Skip to content

Latest commit

 

History

History
17 lines (17 loc) · 1.25 KB

RAFT.md

File metadata and controls

17 lines (17 loc) · 1.25 KB
Raw

Notes: RAFT

  • etcdraft does not support non TLS
    • Raft nodes identify each other using TLS pinning, so in order to impersonate a Raft node, an attacker needs to obtain the private key of its TLS certificate. As a result, it is not possible to run a Raft node without a valid TLS configuration.
    • [orderer.common.server] initializeClusterClientConfig -> PANI 004 TLS is required for running ordering nodes of type etcdraft.
    • ClientTLSCert, ServerTLSCert in configtx.yaml have to be aligned with orderer environment set: 
              General.Cluster.ClientCertificate = ""
        General.Cluster.ClientPrivateKey = ""
        General.Cluster.RootCAs = []
      otherwise it will say: 
      I do not belong to channel testchainid or am forbidden pulling it (not in the channel), skipping chain retrieval
  • [solo][FAB-15754] Deploy a single-node Raft-based ordering service instead of using solo consensus type
  • [channel creation] 'will not enqueue, consenter for this channel hasn\'t started yet' will never appear as response info in etcdraft
    • it is a kafka legacy