簡介
configtx.yaml是Hyperledger Fabric區塊鍊網絡運維工具configtxgen用于生成通道創世塊或通道交易的配置檔案,configtx.yaml的内容直接決定了所生成的創世區塊的内容。本文将給出configtx.yaml的詳細中文說明。
主要功能有如下三個:
- 生成啟動Orderer 需要的初始區塊,并支援檢查區塊内容
- 生成建立應用通道需要的配置交易,并支援檢查交易内容
- 生成錨點Peer 的更新配置交易
configtx.yaml 配置檔案一般包括四個部分: Profiles 、Organizations 、Orderer 和Application
| 符号 | 含義 |
| << | 合并到目前資料 |
| - | 數組 |
| * | 别名 |
| & | 錨點 |
Orderer 配置
TwoOrgsOrdererGenesis用來配置創世區塊資訊,TwoOrgsChannel來配置初始交易資訊。
TwoOrgsOrdererGenesis配置項
傳入 profile 參數的值為TwoOrgsOrdererGenesis
定義兩個東西:一個是Orderer,另外一個是Consortiums。
因為生成創世區塊需要以下資訊:
- Orderer 資訊
- 聯盟資訊
對于有一個 Orderer,有兩個組織 Org1 和 Org2
| 配置 | |
| 參數名 | 含義 |
| OrdererType | 類型 solo 或者 kafka |
| Addresses | Orderer 位址 |
| BatchTimeout | 區塊生成逾時時間 |
| MaxMessageCount | 區塊消息數量 |
| AbsoluteMaxBytes | 區塊絕對最大位元組數 |
| PreferredMaxBytes | 建議消息位元組數。(暫時沒有了解該字段,需翻源代碼) |
| Brokers | kafka 位址 |
組織配置
| 配置 | |
| 參數名 | 含義 |
| Name | 組織名稱 |
| ID | MSP ID |
| MSPDir | msp 目錄(關于 MSP 這塊後續單獨說明) |
| AnchorPeers | 該組織的錨節點 |
configtx.yaml檔案内容
1>Profiles部分
Orderer 系統通道模闆必須包括Orderer 、Consortiurns 資訊:
- Orderer :指定Orderer 系統通道自身的配置資訊。包括Ordering 服務配置(包括類型、位址、批處理限制、Kafka 資訊、最大應用通道數目等),參與到此Orderer 的組織資訊。網絡啟動時,必須首先創Orderer 系統通道
- Consortiums : Orderer 所服務的聯盟清單。每個聯盟中組織彼此使用相同的通道建立政策,可以彼此建立應用通道
Profiles配置段用來定義用于configtxgen工具的配置入口。包含委員會(consortium)的配置入口可以用來生成排序節點的創世區塊。如果在排序節點的創世區塊中正确定義了consortium的成員,那麼可以僅使用機構成員名稱和委員會的名稱來生成通道建立請求。
Profiles 配置用于 configtxgen 工具的配置入口,主要是引用其餘五個部分的參數,其定義了一系列的配置模闆,每個模闆代表了特定應用場景下的自定義的通道配置,可以用來建立系統通道或應用通道。配置模闆中可以包括 Application 、 Capabilities 、 Consortium 、 Consortiums 、 Policies 、 Orderer 等配置字段,根據使用目的不同,一般隻包括部分字段。除了通道預設的配置,建立系統通道初始區塊的模闆一般需要包括 Orderer 、 Consortiums 字段資訊(也可以包括 Applicaion 字段定義初始應用通道配置):
Profiles:
# OrgsChannel用來生成channel配置資訊,名字可以任意
# 需要包含Consortium和Applicatioon兩部分。
OrgsChannel:
Consortium: SampleConsortium # 通道所關聯的聯盟名稱
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *councilMSP
Capabilities: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *softMSP
- *webMSP
- *hardMSP
Capabilities:
<<: *ApplicationCapabilities
2>Organizations 部分
Organizations配置段用來定義組織機構實體,以便在後續配置中引用。例如,下面的配置檔案中,定義了三個機構,可以分别使用ExampleCom、Org1ExampleCom和Org2ExampleCom引用其配置
Organizations:
- &councilMSP # 定義一個組織引用,類似于變量,可在Profile部分被引用;所有帶 & 符号的都是引用變量,使用 * 來引用
Name: councilMSP # 組織名稱
ID: councilMSP # 組織ID
MSPDir: ../orgs/council.ifantasy.net/msp # 組織MSP檔案夾的路徑
Policies: # 組織政策
Readers:
Type: Signature
Rule: "OR('councilMSP.member')"
Writers:
Type: Signature
Rule: "OR('councilMSP.member')"
Admins:
Type: Signature
Rule: "OR('councilMSP.admin')"
# 此檔案内的Orderer端口皆為容器内端口
OrdererEndpoints: # 定義排序節點(可多個),用戶端和對等點可以分别連接配接到這些orderer以推送transactions和接收區塊。
- "orderer1.council.ifantasy.net:7051"
- "orderer2.council.ifantasy.net:7054"
- "orderer3.council.ifantasy.net:7057"
AnchorPeers: # 定義錨節點,錨節點對外代表本組織通信
- Host: peer1.soft.ifantasy.net
Port: 7251
3>orderer部分
Orderer配置段用來定義要編碼寫入創世區塊或通道交易的排序節點參數。
Orderer: &OrdererDefaults
OrdererType: etcdraft # 排序服務算法,目前可用:solo,kafka,etcdraft
Addresses: # 排序節點位址
- orderer1.soft.ifantasy.net:7051
- orderer2.web.ifantasy.net:7052
- orderer3.hard.ifantasy.net:7053
# 定義了 etcdRaft 排序類型被選擇時的配置
EtcdRaft:
Consenters: # 定義投票節點
- Host: orderer1.council.ifantasy.net
Port: 7051
ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pem # 節點的TLS簽名證書
ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pem
- Host: orderer2.council.ifantasy.net
Port: 7054
ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pem
ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pem
- Host: orderer3.council.ifantasy.net
Port: 7057
ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pem
ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pem
# 區塊打包的最大逾時時間 (到了該時間就打包區塊)
BatchTimeout: 2s
# 區塊鍊的單個區塊配置(orderer端切分區塊的參數)
BatchSize:
MaxMessageCount: 10 # 一個區塊裡最大的交易數
AbsoluteMaxBytes: 99 MB # 一個區塊的最大位元組數,任何時候都不能超過
PreferredMaxBytes: 512 KB # 一個區塊的建議位元組數,如果一個交易消息的大小超過了這個值, 就會被放入另外一個更大的區塊中
# 參與維護Orderer的組織,預設為空(通常在 Profiles 中再配置)
Organizations:
# 定義本層級的排序節點政策,其權威路徑為 /Channel/Orderer/<PolicyName>
Policies:
Readers: # /Channel/Orderer/Readers
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation: # 指定了哪些簽名必須包含在區塊中,以便peer節點進行驗證
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities # 引用上節 Capabilities 的 OrdererCapabilities
4>Applications部分
Application配置段用來定義要寫入創世區塊或配置交易的應用參數。
Application: &ApplicationDefaults
# 幹預 建立鍊碼的系統鍊碼 的函數通路控制政策
_lifecycle/CheckCommitReadiness: /Channel/Application/Writers # CheckCommitReadiness 函數的通路政策
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers # CommitChaincodeDefinition 函數的通路政策
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers # QueryChaincodeDefinition 函數的通路政策
_lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers # QueryChaincodeDefinitions 函數的通路政策
# 關于 生命周期系統鍊碼(lscc) 的函數通路控制政策
lscc/ChaincodeExists: /Channel/Application/Readers # getid 函數的通路政策
lscc/GetDeploymentSpec: /Channel/Application/Readers # getdepspec 函數的通路政策
lscc/GetChaincodeData: /Channel/Application/Readers # getccdata 函數的通路政策
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers # getchaincodes 函數的通路政策
# 關于 查詢系統鍊碼(qscc) 的函數通路控制政策
qscc/GetChainInfo: /Channel/Application/Readers # GetChainInfo 函數的通路政策
qscc/GetBlockByNumber: /Channel/Application/Readers # GetBlockByNumber 函數的通路政策
qscc/GetBlockByHash: /Channel/Application/Readers # GetBlockByHash 函數的通路政策
qscc/GetTransactionByID: /Channel/Application/Readers # GetTransactionByID 函數的通路政策
qscc/GetBlockByTxID: /Channel/Application/Readers # GetBlockByTxID 函數的通路政策
# 關于 配置系統鍊碼(cscc) 的函數通路控制政策
cscc/GetConfigBlock: /Channel/Application/Readers # GetConfigBlock 函數的通路政策
cscc/GetChannelConfig: /Channel/Application/Readers # GetChannelConfig 函數的通路政策
# 關于 peer 節點的函數通路控制政策
peer/Propose: /Channel/Application/Writers # Propose 函數的通路政策
peer/ChaincodeToChaincode: /Channel/Application/Writers # ChaincodeToChaincode 函數的通路政策
# 關于事件資源的通路政策
event/Block: /Channel/Application/Readers # 發送區塊事件的政策
event/FilteredBlock: /Channel/Application/Readers # 發送篩選區塊事件的政策
# 預設為空,在 Profiles 中定義
Organizations:
# 定義本層級的應用控制政策,路徑為 /Channel/Application/<PolicyName>
Policies:
Readers: # /Channel/Application/Readers
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities # 引用上節 Capabilities 的 ApplicationCapabilities
5>channel部分
Channel配置段用來定義要寫入創世區塊或配置交易的通道參數。
Channel: &ChannelDefaults
# 定義本層級的通道通路政策,其權威路徑為 /Channel/<PolicyName>
Policies:
Readers: # 定義誰可以調用 'Deliver' 接口
Type: ImplicitMeta
Rule: "ANY Readers"
Writers: # 定義誰可以調用 'Broadcast' 接口
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins: # 定義誰可以修改本層政策
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities # 引用上節 Capabilities 的 ChannelCapabilities
6>Capabilities部分
Capabilities段用來定義fabric網絡的能力。這是版本v1.0.0引入的一個新的配置段,當與版本v1.0.x的對等節點與排序節點混合組網時不可使用。
Capabilities段定義了fabric程式要加入網絡所必須支援的特性。例如,如果添加了一個新的MSP類型,那麼更新的程式可能會根據該類型識别并驗證簽名,但是老版本的程式就沒有辦法驗證這些交易。這可能導緻不同版本的fabric程式中維護的世界狀态不一緻。
是以,通過定義通道的能力,就明确了不滿足該能力要求的fabric程式,将無法處理交易,除非更新到新的版本。對于v1.0.x的程式而言,如果在Capabilities段定義了任何能力,即使聲明不需要支援這些能力,都會導緻其有意崩潰。
Capabilities:
# Channel配置同時針對通道上的Orderer節點和Peer節點(設定為ture表明要求節點具備該能力);
Channel: &ChannelCapabilities
V2_0: true # 要求Channel上的所有Orderer節點和Peer節點達到v2.0.0或更高版本
# Orderer配置僅針對Orderer節點,不限制Peer節點
Orderer: &OrdererCapabilities
V2_0: true # 要求所有Orderer節點更新到v2.0.0或更高版本
# Application配置僅應用于對等網絡,不需考慮排序節點的更新
Application: &ApplicationCapabilities
V2_0: true
configtx.yaml檔案内容
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# ORGANIZATIONS
#
# This section defines the organizational identities that can be referenced
# in the configuration profiles.
# 本節定義了可引用的組織辨別
# 在配置配置檔案中。
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions.
# SampleOrg使用sampleconfig定義MSP。它永遠不應該被使用
# 但可以用作其他定義的模闆。
- &OrdererOrg
# Name is the key by which this org will be referenced in channel
# configuration transactions.
# Name can include alphanumeric characters as well as dots and dashes.
# Name是該組織在通道中被引用的鍵
# 配置事務。
# Name可以包括字母數字字元以及點和破折号。
Name: OrdererOrg
# SkipAsForeign can be set to true for org definitions which are to be
# inherited from the orderer system channel during channel creation. This
# is especially useful when an admin of a single org without access to the
# MSP directories of the other orgs wishes to create a channel. Note
# this property must always be set to false for orgs included in block
# creation.
# SkipAsForeign可以設定為true的組織定義在通道建立期間從訂購者系統通道繼承。
#這當單個組織的管理者無法通路其他組織的MSP目錄希望建立一個通道。請注意
#對于塊中包含的組織,此屬性必須始終設定為false建立。
SkipAsForeign: false
# ID is the key by which this org's MSP definition will be referenced.
# ID can include alphanumeric characters as well as dots and dashes.
# ID是這個組織的MSP定義将被引用的關鍵字。
# ID可以包括字母數字字元以及點和破折号。
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration.
# MSPDir是包含MSP配置的檔案系統路徑。
MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
#政策定義了配置樹這個級别的政策集對于組織政策,它們的規範路徑通常是
# /通道/ <應用|訂貨人> / < OrgName > / < PolicyName >
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
#如果您的MSP配置了新的NodeOUs,您可能會想要使用一個更具體的規則,像下面這樣:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# 如果您的MSP配置了新的NodeOUs,您可能會 想要使用一個更具體的規則,像下面這樣:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.client')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# OrdererEndpoints is a list of all orderers this org runs which clients
# and peers may to connect to to push transactions and receive blocks respectively.
# OrdererEndpoints是該組織運作的用戶端所有訂單的清單
#和對等體可以分别連接配接來推送事務和接收塊。
OrdererEndpoints:
- "orderer0.example.com:7050"
- "orderer1.example.com:7050"
# AnchorPeers defines the location of peers which can be used for
# cross-org gossip communication.
#
# NOTE: this value should only be set when using the deprecated
# `configtxgen --outputAnchorPeersUpdate` command. It is recommended
# to instead use the channel configuration update process to set the
# anchor peers for each organization.
# AnchorPeers定義了可以被使用的對等點的位置跨組織八卦交流。
#
#注意:該值隻應該在使用deprecated時設定
# ' configtxgen——outputAnchorPeersUpdate '指令。
#建議、來代替使用通道配置更新過程來設定每個組織的錨定同伴。
#AnchorPeers:
# - Host: 127.0.0.1
# Port: 7051
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# CAPABILITIES
#
# This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#本節定義fabric網絡的功能。這是一個新的
#概念,不應該在混合網絡中使用
# v1.0。X同伴和定購者。能力定義了必須的特性 在fabric二進制中為該二進制安全地參與
#織物網絡。例如,如果添加了新的MSP類型,則會生成新的二進制檔案
#可以識别和驗證來自此類型的簽名,而更老的 如果沒有這種支援,
# binary将無法驗證這些檔案交易。這可能導緻織物二進制檔案的不同版本
#擁有不同的世界狀态。相反,應該為通道定義功能
#通知那些沒有此功能的二進制檔案必須停止
#處理事務,直到它們更新。v1.0。x如果任何
#功能被定義(包括一個所有功能都關閉的地圖)
#然後是1.0版本。X點會故意崩潰。
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
#通道功能同時适用于訂單方和對等方,并且必須如此
#都支援。
#設定該功能的值為true以要求它。
Channel: &ChannelCapabilities
# V2.0 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v2.0.0
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
#Channel的# V2.0是一個囊括所有行為的标志
#确定為運作在v2.0.0上的所有訂單和對等點所期望的級别,
#但它将與來自的訂單和同級不相容之前釋出。
#在啟用V2.0通道功能之前,確定所有通道上的
# orderer和peer是v2.0.0或更高版本。
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
# Orderer功能隻适用于Orderer,并且可能是安全的用于以前的版本。
#設定該功能的值為true以要求它。
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
#Orderer的# V1.1是一個囊括所有行為的标志
#被确定為運作在v1.1.x上的所有訂單所期望的
#級别,但它與以前版本的訂單不相容。
#在啟用V2.0訂貨者功能之前,確定所有通道上的
# orderers是v2.0.0或更高版本。
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
#應用程式功能僅适用于對等網絡,并且可能是安全的
#用于之前的放行訂單。
#設定該功能的值為true以要求它。
Application: &ApplicationCapabilities
# V2.0 for Application enables the new non-backwards compatible
# features and fixes of fabric v2.0.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
# V2.0 for Application啟用了新的非向後相容
# fabric v2.0的特性和修複。
#在啟用V2.0訂貨者功能之前,確定所有通道上的# orderers是v2.0.0或更高版本。
V2_0: true
################################################################################
#
# APPLICATION
#
# This section defines the values to encode into a config transaction or
# genesis block for application-related parameters.
# 這個部分定義了要編碼到配置事務或
# genesis塊用于應用程式相關參數。
#
################################################################################
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# This section provides defaults for policies for various resources
# in the system. These "resources" could be functions on system chaincodes
# (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources
# (e.g.,who can receive Block events). This section does NOT specify the resource's
# definition or API, but just the ACL policy for it.
#本節為各種資源提供預設政策
#。這些“資源”可以是系統鍊代碼上的函數
#(例如,“qscc”系統鍊代碼上的“GetBlockByNumber”)或其他資源
#(例如,誰可以接收Block事件)。此節不指定資源的
#定義或API,而隻是用于它的ACL政策。
#
# Users can override these defaults with their own policy mapping by defining the
# mapping under ACLs in their channel definition
#使用者可以通過定義政策映射來覆寫這些預設值在通道定義的acl下的映射
#---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
# 增加了通路控制政策映射的Lifecycle System Chaincode (_lifecycle)函數
# ACL policy for _lifecycle's "CheckCommitReadiness" function
# _lifecycle的“CheckCommitReadiness”函數的ACL政策
_lifecycle/CheckCommitReadiness: /Channel/Application/Writers
# ACL policy for _lifecycle's "CommitChaincodeDefinition" function
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinition" function
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinitions" function
_lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# ACL policy for lscc's "getid" function
lscc/ChaincodeExists: /Channel/Application/Readers
# ACL policy for lscc's "getdepspec" function
lscc/GetDeploymentSpec: /Channel/Application/Readers
# ACL policy for lscc's "getccdata" function
lscc/GetChaincodeData: /Channel/Application/Readers
# ACL Policy for lscc's "getchaincodes" function
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# ACL policy for qscc's "GetChainInfo" function
qscc/GetChainInfo: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByNumber" function
qscc/GetBlockByNumber: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByHash" function
qscc/GetBlockByHash: /Channel/Application/Readers
# ACL policy for qscc's "GetTransactionByID" function
qscc/GetTransactionByID: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByTxID" function
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# ACL policy for cscc's "GetConfigBlock" function
cscc/GetConfigBlock: /Channel/Application/Readers
# ACL policy for cscc's "GetChannelConfig" function
cscc/GetChannelConfig: /Channel/Application/Readers
#---Miscellaneous peer function to policy mapping for access control---#
# ACL policy for invoking chaincodes on peer
peer/Propose: /Channel/Application/Writers
# ACL policy for chaincode to chaincode invocation
peer/ChaincodeToChaincode: /Channel/Application/Writers
#---Events resource to policy mapping for access control###---#
# ACL policy for sending block events
event/Block: /Channel/Application/Readers
# ACL policy for sending filtered block events
event/FilteredBlock: /Channel/Application/Readers
# Organizations lists the orgs participating on the application side of the
# network.
#各機構列出參與申請的機構網絡。
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
#政策定義了配置樹這個級别的政策集
#對于應用程式政策,它們的規範路徑是
# /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the application level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
#能力描述了應用程式級别的能力,請參見
# dedicated Capabilities部分在這個檔案的其他地方有一個完整的
#描述
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# ORDERER
#
# This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters.
# 這個部分定義了要編碼到配置事務或
# genesis塊的訂單相關參數
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start.
# 訂單類型:訂單實作開始。可用的類型
# Available types are "solo", "kafka" and "etcdraft".
OrdererType: etcdraft
# Addresses used to be the list of orderer addresses that clients and peers
# could connect to. However, this does not allow clients to associate orderer
# addresses and orderer organizations which can be useful for things such
# as TLS validation. The preferred way to specify orderer addresses is now
# to include the OrdererEndpoints item in your org definition
#位址曾經是用戶端和對等點的訂單位址清單
#可以連接配接到。但是,這不允許用戶端關聯訂購者
#位址和orderer組織,可以對這樣的事情有用
#作為TLS驗證。現在首選的指定訂購者位址的方法是
#将OrdererEndpoints項包含在組織定義中
Addresses:
- orderer0.example.com:7050
- orderer1.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch.
# 批處理逾時:建立批處理前需要等待的時間。
# *** 出塊速率 每2s 出塊時間********
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block.
# The orderer views messages opaquely, but typically, messages may
# be considered to be Fabric transactions. The 'batch' is the group
# of messages in the 'data' field of the block. Blocks will be a few kb
# larger than the batch size, when signatures, hashes, and other metadata
# is applied.
#批處理大小:控制批處理到一個塊中的消息的數量。 訂單者不透明地檢視消息,但通常情況下,消息可能
#被認為是Fabric事務。“批”是組
#的消息在區塊的'data'字段。塊的大小為幾kb
#大于批處理大小,當簽名、散列和其他中繼資料時
#。
BatchSize:
# Max Message Count: The maximum number of messages to permit in a
# batch. No block will contain more than this number of messages.
# #最大消息數:允許的最大消息數批。沒有任何塊包含超過這個數量的消息。
MaxMessageCount: 500
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch. The maximum block size is this value
# plus the size of the associated metadata (usually a few KB depending
# upon the size of the signing identities). Any transaction larger than
# this value will be rejected by ordering.
# It is recommended not to exceed 49 MB, given the default grpc max message size of 100 MB
# configured on orderer and peer nodes (and allowing for message expansion during communication).
# Absolute Max Bytes:允許的絕對最大位元組數
#批進行中序列化的消息。最大塊大小是這個值
#加上相關中繼資料的大小(通常是幾個KB取決于
#指定簽名身份的大小)。任何超過
#該值将被排序拒絕。
#預設grpc最大消息大小為100 MB,建議不超過49 MB
#配置在orderer和peer節點上(并允許在通信期間進行消息擴充)。
AbsoluteMaxBytes: 10 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed
# for the serialized messages in a batch. Roughly, this field may be considered
# the best effort maximum size of a batch. A batch will fill with messages
# until this size is reached (or the max message count, or batch timeout is
# exceeded). If adding a new message to the batch would cause the batch to
# exceed the preferred max bytes, then the current batch is closed and written
# to a block, and a new batch containing the new message is created. If a
# message larger than the preferred max bytes is received, then its batch
# will contain only that message. Because messages may be larger than
# preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed
# the preferred max bytes, but will always contain exactly one transaction.
# Preferred Max Bytes:允許的首選最大位元組數
#用于批進行中序列化的消息。粗略地說,可以考慮這個字段批處理的最大尺寸。批處理将填充消息
#直到達到該大小(或最大消息計數,或批處理逾時)
#超過)。如果向批處理添加新消息會導緻批處理
#超過首選的最大位元組數,則關閉并寫入目前批處理
#添加到一個塊,然後建立一個包含新消息的新批處理。如果一個
#消息大于首選的最大位元組,然後它的批處理
#将隻包含該消息。因為消息可能大于
#首選的最大位元組數(最多為AbsoluteMaxBytes),一些批可能會超過
#首選的最大位元組數,但總是隻包含一個事務。
PreferredMaxBytes: 2 MB
# Max Channels is the maximum number of channels to allow on the ordering
# network. When set to 0, this implies no maximum number of channels.
# Max Channels是排序允許的最大通道數
#網絡。當設定為0時,這意味着沒有最大通道數。
MaxChannels: 0
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects. Edit
# this list to identify the brokers of the ordering service.
# NOTE: Use IP:port notation.
#orderer連接配接到的Kafka broker的清單。編輯
#此清單用于辨別訂購服務的代理。
#注意:使用IP:端口符号。
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
#EtcdRaft定義了“EtcdRaft”時必須設定的配置
#選擇# orderertype。
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
#這個網絡的Raft副本的集合etcd / raft-based
# implementation,我們希望每個副本也是一個OSN。是以, 在這個清單中枚舉的端口項應該是
#複制在Orderer下。位址上面的關鍵
Consenters:
- Host: orderer0.example.com
Port: 7050
ClientTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
ServerTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
- Host: orderer1.example.com
Port: 7050
ClientTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
ServerTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# Options to be specified for all the etcd/raft nodes. The values here
# are the defaults for all new channels and can be modified on a
# per-channel basis via configuration updates.
#為所有etcd/raft節點指定的選項。這裡的值
#是所有新通道的預設值,可以在通過配置更新每個通道。
Options:
# TickInterval is the time interval between two Node.Tick invocations.
#“TickInterval”為兩個節點之間的時間間隔。蜱蟲調用。
TickInterval: 500ms
# ElectionTick is the number of Node.Tick invocations that must pass
# between elections. That is, if a follower does not receive any
# message from the leader of current term before ElectionTick has
# elapsed, it will become candidate and start an election.
# ElectionTick must be greater than HeartbeatTick.
# ElectionTick是Node的編号。勾選必須通過的調用
#之間的選舉。也就是說,如果一個追随者沒有收到任何
#這是現任上司人在ElectionTick之前發出的資訊
#消失後,它将成為候選人并開始選舉。
# ElectionTick必須大于HeartbeatTick。
ElectionTick: 10
# HeartbeatTick is the number of Node.Tick invocations that must
# pass between heartbeats. That is, a leader sends heartbeat
# messages to maintain its leadership every HeartbeatTick ticks.
# HeartbeatTick是Node的數量。勾選必須的調用
#在心跳之間傳遞。也就是說,上司者發出心跳
#資訊來維持它的上司地位。
HeartbeatTick: 1
# MaxInflightBlocks limits the max number of in-flight append messages
# during optimistic replication phase.
# MaxInflightBlocks限制動态附加消息的最大數量
#在樂觀複制階段
MaxInflightBlocks: 5
# SnapshotIntervalSize defines number of bytes per which a snapshot is taken
# SnapshotIntervalSize定義了每個快照的位元組數
SnapshotIntervalSize: 16 MB
# Organizations lists the orgs participating on the orderer side of the
# network.
#組織列出了在訂單端參與的組織
#網絡
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
#政策定義了配置樹這個級别的政策集
#對于Orderer政策,它們的規範路徑是
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
# BlockValidation指定了區塊中必須包含哪些簽名
#,以便對等端驗證它
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
# Capabilities describes the orderer level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
#能力描述訂購者級别的能力,請參閱
# dedicated Capabilities部分在這個檔案的其他地方有一個完整的
#描述
Capabilities:
<<: *OrdererCapabilities
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
# 本節定義要編碼到配置事務或
# genesis塊用于通道相關參數。
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
#政策定義了配置樹這個級别的政策集對于通道政策,它們的規範路徑是
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API 誰可以調用“傳遞”API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
#能力描述通道級能力,請參見
# dedicated Capabilities部分在這個檔案的其他地方有一個完整的
#描述
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# PROFILES
#
# Different configuration profiles may be encoded here to be specified as
# parameters to the configtxgen tool. The profiles which specify consortiums
# are to be used for generating the orderer genesis block. With the correct
# consortium members defined in the orderer genesis block, channel creation
# requests may be generated with only the org member names and a consortium
# name.
# 不同的配置概要檔案可以在這裡被編碼為configtxgen工具的
#參數。指定聯盟的概要檔案
#用于生成orderer genesis塊。使用正确的
#财團成員定義在orderer起源塊,管道建立
#請求可以隻生成組織成員名和一個聯合體
#的名字。
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
configtxgen 指令
configtxgen --help
# 輸出創始塊區塊檔案的路徑和名字
`-outputBlock string`
# 指定建立的channel的名字, 如果沒指定系統會提供一個預設的名字.
`-channelID string`
# 表示輸通道檔案路徑和名字
`-outputCreateChannelTx string`
# 指定配置檔案中的節點
`-profile string`
# 更新channel的配置資訊
`-outputAnchorPeersUpdate string`
# 指定所屬的組織名稱
`-asOrg string`
生成創始塊檔案
-profile用于指定生成初始區塊還是通道交易配置檔案
-outputBlock指定生成的創世塊檔案路徑以及名稱,
-channelID為通道的名稱
使用以下指令在目前目錄下的channel-artifacts目錄下得到一個檔案genesis.block
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsOrdererGenesis -channelID fabric-channel -outputBlock /home/hyperledgerFabric/productionNetWork/channel-artifacts/orderer.genesis.block
生成通道檔案
-profile後面對應的是我們在前面配置檔案中所定義的名稱
-channelID為通道的名稱
使用以下指令在目前目錄下的通道的名稱随意起,但是注意要與上面生成創世塊檔案時的通道名稱不同)。
-outputCreateChannelTx:生成的通道配置交易檔案儲存路徑
使用以下指令在目前目錄下的channel-artifacts目錄下得到一個檔案channel.tx。
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsChannel -channelID businesschannel -outputCreateChannelTx /home/hyperledgerFabric/productionNetWork/channel-artifacts/businesschannel.tx
生成錨節點更新檔案
-asOrg:用于指定有權設定的寫集中的值的Org組織名稱
使用以下指令在目前目錄下的channel-artifacts目錄下得到一個檔案Org1MSPanchors.tx
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsChannel -channelID businesschannel -asOrg Org1MSP -outputAnchorPeersUpdate /home/hyperledgerFabric/productionNetWork/channel-artifacts/Org1MSPanchors.tx
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsChannel -channelID businesschannel -asOrg Org2MSP -outputAnchorPeersUpdate /home/hyperledgerFabric/productionNetWork/channel-artifacts/Org2MSPanchors.tx
備注:創世區塊和通道的 channelID 不能設定成一樣。