Perform Data Integrity Assessment on vSphere

The operator container uses the integrity check tool for data integrity assessment. The data integrity evaluation includes proof of origination and tamper-detection capabilities of the data stored on the ObjectStore.

Prerequisites

Verify that the operator container is instantiated. See Bind the Newly Deployed VMware Blockchain Nodes on vSphere.

Procedure

Access the integrity check tool.
./s3_integrity_check

There are two types of configuration options you can use:
- MANDATORY_OPTIONS
- validate

Configure the integrity check tool MANDATORY_OPTIONS.

Option	Description
-k arg -k --keys-file arg	Add the file path for the cryptography keys configuration. The blockchain configuration should reflect the existing ReplicaNetwork, excluding the Full Copy Client nodes, and include the BFT F and C values. The most recent set of Replica node RSA keys must be specified. Sample key file. config-local/s3_config.yaml # # NOTE: Update configuration according to a blockchain setup # # # Concord-BFT replica keyfile ro_config_4. # For replica 4 in a 4-replica + 1-read-only-replica cluster. num_replicas: 4 num_ro_replicas: 1 f_val: 1 c_val: 0 replica_id: 4 read-only: 1 #UPDATE ONLY RSA PUBLIC KEYS OF BFT REPLICAS # # RSA non-threshold replica public keys rsa_public_keys: - 30820120300D06092A864886F70D01010105000382010D00308201080282010100CD3ECF19EEACC3B6706B068E7A6716A10E2ED62CC30040D70E44A18419253E9BFA7C1E073F6BABD048A02D1327856A655FC96A234081F8EDA1B7D00BB3DE2D72FEBBDBBC2753DA20E5FE2746D435B8D83FA4534A97F1FF92DF447587BE05CAACF9BB5DF3C7C5B3A8FDD3ADA3DF2542B09A71F1857669B9D376C4EB3305EF7510B3FC13C539DF5361CF4EA73DDA2D343FE6D2E9722074C25EBCA365A9D33AF161EBCBFBF0C322EE280A00B6B48BF1CC58428C184F069762E6ECD535B9F3C9F65FE6CF05E9C37C48712EF40BFB3AFEB5AAF36445D2BE21F9F851261FE905536E052E09457560365CD24AC5644EA4F150F6CC1DB8D6CAA586FFF37A932C88BD65B9020111 - 30820120300D06092A864886F70D01010105000382010D00308201080282010100D2432A361F62956DD92E35729C9082071057DD0217D868BC128543583F7CFE5B0E6982DC48BC236E838679383A2DE15839F16657FD868D9AB23409D0FA86F9320AA460F39EA28120D29817C1982D7BC487C937AB6E320E1BBBFC8570CBB03B59CDADBB122469201333D95216B43A3025A74CACDB719CE860DCB7D09C77E7449F01E04114A7ED648EC0AE01351E78FF4BAA12FF69D39004ABD339A31E44A1908D36122C5AD3020983D698E2738046EFD86952605DF5740F4C23301453E261503FFD355F3D5C9033D4F63EEE0D8B66F3B724A17812A824A540B20520EA24EEC827D1858232E818675C5877A6DEAEF6E80AAC54CD3D7885B99D82B109AAEEE4FB51020111 - 30820120300D06092A864886F70D01010105000382010D00308201080282010100BEF5C7B949ECBC33291800B91734EAAD3E71CB31647398F74FB5DD2902E845786A8E6E49B3C16C2B154FAADF9E14C681AD7B741DBDC87257B22837A13BF2D499C0DB4EB51532704C9BCBB38253DE7B71992718E9CE2B6E3EA8617853EEA573192EDB013C24D11DFBCC84681B26D89D92512D59D608D5CDAF429E6FAB60D24631F375E282B464E16B9151680ABFE28FFF744A7312C128869ED0FE660812C50D893304E4243341B3E0439BCEA2984C2EE56F5563EB9B78B8F441BDDAF5C6A1101C6A5E961921F4FE2161569818DF57347CEC4D0965D31629A009A8BF22C0377BF2EB99D7C70BDCC53551920413E9B47DB1526C77221C1EFE0679B6B5B0D3F5C583020111 - 30820120300D06092A864886F70D01010105000382010D00308201080282010100BAB189C206B85F27A35E1F8F10D87F89969445B4C26C80E2CAB9205F38BE8AF2A59B2B21674AE200B473B2D3F886F2B0BA637C409C218AE9F568EA36C96D3B39050436A821F1003141E426D9E91E0665EBABFF8C7FEC0A2D48C393F9B447D4E4C1C5AB87458DBCB788972CA4D83D04DE2F9921FDADB9D3CCDE8AB0438C4F2C1822C138296C76E7F3E7E75DA0BBBB4185AB4B59F7DF8FE2C1DC5FF2AC87DCA171A20FCAA947B10C9BFB540CA469D19C4A8E984D58E569ADFBC07AC78056301373DE1A44913B7786B5EA20F16F3F789660949B16E2FFB0CFD3732C894DA113E9ECEF59CB4ED8BC0724DCEE1E79F804DE547771000D5C460C37A2F8554601304A03020111 #DON'T UPDATE BELOW - 30820120300D06092A864886F70D01010105000382010D00308201080282010100BA5E7F51F0E67CA07C8AEA01B4BE274C796C6802B92CC5FC6C8C9E87BDBA31A22810AF4B9D021AF9C71D8051CE5772BD9DD96FA73DFBC5B179AC50413521AFF14A3FB1AEB2B7BE94F2ED55C678E3F270F018AD6CCD9DD01783F29F3FF506CBE4F75EDBD619B97C5F9E020ED2AD2463FE997303554219F96CBC12B28024813113ACE07511C23A826A374ADFEB929E9D4548CB60C309659C72E9D95D07D37C68572C74B281E125C0FE8F601B2C6AD1B1F59D655816CF812B80550E91627084AD582870F251D9452189C068539FD23732D5ECA934B66FFA5CAF0D46AAFCD24BDC01FE2F3A6BAC1AD155FFFD9B7BE7F7B5F449087E822C59EECB9C807910970CF2D1020111 rsa_private_key: 308204BB020100300D06092A864886F70D0101010500048204A5308204A10201000282010100BA5E7F51F0E67CA07C8AEA01B4BE274C796C6802B92CC5FC6C8C9E87BDBA31A22810AF4B9D021AF9C71D8051CE5772BD9DD96FA73DFBC5B179AC50413521AFF14A3FB1AEB2B7BE94F2ED55C678E3F270F018AD6CCD9DD01783F29F3FF506CBE4F75EDBD619B97C5F9E020ED2AD2463FE997303554219F96CBC12B28024813113ACE07511C23A826A374ADFEB929E9D4548CB60C309659C72E9D95D07D37C68572C74B281E125C0FE8F601B2C6AD1B1F59D655816CF812B80550E91627084AD582870F251D9452189C068539FD23732D5ECA934B66FFA5CAF0D46AAFCD24BDC01FE2F3A6BAC1AD155FFFD9B7BE7F7B5F449087E822C59EECB9C807910970CF2D10201110281FF119A7E8F3715B776BC42729D71334358FE91B7071CA9D278AC2D04E17AE691C6E20CE91A31E9DA7FC35B775E0827C7E8E3C8C20F0A8CE7C378E603961BCBB2458863B72F894C22319583EE68FF61E782A70169D0F4D16DF44BB891E026B04635E75409C0FE98FED90C634A89060B888DED91DA6CC4E179A173D5F05E250521D5C314080AF18780D1AA90E9237188D22A488AEA64C7E4026B9A5E0A6253B8771F50CE26DBFE699F4A85C3E9AB8B50287694C83B6649A8FAD81D5D1499062B7D3EB09D114571A2ED1914627A8AC615082D26DCA1B7AD40EF80E1FCE7C6450E1493A5FCEE11E6F82FA008D02031217A63A7B79D014DFFABE1EC8CAF2A886179ED02818100D0EBC5FC9E89950BE866EF91DC49D65B6ED111342F0E8E9D0DBB4674E7517FEAF117DD29A558EACCEA9C0C931DBA106F9985B2873A2673ADA5264CFE653B7AEDD7A852CE3AAB3FCF48E12185BD0C2A10EB376EFA1849D26F17C213CDB922382ABC5AB13C4420731A6FC85AFE483070E1A672C4010B5048A4343F2C986E4C1B9502818100E45DC0CA6C5258FBB3F49E630A9F1A747B1B9A974F3AD1ECF264C2EC36F4D2201EBADD5E012D7732F495EB01B99AFE47BB90EC1F83CC0143CFE3F6524164C627C1D2E26069CFD4B3CE000674E0A215101FB9EEC45171A29D2F41ECCDB85BFFB53D13E54C28FA3CE14530ABAC54C5D04DDC60141EC7F1EB6D5489A99A00C44B4D02818100C4A1AB481CBDB9749E7EFF9856DC150AC2A6A6C7B3D1772A6746D8E67F5BC3AFF1F857AEB9BD19395547935D492796FF9F8CE443098D9A0CD7AB93C24128EC2B255320C21919A577CC1F2E9BFD38A00FEC706872E9AEE42C52988B1BF9899E4656EBF21A9A78E4CD96623785E99700D4606C03C4BF5A9EB8A9A4DEAD94FC563102818100AEA20BE61699531AD4E83CE2536A9BC27C42490A4BA5735AD77A3AB4A27EFB0980E93FDE795F00CC9CEB1D1F6FD0E0913514785455BA1F15BD17BC5D04D49787D0741685F68FDEE3D9C3C8B3BAD64C579FCA6B4AD4DE6D4B06053C9D50BED299A72D54FE0137D433CB7F92569B2DDB86D5B2E235A7F53B8FD73C1848972CB20D02818100C6967B18DB92134F74773D937A43036EB5CABE5941B41957ED1E285328524FD12962457C6A6B4266252AA15EADB710AFEF08AB6CB63AFB2BEDB066D7C547851E3AD9E5E97172E441C18CC8ED056010EE01F1F49BCE266385A56C3518C57F55EF282FB7A091DF6DAB4331810B23458E67CC6269537E91947F26D3AE55FD342A97
-3 arg -3 --s3-config-file arg	Add the S3 ObjectStore configuration file path. The S3 ObjectStore configuration is used for blockchain replication. Note: Validate that the S3 ObjectStore configuration file option is running and accessible from the operator container to avoid connection errors. Sample S3 ObjectStore configuration file. $ cat config-local/s3_object_store_config.txt # S3 Object Store Configuration s3-bucket-name: blockchain s3-access-key: concordbft s3-protocol: HTTP s3-url: minio:9000 s3-secret-key: concordbft # optional s3-path-prefix: concord

Option

Description

-k arg

-k --keys-file arg

Add the file path for the cryptography keys configuration.

The blockchain configuration should reflect the existing ReplicaNetwork, excluding the Full Copy Client nodes, and include the BFT F and C values.

The most recent set of Replica node RSA keys must be specified.

Sample key file.

config-local/s3_config.yaml
#
# NOTE: Update configuration according to a blockchain setup
#
#
# Concord-BFT replica keyfile ro_config_4.
# For replica 4 in a 4-replica + 1-read-only-replica cluster.
 
num_replicas: 4
num_ro_replicas: 1
f_val: 1
c_val: 0
replica_id: 4
read-only: 1
 
#UPDATE ONLY RSA PUBLIC KEYS OF BFT REPLICAS
#
# RSA non-threshold replica public keys
rsa_public_keys:
  - 30820120300D06092A864886F70D01010105000382010D00308201080282010100CD3ECF19EEACC3B6706B068E7A6716A10E2ED62CC30040D70E44A18419253E9BFA7C1E073F6BABD048A02D1327856A655FC96A234081F8EDA1B7D00BB3DE2D72FEBBDBBC2753DA20E5FE2746D435B8D83FA4534A97F1FF92DF447587BE05CAACF9BB5DF3C7C5B3A8FDD3ADA3DF2542B09A71F1857669B9D376C4EB3305EF7510B3FC13C539DF5361CF4EA73DDA2D343FE6D2E9722074C25EBCA365A9D33AF161EBCBFBF0C322EE280A00B6B48BF1CC58428C184F069762E6ECD535B9F3C9F65FE6CF05E9C37C48712EF40BFB3AFEB5AAF36445D2BE21F9F851261FE905536E052E09457560365CD24AC5644EA4F150F6CC1DB8D6CAA586FFF37A932C88BD65B9020111
  - 30820120300D06092A864886F70D01010105000382010D00308201080282010100D2432A361F62956DD92E35729C9082071057DD0217D868BC128543583F7CFE5B0E6982DC48BC236E838679383A2DE15839F16657FD868D9AB23409D0FA86F9320AA460F39EA28120D29817C1982D7BC487C937AB6E320E1BBBFC8570CBB03B59CDADBB122469201333D95216B43A3025A74CACDB719CE860DCB7D09C77E7449F01E04114A7ED648EC0AE01351E78FF4BAA12FF69D39004ABD339A31E44A1908D36122C5AD3020983D698E2738046EFD86952605DF5740F4C23301453E261503FFD355F3D5C9033D4F63EEE0D8B66F3B724A17812A824A540B20520EA24EEC827D1858232E818675C5877A6DEAEF6E80AAC54CD3D7885B99D82B109AAEEE4FB51020111
  - 30820120300D06092A864886F70D01010105000382010D00308201080282010100BEF5C7B949ECBC33291800B91734EAAD3E71CB31647398F74FB5DD2902E845786A8E6E49B3C16C2B154FAADF9E14C681AD7B741DBDC87257B22837A13BF2D499C0DB4EB51532704C9BCBB38253DE7B71992718E9CE2B6E3EA8617853EEA573192EDB013C24D11DFBCC84681B26D89D92512D59D608D5CDAF429E6FAB60D24631F375E282B464E16B9151680ABFE28FFF744A7312C128869ED0FE660812C50D893304E4243341B3E0439BCEA2984C2EE56F5563EB9B78B8F441BDDAF5C6A1101C6A5E961921F4FE2161569818DF57347CEC4D0965D31629A009A8BF22C0377BF2EB99D7C70BDCC53551920413E9B47DB1526C77221C1EFE0679B6B5B0D3F5C583020111
  - 30820120300D06092A864886F70D01010105000382010D00308201080282010100BAB189C206B85F27A35E1F8F10D87F89969445B4C26C80E2CAB9205F38BE8AF2A59B2B21674AE200B473B2D3F886F2B0BA637C409C218AE9F568EA36C96D3B39050436A821F1003141E426D9E91E0665EBABFF8C7FEC0A2D48C393F9B447D4E4C1C5AB87458DBCB788972CA4D83D04DE2F9921FDADB9D3CCDE8AB0438C4F2C1822C138296C76E7F3E7E75DA0BBBB4185AB4B59F7DF8FE2C1DC5FF2AC87DCA171A20FCAA947B10C9BFB540CA469D19C4A8E984D58E569ADFBC07AC78056301373DE1A44913B7786B5EA20F16F3F789660949B16E2FFB0CFD3732C894DA113E9ECEF59CB4ED8BC0724DCEE1E79F804DE547771000D5C460C37A2F8554601304A03020111
    #DON'T UPDATE BELOW 
  - 30820120300D06092A864886F70D01010105000382010D00308201080282010100BA5E7F51F0E67CA07C8AEA01B4BE274C796C6802B92CC5FC6C8C9E87BDBA31A22810AF4B9D021AF9C71D8051CE5772BD9DD96FA73DFBC5B179AC50413521AFF14A3FB1AEB2B7BE94F2ED55C678E3F270F018AD6CCD9DD01783F29F3FF506CBE4F75EDBD619B97C5F9E020ED2AD2463FE997303554219F96CBC12B28024813113ACE07511C23A826A374ADFEB929E9D4548CB60C309659C72E9D95D07D37C68572C74B281E125C0FE8F601B2C6AD1B1F59D655816CF812B80550E91627084AD582870F251D9452189C068539FD23732D5ECA934B66FFA5CAF0D46AAFCD24BDC01FE2F3A6BAC1AD155FFFD9B7BE7F7B5F449087E822C59EECB9C807910970CF2D1020111
 
rsa_private_key: 308204BB020100300D06092A864886F70D0101010500048204A5308204A10201000282010100BA5E7F51F0E67CA07C8AEA01B4BE274C796C6802B92CC5FC6C8C9E87BDBA31A22810AF4B9D021AF9C71D8051CE5772BD9DD96FA73DFBC5B179AC50413521AFF14A3FB1AEB2B7BE94F2ED55C678E3F270F018AD6CCD9DD01783F29F3FF506CBE4F75EDBD619B97C5F9E020ED2AD2463FE997303554219F96CBC12B28024813113ACE07511C23A826A374ADFEB929E9D4548CB60C309659C72E9D95D07D37C68572C74B281E125C0FE8F601B2C6AD1B1F59D655816CF812B80550E91627084AD582870F251D9452189C068539FD23732D5ECA934B66FFA5CAF0D46AAFCD24BDC01FE2F3A6BAC1AD155FFFD9B7BE7F7B5F449087E822C59EECB9C807910970CF2D10201110281FF119A7E8F3715B776BC42729D71334358FE91B7071CA9D278AC2D04E17AE691C6E20CE91A31E9DA7FC35B775E0827C7E8E3C8C20F0A8CE7C378E603961BCBB2458863B72F894C22319583EE68FF61E782A70169D0F4D16DF44BB891E026B04635E75409C0FE98FED90C634A89060B888DED91DA6CC4E179A173D5F05E250521D5C314080AF18780D1AA90E9237188D22A488AEA64C7E4026B9A5E0A6253B8771F50CE26DBFE699F4A85C3E9AB8B50287694C83B6649A8FAD81D5D1499062B7D3EB09D114571A2ED1914627A8AC615082D26DCA1B7AD40EF80E1FCE7C6450E1493A5FCEE11E6F82FA008D02031217A63A7B79D014DFFABE1EC8CAF2A886179ED02818100D0EBC5FC9E89950BE866EF91DC49D65B6ED111342F0E8E9D0DBB4674E7517FEAF117DD29A558EACCEA9C0C931DBA106F9985B2873A2673ADA5264CFE653B7AEDD7A852CE3AAB3FCF48E12185BD0C2A10EB376EFA1849D26F17C213CDB922382ABC5AB13C4420731A6FC85AFE483070E1A672C4010B5048A4343F2C986E4C1B9502818100E45DC0CA6C5258FBB3F49E630A9F1A747B1B9A974F3AD1ECF264C2EC36F4D2201EBADD5E012D7732F495EB01B99AFE47BB90EC1F83CC0143CFE3F6524164C627C1D2E26069CFD4B3CE000674E0A215101FB9EEC45171A29D2F41ECCDB85BFFB53D13E54C28FA3CE14530ABAC54C5D04DDC60141EC7F1EB6D5489A99A00C44B4D02818100C4A1AB481CBDB9749E7EFF9856DC150AC2A6A6C7B3D1772A6746D8E67F5BC3AFF1F857AEB9BD19395547935D492796FF9F8CE443098D9A0CD7AB93C24128EC2B255320C21919A577CC1F2E9BFD38A00FEC706872E9AEE42C52988B1BF9899E4656EBF21A9A78E4CD96623785E99700D4606C03C4BF5A9EB8A9A4DEAD94FC563102818100AEA20BE61699531AD4E83CE2536A9BC27C42490A4BA5735AD77A3AB4A27EFB0980E93FDE795F00CC9CEB1D1F6FD0E0913514785455BA1F15BD17BC5D04D49787D0741685F68FDEE3D9C3C8B3BAD64C579FCA6B4AD4DE6D4B06053C9D50BED299A72D54FE0137D433CB7F92569B2DDB86D5B2E235A7F53B8FD73C1848972CB20D02818100C6967B18DB92134F74773D937A43036EB5CABE5941B41957ED1E285328524FD12962457C6A6B4266252AA15EADB710AFEF08AB6CB63AFB2BEDB066D7C547851E3AD9E5E97172E441C18CC8ED056010EE01F1F49BCE266385A56C3518C57F55EF282FB7A091DF6DAB4331810B23458E67CC6269537E91947F26D3AE55FD342A97

-3 arg

-3 --s3-config-file arg

Add the S3 ObjectStore configuration file path.

The S3 ObjectStore configuration is used for blockchain replication.

Note:

Validate that the S3 ObjectStore configuration file option is running and accessible from the operator container to avoid connection errors.

Sample S3 ObjectStore configuration file.

$ cat config-local/s3_object_store_config.txt
# S3 Object Store Configuration
s3-bucket-name: blockchain
s3-access-key: concordbft
s3-protocol: HTTP
s3-url: minio:9000
s3-secret-key: concordbft
# optional
s3-path-prefix: concord

Validate the data integrity of the blockchain.

A CheckPoint is created when there is an agreement of f+1 Replica nodes. The signed CheckPoints are saved on the ObjectStore. As part of the data integrity validation, the integrity check tool verifies the existence of these signed CheckPoints.

Option	Description
-a -a --validate-all	Validates the entire blockchain data integrity from the block specified in the latest CheckPoint descriptor up to the genesis block. ./s3_integrity_check --keys-file config-local/s3_config.yaml --s3-config-file config-local/s3_object_store_config.txt --validate-all
-v arg -v --validate key arg	Validates a specific key. The validation starts with the latest block the key resides in and the process parses the block and extracts the key's value. Note: Separate key replication and validation are disabled by default. ./s3_integrity_check --keys-file config-local/s3_config.yaml --s3-config-file config-local/s3_object_store_config.txt --validate-key 0000000000000061

Option

Description

-a

-a --validate-all

Validates the entire blockchain data integrity from the block specified in the latest CheckPoint descriptor up to the genesis block.

./s3_integrity_check --keys-file config-local/s3_config.yaml --s3-config-file config-local/s3_object_store_config.txt --validate-all

-v arg

-v --validate key arg

Validates a specific key.

The validation starts with the latest block the key resides in and the process parses the block and extracts the key's value.

Note:

Separate key replication and validation are disabled by default.

./s3_integrity_check --keys-file config-local/s3_config.yaml --s3-config-file config-local/s3_object_store_config.txt --validate-key 0000000000000061