248 lines
10 KiB
YAML
248 lines
10 KiB
YAML
# Copyright IBM Corp. All Rights Reserved.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
---
|
|
################################################################################
|
|
#
|
|
# Orderer Configuration
|
|
#
|
|
# - This controls the type and configuration of the orderer.
|
|
#
|
|
################################################################################
|
|
General:
|
|
# Listen address: The IP on which to bind to listen.
|
|
ListenAddress: 127.0.0.1
|
|
|
|
# Listen port: The port on which to bind to listen.
|
|
ListenPort: 7050
|
|
|
|
# TLS: TLS settings for the GRPC server.
|
|
TLS:
|
|
Enabled: false
|
|
# PrivateKey governs the file location of the private key of the TLS certificate.
|
|
PrivateKey: crypto/ordererOrganizations/example.com/orderers/127.0.0.1.example.com/tls/server.key
|
|
# Certificate governs the file location of the server TLS certificate.
|
|
Certificate: crypto/ordererOrganizations/example.com/orderers/127.0.0.1.example.com/tls/server.crt
|
|
RootCAs:
|
|
- crypto/ordererOrganizations/example.com/orderers/127.0.0.1.example.com/tls/ca.crt
|
|
ClientAuthRequired: false
|
|
ClientRootCAs:
|
|
# Keepalive settings for the GRPC server.
|
|
Keepalive:
|
|
# ServerMinInterval is the minimum permitted time between client pings.
|
|
# If clients send pings more frequently, the server will
|
|
# disconnect them.
|
|
ServerMinInterval: 60s
|
|
# ServerInterval is the time between pings to clients.
|
|
ServerInterval: 7200s
|
|
# ServerTimeout is the duration the server waits for a response from
|
|
# a client before closing the connection.
|
|
ServerTimeout: 20s
|
|
# Cluster settings for ordering service nodes that communicate with other ordering service nodes
|
|
# such as Raft based ordering service.
|
|
Cluster:
|
|
# SendBufferSize is the maximum number of messages in the egress buffer.
|
|
# Consensus messages are dropped if the buffer is full, and transaction
|
|
# messages are waiting for space to be freed.
|
|
SendBufferSize: 100
|
|
# ClientCertificate governs the file location of the client TLS certificate
|
|
# used to establish mutual TLS connections with other ordering service nodes.
|
|
ClientCertificate:
|
|
# ClientPrivateKey governs the file location of the private key of the client TLS certificate.
|
|
ClientPrivateKey:
|
|
# The below 4 properties should be either set together, or be unset together.
|
|
# If they are set, then the orderer node uses a separate listener for intra-cluster
|
|
# communication. If they are unset, then the general orderer listener is used.
|
|
# This is useful if you want to use a different TLS server certificates on the
|
|
# client-facing and the intra-cluster listeners.
|
|
|
|
# ListenPort defines the port on which the cluster listens to connections.
|
|
ListenPort:
|
|
# ListenAddress defines the IP on which to listen to intra-cluster communication.
|
|
ListenAddress:
|
|
# ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
|
|
# communication.
|
|
ServerCertificate:
|
|
# ServerPrivateKey defines the file location of the private key of the TLS certificate.
|
|
ServerPrivateKey:
|
|
|
|
# Genesis method: The method by which the genesis block for the orderer
|
|
# system channel is specified. The option can be one of:
|
|
# "file" - (deprecated) path to a file containing the genesis block or config block of system channel
|
|
# "none" - allows an orderer to start without a system channel configuration
|
|
GenesisMethod: none
|
|
|
|
# The file containing the genesis block to use when initializing the orderer system channel
|
|
# (deprecated)
|
|
GenesisFile: genesisblock
|
|
|
|
# LocalMSPDir is where to find the private crypto material needed by the
|
|
# orderer. It is set relative here as a default for dev environments but
|
|
# should be changed to the real location in production.
|
|
LocalMSPDir: crypto/ordererOrganizations/example.com/orderers/127.0.0.1.example.com/msp
|
|
|
|
# LocalMSPID is the identity to register the local MSP material with the MSP
|
|
# manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
|
|
# ID of one of the organizations defined in the orderer system channel's
|
|
# /Channel/Orderer configuration. The sample organization defined in the
|
|
# sample configuration provided has an MSP ID of "SampleOrg".
|
|
LocalMSPID: SampleOrg
|
|
|
|
# Enable an HTTP service for Go "pprof" profiling as documented at:
|
|
# https://golang.org/pkg/net/http/pprof
|
|
Profile:
|
|
Enabled: false
|
|
Address: 0.0.0.0:6060
|
|
|
|
# BCCSP configures the blockchain crypto service providers.
|
|
BCCSP:
|
|
# Default specifies the preferred blockchain crypto service provider
|
|
# to use. If the preferred provider is not available, the software
|
|
# based provider ("SW") will be used.
|
|
# Valid providers are:
|
|
# - SW: a software based crypto provider
|
|
# - PKCS11: a CA hardware security module crypto provider.
|
|
Default: SW
|
|
|
|
# SW configures the software based blockchain crypto provider.
|
|
SW:
|
|
# TODO: The default Hash and Security level needs refactoring to be
|
|
# fully configurable. Changing these defaults requires coordination
|
|
# SHA2 is hardcoded in several places, not only BCCSP
|
|
Hash: SHA2
|
|
Security: 256
|
|
# Location of key store. If this is unset, a location will be
|
|
# chosen using: 'LocalMSPDir'/keystore
|
|
FileKeyStore:
|
|
KeyStore:
|
|
|
|
# Authentication contains configuration parameters related to authenticating
|
|
# client messages
|
|
Authentication:
|
|
# the acceptable difference between the current server time and the
|
|
# client's time as specified in a client request message
|
|
TimeWindow: 15m
|
|
|
|
################################################################################
|
|
#
|
|
# SECTION: File Ledger
|
|
#
|
|
# - This section applies to the configuration of the file ledger.
|
|
#
|
|
################################################################################
|
|
FileLedger:
|
|
|
|
# Location: The directory to store the blocks in.
|
|
Location: /var/hyperledger/production/orderer
|
|
|
|
################################################################################
|
|
#
|
|
# Debug Configuration
|
|
#
|
|
# - This controls the debugging options for the orderer
|
|
#
|
|
################################################################################
|
|
Debug:
|
|
|
|
# BroadcastTraceDir when set will cause each request to the Broadcast service
|
|
# for this orderer to be written to a file in this directory
|
|
BroadcastTraceDir:
|
|
|
|
# DeliverTraceDir when set will cause each request to the Deliver service
|
|
# for this orderer to be written to a file in this directory
|
|
DeliverTraceDir:
|
|
|
|
################################################################################
|
|
#
|
|
# Operations Configuration
|
|
#
|
|
# - This configures the operations server endpoint for the orderer
|
|
#
|
|
################################################################################
|
|
Operations:
|
|
# host and port for the operations server
|
|
ListenAddress: 127.0.0.1:8443
|
|
|
|
# TLS configuration for the operations endpoint
|
|
TLS:
|
|
# TLS enabled
|
|
Enabled: false
|
|
|
|
# Certificate is the location of the PEM encoded TLS certificate
|
|
Certificate:
|
|
|
|
# PrivateKey points to the location of the PEM-encoded key
|
|
PrivateKey:
|
|
|
|
# Most operations service endpoints require client authentication when TLS
|
|
# is enabled. ClientAuthRequired requires client certificate authentication
|
|
# at the TLS layer to access all resources.
|
|
ClientAuthRequired: false
|
|
|
|
# Paths to PEM encoded ca certificates to trust for client authentication
|
|
ClientRootCAs: []
|
|
|
|
################################################################################
|
|
#
|
|
# Metrics Configuration
|
|
#
|
|
# - This configures metrics collection for the orderer
|
|
#
|
|
################################################################################
|
|
Metrics:
|
|
# The metrics provider is one of statsd, prometheus, or disabled
|
|
Provider: disabled
|
|
|
|
# The statsd configuration
|
|
Statsd:
|
|
# network type: tcp or udp
|
|
Network: udp
|
|
|
|
# the statsd server address
|
|
Address: 127.0.0.1:8125
|
|
|
|
# The interval at which locally cached counters and gauges are pushed
|
|
# to statsd; timings are pushed immediately
|
|
WriteInterval: 30s
|
|
|
|
# The prefix is prepended to all emitted statsd metrics
|
|
Prefix:
|
|
|
|
################################################################################
|
|
#
|
|
# Channel participation API Configuration
|
|
#
|
|
# - This provides the channel participation API configuration for the orderer.
|
|
# - Channel participation uses the same ListenAddress and TLS settings of the
|
|
# Operations service.
|
|
#
|
|
################################################################################
|
|
ChannelParticipation:
|
|
# Channel participation API is enabled. Deprecated: must be set to true.
|
|
Enabled: true
|
|
|
|
# The maximum size of the request body when joining a channel.
|
|
MaxRequestBodySize: 1 MB
|
|
|
|
################################################################################
|
|
#
|
|
# Consensus Configuration
|
|
#
|
|
# - This section contains config options for a consensus plugin. It is opaque
|
|
# to orderer, and completely up to consensus implementation to make use of.
|
|
#
|
|
################################################################################
|
|
Consensus:
|
|
# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
|
|
# we use following options:
|
|
|
|
# WALDir specifies the location at which Write Ahead Logs for etcd/raft are
|
|
# stored. Each channel will have its own subdir named after channel ID.
|
|
WALDir: /var/hyperledger/production/orderer/etcdraft/wal
|
|
|
|
# SnapDir specifies the location at which snapshots for etcd/raft are
|
|
# stored. Each channel will have its own subdir named after channel ID.
|
|
SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot
|