Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can we run RAFT ordering node without tls in hyperledger fabric?

Tags:

ca

tls1.2

hyperledger-fabric

hyperledger

My current network has no TLS, deployed on Kubernetes. Currently, we are migrating from Kafka (1.4.0) to RAFT(1.4.4). TLS is not necessary for Kubernetes.

  1. Is it compulsory to have TLS enabled for the RAFT ordering node?
  2. If yes, Can I enable on the fly while migrating to RAFT?
  3. Is it possible to configure Orderers to use TLS only for Raft communication?

Currently, I am getting the following error when I change the consensus in the configuration block and send it to the orderer.

2019-12-09 15:38:02.269 UTC [orderer.common.server] initializeClusterClientConfig -> PANI 208 TLS is required for running ordering nodes of type kafka. panic: TLS is required for running ordering nodes of type kafka.

like image 741
PAVAN Avatar asked Dec 10 '19 04:12

PAVAN

People also ask

What is TLS in Fabric?

Fabric supports for secure communication between nodes using TLS. TLS communication can use both one-way (server only) and two-way (server and client) authentication.

Which consensus mechanism does the ordering service use in Hyperledger fabric?

Hyperledger Iroha introduces a BFT consensus algorithm called Sumeragi, which tolerates f numbers of Byzantine faulty nodes in a network, like all BFT systems.

What is raft in Hyperledger fabric?

Raft (recommended) New as of v1. 4.1, Raft is a crash fault tolerant (CFT) ordering service based on an implementation of Raft protocol in etcd . Raft follows a “leader and follower” model, where a leader node is elected (per channel) and its decisions are replicated by the followers.

1 Answers

  1. Yes, TLS is a must for Raft ordering nodes
  2. Yes, you can enable TLS by inserting an environment TLS_ENABLED=true inside your orderers and also mapping the correct folders with tls certificates.
  3. No, every component that wants to communicate with a Raft orderer must connect with TLS. Let's suppose you have a cli and you want to connect to the orderer. The cli must have TLS enabled, the correct TLS certificates to enstablish a connection and do an handshake, and the commands must be called with --tls true and --clientauth
like image 184
Riki95 Avatar answered Sep 30 '22 03:09

Riki95
Sign in to Comment

Related questions

Unable to find custom chaincode path Hyperledger Fabricv1.0 local network running on windows7
Hyperledger Fabric Simples issue Run ./byfn.sh -m up failed
Consensus of Hyperledger Fabric
How to configure multiple anchor peers
Best Practices to follow while writing Hyperledger Fabric Chaincode
How to add a new peer to an existing Hyperledger Fabric network?
The Name of Hyperledger Fabric Test Network is not detected by an Application given in the fabric samples
Cannot compile chaincode
Unable to create PeerAdminCard
Failed to invoke in Fabric v1.2 tutorial:build your first network
Unable to registerUser for Hyperledger Fabric - fabcar sample project
Error building peer: "bzip2 data invalid" in goshim.tar.bz2
Unable to enroll user in new org added to balance transfer sample
access denied: channel [mychannel] creator org [Org2MSP]
Hyperledger Fabric docs on Membership Service Provider - Questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!