麻烦开始DGraph组件与TLS

Question

我试图启动一个DGraph组件服务器启用TLS，我的服务器配置文件定义如下：当我开始dgraphzero和DGraph组件

# Folder in which to store exports. 
export: export 

# Fraction of dirty posting lists to commit every few seconds. 
gentlecommit: 0.33 

# RAFT ID that this server will use to join RAFT groups. 
idx: 1 

# Port to run server on. (default 8080) 
port: 8080 

# GRPC port to run server on. (default 9080) 
grpc_port: 9080 

# Port used by worker for internal communication. 
workerport: 12345 

# Estimated memory the process can take. Actual usage would be slightly more 
memory_mb: 4096 

# The ratio of queries to trace. 
trace: 0.33 

# Directory to store posting lists. 
p: p 

# Directory to store raft write-ahead logs. 
w: w 

# Debug mode for testing. 
debugmode: true 

# Address of dgraphzero 
peer: localhost:8888 

# Use TLS connections with clients. 
tls.on: true 

# CA Certs file path. 
#tls.ca_certs: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem 

# Include System CA into CA Certs. 
tls.use_system_ca: true 

# Certificate file path. 
tls.cert: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem 

# Certificate key file path. 
tls.cert_key: /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key 

# Certificate key passphrase. 
#tls.cert_key_passphrase string 

# Enable TLS client authentication 
#tls.client_auth string 

# TLS max version. (default "TLS12") 
#tls.max_version string 

# TLS min version. (default "TLS11") 
#tls.min_version string 

，如果配置TLS 。对等于true，则此输出显示：

Setting up listener at: localhost:8888 
Setting up listener at: localhost:8889 
2017/10/19 16:09:36 main.go:163: Loading configuration from file: development.conf 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["export" = export] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["grpc_port" = 9080] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["workerport" = 12345] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["p" = p] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.ca_certs" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["memory_mb" = 4096] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["peer" = localhost:8888] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["gentlecommit" = 0.33] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["idx" = 1] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["port" = 8080] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["trace" = 0.33] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.on" = true] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.pem] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["w" = w] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["debugmode" = true] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.use_system_ca" = true] 
2017/10/19 16:09:36 init.go:74: Picked flag from config: ["tls.cert_key" = /Users/pauloferreira/Workspace/RagnarTech/Node/base_backend_njs/certificates/development/development-server-root-CA.key] 

Dgraph version : v0.8.3 
Commit SHA-1  : 40175d0 
Commit timestamp : 2017-10-18 15:55:02 +1100 
Branch   : HEAD 

2017/10/19 16:09:36 node.go:234: Found hardstate: {Term:2 Vote:1 Commit:4 XXX_unrecognized:[]} 
2017/10/19 16:09:36 node.go:246: Group 0 found 4 entries 
2017/10/19 16:09:36 raft.go:292: Restarting node for dgraphzero 
2017/10/19 16:09:36 raft.go:567: INFO: 1 became follower at term 2 
2017/10/19 16:09:36 raft.go:315: INFO: newRaft 1 [peers: [], term: 2, commit: 4, applied: 0, lastindex: 4, lastterm: 2] 
Running Dgraph zero... 
2017/10/19 16:09:36 open : no such file or directory 

我无法找到是什么原因造成的错误开放：没有这样的文件或目录，任何人都经历过这个？我正在使用MacOS 10.12.3（16D32）并使用命令curl https://get.dgraph.io安装了dgraph版本v0.8.3 -sSf | bash

在此先感谢。

Answer 1

我认为这是一个错误（更新：它实际上被确认为一个错误，并且是fixed）。 我试过在Ubuntu上运行它，并且我有与tls.on相同的错误。

接下来我找到了tls here的半手动测试套件。 运行它确认错误，测试需要小调整（添加--memory_mb 2048），但在此之后，重现相同的故障。

要确认它，我还下载了DGraph组件来源，并检查这是怎么回事delve debugger下：

1）配置文件是parsed and parameters are saved into global vars

2）TLS相关参数are used to create the tlsCfg - 在这里，我们已经可以看到问题：并非所有参数都通过了，例如，tlsKey和tlsKeyPath缺失

3）如果我们深入了解tls_helper.go，在TLS实际配置的位置，我们可以发现参数从配置ERS是 passed into the parseCertificate method

4）这里我们使用config.Key和config.KeyPassphrase，但都是空的

182: func GenerateTLSConfig(config TLSHelperConfig) (tlsCfg *tls.Config, reloadConfig func(), err error) { 
    183:   wrapper := new(wrapperTLSConfig) 
    184:   tlsCfg = new(tls.Config) 
    185:   wrapper.config = tlsCfg 
    186: 
=> 187:   cert, err := parseCertificate(config.CertRequired, config.Cert, config.Key, config.KeyPassphrase) 
    188:   if err != nil { 
    189:     return nil, nil, err 
    190:   } 
    191: 
    192:   if cert != nil { 
(dlv) p config.CertRequired 
true 
(dlv) p config.Cert 
"/home/seb/web/dgraph-test/test2.crt" 
(dlv) p config.Key 
"" 
(dlv) p config.KeyPassphrase 

然后失败parseCertificate里面当它试图读取与证书密钥的文件。

我在github上发布了issue。