github.com/IBM-Blockchain/fabric-operator@v1.0.4/defaultconfig/orderer/v2/orderer.yaml (about) 1 # 2 # Copyright contributors to the Hyperledger Fabric Operator project 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 # Licensed under the Apache License, Version 2.0 (the "License"); 7 # you may not use this file except in compliance with the License. 8 # You may obtain a copy of the License at: 9 # 10 # http://www.apache.org/licenses/LICENSE-2.0 11 # 12 # Unless required by applicable law or agreed to in writing, software 13 # distributed under the License is distributed on an "AS IS" BASIS, 14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 # See the License for the specific language governing permissions and 16 # limitations under the License. 17 # 18 19 ################################################################################ 20 # 21 # Orderer Configuration 22 # 23 # - This controls the type and configuration of the orderer. 24 # 25 ################################################################################ 26 General: 27 # Listen address: The IP on which to bind to listen. 28 ListenAddress: 127.0.0.1 29 30 # Listen port: The port on which to bind to listen. 31 ListenPort: 7050 32 33 # TLS: TLS settings for the GRPC server. 34 TLS: 35 Enabled: false 36 # PrivateKey governs the file location of the private key of the TLS certificate. 37 PrivateKey: tls/server.key 38 # Certificate governs the file location of the server TLS certificate. 39 Certificate: tls/server.crt 40 RootCAs: 41 - tls/ca.crt 42 ClientAuthRequired: false 43 ClientRootCAs: 44 # Keepalive settings for the GRPC server. 45 Keepalive: 46 # ServerMinInterval is the minimum permitted time between client pings. 47 # If clients send pings more frequently, the server will 48 # disconnect them. 49 ServerMinInterval: 60s 50 # ServerInterval is the time between pings to clients. 51 ServerInterval: 7200s 52 # ServerTimeout is the duration the server waits for a response from 53 # a client before closing the connection. 54 ServerTimeout: 20s 55 # Cluster settings for ordering service nodes that communicate with other ordering service nodes 56 # such as Raft based ordering service. 57 Cluster: 58 # SendBufferSize is the maximum number of messages in the egress buffer. 59 # Consensus messages are dropped if the buffer is full, and transaction 60 # messages are waiting for space to be freed. 61 SendBufferSize: 10 62 # ClientCertificate governs the file location of the client TLS certificate 63 # used to establish mutual TLS connections with other ordering service nodes. 64 ClientCertificate: 65 # ClientPrivateKey governs the file location of the private key of the client TLS certificate. 66 ClientPrivateKey: 67 # The below 4 properties should be either set together, or be unset together. 68 # If they are set, then the orderer node uses a separate listener for intra-cluster 69 # communication. If they are unset, then the general orderer listener is used. 70 # This is useful if you want to use a different TLS server certificates on the 71 # client-facing and the intra-cluster listeners. 72 73 # ListenPort defines the port on which the cluster listens to connections. 74 ListenPort: 75 # ListenAddress defines the IP on which to listen to intra-cluster communication. 76 ListenAddress: 77 # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster 78 # communication. 79 ServerCertificate: 80 # ServerPrivateKey defines the file location of the private key of the TLS certificate. 81 ServerPrivateKey: 82 83 # Bootstrap method: The method by which to obtain the bootstrap block 84 # system channel is specified. The option can be one of: 85 # "file" - path to a file containing the genesis block or config block of system channel 86 # "none" - allows an orderer to start without a system channel configuration 87 BootstrapMethod: file 88 89 # Bootstrap file: The file containing the bootstrap block to use when 90 # initializing the orderer system channel and BootstrapMethod is set to 91 # "file". The bootstrap file can be the genesis block, and it can also be 92 # a config block for late bootstrap of some consensus methods like Raft. 93 # Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and 94 # using configtxgen command with "-outputBlock" option. 95 # Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified. 96 BootstrapFile: 97 98 # LocalMSPDir is where to find the private crypto material needed by the 99 # orderer. It is set relative here as a default for dev environments but 100 # should be changed to the real location in production. 101 LocalMSPDir: msp 102 103 # LocalMSPID is the identity to register the local MSP material with the MSP 104 # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP 105 # ID of one of the organizations defined in the orderer system channel's 106 # /Channel/Orderer configuration. The sample organization defined in the 107 # sample configuration provided has an MSP ID of "SampleOrg". 108 LocalMSPID: SampleOrg 109 110 # Enable an HTTP service for Go "pprof" profiling as documented at: 111 # https://golang.org/pkg/net/http/pprof 112 Profile: 113 Enabled: false 114 Address: 0.0.0.0:6060 115 116 # BCCSP configures the blockchain crypto service providers. 117 BCCSP: 118 # Default specifies the preferred blockchain crypto service provider 119 # to use. If the preferred provider is not available, the software 120 # based provider ("SW") will be used. 121 # Valid providers are: 122 # - SW: a software based crypto provider 123 # - PKCS11: a CA hardware security module crypto provider. 124 Default: SW 125 126 # SW configures the software based blockchain crypto provider. 127 SW: 128 # TODO: The default Hash and Security level needs refactoring to be 129 # fully configurable. Changing these defaults requires coordination 130 # SHA2 is hardcoded in several places, not only BCCSP 131 Hash: SHA2 132 Security: 256 133 # Location of key store. If this is unset, a location will be 134 # chosen using: 'LocalMSPDir'/keystore 135 FileKeyStore: 136 KeyStore: 137 138 # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) 139 # PKCS11: 140 # # Location of the PKCS11 module library 141 # Library: 142 # # Token Label 143 # Label: 144 # # User PIN 145 # Pin: 146 # Hash: 147 # Security: 148 # FileKeyStore: 149 # KeyStore: 150 151 # Authentication contains configuration parameters related to authenticating 152 # client messages 153 Authentication: 154 # the acceptable difference between the current server time and the 155 # client's time as specified in a client request message 156 TimeWindow: 15m 157 158 159 ################################################################################ 160 # 161 # SECTION: File Ledger 162 # 163 # - This section applies to the configuration of the file or json ledgers. 164 # 165 ################################################################################ 166 FileLedger: 167 168 # Location: The directory to store the blocks in. 169 # NOTE: If this is unset, a new temporary location will be chosen every time 170 # the orderer is restarted, using the prefix specified by Prefix. 171 Location: /var/hyperledger/production/orderer 172 173 # The prefix to use when generating a ledger directory in temporary space. 174 # Otherwise, this value is ignored. 175 Prefix: hyperledger-fabric-ordererledger 176 177 ################################################################################ 178 # 179 # SECTION: Kafka 180 # 181 # - This section applies to the configuration of the Kafka-based orderer, and 182 # its interaction with the Kafka cluster. 183 # 184 ################################################################################ 185 Kafka: 186 187 # Retry: What do if a connection to the Kafka cluster cannot be established, 188 # or if a metadata request to the Kafka cluster needs to be repeated. 189 Retry: 190 # When a new channel is created, or when an existing channel is reloaded 191 # (in case of a just-restarted orderer), the orderer interacts with the 192 # Kafka cluster in the following ways: 193 # 1. It creates a Kafka producer (writer) for the Kafka partition that 194 # corresponds to the channel. 195 # 2. It uses that producer to post a no-op CONNECT message to that 196 # partition 197 # 3. It creates a Kafka consumer (reader) for that partition. 198 # If any of these steps fail, they will be re-attempted every 199 # <ShortInterval> for a total of <ShortTotal>, and then every 200 # <LongInterval> for a total of <LongTotal> until they succeed. 201 # Note that the orderer will be unable to write to or read from a 202 # channel until all of the steps above have been completed successfully. 203 ShortInterval: 5s 204 ShortTotal: 10m 205 LongInterval: 5m 206 LongTotal: 12h 207 # Affects the socket timeouts when waiting for an initial connection, a 208 # response, or a transmission. See Config.Net for more info: 209 # https://godoc.org/github.com/Shopify/sarama#Config 210 NetworkTimeouts: 211 DialTimeout: 10s 212 ReadTimeout: 10s 213 WriteTimeout: 10s 214 # Affects the metadata requests when the Kafka cluster is in the middle 215 # of a leader election.See Config.Metadata for more info: 216 # https://godoc.org/github.com/Shopify/sarama#Config 217 Metadata: 218 RetryBackoff: 250ms 219 RetryMax: 3 220 # What to do if posting a message to the Kafka cluster fails. See 221 # Config.Producer for more info: 222 # https://godoc.org/github.com/Shopify/sarama#Config 223 Producer: 224 RetryBackoff: 100ms 225 RetryMax: 3 226 # What to do if reading from the Kafka cluster fails. See 227 # Config.Consumer for more info: 228 # https://godoc.org/github.com/Shopify/sarama#Config 229 Consumer: 230 RetryBackoff: 2s 231 # Settings to use when creating Kafka topics. Only applies when 232 # Kafka.Version is v0.10.1.0 or higher 233 Topic: 234 # The number of Kafka brokers across which to replicate the topic 235 ReplicationFactor: 3 236 # Verbose: Enable logging for interactions with the Kafka cluster. 237 Verbose: false 238 239 # TLS: TLS settings for the orderer's connection to the Kafka cluster. 240 TLS: 241 242 # Enabled: Use TLS when connecting to the Kafka cluster. 243 Enabled: false 244 245 # PrivateKey: PEM-encoded private key the orderer will use for 246 # authentication. 247 PrivateKey: 248 # As an alternative to specifying the PrivateKey here, uncomment the 249 # following "File" key and specify the file name from which to load the 250 # value of PrivateKey. 251 #File: path/to/PrivateKey 252 253 # Certificate: PEM-encoded signed public key certificate the orderer will 254 # use for authentication. 255 Certificate: 256 # As an alternative to specifying the Certificate here, uncomment the 257 # following "File" key and specify the file name from which to load the 258 # value of Certificate. 259 #File: path/to/Certificate 260 261 # RootCAs: PEM-encoded trusted root certificates used to validate 262 # certificates from the Kafka cluster. 263 RootCAs: 264 # As an alternative to specifying the RootCAs here, uncomment the 265 # following "File" key and specify the file name from which to load the 266 # value of RootCAs. 267 #File: path/to/RootCAs 268 269 # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers 270 SASLPlain: 271 # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers 272 Enabled: false 273 # User: Required when Enabled is set to true 274 User: 275 # Password: Required when Enabled is set to true 276 Password: 277 278 # Kafka protocol version used to communicate with the Kafka cluster brokers 279 # (defaults to 0.10.2.0 if not specified) 280 Version: 281 282 ################################################################################ 283 # 284 # Debug Configuration 285 # 286 # - This controls the debugging options for the orderer 287 # 288 ################################################################################ 289 Debug: 290 291 # BroadcastTraceDir when set will cause each request to the Broadcast service 292 # for this orderer to be written to a file in this directory 293 BroadcastTraceDir: 294 295 # DeliverTraceDir when set will cause each request to the Deliver service 296 # for this orderer to be written to a file in this directory 297 DeliverTraceDir: 298 299 ################################################################################ 300 # 301 # Operations Configuration 302 # 303 # - This configures the operations server endpoint for the orderer 304 # 305 ################################################################################ 306 Operations: 307 # host and port for the operations server 308 ListenAddress: 127.0.0.1:8443 309 310 # TLS configuration for the operations endpoint 311 TLS: 312 # TLS enabled 313 Enabled: false 314 315 # Certificate is the location of the PEM encoded TLS certificate 316 Certificate: 317 318 # PrivateKey points to the location of the PEM-encoded key 319 PrivateKey: 320 321 # Most operations service endpoints require client authentication when TLS 322 # is enabled. ClientAuthRequired requires client certificate authentication 323 # at the TLS layer to access all resources. 324 ClientAuthRequired: false 325 326 # Paths to PEM encoded ca certificates to trust for client authentication 327 ClientRootCAs: [] 328 329 ################################################################################ 330 # 331 # Metrics Configuration 332 # 333 # - This configures metrics collection for the orderer 334 # 335 ################################################################################ 336 Metrics: 337 # The metrics provider is one of statsd, prometheus, or disabled 338 Provider: prometheus 339 340 # The statsd configuration 341 Statsd: 342 # network type: tcp or udp 343 Network: udp 344 345 # the statsd server address 346 Address: 127.0.0.1:8125 347 348 # The interval at which locally cached counters and gauges are pushed 349 # to statsd; timings are pushed immediately 350 WriteInterval: 30s 351 352 # The prefix is prepended to all emitted statsd metrics 353 Prefix: 354 355 356 ################################################################################ 357 # 358 # Consensus Configuration 359 # 360 # - This section contains config options for a consensus plugin. It is opaque 361 # to orderer, and completely up to consensus implementation to make use of. 362 # 363 ################################################################################ 364 Consensus: 365 # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, 366 # we use following options: 367 368 # WALDir specifies the location at which Write Ahead Logs for etcd/raft are 369 # stored. Each channel will have its own subdir named after channel ID. 370 WALDir: /var/hyperledger/production/orderer/etcdraft/wal 371 372 # SnapDir specifies the location at which snapshots for etcd/raft are 373 # stored. Each channel will have its own subdir named after channel ID. 374 SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot