github.com/IBM-Blockchain/fabric-operator@v1.0.4/testdata/init/orderer/orderer.yaml (about) 1 # 2 # Copyright contributors to the Hyperledger Fabric Operator project 3 # 4 # SPDX-License-Identifier: Apache-2.0 5 # 6 # Licensed under the Apache License, Version 2.0 (the "License"); 7 # you may not use this file except in compliance with the License. 8 # You may obtain a copy of the License at: 9 # 10 # http://www.apache.org/licenses/LICENSE-2.0 11 # 12 # Unless required by applicable law or agreed to in writing, software 13 # distributed under the License is distributed on an "AS IS" BASIS, 14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 # See the License for the specific language governing permissions and 16 # limitations under the License. 17 # 18 19 20 ################################################################################ 21 # 22 # Orderer Configuration 23 # 24 # - This controls the type and configuration of the orderer. 25 # 26 ################################################################################ 27 General: 28 29 # Ledger Type: The ledger type to provide to the orderer. 30 # Two non-production ledger types are provided for test purposes only: 31 # - ram: An in-memory ledger whose contents are lost on restart. 32 # - json: A simple file ledger that writes blocks to disk in JSON format. 33 # Only one production ledger type is provided: 34 # - file: A production file-based ledger. 35 LedgerType: file 36 37 # Listen address: The IP on which to bind to listen. 38 ListenAddress: 127.0.0.1 39 40 # Listen port: The port on which to bind to listen. 41 ListenPort: 7050 42 43 # TLS: TLS settings for the GRPC server. 44 TLS: 45 Enabled: true 46 # PrivateKey governs the file location of the private key of the TLS certificate. 47 PrivateKey: tls/server.key 48 # Certificate governs the file location of the server TLS certificate. 49 Certificate: tls/server.crt 50 RootCAs: 51 - tls/ca.crt 52 ClientAuthRequired: true 53 ClientRootCAs: 54 - tls/client.crt 55 # Keepalive settings for the GRPC server. 56 Keepalive: 57 # ServerMinInterval is the minimum permitted time between client pings. 58 # If clients send pings more frequently, the server will 59 # disconnect them. 60 ServerMinInterval: 60s 61 # ServerInterval is the time between pings to clients. 62 ServerInterval: 7200s 63 # ServerTimeout is the duration the server waits for a response from 64 # a client before closing the connection. 65 ServerTimeout: 20s 66 # Cluster settings for ordering service nodes that communicate with other ordering service nodes 67 # such as Raft based ordering service. 68 Cluster: 69 # SendBufferSize is the maximum number of messages in the egress buffer. 70 # Consensus messages are dropped if the buffer is full, and transaction 71 # messages are waiting for space to be freed. 72 SendBufferSize: 10 73 # ClientCertificate governs the file location of the client TLS certificate 74 # used to establish mutual TLS connections with other ordering service nodes. 75 ClientCertificate: 76 # ClientPrivateKey governs the file location of the private key of the client TLS certificate. 77 ClientPrivateKey: 78 # The below 4 properties should be either set together, or be unset together. 79 # If they are set, then the orderer node uses a separate listener for intra-cluster 80 # communication. If they are unset, then the general orderer listener is used. 81 # This is useful if you want to use a different TLS server certificates on the 82 # client-facing and the intra-cluster listeners. 83 84 # ListenPort defines the port on which the cluster listens to connections. 85 ListenPort: 86 # ListenAddress defines the IP on which to listen to intra-cluster communication. 87 ListenAddress: 88 # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster 89 # communication. 90 ServerCertificate: 91 # ServerPrivateKey defines the file location of the private key of the TLS certificate. 92 ServerPrivateKey: 93 # Genesis method: The method by which the genesis block for the orderer 94 # system channel is specified. Available options are "provisional", "file": 95 # - provisional: Utilizes a genesis profile, specified by GenesisProfile, 96 # to dynamically generate a new genesis block. 97 # - file: Uses the file provided by GenesisFile as the genesis block. 98 GenesisMethod: provisional 99 100 # Genesis profile: The profile to use to dynamically generate the genesis 101 # block to use when initializing the orderer system channel and 102 # GenesisMethod is set to "provisional". See the configtx.yaml file for the 103 # descriptions of the available profiles. Ignored if GenesisMethod is set to 104 # "file". 105 GenesisProfile: SampleInsecureSolo 106 107 # Genesis file: The file containing the genesis block to use when 108 # initializing the orderer system channel and GenesisMethod is set to 109 # "file". Ignored if GenesisMethod is set to "provisional". 110 GenesisFile: genesisblock 111 112 # LocalMSPDir is where to find the private crypto material needed by the 113 # orderer. It is set relative here as a default for dev environments but 114 # should be changed to the real location in production. 115 LocalMSPDir: msp 116 117 # LocalMSPID is the identity to register the local MSP material with the MSP 118 # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP 119 # ID of one of the organizations defined in the orderer system channel's 120 # /Channel/Orderer configuration. The sample organization defined in the 121 # sample configuration provided has an MSP ID of "SampleOrg". 122 LocalMSPID: SampleOrg 123 124 # Enable an HTTP service for Go "pprof" profiling as documented at: 125 # https://golang.org/pkg/net/http/pprof 126 Profile: 127 Enabled: false 128 Address: 0.0.0.0:6060 129 130 # BCCSP configures the blockchain crypto service providers. 131 BCCSP: 132 # Default specifies the preferred blockchain crypto service provider 133 # to use. If the preferred provider is not available, the software 134 # based provider ("SW") will be used. 135 # Valid providers are: 136 # - SW: a software based crypto provider 137 # - PKCS11: a CA hardware security module crypto provider. 138 Default: SW 139 140 # SW configures the software based blockchain crypto provider. 141 SW: 142 # TODO: The default Hash and Security level needs refactoring to be 143 # fully configurable. Changing these defaults requires coordination 144 # SHA2 is hardcoded in several places, not only BCCSP 145 Hash: SHA2 146 Security: 256 147 # Location of key store. If this is unset, a location will be 148 # chosen using: 'LocalMSPDir'/keystore 149 FileKeyStore: 150 KeyStore: msp/keystore 151 152 PKCS11: 153 # Location of the PKCS11 module library 154 Library: "library1" 155 # Token Label 156 Label: "label1" 157 # User PIN 158 Pin: "1234" 159 Hash: SHA2 160 Security: 256 161 FileKeyStore: 162 KeyStore: "keystore2" 163 164 # Authentication contains configuration parameters related to authenticating 165 # client messages 166 Authentication: 167 # the acceptable difference between the current server time and the 168 # client's time as specified in a client request message 169 TimeWindow: 15m 170 171 ################################################################################ 172 # 173 # SECTION: File Ledger 174 # 175 # - This section applies to the configuration of the file or json ledgers. 176 # 177 ################################################################################ 178 FileLedger: 179 180 # Location: The directory to store the blocks in. 181 # NOTE: If this is unset, a new temporary location will be chosen every time 182 # the orderer is restarted, using the prefix specified by Prefix. 183 Location: /var/hyperledger/production/orderer 184 185 # The prefix to use when generating a ledger directory in temporary space. 186 # Otherwise, this value is ignored. 187 Prefix: hyperledger-fabric-ordererledger 188 189 ################################################################################ 190 # 191 # SECTION: RAM Ledger 192 # 193 # - This section applies to the configuration of the RAM ledger. 194 # 195 ################################################################################ 196 RAMLedger: 197 198 # History Size: The number of blocks that the RAM ledger is set to retain. 199 # WARNING: Appending a block to the ledger might cause the oldest block in 200 # the ledger to be dropped in order to limit the number total number blocks 201 # to HistorySize. For example, if history size is 10, when appending block 202 # 10, block 0 (the genesis block!) will be dropped to make room for block 10. 203 HistorySize: 1000 204 205 ################################################################################ 206 # 207 # SECTION: Kafka 208 # 209 # - This section applies to the configuration of the Kafka-based orderer, and 210 # its interaction with the Kafka cluster. 211 # 212 ################################################################################ 213 Kafka: 214 215 # Retry: What do if a connection to the Kafka cluster cannot be established, 216 # or if a metadata request to the Kafka cluster needs to be repeated. 217 Retry: 218 # When a new channel is created, or when an existing channel is reloaded 219 # (in case of a just-restarted orderer), the orderer interacts with the 220 # Kafka cluster in the following ways: 221 # 1. It creates a Kafka producer (writer) for the Kafka partition that 222 # corresponds to the channel. 223 # 2. It uses that producer to post a no-op CONNECT message to that 224 # partition 225 # 3. It creates a Kafka consumer (reader) for that partition. 226 # If any of these steps fail, they will be re-attempted every 227 # <ShortInterval> for a total of <ShortTotal>, and then every 228 # <LongInterval> for a total of <LongTotal> until they succeed. 229 # Note that the orderer will be unable to write to or read from a 230 # channel until all of the steps above have been completed successfully. 231 ShortInterval: 5s 232 ShortTotal: 10m 233 LongInterval: 5m 234 LongTotal: 12h 235 # Affects the socket timeouts when waiting for an initial connection, a 236 # response, or a transmission. See Config.Net for more info: 237 # https://godoc.org/github.com/Shopify/sarama#Config 238 NetworkTimeouts: 239 DialTimeout: 10s 240 ReadTimeout: 10s 241 WriteTimeout: 10s 242 # Affects the metadata requests when the Kafka cluster is in the middle 243 # of a leader election.See Config.Metadata for more info: 244 # https://godoc.org/github.com/Shopify/sarama#Config 245 Metadata: 246 RetryBackoff: 250ms 247 RetryMax: 3 248 # What to do if posting a message to the Kafka cluster fails. See 249 # Config.Producer for more info: 250 # https://godoc.org/github.com/Shopify/sarama#Config 251 Producer: 252 RetryBackoff: 100ms 253 RetryMax: 3 254 # What to do if reading from the Kafka cluster fails. See 255 # Config.Consumer for more info: 256 # https://godoc.org/github.com/Shopify/sarama#Config 257 Consumer: 258 RetryBackoff: 2s 259 # Settings to use when creating Kafka topics. Only applies when 260 # Kafka.Version is v0.10.1.0 or higher 261 Topic: 262 # The number of Kafka brokers across which to replicate the topic 263 ReplicationFactor: 3 264 # Verbose: Enable logging for interactions with the Kafka cluster. 265 Verbose: false 266 267 # TLS: TLS settings for the orderer's connection to the Kafka cluster. 268 TLS: 269 270 # Enabled: Use TLS when connecting to the Kafka cluster. 271 Enabled: false 272 273 # PrivateKey: PEM-encoded private key the orderer will use for 274 # authentication. 275 PrivateKey: 276 # As an alternative to specifying the PrivateKey here, uncomment the 277 # following "File" key and specify the file name from which to load the 278 # value of PrivateKey. 279 #File: path/to/PrivateKey 280 281 # Certificate: PEM-encoded signed public key certificate the orderer will 282 # use for authentication. 283 Certificate: 284 # As an alternative to specifying the Certificate here, uncomment the 285 # following "File" key and specify the file name from which to load the 286 # value of Certificate. 287 #File: path/to/Certificate 288 289 # RootCAs: PEM-encoded trusted root certificates used to validate 290 # certificates from the Kafka cluster. 291 RootCAs: 292 # As an alternative to specifying the RootCAs here, uncomment the 293 # following "File" key and specify the file name from which to load the 294 # value of RootCAs. 295 #File: path/to/RootCAs 296 297 # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers 298 SASLPlain: 299 # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers 300 Enabled: false 301 # User: Required when Enabled is set to true 302 User: 303 # Password: Required when Enabled is set to true 304 Password: 305 306 # Kafka protocol version used to communicate with the Kafka cluster brokers 307 # (defaults to 0.10.2.0 if not specified) 308 Version: 309 310 ################################################################################ 311 # 312 # Debug Configuration 313 # 314 # - This controls the debugging options for the orderer 315 # 316 ################################################################################ 317 Debug: 318 319 # BroadcastTraceDir when set will cause each request to the Broadcast service 320 # for this orderer to be written to a file in this directory 321 BroadcastTraceDir: 322 323 # DeliverTraceDir when set will cause each request to the Deliver service 324 # for this orderer to be written to a file in this directory 325 DeliverTraceDir: 326 327 ################################################################################ 328 # 329 # Operations Configuration 330 # 331 # - This configures the operations server endpoint for the orderer 332 # 333 ################################################################################ 334 Operations: 335 # host and port for the operations server 336 ListenAddress: 127.0.0.1:8443 337 338 # TLS configuration for the operations endpoint 339 TLS: 340 # TLS enabled 341 Enabled: false 342 343 # Certificate is the location of the PEM encoded TLS certificate 344 Certificate: 345 346 # PrivateKey points to the location of the PEM-encoded key 347 PrivateKey: 348 349 # Most operations service endpoints require client authentication when TLS 350 # is enabled. ClientAuthRequired requires client certificate authentication 351 # at the TLS layer to access all resources. 352 ClientAuthRequired: false 353 354 # Paths to PEM encoded ca certificates to trust for client authentication 355 ClientRootCAs: [] 356 357 ################################################################################ 358 # 359 # Metrics Configuration 360 # 361 # - This configures metrics collection for the orderer 362 # 363 ################################################################################ 364 Metrics: 365 # The metrics provider is one of statsd, prometheus, or disabled 366 Provider: prometheus 367 368 # The statsd configuration 369 Statsd: 370 # network type: tcp or udp 371 Network: udp 372 373 # the statsd server address 374 Address: 127.0.0.1:8125 375 376 # The interval at which locally cached counters and gauges are pushed 377 # to statsd; timings are pushed immediately 378 WriteInterval: 30s 379 380 # The prefix is prepended to all emitted statsd metrics 381 Prefix: 382 383 ################################################################################ 384 # 385 # Consensus Configuration 386 # 387 # - This section contains config options for a consensus plugin. It is opaque 388 # to orderer, and completely up to consensus implementation to make use of. 389 # 390 ################################################################################ 391 Consensus: 392 # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, 393 # we use following options: 394 395 # WALDir specifies the location at which Write Ahead Logs for etcd/raft are 396 # stored. Each channel will have its own subdir named after channel ID. 397 WALDir: /var/hyperledger/production/orderer/etcdraft/wal 398 399 # SnapDir specifies the location at which snapshots for etcd/raft are 400 # stored. Each channel will have its own subdir named after channel ID. 401 SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot