Kan*_*yay 1 kubernetes hyperledger-fabric
我一直在尝试部署一个具有 3 个 CA、1 个排序节点和 2 个对等节点的超级账本结构模型。我可以使用 Fabric 的 OSADMIN 命令创建通道,但是当我尝试使用对等节点加入通道时,出现错误:error getting endorser client for channel: endorser client failed to connect to peer-govt:7051: failed to create new connection: context......。
以下是来自终端(本地主机)的日志:
\n2021-06-01 06:38:54.509 UTC [common.tools.configtxgen] main -> INFO 001 Loading configuration\n2021-06-01 06:38:54.522 UTC [common.tools.configtxgen.localconfig] completeInitialization -> INFO 002 orderer type: etcdraft\n2021-06-01 06:38:54.522 UTC [common.tools.configtxgen.localconfig] completeInitialization -> INFO 003 Orderer.EtcdRaft.Options unset, setting to tick_interval:"500ms" election_tick:10 heartbeat_tick:1 max_inflight_blocks:5 snapshot_interval_size:16777216 \n2021-06-01 06:38:54.522 UTC [common.tools.configtxgen.localconfig] Load -> INFO 004 Loaded configuration: /etc/hyperledger/clipod/configtx/configtx.yaml\n2021-06-01 06:38:54.712 UTC [common.tools.configtxgen] doOutputBlock -> INFO 005 Generating genesis block\n2021-06-01 06:38:54.712 UTC [common.tools.configtxgen] doOutputBlock -> INFO 006 Creating application channel genesis block\n2021-06-01 06:38:54.712 UTC [common.tools.configtxgen] doOutputBlock -> INFO 007 Writing genesis block\ncli-dd4cc5fbf-pdcgb\nStatus: 201\n{\n "name": "commonchannel",\n "url": "/participation/v1/channels/commonchannel",\n "consensusRelation": "consenter",\n "status": "active",\n "height": 1\n}\ncli-dd4cc5fbf-pdcgb\nError: error getting endorser client for channel: endorser client failed to connect to peer-govt:7051: failed to create new connection: context deadline exceeded\ncommand terminated with exit code 1\nError: error getting endorser client for channel: endorser client failed to connect to peer-general:9051: failed to create new connection: context deadline exceeded\ncommand terminated with exit code 1\n这里需要注意的一件事是我对所有 PODS 使用 Kubernetes 和服务 CLUSTER_IP。
\n这是来自其中一个 PEER POD 的日志(其他也相同)
\n2021-06-01 06:38:42.180 UTC [nodeCmd] registerDiscoveryService -> INFO 01b Discovery service activated\n2021-06-01 06:38:42.180 UTC [nodeCmd] serve -> INFO 01c Starting peer with ID=[peer-govt], network ID=[dev], address=[peer-govt:7051]\n2021-06-01 06:38:42.180 UTC [nodeCmd] func6 -> INFO 01d Starting profiling server with listenAddress = 0.0.0.0:6060\n2021-06-01 06:38:42.180 UTC [nodeCmd] serve -> INFO 01e Started peer with ID=[peer-govt], network ID=[dev], address=[peer-govt:7051]\n2021-06-01 06:38:42.181 UTC [kvledger] LoadPreResetHeight -> INFO 01f Loading prereset height from path [/var/hyperledger/production/ledgersData/chains]\n2021-06-01 06:38:42.181 UTC [blkstorage] preResetHtFiles -> INFO 020 No active channels passed\n2021-06-01 06:38:56.006 UTC [core.comm] ServerHandshake -> ERRO 021 Server TLS handshake failed in 24.669\xc2\xb5s with error tls: first record does not look like a TLS handshake server=PeerServer remoteaddress=172.17.0.1:13258\n2021-06-01 06:38:57.007 UTC [core.comm] ServerHandshake -> ERRO 022 Server TLS handshake failed in 17.772\xc2\xb5s with error tls: first record does not look like a TLS handshake server=PeerServer remoteaddress=172.17.0.1:29568\n2021-06-01 06:38:58.903 UTC [core.comm] ServerHandshake -> ERRO 023 Server TLS handshake failed in 13.581\xc2\xb5s with error tls: first record does not look like a TLS handshake server=PeerServer remoteaddress=172.17.0.1:32615\n为了解决这个问题,我尝试通过设置禁用 TLSCORE_PEER_TLS_ENABLED为了解决这个问题,我尝试通过设置来FALSE
然后提案被提交,但排序者 POD 抛出相同的错误TLS handshake failed.........
以下是我用来从 cli pod 加入频道的命令:
\nkubectl -n hyperledger -it exec $CLI_POD -- sh -c "export FABRIC_CFG_PATH=/etc/hyperledger/clipod/config && export CORE_PEER_LOCALMSPID=GeneralMSP && export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/clipod/organizations/peerOrganizations/general.example.com/peers/peer0.general.example.com/tls/ca.crt && export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/clipod/organizations/peerOrganizations/general.example.com/users/Admin@general.example.com/msp && export CORE_PEER_ADDRESS=peer-general:9051 && peer channel join -b /etc/hyperledger/clipod/channel-artifacts/$CHANNEL_NAME.block -o orderer:7050 --tls --cafile /etc/hyperledger/clipod/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
我被这个问题困扰,任何帮助将不胜感激。\n谢谢
\n我已经修好了。我遇到的问题是因为没有设置CORE_PEER_TLS_ENABLED = trueCLI pod。
我从整个模型中学到一件事,每当你看到 TLS 问题时,首先要检查的是检查CORE_PEER_TLS_ENABLED变量。确保您已为您尝试与之交互的所有 Pod 或容器设置了它。该情况可以为 false(对于没有 TLS)或 true(对于使用 TLS),具体取决于您的部署。其他需要记住的事情是使用正确的结构变量,包括、 、FABRIC_CFG_PATH和CORE_PEER_LOCALMSPID其他一些变量,具体取决于您的命令。CORE_PEER_TLS_ROOTCERT_FILECORE_PEER_MSPCONFIGPATH
| 归档时间: |
|
| 查看次数: |
4498 次 |
| 最近记录: |