github.com/IBM-Blockchain/fabric-operator@v1.0.4/defaultconfig/orderer/v24/orderer.yaml (about) 1 # 2 # Copyright contributors to the Hyperledger Fabric Operator project 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 # Licensed under the Apache License, Version 2.0 (the "License"); 7 # you may not use this file except in compliance with the License. 8 # You may obtain a copy of the License at: 9 # 10 # http://www.apache.org/licenses/LICENSE-2.0 11 # 12 # Unless required by applicable law or agreed to in writing, software 13 # distributed under the License is distributed on an "AS IS" BASIS, 14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 # See the License for the specific language governing permissions and 16 # limitations under the License. 17 # 18 19 ################################################################################ 20 # 21 # Orderer Configuration 22 # 23 # - This controls the type and configuration of the orderer. 24 # 25 ################################################################################ 26 General: 27 # Listen address: The IP on which to bind to listen. 28 ListenAddress: 127.0.0.1 29 30 # Listen port: The port on which to bind to listen. 31 ListenPort: 7050 32 33 # TLS: TLS settings for the GRPC server. 34 TLS: 35 Enabled: false 36 # PrivateKey governs the file location of the private key of the TLS certificate. 37 PrivateKey: tls/server.key 38 # Certificate governs the file location of the server TLS certificate. 39 Certificate: tls/server.crt 40 RootCAs: 41 - tls/ca.crt 42 ClientAuthRequired: false 43 ClientRootCAs: 44 # Keepalive settings for the GRPC server. 45 Keepalive: 46 # ServerMinInterval is the minimum permitted time between client pings. 47 # If clients send pings more frequently, the server will 48 # disconnect them. 49 ServerMinInterval: 60s 50 # ServerInterval is the time between pings to clients. 51 ServerInterval: 7200s 52 # ServerTimeout is the duration the server waits for a response from 53 # a client before closing the connection. 54 ServerTimeout: 20s 55 # Cluster settings for ordering service nodes that communicate with other ordering service nodes 56 # such as Raft based ordering service. 57 Cluster: 58 # SendBufferSize is the maximum number of messages in the egress buffer. 59 # Consensus messages are dropped if the buffer is full, and transaction 60 # messages are waiting for space to be freed. 61 SendBufferSize: 10 62 # ClientCertificate governs the file location of the client TLS certificate 63 # used to establish mutual TLS connections with other ordering service nodes. 64 ClientCertificate: 65 # ClientPrivateKey governs the file location of the private key of the client TLS certificate. 66 ClientPrivateKey: 67 # The below 4 properties should be either set together, or be unset together. 68 # If they are set, then the orderer node uses a separate listener for intra-cluster 69 # communication. If they are unset, then the general orderer listener is used. 70 # This is useful if you want to use a different TLS server certificates on the 71 # client-facing and the intra-cluster listeners. 72 73 # ListenPort defines the port on which the cluster listens to connections. 74 ListenPort: 75 # ListenAddress defines the IP on which to listen to intra-cluster communication. 76 ListenAddress: 77 # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster 78 # communication. 79 ServerCertificate: 80 # ServerPrivateKey defines the file location of the private key of the TLS certificate. 81 ServerPrivateKey: 82 83 # Bootstrap method: The method by which to obtain the bootstrap block 84 # system channel is specified. The option can be one of: 85 # "file" - path to a file containing the genesis block or config block of system channel 86 # "none" - allows an orderer to start without a system channel configuration 87 BootstrapMethod: file 88 89 # Bootstrap file: The file containing the bootstrap block to use when 90 # initializing the orderer system channel and BootstrapMethod is set to 91 # "file". The bootstrap file can be the genesis block, and it can also be 92 # a config block for late bootstrap of some consensus methods like Raft. 93 # Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and 94 # using configtxgen command with "-outputBlock" option. 95 # Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified. 96 BootstrapFile: 97 98 # LocalMSPDir is where to find the private crypto material needed by the 99 # orderer. It is set relative here as a default for dev environments but 100 # should be changed to the real location in production. 101 LocalMSPDir: msp 102 103 # LocalMSPID is the identity to register the local MSP material with the MSP 104 # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP 105 # ID of one of the organizations defined in the orderer system channel's 106 # /Channel/Orderer configuration. The sample organization defined in the 107 # sample configuration provided has an MSP ID of "SampleOrg". 108 LocalMSPID: SampleOrg 109 110 # Enable an HTTP service for Go "pprof" profiling as documented at: 111 # https://golang.org/pkg/net/http/pprof 112 Profile: 113 Enabled: false 114 Address: 0.0.0.0:6060 115 116 # BCCSP configures the blockchain crypto service providers. 117 BCCSP: 118 # Default specifies the preferred blockchain crypto service provider 119 # to use. If the preferred provider is not available, the software 120 # based provider ("SW") will be used. 121 # Valid providers are: 122 # - SW: a software based crypto provider 123 # - PKCS11: a CA hardware security module crypto provider. 124 Default: SW 125 126 # SW configures the software based blockchain crypto provider. 127 SW: 128 # TODO: The default Hash and Security level needs refactoring to be 129 # fully configurable. Changing these defaults requires coordination 130 # SHA2 is hardcoded in several places, not only BCCSP 131 Hash: SHA2 132 Security: 256 133 # Location of key store. If this is unset, a location will be 134 # chosen using: 'LocalMSPDir'/keystore 135 FileKeyStore: 136 KeyStore: 137 138 # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) 139 # PKCS11: 140 # # Location of the PKCS11 module library 141 # Library: 142 # # Token Label 143 # Label: 144 # # User PIN 145 # Pin: 146 # Hash: 147 # Security: 148 # FileKeyStore: 149 # KeyStore: 150 151 # Authentication contains configuration parameters related to authenticating 152 # client messages 153 Authentication: 154 # the acceptable difference between the current server time and the 155 # client's time as specified in a client request message 156 TimeWindow: 15m 157 158 159 ################################################################################ 160 # 161 # SECTION: File Ledger 162 # 163 # - This section applies to the configuration of the file or json ledgers. 164 # 165 ################################################################################ 166 FileLedger: 167 168 # Location: The directory to store the blocks in. 169 # NOTE: If this is unset, a new temporary location will be chosen every time 170 # the orderer is restarted, using the prefix specified by Prefix. 171 Location: /var/hyperledger/production/orderer 172 173 ################################################################################ 174 # 175 # SECTION: Kafka 176 # 177 # - This section applies to the configuration of the Kafka-based orderer, and 178 # its interaction with the Kafka cluster. 179 # 180 ################################################################################ 181 Kafka: 182 183 # Retry: What do if a connection to the Kafka cluster cannot be established, 184 # or if a metadata request to the Kafka cluster needs to be repeated. 185 Retry: 186 # When a new channel is created, or when an existing channel is reloaded 187 # (in case of a just-restarted orderer), the orderer interacts with the 188 # Kafka cluster in the following ways: 189 # 1. It creates a Kafka producer (writer) for the Kafka partition that 190 # corresponds to the channel. 191 # 2. It uses that producer to post a no-op CONNECT message to that 192 # partition 193 # 3. It creates a Kafka consumer (reader) for that partition. 194 # If any of these steps fail, they will be re-attempted every 195 # <ShortInterval> for a total of <ShortTotal>, and then every 196 # <LongInterval> for a total of <LongTotal> until they succeed. 197 # Note that the orderer will be unable to write to or read from a 198 # channel until all of the steps above have been completed successfully. 199 ShortInterval: 5s 200 ShortTotal: 10m 201 LongInterval: 5m 202 LongTotal: 12h 203 # Affects the socket timeouts when waiting for an initial connection, a 204 # response, or a transmission. See Config.Net for more info: 205 # https://godoc.org/github.com/Shopify/sarama#Config 206 NetworkTimeouts: 207 DialTimeout: 10s 208 ReadTimeout: 10s 209 WriteTimeout: 10s 210 # Affects the metadata requests when the Kafka cluster is in the middle 211 # of a leader election.See Config.Metadata for more info: 212 # https://godoc.org/github.com/Shopify/sarama#Config 213 Metadata: 214 RetryBackoff: 250ms 215 RetryMax: 3 216 # What to do if posting a message to the Kafka cluster fails. See 217 # Config.Producer for more info: 218 # https://godoc.org/github.com/Shopify/sarama#Config 219 Producer: 220 RetryBackoff: 100ms 221 RetryMax: 3 222 # What to do if reading from the Kafka cluster fails. See 223 # Config.Consumer for more info: 224 # https://godoc.org/github.com/Shopify/sarama#Config 225 Consumer: 226 RetryBackoff: 2s 227 # Settings to use when creating Kafka topics. Only applies when 228 # Kafka.Version is v0.10.1.0 or higher 229 Topic: 230 # The number of Kafka brokers across which to replicate the topic 231 ReplicationFactor: 3 232 # Verbose: Enable logging for interactions with the Kafka cluster. 233 Verbose: false 234 235 # TLS: TLS settings for the orderer's connection to the Kafka cluster. 236 TLS: 237 238 # Enabled: Use TLS when connecting to the Kafka cluster. 239 Enabled: false 240 241 # PrivateKey: PEM-encoded private key the orderer will use for 242 # authentication. 243 PrivateKey: 244 # As an alternative to specifying the PrivateKey here, uncomment the 245 # following "File" key and specify the file name from which to load the 246 # value of PrivateKey. 247 #File: path/to/PrivateKey 248 249 # Certificate: PEM-encoded signed public key certificate the orderer will 250 # use for authentication. 251 Certificate: 252 # As an alternative to specifying the Certificate here, uncomment the 253 # following "File" key and specify the file name from which to load the 254 # value of Certificate. 255 #File: path/to/Certificate 256 257 # RootCAs: PEM-encoded trusted root certificates used to validate 258 # certificates from the Kafka cluster. 259 RootCAs: 260 # As an alternative to specifying the RootCAs here, uncomment the 261 # following "File" key and specify the file name from which to load the 262 # value of RootCAs. 263 #File: path/to/RootCAs 264 265 # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers 266 SASLPlain: 267 # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers 268 Enabled: false 269 # User: Required when Enabled is set to true 270 User: 271 # Password: Required when Enabled is set to true 272 Password: 273 274 # Kafka protocol version used to communicate with the Kafka cluster brokers 275 # (defaults to 0.10.2.0 if not specified) 276 Version: 277 278 ################################################################################ 279 # 280 # Debug Configuration 281 # 282 # - This controls the debugging options for the orderer 283 # 284 ################################################################################ 285 Debug: 286 287 # BroadcastTraceDir when set will cause each request to the Broadcast service 288 # for this orderer to be written to a file in this directory 289 BroadcastTraceDir: 290 291 # DeliverTraceDir when set will cause each request to the Deliver service 292 # for this orderer to be written to a file in this directory 293 DeliverTraceDir: 294 295 ################################################################################ 296 # 297 # Operations Configuration 298 # 299 # - This configures the operations server endpoint for the orderer 300 # 301 ################################################################################ 302 Operations: 303 # host and port for the operations server 304 ListenAddress: 127.0.0.1:8443 305 306 # TLS configuration for the operations endpoint 307 TLS: 308 # TLS enabled 309 Enabled: false 310 311 # Certificate is the location of the PEM encoded TLS certificate 312 Certificate: 313 314 # PrivateKey points to the location of the PEM-encoded key 315 PrivateKey: 316 317 # Most operations service endpoints require client authentication when TLS 318 # is enabled. ClientAuthRequired requires client certificate authentication 319 # at the TLS layer to access all resources. 320 ClientAuthRequired: false 321 322 # Paths to PEM encoded ca certificates to trust for client authentication 323 ClientRootCAs: [] 324 325 ################################################################################ 326 # 327 # Metrics Configuration 328 # 329 # - This configures metrics collection for the orderer 330 # 331 ################################################################################ 332 Metrics: 333 # The metrics provider is one of statsd, prometheus, or disabled 334 Provider: prometheus 335 336 # The statsd configuration 337 Statsd: 338 # network type: tcp or udp 339 Network: udp 340 341 # the statsd server address 342 Address: 127.0.0.1:8125 343 344 # The interval at which locally cached counters and gauges are pushed 345 # to statsd; timings are pushed immediately 346 WriteInterval: 30s 347 348 # The prefix is prepended to all emitted statsd metrics 349 Prefix: 350 351 ################################################################################ 352 # 353 # Admin Configuration 354 # 355 # - This configures the admin server endpoint for the orderer 356 # 357 ################################################################################ 358 Admin: 359 # host and port for the admin server 360 ListenAddress: 127.0.0.1:9443 361 362 # TLS configuration for the admin endpoint 363 TLS: 364 # TLS enabled 365 Enabled: false 366 367 # Certificate is the location of the PEM encoded TLS certificate 368 Certificate: 369 370 # PrivateKey points to the location of the PEM-encoded key 371 PrivateKey: 372 373 # Most admin service endpoints require client authentication when TLS 374 # is enabled. ClientAuthRequired requires client certificate authentication 375 # at the TLS layer to access all resources. 376 # 377 # NOTE: When TLS is enabled, the admin endpoint requires mutual TLS. The 378 # orderer will panic on startup if this value is set to false. 379 ClientAuthRequired: true 380 381 # Paths to PEM encoded ca certificates to trust for client authentication 382 ClientRootCAs: [] 383 384 ################################################################################ 385 # 386 # Channel participation API Configuration 387 # 388 # - This provides the channel participation API configuration for the orderer. 389 # - Channel participation uses the ListenAddress and TLS settings of the Admin 390 # service. 391 # 392 ################################################################################ 393 ChannelParticipation: 394 # Channel participation API is enabled. 395 # ibp updates this to enabled by default 396 Enabled: true 397 398 # The maximum size of the request body when joining a channel. 399 MaxRequestBodySize: 1048576 400 401 402 ################################################################################ 403 # 404 # Consensus Configuration 405 # 406 # - This section contains config options for a consensus plugin. It is opaque 407 # to orderer, and completely up to consensus implementation to make use of. 408 # 409 ################################################################################ 410 Consensus: 411 # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, 412 # we use following options: 413 414 # WALDir specifies the location at which Write Ahead Logs for etcd/raft are 415 # stored. Each channel will have its own subdir named after channel ID. 416 WALDir: /var/hyperledger/production/orderer/etcdraft/wal 417 418 # SnapDir specifies the location at which snapshots for etcd/raft are 419 # stored. Each channel will have its own subdir named after channel ID. 420 SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot