[FAB-15157] Gracefully handle TLS absense in config

This change set makes an orderer crash with a user friendly message
when trying to start up a cluster orderer (i.e etcdraft) without TLS enabled.

Change-Id: If198a9bba1e9a4b1e607fcd0a141e66e70902050
Signed-off-by: yacovm <yacovm@il.ibm.com>

Author: yacovm

orderer/common/server/etcdraft_test.go

@@ -45,27 +45,36 @@ func TestSpawnEtcdRaft(t *testing.T) {
 
 	defer gexec.CleanupBuildArtifacts()
 
-	t.Run("EtcdRaft launch failure", func(t *testing.T) {
-		testEtcdRaftOSNFailure(gt, tempDir, orderer, fabricRootDir)
+	t.Run("Invalid bootstrap block", func(t *testing.T) {
+		testEtcdRaftOSNFailureInvalidBootstrapBlock(gt, tempDir, orderer, fabricRootDir)
+	})
+
+	t.Run("No TLS", func(t *testing.T) {
+		testEtcdRaftOSNNoTLS(gt, tempDir, orderer, fabricRootDir, configtxgen)
 	})
 
 	t.Run("EtcdRaft launch success", func(t *testing.T) {
 		testEtcdRaftOSNSuccess(gt, tempDir, configtxgen, cwd, orderer, fabricRootDir)
 	})
 }
 
-func testEtcdRaftOSNSuccess(gt *GomegaWithT, tempDir, configtxgen, cwd, orderer, fabricRootDir string) {
+func createBootstrapBlock(gt *GomegaWithT, tempDir, configtxgen, cwd string) string {
 	// Create the genesis block for the system channel
 	genesisBlockPath := filepath.Join(tempDir, "genesis.block")
 	cmd := exec.Command(configtxgen, "-channelID", "system", "-profile", "SampleDevModeEtcdRaft",
 		"-outputBlock", genesisBlockPath)
 	cmd.Env = append(cmd.Env, fmt.Sprintf("FABRIC_CFG_PATH=%s", filepath.Join(cwd, "testdata")))
 	configtxgenProcess, err := gexec.Start(cmd, nil, nil)
 	gt.Expect(err).NotTo(HaveOccurred())
-
 	gt.Eventually(configtxgenProcess, time.Minute).Should(gexec.Exit(0))
 	gt.Expect(configtxgenProcess.Err).To(gbytes.Say("Writing genesis block"))
 
+	return genesisBlockPath
+}
+
+func testEtcdRaftOSNSuccess(gt *GomegaWithT, tempDir, configtxgen, cwd, orderer, fabricRootDir string) {
+	genesisBlockPath := createBootstrapBlock(gt, tempDir, configtxgen, cwd)
+
 	// Launch the OSN
 	ordererProcess := launchOrderer(gt, orderer, tempDir, genesisBlockPath, fabricRootDir)
 	defer ordererProcess.Kill()
@@ -90,7 +99,7 @@ func testEtcdRaftOSNSuccess(gt *GomegaWithT, tempDir, configtxgen, cwd, orderer,
 	gt.Eventually(ordererProcess.Err, time.Minute).Should(gbytes.Say("becomeLeader"))
 }
 
-func testEtcdRaftOSNFailure(gt *GomegaWithT, tempDir, orderer, fabricRootDir string) {
+func testEtcdRaftOSNFailureInvalidBootstrapBlock(gt *GomegaWithT, tempDir, orderer, fabricRootDir string) {
 	// Grab an application channel genesis block
 	genesisBlockPath := filepath.Join(filepath.Join("testdata", "mychannel.block"))
 	genesisBlockBytes, err := ioutil.ReadFile(genesisBlockPath)
@@ -109,6 +118,29 @@ func testEtcdRaftOSNFailure(gt *GomegaWithT, tempDir, orderer, fabricRootDir str
 	gt.Eventually(ordererProcess.Err, time.Minute).Should(gbytes.Say(expectedErr))
 }
 
+func testEtcdRaftOSNNoTLS(gt *GomegaWithT, tempDir, orderer, fabricRootDir string, configtxgen string) {
+	cwd, err := filepath.Abs(".")
+	gt.Expect(err).NotTo(HaveOccurred())
+
+	genesisBlockPath := createBootstrapBlock(gt, tempDir, configtxgen, cwd)
+
+	cmd := exec.Command(orderer)
+	cmd.Env = []string{
+		"ORDERER_GENERAL_LISTENPORT=5611",
+		"ORDERER_GENERAL_GENESISMETHOD=file",
+		"ORDERER_GENERAL_SYSTEMCHANNEL=system",
+		fmt.Sprintf("ORDERER_FILELEDGER_LOCATION=%s", filepath.Join(tempDir, "ledger")),
+		fmt.Sprintf("ORDERER_GENERAL_GENESISFILE=%s", genesisBlockPath),
+		fmt.Sprintf("FABRIC_CFG_PATH=%s", filepath.Join(fabricRootDir, "sampleconfig")),
+	}
+	ordererProcess, err := gexec.Start(cmd, nil, nil)
+	gt.Expect(err).NotTo(HaveOccurred())
+	defer ordererProcess.Kill()
+
+	expectedErr := "TLS is required for running ordering nodes of type etcdraft."
+	gt.Eventually(ordererProcess.Err, time.Minute).Should(gbytes.Say(expectedErr))
+}
+
 func launchOrderer(gt *GomegaWithT, orderer, tempDir, genesisBlockPath, fabricRootDir string) *gexec.Session {
 	cwd, err := filepath.Abs(".")
 	gt.Expect(err).NotTo(HaveOccurred())

orderer/common/server/main.go

@@ -106,7 +106,7 @@ func Start(cmd string, conf *localconfig.TopLevel) {
 	lf, _ := createLedgerFactory(conf)
 
 	clusterDialer := &cluster.PredicateDialer{}
-	clusterClientConfig := initializeClusterClientConfig(conf)
+	clusterClientConfig := initializeClusterClientConfig(conf, clusterType, bootstrapBlock)
 	clusterDialer.SetConfig(clusterClientConfig)
 
 	r := createReplicator(lf, bootstrapBlock, conf, clusterClientConfig.SecOpts, signer)
@@ -339,7 +339,10 @@ func configureClusterListener(conf *localconfig.TopLevel, generalConf comm.Serve
 	return serverConf, srv
 }
 
-func initializeClusterClientConfig(conf *localconfig.TopLevel) comm.ClientConfig {
+func initializeClusterClientConfig(conf *localconfig.TopLevel, clusterType bool, bootstrapBlock *cb.Block) comm.ClientConfig {
+	if clusterType && !conf.General.TLS.Enabled {
+		logger.Panicf("TLS is required for running ordering nodes of type %s.", consensusType(bootstrapBlock))
+	}
 	cc := comm.ClientConfig{
 		AsyncConnect: true,
 		KaOpts:       comm.DefaultKeepaliveOptions,
@@ -504,6 +507,11 @@ func initializeBootstrapChannel(genesisBlock *cb.Block, lf blockledger.Factory)
 }
 
 func isClusterType(genesisBlock *cb.Block) bool {
+	_, exists := clusterTypes[consensusType(genesisBlock)]
+	return exists
+}
+
+func consensusType(genesisBlock *cb.Block) string {
 	if genesisBlock.Data == nil || len(genesisBlock.Data.Data) == 0 {
 		logger.Fatalf("Empty genesis block")
 	}
@@ -519,8 +527,7 @@ func isClusterType(genesisBlock *cb.Block) bool {
 	if !exists {
 		logger.Fatalf("Orderer config doesn't exist in bundle derived from genesis block")
 	}
-	_, exists = clusterTypes[ordConf.ConsensusType()]
-	return exists
+	return ordConf.ConsensusType()
 }
 
 func initializeGrpcServer(conf *localconfig.TopLevel, serverConfig comm.ServerConfig) *comm.GRPCServer {

orderer/common/server/main_test.go

@@ -174,7 +174,7 @@ func TestInitializeServerConfig(t *testing.T) {
 				if tc.clusterCert == "" {
 					initializeServerConfig(conf, nil)
 				} else {
-					initializeClusterClientConfig(conf)
+					initializeClusterClientConfig(conf, false, nil)
 				}
 			},
 			)
@@ -386,7 +386,7 @@ func TestUpdateTrustedRoots(t *testing.T) {
 	}
 
 	predDialer := &cluster.PredicateDialer{}
-	clusterConf := initializeClusterClientConfig(conf)
+	clusterConf := initializeClusterClientConfig(conf, true, nil)
 	predDialer.SetConfig(clusterConf)
 
 	callback = func(bundle *channelconfig.Bundle) {

orderer/common/server/util.go

@@ -13,9 +13,9 @@ import (
 
 	"github.com/hyperledger/fabric/common/ledger/blkstorage/fsblkstorage"
 	"github.com/hyperledger/fabric/common/ledger/blockledger"
-	"github.com/hyperledger/fabric/common/ledger/blockledger/file"
-	"github.com/hyperledger/fabric/common/ledger/blockledger/json"
-	"github.com/hyperledger/fabric/common/ledger/blockledger/ram"
+	fileledger "github.com/hyperledger/fabric/common/ledger/blockledger/file"
+	jsonledger "github.com/hyperledger/fabric/common/ledger/blockledger/json"
+	ramledger "github.com/hyperledger/fabric/common/ledger/blockledger/ram"
 	config "github.com/hyperledger/fabric/orderer/common/localconfig"
 )