1. 17 May, 2019 1 commit
  2. 14 May, 2019 1 commit
  3. 09 May, 2019 1 commit
  4. 30 Apr, 2019 1 commit
  5. 24 Apr, 2019 1 commit
  6. 01 Apr, 2019 1 commit
  7. 20 Mar, 2019 1 commit
    • Jason Yellick's avatar
      FAB-14709 Respect env override of vars not in conf · e037f9b0
      Jason Yellick authored
      There is a deficiency in the way viper handles environment variable
      overrides when unmarshaling to a structure.  If the variable is not
      present in the config file (but present in the structure) and is
      overridden in the environment, then this override is ignored.  This is
      bizzare behavior which we have hacked around by putting all options into
      the config file, but this policy is becoming untennable.
      This CR adds (yet another) hacky layer in the viperutil package to
      include fields from the structure which are not in the config into the
      map which is ultimately used to populate the structure values.
      The correct long-term approach is to stop using viper and handle this
      ourselves.  The actual logic we have stacked on top of viper to handle
      these problems is very likely more code than it would take to implement
      our own sane config unmarshaling.
      Change-Id: I47102c64162f1efcd9e1bd21a563e6aedb88abab
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
  8. 19 Mar, 2019 1 commit
  9. 17 Mar, 2019 1 commit
    • Jason Yellick's avatar
      FAB-14094 Clarify implicitmeta error message · 00df45f9
      Jason Yellick authored
      This CR replaces the old rather opaque and unclear:
       Failed to reach implicit threshold of 1 sub-policies: required 1 \
       implicit policy evaluation failed - 0 sub-policies were satisfied, \
        but this policy requires 1 of the 'Readers' sub-policies to be \
      Although the message is a bit verbose, and likely could be made to be
      even clearer, this attempts to strike a reasonable balance between
      verbosity, and information leakage about policy structures to users
      which are unauthorized and might simply be attempting to probe the
      system for information on membership, etc.
      Change-Id: Icd53e4438117936ca7254d08040e9fad27e24163
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
  10. 16 Mar, 2019 1 commit
    • Jay Guo's avatar
      FAB-14593 Refine etcdraft parameters · 2a4e15e9
      Jay Guo authored
      - MaxInflightMsgs is internal to etcd/raft and should be exposed
      to users with a more appropriate name: MaxInflightBlocks
      - MaxSizePerMsg is also internal to etcd/raft, and it's defaulted
      to PreferredMaxBytes in BatchSize, so that if a big block is created,
      it is sent in a its own etcd/raft message, instead of being batched
      with other blocks. This parameter takes effect when a batch of entries
      is sent to lagged node. During normal replication, each block is
      sent in its own message.
        It's not necessary to expose this config option to users.
      - SnapInterval is renamed to SnapshotIntervalSize
      FAB-14593 #done
      Change-Id: Icaf2848a41c5f0f0a02f4b0b4a80ba852fddd584
      Signed-off-by: default avatarJay Guo <guojiannan1101@gmail.com>
  11. 15 Mar, 2019 1 commit
    • Jason Yellick's avatar
      FAB-8591 Improve channel create/update error · e851f7a0
      Jason Yellick authored
      This CR simply wraps the output returned from the configtx processing to
      indicate whether the update processing was being treated as channel
      creation, or as a channel update.  This is to assist users especially
      when they attempt to recreate an extant channel resulting in a
      previously difficult to understand error message.
      Change-Id: I39d0adc0a4b9b53aa252710575e83309f5fa4524
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
  12. 14 Mar, 2019 1 commit
    • Jason Yellick's avatar
      FAB-14619 Rename Raft metadata protos · d645c833
      Jason Yellick authored
      There are presently two etcdraft protos around metadata.  One is the
      metadata stored in the config and it is named 'Metadata', the other is
      the metadata stored in each block, this is named 'RaftMetadata'.  This
      causes confusion when reading the code.  This CR transforms those names
      to be:
       Metadata -> ConfigMetadata
       RaftMetadata -> BlockMetadata
      Change-Id: Ia0394ebe78f5541996c010c3c67d760f336f75d8
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
  13. 11 Mar, 2019 2 commits
    • Jason Yellick's avatar
      FAB-14502 Clarify deliver 'Errored' message · c141d798
      Jason Yellick authored
      The deliver service is currently quite ambiguous about the error
      condition when the channel returned by Errored() closes.  This is likely
      because this message could be returned by a peer or orderer.  However,
      in reality, the only time this condition ever occurs is because of a
      consenter error.  In the interest of serviceability, this CR makes the
      error message more specific, making a note that we should handle
      generalizing it if the peer ever implements this function.
      Change-Id: I5c2dfb8fa4ba32c34660b69b5facf90291ee17f3
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • yacovm's avatar
      [FAB-14578] Sane defaults for block cutting · 609d4ea8
      yacovm authored
      A max of 10 transactions per block is too low because
      it creates tiny blocks. We should increase it to a
      saner value which is more optimized for throughput
      instead of letting the users always do it themselves.
      Correspondingly, 256 blocks circulating the consensus
      is too high and should be tuned down appropriately.
      Change-Id: Ib2f2c0f9c1875102e14d73f054f67103036b3d8d
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
  14. 05 Mar, 2019 1 commit
  15. 04 Mar, 2019 5 commits
    • Jason Yellick's avatar
      FAB-14057 Specify tx base profile in configtxgen · 104ec7c1
      Jason Yellick authored
      In order to support altering ordering parameters at channel creation
      time, we add support for specifying a base orderer system channel
      configuration profile.  The expected usage is:
       configtxgen -outputChannelCreateTx my.pb.tx \
                   -channelCreateTxBaseProfile sysChannelProfile
      Change-Id: I191bb730251178241b57f7ec10a7810bc76b66bd
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
      Signed-off-by: default avatarArtem Barger <bartem@il.ibm.com>
    • Jason Yellick's avatar
      FAB-14056 Non-default template channel create txes · 28b11ed4
      Jason Yellick authored
      This CR adds the ability to use a specified orderer system channel
      profile in order to compute the channel creation tx.  This will form the
      fundamental building block for specifying a different subset of Raft
      nodes for a new channel's consenter set.
      Change-Id: I3e7d620c447ff04cd8262f975d31f811532acc4b
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • Jason Yellick's avatar
      FAB-14040 Explicitly gen default config template · 59188f1a
      Jason Yellick authored
      The configtxgen tool currently assumes that the current profile is the
      source of the config template it uses to compute the channel creation
      request.  This CR makes this explicit and allows a non-default template
      to be passed in (to be implemented in a future CR).
      Change-Id: Ia3c32e8fc4061df9556a17534dc9233e94c00d0f
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • Jason Yellick's avatar
      FAB-14037 Remove unreachable code · 407c8fa1
      Jason Yellick authored
      There are some untestable and unreachable code paths in the encoder
      because it's not actually possible to fail to generate a genesis block.
      The signature reports that it can return an error but has no cases where
      it returns a non-nil error.  This CR simply removes that dead code.
      Change-Id: I9559bf4a8f518ac3f97fb1256e9306e975ec1ce2
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
    • Jason Yellick's avatar
      FAB-14035 Add tests for configtxgen encoder · df3ef22a
      Jason Yellick authored
      The tests currently covering the configtxgen encoder are almost entirely
      based on sample config and really cover almost none of the non-green
      paths.  This CR simply replaces all of the existing test with a new
      ginkgo suite covering 98.4% of lines.  The uncovered lines are
      unreachable and will be removed in a later CR.
      Change-Id: I2d2bfd7f4437511258a7832a7df0735fab2a2fbf
      Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
  16. 03 Mar, 2019 3 commits
    • Jay Guo's avatar
      [FAB-13656] Size-based snapshotting · 566562e7
      Jay Guo authored
      Instead of taking snapshot every N blocks, this CR
      changes it to taking snapshot every N bytes.
      This also sets default SnapshotInterval to 100MB, if
      it's unset. Otherwise data in memory is never compacted
      till OOM.
      Meanwhile, DefaultSnapshotCatchUpEntries is shrunk so
      it does not take too much space to preserve extra entries
      every time a snapshot is taken. Slow nodes are catching up
      using blockpuller, which is also efficient.
      Change-Id: I79cfeb8652fcbafdeb5793bf4f06267b95a858d6
      Signed-off-by: default avatarJay Guo <guojiannan1101@gmail.com>
    • Jay Guo's avatar
      [FAB-13845] Increase default raft tick interval · ebd9127c
      Jay Guo authored
      Increase default etcdraft tick interval to 500ms, for several reasons:
      - in a WAN/Cloud environment, this is more realistic
      - WAL sync in CI often exceeds 1s, which causes heartbeats not being
        sent timely. Increasing election timeout can decrease the chance of
        unexpected leader failover.
      This CR also increases default timeout of peer cmd, because now
      it takes 5~10s to elect a leader for a newly created channel, and
      `peer channel create` can only retrieve genesis block of that channel
      when leader exists (Deliver API returns error if leaderless).
      Note that this value is still configurable by users.
      Change-Id: I94fbbc750fa096cce6ef9e2d65eb981c6202b675
      Signed-off-by: default avatarJay Guo <guojiannan1101@gmail.com>
    • Yoav Tock's avatar
      FAB-13705 refine Bundle.validateNew · 2979b8cc
      Yoav Tock authored
      This task addresses two issues:
      1) In common/multichannel/Bundle.ValidateNew() it is possible
         to identify the system channel using:
             _, isSys := b.ConsortiumsConfig()
         this can be used to refine validateMigrationStep() such that
         it deals more accurately with the migration-state transitions
         on the system vs. standard channels.
      2) In addition, prevent user from adding ConsortiumsConfig() to
         standard channels. This will protect multichannel.Registrar
         from blowing up on next initialization. Explanation:
         - Looking at the code in multichannel.Registrar, we see that
             _, ok := ledgerResources.ConsortiumsConfig()
         is used to identify the system channel. If two system channels
         are identified, the code panics.
         - Now, in Bundle.ValidateNew(), currently there is no mechanism
         to prevent a user (orderer admin) from adding a ConsortiumsConfig()
         to a standard channel. If a user does that,  multichannel.Registrar
         will blow up in the next initialization.
      Change-Id: Ia7551cbd27389a9988757af0224abdc0d1bfef5b
      Signed-off-by: default avatarYoav Tock <tock@il.ibm.com>
  17. 28 Feb, 2019 1 commit
  18. 27 Feb, 2019 4 commits
  19. 04 Feb, 2019 1 commit
  20. 10 Jan, 2019 2 commits
  21. 09 Jan, 2019 3 commits
  22. 02 Jan, 2019 1 commit
    • Gari Singh's avatar
      Explicitly set ext key usage for CA · 3c0d63c3
      Gari Singh authored
      The generated CA certificates currently have
      contain anyExtendedKeyUsage in their
      Extended Key Usage attributes.  This is
      actually not allowed and is now enforced by
      openssl 1.1 and later.
      This change explicitly adds only ClientAuth
      and ServerAuth to the CA's Extended Key
      Usage attributes.
      FAB-13439 #done
      Change-Id: Ia2586563bd46c2978704999d1d9307d110bbcc98
      Signed-off-by: default avatarGari Singh <gari.r.singh@gmail.com>
  23. 18 Dec, 2018 1 commit
  24. 11 Dec, 2018 1 commit
  25. 07 Dec, 2018 1 commit
  26. 05 Dec, 2018 1 commit
  27. 04 Dec, 2018 1 commit