Как правильно установить Fabric-CA с базой данных PostgreSQL-11 в Ubuntu 18.04.02 Server Edition? - PullRequest
Новая
       57

Как правильно установить Fabric-CA с базой данных PostgreSQL-11 в Ubuntu 18.04.02 Server Edition?

1 голос
/ 25 сентября 2019

Следуя указаниям здесь: https://hyperledger -fabric-ca.readthedocs.io / en / release-1.4 / users-guide.html # configuring-the-database Я пытаюсь понять, какправильно установить Fabric-CA с базой данных PostgreSQL-11 в Ubuntu 18.04.02 Server Edition.

Я создал базу данных postgresql-11, к которой я могу подключиться с помощью SSL: 

(base) marco@pc:~$ psql --cluster 11/fabmnet -h 127.0.0.1 -d fabmnetdb -U fabmnet_admin
Password for user fabmnet_admin:
psql (11.5 (Ubuntu 11.5-1.pgdg18.04+1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

fabmnetdb=> \l
                                List of databases
   Name    |     Owner     | Encoding | Collate |  Ctype  |   Access privileges  
-----------+---------------+----------+---------+---------+-----------------------
 fabmnetdb | fabmnet_admin | UTF8     | C.UTF-8 | C.UTF-8 |
 postgres  | postgres      | UTF8     | C.UTF-8 | C.UTF-8 |
 template0 | postgres      | UTF8     | C.UTF-8 | C.UTF-8 | =c/postgres          +
           |               |          |         |         | postgres=CTc/postgres
 template1 | postgres      | UTF8     | C.UTF-8 | C.UTF-8 | =c/postgres          +
           |               |          |         |         | postgres=CTc/postgres
(4 rows)

fabmnetdb=>

но при попытке запустить Fabric-CA-сервер: 

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b admin:adminpw
2019/09/23 11:54:20 [INFO] Configuration file location: /home/marco/fabric/fabric-ca/fabric-ca-  
server-config.yaml
2019/09/23 11:54:20 [INFO] Starting server in home directory: /home/marco/fabric/fabric-ca
2019/09/23 11:54:20 [INFO] Server Version: 1.4.4
2019/09/23 11:54:20 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1
 RAInfo:1 Nonce:1}
2019/09/23 11:54:20 [INFO] The CA key and certificate already exist
2019/09/23 11:54:20 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/23 11:54:20 [INFO] The certificate is at: /home/marco/fabric/fabric-ca/ca-cert.pem
2019/09/23 11:54:20 [WARNING] Failed to connect to database 'fabmnetdb'
2019/09/23 11:54:20 [WARNING] Failed to connect to database 'postgres'
2019/09/23 11:54:20 [WARNING] Failed to connect to database 'template1'
2019/09/23 11:54:20 [ERROR] Error occurred initializing database: Failed to connect to Postgres
database. Postgres requires connecting to a specific database, the following databases were 
tried: [fabmnetdb postgres template1]. Please create one of these database before continuing
2019/09/23 11:54:20 [INFO] Home directory for default CA: /home/marco/fabric/fabric-ca
2019/09/23 11:54:20 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/23 11:54:20 [INFO] Listening on http://0.0.0.0:7054

Вот как я устанавливаю файл pg_hba.conf в кластере fabmnet postgresql: 

(base) marco@pc:~$ sudo -su postgres
(base) postgres@pc:~$ nano /etc/postgresql/11/fabmnet/pg_hba.conf
Unable to create directory /home/marco/.local/share/nano/: Permission denied
It is required for saving/loading search history or cursor positions.

Press Enter to continue

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5

# Allow connections from 10.1.2.0/24 subnet only to fabric_ca_db for fabric_ca_user
hostssl fabmnetdb    fabmnet_admin      10.1.2.0/24             cert

# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local   replication     all                                     peer
host    replication     all             127.0.0.1/32            md5
host    replication     all             ::1/128                 md5

And this is the db's configuration in (base) marco@pc:~$ nano ./fabric/fabric-ca/fabric-ca-
server-config.yaml :

db:
  type: postgres
  datasource: host=localhost port=5433 user=fabmnet_admin password=pwd dbname=fabmnetdb    
sslmode=verify-full

--- Обновление01 ---:

Попытка снова запустить fabric-ca-server: 

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b 
admin:adminpw
2019/09/25 20:56:57 [INFO] Configuration file location: /home/marco/fabric
/fabric-ca/fabric-ca-server-config.yaml
2019/09/25 20:56:57 [INFO] Starting server in home directory: /home/marco
/fabric/fabric-ca
2019/09/25 20:56:57 [INFO] Server Version: 1.4.4
2019/09/25 20:56:57 [INFO] Server Levels: &{Identity:2 Affiliation:1 
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/25 20:56:57 [INFO] The CA key and certificate already exist
2019/09/25 20:56:57 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/25 20:56:57 [INFO] The certificate is at: /home/marco/fabric
/fabric-ca/ca-cert.pem
2019/09/25 20:56:57 [WARNING] Failed to connect to database 'fabmnetdb'
2019/09/25 20:56:57 [WARNING] Failed to connect to database 'postgres'
2019/09/25 20:56:57 [WARNING] Failed to connect to database 'template1'
2019/09/25 20:56:57 [ERROR] Error occurred initializing database: Failed 
to connect to Postgres database. Postgres requires connecting to a 
specific database, the following databases were tried: [fabmnetdb postgres
 template1]. Please create one of these database before continuing
2019/09/25 20:56:57 [INFO] Home directory for default CA: /home/marco
/fabric/fabric-ca
2019/09/25 20:56:57 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/25 20:56:57 [INFO] Listening on http://0.0.0.0:7054

Это соответствующая часть в /var/log/postgresql/postgresql-11-fabmnet.log: 

2019-09-25 20:51:52.655 CEST [1096] LOG:  listening on IPv6 address "::1",
port 5433
2019-09-25 20:51:52.673 CEST [1096] LOG:  listening on IPv4 address 
"127.0.0.1", port 5433
2019-09-25 20:51:52.701 CEST [1096] LOG:  listening on Unix socket 
"/var/run/postgresql/.s.PGSQL.5433"
2019-09-25 20:51:52.912 CEST [1171] LOG:  database system was interrupted;
 last known up at 2019-09-25 09:50:30 CEST
2019-09-25 20:51:53.001 CEST [1171] LOG:  database system was not properly
 shut down; automatic recovery in progress
2019-09-25 20:51:53.011 CEST [1171] LOG:  redo starts at 0/1668238
2019-09-25 20:51:53.011 CEST [1171] LOG:  invalid record length at 
0/1668318: wanted 24, got 0
2019-09-25 20:51:53.011 CEST [1171] LOG:  redo done at 0/16682E0
2019-09-25 20:51:53.043 CEST [1096] LOG:  database system is ready to 
accept connections
2019-09-25 20:51:53.569 CEST [1206] [unknown]@[unknown] LOG:  incomplete 
startup packet
2019-09-25 20:56:57.540 CEST [4620] [unknown]@[unknown] LOG:  could not 
accept SSL connection: sslv3 alert bad certificate
2019-09-25 20:56:57.543 CEST [4622] [unknown]@[unknown] LOG:  could not
accept SSL connection: sslv3 alert bad certificate
2019-09-25 20:56:57.544 CEST [4623] [unknown]@[unknown] LOG:  could not 
accept SSL connection: sslv3 alert bad certificate

--- Обновление 02 ---

После удаления предыдущих файлов сертификатов и ключей я снова запустил сервер Fabric-CA, обнаружив, что были созданы новые файлы сертификатов и ключей.: 

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b 
admin:adminpw
2019/09/26 11:56:18 [INFO] Configuration file location: /home/marco
/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 11:56:18 [INFO] Starting server in home directory: 
/home/marco/fabric/fabric-ca
2019/09/26 11:56:18 [INFO] Server Version: 1.4.4
2019/09/26 11:56:18 [INFO] Server Levels: &{Identity:2 Affiliation:1 
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 11:56:18 [WARNING] &{69 The specified CA certificate file 
/home/marco/fabric/fabric-ca/ca-cert.pem does not exist}
2019/09/26 11:56:18 [INFO] generating key: &{A:ecdsa S:256}
2019/09/26 11:56:18 [INFO] encoded CSR
2019/09/26 11:56:18 [INFO] signed certificate with serial number 
542755587310273579559145444277178107021548224556
2019/09/26 11:56:18 [INFO] The CA key and certificate were generated for
CA 
2019/09/26 11:56:18 [INFO] The key was stored by BCCSP provider 'SW'
2019/09/26 11:56:18 [INFO] The certificate is at: /home/marco/fabric
/fabric-ca/ca-cert.pem
2019/09/26 11:56:18 [WARNING] Failed to connect to database 'fabmnetdb'
2019/09/26 11:56:18 [WARNING] Failed to connect to database 'postgres'
2019/09/26 11:56:18 [WARNING] Failed to connect to database 'template1'
2019/09/26 11:56:18 [ERROR] Error occurred initializing database: Failed
to connect to Postgres database. Postgres requires connecting to a 
specific database, the following databases were tried: [fabmnetdb 
postgres template1]. Please create one of these database before 
continuing
2019/09/26 11:56:18 [INFO] Home directory for default CA: /home/marco
/fabric/fabric-ca
2019/09/26 11:56:18 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 11:56:18 [INFO] Listening on http://0.0.0.0:7054
but, again, the corresponding log says "bad certificate" :
2019-09-26 11:55:04.514 CEST [4837] [unknown]@[unknown] LOG:  could not  
accept SSL connection: sslv3 alert bad certificate
2019-09-26 11:55:04.517 CEST [4839] [unknown]@[unknown] LOG:  could not 
accept SSL connection: sslv3 alert bad certificate
2019-09-26 11:55:04.518 CEST [4840] [unknown]@[unknown] LOG:  could not
accept SSL connection: sslv3 alert bad certificate
2019-09-26 11:56:18.967 CEST [4862] [unknown]@[unknown] LOG:  could not 
accept SSL connection: sslv3 alert bad certificate
2019-09-26 11:56:18.969 CEST [4865] [unknown]@[unknown] LOG:  could not
accept SSL connection: sslv3 alert bad certificate
2019-09-26 11:56:18.971 CEST [4866] [unknown]@[unknown] LOG:  could not
accept SSL connection: sslv3 alert bad certificate

Итак ... как это может быть "плохой сертификат", если он только что был создан совершенно новым путем выполнения fabric-ca-serverstart?

--- Обновление 03 ---

Я снова инициализировал fabric-ca-server, чтобы проверить, создает ли он также файл .key: 

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server init -b 
admin:adminpw
2019/09/26 14:52:52 [INFO] Configuration file location: /home/marco
/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 14:52:52 [INFO] Server Version: 1.4.4
2019/09/26 14:52:52 [INFO] Server Levels: &{Identity:2 Affiliation:1 
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 14:52:52 [WARNING] &{69 The specified CA certificate file 
/home/marco/fabric/fabric-ca/ca-cert.pem does not exist}
2019/09/26 14:52:52 [INFO] generating key: &{A:ecdsa S:256}
2019/09/26 14:52:52 [INFO] encoded CSR
2019/09/26 14:52:52 [INFO] signed certificate with serial number 
632719069251912632400042774311489818382937855511
2019/09/26 14:52:52 [INFO] The CA key and certificate were generated for
CA 
2019/09/26 14:52:52 [INFO] The key was stored by BCCSP provider 'SW'
2019/09/26 14:52:52 [INFO] The certificate is at: /home/marco   
/fabricfabric-ca/ca-cert.pem
2019/09/26 14:52:52 [WARNING] Failed to connect to database 'fabmnetdb'
2019/09/26 14:52:52 [WARNING] Failed to connect to database 'postgres'
2019/09/26 14:52:52 [WARNING] Failed to connect to database 'template1'
2019/09/26 14:52:52 [ERROR] Error occurred initializing database: Failed
 to connect to Postgres database. Postgres requires connecting to a 
specific database, the following databases were tried: [fabmnetdb 
postgres template1]. Please create one of these database before 
continuing
2019/09/26 14:52:52 [INFO] Home directory for default CA: /home/marco
/fabric/fabric-ca
2019/09/26 14:52:52 [INFO] Initialization was successful

Затем я изменил /etc/postgresql/11/fabmnet/postgresql.conf соответственно: 

ssl = on
ssl_cert_file = '/home/marco/fabric/fabric-ca/ca-cert.pem'
ssl_key_file = '/home/marco/fabric/fabric-ca/msp/keystore
/a486a5dbb2f9b44bfac55203dd3268be760b22eff1c6f451fdf93d6394e3da30_sk'

Но, опять же, после перезапуска postgresql, выполнение запуска fabric-ca-server снова выдает ошибку: 

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b 
admin:adminpw
2019/09/26 15:05:06 [INFO] Configuration file location: /home/marco
/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 15:05:06 [INFO] Starting server in home directory: 
/home/marco/fabric/fabric-ca
2019/09/26 15:05:06 [INFO] Server Version: 1.4.4
2019/09/26 15:05:06 [INFO] Server Levels: &{Identity:2 Affiliation:1 
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 15:05:06 [INFO] The CA key and certificate already exist
2019/09/26 15:05:06 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/26 15:05:06 [INFO] The certificate is at: /home/marco/fabric
/fabric-ca/ca-cert.pem
2019/09/26 15:05:06 [WARNING] Failed to connect to database 'fabmnetdb'
2019/09/26 15:05:06 [WARNING] Failed to connect to database 'postgres'
2019/09/26 15:05:06 [WARNING] Failed to connect to database 'template1'
2019/09/26 15:05:06 [ERROR] Error occurred initializing database: Failed
to connect to Postgres database. Postgres requires connecting to a 
specific database, the following databases were tried: [fabmnetdb 
postgres template1]. Please create one of these database before 
continuing
2019/09/26 15:05:06 [INFO] Home directory for default CA: /home/marco 
/fabric/fabric-ca
2019/09/26 15:05:06 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 15:05:06 [INFO] Listening on http://0.0.0.0:7054

--- Обновление 04 ---

Чтобы перезапустить из чистой ситуации и конфигурации, я удалил предыдущую папку fabric-ca, создал новую и затем инициировалFabric-CA-сервер.С SQLite по умолчанию все работает нормально.Но я пытаюсь использовать базу данных PostgreSQL-11, которую я создал ранее, появляются ошибки: 

(base) marco@pc:~/fabric$ rm -rf fabric-ca
(base) marco@pc:~/fabric$ mkdir fabric-ca
(base) marco@pc:~/fabric$ cd fabric-ca/
(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server init -b  
admin:adminpw
(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b 
admin:adminpw
2019/09/26 15:48:54 [INFO] Created default configuration file at 
/home/marco/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 15:48:54 [INFO] Starting server in home directory: 
/home/marco/fabric/fabric-ca
2019/09/26 15:48:54 [INFO] Server Version: 1.4.4
2019/09/26 15:48:54 [INFO] Server Levels: &{Identity:2 Affiliation:1 
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 15:48:54 [WARNING] &{69 The specified CA certificate file 
/home/marco/fabric/fabric-ca/ca-cert.pem does not exist}
2019/09/26 15:48:54 [INFO] generating key: &{A:ecdsa S:256}
2019/09/26 15:48:54 [INFO] encoded CSR
2019/09/26 15:48:54 [INFO] signed certificate with serial number 
162595303982096068338873480987512684820342253664
2019/09/26 15:48:54 [INFO] The CA key and certificate were generated for
CA 
2019/09/26 15:48:54 [INFO] The key was stored by BCCSP provider 'SW'
2019/09/26 15:48:54 [INFO] The certificate is at: /home/marco/fabric
/fabric-ca/ca-cert.pem
2019/09/26 15:48:54 [INFO] Initialized sqlite3 database at /home/marco
/fabric/fabric-ca/fabric-ca-server.db
2019/09/26 15:48:54 [INFO] The issuer key was successfully stored. The 
public key is at: /home/marco/fabric/fabric-ca/IssuerPublicKey, secret 
key is at: /home/marco/fabric/fabric-ca/msp/keystore/IssuerSecretKey
2019/09/26 15:48:54 [INFO] Idemix issuer revocation public and secret 
keys were generated for CA ''
2019/09/26 15:48:54 [INFO] The revocation key was successfully stored. 
The public key is at: /home/marco/fabric/fabric-
ca/IssuerRevocationPublicKey, private key is at: /home/marco/fabric
/fabric-ca/msp/keystore/IssuerRevocationPrivateKey
2019/09/26 15:48:54 [INFO] Home directory for default CA: /home/marco
/fabric/fabric-ca
2019/09/26 15:48:54 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 15:48:54 [INFO] Listening on http://0.0.0.0:7054

Я установил совершенно новый fabric-ca-server-config.yaml следующим образом: 

#db:
#  type: sqlite3
#  datasource: fabric-ca-server.db
#  tls:
#      enabled: false
#      certfiles:
#      client:
#        certfile:
#        keyfile:

db:
  type: postgres
  datasource: host=localhost port=5433 user=fabmnet_admin   
  password=password dbname=fabmnetdb sslmode=verify-full

и в /etc/postgresql/11/fabmnet/postgresql.conf: 

ssl = on
ssl_cert_file = '/home/marco/fabric/fabric-ca/ca-cert.pem'
ssl_key_file = '/home/marco/fabric/fabric-ca/msp/keystore
/IssuerSecretKey'

После перезапуска systemctl postgresql я попытался запустить фабрику-ca-сервер: 

(base) marco@pc:~/fabric/fabric-ca$ fabric-ca-server start -b 
admin:adminpw
2019/09/26 15:56:50 [INFO] Configuration file location: /home/marco
/fabric/fabric-ca/fabric-ca-server-config.yaml
2019/09/26 15:56:50 [INFO] Starting server in home directory: 
/home/marco/fabric/fabric-ca
2019/09/26 15:56:50 [INFO] Server Version: 1.4.4
2019/09/26 15:56:50 [INFO] Server Levels: &{Identity:2 Affiliation:1 
Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2019/09/26 15:56:50 [INFO] The CA key and certificate already exist
2019/09/26 15:56:50 [INFO] The key is stored by BCCSP provider 'SW'
2019/09/26 15:56:50 [INFO] The certificate is at: /home/marco/fabric
/fabric-ca/ca-cert.pem
2019/09/26 15:56:50 [WARNING] Failed to connect to database 'fabmnetdb'
2019/09/26 15:56:50 [WARNING] Failed to connect to database 'postgres'
2019/09/26 15:56:50 [WARNING] Failed to connect to database 'template1'
2019/09/26 15:56:50 [ERROR] Error occurred initializing database: Failed
to connect to Postgres database. Postgres requires connecting to a 
specific database, the following databases were tried: [fabmnetdb 
postgres template1]. Please create one of these database before 
continuing
2019/09/26 15:56:50 [INFO] Home directory for default CA: /home/marco
/fabric/fabric-ca
2019/09/26 15:56:50 [INFO] Operation Server Listening on 127.0.0.1:9443
2019/09/26 15:56:50 [INFO] Listening on http://0.0.0.0:7054

Прежде чем я также удалил все предыдущее содержимое /var/log/postgresql/postgresql-11-fabmnet.log, чтобы иметь чистую ситуацию.Но, как ни странно, теперь я не получаю никакой новой информации о регистрации в postgresql-11-fabmnet.log

Итак.Я думаю, что должно быть что-то, что нужно исправить в интерфейсе между fabric-ca-server и PostgreSQL-11 db.В fabric-ca-server-config.yaml, в postgresql.conf, в обоих или где-то еще.

- Обновление 05 ---

Теперь после исправления конфигурации в postgresql-11 Iможет соединиться с ssh с базой данных (изменено имя базы данных): 

(base) postgres@pc:~$ psql --cluster 11/fabmnet -h localhost -d fabmnet_ca
Password for user postgres: 
psql (11.5 (Ubuntu 11.5-1.pgdg18.04+1))
Type "help" for help.

fabmnet_ca=# \conninfo
You are connected to database "fabmnet_ca" as user "postgres" on host  
"localhost" at port "5433".
fabmnet_ca=#

Но я все еще не могу подключить fabric-ca-server к базе данных postgreSQL с помощью ssh:

/ var / log / postgresql/postgresql-11-fabmnet.log: 

2019-09-27 15:32:59.651 CEST [5080] [unknown]@[unknown] LOG:  could not 
accept SSL connection: sslv3 alert bad certificate

Это то, что я установил в fabric-ca-server-config.yaml: 

#db:
#  type: sqlite3
#  datasource: fabric-ca-server.db
#  tls:
#      enabled: false
#      certfiles:
#      client:
#        certfile:
#        keyfile:


db:
  type: postgres
  datasource: host=localhost port=5433 user=postgres password=pwd     
  dbname=fabmnet_ca sslmode=verify-full
  tls:
      enabled: false
      certfiles:
      client:
        certfile:
        keyfile:

Как правильно установить Fabric-CAчтобы заставить его видеть и использовать базу данных PostgreSQL-11?Ждем вашей помощи Marco

...