Page 1 of 1

Fehler beim Erstellen des PKIX-Pfades: Beim Chaincode-Commit im Hyperledger Fabric-Produktionsnetzwerk konnte kein gülti

Posted: 17 Jan 2025, 09:23
by Anonymous
Während des Festschreibens des Java-Chaincode-Pakets habe ich diesen Fehler auf einem von zwei Peers erhalten:

Code: Select all

Shutting down the chaincode stream.UNAVAILABLE: io exception
io.grpc.StatusRuntimeException: UNAVAILABLE: io exception
Channel Pipeline:
Caused by: javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
at io.grpc.netty.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.handshakeException(ReferenceCountedOpenSslEngine.java:1927)
at io.grpc.netty.shaded.io.netty.handler.ssl.ReferenceCountedOpenSslEngine.wrap(ReferenceCountedOpenSslEngine.java:848)
at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:564)
at io.grpc.netty.shaded.io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1131)

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Ich versuche, ein Produktionsnetzwerk mit dem Cryptogen-Tool für Zertifikate und Ordnerstrukturen unter Verwendung der Datei crypto-config.yaml unten einzurichten

Code: Select all

OrdererOrgs:
- Name: OrdererOrg
Domain: crpt.com
EnableNodeOUs: true
Specs:
- Hostname: orderer
SANS:
- orderer.crpt.com
- 
- Hostname: orderer1
SANS:
- orderer1.crpt.com
- 
- Hostname: orderer2
SANS:
- orderer2.crpt.com
- 
PeerOrgs:
- Name: CrpOrg
Domain: crpt.com
EnableNodeOUs: true
Specs:
- Hostname: peer
SANS:
- peer.crpt.com
- 
Template:
Count: 0
Users:
Count: 1

- Name: CrpetOrg
Domain: Crpet.it
EnableNodeOUs: true
Specs:
- Hostname: peer
SANS:
- peer.crpet.it
- 
Template:
Count: 0
Users:
Count: 1
Dies ist meine Docker-Compose-Datei

Code: Select all

networks:
prod:
name: prod-fabric-network
services:
peer.crpt.com:
image: hyperledger/fabric-peer:latest
container_name: peer.crpt.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- CORE_GENERAL_LOGLEVEL=INFO
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_ID=peer.crpt.com
- CORE_PEER_ADDRESS=peer.crpt.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer.crpt.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer.crpt.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer.crpt.com:7051
- CORE_PEER_LOCALMSPID=CrpOrgMSP
- CORE_PEER_PROFILE_ENABLED=true
volumes:
- /root/network/organizations/peerOrganizations/crpt.com/peers/peer.crpt.com/msp:/etc/hyperledger/fabric/msp
- /root/network/organizations/peerOrganizations/crpt.com/peers/peer.crpt.com/tls:/etc/hyperledger/fabric/tls
- /root/network/organizations/peerOrganizations/crpt.com/peers/peer.crpt.com:/etc/hyperledger/production
- /var/run/docker.sock:/host/var/run/docker.sock
ports:
- "7051:7051"
- "7052:7052"
networks:
- prod
depends_on:
- couchdb.peer.crpt.com

peer.crpet.it:
image: hyperledger/fabric-peer:latest
container_name:  peer.crpet.it
environment:
- FABRIC_LOGGING_SPEC=INFO
- CORE_GENERAL_LOGLEVEL=INFO
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_ID=peer.crpet.it
- CORE_PEER_ADDRESS=peer.crpet.it:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer.crpet.it:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer.crpet.it:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer.crpet.it:7054
- CORE_PEER_LOCALMSPID=CrpetOrgMSP
- CORE_PEER_PROFILE_ENABLED=true
volumes:
- /root/network/organizations/peerOrganizations/Crpet.it/peers/peer.crpet.it/msp:/etc/hyperledger/fabric/msp
- /root/network/organizations/peerOrganizations/Crpet.it/peers/peer.crpet.it/tls:/etc/hyperledger/fabric/tls
- /root/network/organizations/peerOrganizations/Crpet.it/peers/peer.crpet.it:/etc/hyperledger/production
- /var/run/docker.sock:/host/var/run/docker.sock
ports:
- "7054:7051"
- "7055:7052"
networks:
- prod
depends_on:
- couchdb.peer.crpet.it

orderer.crpt.com:
image: hyperledger/fabric-orderer:3.0
container_name: orderer.crpt.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LOGLEVEL=INFO
volumes:
- /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer.crpt.com:/etc/hyperledger/fabric
ports:
- "7050:7050"
- "8443:8443"
- "7053:7053"
networks:
- prod

orderer1.crpt.com:
image: hyperledger/fabric-orderer:3.0
container_name: orderer1.crpt.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LOGLEVEL=INFO
volumes:
- /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer1.crpt.com:/etc/hyperledger/fabric
ports:
- "8050:7050"
- "9443:8443"
- "8053:7053"
networks:
- prod

orderer2.crpt.com:
image: hyperledger/fabric-orderer:3.0
container_name: orderer2.crpt.com
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LOGLEVEL=INFO
volumes:
- /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer2.crpt.com:/etc/hyperledger/fabric
ports:
- "8051:7050"
- "10443:8443"
- "9053:7053"
networks:
- prod
Dann, nach dem Start von „Run Compose“, folgte ich diesen Schritten:
  • Generieren Sie die Blockdatei für den Genesis-Kanal
  • Orderer-Knoten zum Kanal hinzufügen
  • Peer-Knoten zum Kanal hinzufügen
  • Java-Chaincode für Peers bereitstellen
Der Kanal wird dadurch generiert configtx.yaml unten

Code: Select all

Organizations:
- &OrdererOrg
Name: OrdererOrg
SkipAsForeign: false
ID: OrdererOrgMSP
MSPDir: /root/network/organizations/ordererOrganizations/crpt.com/msp
Policies: &OrdererOrgPolicies
Readers:
Type: Signature
Rule: "OR('OrdererOrgMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererOrgMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererOrgMSP.admin')"
OrdererEndpoints:
- orderer.crpt.com:7050
- orderer1.crpt.com:8050
- orderer2.crpt.com:8051
- &CrpOrg
Name: CrpOrg
SkipAsForeign: false
ID: CrpOrgMSP
MSPDir: /root/network/organizations/peerOrganizations/crpt.com/msp
Policies: &CrpOrgPolicies
Readers:
Type: Signature
Rule: "OR('CrpOrgMSP.admin', 'CrpOrgMSP.member', 'CrpOrgMSP.peer', 'CrpOrgMSP.client')"
Writers:
Type: Signature
Rule:  "OR('CrpOrgMSP.admin', 'CrpOrgMSP.client')"
Admins:
Type: Signature
Rule: "OR('CrpOrgMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('CrpOrgMSP.peer')"
AnchorPeers:
- Host: peer.crpt.com
Port: 7051
- &CrpetOrg
Name: CrpetOrg
SkipAsForeign: false
ID: CrpetOrgMSP
MSPDir: /root/network/organizations/peerOrganizations/Crpet.it/msp
Policies: &CrpetOrgPolicies
Readers:
Type: Signature
Rule: "OR('CrpetOrgMSP.admin', 'CrpetOrgMSP.member', 'CrpetOrgMSP.peer', 'CrpetOrgMSP.client')"
Writers:
Type: Signature
Rule: "OR('CrpetOrgMSP.admin', 'CrpetOrgMSP.client')"
Admins:
Type: Signature
Rule: "OR('CrpetOrgMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('CrpetOrgMSP.peer')"
AnchorPeers:
- Host: peer.crpet.it
Port: 7051

Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- orderer.crpt.com:7050
- orderer1.crpt.com:8050
- orderer2.crpt.com:8051
MaxChannels: 0
EtcdRaft:
Consenters:
- Host: orderer.crpt.com
Port: 7050
ClientTLSCert: /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer.crpt.com/tls/server.crt
ServerTLSCert: /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer.crpt.com/tls/server.crt
- Host: orderer1.crpt.com
Port: 8050
ClientTLSCert: /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer1.crpt.com/tls/server.crt
ServerTLSCert: /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer1.crpt.com/tls/server.crt
- Host: orderer2.crpt.com
Port: 8051
ClientTLSCert: /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer2.crpt.com/tls/server.crt
ServerTLSCert: /root/network/organizations/ordererOrganizations/crpt.com/orderers/orderer2.crpt.com/tls/server.crt
Options:
TickInterval: 500ms
ElectionTick: 10
HeartbeatTick: 1
MaxInflightBlocks: 5
SnapshotIntervalSize: 16 MB
Profiles:
CrpChannel: