Re: RAFT node without TLS!


Jay Guo
 

Adhav, could you attach full log of orderer? (from the top where configs are printed)

- J

On Tue, Dec 10, 2019 at 7:47 PM Adhav Pavan <adhavpavan@...> wrote:
Hi Jay, 

Went through the instructions. Defined these set of environment variables for the ordering node. I have explicitly disabled the Orderer General TLS and enabled Orderer Cluster TLS as shown below.
image.png

However, I am getting this error while restarting the ordering service. 

image.png
Again, here we are just trying to enable TLS for communication within RAFT nodes and not between other fabric components. Can you tell me if we are missing out on something?
Let us know if additional information is needed.

Heartfelt Regards,
Pavan Adhav

Blockchain Developer
Cell Phone:
+91-8390114357  E-Mail: adhavpavan@...



On Tue, Dec 10, 2019 at 12:22 PM Jay G <guojiannan1101@...> wrote:
Hi Adhav,

yes, it is required to enable TLS to use Raft, because intra-orderer
communication relies on Certificate Pinning to authenticate each
other.

However, it *is* possible to turn on tls ONLY FOR orderer-to-orderer
communication. Please consult "Cluster parameter" section in [1]

Also, migration is covered pretty comprehensively in [2]. Let us know
if you have specific questions


[1] https://hyperledger-fabric.readthedocs.io/en/latest/raft_configuration.html#local-configuration
[2] https://hyperledger-fabric.readthedocs.io/en/latest/kafka_raft_migration.html


On Tue, Dec 10, 2019 at 1:00 PM Adhav Pavan <adhavpavan@...> wrote:
>
> Hello Team,
>
> is it possible to configure Orderers to use TLS only for Raft communication?
>
> Thank you.
>
> Heartfelt Regards,
> Pavan Adhav
>
> Blockchain Developer
> Cell Phone:+91-8390114357  E-Mail: adhavpavan@...
>
>
>
> On Tue, Dec 10, 2019 at 10:23 AM Adhav Pavan <adhavpavan@...> wrote:
>>
>> My current network has no TLS, deployed on Kubernetes. Currently, we are migrating from Kafka (1.4.0) to RAFT(1.4.4). TLS is not necessary for Kubernetes.
>>
>> Is it compulsory to have TLS enabled for the RAFT ordering node?
>> If yes, Can I enable on the fly while migrating to RAFT?
>>
>> Currently, I am getting the following error when I change the consensus in the configuration block and send it to the orderer.
>>
>> Heartfelt Regards,
>> Pavan Adhav
>>
>> Blockchain Developer
>> Cell Phone:+91-8390114357  E-Mail: adhavpavan@...
>

Join fabric@lists.hyperledger.org to automatically receive all group messages.