2

我正在尝试启动启用了 TLS 的 dgraph 服务器,我的服务器配置文件定义如下:

# Folder in which to store exports.
export: export

# Fraction of dirty posting lists to commit every few seconds.
gentlecommit: 0.33

# RAFT ID that this server will use to join RAFT groups.
idx: 1

# Port to run server on. (default 8080)
port: 8080

# GRPC port to run server on. (default 9080)
grpc_port: 9080

# Port used by worker for internal communication.
workerport: 12345

# Estimated memory the process can take. Actual usage would be slightly more
memory_mb: 4096

# The ratio of queries to trace.
trace: 0.33

# Directory to store posting lists.
p: p

# Directory to store raft write-ahead logs.
w: w

# Debug mode for testing.
debugmode: true

# Address of dgraphzero
peer: localhost:8888

# Use TLS connections with clients.
tls.on: true

# CA Certs file path.
#tls.ca_certs: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem

# Include System CA into CA Certs.
tls.use_system_ca: true

# Certificate file path.
tls.cert: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem

# Certificate key file path.
tls.cert_key: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key

# Certificate key passphrase.
#tls.cert_key_passphrase string

# Enable TLS client authentication
#tls.client_auth string

# TLS max version. (default "TLS12")
#tls.max_version string

# TLS min version. (default "TLS11")
#tls.min_version string

一旦我启动 dgraphzero 和 dgraph,如果配置 tls.on 等于 true,则会显示以下输出:

Setting up listener at: localhost:8888
Setting up listener at: localhost:8889
2017/10/19 16:09:36 main.go:163: Loading configuration from file: development.conf
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["export" = export]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["grpc_port" = 9080]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["workerport" = 12345]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["p" = p]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.ca_certs" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["memory_mb" = 4096]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["peer" = localhost:8888]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["gentlecommit" = 0.33]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["idx" = 1]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["port" = 8080]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["trace" = 0.33]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.on" = true]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["w" = w]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["debugmode" = true]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.use_system_ca" = true]
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert_key" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key]

Dgraph version   : v0.8.3
Commit SHA-1     : 40175d0
Commit timestamp : 2017-10-18 15:55:02 +1100
Branch           : HEAD

2017/10/19 16:09:36 node.go:234: Found hardstate: {Term:2 Vote:1 Commit:4 XXX_unrecognized:[]}
2017/10/19 16:09:36 node.go:246: Group 0 found 4 entries
2017/10/19 16:09:36 raft.go:292: Restarting node for dgraphzero
2017/10/19 16:09:36 raft.go:567: INFO: 1 became follower at term 2
2017/10/19 16:09:36 raft.go:315: INFO: newRaft 1 [peers: [], term: 2, commit: 4, applied: 0, lastindex: 4, lastterm: 2]
Running Dgraph zero...
2017/10/19 16:09:36 open : no such file or directory

我找不到导致错误打开的原因:没有这样的文件或目录,有人遇到过吗?我正在使用 MacOS 10.12.3 (16D32) 并使用命令curl https://get.dgraph.io -sSf |安装了 dgraph 版本 v0.8.3。重击

提前致谢。

4

1 回答 1

1

我认为这是一个错误(更新:它实际上已被确认为错误并已修复)。我试过在 Ubuntu 上运行它,但我遇到了同样的错误tls.on

接下来我在这里找到了 tls 的半手动测试套件。运行它确认了错误,测试需要进行小调整(添加--memory_mb 2048),但之后再次出现相同的故障。

为了确认这一点,我还下载了 dgraph 源并检查了delve 调试器下发生了什么:

1)解析配置文件并将参数保存到全局变量中

2) TLS相关参数用于创建tlsCfg - 这里我们已经可以看到问题:并非所有参数都被传递,例如,tlsKey并且tlsKeyPath丢失

3)如果我们更深入,进入 tls_helper.go,TLS 实际配置的地方,我们可以发现 config 中的参数被 传递到parseCertificate方法中

4) 这里我们使用config.Keyand config.KeyPassphrase,但它们是空的

   182: func GenerateTLSConfig(config TLSHelperConfig) (tlsCfg *tls.Config, reloadConfig func(), err error) {
   183:         wrapper := new(wrapperTLSConfig)
   184:         tlsCfg = new(tls.Config)
   185:         wrapper.config = tlsCfg
   186:
=> 187:         cert, err := parseCertificate(config.CertRequired, config.Cert, config.Key, config.KeyPassphrase)
   188:         if err != nil {
   189:                 return nil, nil, err
   190:         }
   191:
   192:         if cert != nil {
(dlv) p config.CertRequired
true
(dlv) p config.Cert
"/home/seb/web/dgraph-test/test2.crt"
(dlv) p config.Key
""
(dlv) p config.KeyPassphrase

然后它在parseCertificate尝试使用证书密钥读取文件时失败。

我在github上发布了这个问题。

于 2017-10-29T19:56:50.833 回答