github.com/fnagchunpeng/fabric@v2.1.1+incompatible/sampleconfig/orderer.yaml (about) 1 # Copyright IBM Corp. All Rights Reserved. 2 # 3 # SPDX-License-Identifier: Apache-2.0 4 # 5 6 --- 7 ################################################################################ 8 # 9 # Orderer Configuration 10 # 11 # - This controls the type and configuration of the orderer. 12 # 13 ################################################################################ 14 General: 15 # Listen address: The IP on which to bind to listen. 16 ListenAddress: 127.0.0.1 17 18 # Listen port: The port on which to bind to listen. 19 ListenPort: 7050 20 21 # TLS: TLS settings for the GRPC server. 22 TLS: 23 Enabled: false 24 # PrivateKey governs the file location of the private key of the TLS certificate. 25 PrivateKey: tls/server.key 26 # Certificate governs the file location of the server TLS certificate. 27 Certificate: tls/server.crt 28 RootCAs: 29 - tls/ca.crt 30 ClientAuthRequired: false 31 ClientRootCAs: 32 # Keepalive settings for the GRPC server. 33 Keepalive: 34 # ServerMinInterval is the minimum permitted time between client pings. 35 # If clients send pings more frequently, the server will 36 # disconnect them. 37 ServerMinInterval: 60s 38 # ServerInterval is the time between pings to clients. 39 ServerInterval: 7200s 40 # ServerTimeout is the duration the server waits for a response from 41 # a client before closing the connection. 42 ServerTimeout: 20s 43 # Cluster settings for ordering service nodes that communicate with other ordering service nodes 44 # such as Raft based ordering service. 45 Cluster: 46 # SendBufferSize is the maximum number of messages in the egress buffer. 47 # Consensus messages are dropped if the buffer is full, and transaction 48 # messages are waiting for space to be freed. 49 SendBufferSize: 10 50 # ClientCertificate governs the file location of the client TLS certificate 51 # used to establish mutual TLS connections with other ordering service nodes. 52 ClientCertificate: 53 # ClientPrivateKey governs the file location of the private key of the client TLS certificate. 54 ClientPrivateKey: 55 # The below 4 properties should be either set together, or be unset together. 56 # If they are set, then the orderer node uses a separate listener for intra-cluster 57 # communication. If they are unset, then the general orderer listener is used. 58 # This is useful if you want to use a different TLS server certificates on the 59 # client-facing and the intra-cluster listeners. 60 61 # ListenPort defines the port on which the cluster listens to connections. 62 ListenPort: 63 # ListenAddress defines the IP on which to listen to intra-cluster communication. 64 ListenAddress: 65 # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster 66 # communication. 67 ServerCertificate: 68 # ServerPrivateKey defines the file location of the private key of the TLS certificate. 69 ServerPrivateKey: 70 71 # Bootstrap method: The method by which to obtain the bootstrap block 72 # system channel is specified. The option can be one of: 73 # "file" - path to a file containing the genesis block or config block of system channel 74 # "none" - allows an orderer to start without a system channel configuration 75 BootstrapMethod: file 76 77 # Bootstrap file: The file containing the bootstrap block to use when 78 # initializing the orderer system channel and BootstrapMethod is set to 79 # "file". The bootstrap file can be the genesis block, and it can also be 80 # a config block for late bootstrap of some consensus methods like Raft. 81 # Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and 82 # using configtxgen command with "-outputBlock" option. 83 # Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified. 84 BootstrapFile: 85 86 # LocalMSPDir is where to find the private crypto material needed by the 87 # orderer. It is set relative here as a default for dev environments but 88 # should be changed to the real location in production. 89 LocalMSPDir: msp 90 91 # LocalMSPID is the identity to register the local MSP material with the MSP 92 # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP 93 # ID of one of the organizations defined in the orderer system channel's 94 # /Channel/Orderer configuration. The sample organization defined in the 95 # sample configuration provided has an MSP ID of "SampleOrg". 96 LocalMSPID: SampleOrg 97 98 # Enable an HTTP service for Go "pprof" profiling as documented at: 99 # https://golang.org/pkg/net/http/pprof 100 Profile: 101 Enabled: false 102 Address: 0.0.0.0:6060 103 104 # BCCSP configures the blockchain crypto service providers. 105 BCCSP: 106 # Default specifies the preferred blockchain crypto service provider 107 # to use. If the preferred provider is not available, the software 108 # based provider ("SW") will be used. 109 # Valid providers are: 110 # - SW: a software based crypto provider 111 # - PKCS11: a CA hardware security module crypto provider. 112 Default: SW 113 114 # SW configures the software based blockchain crypto provider. 115 SW: 116 # TODO: The default Hash and Security level needs refactoring to be 117 # fully configurable. Changing these defaults requires coordination 118 # SHA2 is hardcoded in several places, not only BCCSP 119 Hash: SHA2 120 Security: 256 121 # Location of key store. If this is unset, a location will be 122 # chosen using: 'LocalMSPDir'/keystore 123 FileKeyStore: 124 KeyStore: 125 126 # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) 127 PKCS11: 128 # Location of the PKCS11 module library 129 Library: 130 # Token Label 131 Label: 132 # User PIN 133 Pin: 134 Hash: 135 Security: 136 FileKeyStore: 137 KeyStore: 138 139 # Authentication contains configuration parameters related to authenticating 140 # client messages 141 Authentication: 142 # the acceptable difference between the current server time and the 143 # client's time as specified in a client request message 144 TimeWindow: 15m 145 146 147 ################################################################################ 148 # 149 # SECTION: File Ledger 150 # 151 # - This section applies to the configuration of the file or json ledgers. 152 # 153 ################################################################################ 154 FileLedger: 155 156 # Location: The directory to store the blocks in. 157 # NOTE: If this is unset, a new temporary location will be chosen every time 158 # the orderer is restarted, using the prefix specified by Prefix. 159 Location: /var/hyperledger/production/orderer 160 161 # The prefix to use when generating a ledger directory in temporary space. 162 # Otherwise, this value is ignored. 163 Prefix: hyperledger-fabric-ordererledger 164 165 ################################################################################ 166 # 167 # SECTION: Kafka 168 # 169 # - This section applies to the configuration of the Kafka-based orderer, and 170 # its interaction with the Kafka cluster. 171 # 172 ################################################################################ 173 Kafka: 174 175 # Retry: What do if a connection to the Kafka cluster cannot be established, 176 # or if a metadata request to the Kafka cluster needs to be repeated. 177 Retry: 178 # When a new channel is created, or when an existing channel is reloaded 179 # (in case of a just-restarted orderer), the orderer interacts with the 180 # Kafka cluster in the following ways: 181 # 1. It creates a Kafka producer (writer) for the Kafka partition that 182 # corresponds to the channel. 183 # 2. It uses that producer to post a no-op CONNECT message to that 184 # partition 185 # 3. It creates a Kafka consumer (reader) for that partition. 186 # If any of these steps fail, they will be re-attempted every 187 # <ShortInterval> for a total of <ShortTotal>, and then every 188 # <LongInterval> for a total of <LongTotal> until they succeed. 189 # Note that the orderer will be unable to write to or read from a 190 # channel until all of the steps above have been completed successfully. 191 ShortInterval: 5s 192 ShortTotal: 10m 193 LongInterval: 5m 194 LongTotal: 12h 195 # Affects the socket timeouts when waiting for an initial connection, a 196 # response, or a transmission. See Config.Net for more info: 197 # https://godoc.org/github.com/Shopify/sarama#Config 198 NetworkTimeouts: 199 DialTimeout: 10s 200 ReadTimeout: 10s 201 WriteTimeout: 10s 202 # Affects the metadata requests when the Kafka cluster is in the middle 203 # of a leader election.See Config.Metadata for more info: 204 # https://godoc.org/github.com/Shopify/sarama#Config 205 Metadata: 206 RetryBackoff: 250ms 207 RetryMax: 3 208 # What to do if posting a message to the Kafka cluster fails. See 209 # Config.Producer for more info: 210 # https://godoc.org/github.com/Shopify/sarama#Config 211 Producer: 212 RetryBackoff: 100ms 213 RetryMax: 3 214 # What to do if reading from the Kafka cluster fails. See 215 # Config.Consumer for more info: 216 # https://godoc.org/github.com/Shopify/sarama#Config 217 Consumer: 218 RetryBackoff: 2s 219 # Settings to use when creating Kafka topics. Only applies when 220 # Kafka.Version is v0.10.1.0 or higher 221 Topic: 222 # The number of Kafka brokers across which to replicate the topic 223 ReplicationFactor: 3 224 # Verbose: Enable logging for interactions with the Kafka cluster. 225 Verbose: false 226 227 # TLS: TLS settings for the orderer's connection to the Kafka cluster. 228 TLS: 229 230 # Enabled: Use TLS when connecting to the Kafka cluster. 231 Enabled: false 232 233 # PrivateKey: PEM-encoded private key the orderer will use for 234 # authentication. 235 PrivateKey: 236 # As an alternative to specifying the PrivateKey here, uncomment the 237 # following "File" key and specify the file name from which to load the 238 # value of PrivateKey. 239 #File: path/to/PrivateKey 240 241 # Certificate: PEM-encoded signed public key certificate the orderer will 242 # use for authentication. 243 Certificate: 244 # As an alternative to specifying the Certificate here, uncomment the 245 # following "File" key and specify the file name from which to load the 246 # value of Certificate. 247 #File: path/to/Certificate 248 249 # RootCAs: PEM-encoded trusted root certificates used to validate 250 # certificates from the Kafka cluster. 251 RootCAs: 252 # As an alternative to specifying the RootCAs here, uncomment the 253 # following "File" key and specify the file name from which to load the 254 # value of RootCAs. 255 #File: path/to/RootCAs 256 257 # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers 258 SASLPlain: 259 # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers 260 Enabled: false 261 # User: Required when Enabled is set to true 262 User: 263 # Password: Required when Enabled is set to true 264 Password: 265 266 # Kafka protocol version used to communicate with the Kafka cluster brokers 267 # (defaults to 0.10.2.0 if not specified) 268 Version: 269 270 ################################################################################ 271 # 272 # Debug Configuration 273 # 274 # - This controls the debugging options for the orderer 275 # 276 ################################################################################ 277 Debug: 278 279 # BroadcastTraceDir when set will cause each request to the Broadcast service 280 # for this orderer to be written to a file in this directory 281 BroadcastTraceDir: 282 283 # DeliverTraceDir when set will cause each request to the Deliver service 284 # for this orderer to be written to a file in this directory 285 DeliverTraceDir: 286 287 ################################################################################ 288 # 289 # Operations Configuration 290 # 291 # - This configures the operations server endpoint for the orderer 292 # 293 ################################################################################ 294 Operations: 295 # host and port for the operations server 296 ListenAddress: 127.0.0.1:8443 297 298 # TLS configuration for the operations endpoint 299 TLS: 300 # TLS enabled 301 Enabled: false 302 303 # Certificate is the location of the PEM encoded TLS certificate 304 Certificate: 305 306 # PrivateKey points to the location of the PEM-encoded key 307 PrivateKey: 308 309 # Most operations service endpoints require client authentication when TLS 310 # is enabled. ClientAuthRequired requires client certificate authentication 311 # at the TLS layer to access all resources. 312 ClientAuthRequired: false 313 314 # Paths to PEM encoded ca certificates to trust for client authentication 315 ClientRootCAs: [] 316 317 ################################################################################ 318 # 319 # Metrics Configuration 320 # 321 # - This configures metrics collection for the orderer 322 # 323 ################################################################################ 324 Metrics: 325 # The metrics provider is one of statsd, prometheus, or disabled 326 Provider: disabled 327 328 # The statsd configuration 329 Statsd: 330 # network type: tcp or udp 331 Network: udp 332 333 # the statsd server address 334 Address: 127.0.0.1:8125 335 336 # The interval at which locally cached counters and gauges are pushed 337 # to statsd; timings are pushed immediately 338 WriteInterval: 30s 339 340 # The prefix is prepended to all emitted statsd metrics 341 Prefix: 342 343 ################################################################################ 344 # 345 # Consensus Configuration 346 # 347 # - This section contains config options for a consensus plugin. It is opaque 348 # to orderer, and completely up to consensus implementation to make use of. 349 # 350 ################################################################################ 351 Consensus: 352 # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, 353 # we use following options: 354 355 # WALDir specifies the location at which Write Ahead Logs for etcd/raft are 356 # stored. Each channel will have its own subdir named after channel ID. 357 WALDir: /var/hyperledger/production/orderer/etcdraft/wal 358 359 # SnapDir specifies the location at which snapshots for etcd/raft are 360 # stored. Each channel will have its own subdir named after channel ID. 361 SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot