麻煩開始DGraph組件與TLS

我試圖啓動一個DGraph組件服務器啓用TLS，我的服務器配置文件定義如下：當我開始dgraphzero和DGraph組件麻煩開始DGraph組件與TLS

# Folder in which to store exports. 
export: export 

# Fraction of dirty posting lists to commit every few seconds. 
gentlecommit: 0.33 

# RAFT ID that this server will use to join RAFT groups. 
idx: 1 

# Port to run server on. (default 8080) 
port: 8080 

# GRPC port to run server on. (default 9080) 
grpc_port: 9080 

# Port used by worker for internal communication. 
workerport: 12345 

# Estimated memory the process can take. Actual usage would be slightly more 
memory_mb: 4096 

# The ratio of queries to trace. 
trace: 0.33 

# Directory to store posting lists. 
p: p 

# Directory to store raft write-ahead logs. 
w: w 

# Debug mode for testing. 
debugmode: true 

# Address of dgraphzero 
peer: localhost:8888 

# Use TLS connections with clients. 
tls.on: true 

# CA Certs file path. 
#tls.ca_certs: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem 

# Include System CA into CA Certs. 
tls.use_system_ca: true 

# Certificate file path. 
tls.cert: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem 

# Certificate key file path. 
tls.cert_key: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key 

# Certificate key passphrase. 
#tls.cert_key_passphrase string 

# Enable TLS client authentication 
#tls.client_auth string 

# TLS max version. (default "TLS12") 
#tls.max_version string 

# TLS min version. (default "TLS11") 
#tls.min_version string

，如果配置TLS 。對等於true，則此輸出顯示：

Setting up listener at: localhost:8888 
Setting up listener at: localhost:8889 
2017/10/19 16:09:36 main.go:163: Loading configuration from file: development.conf 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["export" = export] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["grpc_port" = 9080] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["workerport" = 12345] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["p" = p] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.ca_certs" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["memory_mb" = 4096] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["peer" = localhost:8888] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["gentlecommit" = 0.33] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["idx" = 1] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["port" = 8080] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["trace" = 0.33] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.on" = true] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["w" = w] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["debugmode" = true] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.use_system_ca" = true] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert_key" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key] 

Dgraph version : v0.8.3 
Commit SHA-1  : 40175d0 
Commit timestamp : 2017-10-18 15:55:02 +1100 
Branch   : HEAD 

2017/10/19 16:09:36 node.go:234: Found hardstate: {Term:2 Vote:1 Commit:4 XXX_unrecognized:[]} 
2017/10/19 16:09:36 node.go:246: Group 0 found 4 entries 
2017/10/19 16:09:36 raft.go:292: Restarting node for dgraphzero 
2017/10/19 16:09:36 raft.go:567: INFO: 1 became follower at term 2 
2017/10/19 16:09:36 raft.go:315: INFO: newRaft 1 [peers: [], term: 2, commit: 4, applied: 0, lastindex: 4, lastterm: 2] 
Running Dgraph zero... 
2017/10/19 16:09:36 open : no such file or directory

我無法找到是什麼原因造成的錯誤開放：沒有這樣的文件或目錄，任何人都經歷過這個？我正在使用MacOS 10.12.3（16D32）並使用命令curl https://get.dgraph.io安裝了dgraph版本v0.8.3 -sSf | bash

在此先感謝。

來源

2017-10-19 Paulo Ferreira

我認爲這是一個錯誤（更新：它實際上被確認爲一個錯誤，並且是fixed）。我試過在Ubuntu上運行它，並且我有與tls.on相同的錯誤。

接下來我找到了tls here的半手動測試套件。運行它確認錯誤，測試需要小調整（添加--memory_mb 2048），但在此之後，重現相同的故障。

要確認它，我還下載了DGraph組件來源，並檢查這是怎麼回事delve debugger下：

1）配置文件是parsed and parameters are saved into global vars

2）TLS相關參數are used to create the tlsCfg - 在這裏，我們已經可以看到問題：並非所有參數都通過了，例如，tlsKey和tlsKeyPath缺失

3）如果我們深入瞭解tls_helper.go，在TLS實際配置的位置，我們可以發現參數從配置ERS是 passed into the parseCertificate method

4）這裏我們使用config.Key和config.KeyPassphrase，但都是空的

182: func GenerateTLSConfig(config TLSHelperConfig) (tlsCfg *tls.Config, reloadConfig func(), err error) { 
    183:   wrapper := new(wrapperTLSConfig) 
    184:   tlsCfg = new(tls.Config) 
    185:   wrapper.config = tlsCfg 
    186: 
=> 187:   cert, err := parseCertificate(config.CertRequired, config.Cert, config.Key, config.KeyPassphrase) 
    188:   if err != nil { 
    189:     return nil, nil, err 
    190:   } 
    191: 
    192:   if cert != nil { 
(dlv) p config.CertRequired 
true 
(dlv) p config.Cert 
"/home/seb/web/dgraph-test/test2.crt" 
(dlv) p config.Key 
"" 
(dlv) p config.KeyPassphrase

然後失敗parseCertificate裏面當它試圖讀取與證書密鑰的文件。

我在github上發佈了issue。

來源

2017-10-29 19:56:50

麻煩開始DGraph組件與TLS

回答

相關問題