Foreword:
It is recommended that you write it once and try it. It is recommended to write it in a tool such as idea, so that you can see the reference relationship.
Some places I don't understand very well, I hope everyone can correct me. Or I hope you can add.
Article Directory
1 Introduction
This file is configtxgenthe configuration file used by the tool to generate the channel genesis block or channel transaction. The content of configfx.yaml directly determines the content of the generated genesis block.
2. Main functions
- Generate the initial block needed to start the orderer, and support checking the block content
- Generate configuration transactions needed to create application channels, and support checking transaction content
- Generate an update configuration transaction for the anchor node
3. Specific configuration information
The configtx.yaml configuration file generally contains five configurations: Profiles, Organizations, Orderer, Applicationand Capabilities.
- details
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
- &Org3
Name: Org3MSP
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
AnchorPeers:
- Host: peer0.org3.example.com
Port: 7051
- &Org4
Name: Org4MSP
ID: Org4MSP
MSPDir: crypto-config/peerOrganizations/org4.example.com/msp
AnchorPeers:
- Host: peer0.org4.example.com
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationDefaults
Organizations:
Profiles:
FourOrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org3
- *Org4
FourOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
- *Org4
(1) Profiles section
In fact, there are many other configurations in the profile. I hope you can go to Baidu for details. Here I only provide the simplest case.
configtxgenThere is a command to specify the profile behind the tool
-profile string
The profile from configtx.yaml to use for generation. (default "SampleInsecureSolo")
Profiles:
FourOrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
# 最好自定义(这只是样例名称)
- *OrdererOrg
Consortiums:
SampleConsortium:
# 定义了peer节点的数量和名称 (要和下面 FourOrgsChannel->Applicatio下的对应)
Organizations:
- *Org1
- *Org2
- *Org3
- *Org4
FourOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
- *Org4
(2) Organizations section
Organization node information: defines all sorting service nodes and common nodes based on server configuration information.
Organizations:
- &ExampleCom
# 节点名称
Name: ExampleCom
# 加载的自定于MSPID
ID: example.com
# 主要管理员
AdminPrincipal: Role.ADMIN
# 定义包含MSP配置的文件系统路径
MSPDir: ./ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: OR('example.com.member')
Writers:
Type: Signature
Rule: OR('example.com.member')
Admins:
Type: Signature
Rule: OR('example.com.admin')
Endorsement:
Type: Signature
Rule: OR('example.com.member')
- &Org1ExampleCom
Name: Org1ExampleCom
ID: org1.example.com
MSPDir: ./peerOrganizations/org1.example.com/msp
AdminPrincipal: Role.ADMIN
# 定义了锚节点,
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
Policies:
Readers:
Type: Signature
Rule: OR('org1.example.com.member')
Writers:
Type: Signature
Rule: OR('org1.example.com.member')
Admins:
Type: Signature
Rule: OR('org1.example.com.admin')
Endorsement:
Type: Signature
Rule: OR('org1.example.com.member')
- &Org2ExampleCom
Name: Org2ExampleCom
ID: org2.example.com
MSPDir: ./peerOrganizations/org2.example.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Policies:
Readers:
Type: Signature
Rule: OR('org2.example.com.member')
Writers:
Type: Signature
Rule: OR('org2.example.com.member')
Admins:
Type: Signature
Rule: OR('org2.example.com.admin')
Endorsement:
Type: Signature
Rule: OR('org2.example.com.member')
(3) Orderer part
Orderer specifies the startup type of the fabric network, the block generation configuration and the address of the ordering service.
Orderer: &OrdererDefaults
# 排序节点类型用来指定要启用的排序节点实现,
# 不同的实现对应不同的共识算法。
# 目前可用的类型为:solo和kafka
OrdererType: solo
Addresses:
- orderer0.example.com:7050
# 批处理超时
BatchTimeout: 2s
BatchSize:
# 最大消息计数:批处理的最大消息数量
MaxMessageCount: 10
# 绝对最大字节数:批中序列化消息的绝对最大字节数
AbsoluteMaxBytes: 98 MB
#首选最大字节数
#批量序列化消息允许的首选最大字节数。
# 大于首选最大字节数的邮件将导致批处理大于首选最大字节数。
PreferredMaxBytes: 512 KB
#最大通道数
MaxChannels: 0
Kafka:
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
- kafka3:9092
Organizations:
# 定义本层级的排序节点策略,其权威路径为 /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
# BlockValidation配置项指定了哪些签名必须包含在区块中,以便对等节点进行验证
BlockValidation:
Type: ImplicitMeta
Rule: ANY Writers
# Capabilities配置描述排序节点层级的能力需求,这里直接引用
# 前面Capabilities配置段中的OrdererCapabilities配置项
Capabilities:
<<: *OrdererCapabilities
区块实在排序服务中生成,最终再通过广播的形式分发到各个peer节点实现数据同步,区块什么时候生成就是通过上面`Batch`配置。
举例:如上面配置。一个区块中
- 达到10条消息体
- 区块大小超过98MB
- 距离上一个区块生成时间达到或超过2s
(4) Application section
## 了解知识
1. 系统链码 System chaincodes
系统链码与普通用户具有相同的编程模型,但是与用户链码不同,系统链码内置在对等节点的可执行文件中。
2. LSCC `the life cycle system chaincode`
生命周期系统链码(LSCC)-安装/实例化/更新链码
3. ESCC `the endorsement system chaincode `
背书系统链码(ESCC)-通过响应进行数字签名来背书交易
4. VSCC `the validation system chaincode`
验证系统链码(VSCC)-根据背书策略验证交易的背书签名集
5. CSCC `the configuration system chaincode`
配置系统链码(CSCC)-用于管理通道的配置
- 代码
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# ACLs配置段为系统中各种资源提供默认的策略。
# 这里所说的“资源”,可以是系统链码的函数,例如qscc系统链码的GetBlockByNumber方法
# 也可以是其他资源,例如谁可以接收区块事件。
# 这个配置段不是用来定义资源或API,而仅仅是定义资源的访问控制策略
#
# 用户可以在通道定义中重写这些默认策略
#新生命周期系统链码 方法 去 策略 映射 访问控制
#---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
# _lifecycle系统链码CommitChaincodeDefinition函数的ACL定义
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# _lifecycle系统链码的QueryChaincodeDefinition函数的ACL定义
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers
# _lifecycle系统链码的QueryNamespaceDefinitions函数的ACL定义 查询命名空间定义
_lifecycle/QueryNamespaceDefinitions: /Channel/Application/Readers
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# lscc系统链码的getid函数的ACL定义
lscc/ChaincodeExists: /Channel/Application/Readers
# lscc系统链码的getdepspec函数的ACL定义
lscc/GetDeploymentSpec: /Channel/Application/Readers
# lscc系统链码的getccdata函数的ACL定义
lscc/GetChaincodeData: /Channel/Application/Readers
# lscc系统链码的getchaincodes函数的ACL定义
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# qscc系统链码的GetChainInfo函数的ACL定义
qscc/GetChainInfo: /Channel/Application/Readers
# qscc系统链码的GetBlockByNumber函数的ACL定义
qscc/GetBlockByNumber: /Channel/Application/Readers
# qscc系统 链码的GetBlockByHash函数的ACL定义
qscc/GetBlockByHash: /Channel/Application/Readers
# qscc系统链码的GetTransactionByID函数的ACL定义
qscc/GetTransactionByID: /Channel/Application/Readers
# qscc系统链码GetBlockByTxID函数的ACL定义
qscc/GetBlockByTxID: /Channel/Application/Readers
#系统配置链码
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# cscc系统链码的GetConfigBlock函数的ACl定义
cscc/GetConfigBlock: /Channel/Application/Readers
# cscc系统链码的GetConfigTree函数的ACL定义
cscc/GetConfigTree: /Channel/Application/Readers
# cscc系统链码的SimulateConfigTreeUpdate函数的ACL定义
#模拟配置树更新
cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
#杂七杂八的
#---Miscellanesous peer function to policy mapping for access control---#
# 访问对等节点上的链码的ACL策略定义
peer/Propose: /Channel/Application/Writers
# 从链码中访问其他链码的ACL策略定义
peer/ChaincodeToChaincode: /Channel/Application/Readers
#---Events resource to policy mapping for access control###---#
# 发送区块事件的ACL策略定义
event/Block: /Channel/Application/Readers
# 发送过滤的区块事件的ACL策略定义
event/FilteredBlock: /Channel/Application/Readers
# Organizations是组织的列表,被定义为网络应用程序方面的参与者。
Organizations:
# 定义本层级的应用控制策略,其权威路径为 /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
# 前面Capabilities配置段中的ApplicationCapabilities配置项
Capabilities:
<<: *ApplicationCapabilities
(5) channel part
The Channel configuration section is used to define the channel parameters to be written into the genesis block or configure the transaction.
Channel: &ChannelDefaults
# 定义本层级的通道访问策略,其权威路径为 /Channel/<PolicyName>,
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
# Writes策略定义了调用Broadcast API提交交易的许可规则
Writers:
Type: ImplicitMeta
Rule: ANY Writers
# Admin策略定义了修改本层级配置的许可规则
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
Capabilities:
<<: *ChannelCapabilities
(6) Capabilities section
It is used to determine the capability of the fabric network. This is a new configuration section introduced by version V1.0.0. It cannot be used when the network is mixed with peer nodes and ordering nodes of version v1.0.x.
The Capabilities section defines the features that the fabric program must support to join the network. For example, if a new MSP type is added, newer programs may recognize and verify signatures against that type, but older versions of the program would have no way to verify these transactions. This can lead to inconsistencies in the world state maintained in different versions of fabric programs.
Therefore, by defining the capability of the channel, it is clear that the fabric program that does not meet the capability requirements will not be able to process transactions unless it is upgraded to a new version. For the v1.0.x program, if any capabilities are defined in the Capabilities section, even if it is declared that these capabilities do not need to be supported, it will cause it to crash intentionally.
It is the configuration of version compatibility issues
Capabilities:
# Global配置同时应用于排序节点和对等节点,并且必须被两种节点同时支持。
# 将该配置项设置为ture表明要求节点具备该能力
Global: &ChannelCapabilities
V1_3: true
# Orderer配置仅应用于排序节点,不需考虑对等节点的升级。将该配置项
# 设置为true表明要求排序节点具备该能力
Orderer: &OrdererCapabilities
V1_1: true
# Application配置仅应用于对等网络,不需考虑排序节点的升级。将该配置项
# 设置为true表明要求对等节点具备该能力
Application: &ApplicationCapabilities
V1_3: true