github.com/IBM-Blockchain/fabric-operator@v1.0.4/defaultconfig/orderer/orderer.yaml (about) 1 # 2 # Copyright contributors to the Hyperledger Fabric Operator project 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 # Licensed under the Apache License, Version 2.0 (the "License"); 7 # you may not use this file except in compliance with the License. 8 # You may obtain a copy of the License at: 9 # 10 # http://www.apache.org/licenses/LICENSE-2.0 11 # 12 # Unless required by applicable law or agreed to in writing, software 13 # distributed under the License is distributed on an "AS IS" BASIS, 14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 # See the License for the specific language governing permissions and 16 # limitations under the License. 17 # 18 19 20 ################################################################################ 21 # 22 # Orderer Configuration 23 # 24 # - This controls the type and configuration of the orderer. 25 # 26 ################################################################################ 27 General: 28 29 # Ledger Type: The ledger type to provide to the orderer. 30 # Two non-production ledger types are provided for test purposes only: 31 # - ram: An in-memory ledger whose contents are lost on restart. 32 # - json: A simple file ledger that writes blocks to disk in JSON format. 33 # Only one production ledger type is provided: 34 # - file: A production file-based ledger. 35 LedgerType: file 36 37 # Listen address: The IP on which to bind to listen. 38 ListenAddress: 127.0.0.1 39 40 # Listen port: The port on which to bind to listen. 41 ListenPort: 7050 42 43 # TLS: TLS settings for the GRPC server. 44 TLS: 45 Enabled: false 46 # PrivateKey governs the file location of the private key of the TLS certificate. 47 PrivateKey: tls/server.key 48 # Certificate governs the file location of the server TLS certificate. 49 Certificate: tls/server.crt 50 RootCAs: 51 - tls/ca.crt 52 ClientAuthRequired: false 53 ClientRootCAs: 54 # Keepalive settings for the GRPC server. 55 Keepalive: 56 # ServerMinInterval is the minimum permitted time between client pings. 57 # If clients send pings more frequently, the server will 58 # disconnect them. 59 ServerMinInterval: 60s 60 # ServerInterval is the time between pings to clients. 61 ServerInterval: 7200s 62 # ServerTimeout is the duration the server waits for a response from 63 # a client before closing the connection. 64 ServerTimeout: 20s 65 # Cluster settings for ordering service nodes that communicate with other ordering service nodes 66 # such as Raft based ordering service. 67 Cluster: 68 # SendBufferSize is the maximum number of messages in the egress buffer. 69 # Consensus messages are dropped if the buffer is full, and transaction 70 # messages are waiting for space to be freed. 71 SendBufferSize: 10 72 # ClientCertificate governs the file location of the client TLS certificate 73 # used to establish mutual TLS connections with other ordering service nodes. 74 ClientCertificate: 75 # ClientPrivateKey governs the file location of the private key of the client TLS certificate. 76 ClientPrivateKey: 77 # The below 4 properties should be either set together, or be unset together. 78 # If they are set, then the orderer node uses a separate listener for intra-cluster 79 # communication. If they are unset, then the general orderer listener is used. 80 # This is useful if you want to use a different TLS server certificates on the 81 # client-facing and the intra-cluster listeners. 82 83 # ListenPort defines the port on which the cluster listens to connections. 84 ListenPort: 85 # ListenAddress defines the IP on which to listen to intra-cluster communication. 86 ListenAddress: 87 # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster 88 # communication. 89 ServerCertificate: 90 # ServerPrivateKey defines the file location of the private key of the TLS certificate. 91 ServerPrivateKey: 92 # Genesis method: The method by which the genesis block for the orderer 93 # system channel is specified. Available options are "provisional", "file": 94 # - provisional: Utilizes a genesis profile, specified by GenesisProfile, 95 # to dynamically generate a new genesis block. 96 # - file: Uses the file provided by GenesisFile as the genesis block. 97 GenesisMethod: provisional 98 99 # Genesis profile: The profile to use to dynamically generate the genesis 100 # block to use when initializing the orderer system channel and 101 # GenesisMethod is set to "provisional". See the configtx.yaml file for the 102 # descriptions of the available profiles. Ignored if GenesisMethod is set to 103 # "file". 104 GenesisProfile: SampleInsecureSolo 105 106 # Genesis file: The file containing the genesis block to use when 107 # initializing the orderer system channel and GenesisMethod is set to 108 # "file". Ignored if GenesisMethod is set to "provisional". 109 GenesisFile: genesisblock 110 111 # LocalMSPDir is where to find the private crypto material needed by the 112 # orderer. It is set relative here as a default for dev environments but 113 # should be changed to the real location in production. 114 LocalMSPDir: msp 115 116 # LocalMSPID is the identity to register the local MSP material with the MSP 117 # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP 118 # ID of one of the organizations defined in the orderer system channel's 119 # /Channel/Orderer configuration. The sample organization defined in the 120 # sample configuration provided has an MSP ID of "SampleOrg". 121 LocalMSPID: SampleOrg 122 123 # Enable an HTTP service for Go "pprof" profiling as documented at: 124 # https://golang.org/pkg/net/http/pprof 125 Profile: 126 Enabled: false 127 Address: 0.0.0.0:6060 128 129 # BCCSP configures the blockchain crypto service providers. 130 BCCSP: 131 # Default specifies the preferred blockchain crypto service provider 132 # to use. If the preferred provider is not available, the software 133 # based provider ("SW") will be used. 134 # Valid providers are: 135 # - SW: a software based crypto provider 136 # - PKCS11: a CA hardware security module crypto provider. 137 Default: SW 138 139 # SW configures the software based blockchain crypto provider. 140 SW: 141 # TODO: The default Hash and Security level needs refactoring to be 142 # fully configurable. Changing these defaults requires coordination 143 # SHA2 is hardcoded in several places, not only BCCSP 144 Hash: SHA2 145 Security: 256 146 # Location of key store. If this is unset, a location will be 147 # chosen using: 'LocalMSPDir'/keystore 148 FileKeyStore: 149 KeyStore: 150 151 # # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) 152 # PKCS11: 153 # # Location of the PKCS11 module library 154 # Library: 155 # # Token Label 156 # Label: 157 # # User PIN 158 # Pin: 159 # Hash: 160 # Security: 161 # FileKeyStore: 162 # KeyStore: 163 164 # Authentication contains configuration parameters related to authenticating 165 # client messages 166 Authentication: 167 # the acceptable difference between the current server time and the 168 # client's time as specified in a client request message 169 TimeWindow: 15m 170 171 172 ################################################################################ 173 # 174 # SECTION: File Ledger 175 # 176 # - This section applies to the configuration of the file or json ledgers. 177 # 178 ################################################################################ 179 FileLedger: 180 181 # Location: The directory to store the blocks in. 182 # NOTE: If this is unset, a new temporary location will be chosen every time 183 # the orderer is restarted, using the prefix specified by Prefix. 184 Location: /var/hyperledger/production/orderer 185 186 # The prefix to use when generating a ledger directory in temporary space. 187 # Otherwise, this value is ignored. 188 Prefix: hyperledger-fabric-ordererledger 189 190 ################################################################################ 191 # 192 # SECTION: RAM Ledger 193 # 194 # - This section applies to the configuration of the RAM ledger. 195 # 196 ################################################################################ 197 RAMLedger: 198 199 # History Size: The number of blocks that the RAM ledger is set to retain. 200 # WARNING: Appending a block to the ledger might cause the oldest block in 201 # the ledger to be dropped in order to limit the number total number blocks 202 # to HistorySize. For example, if history size is 10, when appending block 203 # 10, block 0 (the genesis block!) will be dropped to make room for block 10. 204 HistorySize: 1000 205 206 ################################################################################ 207 # 208 # SECTION: Kafka 209 # 210 # - This section applies to the configuration of the Kafka-based orderer, and 211 # its interaction with the Kafka cluster. 212 # 213 ################################################################################ 214 Kafka: 215 216 # Retry: What do if a connection to the Kafka cluster cannot be established, 217 # or if a metadata request to the Kafka cluster needs to be repeated. 218 Retry: 219 # When a new channel is created, or when an existing channel is reloaded 220 # (in case of a just-restarted orderer), the orderer interacts with the 221 # Kafka cluster in the following ways: 222 # 1. It creates a Kafka producer (writer) for the Kafka partition that 223 # corresponds to the channel. 224 # 2. It uses that producer to post a no-op CONNECT message to that 225 # partition 226 # 3. It creates a Kafka consumer (reader) for that partition. 227 # If any of these steps fail, they will be re-attempted every 228 # <ShortInterval> for a total of <ShortTotal>, and then every 229 # <LongInterval> for a total of <LongTotal> until they succeed. 230 # Note that the orderer will be unable to write to or read from a 231 # channel until all of the steps above have been completed successfully. 232 ShortInterval: 5s 233 ShortTotal: 10m 234 LongInterval: 5m 235 LongTotal: 12h 236 # Affects the socket timeouts when waiting for an initial connection, a 237 # response, or a transmission. See Config.Net for more info: 238 # https://godoc.org/github.com/Shopify/sarama#Config 239 NetworkTimeouts: 240 DialTimeout: 10s 241 ReadTimeout: 10s 242 WriteTimeout: 10s 243 # Affects the metadata requests when the Kafka cluster is in the middle 244 # of a leader election.See Config.Metadata for more info: 245 # https://godoc.org/github.com/Shopify/sarama#Config 246 Metadata: 247 RetryBackoff: 250ms 248 RetryMax: 3 249 # What to do if posting a message to the Kafka cluster fails. See 250 # Config.Producer for more info: 251 # https://godoc.org/github.com/Shopify/sarama#Config 252 Producer: 253 RetryBackoff: 100ms 254 RetryMax: 3 255 # What to do if reading from the Kafka cluster fails. See 256 # Config.Consumer for more info: 257 # https://godoc.org/github.com/Shopify/sarama#Config 258 Consumer: 259 RetryBackoff: 2s 260 # Settings to use when creating Kafka topics. Only applies when 261 # Kafka.Version is v0.10.1.0 or higher 262 Topic: 263 # The number of Kafka brokers across which to replicate the topic 264 ReplicationFactor: 3 265 # Verbose: Enable logging for interactions with the Kafka cluster. 266 Verbose: false 267 268 # TLS: TLS settings for the orderer's connection to the Kafka cluster. 269 TLS: 270 271 # Enabled: Use TLS when connecting to the Kafka cluster. 272 Enabled: false 273 274 # PrivateKey: PEM-encoded private key the orderer will use for 275 # authentication. 276 PrivateKey: 277 # As an alternative to specifying the PrivateKey here, uncomment the 278 # following "File" key and specify the file name from which to load the 279 # value of PrivateKey. 280 #File: path/to/PrivateKey 281 282 # Certificate: PEM-encoded signed public key certificate the orderer will 283 # use for authentication. 284 Certificate: 285 # As an alternative to specifying the Certificate here, uncomment the 286 # following "File" key and specify the file name from which to load the 287 # value of Certificate. 288 #File: path/to/Certificate 289 290 # RootCAs: PEM-encoded trusted root certificates used to validate 291 # certificates from the Kafka cluster. 292 RootCAs: 293 # As an alternative to specifying the RootCAs here, uncomment the 294 # following "File" key and specify the file name from which to load the 295 # value of RootCAs. 296 #File: path/to/RootCAs 297 298 # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers 299 SASLPlain: 300 # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers 301 Enabled: false 302 # User: Required when Enabled is set to true 303 User: 304 # Password: Required when Enabled is set to true 305 Password: 306 307 # Kafka protocol version used to communicate with the Kafka cluster brokers 308 # (defaults to 0.10.2.0 if not specified) 309 Version: 310 311 ################################################################################ 312 # 313 # Debug Configuration 314 # 315 # - This controls the debugging options for the orderer 316 # 317 ################################################################################ 318 Debug: 319 320 # BroadcastTraceDir when set will cause each request to the Broadcast service 321 # for this orderer to be written to a file in this directory 322 BroadcastTraceDir: 323 324 # DeliverTraceDir when set will cause each request to the Deliver service 325 # for this orderer to be written to a file in this directory 326 DeliverTraceDir: 327 328 ################################################################################ 329 # 330 # Operations Configuration 331 # 332 # - This configures the operations server endpoint for the orderer 333 # 334 ################################################################################ 335 Operations: 336 # host and port for the operations server 337 ListenAddress: 127.0.0.1:8443 338 339 # TLS configuration for the operations endpoint 340 TLS: 341 # TLS enabled 342 Enabled: false 343 344 # Certificate is the location of the PEM encoded TLS certificate 345 Certificate: 346 347 # PrivateKey points to the location of the PEM-encoded key 348 PrivateKey: 349 350 # Most operations service endpoints require client authentication when TLS 351 # is enabled. ClientAuthRequired requires client certificate authentication 352 # at the TLS layer to access all resources. 353 ClientAuthRequired: false 354 355 # Paths to PEM encoded ca certificates to trust for client authentication 356 ClientRootCAs: [] 357 358 ################################################################################ 359 # 360 # Metrics Configuration 361 # 362 # - This configures metrics collection for the orderer 363 # 364 ################################################################################ 365 Metrics: 366 # The metrics provider is one of statsd, prometheus, or disabled 367 Provider: prometheus 368 369 # The statsd configuration 370 Statsd: 371 # network type: tcp or udp 372 Network: udp 373 374 # the statsd server address 375 Address: 127.0.0.1:8125 376 377 # The interval at which locally cached counters and gauges are pushed 378 # to statsd; timings are pushed immediately 379 WriteInterval: 30s 380 381 # The prefix is prepended to all emitted statsd metrics 382 Prefix: 383 384 ################################################################################ 385 # 386 # Consensus Configuration 387 # 388 # - This section contains config options for a consensus plugin. It is opaque 389 # to orderer, and completely up to consensus implementation to make use of. 390 # 391 ################################################################################ 392 Consensus: 393 # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, 394 # we use following options: 395 396 # WALDir specifies the location at which Write Ahead Logs for etcd/raft are 397 # stored. Each channel will have its own subdir named after channel ID. 398 WALDir: /var/hyperledger/production/orderer/etcdraft/wal 399 400 # SnapDir specifies the location at which snapshots for etcd/raft are 401 # stored. Each channel will have its own subdir named after channel ID. 402 SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot