github.com/yous1230/fabric@v2.0.0-beta.0.20191224111736-74345bee6ac2+incompatible/sampleconfig/orderer.yaml (about) 1 # Copyright IBM Corp. All Rights Reserved. 2 # 3 # SPDX-License-Identifier: Apache-2.0 4 # 5 6 --- 7 ################################################################################ 8 # 9 # Orderer Configuration 10 # 11 # - This controls the type and configuration of the orderer. 12 # 13 ################################################################################ 14 General: 15 # Listen address: The IP on which to bind to listen. 16 ListenAddress: 127.0.0.1 17 18 # Listen port: The port on which to bind to listen. 19 ListenPort: 7050 20 21 # TLS: TLS settings for the GRPC server. 22 TLS: 23 Enabled: false 24 # PrivateKey governs the file location of the private key of the TLS certificate. 25 PrivateKey: tls/server.key 26 # Certificate governs the file location of the server TLS certificate. 27 Certificate: tls/server.crt 28 RootCAs: 29 - tls/ca.crt 30 ClientAuthRequired: false 31 ClientRootCAs: 32 # Keepalive settings for the GRPC server. 33 Keepalive: 34 # ServerMinInterval is the minimum permitted time between client pings. 35 # If clients send pings more frequently, the server will 36 # disconnect them. 37 ServerMinInterval: 60s 38 # ServerInterval is the time between pings to clients. 39 ServerInterval: 7200s 40 # ServerTimeout is the duration the server waits for a response from 41 # a client before closing the connection. 42 ServerTimeout: 20s 43 # Cluster settings for ordering service nodes that communicate with other ordering service nodes 44 # such as Raft based ordering service. 45 Cluster: 46 # SendBufferSize is the maximum number of messages in the egress buffer. 47 # Consensus messages are dropped if the buffer is full, and transaction 48 # messages are waiting for space to be freed. 49 SendBufferSize: 10 50 # ClientCertificate governs the file location of the client TLS certificate 51 # used to establish mutual TLS connections with other ordering service nodes. 52 ClientCertificate: 53 # ClientPrivateKey governs the file location of the private key of the client TLS certificate. 54 ClientPrivateKey: 55 # The below 4 properties should be either set together, or be unset together. 56 # If they are set, then the orderer node uses a separate listener for intra-cluster 57 # communication. If they are unset, then the general orderer listener is used. 58 # This is useful if you want to use a different TLS server certificates on the 59 # client-facing and the intra-cluster listeners. 60 61 # ListenPort defines the port on which the cluster listens to connections. 62 ListenPort: 63 # ListenAddress defines the IP on which to listen to intra-cluster communication. 64 ListenAddress: 65 # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster 66 # communication. 67 ServerCertificate: 68 # ServerPrivateKey defines the file location of the private key of the TLS certificate. 69 ServerPrivateKey: 70 71 # Bootstrap method: The method by which to obtain the bootstrap block 72 # system channel is specified. The option can be one of: 73 # "file" - path to a faile containing the genesis block or config block of system channel 74 # "none" - allows an orderer to start without a system channel configuration 75 BootstrapMethod: file 76 77 # Bootstrap file: The file containing the bootstrap block to use when 78 # initializing the orderer system channel and BootstrapMethod is set to 79 # "file". The bootstrap file can be the genesis block, and it can also be 80 # a config block for late bootstrap of some consensus methods like Raft. 81 BootstrapFile: 82 83 # LocalMSPDir is where to find the private crypto material needed by the 84 # orderer. It is set relative here as a default for dev environments but 85 # should be changed to the real location in production. 86 LocalMSPDir: msp 87 88 # LocalMSPID is the identity to register the local MSP material with the MSP 89 # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP 90 # ID of one of the organizations defined in the orderer system channel's 91 # /Channel/Orderer configuration. The sample organization defined in the 92 # sample configuration provided has an MSP ID of "SampleOrg". 93 LocalMSPID: SampleOrg 94 95 # Enable an HTTP service for Go "pprof" profiling as documented at: 96 # https://golang.org/pkg/net/http/pprof 97 Profile: 98 Enabled: false 99 Address: 0.0.0.0:6060 100 101 # BCCSP configures the blockchain crypto service providers. 102 BCCSP: 103 # Default specifies the preferred blockchain crypto service provider 104 # to use. If the preferred provider is not available, the software 105 # based provider ("SW") will be used. 106 # Valid providers are: 107 # - SW: a software based crypto provider 108 # - PKCS11: a CA hardware security module crypto provider. 109 Default: SW 110 111 # SW configures the software based blockchain crypto provider. 112 SW: 113 # TODO: The default Hash and Security level needs refactoring to be 114 # fully configurable. Changing these defaults requires coordination 115 # SHA2 is hardcoded in several places, not only BCCSP 116 Hash: SHA2 117 Security: 256 118 # Location of key store. If this is unset, a location will be 119 # chosen using: 'LocalMSPDir'/keystore 120 FileKeyStore: 121 KeyStore: 122 123 # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) 124 PKCS11: 125 # Location of the PKCS11 module library 126 Library: 127 # Token Label 128 Label: 129 # User PIN 130 Pin: 131 Hash: 132 Security: 133 FileKeyStore: 134 KeyStore: 135 136 # Authentication contains configuration parameters related to authenticating 137 # client messages 138 Authentication: 139 # the acceptable difference between the current server time and the 140 # client's time as specified in a client request message 141 TimeWindow: 15m 142 143 144 ################################################################################ 145 # 146 # SECTION: File Ledger 147 # 148 # - This section applies to the configuration of the file or json ledgers. 149 # 150 ################################################################################ 151 FileLedger: 152 153 # Location: The directory to store the blocks in. 154 # NOTE: If this is unset, a new temporary location will be chosen every time 155 # the orderer is restarted, using the prefix specified by Prefix. 156 Location: /var/hyperledger/production/orderer 157 158 # The prefix to use when generating a ledger directory in temporary space. 159 # Otherwise, this value is ignored. 160 Prefix: hyperledger-fabric-ordererledger 161 162 ################################################################################ 163 # 164 # SECTION: Kafka 165 # 166 # - This section applies to the configuration of the Kafka-based orderer, and 167 # its interaction with the Kafka cluster. 168 # 169 ################################################################################ 170 Kafka: 171 172 # Retry: What do if a connection to the Kafka cluster cannot be established, 173 # or if a metadata request to the Kafka cluster needs to be repeated. 174 Retry: 175 # When a new channel is created, or when an existing channel is reloaded 176 # (in case of a just-restarted orderer), the orderer interacts with the 177 # Kafka cluster in the following ways: 178 # 1. It creates a Kafka producer (writer) for the Kafka partition that 179 # corresponds to the channel. 180 # 2. It uses that producer to post a no-op CONNECT message to that 181 # partition 182 # 3. It creates a Kafka consumer (reader) for that partition. 183 # If any of these steps fail, they will be re-attempted every 184 # <ShortInterval> for a total of <ShortTotal>, and then every 185 # <LongInterval> for a total of <LongTotal> until they succeed. 186 # Note that the orderer will be unable to write to or read from a 187 # channel until all of the steps above have been completed successfully. 188 ShortInterval: 5s 189 ShortTotal: 10m 190 LongInterval: 5m 191 LongTotal: 12h 192 # Affects the socket timeouts when waiting for an initial connection, a 193 # response, or a transmission. See Config.Net for more info: 194 # https://godoc.org/github.com/Shopify/sarama#Config 195 NetworkTimeouts: 196 DialTimeout: 10s 197 ReadTimeout: 10s 198 WriteTimeout: 10s 199 # Affects the metadata requests when the Kafka cluster is in the middle 200 # of a leader election.See Config.Metadata for more info: 201 # https://godoc.org/github.com/Shopify/sarama#Config 202 Metadata: 203 RetryBackoff: 250ms 204 RetryMax: 3 205 # What to do if posting a message to the Kafka cluster fails. See 206 # Config.Producer for more info: 207 # https://godoc.org/github.com/Shopify/sarama#Config 208 Producer: 209 RetryBackoff: 100ms 210 RetryMax: 3 211 # What to do if reading from the Kafka cluster fails. See 212 # Config.Consumer for more info: 213 # https://godoc.org/github.com/Shopify/sarama#Config 214 Consumer: 215 RetryBackoff: 2s 216 # Settings to use when creating Kafka topics. Only applies when 217 # Kafka.Version is v0.10.1.0 or higher 218 Topic: 219 # The number of Kafka brokers across which to replicate the topic 220 ReplicationFactor: 3 221 # Verbose: Enable logging for interactions with the Kafka cluster. 222 Verbose: false 223 224 # TLS: TLS settings for the orderer's connection to the Kafka cluster. 225 TLS: 226 227 # Enabled: Use TLS when connecting to the Kafka cluster. 228 Enabled: false 229 230 # PrivateKey: PEM-encoded private key the orderer will use for 231 # authentication. 232 PrivateKey: 233 # As an alternative to specifying the PrivateKey here, uncomment the 234 # following "File" key and specify the file name from which to load the 235 # value of PrivateKey. 236 #File: path/to/PrivateKey 237 238 # Certificate: PEM-encoded signed public key certificate the orderer will 239 # use for authentication. 240 Certificate: 241 # As an alternative to specifying the Certificate here, uncomment the 242 # following "File" key and specify the file name from which to load the 243 # value of Certificate. 244 #File: path/to/Certificate 245 246 # RootCAs: PEM-encoded trusted root certificates used to validate 247 # certificates from the Kafka cluster. 248 RootCAs: 249 # As an alternative to specifying the RootCAs here, uncomment the 250 # following "File" key and specify the file name from which to load the 251 # value of RootCAs. 252 #File: path/to/RootCAs 253 254 # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers 255 SASLPlain: 256 # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers 257 Enabled: false 258 # User: Required when Enabled is set to true 259 User: 260 # Password: Required when Enabled is set to true 261 Password: 262 263 # Kafka protocol version used to communicate with the Kafka cluster brokers 264 # (defaults to 0.10.2.0 if not specified) 265 Version: 266 267 ################################################################################ 268 # 269 # Debug Configuration 270 # 271 # - This controls the debugging options for the orderer 272 # 273 ################################################################################ 274 Debug: 275 276 # BroadcastTraceDir when set will cause each request to the Broadcast service 277 # for this orderer to be written to a file in this directory 278 BroadcastTraceDir: 279 280 # DeliverTraceDir when set will cause each request to the Deliver service 281 # for this orderer to be written to a file in this directory 282 DeliverTraceDir: 283 284 ################################################################################ 285 # 286 # Operations Configuration 287 # 288 # - This configures the operations server endpoint for the orderer 289 # 290 ################################################################################ 291 Operations: 292 # host and port for the operations server 293 ListenAddress: 127.0.0.1:8443 294 295 # TLS configuration for the operations endpoint 296 TLS: 297 # TLS enabled 298 Enabled: false 299 300 # Certificate is the location of the PEM encoded TLS certificate 301 Certificate: 302 303 # PrivateKey points to the location of the PEM-encoded key 304 PrivateKey: 305 306 # Most operations service endpoints require client authentication when TLS 307 # is enabled. ClientAuthRequired requires client certificate authentication 308 # at the TLS layer to access all resources. 309 ClientAuthRequired: false 310 311 # Paths to PEM encoded ca certificates to trust for client authentication 312 ClientRootCAs: [] 313 314 ################################################################################ 315 # 316 # Metrics Configuration 317 # 318 # - This configures metrics collection for the orderer 319 # 320 ################################################################################ 321 Metrics: 322 # The metrics provider is one of statsd, prometheus, or disabled 323 Provider: disabled 324 325 # The statsd configuration 326 Statsd: 327 # network type: tcp or udp 328 Network: udp 329 330 # the statsd server address 331 Address: 127.0.0.1:8125 332 333 # The interval at which locally cached counters and gauges are pushed 334 # to statsd; timings are pushed immediately 335 WriteInterval: 30s 336 337 # The prefix is prepended to all emitted statsd metrics 338 Prefix: 339 340 ################################################################################ 341 # 342 # Consensus Configuration 343 # 344 # - This section contains config options for a consensus plugin. It is opaque 345 # to orderer, and completely up to consensus implementation to make use of. 346 # 347 ################################################################################ 348 Consensus: 349 # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, 350 # we use following options: 351 352 # WALDir specifies the location at which Write Ahead Logs for etcd/raft are 353 # stored. Each channel will have its own subdir named after channel ID. 354 WALDir: /var/hyperledger/production/orderer/etcdraft/wal 355 356 # SnapDir specifies the location at which snapshots for etcd/raft are 357 # stored. Each channel will have its own subdir named after channel ID. 358 SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot