1.简介
configtx.yaml用来配置通道,以定于各项通道行为,其中包括了全局配置、排序配置、应用配置等多个层级。
fabric可以使用配置交易来管理网络中配置,配置交易和普通交易一样在通道中共识,完成对通道配置的更新。fabric提供了configtxgen工具生成和管理这些配置交易。
configtx.yaml中涉及语法
符号 | 含义 |
<< | 合并到当前数据 |
- | 数组 |
* | 别名 |
& | 锚点 (方便引用) |
2. 官方示例configtx.yaml分析
配置文件包含了Organizations、Capabilities、Channel、Orderer、Application、Profiles
2.1 Organizations 部分
组织的结构定义,包括名称、MSP路径、读写管理权限、锚节点等,可被Profiles等部分引用。
# 官方提供了一个简单模板
Organizations:
# 组织类型
- &SampleOrg
# 组织名称
Name: SampleOrg
# 在创建新通道时是否从系统通道内继承该组织,configtxgen会忽略从本地读取。
SkipAsForeign: false
# MSPID
ID: SampleOrg
# MSP文件路径
MSPDir: msp
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
# 定义本层级的组织策略
Policies: &SampleOrgPolicies
Readers:
Type: Signature
Rule: "OR('SampleOrg.member')"
#如果MSP配置了新的NodeOU,您可能需要使用一个更具体的规则,
# 如下所示:规则:“OR('SampleOrg.admin','SampleOrg.peer','SimpleOrg.client')”
Writers:
Type: Signature
Rule: "OR('SampleOrg.member')"
Admins: # 管理角色
Type: Signature
Rule: "OR('SampleOrg.admin')"
Endorsement: # 背书角色
Type: Signature
Rule: "OR('SampleOrg.member')"
OrdererEndpoints: # 排序节点地址列表
- "127.0.0.1:7050"
# 锚节点的定义,用来跨组织通信。
# 注意:仅在使用“configtxgen--outputAnchorPeersUpdate”命令时才应设置此值。
# 建议改为使用channel配置更新过程为每个组织设置锚对等点。(configtxgen更新)
AnchorPeers:
- Host: 127.0.0.1
Port: 7051
2.2 Capabilities 部分
Capabilities通过引用定义了一系列网络特性,不同版本要求版本不一样,直接官方示例配置拉取无需更改。
Capabilities:
# 通道capabilities适用于orderers和peers,并且两者都必须支持。
# 将该配置项设置为ture表明要求节点具备该能力。
Channel: &ChannelCapabilities
# V2_0 能力确保orderers和peers按照 v2.0 通道capabilities行事。 来自先前版本的
# orderers和peers的行为方式不兼容,因此无法以 v2.0 的capabilities参与通道。在启用
# V2.0 通道capabilities之前,请确保通道上的所有订购者和对等方都处于 v2.0.0 或更高版本
V2_0: true
# 仅适用于orderers 并且可以安全地与先前版本的peers一起使用。
Orderer: &OrdererCapabilities
V2_0: true
# 应用程序功能仅适用于peer网络,并且可以安全地与先前发布的orderer一起使用。
Application: &ApplicationCapabilities
V2_0: true
2.3 Application 部分
Application: &ApplicationDefaults
ACLs: &ACLsDefault
#本节提供系统中各种资源的策略的默认值。
#这些“资源”可以是系统链码上的函数(例如,“qscc”系统链码中的“GetBlockByNumber”)或其他资源(例如,可以接收块事件的资源)。
# 本节不指定资源的定义或API,只指定其ACL策略。
# 用户可以通过在其通道定义中的ACL下定义映射,使用自己的策略映射覆盖这些默认值
#指定新的_lifecycle系统链码的提交、查询方法的默认策略
_lifecycle/CheckCommitReadiness: /Channel/Application/Writers
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
_lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers
# LSCC方法调用权限 1.x版本生命周期系统链码(LSCC)
lscc/ChaincodeExists: /Channel/Application/Readers
lscc/GetDeploymentSpec: /Channel/Application/Readers
lscc/GetChaincodeData: /Channel/Application/Readers
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
# QSCC方法调用权限 查询系统链码(QSCC)
# 根据通道名称获取最新的区块链信息
qscc/GetChainInfo: /Channel/Application/Readers
# 根据区块号获取区块
qscc/GetBlockByNumber: /Channel/Application/Readers
# 根据区块哈希获取区块
qscc/GetBlockByHash: /Channel/Application/Readers
# 根据交易号获取交易
qscc/GetTransactionByID: /Channel/Application/Readers
# 根据交易号获取区块
qscc/GetBlockByTxID: /Channel/Application/Readers
# 配置系统链码(CSCC)
# 查询链的配置区块
cscc/GetConfigBlock: /Channel/Application/Readers
# 查询通道配置
cscc/GetChannelConfig: /Channel/Application/Readers
# 通道内链码调用权限
peer/Propose: /Channel/Application/Writers
# 跨链码调用权限
peer/ChaincodeToChaincode: /Channel/Application/Writers
# 接收完整区块的权限
event/Block: /Channel/Application/Readers
# 接收过滤区块事件权限
event/FilteredBlock: /Channel/Application/Readers
# 默认应用通道内组织成员 为空
Organizations:
# 通道内相关的策略,可被ACL中应用,用户也可以自定义全局策略
# /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# 引用应用通道默认的能力集合
Capabilities:
<<: *ApplicationCapabilities
2.3 Orderer 部分
定义了排序服务的相关配置
Orderer: &OrdererDefaults
# "solo", "kafka" and "etcdraft".
OrdererType: solo
# 曾经是Client和peer可以连接到的orderer地址列表。
# 但是,这不允许client关联orderer地 址和orderer组织,这对于诸如 TLS 验证之类的事情很有用。
# 现在,指定订购者地址的首选方法是 在组织定义中包含 OrdererEndpoints 项
Addresses:
# - 127.0.0.1:7050
# 区块打包的最大超时时间
BatchTimeout: 2s
# 区块打包的最大包含交易数
BatchSize:
# 一个区块里最大的交易数
MaxMessageCount: 500
# # 一个区块的最大字节数
AbsoluteMaxBytes: 10 MB
# 一个区块的建议字节数,如果一个交易消息的大小超过了这个值,
# 就会被放入另外一个更大的区块中
PreferredMaxBytes: 2 MB
# Max Channel是订购网络上允许的最大通道数。当设置为0时,这意味着没有最大通道数。
MaxChannels: 0
Kafka:
# 仅1.X版本使用
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
EtcdRaft:
Consenters: # 共识节点
- Host: raft0.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert0 # 开启TLS认证时作为客户端时使用的证书
ServerTLSCert: path/to/ServerTLSCert0 # 开启TLS认证时作为服务端时使用的证书
- Host: raft1.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert1
ServerTLSCert: path/to/ServerTLSCert1
- Host: raft2.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert2
ServerTLSCert: path/to/ServerTLSCert2
Options:
# Etcd集群一次Tick的时间,心跳和选取都是以Tick为基本单位
TickInterval: 500ms
# Follower收不到Leader的消息的最长时间,超过则重新选取
ElectionTick: 10
# 两次心跳之间的间隔,必须短于选举间隔
HeartbeatTick: 1
# 复制过程中最大的传输中的区块消息个数
MaxInflightBlocks: 5
# 快照大小
SnapshotIntervalSize: 16 MB
Organizations: # 默认的org 为空
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# 指定了必须在来自 Orderer 的块中包含哪些签名,以便Peer对其进行验证#
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
2.5 channel
默认的通道配置模板,主要被其他部分引用,完整的通道配置还包括了应用和排序字段
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
2.6 Profiles
Profiles定义了一系列的配置模板,每个模板代表了特定应用场景下的自定义的通道配置,可以用来创建系统通道(2.3版本开始无需系统通道)和应用通道。
下面为官方提供各类的Profiles:来适应不同的场景。
Profiles:
SampleSingleMSPSolo:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *SampleOrg
Consortiums:
SampleConsortium:
Organizations:
- *SampleOrg
SampleSingleMSPKafka:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Organizations:
- *SampleOrg
Consortiums:
SampleConsortium:
Organizations:
- *SampleOrg
SampleInsecureSolo:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Consortiums:
SampleConsortium:
Organizations:
SampleInsecureKafka:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Consortiums:
SampleConsortium:
Organizations:
SampleDevModeSolo:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Consortiums:
SampleConsortium:
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
SampleDevModeKafka:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Consortiums:
SampleConsortium:
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
SampleSingleMSPChannel:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *SampleOrg
SampleDevModeEtcdRaft:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Consortiums:
SampleConsortium:
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
SampleAppChannelInsecureSolo:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Application:
<<: *ApplicationDefaults
SampleAppChannelEtcdRaft:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *SampleOrg
Policies:
<<: *SampleOrgPolicies
Admins:
Type: Signature
Rule: "OR('SampleOrg.member')"
3. freerent configtx.yaml
Organizations:
- &Orderer
Name: Orderer
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/freerent.cn/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- orderer0.freerent.cn:7050
- orderer1.freerent.cn:7050
- orderer2.freerent.cn:7050
- &Supervisor
Name: Supervisor
ID: SupervisorMSP
MSPDir: crypto-config/peerOrganizations/supervisor.freerent.cn/msp
Policies:
Readers:
Type: Signature
Rule: "OR('SupervisorMSP.admin', 'SupervisorMSP.peer', 'SupervisorMSP.client')"
Writers:
Type: Signature
Rule: "OR('SupervisorMSP.admin', 'SupervisorMSP.client')"
Admins:
Type: Signature
Rule: "OR('SupervisorMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('SupervisorMSP.peer')"
- &Rentalcrop
Name: Rentalcrop
ID: RentalcropMSP
MSPDir: crypto-config/peerOrganizations/rentalcrop.freerent.cn/msp
Policies:
Readers:
Type: Signature
Rule: "OR('RentalcropMSP.admin', 'RentalcropMSP.peer', 'RentalcropMSP.client')"
Writers:
Type: Signature
Rule: "OR('RentalcropMSP.admin', 'RentalcropMSP.client')"
Admins:
Type: Signature
Rule: "OR('RentalcropMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('RentalcropMSP.peer')"
- &Agency
Name: Agency
ID: AgencyMSP
MSPDir: crypto-config/peerOrganizations/agency.freerent.cn/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AgencyMSP.admin', 'AgencyMSP.peer', 'AgencyMSP.client')"
Writers:
Type: Signature
Rule: "OR('AgencyMSP.admin', 'AgencyMSP.client')"
Admins:
Type: Signature
Rule: "OR('AgencyMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('AgencyMSP.peer')"
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses: # ordere
- orderer0.freerent.cn:7050
- orderer1.freerent.cn:7050
- orderer2.freerent.cn:7050
EtcdRaft:
Consenters:
- Host: orderer0.freerent.cn
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/freerent.cn/orderers/orderer0.freerent.cn/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/freerent.cn/orderers/orderer0.freerent.cn/tls/server.crt
- Host: orderer1.freerent.cn
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/freerent.cn/orderers/orderer1.freerent.cn/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/freerent.cn/orderers/orderer1.freerent.cn/tls/server.crt
- Host: orderer2.freerent.cn
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/freerent.cn/orderers/orderer2.freerent.cn/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/freerent.cn/orderers/orderer2.freerent.cn/tls/server.crt
BatchTimeout: 1s
BatchSize:
# 后期性能调优会对区块生成相关参数进行探索
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Orderer
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Supervisor
- *Rentalcrop
- *Agency
Capabilities: *ApplicationCapabilities