启动RAFT排序程序服务失败

Question

tls握手失败，错误tls: first record看起来不像TLS握手server=Orderer我正在尝试创建基于RAFT的排序器服务，但它不工作。排序节点被启动，但由于某些tls握手错误而不与它们通信。节点服务也无法创建通道，因为排序器给出了一些tls握手错误。

我已经检查了证书路径，它们都是正确的。

组织：

 - &Orderer

    Name: Orderer
    ID: OrdererMSP
    MSPDir: crypto-config/ordererOrganizations/orderer.com/msp

- &Org1
    Name: CompanyOne
    ID: CompanyOneMSP
    MSPDir: crypto-config/peerOrganizations/companyone.com/msp
    AnchorPeers:
        - Host: 192.168.152.235
          Port: 7051

- &Org2
    Name: companytwo
    ID: companytwoMSP
    MSPDir: crypto-config/peerOrganizations/companytwo.com/msp
    AnchorPeers:
        - Host: 192.168.152.236
          Port: 7051
- &Org3
    # DefaultOrg defines the organization which is used in the sampleconfig
    Name: CompanyThree
    ID: CompanyThreeMSP
    MSPDir: crypto-config/peerOrganizations/companythree.com/msp
    AnchorPeers:
        - Host: 192.168.152.237
          Port: 7051

应用程序：&Application默认值组织：-*组织1-*组织2-*组织3排序人：&OrdererDefaults OrdererType:等

Addresses:
    - 192.168.152.231:7050
    - 192.168.152.232:7050
    - 192.168.152.233:7050

# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s

# Batch Size: Controls the number of messages batched into a block
BatchSize:

    # Max Message Count: The maximum number of messages to permit in a batch
    MaxMessageCount: 10

    # Absolute Max Bytes: The absolute maximum number of bytes allowed for
    # the serialized messages in a batch.
    AbsoluteMaxBytes: 98 MB

    # Preferred Max Bytes: The preferred maximum number of bytes allowed for
    # the serialized messages in a batch. A message larger than the preferred
    # max bytes will result in a batch larger than preferred max bytes.
    PreferredMaxBytes: 512 KB

EtcdRaft:

    Consenters:
        - Host: 192.168.152.231
          Port: 7050
          ClientTLSCert: crypto-config/ordererOrganizations/orderer.com/orderers/companyone.orderer.com/tls/server.crt
          ServerTLSCert: crypto-config/ordererOrganizations/orderer.com/orderers/companyone.orderer.com/tls/server.crt
        - Host: 192.168.152.232
          Port: 7050
          ClientTLSCert: crypto-config/ordererOrganizations/orderer.com/orderers/companytwo.orderer.com/tls/server.crt
          ServerTLSCert: crypto-config/ordererOrganizations/orderer.com/orderers/companytwo.orderer.com/tls/server.crt
        - Host: 192.168.152.233
          Port: 7050
          ClientTLSCert: crypto-config/ordererOrganizations/orderer.com/orderers/companythree.orderer.com/tls/server.crt
          ServerTLSCert: crypto-config/ordererOrganizations/orderer.com/orderers/companythree.orderer.com/tls/server.crt

    # Options to be specified for all the etcd/raft nodes. The values here
    # are the defaults for all new channels and can be modified on a
    # per-channel basis via configuration updates.
    Options:
        # TickInterval is the time interval between two Node.Tick invocations.
        TickInterval: 500ms

        # ElectionTick is the number of Node.Tick invocations that must pass
        # between elections. That is, if a follower does not receive any
        # message from the leader of current term before ElectionTick has
        # elapsed, it will become candidate and start an election.
        # ElectionTick must be greater than HeartbeatTick.
        ElectionTick: 10

        # HeartbeatTick is the number of Node.Tick invocations that must
        # pass between heartbeats. That is, a leader sends heartbeat
        # messages to maintain its leadership every HeartbeatTick ticks.
        HeartbeatTick: 1

        # MaxInflightBlocks limits the max number of in-flight append messages
        # during optimistic replication phase.
        MaxInflightBlocks: 5

        # SnapshotIntervalSize defines number of bytes per which a snapshot is taken
        SnapshotIntervalSize: 20 MB

# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
    - *Org1
    - *Org2
    - *Org3

配置文件：

OrdererGenesis:
    Orderer:
        <<: *OrdererDefaults
        Organizations:
            - *Orderer
    Consortiums:
        GeneralConsortium:
            Organizations:
                - *Org1
                - *Org2
                - *Org3
ConsortiumChannel:
    Consortium: GeneralConsortium
    Application:
        <<: *ApplicationDefaults
        Organizations:
            - *Org1
            - *Org2
            - *Org3

Answer 1

正如评论中指出的，在我看来，您没有适当地配置您的订单者来使用您的渠道配置中引用的TLS证书。

在排序日志启动时，请查看它们。您很可能会看到一条警告消息，如：

Could not find 
<pem encoded cert block>
among
<repeated PEM encoded cert blocks>

表示尚未为本地订购过程正确配置TLS，使其与您的原始数据块匹配。