TLS error
zhangyijie7758 opened this issue · comments
This is my configuration
membersrvc.yaml:
server:
gomaxprocs: -1
rootpath: "/var/hyperledger/production"
cadir: ".membersrvc"
port: ":7054"
# TLS certificate and key file paths
tls:
cert:
file: "/var/hyperledger/share/tlsca.crt"
key:
file: "/var/hyperledger/share/tlsca.key"
security:
# Either 256 or 384 (note: must be the exact same value as specified in the core.yaml file)
level: 256
# Either SHA2 or SHA3 (note: must be the exact same value as specified in the core.yaml file)
hashAlgorithm: SHA3
# The server host CN (Common Name) to be used (needs to match the TLS Server Certificate)
serverhostoverride: OBC
# Boolean (true/false) value indicating whether TLS should be used between the client and
# the various CA services (ECA, TCA, TLSCA, ACA)
tls_enabled: true
# A PEM-encoded (X509 v3, Base64) certificate to use for establishing the TLS connection
# between the client and the ACA service
client:
cert:
file:_
core.yaml
tls:
enabled: true
cert:
file: "/var/hyperledger/share/tlsca.crt"
key:
file: "/var/hyperledger/share/tlsca.key"
# The server name use to verify the hostname returned by TLS handshake
serverhostoverride: OBC
# PKI member services properties
pki:
eca:
paddr: localhost:7054
tca:
paddr: localhost:7054
tlsca:
paddr: localhost:7054
tls:
enabled: true
rootcert:
file: "/var/hyperledger/share/tlsca.crt"
# The server name use to verify the hostname returned by TLS handshake
serverhostoverride: OBC
docker-compose.yml
membersrvc:
image: hyperledger/fabric-membersrvc:x86_64-0.6.1-preview
volumes:
- /c/Users/xps15/share:/var/hyperledger/share
- /c/Users/xps15/share/membersrvc.yaml:/opt/gopath/src/github.com/hyperledger/fabric/membersrvc/membersrvc.yaml
ports:
- "7054:7054"
command: membersrvc
vp0:
image: hyperledger/fabric-peer:x86_64-0.6.1-preview
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /c/Users/xps15/share:/var/hyperledger/share
- /c/Users/xps15/share/core.yaml:/opt/gopath/src/github.com/hyperledger/fabric/peer/core.yaml
ports:
- "7050:7050"
- "7051:7051"
- "7052:7052"
environment:
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_VM_ENDPOINT=unix:///var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_PKI_ECA_PADDR=membersrvc:7054
- CORE_PEER_PKI_TCA_PADDR=membersrvc:7054
- CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054
- CORE_PEER_PKI_TLS_ENABLED=true
- CORE_PEER_PKI_TLS_ROOTCERT_FILE=/var/hyperledger/share/tlsca.crt
- CORE_PEER_PKI_TLS_SERVERHOSTOVERRIDE=OBC
- CORE_SECURITY_ENABLED=true
- CORE_SECURITY_PRIVACY=false
- CORE_CHAINCODE_STARTUPTIMEOUT=600000
- CORE_PEER_ID=vp0
- CORE_SECURITY_ENROLLID=test_vp0
- CORE_SECURITY_ENROLLSECRET=MwYpmSRjupbT
command: sh -c "sleep 30; peer node start"
when run docker-compose up, membersrvc start successful, but peer can't connect membersrvc.
Is there any document refer to tls setting ? official document is not details。
exception like:
33mvp0_1 |�[0m �[36m07:10:02.768 [crypto] Debugf -> DEBU 013�[0m [validator.test_vp0] Keystore opened at [/var/hyperledger/production/crypto/validator/test_vp0/ks]...done
�[33mvp0_1 |�[0m �[36m07:10:02.768 [crypto] Debug -> DEBU 014�[0m [validator.test_vp0] Registering node crypto engine...
�[33mvp0_1 |�[0m �[36m07:10:02.768 [crypto] Debug -> DEBU 015�[0m [validator.test_vp0] Initiliazing TLS...
�[33mvp0_1 |�[0m �[36m07:10:02.768 [crypto] Debugf -> DEBU 016�[0m [validator.test_vp0] Loading external certificate at [/var/hyperledger/share/tlsca.crt]...
�[33mvp0_1 |�[0m �[36m07:10:02.769 [crypto] Debug -> DEBU 017�[0m [validator.test_vp0] Initiliazing TLS...Done
�[33mvp0_1 |�[0m �[36m07:10:02.769 [crypto] Debug -> DEBU 018�[0m [validator.test_vp0] Getting ECA client...
�[33mvp0_1 |�[0m �[36m07:10:02.769 [crypto] Debugf -> DEBU 019�[0m [validator.test_vp0] Dial to addr:[membersrvc:7054], with serverName:[OBC]...
�[33mvp0_1 |�[0m �[36m07:10:02.769 [crypto] Debug -> DEBU 01a�[0m [validator.test_vp0] TLS enabled...
�[33mvp0_1 |�[0m �[36m07:10:02.769 [crypto] Debug -> DEBU 01b�[0m [validator.test_vp0] Getting ECA client...done
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] Errorf -> ERRO 01c�[0m [validator.test_vp0] Failed requesting read certificate [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure].
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] Errorf -> ERRO 01d�[0m [validator.test_vp0] Failed requesting ECA certificate [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure].
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] Errorf -> ERRO 01e�[0m [validator.test_vp0] Failed getting ECA certificate [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure].
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] Errorf -> ERRO 01f�[0m [validator.test_vp0] Failed retrieving ECA certs chain [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure].
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] Errorf -> ERRO 020�[0m [validator.test_vp0] Failed registering node crypto engine [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure].
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] Errorf -> ERRO 021�[0m [validator.test_vp0] Failed registering peer [test_vp0]: [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure]
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] Errorf -> ERRO 022�[0m [validator.test_vp0] Failed registering [test_vp0]: [rpc error: code = 14 desc = grpc: RPC failed fast due to transport failure]
�[33mvp0_1 |�[0m �[31m07:10:12.775 [crypto] RegisterValidator -> ERRO 023�[0m Failed registering validator [test_vp0] with name [test_vp0] [rpc error: code = 14 desc = grpc: RPC fai