orderer.example.com
      mappedHost: orderer.example.com

报错信息 create channel failed: SendEnvelope failed: calling orderer 'orderer.example.com:7050' failed: Orderer Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection timed out [orderer.example.com:7050]

Orderer节点日志信息

2020-03-22 04:53:30.882 UTC [core.comm] ServerHandshake -> ERRO 6d8 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38226
2020-03-22 04:53:30.884 UTC [grpc] handleRawConn -> DEBU 6d9 grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38226": remote error: tls: bad certificate
2020-03-22 04:53:31.881 UTC [core.comm] ServerHandshake -> ERRO 6da TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38230
2020-03-22 04:53:31.882 UTC [grpc] handleRawConn -> DEBU 6db grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38230": remote error: tls: bad certificate
2020-03-22 04:53:33.800 UTC [core.comm] ServerHandshake -> ERRO 6dc TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38234
2020-03-22 04:53:33.800 UTC [grpc] handleRawConn -> DEBU 6dd grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38234": remote error: tls: bad certificate
2020-03-22 04:53:36.623 UTC [core.comm] ServerHandshake -> ERRO 6de TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38238
2020-03-22 04:53:36.624 UTC [grpc] handleRawConn -> DEBU 6df grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38238": remote error: tls: bad certificate
2020-03-22 04:53:40.002 UTC [core.comm] ServerHandshake -> ERRO 6e0 TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=172.20.0.1:38242
2020-03-22 04:53:40.002 UTC [grpc] handleRawConn -> DEBU 6e1 grpc: Server.Serve failed to complete security handshake from "172.20.0.1:38242": remote error: tls: bad certificate
2020-03-22 05:15:59.952 UTC [core.comm] ServerHandshake -> ERRO 6e2 TLS handshake failed with error tls: first record does not look like a TLS handshake server=Orderer remoteaddress=172.20.0.3:56396
2020-03-22 05:15:59.953 UTC [grpc] handleRawConn -> DEBU 6e3 grpc: Server.Serve failed to complete security handshake from "172.20.0.3:56396": tls: first record does not look like a TLS handshake
2020-03-22 05:26:43.787 UTC [core.comm] ServerHandshake -> ERRO 6e4 TLS handshake failed with error tls: first record does not look like a TLS handshake server=Orderer remoteaddress=172.20.0.3:56406
2020-03-22 05:26:43.787 UTC [grpc] handleRawConn -> DEBU 6e5 grpc: Server.Serve failed to complete security handshake from "172.20.0.3:56406": tls: first record does not look like a TLS handshake
请先 登录 后评论

最佳答案 2020-04-13 20:29

应该是证书问题。

调整日志级别为 DEBUG , 查看详细的信息。

export FABRIC_LOGGING_SPEC=DEBUG

可能的问题: 证书中不包含 IP(用域名代替)、 指定了错误的证书、TLS 功能未正确开启

请先 登录 后评论

其它 1 个回答

uni
请先 登录 后评论
  • 1 关注
  • 0 收藏,11297 浏览
  • 提出于 2020-03-21 22:53