Hyperledger结构第一个网络不能由kafka工作并使用TLS

时间:2018-02-19 07:56:59

标签: apache-kafka hyperledger-fabric

我尝试使用kafka orderer类型从官方文档运行method set(v1.1.0-preview)。我完全按照这篇文章中的内容完成了更改:First network sample通过以下步骤:

1.更新configtx.yaml以添加kafka经纪人(kafka:9003)

...

# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: kafka

...

 Kafka:
    # Brokers: A list of Kafka brokers to which the orderer connects
    # NOTE: Use IP:port notation
    Brokers:
        - kafka:9093

...

2.更新base / docker-compose-base.yaml以添加zookeepr&卡夫卡

....
  zookeeper:
    image: hyperledger/fabric-zookeeper
    container_name: zookeeper
    ports:
      - 2181:2181
    networks:
      - byfn

  kafka:
    image: hyperledger/fabric-kafka
    container_name: kafka
    environment:
      - KAFKA_ADVERTISED_HOST_NAME=kafka
      - KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
      - KAFKA_SSL_KEYSTORE_LOCATION=/var/private/ssl/kafka.server.keystore.jks
      - KAFKA_SSL_KEYSTORE_PASSWORD=test1234
      - KAFKA_SSL_KEY_PASSWORD=test1234
      - KAFKA_SSL_TRUSTSTORE_LOCATION=/var/private/ssl/kafka.server.truststore.jks
      - KAFKA_SSL_TRUSTSTORE_PASSWORD=test1234
      - KAFKA_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
      - KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://kafka:9092,SSL://kafka:9093
      - KAFKA_MESSAGE_MAX_BYTES=103809024
      - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
      - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
    volumes:
      - ./kafka/server.keystore.jks:/var/private/ssl/kafka.server.keystore.jks
      - ./kafka/server.truststore.jks:/var/private/ssl/kafka.server.truststore.jks
    ports:
      - 9093:9093
      - 9092:9092
    networks:
      - byfn

3. kafka客户端和服务器的生成加密数据

keytool -keystore server.keystore.jks -alias kafka -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=kafka" -keypass test1234
keytool -keystore client.keystore.jks -alias orderer -validity 365 -genkey -keyalg RSA -keysize 2048 -storepass test1234 -dname "cn=orderer" -keypass test1234
openssl req -new -x509 -keyout ca-key.pem -out ca-cert.pem -days 365 -subj "/CN=FAB5226" -nodes
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -certreq -file server-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in server-cert-signing-request.pem -out server-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert.pem -storepass test1234 -noprompt
keytool -keystore server.keystore.jks -alias kafka -import -file server-cert-signed.pem -storepass test1234 -noprompt
keytool -keystore client.keystore.jks -alias orderer -certreq -file client-cert-signing-request.pem -storepass test1234
openssl x509 -req -CA ca-cert.pem -CAkey ca-key.pem -in client-cert-signing-request.pem -out client-cert-signed.pem -days 365 -CAcreateserial -passin pass:test1234
keytool -importkeystore -srckeystore client.keystore.jks -destkeystore client.keystore.p12 -deststoretype PKCS12 -storepass test1234 -srcstorepass test1234
openssl pkcs12 -in client.keystore.p12 -nodes -nocerts -out client-key.pem -passin pass:test1234

4.在base / docker-compose-base.yaml中更改orderer容器配置

services:

  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer
    environment:
      - ORDERER_GENERAL_LOGLEVEL=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_KAFKA_TLS_ENABLED=true
      - ORDERER_KAFKA_TLS_PRIVATEKEY_FILE=/var/private/ssl/client-key.pem
      - ORDERER_KAFKA_TLS_CERTIFICATE_FILE=/var/private/ssl/client-cert-signed.pem
      - ORDERER_KAFKA_TLS_ROOTCAS_FILE=/var/private/ssl/ca-cert.pem
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_KAFKA_SERVER=kafka
      - ORDERER_KAFKA_BROKERS=[kafka:9093]      
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
    - ../kafka/ca-cert.pem:/var/private/ssl/ca-cert.pem
    - ../kafka/client-cert-signed.pem:/var/private/ssl/client-cert-signed.pem
    - ../kafka/client-key.pem:/var/private/ssl/client-key.pem    
    ports:
      - 7050:7050

然后我尝试使用以下命令(使用CLI)运行示例

./byfn.sh -m up

我得到了例外: Hyperledger fabric first network not working with kafka and using TLS

我搜索了我的日志,发现了一些有趣的东西:

orderer.example.com       | [sarama] 2018/02/19 07:43:03.999153 client.go:601: client/metadata fetching metadata for all topics from broker kafka:9093
orderer.example.com       | 2018-02-19 07:43:03.998 UTC [orderer/kafka] try -> DEBU 0f8 [channel: testchainid] Connecting to the Kafka cluster
orderer.example.com       | [sarama] 2018/02/19 07:43:04.000561 broker.go:96: Failed to connect to broker kafka:9093: dial tcp: lookup kafka on 127.0.0.11:53: no such host
orderer.example.com       | [sarama] 2018/02/19 07:43:04.000589 client.go:620: client/metadata got error from broker while fetching metadata: dial tcp: lookup kafka on 127.0.0.11:53: no such host

不确定如何解决? 非常感谢!

0 个答案:

没有答案