【发布时间】:2018-09-26 14:27:12
【问题描述】:
我正在使用部署在 docker swarm 上的 Hyperledger Fabric 网络,其中包含 2 个 VirtualBox Ubuntu 映像。网络功能齐全,所有节点都加入了通道并更新了锚节点。我正在关注 Composer 多主机教程:https://hyperledger.github.io/composer/latest/tutorials/deploy-to-fabric-multi-org
网络设置:
Host1:Orderer、Peer1.Org1、Peer2.Org1、CLI
主机2:Peer1.Org2、Peer2.Org2
connectionProfileManager.json 是我的经理组织的连接 json。
{
"name": "example-network",
"x-type": "hlfv1",
"version": "1.0.0",
"channels": {
"mychannel": {
"orderers": [
"orderer.example.com"
],
"peers": {
"peer0.manager.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer1.manager.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer0.sponsor.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer1.sponsor.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"Manager": {
"mspid": "ManagerMSP",
"peers": [
"peer0.manager.example.com",
"peer1.manager.example.com"
],
"certificateAuthorities": [
"ca.manager.example.com"
]
},
"Sponsor": {
"mspid": "SponsorMSP",
"peers": [
"peer0.sponsor.example.com",
"peer1.sponsor.example.com"
],
"certificateAuthorities": [
"ca.sponsor.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://localhost:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORDERER_CA_CERT"
}
}
},
"peers": {
"peer0.manager.example.com": {
"url": "grpcs://localhost:7051",
"eventUrl": "grpcs://localhost:7053",
"grpcOptions": {
"ssl-target-name-override": "peer0.manager.example.com"
},
"tlsCACerts": {
"pem": "INSERT_MANAGER_CA_CERT"
}
},
"peer1.manager.example.com": {
"url": "grpcs://localhost:8051",
"eventUrl": "grpcs://localhost:8053",
"grpcOptions": {
"ssl-target-name-override": "peer1.manager.example.com"
},
"tlsCACerts": {
"pem": "INSERT_MANAGER_CA_CERT"
}
},
"peer0.sponsor.example.com": {
"url": "grpcs://10.0.2.5:9051",
"eventUrl": "grpcs://10.0.2.5:9053",
"grpcOptions": {
"ssl-target-name-override": "peer0.sponsor.example.com"
},
"tlsCACerts": {
"pem": "INSERT_SPONSOR_CA_CERT"
}
},
"peer1.sponsor.example.com": {
"url": "grpcs://10.0.2.5:10051",
"eventUrl": "grpcs://10.0.2.5:10053",
"grpcOptions": {
"ssl-target-name-override": "peer1.sponsor.example.com"
},
"tlsCACerts": {
"pem": "INSERT_SPONSOR_CA_CERT"
}
}
},
"certificateAuthorities": {
"ca.manager.example.com": {
"url": "https://localhost:7054",
"caName": "ca-manager",
"httpOptions": {
"verify": false
}
},
"ca.sponsor.example.com": {
"url": "https://10.0.2.5:8054",
"caName": "ca-sponsor",
"httpOptions": {
"verify": false
}
}
}
}
connectionProfileSponsor.json 是我的赞助商组织的连接 json。
{
"name": "example-network",
"x-type": "hlfv1",
"version": "1.0.0",
"channels": {
"mychannel": {
"orderers": [
"orderer.example.com"
],
"peers": {
"peer0.manager.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer1.manager.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer0.sponsor.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
},
"peer1.sponsor.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"ledgerQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"Manager": {
"mspid": "ManagerMSP",
"peers": [
"peer0.manager.example.com",
"peer1.manager.example.com"
],
"certificateAuthorities": [
"ca.manager.example.com"
]
},
"Sponsor": {
"mspid": "SponsorMSP",
"peers": [
"peer0.sponsor.example.com",
"peer1.sponsor.example.com"
],
"certificateAuthorities": [
"ca.sponsor.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://10.0.2.4:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORDERER_CA_CERT"
}
}
},
"peers": {
"peer0.manager.example.com": {
"url": "grpcs://10.0.2.4:7051",
"eventUrl": "grpcs://10.0.2.4:7053",
"grpcOptions": {
"ssl-target-name-override": "peer0.manager.example.com"
},
"tlsCACerts": {
"pem": "INSERT_MANAGER_CA_CERT"
}
},
"peer1.manager.example.com": {
"url": "grpcs://10.0.2.4:8051",
"eventUrl": "grpcs://10.0.2.4:8053",
"grpcOptions": {
"ssl-target-name-override": "peer1.manager.example.com"
},
"tlsCACerts": {
"pem": "INSERT_MANAGER_CA_CERT"
}
},
"peer0.sponsor.example.com": {
"url": "grpcs://localhost:9051",
"eventUrl": "grpcs://localhost:9053",
"grpcOptions": {
"ssl-target-name-override": "peer0.sponsor.example.com"
},
"tlsCACerts": {
"pem": "INSERT_SPONSOR_CA_CERT"
}
},
"peer1.sponsor.example.com": {
"url": "grpcs://localhost:10051",
"eventUrl": "grpcs://localhost:10053",
"grpcOptions": {
"ssl-target-name-override": "peer1.sponsor.example.com"
},
"tlsCACerts": {
"pem": "INSERT_SPONSOR_CA_CERT"
}
}
},
"certificateAuthorities": {
"ca.manager.example.com": {
"url": "https://10.0.2.4:7054",
"caName": "ca-manager",
"httpOptions": {
"verify": false
}
},
"ca.sponsor.example.com": {
"url": "https://localhost:8054",
"caName": "ca-sponsor",
"httpOptions": {
"verify": false
}
}
}
}
在 Manager 组织/主机上安装 .bna 的脚本:
cat << "EOF"
"
EOF
echo "Removing existing cards if any"
rm -fr $HOME/.composer
echo "Creating temporary directories"
mkdir -p /tmp/composer/manager
mkdir -p /tmp/composer/sponsor
echo "Pasting certificates in tmp/composer/..."
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/manager.example.com/peers/peer0.manager.example.com/tls/ca.crt > /tmp/composer/manager/ca-manager.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/sponsor.example.com/peers/peer0.sponsor.example.com/tls/ca.crt > /tmp/composer/sponsor/ca-sponsor.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt > /tmp/composer/ca-orderer.txt
echo "Creating the connection profile file"
cp connectionProfile.json /tmp/composer/example-network.json
echo "Adding the certificates in connection profile"
replacementManager="/tmp/composer/manager/ca-manager.txt"
replacementSponsor="/tmp/composer/sponsor/ca-sponsor.txt"
replacementOrderer="/tmp/composer/ca-orderer.txt"
file="/tmp/composer/example-network.json"
manager="/tmp/composer/proaManager.json"
sponsor="/tmp/composer/proaSponsor.json"
final="/tmp/composer/proaFinal.json"
partFinal="/tmp/composer/partFinal.json"
sed -i 's/\\n/±/g' $replacementManager
sed -i 's/\\n/±/g' $replacementSponsor
sed -i 's/\\n/±/g' $replacementOrderer
sed -e "s@INSERT_MANAGER_CA_CERT@$(cat $replacementManager)@g" $file > $manager
sed -e "s@INSERT_SPONSOR_CA_CERT@$(cat $replacementSponsor)@g" $manager > $sponsor
sed -e "s@INSERT_ORDERER_CA_CERT@$(cat $replacementOrderer)@g" $sponsor > $partFinal
sed $"s/\±/\\\n/g" $partFinal > $final
echo "Creating connection profile for manager"
cp /tmp/composer/proaFinal.json /tmp/composer/manager/proaManager.json
ex -sc '4i|"client": {
"organization": "Manager",
"connection": {
"timeout": {
"peer": {
"endorser": "300",
"eventHub": "300",
"eventReg": "300"
},
"orderer": "300"
}
}
},' -cx /tmp/composer/manager/proaManager.json
echo "Creating connection profile for sponsor"
cp /tmp/composer/proaFinal.json /tmp/composer/sponsor/proaSponsor.json
ex -sc '4i|"client": {
"organization": "Sponsor",
"connection": {
"timeout": {
"peer": {
"endorser": "300",
"eventHub": "300",
"eventReg": "300"
},
"orderer": "300"
}
}
},' -cx /tmp/composer/sponsor/proaSponsor.json
#-------------------
#-- MANAGER
#-------------------
echo "Getting the certificates for administrator of manager"
export MANAGER=crypto-config/peerOrganizations/manager.example.com/users/Admin@manager.example.com/msp
cp -p $MANAGER/signcerts/A*.pem /tmp/composer/manager
cp -p $MANAGER/keystore/*_sk /tmp/composer/manager
echo "Creating card for manager"
composer card create -p /tmp/composer/manager/proaManager.json -u PeerAdmin -c /tmp/composer/manager/Admin@manager.example.com-cert.pem -k /tmp/composer/manager/*_sk -r PeerAdmin -r ChannelAdmin -f PeerAdmin@proaManager.card
echo "Importing card for manager"
composer card import -f PeerAdmin@proaManager.card --card PeerAdmin@proaManager
composer network install --card PeerAdmin@proaManager --archiveFile example-network@0.0.1.bna
cp endorsement-policy.json /tmp/composer/endorsement-policy.json
echo "Retrieving business network administrator certificates for Manager"
composer identity request -c PeerAdmin@proaManager -u admin -s adminpw -d andreim
#-------------------
#-- START NETWORK
#-------------------
echo "Starting the business network"
composer network start -c PeerAdmin@proaManager -n example-network -V 0.0.1 -o endorsementPolicyFile=/tmp/composer/endorsement-policy.json -A andreim -C andreim/admin-pub.pem
echo "Creating a business network card to access the business network as Manager"
composer card create -p /tmp/composer/manager/proaManager.json -u andreim -n example-network -c andreim/admin-pub.pem -k andreim/admin-priv.pem
composer card import -f andreim@example-network.card
composer network ping -c andreim@example-network
在赞助商组织/主机上安装 .bna 的脚本:
cat << "EOF"
"
EOF
echo "Removing existing cards if any"
rm -fr $HOME/.composer
echo "Creating temporary directories"
mkdir -p /tmp/composer/manager
mkdir -p /tmp/composer/sponsor
echo "Pasting certificates in tmp/composer/..."
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/manager.example.com/peers/peer0.manager.example.com/tls/ca.crt > /tmp/composer/manager/ca-manager.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/sponsor.example.com/peers/peer0.sponsor.example.com/tls/ca.crt > /tmp/composer/sponsor/ca-sponsor.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt > /tmp/composer/ca-orderer.txt
echo "Creating the connection profile file"
cp connectionProfile.json /tmp/composer/example-network.json
echo "Adding the certificates in connection profile"
replacementManager="/tmp/composer/manager/ca-manager.txt"
replacementSponsor="/tmp/composer/sponsor/ca-sponsor.txt"
replacementOrderer="/tmp/composer/ca-orderer.txt"
file="/tmp/composer/example-network.json"
manager="/tmp/composer/proaManager.json"
sponsor="/tmp/composer/proaSponsor.json"
final="/tmp/composer/proaFinal.json"
partFinal="/tmp/composer/partFinal.json"
sed -i 's/\\n/±/g' $replacementManager
sed -i 's/\\n/±/g' $replacementSponsor
sed -i 's/\\n/±/g' $replacementOrderer
sed -e "s@INSERT_MANAGER_CA_CERT@$(cat $replacementManager)@g" $file > $manager
sed -e "s@INSERT_SPONSOR_CA_CERT@$(cat $replacementSponsor)@g" $manager > $sponsor
sed -e "s@INSERT_ORDERER_CA_CERT@$(cat $replacementOrderer)@g" $sponsor > $partFinal
sed $"s/\±/\\\n/g" $partFinal > $final
echo "Creating connection profile for manager"
cp /tmp/composer/proaFinal.json /tmp/composer/manager/proaManager.json
ex -sc '4i|"client": {
"organization": "Manager",
"connection": {
"timeout": {
"peer": {
"endorser": "300",
"eventHub": "300",
"eventReg": "300"
},
"orderer": "300"
}
}
},' -cx /tmp/composer/manager/proaManager.json
echo "Creating connection profile for sponsor"
cp /tmp/composer/proaFinal.json /tmp/composer/sponsor/proaSponsor.json
ex -sc '4i|"client": {
"organization": "Sponsor",
"connection": {
"timeout": {
"peer": {
"endorser": "300",
"eventHub": "300",
"eventReg": "300"
},
"orderer": "300"
}
}
},' -cx /tmp/composer/sponsor/proaSponsor.json
#-------------------
#-- SPONSOR
#-------------------
echo "Getting the certificates for administrator of sponsor"
export SPONSOR=crypto-config/peerOrganizations/sponsor.example.com/users/Admin@sponsor.example.com/msp
cp -p $SPONSOR/signcerts/A*.pem /tmp/composer/sponsor
cp -p $SPONSOR/keystore/*_sk /tmp/composer/sponsor
echo "Creating card for sponsor"
composer card create -p /tmp/composer/sponsor/proaSponsor.json -u PeerAdmin -c /tmp/composer/sponsor/Admin@sponsor.example.com-cert.pem -k /tmp/composer/sponsor/*_sk -r PeerAdmin -r ChannelAdmin -f PeerAdmin@proaSponsor.card
echo "Importing card for Sponsor"
composer card import -f PeerAdmin@proaSponsor.card --card PeerAdmin@proaSponsor
composer network install --card PeerAdmin@proaSponsor --archiveFile example-network@0.0.1.bna
cp endorsement-policy.json /tmp/composer/endorsement-policy.json
echo "Retrieving business network administrator certificates for Sponsor"
composer identity request -c PeerAdmin@proaSponsor -u admin -s adminpw -d andreis
#-------------------
#-------------------
echo "Creating a business network card to access the business network as Sponsor"
composer card create -p /tmp/composer/sponsor/proaSponsor.json -u andreis -n example-network -c andreis/admin-pub.pem -k andreis/admin-priv.pem
composer card import -f andreis@example-network.card
composer network ping -c andreis@example-network
在对连接配置文件结构进行小幅更新后,两台主机上的 .bna 安装工作正常,我可以从主机 1 启动网络。
我遇到的新问题是仅在我提交网络 ping 命令时。这是我收到的主机 1:
Error: Error trying invoke business network. Error: Peer localhost:7051 has rejected transaction '92a332f3c48fa4f1f3e1b858d9f21cf49d191205f1e5da7c3a4724e193ed8974' with code ENDORSEMENT_POLICY_FAILURE
这是我在主机 2 上 ping 的时候:
Error: Error trying to ping. Error: transaction returned with failure: Error: The current identity, with the name 'admin' and the identifier 'ca847f358ae8007968e02b194ed034fe82d55595ec2f7961a570de0c89fdd481', has not been registered
更新:
在主机 1 上,创建了两个新容器 dev-peer1.manager... 和 dev-peer0.manager... 但在主机 2 上只有一个新容器出现 dev-peer0.sponsor...
更新 2
这是我更新锚节点后来自 peer0.manager 的:
2018-10-03 07:25:56.656 UTC [gossip/gossip] learnAnchorPeers -> INFO 035 Anchor peer with same endpoint, skipping connecting to myself
2018-10-03 07:25:56.656 UTC [gossip/service] updateEndpoints -> WARN 036 Failed to update ordering service endpoints, due to Channel with mychannel id was not found
2018-10-03 07:25:56.668 UTC [kvledger] CommitWithPvtData -> INFO 037 Channel [mychannel]: Committed block [1] with 1 transaction(s)
2018-10-03 07:25:56.689 UTC [gossip/gossip] learnAnchorPeers -> INFO 038 Anchor peer with same endpoint, skipping connecting to myself
2018-10-03 07:25:56.689 UTC [gossip/service] updateEndpoints -> WARN 039 Failed to update ordering service endpoints, due to Channel with mychannel id was not found
2018-10-03 07:25:56.709 UTC [kvledger] CommitWithPvtData -> INFO 03a Channel [mychannel]: Committed block [2] with 1 transaction(s)
2018-10-03 07:25:58.731 UTC [gossip/comm] func1 -> WARN 03b peer0.sponsor.example.com:7051, PKIid:[243 157 143 36 230 129 13 112 17 86 197 255 202 84 128 217 169 218 84 171 24 5 85 85 183 248 81 52 115 118 126 40] isn't responsive: EOF
2018-10-03 07:25:58.731 UTC [gossip/discovery] expireDeadMembers -> WARN 03c Entering [[243 157 143 36 230 129 13 112 17 86 197 255 202 84 128 217 169 218 84 171 24 5 85 85 183 248 81 52 115 118 126 40]]
2018-10-03 07:25:58.731 UTC [gossip/discovery] expireDeadMembers -> WARN 03d Closing connection to Endpoint: peer0.sponsor.example.com:7051, InternalEndpoint: , PKI-ID: [243 157 143 36 230 129 13 112 17 86 197 255 202 84 128 217 169 218 84 171 24 5 85 85 183 248 81 52 115 118 126 40], Metadata: []
2018-10-03 07:25:58.731 UTC [gossip/discovery] expireDeadMembers -> WARN 03e Exiting
2018-10-03 07:25:58.761 UTC [gossip/discovery] resurrectMember -> INFO 03f Entering, AliveMessage: GossipMessage: tag:EMPTY alive_msg:<membership:<endpoint:"peer0.sponsor.example.com:7051" pki_id:"\363\235\217$\346\201\rp\021V\305\377\312T\200\331\251\332T\253\030\005UU\267\370Q4sv~(" > timestamp:<inc_num:1538551519456217249 seq_num:41 > > , Envelope: 83 bytes, Signature: 70 bytes t: {1538551519456217249 41}
2018-10-03 07:25:58.761 UTC [gossip/discovery] resurrectMember -> INFO 040 Exiting
我应该担心这些警告吗?如果我将弹珠链代码安装到对等点,一切正常...我能够查询所有对等点并获得正确的结果。
【问题讨论】:
标签: docker hyperledger-fabric hyperledger docker-swarm