Hyperledger 结构第一个网络不使用 kafka 并使用 TLS [英] Hyperledger fabric first network not working with kafka and using TLS
问题描述
我尝试运行第一个网络示例 构建您的第一个网络来自官方文档.我需要使用 kafka orderer 类型运行此示例.对于这种情况,我编辑了 configtx.yaml 文件(将 OrdererType 更改为 kafka 并添加了 Brokers)
<预><代码>...# Orderer Type:要启动的orderer实现# 可用类型有solo"和kafka"订购者类型:kafka...卡夫卡:# Brokers:排序节点连接的 Kafka 代理列表# 注意:使用 IP:port 表示法经纪人:- 卡夫卡:9093...并在 base/docker-compose-base.yaml 中添加了 kafka 和 zookeeper 容器
<代码>....动物园管理员:图片:超级账本/fabric-zookeeper容器名称:动物园管理员端口:- 2181:2181网络:- byfn卡夫卡:图片:超级账本/fabric-kafka容器名称:kafka环境:- KAFKA_ADVERTISED_HOST_NAME=kafka- KAFKA_ZOOKEEPER_CONNECT=动物园管理员:2181- KAFKA_SSL_KEYSTORE_LOCATION=/var/private/ssl/kafka.server.keystore.jks- KAFKA_SSL_KEYSTORE_PASSWORD=test1234- KAFKA_SSL_KEY_PASSWORD=test1234- KAFKA_SSL_TRUSTSTORE_LOCATION=/var/private/ssl/kafka.server.truststore.jks- KAFKA_SSL_TRUSTSTORE_PASSWORD=test1234- KAFKA_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093- KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093- KAFKA_MESSAGE_MAX_BYTES=103809024- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false卷:- ./sample/server.keystore.jks:/var/private/ssl/kafka.server.keystore.jks- ./sample/server.truststore.jks:/var/private/ssl/kafka.server.truststore.jks端口:- 9093:9093- 9092:9092网络:- byfn
我还为 kafka 客户端和服务器生成了加密数据.
keytool -keystore server.keystore.jks -alias kafka -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=kafka" -keypass test1234keytool -keystore client.keystore.jks -alias orderer -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=orderer" -keypass test1234openssl req -new -x509 -keyout ca-key.pem -out ca-cert.pem -days 365 -subj "/CN=FAB5226" -nodeskeytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -nopromptkeytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -nopromptkeytool -keystore server.keystore.jks -alias kafka -certreq -file server-cert-signing-request.pem -storepass test1234openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in server-cert-signing-request.pem -out server-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -nopromptkeytool -keystore server.keystore.jks -alias kafka -import -file server-cert-signed.pem -storepass test1234 -nopromptkeytool -keystore client.keystore.jks -alias orderer -certreq -file client-cert-signing-request.pem -storepass test1234openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in client-cert-signing-request.pem -out client-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234keytool -importkeystore -srckeystore client.keystore.jks -destkeystore client.keystore.p12 -deststoretype PKCS12 -storepass test1234 -srcstorepass test1234openssl pkcs12 -in client.keystore.p12 -nodes -nocerts -out client-key.pem -passin pass:test1234
并在 base/docker-compose-base.yaml 中更改 orderer 容器配置
orderer.example.com:容器名称:orderer.example.com图片:hyperledger/fabric-orderer环境:- ORDERER_GENERAL_LOGLEVEL=调试- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_GENESISMETHOD=文件- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererMSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp# 启用 TLS- ORDERER_KAFKA_TLS_ENABLED=true- ORDERER_KAFKA_TLS_PRIVATEKEY_FILE=/var/private/ssl/client-key.pem- ORDERER_KAFKA_TLS_CERTIFICATE_FILE=/var/private/ssl/client-cert-signed.pem- ORDERER_KAFKA_TLS_ROOTCAS_FILE=/var/private/ssl/ca-cert.pem- ORDERER_KAFKA_VERBOSE=true- ORDERER_KAFKA_SERVER=kafka- ORDERER_KAFKA_BROKERS=[kafka:9093]- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]工作目录:/opt/gopath/src/github.com/hyperledger/fabric命令:订购者卷:- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls- ../sample/ca-cert.pem:/var/private/ssl/ca-cert.pem- ../sample/client-cert-signed.pem:/var/private/ssl/client-cert-signed.pem- ../sample/client-key.pem:/var/private/ssl/client-key.pem端口:- 7050:7050
然后我尝试使用以下命令运行示例
./byfn.sh -m up -s couchdb -a
并在脚本尝试创建新频道时收到错误消息
<块引用>错误:获得意外状态:SERVICE_UNAVAILABLE -- 无法入队
请帮助我修复此错误.
我解决了问题.在 cli 容器中运行 script.sh 之前添加了 sleep 30.文件 docker-compose-cli.yaml
command:/bin/bash -c 'sleep 30;./scripts/script.sh ${CHANNEL_NAME} ${DELAY} ${LANG};睡眠 $TIMEOUT'
I try to run First network sample Building Your First Network from official docs. I need to run this sample with kafka orderer type. For this case I edit configtx.yaml file (changed OrdererType to kafka and added Brokers)
...
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: kafka
...
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- kafka:9093
...
And added kafka and zookeeper containers to base/docker-compose-base.yaml
....
zookeeper:
image: hyperledger/fabric-zookeeper
container_name: zookeeper
ports:
- 2181:2181
networks:
- byfn
kafka:
image: hyperledger/fabric-kafka
container_name: kafka
environment:
- KAFKA_ADVERTISED_HOST_NAME=kafka
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- KAFKA_SSL_KEYSTORE_LOCATION=/var/private/ssl/kafka.server.keystore.jks
- KAFKA_SSL_KEYSTORE_PASSWORD=test1234
- KAFKA_SSL_KEY_PASSWORD=test1234
- KAFKA_SSL_TRUSTSTORE_LOCATION=/var/private/ssl/kafka.server.truststore.jks
- KAFKA_SSL_TRUSTSTORE_PASSWORD=test1234
- KAFKA_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
- KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
volumes:
- ./sample/server.keystore.jks:/var/private/ssl/kafka.server.keystore.jks
- ./sample/server.truststore.jks:/var/private/ssl/kafka.server.truststore.jks
ports:
- 9093:9093
- 9092:9092
networks:
- byfn
And I also generated crypto data for kafka client and server.
keytool -keystore server.keystore.jks -alias kafka -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=kafka" -keypass test1234
keytool -keystore client.keystore.jks -alias orderer -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=orderer" -keypass test1234
openssl req -new -x509 -keyout ca-key.pem -out ca-cert.pem -days 365 -subj "/CN=FAB5226" -nodes
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -certreq -file server-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in server-cert-signing-request.pem -out server-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -import -file server-cert-signed.pem -storepass test1234 -noprompt
keytool -keystore client.keystore.jks -alias orderer -certreq -file client-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in client-cert-signing-request.pem -out client-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -importkeystore -srckeystore client.keystore.jks -destkeystore client.keystore.p12 -deststoretype PKCS12 -storepass test1234 -srcstorepass test1234
openssl pkcs12 -in client.keystore.p12 -nodes -nocerts -out client-key.pem -passin pass:test1234
And changed orderer container config in base/docker-compose-base.yaml
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_KAFKA_TLS_ENABLED=true
- ORDERER_KAFKA_TLS_PRIVATEKEY_FILE=/var/private/ssl/client-key.pem
- ORDERER_KAFKA_TLS_CERTIFICATE_FILE=/var/private/ssl/client-cert-signed.pem
- ORDERER_KAFKA_TLS_ROOTCAS_FILE=/var/private/ssl/ca-cert.pem
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_KAFKA_SERVER=kafka
- ORDERER_KAFKA_BROKERS=[kafka:9093]
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- ../sample/ca-cert.pem:/var/private/ssl/ca-cert.pem
- ../sample/client-cert-signed.pem:/var/private/ssl/client-cert-signed.pem
- ../sample/client-key.pem:/var/private/ssl/client-key.pem
ports:
- 7050:7050
Then I try to run the sample with following command
./byfn.sh -m up -s couchdb -a
And get error message when script try to create new channel
Error: got unexpected status: SERVICE_UNAVAILABLE -- cannot enqueue
Error message when the script try to create new channel
Please help my to fix this error.
I fixed problem. Added sleep 30 before running script.sh in cli container. File docker-compose-cli.yaml
command: /bin/bash -c 'sleep 30; ./scripts/script.sh ${CHANNEL_NAME} ${DELAY} ${LANG}; sleep $TIMEOUT'
这篇关于Hyperledger 结构第一个网络不使用 kafka 并使用 TLS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!