无法使用TLS启动dgraph

时间:2017-10-19 18:19:36

标签: graph-databases tls1.2 tls1.1 dgraph

我尝试启用启用了TLS的dgraph服务器,我的服务器配置文件定义如下:

# Folder in which to store exports.
export: export

# Fraction of dirty posting lists to commit every few seconds.
gentlecommit: 0.33

# RAFT ID that this server will use to join RAFT groups.
idx: 1

# Port to run server on. (default 8080)
port: 8080

# GRPC port to run server on. (default 9080)
grpc_port: 9080

# Port used by worker for internal communication.
workerport: 12345

# Estimated memory the process can take. Actual usage would be slightly more
memory_mb: 4096

# The ratio of queries to trace.
trace: 0.33

# Directory to store posting lists.
p: p

# Directory to store raft write-ahead logs.
w: w

# Debug mode for testing.
debugmode: true

# Address of dgraphzero
peer: localhost:8888

# Use TLS connections with clients.
tls.on: true

# CA Certs file path.
#tls.ca_certs: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem

# Include System CA into CA Certs.
tls.use_system_ca: true

# Certificate file path.
tls.cert: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem

# Certificate key file path.
tls.cert_key: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key

# Certificate key passphrase.
#tls.cert_key_passphrase string

# Enable TLS client authentication
#tls.client_auth string

# TLS max version. (default "TLS12")
#tls.max_version string

# TLS min version. (default "TLS11")
#tls.min_version string

一旦启动dgraphzero和dgraph,如果配置tls.on等于true,则显示此输出:

Setting up listener at: localhost:8888
Setting up listener at: localhost:8889
2017/10/19 16:09:36 main.go:163: Loading configuration from file: development.conf
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["export" = export]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["grpc_port" = 9080]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["workerport" = 12345]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["p" = p]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.ca_certs" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["memory_mb" = 4096]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["peer" = localhost:8888]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["gentlecommit" = 0.33]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["idx" = 1]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["port" = 8080]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["trace" = 0.33]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.on" = true]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["w" = w]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["debugmode" = true]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.use_system_ca" = true]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert_key" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key]

Dgraph version   : v0.8.3
Commit SHA-1     : 40175d0
Commit timestamp : 2017-10-18 15:55:02 +1100
Branch           : HEAD

2017/10/19 16:09:36 node.go:234: Found hardstate: {Term:2 Vote:1 Commit:4 XXX_unrecognized:[]}
2017/10/19 16:09:36 node.go:246: Group 0 found 4 entries
2017/10/19 16:09:36 raft.go:292: Restarting node for dgraphzero
2017/10/19 16:09:36 raft.go:567: INFO: 1 became follower at term 2
2017/10/19 16:09:36 raft.go:315: INFO: newRaft 1 [peers: [], term: 2, commit: 4, applied: 0, lastindex: 4, lastterm: 2]
Running Dgraph zero...
2017/10/19 16:09:36 open : no such file or directory

我无法找到导致错误 打开的内容:没有这样的文件或目录 ,有谁经历过这个?我正在使用MacOS 10.12.3(16D32)并使用命令 curl https://get.dgraph.io -sSf |安装dgraph版本v0.8.3。 bash的

提前致谢。

1 个答案:

答案 0 :(得分:1)

我认为这是一个错误(更新:它实际上已被确认为错误并且是fixed)。 我试过在Ubuntu上运行它,我和tls.on有同样的错误。

接下来,我找到了tls here的半手动测试套件。 运行它确认了错误,测试需要进行小的调整(添加--memory_mb 2048),但之后再次出现同样的失败。

为了确认,我还下载了dgraph资源并检查了delve debugger下的情况:

1)配置文件为parsed and parameters are saved into global vars

2)与TLS相关的参数are used to create the tlsCfg    - 在这里我们已经可以看到问题:并非所有参数都已通过,例如,tlsKeytlsKeyPath缺失

3)如果我们深入研究TLS实际配置的tls_helper.go,我们可以发现配置中的参数是 passed into the parseCertificate method

4)我们在这里使用config.Keyconfig.KeyPassphrase,但它们是空的

   182: func GenerateTLSConfig(config TLSHelperConfig) (tlsCfg *tls.Config, reloadConfig func(), err error) {
   183:         wrapper := new(wrapperTLSConfig)
   184:         tlsCfg = new(tls.Config)
   185:         wrapper.config = tlsCfg
   186:
=> 187:         cert, err := parseCertificate(config.CertRequired, config.Cert, config.Key, config.KeyPassphrase)
   188:         if err != nil {
   189:                 return nil, nil, err
   190:         }
   191:
   192:         if cert != nil {
(dlv) p config.CertRequired
true
(dlv) p config.Cert
"/home/seb/web/dgraph-test/test2.crt"
(dlv) p config.Key
""
(dlv) p config.KeyPassphrase

然后当它尝试使用证书密钥读取文件时,它在parseCertificate内失败。

我在github上发布了issue

相关问题
最新问题