带有dind vm端点+ tls的Hyperledger Fabric v2新链码生命周期安装问题

Question

在使用新的 v2 链码生命周期时遇到问题，我正在使用 docker vm dind 端点 https://127.0.0.1 并开启 tls，peer 已设置所有 docker 客户端加密材料

CORE_VM_DOCKER_TLS_ENABLED=true
CORE_VM_DOCKER_TLS_CERT=/tmp/org1/peer1/docker/cert.pem
CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=host
CORE_VM_DOCKER_TLS_KEY=/tmp/org1/peer1/docker/key.pem
CORE_VM_ENDPOINT=https://127.0.0.1:2376
CORE_VM_DOCKER_TLS_CA=/tmp/org1/peer1/docker/ca.pem

尝试安装链码包。

peer lifecycle chaincode install patient_consent-v0.0.1-package.tar.gz \
     --peerAddresses fabric-dev-peer1-org1:7051 --connTimeout 10s \
     --tlsRootCertFiles /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem \
     -o fabric-dev-orderer1-org1:7050 --tls --cafile /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem

这给了我

Error: chaincode install failed with 
status: 500 - failed to invoke backing implementation of 'InstallChaincode'
could not build chaincode
docker build failed
docker image inspection failed
Get https://127.0.0.1:2376/images/dev-peer1-org1-patient_consent-v0.0.1-9aedb4f5f58cb4bf18cf38f53751928caf9074c4bcb6859d8417fb37c09ab596-0acf342a6da8bfef85ec6b4d9dbe3ca4236ab9e52d903bb9fb014db836696d7b/json
remote error: 
tls: bad certificate

Answer 1

在 peer chaincode install 命令中，您为 orderer 放置了错误的 tlsRootCertFiles。 --cafile 与 peer 相同。就是orderer CA文件。

--tlsRootCertFiles /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem \

 -o fabric-dev-orderer1-org1:7050 --tls --cafile /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem

通常当您启动测试网络 (2.0/1) 时，可以在organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem找到订购者 tls CA 文件
您可以检查您的设置并为订购者--cafile 标志设置正确的路径。