[FAB-1141] Updating TLS and gossip leader conf

Added TLS seetings to peer configuration.

Correctly set gossip config to dynamic, and no more warnings.

Removed prints in behave run.

Modified case for sampleconfig dir during
peer chaincode package command usage.

Added copyright preamble to some python files.

Now set orgleader to false by default, and user leader
election true for all peers.

Now send join channel to all peers.

Added BlockValidation policy to orderer config.  All
warnings in orderer logs gone.

Change-Id: Ic8cedba0c60f8ea191148cd2acb55600a236794d
Signed-off-by: jeffgarratt <[email protected]>

Author: jeffgarratt

bddtests/docker-compose-next-4.yml

@@ -17,10 +17,13 @@ services:
       service: vpNext
     environment:
       - CORE_PEER_ID=vp0
+      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1:7051
       - CORE_PEER_PROFILE_ENABLED=true
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer0:7050
       - CORE_PEER_MSPCONFIGPATH=${PEER0_CORE_PEER_MSPCFGPATH}
       - CORE_PEER_LOCALMSPID=${PEER0_CORE_PEER_LOCALMSPID}
+      - CORE_PEER_TLS_CERT_FILE=${PEER0_CORE_PEER_TLS_CERT_FILE}
+      - CORE_PEER_TLS_KEY_FILE=${PEER0_CORE_PEER_TLS_KEY_FILE}
     depends_on:
       - orderer0
     # ports:
@@ -37,6 +40,8 @@ services:
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer0:7050
       - CORE_PEER_MSPCONFIGPATH=${PEER1_CORE_PEER_MSPCFGPATH}
       - CORE_PEER_LOCALMSPID=${PEER1_CORE_PEER_LOCALMSPID}
+      - CORE_PEER_TLS_CERT_FILE=${PEER1_CORE_PEER_TLS_CERT_FILE}
+      - CORE_PEER_TLS_KEY_FILE=${PEER1_CORE_PEER_TLS_KEY_FILE}
     depends_on:
       - orderer0
       - peer0
@@ -47,10 +52,12 @@ services:
       service: vpNext
     environment:
       - CORE_PEER_ID=vp2
-      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0:7051
+      - CORE_PEER_GOSSIP_BOOTSTRAP=peer3:7051
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer0:7050
       - CORE_PEER_MSPCONFIGPATH=${PEER2_CORE_PEER_MSPCFGPATH}
       - CORE_PEER_LOCALMSPID=${PEER2_CORE_PEER_LOCALMSPID}
+      - CORE_PEER_TLS_CERT_FILE=${PEER2_CORE_PEER_TLS_CERT_FILE}
+      - CORE_PEER_TLS_KEY_FILE=${PEER2_CORE_PEER_TLS_KEY_FILE}
     depends_on:
       - orderer0
       - peer0
@@ -61,10 +68,12 @@ services:
       service: vpNext
     environment:
       - CORE_PEER_ID=vp3
-      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0:7051
+      - CORE_PEER_GOSSIP_BOOTSTRAP=peer2:7051
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer0:7050
       - CORE_PEER_MSPCONFIGPATH=${PEER3_CORE_PEER_MSPCFGPATH}
       - CORE_PEER_LOCALMSPID=${PEER3_CORE_PEER_LOCALMSPID}
+      - CORE_PEER_TLS_CERT_FILE=${PEER3_CORE_PEER_TLS_CERT_FILE}
+      - CORE_PEER_TLS_KEY_FILE=${PEER3_CORE_PEER_TLS_KEY_FILE}
     depends_on:
       - orderer0
       - peer0

bddtests/docker-compose-next.yml

@@ -9,4 +9,6 @@ services:
         environment:
           - CORE_NEXT=true
           - CORE_PEER_ENDORSER_ENABLED=true
+          - CORE_PEER_GOSSIP_ORGLEADER=false
+          - CORE_PEER_GOSSIP_USELEADERELECTION=true
 

bddtests/features/bootstrap.feature

@@ -135,19 +135,23 @@ Feature: Bootstrap
     When user "dev0Org0" using cert alias "dev0Org0App1" requests to join channel using genesis block "genesisBlockForMyNewChannel" on peers with result "joinChannelResult"
       | Peer       |
       | peer0      |
+      | peer1      |
 
     Then user "dev0Org0" expects result code for "joinChannelResult" of "200" from peers:
       | Peer       |
       | peer0      |
+      | peer1      |
 
      # This is entry point for joining an existing channel
       When user "dev0Org1" using cert alias "dev0Org1App1" requests to join channel using genesis block "genesisBlockForMyNewChannel" on peers with result "joinChannelResult"
         | Peer       |
         | peer2      |
+        | peer3      |
 
       Then user "dev0Org1" expects result code for "joinChannelResult" of "200" from peers:
         | Peer       |
         | peer2      |
+        | peer3      |
 
     # Entry point for invoking on an existing channel
     When user "dev0Org0" creates a chaincode spec "cc_spec" with name "example02" of type "GOLANG" for chaincode "github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02" with args

bddtests/steps/bootstrap_util.py

@@ -387,6 +387,8 @@ class BootstrapHelper:
     # AdminsPolicyKey is the key used for the admins policy
     KEY_POLICY_ADMINS = "Admins"
 
+    KEY_POLICY_BLOCK_VALIDATION = "BlockValidation"
+
     # OrdererAddressesKey is the cb.ConfigItem type key name for the OrdererAddresses message
     KEY_ORDERER_ADDRESSES = "OrdererAddresses"
 
@@ -691,6 +693,9 @@ def createChannelConfigGroup(directory, hashingAlgoName="SHA256", consensusType=
             rule=ruleAny, sub_policy=BootstrapHelper.KEY_POLICY_WRITERS).SerializeToString()))
         group.policies[BootstrapHelper.KEY_POLICY_ADMINS].policy.CopyFrom(Policy(type=typeImplicitMeta, policy=IMP(
             rule=ruleMajority, sub_policy=BootstrapHelper.KEY_POLICY_ADMINS).SerializeToString()))
+    # Setting block validation policy for the orderer group
+    channel.groups[OrdererGroup].policies[BootstrapHelper.KEY_POLICY_BLOCK_VALIDATION].policy.CopyFrom(Policy(type=typeImplicitMeta, policy=IMP(
+        rule=ruleAny, sub_policy=BootstrapHelper.KEY_POLICY_WRITERS).SerializeToString()))
 
     # Add the orderer org groups MSPConfig info
     for ordererOrg in [org for org in directory.getOrganizations().values() if Network.Orderer in org.networks]:
@@ -856,6 +861,21 @@ def getVolumePath(self, composition, pathType=PathType.Local):
     def getLocalMspConfigPath(self, composition, compose_service, pathType=PathType.Local):
         return "{0}/{1}/localMspConfig".format(self.getVolumePath(composition, pathType), compose_service)
 
+    def _getPathAndUserInfo(self, directory , composition, compose_service, nat_discriminator="Signer", pathType=PathType.Local):
+        matchingNATs = [nat for nat in directory.getNamedCtxTuples() if ((compose_service in nat.user) and (nat_discriminator in nat.user) and ((compose_service in nat.nodeName)))]
+        assert len(matchingNATs)==1, "Unexpected number of matching NodeAdminTuples: {0}".format(matchingNATs)
+        localMspConfigPath = self.getLocalMspConfigPath(composition=composition, compose_service=compose_service,pathType=pathType)
+        return (localMspConfigPath, matchingNATs[0].user)
+
+    def getLocalMspConfigPrivateKeyPath(self, directory , composition, compose_service, pathType=PathType.Local):
+        (localMspConfigPath, user) = self._getPathAndUserInfo(directory=directory, composition=composition, compose_service=compose_service, pathType=pathType)
+        return "{0}/keystore/{1}.pem".format(localMspConfigPath, user)
+
+    def getLocalMspConfigPublicCertPath(self, directory , composition, compose_service, pathType=PathType.Local):
+        (localMspConfigPath, user) = self._getPathAndUserInfo(directory=directory, composition=composition, compose_service=compose_service, pathType=pathType)
+        return "{0}/signcerts/{1}.pem".format(localMspConfigPath, user)
+
+
     def _writeMspFiles(self, directory , composition, compose_service, network):
         localMspConfigPath = self.getLocalMspConfigPath(composition, compose_service)
         os.makedirs("{0}/{1}".format(localMspConfigPath, "signcerts"))
@@ -967,7 +987,12 @@ def getEnv(self, composition, context, env):
             localMspConfigPath = self.getLocalMspConfigPath(composition, peerService, pathType=PathType.Container)
             env["{0}_CORE_PEER_MSPCFGPATH".format(peerService.upper())] = localMspConfigPath
             env["{0}_CORE_PEER_LOCALMSPID".format(peerService.upper())] = self._getMspId(compose_service=peerService, directory=directory)
-
+            # TLS Settings
+            # env["{0}_CORE_PEER_TLS_ENABLED".format(peerService.upper())] = self._getMspId(compose_service=peerService, directory=directory)
+            env["{0}_CORE_PEER_TLS_CERT_FILE".format(peerService.upper())] = self.getLocalMspConfigPublicCertPath(
+                directory=directory, composition=composition, compose_service=peerService, pathType=PathType.Container)
+            env["{0}_CORE_PEER_TLS_KEY_FILE".format(peerService.upper())] = self.getLocalMspConfigPrivateKeyPath(
+                directory=directory, composition=composition, compose_service=peerService, pathType=PathType.Container)
 
 def createChainCreationPolicyNames(context, chainCreationPolicyNames, chaindId):
     channel = common_dot_configtx_pb2.ConfigGroup()

bddtests/steps/contexthelper.py

@@ -72,19 +72,20 @@ def isConfigEnabled(self, configName):
         return self.context.config.userdata.get(configName, "false") == "true"
 
     def before_scenario(self, scenario):
-        print("before_scenario: {0}".format(self))
+        # print("before_scenario: {0}".format(self))
+        pass
 
     def after_scenario(self, scenario):
-        print("after_scenario: {0}".format(self))
-
+        # print("after_scenario: {0}".format(self))
+        pass
 
     def before_step(self, step):
-        print("before_step: {0}".format(self))
-        print("")
+        # print("before_step: {0}".format(self))
+        pass
 
     def after_step(self, step):
-        print("after_step: {0}".format(self))
-        print("")
+        # print("after_step: {0}".format(self))
+        pass
 
     def registerComposition(self, composition):
         return composition

bddtests/steps/docgen.py

@@ -1,3 +1,17 @@
+# Copyright IBM Corp. 2016 All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 
 from StringIO import StringIO
 from itertools import chain

bddtests/steps/endorser_util.py

@@ -1,3 +1,17 @@
+# Copyright IBM Corp. 2016 All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 
 import os
 import json
@@ -136,7 +150,7 @@ def getExample02ChaincodeSpec():
 def _createDeploymentSpecAsFile(ccSpec, outputPath):
     '''peer chaincode package -n myCC -c '{"Args":["init","a","100","b","200"]}' -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02 --logging-level=DEBUG test.file'''
     myEnv = os.environ.copy()
-    myEnv['CORE_PEER_MSPCONFIGPATH'] = "./../msp/sampleConfig"
+    myEnv['CORE_PEER_MSPCONFIGPATH'] = "./../msp/sampleconfig"
     nameArgs = ["-n", ccSpec.chaincode_id.name]
     ctorArgs = ["-c", json.dumps({'Args' : [item for item in ccSpec.input.args]})]
     pathArgs = ["-p", ccSpec.chaincode_id.path]