configtx.yaml is the Hyperledger Fabric blockchain network operation and maintenance tool configtxgen used to generate the configuration file of the channel creation block or channel transaction. The content of configtx.yaml directly determines the content of the generated creation block. This article will give a detailed Chinese description of configtx.yaml.
Capabilities / channel capability configuration
The Capabilities section is used to define the capabilities of the fabric network. This is a new configuration section introduced in version v1.0.0. It cannot be used in mixed networking with peer nodes and ordering nodes of version v1.0.x.
The Capabilities section defines the features that the fabric program must support to join the network. For example, if a new MSP type is added, the updated program may recognize and verify the signature based on that type, but the old version of the program has no way to verify these transactions. This may lead to inconsistencies in the world state maintained in different versions of the fabric program.
Therefore, by defining the ability of the channel, it is clear that fabric programs that do not meet the requirements of this ability will not be able to process transactions unless they are upgraded to a new version. For v1.0.x programs, if any capabilities are defined in the Capabilities section, even if it is declared that these capabilities are not required to be supported, it will intentionally crash.
Capabilities:
# Global配置同时应用于排序节点和对等节点,并且必须被两种节点同时支持。
# 将该配置项设置为ture表明要求节点具备该能力
Global: &ChannelCapabilities
V1_3: true
# Orderer配置仅应用于排序节点,不需考虑对等节点的升级。将该配置项
# 设置为true表明要求排序节点具备该能力
Orderer: &OrdererCapabilities
V1_1: true
# Application配置仅应用于对等网络,不需考虑排序节点的升级。将该配置项
# 设置为true表明要求对等节点具备该能力
Application: &ApplicationCapabilities
V1_3: true
Organizations / organization configuration
The Organizations configuration section is used to define organizational entities for reference in subsequent configurations. For example, in the following configuration file, three organizations are defined, and the configurations can be referenced using ExampleCom, Org1ExampleCom, and Org2ExampleCom respectively:
Organizations:
- &ExampleCom
Name: ExampleCom
ID: example.com
AdminPrincipal: Role.ADMIN
MSPDir: ./ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: OR('example.com.member')
Writers:
Type: Signature
Rule: OR('example.com.member')
Admins:
Type: Signature
Rule: OR('example.com.admin')
Endorsement:
Type: Signature
Rule: OR('example.com.member')
- &Org1ExampleCom
Name: Org1ExampleCom
ID: org1.example.com
MSPDir: ./peerOrganizations/org1.example.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
Policies:
Readers:
Type: Signature
Rule: OR('org1.example.com.member')
Writers:
Type: Signature
Rule: OR('org1.example.com.member')
Admins:
Type: Signature
Rule: OR('org1.example.com.admin')
Endorsement:
Type: Signature
Rule: OR('org1.example.com.member')
- &Org2ExampleCom
Name: Org2ExampleCom
ID: org2.example.com
MSPDir: ./peerOrganizations/org2.example.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Policies:
Readers:
Type: Signature
Rule: OR('org2.example.com.member')
Writers:
Type: Signature
Rule: OR('org2.example.com.member')
Admins:
Type: Signature
Rule: OR('org2.example.com.admin')
Endorsement:
Type: Signature
Rule: OR('org2.example.com.member')
Orderer / ordering node configuration
The Orderer configuration section is used to define the ordering node parameters to be coded into the genesis block or channel transaction.
Orderer: &OrdererDefaults
# 排序节点类型用来指定要启用的排序节点实现,不同的实现对应不同的共识算法。
# 目前可用的类型为:solo和kafka
OrdererType: solo
Addresses:
- orderer0.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
MaxChannels: 0
Kafka:
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
- kafka3:9092
Organizations:
# 定义本层级的排序节点策略,其权威路径为 /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
# BlockValidation配置项指定了哪些签名必须包含在区块中,以便对等节点进行验证
BlockValidation:
Type: ImplicitMeta
Rule: ANY Writers
# Capabilities配置描述排序节点层级的能力需求,这里直接引用
# 前面Capabilities配置段中的OrdererCapabilities配置项
Capabilities:
<<: *OrdererCapabilities
Channel / channel configuration
The Channel configuration section is used to define the channel parameters to be written to the genesis block or configuration transaction.
Channel: &ChannelDefaults
# 定义本层级的通道访问策略,其权威路径为 /Channel/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
# Writes策略定义了调用Broadcast API提交交易的许可规则
Writers:
Type: ImplicitMeta
Rule: ANY Writers
# Admin策略定义了修改本层级配置的许可规则
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
# Capabilities配置描通道层级的能力需求,这里直接引用
# 前面Capabilities配置段中的ChannelCapabilities配置项
Capabilities:
<<: *ChannelCapabilities
Application / application configuration
The Application configuration section is used to define application parameters to be written into the genesis block or configuration transactions.
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# ACLs配置段为系统中各种资源提供默认的策略。
# 这里所说的“资源”,可以是系统链码的函数,例如qscc系统链码的GetBlockByNumber方法
# 也可以是其他资源,例如谁可以接收区块事件。
# 这个配置段不是用来定义资源或API,而仅仅是定义资源的访问控制策略
#
# 用户可以在通道定义中重写这些默认策略
#---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
# _lifecycle系统链码CommitChaincodeDefinition函数的ACL定义
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# _lifecycle系统链码的QueryChaincodeDefinition函数的ACL定义
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers
# _lifecycle系统链码的QueryNamespaceDefinitions函数的ACL定义
_lifecycle/QueryNamespaceDefinitions: /Channel/Application/Readers
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# lscc系统链码的getid函数的ACL定义
lscc/ChaincodeExists: /Channel/Application/Readers
# lscc系统链码的getdepspec函数的ACL定义
lscc/GetDeploymentSpec: /Channel/Application/Readers
# lscc系统链码的getccdata函数的ACL定义
lscc/GetChaincodeData: /Channel/Application/Readers
# lscc系统链码的getchaincodes函数的ACL定义
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# qscc系统链码的GetChainInfo函数的ACL定义
qscc/GetChainInfo: /Channel/Application/Readers
# qscc系统链码的GetBlockByNumber函数的ACL定义
qscc/GetBlockByNumber: /Channel/Application/Readers
# qscc系统 链码的GetBlockByHash函数的ACL定义
qscc/GetBlockByHash: /Channel/Application/Readers
# qscc系统链码的GetTransactionByID函数的ACL定义
qscc/GetTransactionByID: /Channel/Application/Readers
# qscc系统链码GetBlockByTxID函数的ACL定义
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# cscc系统链码的GetConfigBlock函数的ACl定义
cscc/GetConfigBlock: /Channel/Application/Readers
# cscc系统链码的GetConfigTree函数的ACL定义
cscc/GetConfigTree: /Channel/Application/Readers
# cscc系统链码的SimulateConfigTreeUpdate函数的ACL定义
cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
#---Miscellanesous peer function to policy mapping for access control---#
# 访问对等节点上的链码的ACL策略定义
peer/Propose: /Channel/Application/Writers
# 从链码中访问其他链码的ACL策略定义
peer/ChaincodeToChaincode: /Channel/Application/Readers
#---Events resource to policy mapping for access control###---#
# 发送区块事件的ACL策略定义
event/Block: /Channel/Application/Readers
# 发送过滤的区块事件的ACL策略定义
event/FilteredBlock: /Channel/Application/Readers
# Organizations配置列出参与到网络中的机构清单
Organizations:
# 定义本层级的应用控制策略,其权威路径为 /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
# Capabilities配置描述应用层级的能力需求,这里直接引用
# 前面Capabilities配置段中的ApplicationCapabilities配置项
Capabilities:
<<: *ApplicationCapabilities
Profiles / configuration entry
The Profiles configuration section is used to define the configuration entry for the configtxgen tool. The configuration entry that contains the consortium can be used to generate the genesis block of the sorting node. If the members of the consortium are correctly defined in the genesis block of the sorting node, then only the name of the institution member and the name of the committee can be used to generate a channel creation request.
Profiles:
# SampleInsecureSolo定义了一个使用Solo排序节点的简单配置
SampleInsecureSolo:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Consortiums:
SampleConsortium:
Organizations:
- *Org1ExampleCom
- *Org2ExampleCom
# SampleInsecureKafka定义了一个使用Kfaka排序节点的配置
SampleInsecureKafka:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Addresses:
- orderer0.example.com:7050
- orderer1.example.com:7050
- orderer2.example.com:7050
Organizations:
- *ExampleCom
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Consortiums:
SampleConsortium:
Organizations:
- *ExampleCom
- *Org1ExampleCom
- *Org2ExampleCom
# SampleSingleMSPSolo定义了一个使用Solo排序节点、包含单一MSP的配置
SampleSingleMSPSolo:
Orderer:
<<: *OrdererDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Consortiums:
SampleConsortium:
Organizations:
- *ExampleCom
- *Org1ExampleCom
- *Org2ExampleCom
# SampleEmptyInsecureChannel定义了一个不包含成员与访问控制策略的通道
SampleEmptyInsecureChannel:
Capabilities:
<<: *ChannelCapabilities
Consortium: SampleConsortium
Application:
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
# SysTestChannel定义了一个用于测试的通道
SysTestChannel:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1ExampleCom
- *Org2ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
# SampleSingleMSPChannel定义了一个仅包含单一成员机构的通道。
# 该配置通常与SampleSingleMSPSolo或SampleSingleMSPKafka同时使用
SampleSingleMSPChannel:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1ExampleCom
- *Org2ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement