Hyperledger Fabric First网络无法与Kafka一起使用并使用TLS [英] Hyperledger fabric first network not working with kafka and using TLS
本文介绍了Hyperledger Fabric First网络无法与Kafka一起使用并使用TLS的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试运行第一个网络示例建立第一个网络来自官方文档.我需要使用kafka订购程序类型运行此示例. 对于这种情况,我编辑configtx.yaml文件(将OrdererType更改为kafka并添加了Brokers)
I try to run First network sample Building Your First Network from official docs. I need to run this sample with kafka orderer type. For this case I edit configtx.yaml file (changed OrdererType to kafka and added Brokers)
...
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: kafka
...
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- kafka:9093
...
并将kafka和zookeeper容器添加到base/docker-compose-base.yaml
And added kafka and zookeeper containers to base/docker-compose-base.yaml
....
zookeeper:
image: hyperledger/fabric-zookeeper
container_name: zookeeper
ports:
- 2181:2181
networks:
- byfn
kafka:
image: hyperledger/fabric-kafka
container_name: kafka
environment:
- KAFKA_ADVERTISED_HOST_NAME=kafka
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- KAFKA_SSL_KEYSTORE_LOCATION=/var/private/ssl/kafka.server.keystore.jks
- KAFKA_SSL_KEYSTORE_PASSWORD=test1234
- KAFKA_SSL_KEY_PASSWORD=test1234
- KAFKA_SSL_TRUSTSTORE_LOCATION=/var/private/ssl/kafka.server.truststore.jks
- KAFKA_SSL_TRUSTSTORE_PASSWORD=test1234
- KAFKA_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
- KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
volumes:
- ./sample/server.keystore.jks:/var/private/ssl/kafka.server.keystore.jks
- ./sample/server.truststore.jks:/var/private/ssl/kafka.server.truststore.jks
ports:
- 9093:9093
- 9092:9092
networks:
- byfn
我还为kafka客户端和服务器生成了加密数据.
And I also generated crypto data for kafka client and server.
keytool -keystore server.keystore.jks -alias kafka -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=kafka" -keypass test1234
keytool -keystore client.keystore.jks -alias orderer -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=orderer" -keypass test1234
openssl req -new -x509 -keyout ca-key.pem -out ca-cert.pem -days 365 -subj "/CN=FAB5226" -nodes
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -certreq -file server-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in server-cert-signing-request.pem -out server-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -import -file server-cert-signed.pem -storepass test1234 -noprompt
keytool -keystore client.keystore.jks -alias orderer -certreq -file client-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in client-cert-signing-request.pem -out client-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -importkeystore -srckeystore client.keystore.jks -destkeystore client.keystore.p12 -deststoretype PKCS12 -storepass test1234 -srcstorepass test1234
openssl pkcs12 -in client.keystore.p12 -nodes -nocerts -out client-key.pem -passin pass:test1234
并更改了base/docker-compose-base.yaml中的订购者容器配置
And changed orderer container config in base/docker-compose-base.yaml
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_KAFKA_TLS_ENABLED=true
- ORDERER_KAFKA_TLS_PRIVATEKEY_FILE=/var/private/ssl/client-key.pem
- ORDERER_KAFKA_TLS_CERTIFICATE_FILE=/var/private/ssl/client-cert-signed.pem
- ORDERER_KAFKA_TLS_ROOTCAS_FILE=/var/private/ssl/ca-cert.pem
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_KAFKA_SERVER=kafka
- ORDERER_KAFKA_BROKERS=[kafka:9093]
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- ../sample/ca-cert.pem:/var/private/ssl/ca-cert.pem
- ../sample/client-cert-signed.pem:/var/private/ssl/client-cert-signed.pem
- ../sample/client-key.pem:/var/private/ssl/client-key.pem
ports:
- 7050:7050
然后我尝试使用以下命令运行示例
Then I try to run the sample with following command
./byfn.sh -m up -s couchdb -a
并在脚本尝试创建新频道时收到错误消息
And get error message when script try to create new channel
错误:状态发生意外:SERVICE_UNAVAILABLE-无法入队
Error: got unexpected status: SERVICE_UNAVAILABLE -- cannot enqueue
请帮助我解决此错误.
推荐答案
我已解决问题.在cli容器中运行script.sh之前添加了sleep 30. 文件docker-compose-cli.yaml
I fixed problem. Added sleep 30 before running script.sh in cli container. File docker-compose-cli.yaml
command: /bin/bash -c 'sleep 30; ./scripts/script.sh ${CHANNEL_NAME} ${DELAY} ${LANG}; sleep $TIMEOUT'
这篇关于Hyperledger Fabric First网络无法与Kafka一起使用并使用TLS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
