Last active
July 20, 2017 14:50
-
-
Save chevdor/2e95e0f9fb14c9458caa1caf98cecd56 to your computer and use it in GitHub Desktop.
Fabric Docker Compose
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This container takes care of the identities | |
| membersrvc: | |
| container_name: membersrvc | |
| image: hyperledger/fabric-membersrvc | |
| expose: | |
| - "7054" | |
| ports: | |
| - "7054:7054" | |
| volumes: | |
| - ./membersrvc.yaml:/opt/gopath/src/github.com/hyperledger/fabric/membersrvc/membersrvc.yaml | |
| command: membersrvc | |
| vp1: | |
| image: hyperledger/fabric-peer:x86_64-0.6.1-preview | |
| ports: | |
| - 7050:7050 # rest | |
| - 7051:7051 # grpc | |
| - 7053:7053 | |
| environment: | |
| - CORE_PEER_ADDRESSAUTODETECT=true | |
| - CORE_PEER_PKI_ECA_PADDR=membersrvc:7054 | |
| - CORE_PEER_PKI_TCA_PADDR=membersrvc:7054 | |
| - CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054 | |
| - CORE_VM_ENDPOINT=unix:///var/run/docker.sock | |
| - CORE_PEER_ID=vp1 | |
| - CORE_LOGGING_LEVEL=DEBUG | |
| - CORE_SECURITY_ENABLED=true | |
| links: | |
| - membersrvc | |
| command: sh -c "sleep 5; peer node start --peer-chaincodedev" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CA server parameters | |
| # | |
| server: | |
| # limits the number of operating system threads used by the CA | |
| # set to negative to use the system default setting | |
| gomaxprocs: -1 | |
| # path to the OBC state directory and CA state subdirectory | |
| rootpath: "/var/hyperledger/production" | |
| cadir: ".membersrvc" | |
| # port the CA services are listening on | |
| port: ":7054" | |
| # TLS certificate and key file paths | |
| tls: | |
| cert: | |
| file: | |
| key: | |
| file: | |
| security: | |
| # Either 256 or 384 (note: must be the exact same value as specified in the core.yaml file) | |
| level: 256 | |
| # Either SHA2 or SHA3 (note: must be the exact same value as specified in the core.yaml file) | |
| hashAlgorithm: SHA3 | |
| serverhostoverride: | |
| tls_enabled: false | |
| client: | |
| cert: | |
| file: | |
| # The server host CN (Common Name) to be used (needs to match the TLS Server Certificate) | |
| serverhostoverride: | |
| # Boolean (true/false) value indicating whether TLS should be used between the client and | |
| # the various CA services (ECA, TCA, TLSCA, ACA) | |
| tls_enabled: false | |
| # A PEM-encoded (X509 v3, Base64) certificate to use for establishing the TLS connection | |
| # between the client and the ACA service | |
| client: | |
| cert: | |
| file: | |
| # Enabling/disabling different logging levels of the CA. | |
| # | |
| logging: | |
| # Please see fabric/docs/Setup/logging-control.md for more | |
| # options. | |
| server: warning | |
| ca: warning | |
| eca: warning | |
| ecap: warning | |
| ecaa: warning | |
| aca: warning | |
| acap: warning | |
| tca: warning | |
| tcap: warning | |
| tcaa: warning | |
| tlsca: warning | |
| # Default users to be registered with the CA on first launch. The role is a binary OR | |
| # of the different roles a user can have: | |
| # | |
| # - simple client such as a wallet: CLIENT | |
| # - non-validating peer: PEER | |
| # - validating client: VALIDATOR | |
| # - auditing client: AUDITOR | |
| # | |
| eca: | |
| # This hierarchy is used to create the Pre-key tree, affiliations is the top of this hierarchy, 'banks_and_institutions' is used to create the key associated to auditors of both banks and | |
| # institutions, 'banks' is used to create a key associated to auditors of banks, 'bank_a' is used to create a key associated to auditors of bank_a, etc. | |
| affiliations: | |
| banks_and_institutions: | |
| banks: | |
| - bank_a | |
| - bank_b | |
| - bank_c | |
| institutions: | |
| - institution_a | |
| users: | |
| # | |
| # The fields of each user are as follows: | |
| # <EnrollmentID>: <system_role (1:client, 2: peer, 4: validator, 8: auditor)> <EnrollmentPWD> <Affiliation> <Affiliation_Role> <JSON_Metadata> | |
| # | |
| # The optional JSON_Metadata field is of the following format: | |
| # { "registrar": { "roles": <array-of-role-names>, "delegateRoles": <array-of-role-names> } } | |
| # The 'registrar' section is used to control access to registration of new users directly via the ECAA.RegisterUser GRPC call. | |
| # (See the 'fabric/membersrvc/protos/ca.proto' file for the definition of ECAA.RegisterUser.) | |
| # Note that this also controls who can register users via the client SDK. | |
| # | |
| # Only users with a 'registrar' section may be a registrar to register other users. In particular, | |
| # 1) the "roles" field specifies which member roles may be registered by this user, and | |
| # 2) the "delegateRoles" field specifies which member roles may become the "roles" field of registered users. | |
| # The valid role names are "client", "peer", "validator", and "auditor". | |
| # | |
| # Example1: | |
| # The 'admin' user below can register clients, peers, validators, or auditors; furthermore, the 'admin' user can register other | |
| # users who can then register clients only. | |
| # | |
| # Example2: | |
| # The 'WebAppAdmin' user below can register clients only, but none of the users registered by this user can register other users. | |
| # | |
| admin: 1 Xurw3yU9zI0l institution_a '{"registrar":{"roles":["client","peer","validator","auditor"],"delegateRoles":["client"]}}' | |
| WebAppAdmin: 1 DJY27pEnl16d institution_a '{"registrar":{"roles":["client"]}}' | |
| lukas: 1 NPKYL39uKbkj bank_a | |
| system_chaincode_invoker: 1 DRJ20pEql15a institution_a | |
| diego: 1 DRJ23pEQl16a institution_a | |
| # Users for asset transfer with roles test located at | |
| # sdk/node/test/unit/asset-mgmt-with-roles.js | |
| alice: 1 CMS10pEQlB16 bank_a | |
| bob: 1 NOE63pEQbL25 bank_a | |
| assigner: 1 Tc43PeqBl11 bank_a | |
| vp: 4 f3489fy98ghf | |
| test_vp0: 4 MwYpmSRjupbT | |
| test_vp1: 4 5wgHK9qqYaPy | |
| test_vp2: 4 vQelbRvja7cJ | |
| test_vp3: 4 9LKqKH5peurL | |
| test_vp4: 4 Pqh90CEW5juZ | |
| test_vp5: 4 FfdvDkAdY81P | |
| test_vp6: 4 QiXJgHyV4t7A | |
| test_vp7: 4 twoKZouEyLyB | |
| test_vp8: 4 BxP7QNh778gI | |
| test_vp9: 4 wu3F1EwJWHvQ | |
| # Uncomment this section to activate devnet setup as specficied in | |
| # devnet-setup.md | |
| # | |
| # vp0: 4 vp0_secret | |
| # vp1: 4 vp1_secret | |
| test_user0: 1 MS9qrN8hFjlE bank_a | |
| test_user1: 1 jGlNl6ImkuDo institution_a | |
| test_user2: 1 zMflqOKezFiA bank_c | |
| test_user3: 1 vWdLCE00vJy0 bank_a | |
| test_user4: 1 4nXSrfoYGFCP institution_a | |
| test_user5: 1 yg5DVhm0er1z bank_b | |
| test_user6: 1 b7pmSxzKNFiw bank_a | |
| test_user7: 1 YsWZD4qQmYxo institution_a | |
| test_user8: 1 W8G0usrU7jRk bank_a | |
| test_user9: 1 H80SiB5ODKKQ institution_a | |
| test_nvp0: 2 iywrPBDEPl0K bank_a | |
| test_nvp1: 2 DcYXuRSocuqd institution_a | |
| test_nvp2: 2 flpChShlY7xt bank_c | |
| test_nvp3: 2 jeruawMomclo bank_a | |
| test_nvp4: 2 RMYVxSZCk370 institution_a | |
| test_nvp5: 2 XHYVCIJGZGK7 bank_b | |
| test_nvp6: 2 4cIn63j8ahYp bank_a | |
| test_nvp7: 2 E7FAJUtWVn2h institution_a | |
| test_nvp8: 2 LJu8DkUilBEH bank_a | |
| test_nvp9: 2 VlEsBsiyXSjw institution_a | |
| tca: | |
| # Enabling/disabling attributes encryption, currently false is unique possible value due attributes encryption is not yet implemented. | |
| attribute-encryption: | |
| enabled: false | |
| aca: | |
| # Attributes is a list of the valid attributes to each user, attribute certificate authority is emulated temporarily using this file entries. | |
| # In the future an external attribute certificate authority will be invoked. The format to each entry is: | |
| # | |
| # attribute-entry-#:{userid};{affiliation};{attributeName};{attributeValue};{valid from};{valid to} | |
| # | |
| # If valid to is empty the attribute never expire, if the valid from is empty the attribute is valid from the time zero. | |
| attributes: | |
| attribute-entry-0: diego;institution_a;company;ACompany;2015-01-01T00:00:00-03:00;; | |
| attribute-entry-1: diego;institution_a;position;Software Staff;2015-01-01T00:00:00-03:00;2015-07-12T23:59:59-03:00; | |
| attribute-entry-2: diego;institution_a;position;Software Engineer;2015-07-13T00:00:00-03:00;; | |
| attribute-entry-3: will,;institution_a;company;ACompany;2001-02-02T00:00:00-03:00;; | |
| attribute-entry-4: will;institution_a;position;Project Manager;2001-02-02T00:00:00-03:00;; | |
| attribute-entry-5: matthew,;institution_a;company;ACompany;2015-01-01T00:00:00-03:00;; | |
| attribute-entry-6: matthew;institution_a;position;Technical Leader;2015-01-01T00:00:00-03:00;; | |
| # User attributes for asset transfer with roles test located at | |
| #sdk/node/test/unit/asset-mgmt-with-roles.js | |
| attribute-entry-7: alice;bank_a;role;client;2016-01-01T00:00:00-03:00;; | |
| attribute-entry-8: alice;bank_a;account;12345-56789;2016-01-01T00:00:00-03:00;; | |
| attribute-entry-9: bob;bank_a;role;client;2015-02-02T00:00:00-03:00;; | |
| attribute-entry-10: bob;bank_a;account;23456-67890;2015-02-02T00:00:00-03:00;; | |
| attribute-entry-11: assigner;bank_a;role;assigner;2015-01-01T00:00:00-03:00;; | |
| address: localhost:7054 | |
| server-name: acap | |
| # Enabling/disabling Attribute Certificate Authority, if ACA is enabled attributes will be added into the TCert. | |
| enabled: false | |
| pki: | |
| ca: | |
| subject: | |
| organization: Hyperledger | |
| country: US |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment