configtx.yaml 详解

章节目录

1.hyperledger-fabric 介绍和资料整理
2.服务环境准备
3.安装fabric 二进制源码程序
4.生成fabric身份信息文件(证书)
5.生成系统通道初始区块文件
6.启动配置网络节点 docker-compose启动文件
7.将组织加入通道
8.安装合约
configtx.yaml 详解
crypto-config.yaml配置详解

简介

configtx.yaml是Hyperledger Fabric区块链网络运维工具configtxgen用于生成通道创世块或通道交易的配置文件,configtx.yaml的内容直接决定了所生成的创世区块的内容。本文将给出configtx.yaml的详细中文说明。
主要功能有如下三个:

  1. 生成启动Orderer 需要的初始区块,并支持检查区块内容
  2. 生成创建应用通道需要的配置交易,并支持检查交易内容
  3. 生成锚点Peer 的更新配置交易

configtx.yaml 配置文件一般包括四个部分: Profiles 、Organizations 、Orderer 和Application

符号含义
<<合并到当前数据
-数组
*别名
&锚点

Orderer 配置

TwoOrgsOrdererGenesis用来配置创世区块信息,TwoOrgsChannel来配置初始交易信息。

TwoOrgsOrdererGenesis配置项

传入 profile 参数的值为TwoOrgsOrdererGenesis
定义两个东西:一个是Orderer,另外一个是Consortiums。
因为生成创世区块需要以下信息:

  1. Orderer 信息
  2. 联盟信息

对于有一个 Orderer,有两个组织 Org1 和 Org2

|配置||

参数名含义
OrdererType类型 solo 或者 kafka
AddressesOrderer 地址
BatchTimeout区块生成超时时间
MaxMessageCount区块消息数量
AbsoluteMaxBytes区块绝对最大字节数
PreferredMaxBytes建议消息字节数。(暂时没有理解该字段,需翻源代码)
Brokerskafka 地址

组织配置

|配置||

参数名含义
Name组织名称
IDMSP ID
MSPDirmsp 目录(关于 MSP 这块后续单独说明)
AnchorPeers该组织的锚节点

configtx.yaml文件内容

1>Profiles部分

Orderer 系统通道模板必须包括Orderer 、Consortiurns 信息:

  • Orderer :指定Orderer 系统通道自身的配置信息。包括Ordering 服务配置(包括类型、地址、批处理限制、Kafka 信息、最大应用通道数目等),参与到此Orderer 的组织信息。网络启动时,必须首先创Orderer 系统通道
  • Consortiums : Orderer 所服务的联盟列表。每个联盟中组织彼此使用相同的通道创建策略,可以彼此创建应用通道

Profiles配置段用来定义用于configtxgen工具的配置入口。包含委员会(consortium)的配置入口可以用来生成排序节点的创世区块。如果在排序节点的创世区块中正确定义了consortium的成员,那么可以仅使用机构成员名称和委员会的名称来生成通道创建请求。
Profiles 配置用于 configtxgen 工具的配置入口,主要是引用其余五个部分的参数,其定义了一系列的配置模板,每个模板代表了特定应用场景下的自定义的通道配置,可以用来创建系统通道或应用通道。配置模板中可以包括 Application 、 Capabilities 、 Consortium 、 Consortiums 、 Policies 、 Orderer 等配置字段,根据使用目的不同,一般只包括部分字段。除了通道默认的配置,创建系统通道初始区块的模板一般需要包括 Orderer 、 Consortiums 字段信息(也可以包括 Applicaion 字段定义初始应用通道配置):

Profiles:
    # OrgsChannel用来生成channel配置信息,名字可以任意
    # 需要包含Consortium和Applicatioon两部分。
    OrgsChannel:
        Consortium: SampleConsortium    # 通道所关联的联盟名称
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *councilMSP
            Capabilities: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *softMSP
                - *webMSP
                - *hardMSP
            Capabilities:
                <<: *ApplicationCapabilities

2>Organizations 部分

Organizations配置段用来定义组织机构实体,以便在后续配置中引用。例如,下面的配置文件中,定义了三个机构,可以分别使用ExampleCom、Org1ExampleCom和Org2ExampleCom引用其配置

Organizations:
    - &councilMSP           # 定义一个组织引用,类似于变量,可在Profile部分被引用;所有带 & 符号的都是引用变量,使用 * 来引用
        Name: councilMSP    # 组织名称
        ID: councilMSP      # 组织ID
        MSPDir: ../orgs/council.ifantasy.net/msp    # 组织MSP文件夹的路径
        Policies:           # 组织策略
            Readers:
                Type: Signature
                Rule: "OR('councilMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('councilMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('councilMSP.admin')"
        # 此文件内的Orderer端口皆为容器内端口
        OrdererEndpoints:   # 定义排序节点(可多个),客户端和对等点可以分别连接到这些orderer以推送transactions和接收区块。
            - "orderer1.council.ifantasy.net:7051"
            - "orderer2.council.ifantasy.net:7054"
            - "orderer3.council.ifantasy.net:7057"
        AnchorPeers:    # 定义锚节点,锚节点对外代表本组织通信
            - Host: peer1.soft.ifantasy.net
              Port: 7251

3>orderer部分

Orderer配置段用来定义要编码写入创世区块或通道交易的排序节点参数。

Orderer: &OrdererDefaults
    OrdererType: etcdraft   # 排序服务算法,目前可用:solo,kafka,etcdraft
    Addresses:              # 排序节点地址
        - orderer1.soft.ifantasy.net:7051
        - orderer2.web.ifantasy.net:7052
        - orderer3.hard.ifantasy.net:7053
    # 定义了 etcdRaft 排序类型被选择时的配置
    EtcdRaft:
        Consenters:         # 定义投票节点
        - Host: orderer1.council.ifantasy.net
          Port: 7051
          ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pem # 节点的TLS签名证书
          ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pem
        - Host: orderer2.council.ifantasy.net
          Port: 7054
          ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pem
          ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pem
        - Host: orderer3.council.ifantasy.net
          Port: 7057
          ClientTLSCert: ../orgs/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pem
          ServerTLSCert: ../orgs/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pem

    # 区块打包的最大超时时间 (到了该时间就打包区块)
    BatchTimeout: 2s
    # 区块链的单个区块配置(orderer端切分区块的参数)
    BatchSize:
        MaxMessageCount: 10         # 一个区块里最大的交易数
        AbsoluteMaxBytes: 99 MB     # 一个区块的最大字节数,任何时候都不能超过
        PreferredMaxBytes: 512 KB   # 一个区块的建议字节数,如果一个交易消息的大小超过了这个值, 就会被放入另外一个更大的区块中

    # 参与维护Orderer的组织,默认为空(通常在 Profiles 中再配置)
    Organizations:
    # 定义本层级的排序节点策略,其权威路径为 /Channel/Orderer/<PolicyName>
    Policies:
        Readers:    # /Channel/Orderer/Readers
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:    # 指定了哪些签名必须包含在区块中,以便peer节点进行验证
            Type: ImplicitMeta
            Rule: "ANY Writers"
    Capabilities:
        <<: *OrdererCapabilities    # 引用上节 Capabilities 的 OrdererCapabilities

4>Applications部分

Application配置段用来定义要写入创世区块或配置交易的应用参数。

Application: &ApplicationDefaults

    # 干预 创建链码的系统链码 的函数访问控制策略
    _lifecycle/CheckCommitReadiness: /Channel/Application/Writers       # CheckCommitReadiness 函数的访问策略
    _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers  # CommitChaincodeDefinition 函数的访问策略
    _lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers   # QueryChaincodeDefinition 函数的访问策略
    _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers  # QueryChaincodeDefinitions 函数的访问策略

    # 关于 生命周期系统链码(lscc) 的函数访问控制策略
    lscc/ChaincodeExists: /Channel/Application/Readers              # getid 函数的访问策略
    lscc/GetDeploymentSpec: /Channel/Application/Readers            # getdepspec 函数的访问策略
    lscc/GetChaincodeData: /Channel/Application/Readers             # getccdata 函数的访问策略
    lscc/GetInstantiatedChaincodes: /Channel/Application/Readers    # getchaincodes 函数的访问策略

    # 关于 查询系统链码(qscc) 的函数访问控制策略
    qscc/GetChainInfo: /Channel/Application/Readers         # GetChainInfo 函数的访问策略
    qscc/GetBlockByNumber: /Channel/Application/Readers     # GetBlockByNumber 函数的访问策略
    qscc/GetBlockByHash: /Channel/Application/Readers       # GetBlockByHash 函数的访问策略
    qscc/GetTransactionByID: /Channel/Application/Readers   # GetTransactionByID 函数的访问策略
    qscc/GetBlockByTxID: /Channel/Application/Readers       # GetBlockByTxID 函数的访问策略

    # 关于 配置系统链码(cscc) 的函数访问控制策略
    cscc/GetConfigBlock: /Channel/Application/Readers   # GetConfigBlock 函数的访问策略
    cscc/GetChannelConfig: /Channel/Application/Readers # GetChannelConfig 函数的访问策略
  
    # 关于 peer 节点的函数访问控制策略
    peer/Propose: /Channel/Application/Writers                  # Propose 函数的访问策略
    peer/ChaincodeToChaincode: /Channel/Application/Writers     # ChaincodeToChaincode 函数的访问策略

    # 关于事件资源的访问策略
    event/Block: /Channel/Application/Readers           # 发送区块事件的策略
    event/FilteredBlock: /Channel/Application/Readers   # 发送筛选区块事件的策略
  
    # 默认为空,在 Profiles 中定义
    Organizations:
    # 定义本层级的应用控制策略,路径为 /Channel/Application/<PolicyName>
    Policies:
        Readers:    # /Channel/Application/Readers
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"

    Capabilities:
        <<: *ApplicationCapabilities    # 引用上节 Capabilities 的 ApplicationCapabilities

5>channel部分

Channel配置段用来定义要写入创世区块或配置交易的通道参数。

Channel: &ChannelDefaults
    #   定义本层级的通道访问策略,其权威路径为 /Channel/<PolicyName>
    Policies:
        Readers:    # 定义谁可以调用 'Deliver' 接口
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:    # 定义谁可以调用 'Broadcast' 接口
            Type: ImplicitMeta
            Rule: "ANY Writers"
        # By default, who may modify elements at this config level
        Admins:     # 定义谁可以修改本层策略
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ChannelCapabilities        # 引用上节 Capabilities 的 ChannelCapabilities 

6>Capabilities部分

Capabilities段用来定义fabric网络的能力。这是版本v1.0.0引入的一个新的配置段,当与版本v1.0.x的对等节点与排序节点混合组网时不可使用。
Capabilities段定义了fabric程序要加入网络所必须支持的特性。例如,如果添加了一个新的MSP类型,那么更新的程序可能会根据该类型识别并验证签名,但是老版本的程序就没有办法验证这些交易。这可能导致不同版本的fabric程序中维护的世界状态不一致。
因此,通过定义通道的能力,就明确了不满足该能力要求的fabric程序,将无法处理交易,除非升级到新的版本。对于v1.0.x的程序而言,如果在Capabilities段定义了任何能力,即使声明不需要支持这些能力,都会导致其有意崩溃。

Capabilities:
    # Channel配置同时针对通道上的Orderer节点和Peer节点(设置为ture表明要求节点具备该能力);
    Channel: &ChannelCapabilities
        V2_0: true  # 要求Channel上的所有Orderer节点和Peer节点达到v2.0.0或更高版本
     # Orderer配置仅针对Orderer节点,不限制Peer节点
    Orderer: &OrdererCapabilities
        V2_0: true  # 要求所有Orderer节点升级到v2.0.0或更高版本
    # Application配置仅应用于对等网络,不需考虑排序节点的升级
    Application: &ApplicationCapabilities
        V2_0: true

configtx.yaml文件内容

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

---
################################################################################
#
#   ORGANIZATIONS
#
#   This section defines the organizational identities that can be referenced
#   in the configuration profiles.
#   本节定义了可引用的组织标识
#   在配置配置文件中。
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig. It should never be used
    # in production but may be used as a template for other definitions.
    # SampleOrg使用sampleconfig定义MSP。它永远不应该被使用
    # 但可以用作其他定义的模板。
    - &OrdererOrg
        # Name is the key by which this org will be referenced in channel
        # configuration transactions.
        # Name can include alphanumeric characters as well as dots and dashes.
        # Name是该组织在通道中被引用的键
        # 配置事务。
        # Name可以包括字母数字字符以及点和破折号。
        Name: OrdererOrg

        # SkipAsForeign can be set to true for org definitions which are to be
        # inherited from the orderer system channel during channel creation.  This
        # is especially useful when an admin of a single org without access to the
        # MSP directories of the other orgs wishes to create a channel.  Note
        # this property must always be set to false for orgs included in block
        # creation.
        # SkipAsForeign可以设置为true的组织定义在通道创建期间从订购者系统通道继承。
        #这当单个组织的管理员无法访问其他组织的MSP目录希望创建一个通道。请注意
        #对于块中包含的组织,此属性必须始终设置为false创建。
        SkipAsForeign: false

        # ID is the key by which this org's MSP definition will be referenced.
        # ID can include alphanumeric characters as well as dots and dashes.
        # ID是这个组织的MSP定义将被引用的关键字。
        # ID可以包括字母数字字符以及点和破折号。 
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration.
        # MSPDir是包含MSP配置的文件系统路径。
        MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        #策略定义了配置树这个级别的策略集对于组织策略,它们的规范路径通常是
        # /通道/ <应用|订货人> / < OrgName > / < PolicyName >
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
                # If your MSP is configured with the new NodeOUs, you might
                # want to use a more specific rule like the following:
                # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
                #如果您的MSP配置了新的NodeOUs,您可能会想要使用一个更具体的规则,像下面这样:
                 # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
                # If your MSP is configured with the new NodeOUs, you might
                # want to use a more specific rule like the following:
                # 如果您的MSP配置了新的NodeOUs,您可能会 想要使用一个更具体的规则,像下面这样:
                # Rule: "OR('SampleOrg.admin', 'SampleOrg.client')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"

        # OrdererEndpoints is a list of all orderers this org runs which clients
        # and peers may to connect to to push transactions and receive blocks respectively.
        # OrdererEndpoints是该组织运行的客户端所有订单的列表
        #和对等体可以分别连接来推送事务和接收块。
        OrdererEndpoints:
            - "orderer0.example.com:7050"
            - "orderer1.example.com:7050"

        # AnchorPeers defines the location of peers which can be used for
        # cross-org gossip communication.
        #
        # NOTE: this value should only be set when using the deprecated
        # `configtxgen --outputAnchorPeersUpdate` command. It is recommended
        # to instead use the channel configuration update process to set the
        # anchor peers for each organization.
    
        # AnchorPeers定义了可以被使用的对等点的位置跨组织八卦交流。
        #
        #注意:该值只应该在使用deprecated时设置
        # ' configtxgen——outputAnchorPeersUpdate '命令。
        #建议、来代替使用通道配置更新过程来设置每个组织的锚定同伴。
        #AnchorPeers:
        #    - Host: 127.0.0.1
        #      Port: 7051

    - &Org1

        Name: Org1MSP
        ID: Org1MSP
        MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/peerOrganizations/org1.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org1MSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('Org1MSP.peer')"
        AnchorPeers:
            - Host: peer0.org1.example.com
              Port: 7051


    - &Org2

        Name: Org2MSP
        ID: Org2MSP
        MSPDir: /home/hyperledgerFabric/productionNetWork/crypto-config/peerOrganizations/org2.example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org2MSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('Org2MSP.peer')"
        AnchorPeers:
            - Host: peer0.org2.example.com
              Port: 7051

################################################################################
#
#   CAPABILITIES
#
#   This section defines the capabilities of fabric network. This is a new
#   concept as of v1.1.0 and should not be utilized in mixed networks with
#   v1.0.x peers and orderers.  Capabilities define features which must be
#   present in a fabric binary for that binary to safely participate in the
#   fabric network.  For instance, if a new MSP type is added, newer binaries
#   might recognize and validate the signatures from this type, while older
#   binaries without this support would be unable to validate those
#   transactions.  This could lead to different versions of the fabric binaries
#   having different world states.  Instead, defining a capability for a channel
#   informs those binaries without this capability that they must cease
#   processing transactions until they have been upgraded.  For v1.0.x if any
#   capabilities are defined (including a map with all capabilities turned off)
#   then the v1.0.x peer will deliberately crash.

#本节定义fabric网络的功能。这是一个新的
#概念,不应该在混合网络中使用
# v1.0。X同伴和定购者。能力定义了必须的特性 在fabric二进制中为该二进制安全地参与
#织物网络。例如,如果添加了新的MSP类型,则会生成新的二进制文件
#可以识别和验证来自此类型的签名,而更老的 如果没有这种支持,
# binary将无法验证这些文件交易。这可能导致织物二进制文件的不同版本
#拥有不同的世界状态。相反,应该为通道定义功能
#通知那些没有此功能的二进制文件必须停止
#处理事务,直到它们升级。v1.0。x如果任何
#功能被定义(包括一个所有功能都关闭的地图)
#然后是1.0版本。X点会故意崩溃。
#
################################################################################
Capabilities:
    # Channel capabilities apply to both the orderers and the peers and must be
    # supported by both.
    # Set the value of the capability to true to require it.
    #通道功能同时适用于订单方和对等方,并且必须如此
    #都支持。
    #设置该功能的值为true以要求它。
    Channel: &ChannelCapabilities
        # V2.0 for Channel is a catchall flag for behavior which has been
        # determined to be desired for all orderers and peers running at the v2.0.0
        # level, but which would be incompatible with orderers and peers from
        # prior releases.
        # Prior to enabling V2.0 channel capabilities, ensure that all
        # orderers and peers on a channel are at v2.0.0 or later.
    
        #Channel的# V2.0是一个囊括所有行为的标志
        #确定为运行在v2.0.0上的所有订单和对等点所期望的级别,
        #但它将与来自的订单和同级不兼容之前发布。
        #在启用V2.0通道功能之前,确保所有通道上的
        # orderer和peer是v2.0.0或更高版本。
        V2_0: true

    # Orderer capabilities apply only to the orderers, and may be safely
    # used with prior release peers.
    # Set the value of the capability to true to require it.
  
    # Orderer功能只适用于Orderer,并且可能是安全的用于以前的版本。
    #设置该功能的值为true以要求它。
    Orderer: &OrdererCapabilities
        # V1.1 for Orderer is a catchall flag for behavior which has been
        # determined to be desired for all orderers running at the v1.1.x
        # level, but which would be incompatible with orderers from prior releases.
        # Prior to enabling V2.0 orderer capabilities, ensure that all
        # orderers on a channel are at v2.0.0 or later.
    
        #Orderer的# V1.1是一个囊括所有行为的标志
        #被确定为运行在v1.1.x上的所有订单所期望的
        #级别,但它与以前版本的订单不兼容。
        #在启用V2.0订货者功能之前,确保所有通道上的
        # orderers是v2.0.0或更高版本。
        V2_0: true

    # Application capabilities apply only to the peer network, and may be safely
    # used with prior release orderers.
    # Set the value of the capability to true to require it.
  
    #应用程序功能仅适用于对等网络,并且可能是安全的
    #用于之前的放行订单。
    #设置该功能的值为true以要求它。
    Application: &ApplicationCapabilities
        # V2.0 for Application enables the new non-backwards compatible
        # features and fixes of fabric v2.0.
        # Prior to enabling V2.0 orderer capabilities, ensure that all
        # orderers on a channel are at v2.0.0 or later.
    
        # V2.0 for Application启用了新的非向后兼容
        # fabric v2.0的特性和修复。
        #在启用V2.0订货者功能之前,确保所有通道上的# orderers是v2.0.0或更高版本。
        V2_0: true

################################################################################
#
#   APPLICATION
#
#   This section defines the values to encode into a config transaction or
#   genesis block for application-related parameters.

#  这个部分定义了要编码到配置事务或
#  genesis块用于应用程序相关参数。
#
################################################################################
Application: &ApplicationDefaults
    ACLs: &ACLsDefault
        # This section provides defaults for policies for various resources
        # in the system. These "resources" could be functions on system chaincodes
        # (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources
        # (e.g.,who can receive Block events). This section does NOT specify the resource's
        # definition or API, but just the ACL policy for it.
        #本节为各种资源提供默认策略
        #。这些“资源”可以是系统链代码上的函数
        #(例如,“qscc”系统链代码上的“GetBlockByNumber”)或其他资源
        #(例如,谁可以接收Block事件)。此节不指定资源的
        #定义或API,而只是用于它的ACL策略。
    
        #
        # Users can override these defaults with their own policy mapping by defining the
        # mapping under ACLs in their channel definition
        #用户可以通过定义策略映射来覆盖这些默认值在通道定义的acl下的映射

        #---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
        #  增加了访问控制策略映射的Lifecycle System Chaincode (_lifecycle)函数


        # ACL policy for _lifecycle's "CheckCommitReadiness" function
        # _lifecycle的“CheckCommitReadiness”函数的ACL策略
        _lifecycle/CheckCommitReadiness: /Channel/Application/Writers

        # ACL policy for _lifecycle's "CommitChaincodeDefinition" function
        _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers

        # ACL policy for _lifecycle's "QueryChaincodeDefinition" function
        _lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers

        # ACL policy for _lifecycle's "QueryChaincodeDefinitions" function
        _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers

        #---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#

        # ACL policy for lscc's "getid" function
        lscc/ChaincodeExists: /Channel/Application/Readers

        # ACL policy for lscc's "getdepspec" function
        lscc/GetDeploymentSpec: /Channel/Application/Readers

        # ACL policy for lscc's "getccdata" function
        lscc/GetChaincodeData: /Channel/Application/Readers

        # ACL Policy for lscc's "getchaincodes" function
        lscc/GetInstantiatedChaincodes: /Channel/Application/Readers

        #---Query System Chaincode (qscc) function to policy mapping for access control---#

        # ACL policy for qscc's "GetChainInfo" function
        qscc/GetChainInfo: /Channel/Application/Readers

        # ACL policy for qscc's "GetBlockByNumber" function
        qscc/GetBlockByNumber: /Channel/Application/Readers

        # ACL policy for qscc's  "GetBlockByHash" function
        qscc/GetBlockByHash: /Channel/Application/Readers

        # ACL policy for qscc's "GetTransactionByID" function
        qscc/GetTransactionByID: /Channel/Application/Readers

        # ACL policy for qscc's "GetBlockByTxID" function
        qscc/GetBlockByTxID: /Channel/Application/Readers

        #---Configuration System Chaincode (cscc) function to policy mapping for access control---#

        # ACL policy for cscc's "GetConfigBlock" function
        cscc/GetConfigBlock: /Channel/Application/Readers

        # ACL policy for cscc's "GetChannelConfig" function
        cscc/GetChannelConfig: /Channel/Application/Readers

        #---Miscellaneous peer function to policy mapping for access control---#

        # ACL policy for invoking chaincodes on peer
        peer/Propose: /Channel/Application/Writers

        # ACL policy for chaincode to chaincode invocation
        peer/ChaincodeToChaincode: /Channel/Application/Writers

        #---Events resource to policy mapping for access control###---#

        # ACL policy for sending block events
        event/Block: /Channel/Application/Readers

        # ACL policy for sending filtered block events
        event/FilteredBlock: /Channel/Application/Readers

    # Organizations lists the orgs participating on the application side of the
    # network.
    #各机构列出参与申请的机构网络。
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Application policies, their canonical path is
    #策略定义了配置树这个级别的策略集
    #对于应用程序策略,它们的规范路径是
    #   /Channel/Application/<PolicyName>
    Policies: &ApplicationDefaultPolicies
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    # Capabilities describes the application level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    #能力描述了应用程序级别的能力,请参见
    # dedicated Capabilities部分在这个文件的其他地方有一个完整的
    #描述
    Capabilities:
        <<: *ApplicationCapabilities

################################################################################
#
#   ORDERER
#
#   This section defines the values to encode into a config transaction or
#   genesis block for orderer related parameters.
#   这个部分定义了要编码到配置事务或
#   genesis块的订单相关参数 
#
################################################################################
Orderer: &OrdererDefaults

    # Orderer Type: The orderer implementation to start.
    # 订单类型:订单实现开始。可用的类型
    # Available types are "solo", "kafka" and "etcdraft".
    OrdererType: etcdraft

    # Addresses used to be the list of orderer addresses that clients and peers
    # could connect to.  However, this does not allow clients to associate orderer
    # addresses and orderer organizations which can be useful for things such
    # as TLS validation.  The preferred way to specify orderer addresses is now
    # to include the OrdererEndpoints item in your org definition
  
    #地址曾经是客户端和对等点的订单地址列表
    #可以连接到。但是,这不允许客户端关联订购者
    #地址和orderer组织,可以对这样的事情有用
    #作为TLS验证。现在首选的指定订购者地址的方法是
    #将OrdererEndpoints项包含在组织定义中
    Addresses:
        - orderer0.example.com:7050
        - orderer1.example.com:7050

    # Batch Timeout: The amount of time to wait before creating a batch.
    # 批处理超时:创建批处理前需要等待的时间。
    # ***  出块速率 每2s 出块时间********
    BatchTimeout: 2s

    # Batch Size: Controls the number of messages batched into a block.
    # The orderer views messages opaquely, but typically, messages may
    # be considered to be Fabric transactions.  The 'batch' is the group
    # of messages in the 'data' field of the block.  Blocks will be a few kb
    # larger than the batch size, when signatures, hashes, and other metadata
    # is applied.
    #批处理大小:控制批处理到一个块中的消息的数量。 订单者不透明地查看消息,但通常情况下,消息可能
    #被认为是Fabric事务。“批”是组
    #的消息在区块的'data'字段。块的大小为几kb
    #大于批处理大小,当签名、散列和其他元数据时
    #。
    BatchSize:

        # Max Message Count: The maximum number of messages to permit in a
        # batch.  No block will contain more than this number of messages.
        # #最大消息数:允许的最大消息数批。没有任何块包含超过这个数量的消息。
        MaxMessageCount: 500

        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
        # the serialized messages in a batch. The maximum block size is this value
        # plus the size of the associated metadata (usually a few KB depending
        # upon the size of the signing identities). Any transaction larger than
        # this value will be rejected by ordering.
        # It is recommended not to exceed 49 MB, given the default grpc max message size of 100 MB
        # configured on orderer and peer nodes (and allowing for message expansion during communication).
        # Absolute Max Bytes:允许的绝对最大字节数
        #批处理中序列化的消息。最大块大小是这个值
        #加上相关元数据的大小(通常是几个KB取决于
        #指定签名身份的大小)。任何超过
        #该值将被排序拒绝。
        #默认grpc最大消息大小为100 MB,建议不超过49 MB
        #配置在orderer和peer节点上(并允许在通信期间进行消息扩展)。
        AbsoluteMaxBytes: 10 MB

        # Preferred Max Bytes: The preferred maximum number of bytes allowed
        # for the serialized messages in a batch. Roughly, this field may be considered
        # the best effort maximum size of a batch. A batch will fill with messages
        # until this size is reached (or the max message count, or batch timeout is
        # exceeded).  If adding a new message to the batch would cause the batch to
        # exceed the preferred max bytes, then the current batch is closed and written
        # to a block, and a new batch containing the new message is created.  If a
        # message larger than the preferred max bytes is received, then its batch
        # will contain only that message.  Because messages may be larger than
        # preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed
        # the preferred max bytes, but will always contain exactly one transaction.
        # Preferred Max Bytes:允许的首选最大字节数
        #用于批处理中序列化的消息。粗略地说,可以考虑这个字段批处理的最大尺寸。批处理将填充消息
        #直到达到该大小(或最大消息计数,或批处理超时)
        #超过)。如果向批处理添加新消息会导致批处理
        #超过首选的最大字节数,则关闭并写入当前批处理
        #添加到一个块,然后创建一个包含新消息的新批处理。如果一个
        #消息大于首选的最大字节,然后它的批处理
        #将只包含该消息。因为消息可能大于
        #首选的最大字节数(最多为AbsoluteMaxBytes),一些批可能会超过
        #首选的最大字节数,但总是只包含一个事务。
        PreferredMaxBytes: 2 MB

    # Max Channels is the maximum number of channels to allow on the ordering
    # network. When set to 0, this implies no maximum number of channels.
    # Max Channels是排序允许的最大通道数
    #网络。当设置为0时,这意味着没有最大通道数。
    MaxChannels: 0

    Kafka:
        # Brokers: A list of Kafka brokers to which the orderer connects. Edit
        # this list to identify the brokers of the ordering service.
        # NOTE: Use IP:port notation.
        #orderer连接到的Kafka broker的列表。编辑
        #此列表用于标识订购服务的代理。
        #注意:使用IP:端口符号。
        Brokers:
            - kafka0:9092
            - kafka1:9092
            - kafka2:9092

    # EtcdRaft defines configuration which must be set when the "etcdraft"
    # orderertype is chosen.
    #EtcdRaft定义了“EtcdRaft”时必须设置的配置
    #选择# orderertype。
    EtcdRaft:
        # The set of Raft replicas for this network. For the etcd/raft-based
        # implementation, we expect every replica to also be an OSN. Therefore,
        # a subset of the host:port items enumerated in this list should be
        # replicated under the Orderer.Addresses key above.
        #这个网络的Raft副本的集合etcd / raft-based
        # implementation,我们希望每个副本也是一个OSN。因此, 在这个列表中枚举的端口项应该是
        #复制在Orderer下。地址上面的关键
        Consenters:
            - Host: orderer0.example.com
              Port: 7050
              ClientTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
              ServerTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
            - Host: orderer1.example.com
              Port: 7050
              ClientTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
              ServerTLSCert: /home/hyperledgerFabric/productionNetWork/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt


        # Options to be specified for all the etcd/raft nodes. The values here
        # are the defaults for all new channels and can be modified on a
        # per-channel basis via configuration updates.
        #为所有etcd/raft节点指定的选项。这里的值
        #是所有新通道的默认值,可以在通过配置更新每个通道。
        Options:
            # TickInterval is the time interval between two Node.Tick invocations.
            #“TickInterval”为两个节点之间的时间间隔。蜱虫调用。
            TickInterval: 500ms

            # ElectionTick is the number of Node.Tick invocations that must pass
            # between elections. That is, if a follower does not receive any
            # message from the leader of current term before ElectionTick has
            # elapsed, it will become candidate and start an election.
            # ElectionTick must be greater than HeartbeatTick.
        
            # ElectionTick是Node的编号。勾选必须通过的调用
            #之间的选举。也就是说,如果一个追随者没有收到任何
            #这是现任领导人在ElectionTick之前发出的信息
            #消失后,它将成为候选人并开始选举。
            # ElectionTick必须大于HeartbeatTick。
            ElectionTick: 10

            # HeartbeatTick is the number of Node.Tick invocations that must
            # pass between heartbeats. That is, a leader sends heartbeat
            # messages to maintain its leadership every HeartbeatTick ticks.
        
            # HeartbeatTick是Node的数量。勾选必须的调用
            #在心跳之间传递。也就是说,领导者发出心跳
            #信息来维持它的领导地位。
            HeartbeatTick: 1

            # MaxInflightBlocks limits the max number of in-flight append messages
            # during optimistic replication phase.
            # MaxInflightBlocks限制动态附加消息的最大数量
            #在乐观复制阶段
            MaxInflightBlocks: 5

            # SnapshotIntervalSize defines number of bytes per which a snapshot is taken
            # SnapshotIntervalSize定义了每个快照的字节数
            SnapshotIntervalSize: 16 MB

    # Organizations lists the orgs participating on the orderer side of the
    # network.
    #组织列出了在订单端参与的组织
    #网络
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Orderer policies, their canonical path is
    #策略定义了配置树这个级别的策略集
    #对于Orderer策略,它们的规范路径是
    #   /Channel/Orderer/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        # BlockValidation specifies what signatures must be included in the block
        # from the orderer for the peer to validate it.
        # BlockValidation指定了区块中必须包含哪些签名
        #,以便对等端验证它
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

    # Capabilities describes the orderer level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    #能力描述订购者级别的能力,请参阅
    # dedicated Capabilities部分在这个文件的其他地方有一个完整的
    #描述
    Capabilities:
        <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#    本节定义要编码到配置事务或
# genesis块用于通道相关参数。
#
################################################################################
Channel: &ChannelDefaults
    # Policies defines the set of policies at this level of the config tree
    # For Channel policies, their canonical path is
    #策略定义了配置树这个级别的策略集对于通道策略,它们的规范路径是
    #   /Channel/<PolicyName>
    Policies:
        # Who may invoke the 'Deliver' API  谁可以调用“交付”API

        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        # Who may invoke the 'Broadcast' API
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        # By default, who may modify elements at this config level
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"


    # Capabilities describes the channel level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
  
    #能力描述通道级能力,请参见
    # dedicated Capabilities部分在这个文件的其他地方有一个完整的
    #描述
    Capabilities:
        <<: *ChannelCapabilities

################################################################################
#
#   PROFILES
#
#   Different configuration profiles may be encoded here to be specified as
#   parameters to the configtxgen tool. The profiles which specify consortiums
#   are to be used for generating the orderer genesis block. With the correct
#   consortium members defined in the orderer genesis block, channel creation
#   requests may be generated with only the org member names and a consortium
#   name.

#   不同的配置概要文件可以在这里被编码为configtxgen工具的
    #参数。指定联盟的概要文件
    #用于生成orderer genesis块。使用正确的
    #财团成员定义在orderer起源块,渠道创建
    #请求可以只生成组织成员名和一个联合体
    #的名字。

#
################################################################################
Profiles:

     TwoOrgsOrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2

     TwoOrgsChannel:
        Consortium: SampleConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
            Capabilities:
                <<: *ApplicationCapabilities

configtxgen 命令

 configtxgen --help 
  # 输出创始块区块文件的路径和名字
  `-outputBlock string`
  # 指定创建的channel的名字, 如果没指定系统会提供一个默认的名字.
  `-channelID string`
  # 表示输通道文件路径和名字
  `-outputCreateChannelTx string`
  # 指定配置文件中的节点
  `-profile string`
  # 更新channel的配置信息
  `-outputAnchorPeersUpdate string`
  # 指定所属的组织名称
  `-asOrg string`

生成创始块文件

-profile用于指定生成初始区块还是通道交易配置文件
-outputBlock指定生成的创世块文件路径以及名称,
-channelID为通道的名称
使用以下命令在当前目录下的channel-artifacts目录下得到一个文件genesis.block

configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config  -profile TwoOrgsOrdererGenesis -channelID fabric-channel -outputBlock /home/hyperledgerFabric/productionNetWork/channel-artifacts/orderer.genesis.block

生成通道文件

-profile后面对应的是我们在前面配置文件中所定义的名称
-channelID为通道的名称
使用以下命令在当前目录下的通道的名称随意起,但是注意要与上面生成创世块文件时的通道名称不同)。
-outputCreateChannelTx:生成的通道配置交易文件保存路径
使用以下命令在当前目录下的channel-artifacts目录下得到一个文件channel.tx。

configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config  -profile TwoOrgsChannel  -channelID businesschannel -outputCreateChannelTx /home/hyperledgerFabric/productionNetWork/channel-artifacts/businesschannel.tx

生成锚节点更新文件

-asOrg:用于指定有权设置的写集中的值的Org组织名称
使用以下命令在当前目录下的channel-artifacts目录下得到一个文件Org1MSPanchors.tx

configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config  -profile TwoOrgsChannel -channelID businesschannel -asOrg Org1MSP -outputAnchorPeersUpdate /home/hyperledgerFabric/productionNetWork/channel-artifacts/Org1MSPanchors.tx
configtxgen -configPath /home/hyperledgerFabric/productionNetWork/config  -profile TwoOrgsChannel -channelID businesschannel -asOrg Org2MSP -outputAnchorPeersUpdate /home/hyperledgerFabric/productionNetWork/channel-artifacts/Org2MSPanchors.tx

备注:创世区块和通道的 channelID 不能设置成一样。

  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值