章节目录
1.hyperledger-fabric 介绍和资料整理
2.服务环境准备
3.安装fabric 二进制源码程序
4.生成fabric身份信息文件(证书)
5.生成系统通道初始区块文件
6.启动配置网络节点 docker-compose启动文件
7.将组织加入通道
8.安装合约
configtx.yaml 详解
crypto-config.yaml配置详解
简介
configtx.yaml是Hyperledger Fabric区块链网络运维工具configtxgen用于生成通道创世块或通道交易的配置文件,configtx.yaml的内容直接决定了所生成的创世区块的内容。本文将给出configtx.yaml的详细中文说明。
主要功能有如下三个:
- 生成启动Orderer 需要的初始区块,并支持检查区块内容
- 生成创建应用通道需要的配置交易,并支持检查交易内容
- 生成锚点Peer 的更新配置交易
configtx.yaml 配置文件一般包括四个部分: Profiles 、Organizations 、Orderer 和Application
符号 | 含义 |
---|---|
<< | 合并到当前数据 |
- | 数组 |
* | 别名 |
& | 锚点 |
Orderer 配置
TwoOrgsOrdererGenesis用来配置创世区块信息,TwoOrgsChannel来配置初始交易信息。
TwoOrgsOrdererGenesis配置项
传入 profile 参数的值为TwoOrgsOrdererGenesis
定义两个东西:一个是Orderer,另外一个是Consortiums。
因为生成创世区块需要以下信息:
- Orderer 信息
- 联盟信息
对于有一个 Orderer,有两个组织 Org1 和 Org2
|配置||
参数名 | 含义 |
---|---|
OrdererType | 类型 solo 或者 kafka |
Addresses | Orderer 地址 |
BatchTimeout | 区块生成超时时间 |
MaxMessageCount | 区块消息数量 |
AbsoluteMaxBytes | 区块绝对最大字节数 |
PreferredMaxBytes | 建议消息字节数。(暂时没有理解该字段,需翻源代码) |
Brokers | kafka 地址 |
组织配置
|配置||
参数名 | 含义 |
---|---|
Name | 组织名称 |
ID | MSP ID |
MSPDir | msp 目录(关于 MSP 这块后续单独说明) |
AnchorPeers | 该组织的锚节点 |
configtx.yaml文件内容
1>Profiles部分
Orderer 系统通道模板必须包括Orderer 、Consortiurns 信息:
- Orderer :指定Orderer 系统通道自身的配置信息。包括Ordering 服务配置(包括类型、地址、批处理限制、Kafka 信息、最大应用通道数目等),参与到此Orderer 的组织信息。网络启动时,必须首先创Orderer 系统通道
- Consortiums : Orderer 所服务的联盟列表。每个联盟中组织彼此使用相同的通道创建策略,可以彼此创建应用通道
Profiles配置段用来定义用于configtxgen工具的配置入口。包含委员会(consortium)的配置入口可以用来生成排序节点的创世区块。如果在排序节点的创世区块中正确定义了consortium的成员,那么可以仅使用机构成员名称和委员会的名称来生成通道创建请求。
Profiles 配置用于 configtxgen 工具的配置入口,主要是引用其余五个部分的参数,其定义了一系列的配置模板,每个模板代表了特定应用场景下的自定义的通道配置,可以用来创建系统通道或应用通道。配置模板中可以包括 Application 、 Capabilities 、 Consortium 、 Consortiums 、 Policies 、 Orderer 等配置字段,根据使用目的不同,一般只包括部分字段。除了通道默认的配置,创建系统通道初始区块的模板一般需要包括 Orderer 、 Consortiums 字段信息(也可以包括 Applicaion 字段定义初始应用通道配置):
Profiles:
# OrgsChannel用来生成channel配置信息,名字可以任意
# 需要包含Consortium和Applicatioon两部分。
OrgsChannel:
Consortium: SampleConsortium # 通道所关联的联盟名称
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *councilMSP
Capabilities: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *softMSP
- *webMSP
- *hardMSP
Capabilities:
<<: *ApplicationCapabilities
2>Organizations 部分
Organizations配置段用来定义组织机构实体,以便在后续配置中引用。例如,下面的配置文件中,定义了三个机构,可以分别使用ExampleCom、Org1ExampleCom和Org2ExampleCom引用其配置
Organizations:
- &councilMSP # 定义一个组织引用,类似于变量,可在Profile部分被引用;所有带 & 符号的都是引用变量,使用 * 来引用
Name: councilMSP # 组织名称
ID: councilMSP # 组织ID
MSPDir: ../orgs/council.ifantasy.net/msp # 组织MSP文件夹的路径
Policies: # 组织策略
Readers:
Type: Signature
Rule: "OR('councilMSP.member')"
Writers:
Type: Signature
Rule: "OR('councilMSP.member')"
Admins:
Type: Signature
Rule: "OR('councilMSP.admin')"
# 此文件内的Orderer端口皆为容器内端口
OrdererEndpoints: # 定义排序节点(可多个),客户端和对等点可以分别连接到这些orderer以推送transactions和接收区块。
- "orderer1.council.ifantasy.net:7051"
- "orderer2.council.ifantasy.net:7054"
- "orderer3.council.ifantasy.net:7057"
AnchorPeers: # 定义锚节点,锚节点对外代表本组织通信
- Host: peer1.soft.ifantasy.net
Port: 7251
3>orderer部分
Orderer配置段用来定义要编码写入创世区块或通道交易的排序节点参数。
Orderer: &OrdererDefaults
OrdererType: etcdraft # 排序服务算法,目前可用:solo,kafka,etcdraft
Addresses: # 排序节点地址
- orderer1.soft.ifantasy.net:7051
- orderer2.web.ifantasy.net:7052
- orderer3.hard.ifantasy.net:7053
# 定义了 etcdRaft 排序类型被选择时的配置
EtcdRaft:
Consenters: # 定义投票节点
- Host: orderer1.council.ifantasy.net
Port: 7051
ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pem # 节点的TLS签名证书
ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pem
- Host: orderer2.council.ifantasy.net
Port: 7054
ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pem
ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pem
- Host: orderer3.council.ifantasy.net
Port: 7057
ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pem
ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pem
# 区块打包的最大超时时间 (到了该时间就打包区块)
BatchTimeout: 2s
# 区块链的单个区块配置(orderer端切分区块的参数)
BatchSize:
MaxMessageCount: 10 # 一个区块里最大的交易数
AbsoluteMaxBytes: 99 MB # 一个区块的最大字节数,任何时候都不能超过
PreferredMaxBytes: 512 KB # 一个区块的建议字节数,如果一个交易消息的大小超过了这个值, 就会被放入另外一个更大的区块中
# 参与维护Orderer的组织,默认为空(通常在 Profiles 中再配置)
Organizations:
# 定义本层级的排序节点策略,其权威路径为 /Channel/Orderer/<PolicyName>
Policies:
Readers: # /Channel/Orderer/Readers
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation: # 指定了哪些签名必须包含在区块中,以便peer节点进行验证
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities # 引用上节 Capabilities 的 OrdererCapabilities
4>Applications部分
Application配置段用来定义要写入创世区块或配置交易的应用参数。
Application: &ApplicationDefaults
# 干预 创建链码的系统链码 的函数访问控制策略
_lifecycle/CheckCommitReadiness: /Channel/Application/Writers # CheckCommitReadiness 函数的访问策略
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers # CommitChaincodeDefinition 函数的访问策略
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers # QueryChaincodeDefinition 函数的访问策略
_lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers # QueryChaincodeDefinitions 函数的访问策略
# 关于 生命周期系统链码(lscc) 的函数访问控制策略
lscc/ChaincodeExists: /Channel/Application/Readers # getid 函数的访问策略
lscc/GetDeploymentSpec: /Channel/Application/Readers # getdepspec 函数的访问策略
lscc/GetChaincodeData: /Channel/Application/Readers # getccdata 函数的访问策略
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers # getchaincodes 函数的访问策略
# 关于 查询系统链码(qscc) 的函数访问控制策略
qscc/GetChainInfo: /Channel/Application/Readers # GetChainInfo 函数的访问策略
qscc/GetBlockByNumber: /Channel/Application/Readers # GetBlockByNumber 函数的访问策略
qscc/GetBlockByHash: /Channel/Application/Readers # GetBlockByHash 函数的访问策略
qscc/GetTransactionByID: /Channel/Application/Readers # GetTransactionByID 函数的访问策略
qscc/GetBlockByTxID: /Channel/Application/Readers # GetBlockByTxID 函数的访问策略
# 关于 配置系统链码(cscc) 的函数访问控制策略
cscc/GetConfigBlock: /Channel/Application/Readers # GetConfigBlock 函数的访问策略
cscc/GetChannelConfig: /Channel/Application/Readers # GetChannelConfig 函数的访问策略
# 关于 peer 节点的函数访问控制策略
peer/Propose: /Channel/Application/Writers # Propose 函数的访问策略
peer/ChaincodeToChaincode: /Channel/Application/Writers # ChaincodeToChaincode 函数的访问策略
# 关于事件资源的访问策略
event/Block: /Channel/Application/Readers # 发送区块事件的策略
event/FilteredBlock: /Channel/Application/Readers # 发送筛选区块事件的策略
# 默认为空,在 Profiles 中定义
Organizations:
# 定义本层级的应用控制策略,路径为 /Channel/Application/<PolicyName>
Policies:
Readers: # /Channel/Application/Readers
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities # 引用上节 Capabilities 的 ApplicationCapabilities
5>channel部分
Channel配置段用来定义要写入创世区块或配置交易的通道参数。
Channel: &ChannelDefaults
# 定义本层级的通道访问策略,其权威路径为 /Channel/<PolicyName>
Policies:
Readers: # 定义谁可以调用 'Deliver' 接口
Type: ImplicitMeta
Rule: "ANY Readers"
Writers: # 定义谁可以调用 'Broadcast' 接口
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins: # 定义谁可以修改本层策略
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities # 引用上节 Capabilities 的 ChannelCapabilities
6>Capabilities部分
Capabilities段用来定义fabric网络的能力。这是版本v1.0.0引入的一个新的配置段,当与版本v1.0.x的对等节点与排序节点混合组网时不可使用。
Capabilities段定义了fabric程序要加入网络所必须支持的特性。例如,如果添加了一个新的MSP类型,那么更新的程序可能会根据该类型识别并验证签名,但是老版本的程序就没有办法验证这些交易。这可能导致不同版本的fabric程序中维护的世界状态不一致。
因此,通过定义通道的能力,就明确了不满足该能力要求的fabric程序,将无法处理交易,除非升级到新的版本。对于v1.0.x的程序而言,如果在Capabilities段定义了任何能力,即使声明不需要支持这些能力,都会导致其有意崩溃。
Capabilities:
# Channel配置同时针对通道上的Orderer节点和Peer节点(设置为ture表明要求节点具备该能力);
Channel: &ChannelCapabilities
V2_0: true # 要求Channel上的所有Orderer节点和Peer节点达到v2.0.0或更高版本
# Orderer配置仅针对Orderer节点,不限制Peer节点
Orderer: &OrdererCapabilities
V2_0: true # 要求所有Orderer节点升级到v2.0.0或更高版本
# Application配置仅应用于对等网络,不需考虑排序节点的升级
Application: &ApplicationCapabilities
V2_0: true
configtx.yaml文件内容
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# ORGANIZATIONS
#
# This section defines the organizational identities that can be referenced
# in the configuration profiles.
# 本节定义了可引用的组织标识
# 在配置配置文件中。
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions.
# SampleOrg使用sampleconfig定义MSP。它永远不应该被使用
# 但可以用作其他定义的模板。
- &OrdererOrg
# Name is the key by which this org will be referenced in channel
# configuration transactions.
# Name can include alphanumeric characters as well as dots and dashes.
# Name是该组织在通道中被引用的键
# 配置事务。
# Name可以包括字母数字字符以及点和破折号。
Name: OrdererOrg
# SkipAsForeign can be set to true for org definitions which are to be
# inherited from the orderer system channel during channel creation. This
# is especially useful when an admin of a single org without access to the
# MSP directories of the other orgs wishes to create a channel. Note
# this property must always be set to false for orgs included in block
# creation.
# SkipAsForeign可以设置为true的组织定义在通道创建期间从订购者系统通道继承。
#这当单个组织的管理员无法访问其他组织的MSP目录希望创建一个通道。请注意
#对于块中包含的组织,此属性必须始终设置为false创建。
SkipAsForeign: false
# ID is the key by which this org's MSP definition will be referenced.
# ID can include alphanumeric characters as well as dots and dashes.
# ID是这个组织的MSP定义将被引用的关键字。
# ID可以包括字母数字字符以及点和破折号。
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration.
# MSPDir是包含MSP配置的文件系统路径。
MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
#策略定义了配置树这个级别的策略集对于组织策略,它们的规范路径通常是
# /通道/ <应用|订货人> / < OrgName > / < PolicyName >
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
#如果您的MSP配置了新的NodeOUs,您可能会想要使用一个更具体的规则,像下面这样:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# 如果您的MSP配置了新的NodeOUs,您可能会 想要使用一个更具体的规则,像下面这样:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.client')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# OrdererEndpoints is a list of all orderers this org runs which clients
# and peers may to connect to to push transactions and receive blocks respectively.
# OrdererEndpoints是该组织运行的客户端所有订单的列表
#和对等体可以分别连接来推送事务和接收块。
OrdererEndpoints:
- "orderer0.example.com:7050"
- "orderer1.example.com:7050"
# AnchorPeers defines the location of peers which can be used for
# cross-org gossip communication.
#
# NOTE: this value should only be set when using the deprecated
# `configtxgen --outputAnchorPeersUpdate` command. It is recommended
# to instead use the channel configuration update process to set the
# anchor peers for each organization.
# AnchorPeers定义了可以被使用的对等点的位置跨组织八卦交流。
#
#注意:该值只应该在使用deprecated时设置
# ' configtxgen——outputAnchorPeersUpdate '命令。
#建议、来代替使用通道配置更新过程来设置每个组织的锚定同伴。
#AnchorPeers:
# - Host: 127.0.0.1
# Port: 7051
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# CAPABILITIES
#
# This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#本节定义fabric网络的功能。这是一个新的
#概念,不应该在混合网络中使用
# v1.0。X同伴和定购者。能力定义了必须的特性 在fabric二进制中为该二进制安全地参与
#织物网络。例如,如果添加了新的MSP类型,则会生成新的二进制文件
#可以识别和验证来自此类型的签名,而更老的 如果没有这种支持,
# binary将无法验证这些文件交易。这可能导致织物二进制文件的不同版本
#拥有不同的世界状态。相反,应该为通道定义功能
#通知那些没有此功能的二进制文件必须停止
#处理事务,直到它们升级。v1.0。x如果任何
#功能被定义(包括一个所有功能都关闭的地图)
#然后是1.0版本。X点会故意崩溃。
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
#通道功能同时适用于订单方和对等方,并且必须如此
#都支持。
#设置该功能的值为true以要求它。
Channel: &ChannelCapabilities
# V2.0 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v2.0.0
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
#Channel的# V2.0是一个囊括所有行为的标志
#确定为运行在v2.0.0上的所有订单和对等点所期望的级别,
#但它将与来自的订单和同级不兼容之前发布。
#在启用V2.0通道功能之前,确保所有通道上的
# orderer和peer是v2.0.0或更高版本。
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
# Orderer功能只适用于Orderer,并且可能是安全的用于以前的版本。
#设置该功能的值为true以要求它。
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
#Orderer的# V1.1是一个囊括所有行为的标志
#被确定为运行在v1.1.x上的所有订单所期望的
#级别,但它与以前版本的订单不兼容。
#在启用V2.0订货者功能之前,确保所有通道上的
# orderers是v2.0.0或更高版本。
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
#应用程序功能仅适用于对等网络,并且可能是安全的
#用于之前的放行订单。
#设置该功能的值为true以要求它。
Application: &ApplicationCapabilities
# V2.0 for Application enables the new non-backwards compatible
# features and fixes of fabric v2.0.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
# V2.0 for Application启用了新的非向后兼容
# fabric v2.0的特性和修复。
#在启用V2.0订货者功能之前,确保所有通道上的# orderers是v2.0.0或更高版本。
V2_0: true
################################################################################
#
# APPLICATION
#
# This section defines the values to encode into a config transaction or
# genesis block for application-related parameters.
# 这个部分定义了要编码到配置事务或
# genesis块用于应用程序相关参数。
#
################################################################################
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# This section provides defaults for policies for various resources
# in the system. These "resources" could be functions on system chaincodes
# (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources
# (e.g.,who can receive Block events). This section does NOT specify the resource's
# definition or API, but just the ACL policy for it.
#本节为各种资源提供默认策略
#。这些“资源”可以是系统链代码上的函数
#(例如,“qscc”系统链代码上的“GetBlockByNumber”)或其他资源
#(例如,谁可以接收Block事件)。此节不指定资源的
#定义或API,而只是用于它的ACL策略。
#
# Users can override these defaults with their own policy mapping by defining the
# mapping under ACLs in their channel definition
#用户可以通过定义策略映射来覆盖这些默认值在通道定义的acl下的映射
#---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
# 增加了访问控制策略映射的Lifecycle System Chaincode (_lifecycle)函数
# ACL policy for _lifecycle's "CheckCommitReadiness" function
# _lifecycle的“CheckCommitReadiness”函数的ACL策略
_lifecycle/CheckCommitReadiness: /Channel/Application/Writers
# ACL policy for _lifecycle's "CommitChaincodeDefinition" function
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinition" function
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinitions" function
_lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# ACL policy for lscc's "getid" function
lscc/ChaincodeExists: /Channel/Application/Readers
# ACL policy for lscc's "getdepspec" function
lscc/GetDeploymentSpec: /Channel/Application/Readers
# ACL policy for lscc's "getccdata" function
lscc/GetChaincodeData: /Channel/Application/Readers
# ACL Policy for lscc's "getchaincodes" function
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# ACL policy for qscc's "GetChainInfo" function
qscc/GetChainInfo: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByNumber" function
qscc/GetBlockByNumber: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByHash" function
qscc/GetBlockByHash: /Channel/Application/Readers
# ACL policy for qscc's "GetTransactionByID" function
qscc/GetTransactionByID: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByTxID" function
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# ACL policy for cscc's "GetConfigBlock" function
cscc/GetConfigBlock: /Channel/Application/Readers
# ACL policy for cscc's "GetChannelConfig" function
cscc/GetChannelConfig: /Channel/Application/Readers
#---Miscellaneous peer function to policy mapping for access control---#
# ACL policy for invoking chaincodes on peer
peer/Propose: /Channel/Application/Writers
# ACL policy for chaincode to chaincode invocation
peer/ChaincodeToChaincode: /Channel/Application/Writers
#---Events resource to policy mapping for access control###---#
# ACL policy for sending block events
event/Block: /Channel/Application/Readers
# ACL policy for sending filtered block events
event/FilteredBlock: /Channel/Application/Readers
# Organizations lists the orgs participating on the application side of the
# network.
#各机构列出参与申请的机构网络。
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
#策略定义了配置树这个级别的策略集
#对于应用程序策略,它们的规范路径是
# /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the application level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
#能力描述了应用程序级别的能力,请参见
# dedicated Capabilities部分在这个文件的其他地方有一个完整的
#描述
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# ORDERER
#
# This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters.
# 这个部分定义了要编码到配置事务或
# genesis块的订单相关参数
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start.
# 订单类型:订单实现开始。可用的类型
# Available types are "solo", "kafka" and "etcdraft".
OrdererType: etcdraft
# Addresses used to be the list of orderer addresses that clients and peers
# could connect to. However, this does not allow clients to associate orderer
# addresses and orderer organizations which can be useful for things such
# as TLS validation. The preferred way to specify orderer addresses is now
# to include the OrdererEndpoints item in your org definition
#地址曾经是客户端和对等点的订单地址列表
#可以连接到。但是,这不允许客户端关联订购者
#地址和orderer组织,可以对这样的事情有用
#作为TLS验证。现在首选的指定订购者地址的方法是
#将OrdererEndpoints项包含在组织定义中
Addresses:
- orderer0.example.com:7050
- orderer1.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch.
# 批处理超时:创建批处理前需要等待的时间。
# *** 出块速率 每2s 出块时间********
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block.
# The orderer views messages opaquely, but typically, messages may
# be considered to be Fabric transactions. The 'batch' is the group
# of messages in the 'data' field of the block. Blocks will be a few kb
# larger than the batch size, when signatures, hashes, and other metadata
# is applied.
#批处理大小:控制批处理到一个块中的消息的数量。 订单者不透明地查看消息,但通常情况下,消息可能
#被认为是Fabric事务。“批”是组
#的消息在区块的'data'字段。块的大小为几kb
#大于批处理大小,当签名、散列和其他元数据时
#。
BatchSize:
# Max Message Count: The maximum number of messages to permit in a
# batch. No block will contain more than this number of messages.
# #最大消息数:允许的最大消息数批。没有任何块包含超过这个数量的消息。
MaxMessageCount: 500
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch. The maximum block size is this value
# plus the size of the associated metadata (usually a few KB depending
# upon the size of the signing identities). Any transaction larger than
# this value will be rejected by ordering.
# It is recommended not to exceed 49 MB, given the default grpc max message size of 100 MB
# configured on orderer and peer nodes (and allowing for message expansion during communication).
# Absolute Max Bytes:允许的绝对最大字节数
#批处理中序列化的消息。最大块大小是这个值
#加上相关元数据的大小(通常是几个KB取决于
#指定签名身份的大小)。任何超过
#该值将被排序拒绝。
#默认grpc最大消息大小为100 MB,建议不超过49 MB
#配置在orderer和peer节点上(并允许在通信期间进行消息扩展)。
AbsoluteMaxBytes: 10 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed
# for the serialized messages in a batch. Roughly, this field may be considered
# the best effort maximum size of a batch. A batch will fill with messages
# until this size is reached (or the max message count, or batch timeout is
# exceeded). If adding a new message to the batch would cause the batch to
# exceed the preferred max bytes, then the current batch is closed and written
# to a block, and a new batch containing the new message is created. If a
# message larger than the preferred max bytes is received, then its batch
# will contain only that message. Because messages may be larger than
# preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed
# the preferred max bytes, but will always contain exactly one transaction.
# Preferred Max Bytes:允许的首选最大字节数
#用于批处理中序列化的消息。粗略地说,可以考虑这个字段批处理的最大尺寸。批处理将填充消息
#直到达到该大小(或最大消息计数,或批处理超时)
#超过)。如果向批处理添加新消息会导致批处理
#超过首选的最大字节数,则关闭并写入当前批处理
#添加到一个块,然后创建一个包含新消息的新批处理。如果一个
#消息大于首选的最大字节,然后它的批处理
#将只包含该消息。因为消息可能大于
#首选的最大字节数(最多为AbsoluteMaxBytes),一些批可能会超过
#首选的最大字节数,但总是只包含一个事务。
PreferredMaxBytes: 2 MB
# Max Channels is the maximum number of channels to allow on the ordering
# network. When set to 0, this implies no maximum number of channels.
# Max Channels是排序允许的最大通道数
#网络。当设置为0时,这意味着没有最大通道数。
MaxChannels: 0
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects. Edit
# this list to identify the brokers of the ordering service.
# NOTE: Use IP:port notation.
#orderer连接到的Kafka broker的列表。编辑
#此列表用于标识订购服务的代理。
#注意:使用IP:端口符号。
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
#EtcdRaft定义了“EtcdRaft”时必须设置的配置
#选择# orderertype。
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
#这个网络的Raft副本的集合etcd / raft-based
# implementation,我们希望每个副本也是一个OSN。因此, 在这个列表中枚举的端口项应该是
#复制在Orderer下。地址上面的关键
Consenters:
- Host: orderer0.example.com
Port: 7050
ClientTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
ServerTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
- Host: orderer1.example.com
Port: 7050
ClientTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
ServerTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# Options to be specified for all the etcd/raft nodes. The values here
# are the defaults for all new channels and can be modified on a
# per-channel basis via configuration updates.
#为所有etcd/raft节点指定的选项。这里的值
#是所有新通道的默认值,可以在通过配置更新每个通道。
Options:
# TickInterval is the time interval between two Node.Tick invocations.
#“TickInterval”为两个节点之间的时间间隔。蜱虫调用。
TickInterval: 500ms
# ElectionTick is the number of Node.Tick invocations that must pass
# between elections. That is, if a follower does not receive any
# message from the leader of current term before ElectionTick has
# elapsed, it will become candidate and start an election.
# ElectionTick must be greater than HeartbeatTick.
# ElectionTick是Node的编号。勾选必须通过的调用
#之间的选举。也就是说,如果一个追随者没有收到任何
#这是现任领导人在ElectionTick之前发出的信息
#消失后,它将成为候选人并开始选举。
# ElectionTick必须大于HeartbeatTick。
ElectionTick: 10
# HeartbeatTick is the number of Node.Tick invocations that must
# pass between heartbeats. That is, a leader sends heartbeat
# messages to maintain its leadership every HeartbeatTick ticks.
# HeartbeatTick是Node的数量。勾选必须的调用
#在心跳之间传递。也就是说,领导者发出心跳
#信息来维持它的领导地位。
HeartbeatTick: 1
# MaxInflightBlocks limits the max number of in-flight append messages
# during optimistic replication phase.
# MaxInflightBlocks限制动态附加消息的最大数量
#在乐观复制阶段
MaxInflightBlocks: 5
# SnapshotIntervalSize defines number of bytes per which a snapshot is taken
# SnapshotIntervalSize定义了每个快照的字节数
SnapshotIntervalSize: 16 MB
# Organizations lists the orgs participating on the orderer side of the
# network.
#组织列出了在订单端参与的组织
#网络
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
#策略定义了配置树这个级别的策略集
#对于Orderer策略,它们的规范路径是
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
# BlockValidation指定了区块中必须包含哪些签名
#,以便对等端验证它
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
# Capabilities describes the orderer level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
#能力描述订购者级别的能力,请参阅
# dedicated Capabilities部分在这个文件的其他地方有一个完整的
#描述
Capabilities:
<<: *OrdererCapabilities
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
# 本节定义要编码到配置事务或
# genesis块用于通道相关参数。
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
#策略定义了配置树这个级别的策略集对于通道策略,它们的规范路径是
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API 谁可以调用“交付”API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
#能力描述通道级能力,请参见
# dedicated Capabilities部分在这个文件的其他地方有一个完整的
#描述
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# PROFILES
#
# Different configuration profiles may be encoded here to be specified as
# parameters to the configtxgen tool. The profiles which specify consortiums
# are to be used for generating the orderer genesis block. With the correct
# consortium members defined in the orderer genesis block, channel creation
# requests may be generated with only the org member names and a consortium
# name.
# 不同的配置概要文件可以在这里被编码为configtxgen工具的
#参数。指定联盟的概要文件
#用于生成orderer genesis块。使用正确的
#财团成员定义在orderer起源块,渠道创建
#请求可以只生成组织成员名和一个联合体
#的名字。
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
configtxgen 命令
configtxgen --help
# 输出创始块区块文件的路径和名字
`-outputBlock string`
# 指定创建的channel的名字, 如果没指定系统会提供一个默认的名字.
`-channelID string`
# 表示输通道文件路径和名字
`-outputCreateChannelTx string`
# 指定配置文件中的节点
`-profile string`
# 更新channel的配置信息
`-outputAnchorPeersUpdate string`
# 指定所属的组织名称
`-asOrg string`
生成创始块文件
-profile用于指定生成初始区块还是通道交易配置文件
-outputBlock指定生成的创世块文件路径以及名称,
-channelID为通道的名称
使用以下命令在当前目录下的channel-artifacts目录下得到一个文件genesis.block
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsOrdererGenesis -channelID fabric-channel -outputBlock /home/hyperledgerFabric/productionNetWork/channel-artifacts/orderer.genesis.block
生成通道文件
-profile后面对应的是我们在前面配置文件中所定义的名称
-channelID为通道的名称
使用以下命令在当前目录下的通道的名称随意起,但是注意要与上面生成创世块文件时的通道名称不同)。
-outputCreateChannelTx:生成的通道配置交易文件保存路径
使用以下命令在当前目录下的channel-artifacts目录下得到一个文件channel.tx。
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsChannel -channelID businesschannel -outputCreateChannelTx /home/hyperledgerFabric/productionNetWork/channel-artifacts/businesschannel.tx
生成锚节点更新文件
-asOrg:用于指定有权设置的写集中的值的Org组织名称
使用以下命令在当前目录下的channel-artifacts目录下得到一个文件Org1MSPanchors.tx
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsChannel -channelID businesschannel -asOrg Org1MSP -outputAnchorPeersUpdate /home/hyperledgerFabric/productionNetWork/channel-artifacts/Org1MSPanchors.tx
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config -profile TwoOrgsChannel -channelID businesschannel -asOrg Org2MSP -outputAnchorPeersUpdate /home/hyperledgerFabric/productionNetWork/channel-artifacts/Org2MSPanchors.tx
备注:创世区块和通道的 channelID 不能设置成一样。