Hyperledger 结构第一个网络不使用 kafka 并使用 TLS [英] Hyperledger fabric first network not working with kafka and using TLS

查看：23 发布时间：2021/11/12 2:21:33 apache-kafka hyperledger-fabric

本文介绍了Hyperledger 结构第一个网络不使用 kafka 并使用 TLS的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我尝试运行第一个网络示例构建您的第一个网络来自官方文档.我需要使用 kafka orderer 类型运行此示例.对于这种情况，我编辑了 configtx.yaml 文件(将 OrdererType 更改为 kafka 并添加了 Brokers)

<预><代码>...# Orderer Type:要启动的orderer实现# 可用类型有solo"和kafka"订购者类型:kafka...卡夫卡:# Brokers:排序节点连接的 Kafka 代理列表# 注意:使用 IP:port 表示法经纪人:- 卡夫卡:9093...

并在 base/docker-compose-base.yaml 中添加了 kafka 和 zookeeper 容器

<代码>....动物园管理员:图片:超级账本/fabric-zookeeper容器名称:动物园管理员端口:- 2181:2181网络:- byfn卡夫卡:图片:超级账本/fabric-kafka容器名称:kafka环境:- KAFKA_ADVERTISED_HOST_NAME=kafka- KAFKA_ZOOKEEPER_CONNECT=动物园管理员:2181- KAFKA_SSL_KEYSTORE_LOCATION=/var/private/ssl/kafka.server.keystore.jks- KAFKA_SSL_KEYSTORE_PASSWORD=test1234- KAFKA_SSL_KEY_PASSWORD=test1234- KAFKA_SSL_TRUSTSTORE_LOCATION=/var/private/ssl/kafka.server.truststore.jks- KAFKA_SSL_TRUSTSTORE_PASSWORD=test1234- KAFKA_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093- KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093- KAFKA_MESSAGE_MAX_BYTES=103809024- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false卷:- ./sample/server.keystore.jks:/var/private/ssl/kafka.server.keystore.jks- ./sample/server.truststore.jks:/var/private/ssl/kafka.server.truststore.jks端口:- 9093:9093- 9092:9092网络:- byfn

我还为 kafka 客户端和服务器生成了加密数据.

keytool -keystore server.keystore.jks -alias kafka -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=kafka" -keypass test1234keytool -keystore client.keystore.jks -alias orderer -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=orderer" -keypass test1234openssl req -new -x509 -keyout ca-key.pem -out ca-cert.pem -days 365 -subj "/CN=FAB5226" -nodeskeytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -nopromptkeytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -nopromptkeytool -keystore server.keystore.jks -alias kafka -certreq -file server-cert-signing-request.pem -storepass test1234openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in server-cert-signing-request.pem -out server-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -nopromptkeytool -keystore server.keystore.jks -alias kafka -import -file server-cert-signed.pem -storepass test1234 -nopromptkeytool -keystore client.keystore.jks -alias orderer -certreq -file client-cert-signing-request.pem -storepass test1234openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in client-cert-signing-request.pem -out client-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234keytool -importkeystore -srckeystore client.keystore.jks -destkeystore client.keystore.p12 -deststoretype PKCS12 -storepass test1234 -srcstorepass test1234openssl pkcs12 -in client.keystore.p12 -nodes -nocerts -out client-key.pem -passin pass:test1234

并在 base/docker-compose-base.yaml 中更改 orderer 容器配置

orderer.example.com:容器名称:orderer.example.com图片:hyperledger/fabric-orderer环境:- ORDERER_GENERAL_LOGLEVEL=调试- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_GENESISMETHOD=文件- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererMSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp# 启用 TLS- ORDERER_KAFKA_TLS_ENABLED=true- ORDERER_KAFKA_TLS_PRIVATEKEY_FILE=/var/private/ssl/client-key.pem- ORDERER_KAFKA_TLS_CERTIFICATE_FILE=/var/private/ssl/client-cert-signed.pem- ORDERER_KAFKA_TLS_ROOTCAS_FILE=/var/private/ssl/ca-cert.pem- ORDERER_KAFKA_VERBOSE=true- ORDERER_KAFKA_SERVER=kafka- ORDERER_KAFKA_BROKERS=[kafka:9093]- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]工作目录:/opt/gopath/src/github.com/hyperledger/fabric命令:订购者卷:- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls- ../sample/ca-cert.pem:/var/private/ssl/ca-cert.pem- ../sample/client-cert-signed.pem:/var/private/ssl/client-cert-signed.pem- ../sample/client-key.pem:/var/private/ssl/client-key.pem端口:- 7050:7050

然后我尝试使用以下命令运行示例

./byfn.sh -m up -s couchdb -a

并在脚本尝试创建新频道时收到错误消息

<块引用>

错误:获得意外状态:SERVICE_UNAVAILABLE -- 无法入队

脚本尝试创建新频道时的错误信息

请帮助我修复此错误.

解决方案

我解决了问题.在 cli 容器中运行 script.sh 之前添加了 sleep 30.文件 docker-compose-cli.yaml

command:/bin/bash -c 'sleep 30;./scripts/script.sh ${CHANNEL_NAME} ${DELAY} ${LANG};睡眠 $TIMEOUT'

I try to run First network sample Building Your First Network from official docs. I need to run this sample with kafka orderer type. For this case I edit configtx.yaml file (changed OrdererType to kafka and added Brokers)

...

# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: kafka

...

 Kafka:
    # Brokers: A list of Kafka brokers to which the orderer connects
    # NOTE: Use IP:port notation
    Brokers:
        - kafka:9093

...

And added kafka and zookeeper containers to base/docker-compose-base.yaml

....

zookeeper:
 image: hyperledger/fabric-zookeeper
 container_name: zookeeper
 ports:
  - 2181:2181
 networks:
  - byfn
kafka:
 image: hyperledger/fabric-kafka
 container_name: kafka
 environment:
  - KAFKA_ADVERTISED_HOST_NAME=kafka
  - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
  - KAFKA_SSL_KEYSTORE_LOCATION=/var/private/ssl/kafka.server.keystore.jks
  - KAFKA_SSL_KEYSTORE_PASSWORD=test1234
  - KAFKA_SSL_KEY_PASSWORD=test1234
  - KAFKA_SSL_TRUSTSTORE_LOCATION=/var/private/ssl/kafka.server.truststore.jks
  - KAFKA_SSL_TRUSTSTORE_PASSWORD=test1234
  - KAFKA_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
  - KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
  - KAFKA_MESSAGE_MAX_BYTES=103809024
  - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
  - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
 volumes:
  - ./sample/server.keystore.jks:/var/private/ssl/kafka.server.keystore.jks
  - ./sample/server.truststore.jks:/var/private/ssl/kafka.server.truststore.jks
 ports:
  - 9093:9093
  - 9092:9092
 networks:
  - byfn

And I also generated crypto data for kafka client and server.

keytool -keystore server.keystore.jks -alias kafka -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=kafka" -keypass test1234
keytool -keystore client.keystore.jks -alias orderer -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=orderer" -keypass test1234
openssl req -new -x509 -keyout ca-key.pem -out ca-cert.pem -days 365 -subj "/CN=FAB5226" -nodes
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -certreq -file server-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in server-cert-signing-request.pem -out server-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -import -file server-cert-signed.pem -storepass test1234 -noprompt
keytool -keystore client.keystore.jks -alias orderer -certreq -file client-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in client-cert-signing-request.pem -out client-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -importkeystore -srckeystore client.keystore.jks -destkeystore client.keystore.p12 -deststoretype PKCS12 -storepass test1234 -srcstorepass test1234
openssl pkcs12 -in client.keystore.p12 -nodes -nocerts -out client-key.pem -passin pass:test1234

And changed orderer container config in base/docker-compose-base.yaml

orderer.example.com:
 container_name: orderer.example.com
 image: hyperledger/fabric-orderer
 environment:
  - ORDERER_GENERAL_LOGLEVEL=debug
  - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
  - ORDERER_GENERAL_GENESISMETHOD=file
  - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
  - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
  - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
  # enabled TLS
  - ORDERER_KAFKA_TLS_ENABLED=true
  - ORDERER_KAFKA_TLS_PRIVATEKEY_FILE=/var/private/ssl/client-key.pem
  - ORDERER_KAFKA_TLS_CERTIFICATE_FILE=/var/private/ssl/client-cert-signed.pem
  - ORDERER_KAFKA_TLS_ROOTCAS_FILE=/var/private/ssl/ca-cert.pem
  - ORDERER_KAFKA_VERBOSE=true
  - ORDERER_KAFKA_SERVER=kafka
  - ORDERER_KAFKA_BROKERS=[kafka:9093]
  - ORDERER_GENERAL_TLS_ENABLED=true
  - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
  - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
  - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
 working_dir: /opt/gopath/src/github.com/hyperledger/fabric
 command: orderer
 volumes:
  - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
  - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
  - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
  - ../sample/ca-cert.pem:/var/private/ssl/ca-cert.pem
  - ../sample/client-cert-signed.pem:/var/private/ssl/client-cert-signed.pem
  - ../sample/client-key.pem:/var/private/ssl/client-key.pem
 ports:
  - 7050:7050

Then I try to run the sample with following command

./byfn.sh -m up -s couchdb -a

And get error message when script try to create new channel

Error: got unexpected status: SERVICE_UNAVAILABLE -- cannot enqueue

Error message when the script try to create new channel

Please help my to fix this error.

解决方案

I fixed problem. Added sleep 30 before running script.sh in cli container. File docker-compose-cli.yaml

command: /bin/bash -c 'sleep 30; ./scripts/script.sh ${CHANNEL_NAME} ${DELAY} ${LANG}; sleep $TIMEOUT'

这篇关于Hyperledger 结构第一个网络不使用 kafka 并使用 TLS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Hyperledger 结构第一个网络不使用 kafka 并使用 TLS [英] Hyperledger fabric first network not working with kafka and using TLS

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

Hyperledger 结构第一个网络不使用 kafka 并使用 TLS [英] Hyperledger fabric first network not working with kafka and using TLS

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭