orderer.yaml 15.3 KB
Newer Older
1
2
3
4
5
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

Jason Yellick's avatar
Jason Yellick committed
6
7
8
9
10
---
################################################################################
#
#   Orderer Configuration
#
11
#   - This controls the type and configuration of the orderer.
Jason Yellick's avatar
Jason Yellick committed
12
13
14
15
#
################################################################################
General:

16
17
18
19
20
21
    # Ledger Type: The ledger type to provide to the orderer.
    # Two non-production ledger types are provided for test purposes only:
    #  - ram: An in-memory ledger whose contents are lost on restart.
    #  - json: A simple file ledger that writes blocks to disk in JSON format.
    # Only one production ledger type is provided:
    #  - file: A production file-based ledger.
22
    LedgerType: file
Jason Yellick's avatar
Jason Yellick committed
23

24
    # Listen address: The IP on which to bind to listen.
Jason Yellick's avatar
Jason Yellick committed
25
26
    ListenAddress: 127.0.0.1

27
    # Listen port: The port on which to bind to listen.
28
    ListenPort: 7050
Jason Yellick's avatar
Jason Yellick committed
29

30
    # TLS: TLS settings for the GRPC server.
31
32
    TLS:
        Enabled: false
33
        # PrivateKey governs the file location of the private key of the TLS certificate.
34
        PrivateKey: tls/server.key
35
        # Certificate governs the file location of the server TLS certificate.
36
        Certificate: tls/server.crt
37
        RootCAs:
38
          - tls/ca.crt
39
        ClientAuthRequired: false
40
        ClientRootCAs:
41
42
43
44
45
46
47
48
49
50
51
    # Keepalive settings for the GRPC server.
    Keepalive:
        # ServerMinInterval is the minimum permitted time between client pings.
        # If clients send pings more frequently, the server will
        # disconnect them.
        ServerMinInterval: 60s
        # ServerInterval is the time between pings to clients.
        ServerInterval: 7200s
        # ServerTimeout is the duration the server waits for a response from
        # a client before closing the connection.
        ServerTimeout: 20s
52
53
54
55
56
57
58
59
60
61
62
63
    # Cluster settings for ordering service nodes that communicate with other ordering service nodes
    # such as Raft based ordering service.
    Cluster:
        # ClientCertificate governs the file location of the client TLS certificate
        # used to establish mutual TLS connections with other ordering service nodes.
        ClientCertificate:
        # ClientPrivateKey governs the file location of the private key of the client TLS certificate.
        ClientPrivateKey:
        # RootCAs governs the file locations of certificates of the Certificate Authorities
        # which authorize connections to remote ordering service nodes.
        RootCAs:
          - tls/ca.crt
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
        # The below 4 properties should be either set together, or be unset together.
        # If they are set, then the orderer node uses a separate listener for intra-cluster
        # communication. If they are unset, then the general orderer listener is used.
        # This is useful if you want to use a different TLS server certificates on the
        # client-facing and the intra-cluster listeners.

        # ListenPort defines the port on which the cluster listens to connections.
        ListenPort:
        # ListenAddress defines the IP on which to listen to intra-cluster communication.
        ListenAddress:
        # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
        # communication.
        ServerCertificate:
        # ServerPrivateKey defines the file location of the private key of the TLS certificate.
        ServerPrivateKey:
79
80
81
82
83
    # Genesis method: The method by which the genesis block for the orderer
    # system channel is specified. Available options are "provisional", "file":
    #  - provisional: Utilizes a genesis profile, specified by GenesisProfile,
    #                 to dynamically generate a new genesis block.
    #  - file: Uses the file provided by GenesisFile as the genesis block.
84
    GenesisMethod: provisional
85

86
87
88
89
90
    # Genesis profile: The profile to use to dynamically generate the genesis
    # block to use when initializing the orderer system channel and
    # GenesisMethod is set to "provisional". See the configtx.yaml file for the
    # descriptions of the available profiles. Ignored if GenesisMethod is set to
    # "file".
91
    GenesisProfile: SampleInsecureSolo
92

93
94
95
    # Genesis file: The file containing the genesis block to use when
    # initializing the orderer system channel and GenesisMethod is set to
    # "file". Ignored if GenesisMethod is set to "provisional".
96
    GenesisFile: genesisblock
97

98
    # LocalMSPDir is where to find the private crypto material needed by the
99
100
    # orderer. It is set relative here as a default for dev environments but
    # should be changed to the real location in production.
101
    LocalMSPDir: msp
102

103
    # LocalMSPID is the identity to register the local MSP material with the MSP
104
    # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
105
    # ID of one of the organizations defined in the orderer system channel's
106
    # /Channel/Orderer configuration. The sample organization defined in the
107
108
    # sample configuration provided has an MSP ID of "SampleOrg".
    LocalMSPID: SampleOrg
109

110
    # Enable an HTTP service for Go "pprof" profiling as documented at:
bcbrock's avatar
bcbrock committed
111
112
113
114
    # https://golang.org/pkg/net/http/pprof
    Profile:
        Enabled: false
        Address: 0.0.0.0:6060
115

116
    # BCCSP configures the blockchain crypto service providers.
117
    BCCSP:
118
119
120
121
122
123
        # Default specifies the preferred blockchain crypto service provider
        # to use. If the preferred provider is not available, the software
        # based provider ("SW") will be used.
        # Valid providers are:
        #  - SW: a software based crypto provider
        #  - PKCS11: a CA hardware security module crypto provider.
124
        Default: SW
125
126

        # SW configures the software based blockchain crypto provider.
127
        SW:
128
129
130
131
            # TODO: The default Hash and Security level needs refactoring to be
            # fully configurable. Changing these defaults requires coordination
            # SHA2 is hardcoded in several places, not only BCCSP
            Hash: SHA2
132
            Security: 256
133
134
135
136
            # Location of key store. If this is unset, a location will be
            # chosen using: 'LocalMSPDir'/keystore
            FileKeyStore:
                KeyStore:
bcbrock's avatar
bcbrock committed
137

138
139
140
141
142
143
144
    # Authentication contains configuration parameters related to authenticating
    # client messages
    Authentication:
        # the acceptable difference between the current server time and the
        # client's time as specified in a client request message
        TimeWindow: 15m

Jason Yellick's avatar
Jason Yellick committed
145
146
147
148
################################################################################
#
#   SECTION: File Ledger
#
149
#   - This section applies to the configuration of the file or json ledgers.
Jason Yellick's avatar
Jason Yellick committed
150
151
152
153
#
################################################################################
FileLedger:

154
    # Location: The directory to store the blocks in.
155
156
    # NOTE: If this is unset, a new temporary location will be chosen every time
    # the orderer is restarted, using the prefix specified by Prefix.
157
    Location: /var/hyperledger/production/orderer
Jason Yellick's avatar
Jason Yellick committed
158

159
160
    # The prefix to use when generating a ledger directory in temporary space.
    # Otherwise, this value is ignored.
161
    Prefix: hyperledger-fabric-ordererledger
Kostas Christidis's avatar
Kostas Christidis committed
162

163
164
165
166
167
168
169
170
171
172
################################################################################
#
#   SECTION: RAM Ledger
#
#   - This section applies to the configuration of the RAM ledger.
#
################################################################################
RAMLedger:

    # History Size: The number of blocks that the RAM ledger is set to retain.
173
174
175
176
    # WARNING: Appending a block to the ledger might cause the oldest block in
    # the ledger to be dropped in order to limit the number total number blocks
    # to HistorySize. For example, if history size is 10, when appending block
    # 10, block 0 (the genesis block!) will be dropped to make room for block 10.
177
178
    HistorySize: 1000

Kostas Christidis's avatar
Kostas Christidis committed
179
180
181
182
################################################################################
#
#   SECTION: Kafka
#
183
184
#   - This section applies to the configuration of the Kafka-based orderer, and
#     its interaction with the Kafka cluster.
Kostas Christidis's avatar
Kostas Christidis committed
185
186
187
188
#
################################################################################
Kafka:

189
190
    # Retry: What do if a connection to the Kafka cluster cannot be established,
    # or if a metadata request to the Kafka cluster needs to be repeated.
Kostas Christidis's avatar
Kostas Christidis committed
191
    Retry:
192
        # When a new channel is created, or when an existing channel is reloaded
193
194
        # (in case of a just-restarted orderer), the orderer interacts with the
        # Kafka cluster in the following ways:
195
196
197
198
199
        # 1. It creates a Kafka producer (writer) for the Kafka partition that
        # corresponds to the channel.
        # 2. It uses that producer to post a no-op CONNECT message to that
        # partition
        # 3. It creates a Kafka consumer (reader) for that partition.
200
        # If any of these steps fail, they will be re-attempted every
201
        # <ShortInterval> for a total of <ShortTotal>, and then every
202
        # <LongInterval> for a total of <LongTotal> until they succeed.
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
        # Note that the orderer will be unable to write to or read from a
        # channel until all of the steps above have been completed successfully.
        ShortInterval: 5s
        ShortTotal: 10m
        LongInterval: 5m
        LongTotal: 12h
        # Affects the socket timeouts when waiting for an initial connection, a
        # response, or a transmission. See Config.Net for more info:
        # https://godoc.org/github.com/Shopify/sarama#Config
        NetworkTimeouts:
            DialTimeout: 10s
            ReadTimeout: 10s
            WriteTimeout: 10s
        # Affects the metadata requests when the Kafka cluster is in the middle
        # of a leader election.See Config.Metadata for more info:
        # https://godoc.org/github.com/Shopify/sarama#Config
        Metadata:
            RetryBackoff: 250ms
            RetryMax: 3
        # What to do if posting a message to the Kafka cluster fails. See
        # Config.Producer for more info:
        # https://godoc.org/github.com/Shopify/sarama#Config
        Producer:
            RetryBackoff: 100ms
            RetryMax: 3
        # What to do if reading from the Kafka cluster fails. See
        # Config.Consumer for more info:
        # https://godoc.org/github.com/Shopify/sarama#Config
        Consumer:
            RetryBackoff: 2s
233
234
235
236
237
    # Settings to use when creating Kafka topics.  Only applies when
    # Kafka.Version is v0.10.1.0 or higher
    Topic:
        # The number of Kafka brokers across which to replicate the topic
        ReplicationFactor: 3
238
    # Verbose: Enable logging for interactions with the Kafka cluster.
239
    Verbose: false
240

241
    # TLS: TLS settings for the orderer's connection to the Kafka cluster.
242
243
    TLS:

244
      # Enabled: Use TLS when connecting to the Kafka cluster.
245
246
      Enabled: false

247
248
      # PrivateKey: PEM-encoded private key the orderer will use for
      # authentication.
249
      PrivateKey:
250
251
252
253
        # As an alternative to specifying the PrivateKey here, uncomment the
        # following "File" key and specify the file name from which to load the
        # value of PrivateKey.
        #File: path/to/PrivateKey
254

255
256
      # Certificate: PEM-encoded signed public key certificate the orderer will
      # use for authentication.
257
      Certificate:
258
259
260
261
        # As an alternative to specifying the Certificate here, uncomment the
        # following "File" key and specify the file name from which to load the
        # value of Certificate.
        #File: path/to/Certificate
262

263
      # RootCAs: PEM-encoded trusted root certificates used to validate
264
265
      # certificates from the Kafka cluster.
      RootCAs:
266
267
268
269
        # As an alternative to specifying the RootCAs here, uncomment the
        # following "File" key and specify the file name from which to load the
        # value of RootCAs.
        #File: path/to/RootCAs
270

271
272
273
274
275
276
277
278
279
    # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers
    SASLPlain:
      # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers
      Enabled: false
      # User: Required when Enabled is set to true
      User:
      # Password: Required when Enabled is set to true
      Password:

280
281
    # Kafka protocol version used to communicate with the Kafka cluster brokers
    # (defaults to 0.10.2.0 if not specified)
282
    Version:
283
284
285
286
287
288
289
290
291
292

################################################################################
#
#   Debug Configuration
#
#   - This controls the debugging options for the orderer
#
################################################################################
Debug:

293
    # BroadcastTraceDir when set will cause each request to the Broadcast service
294
295
296
297
298
299
    # for this orderer to be written to a file in this directory
    BroadcastTraceDir:

    # DeliverTraceDir when set will cause each request to the Deliver service
    # for this orderer to be written to a file in this directory
    DeliverTraceDir:
300

301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
################################################################################
#
#   Operations Configuration
#
#   - This configures the operations server endpoint for the orderer
#
################################################################################
Operations:
    # host and port for the operations server
    ListenAddress: 127.0.0.1:8443

    # TLS configuration for the operations endpoint
    TLS:
        # TLS enabled
        Enabled: false

        # Certificate is the location of the PEM encoded TLS certificate
        Certificate:

        # PrivateKey points to the location of the PEM-encoded key
        PrivateKey:

323
324
325
        # Most operations service endpoints require client authentication when TLS
        # is enabled. ClientAuthRequired requires client certificate authentication
        # at the TLS layer to access all resources.
326
327
328
        ClientAuthRequired: false

        # Paths to PEM encoded ca certificates to trust for client authentication
329
        ClientRootCAs: []
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356

################################################################################
#
#   Metrics  Configuration
#
#   - This configures metrics collection for the orderer
#
################################################################################
Metrics:
    # The metrics provider is one of statsd, prometheus, or disabled
    Provider: disabled

    # The statsd configuration
    Statsd:
      # network type: tcp or udp
      Network: udp

      # the statsd server address
      Address: 127.0.0.1:8125

      # The interval at which locally cached counters and gauges are pushed
      # to statsd; timings are pushed immediately
      WriteInterval: 30s

      # The prefix is prepended to all emitted statsd metrics
      Prefix:

357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
################################################################################
#
#   Consensus Configuration
#
#   - This section contains config options for a consensus plugin. It is opaque
#     to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:
    # The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
    # we use following options:

    # WALDir specifies the location at which Write Ahead Logs for etcd/raft are
    # stored. Each channel will have its own subdir named after channel ID.
    WALDir: /var/hyperledger/production/orderer/etcdraft/wal

    # SnapDir specifies the location at which snapshots for etcd/raft are
    # stored. Each channel will have its own subdir named after channel ID.
375
    SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot