Scenario: I have two organisation with two peers in each organisation. Now, I want each organisation to provide an orderer node as well.
Below is my crypto-config.yaml file:
OrdererOrgs:
- Name: Orderer1
Domain: org1.xyz.com
Template:
Count: 1
- Name: Orderer2
Domain: org2.xyz.com
Template:
Count: 1
Below is my configtx.yaml file:
- &OrdererOrg1
Name: OrdererOrg01
ID: Orderer1MSP
MSPDir: crypto-config/ordererOrganizations/org1.xyz.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orderer1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Orderer1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Orderer1MSP.admin')"
- &OrdererOrg2
Name: OrdererOrg02
ID: Orderer2MSP
MSPDir: crypto-config/ordererOrganizations/org2.xyz.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orderer2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Orderer2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Orderer2MSP.admin')"
Below is my docker-compose-cli.yaml file:
services:
orderer.xyz.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.xyz.com
container_name: orderer.xyz.com
networks:
- byfn
orderer0.xyz.com:
extends:
file: base/docker-compose-base.yaml
service: orderer0.xyz.com
container_name: orderer0.xyz.com
networks:
- byfn
I try to create a channel with the following command:
peer channel create -o orderer.xyz.com:7050 -t 60s -c bay -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/org1.xyz.com/orderers/orderer0.org1.xyz.com/msp/tlscacerts/tlsca.org1.xyz.com-cert.pem
I get the following ERROR on Orderer container logs while creating a channel:
[core.comm] ServerHandshake -> ERRO 015 TLS handshake failed with error remote error: tls: bad certificate {"server": "Orderer", "remote address": "172.22.0.18:48594"}
So, is it possible that for organisations providing peers, provide an orderer node as well or a separate third organisation will be providing orderer nodes (as observed in tutorials)? And why am I getting this error?
Thanks for your time and let me know If you require any further information.
I'm finally able to find the actual reason behind this issue. The issue was with the service name of orderer containers in the docker-compose-cli.yaml file. Service name should be matched with the name specified in the crypto-config.yaml file following hostname.domain pattern.
So, I changed the orderer configurations in the docker-compose-cli.yaml file like below:
services:
orderer0.telco1.vodworks.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.vodworks.com
container_name: orderer.vodworks.com
networks:
- byfn
orderer0.telco2.vodworks.com:
extends:
file: base/docker-compose-base.yaml
service: orderer0.vodworks.com
container_name: orderer0.vodworks.com
networks:
- byfn
After this, I modified the peer channel commands in script.sh and utils.sh scripts by adding the correct name of orderers. After these couple of changes I was able to run my network successfully and verified this deployment by installing chaincodes as well.
Thanks to @arnaud-j-le-hors for the sample application which helped me out to figure out this issue.