Last active
October 15, 2023 00:44
-
-
Save daanporon/5e4f2fc5270dfb99e4da7b3d1d343c75 to your computer and use it in GitHub Desktop.
Setting up HLF orderer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright IBM Corp. All Rights Reserved. | |
# | |
# SPDX-License-Identifier: Apache-2.0 | |
# | |
--- | |
################################################################################ | |
# | |
# Section: Organizations | |
# | |
# - This section defines the different organizational identities which will | |
# be referenced later in the configuration. | |
# | |
################################################################################ | |
Organizations: | |
# SampleOrg defines an MSP using the sampleconfig. It should never be used | |
# in production but may be used as a template for other definitions | |
- &Org1 | |
# DefaultOrg defines the organization which is used in the sampleconfig | |
# of the fabric.git development environment | |
Name: Org1MSP | |
# ID to load the MSP definition as | |
ID: Org1MSP | |
# MSPDir is the filesystem path which contains the MSP configuration | |
MSPDir: /client/org1/msp | |
# Policies defines the set of policies at this level of the config tree | |
# For organization policies, their canonical path is usually | |
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName> | |
Policies: | |
Readers: | |
Type: Signature | |
Rule: "OR('Org1MSP.member')" | |
Writers: | |
Type: Signature | |
Rule: "OR('Org1MSP.member')" | |
Admins: | |
Type: Signature | |
Rule: "OR('Org1MSP.admin')" | |
OrdererEndpoints: | |
org1-orderer-service:7050 | |
################################################################################ | |
# | |
# SECTION: Capabilities | |
# | |
# - This section defines the capabilities of fabric network. This is a new | |
# concept as of v1.1.0 and should not be utilized in mixed networks with | |
# v1.0.x peers and orderers. Capabilities define features which must be | |
# present in a fabric binary for that binary to safely participate in the | |
# fabric network. For instance, if a new MSP type is added, newer binaries | |
# might recognize and validate the signatures from this type, while older | |
# binaries without this support would be unable to validate those | |
# transactions. This could lead to different versions of the fabric binaries | |
# having different world states. Instead, defining a capability for a channel | |
# informs those binaries without this capability that they must cease | |
# processing transactions until they have been upgraded. For v1.0.x if any | |
# capabilities are defined (including a map with all capabilities turned off) | |
# then the v1.0.x peer will deliberately crash. | |
# | |
################################################################################ | |
Capabilities: | |
# Channel capabilities apply to both the orderers and the peers and must be | |
# supported by both. | |
# Set the value of the capability to true to require it. | |
Channel: &ChannelCapabilities | |
# V2_0 capability ensures that orderers and peers behave according | |
# to v2.0 channel capabilities. Orderers and peers from | |
# prior releases would behave in an incompatible way, and are therefore | |
# not able to participate in channels at v2.0 capability. | |
# Prior to enabling V2.0 channel capabilities, ensure that all | |
# orderers and peers on a channel are at v2.0.0 or later. | |
V2_0: true | |
# Orderer capabilities apply only to the orderers, and may be safely | |
# used with prior release peers. | |
# Set the value of the capability to true to require it. | |
Orderer: &OrdererCapabilities | |
# V2_0 orderer capability ensures that orderers behave according | |
# to v2.0 orderer capabilities. Orderers from | |
# prior releases would behave in an incompatible way, and are therefore | |
# not able to participate in channels at v2.0 orderer capability. | |
# Prior to enabling V2.0 orderer capabilities, ensure that all | |
# orderers on channel are at v2.0.0 or later. | |
V2_0: true | |
# Application capabilities apply only to the peer network, and may be safely | |
# used with prior release orderers. | |
# Set the value of the capability to true to require it. | |
Application: &ApplicationCapabilities | |
# V2.5 for Application enables the new non-backwards compatible | |
# features of fabric v2.5, namely the ability to purge private data. | |
# Prior to enabling V2.5 application capabilities, ensure that all | |
# peers on a channel are at v2.5.0 or later. | |
V2_5: true | |
################################################################################ | |
# | |
# SECTION: Application | |
# | |
# - This section defines the values to encode into a config transaction or | |
# genesis block for application related parameters | |
# | |
################################################################################ | |
Application: &ApplicationDefaults | |
# Organizations is the list of orgs which are defined as participants on | |
# the application side of the network | |
Organizations: | |
# Policies defines the set of policies at this level of the config tree | |
# For Application policies, their canonical path is | |
# /Channel/Application/<PolicyName> | |
Policies: | |
Readers: | |
Type: ImplicitMeta | |
Rule: "ANY Readers" | |
Writers: | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
Admins: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Admins" | |
LifecycleEndorsement: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Endorsement" | |
Endorsement: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Endorsement" | |
Capabilities: | |
<<: *ApplicationCapabilities | |
################################################################################ | |
# | |
# SECTION: Orderer | |
# | |
# - This section defines the values to encode into a config transaction or | |
# genesis block for orderer related parameters | |
# | |
################################################################################ | |
Orderer: &OrdererDefaults | |
# Orderer Type: The orderer implementation to start | |
OrdererType: etcdraft | |
# Addresses used to be the list of orderer addresses that clients and peers | |
# could connect to. However, this does not allow clients to associate orderer | |
# addresses and orderer organizations which can be useful for things such | |
# as TLS validation. The preferred way to specify orderer addresses is now | |
# to include the OrdererEndpoints item in your org definition | |
Addresses: | |
- org1-orderer-service:7050 | |
EtcdRaft: | |
Consenters: | |
- Host: org1-orderer-service | |
Port: 7050 | |
ClientTLSCert: /client/org1/orderers/org1-orderer-service/tls/signcerts/cert.pem | |
ServerTLSCert: /client/org1/orderers/org1-orderer-service/tls/signcerts/cert.pem | |
# Batch Timeout: The amount of time to wait before creating a batch | |
BatchTimeout: 2s | |
# Batch Size: Controls the number of messages batched into a block | |
BatchSize: | |
# Max Message Count: The maximum number of messages to permit in a batch | |
MaxMessageCount: 10 | |
# Absolute Max Bytes: The absolute maximum number of bytes allowed for | |
# the serialized messages in a batch. | |
AbsoluteMaxBytes: 99 MB | |
# Preferred Max Bytes: The preferred maximum number of bytes allowed for | |
# the serialized messages in a batch. A message larger than the preferred | |
# max bytes will result in a batch larger than preferred max bytes. | |
PreferredMaxBytes: 512 KB | |
# Organizations is the list of orgs which are defined as participants on | |
# the orderer side of the network | |
Organizations: | |
# Policies defines the set of policies at this level of the config tree | |
# For Orderer policies, their canonical path is | |
# /Channel/Orderer/<PolicyName> | |
Policies: | |
Readers: | |
Type: ImplicitMeta | |
Rule: "ANY Readers" | |
Writers: | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
Admins: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Admins" | |
# BlockValidation specifies what signatures must be included in the block | |
# from the orderer for the peer to validate it. | |
BlockValidation: | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
################################################################################ | |
# | |
# CHANNEL | |
# | |
# This section defines the values to encode into a config transaction or | |
# genesis block for channel related parameters. | |
# | |
################################################################################ | |
Channel: &ChannelDefaults | |
# Policies defines the set of policies at this level of the config tree | |
# For Channel policies, their canonical path is | |
# /Channel/<PolicyName> | |
Policies: | |
# Who may invoke the 'Deliver' API | |
Readers: | |
Type: ImplicitMeta | |
Rule: "ANY Readers" | |
# Who may invoke the 'Broadcast' API | |
Writers: | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
# By default, who may modify elements at this config level | |
Admins: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Admins" | |
# Capabilities describes the channel level capabilities, see the | |
# dedicated Capabilities section elsewhere in this file for a full | |
# description | |
Capabilities: | |
<<: *ChannelCapabilities | |
################################################################################ | |
# | |
# Profile | |
# | |
# - Different configuration profiles may be encoded here to be specified | |
# as parameters to the configtxgen tool | |
# | |
################################################################################ | |
Profiles: | |
DefaultApplicationGenesis: | |
<<: *ChannelDefaults | |
Orderer: | |
<<: *OrdererDefaults | |
OrdererType: etcdraft | |
Organizations: | |
- *Org1 | |
Capabilities: *OrdererCapabilities | |
Application: | |
<<: *ApplicationDefaults | |
Organizations: | |
- *Org1 | |
Capabilities: *ApplicationCapabilities |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
CHANNEL_NAME=$1 | |
CONFIGTX_FILE=$2 | |
CWD=${3:-"$PWD"} | |
mkdir -p $CWD | |
# https://hyperledger-fabric.readthedocs.io/fa/latest/create_channel/create_channel_participation.html# | |
cp $CONFIGTX_FILE $CWD/configtx.yaml | |
## Generate genesis block | |
configtxgen -configPath $CWD \ | |
-channelID $CHANNEL_NAME \ | |
-profile DefaultApplicationGenesis \ | |
-outputBlock $CWD/${CHANNEL_NAME}.block | |
## Create the channel | |
osnadmin channel join \ | |
--channelID $CHANNEL_NAME \ | |
--config-block $CWD/${CHANNEL_NAME}.block \ | |
--orderer-address $ORDERER_HOST:$ORDERER_PORT \ | |
--ca-file $ORDERER_TLS_CA_FILE \ | |
--client-cert $ORDERER_TLS_CERT_FILE \ | |
--client-key $ORDERER_TLS_KEY_FILE | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
org1-orderer-service: | |
container_name: org1-orderer-service | |
image: hyperledger/fabric-orderer:latest | |
labels: | |
service: hyperledger-fabric | |
environment: | |
- FABRIC_LOGGING_SPEC=INFO | |
# - ORDERER_GENERAL_LISTENADDRESS=org1-orderer-service | |
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 | |
- ORDERER_GENERAL_LISTENPORT=7050 | |
- ORDERER_GENERAL_LOCALMSPID=Org1MSP | |
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp | |
# enabled TLS | |
# https://hyperledger-fabric.readthedocs.io/fa/latest/deployorderer/ordererchecklist.html | |
# https://github.com/hyperledger/fabric/blob/main/sampleconfig/orderer.yaml | |
- ORDERER_GENERAL_TLS_ENABLED=true | |
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/cert.pem | |
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/key.pem | |
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem] | |
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/cert.pem | |
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/key.pem | |
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem] | |
- ORDERER_GENERAL_BOOTSTRAPMETHOD=none | |
- ORDERER_CHANNELPARTICIPATION_ENABLED=true | |
- ORDERER_ADMIN_TLS_ENABLED=true | |
- ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/cert.pem | |
- ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/key.pem | |
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem] | |
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem] | |
# - ORDERER_ADMIN_LISTENADDRESS=org1-orderer-service:7053 | |
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053 | |
- ORDERER_OPERATIONS_LISTENADDRESS=org1-orderer-service:9443 | |
- ORDERER_GENERAL_LOGLEVEL=debug | |
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs | |
working_dir: /root | |
command: orderer | |
volumes: | |
- ./services/network/org1-orderer/msp:/var/hyperledger/orderer/msp | |
- ./services/network/org1-orderer/tls/:/var/hyperledger/orderer/tls | |
- ./services/network/org1-orderer/service:/var/hyperledger/production/orderer | |
ports: | |
- 7050:7050 | |
- 7053:7053 | |
- 9443:9443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
org1-orderer-service | 2023-02-28 09:16:19.212 UTC 000e INFO [orderer.common.server] Main -> Starting orderer: | |
org1-orderer-service | Version: 2.4.7 | |
org1-orderer-service | Commit SHA: df9c661 | |
org1-orderer-service | Go version: go1.18.7 | |
org1-orderer-service | OS/Arch: linux/amd64 | |
org1-orderer-service | 2023-02-28 09:16:19.213 UTC 000f INFO [orderer.common.server] Main -> Beginning to serve requests | |
org1-create-channel | 2023-02-28 09:16:19.251 UTC 0001 INFO [common.tools.configtxgen] main -> Loading configuration | |
org1-create-channel | 2023-02-28 09:16:19.316 UTC 0002 INFO [common.tools.configtxgen.localconfig] completeInitialization -> orderer type: etcdraft | |
org1-create-channel | 2023-02-28 09:16:19.318 UTC 0003 INFO [common.tools.configtxgen.localconfig] completeInitialization -> Orderer.EtcdRaft.Options unset, setting to tick_interval:"500ms" election_tick:10 heartbeat_tick:1 max_inflight_blocks:5 snapshot_interval_size:16777216 | |
org1-create-channel | 2023-02-28 09:16:19.318 UTC 0004 INFO [common.tools.configtxgen.localconfig] Load -> Loaded configuration: channel/configtx.yaml | |
org1-create-channel | 2023-02-28 09:16:19.343 UTC 0005 INFO [common.tools.configtxgen] doOutputBlock -> Generating genesis block | |
org1-create-channel | 2023-02-28 09:16:19.343 UTC 0006 INFO [common.tools.configtxgen] doOutputBlock -> Creating application channel genesis block | |
org1-create-channel | 2023-02-28 09:16:19.348 UTC 0007 INFO [common.tools.configtxgen] doOutputBlock -> Writing genesis block | |
org1-orderer-service | 2023-02-28 09:16:19.548 UTC 0010 INFO [blkstorage] newBlockfileMgr -> Getting block information from block storage | |
org1-orderer-service | 2023-02-28 09:16:19.574 UTC 0011 INFO [orderer.commmon.follower] NewChain -> Created with join-block number: 0, ledger height: 0 channel=mychannel | |
org1-orderer-service | 2023-02-28 09:16:19.575 UTC 0012 INFO [orderer.commmon.follower] Start -> Started channel=mychannel | |
org1-orderer-service | 2023-02-28 09:16:19.575 UTC 0013 INFO [orderer.commmon.multichannel] JoinChannel -> Joining channel: {mychannel follower onboarding 0} | |
org1-create-channel | Status: 201 | |
org1-create-channel | { | |
org1-create-channel | "name": "mychannel", | |
org1-create-channel | "url": "/participation/v1/channels/mychannel", | |
org1-create-channel | "consensusRelation": "follower", | |
org1-create-channel | "status": "onboarding", | |
org1-create-channel | "height": 0 | |
org1-create-channel | } | |
org1-create-channel | | |
org1-orderer-service | 2023-02-28 09:16:19.637 UTC 0014 INFO [comm.grpc.server] 1 -> streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=192.168.80.2:38758 grpc.peer_subject="CN=admin,OU=client,O=Hyperledger,ST=North Carolina,C=US" grpc.code=OK grpc.call_duration=4.177041ms | |
org1-orderer-service | 2023-02-28 09:16:19.644 UTC 0015 WARN [orderer.common.cluster.puller] fetchLastBlockSeq -> Received status:NOT_FOUND from org1-orderer-service:7050: faulty node, received: status:NOT_FOUND channel=mychannel | |
org1-orderer-service | 2023-02-28 09:16:19.646 UTC 0016 WARN [orderer.common.cluster.puller] func1 -> Received error of type 'faulty node, received: status:NOT_FOUND ' from org1-orderer-service:7050 channel=mychannel | |
org1-orderer-service | 2023-02-28 09:16:19.649 UTC 0017 WARN [orderer.common.cluster.puller] connectToSomeEndpoint -> Could not connect to any endpoint of [{"CAs":[{"Expired":false,"Issuer":"self","Subject":"CN=ca.tls.org1.settlemint.com,OU=Fabric,O=Settlemint,L=Leuven,ST=Flemish Brabant,C=BE"}],"Endpoint":"org1-orderer-service:7050"}] channel=mychannel |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Certificate: | |
Data: | |
Version: 3 (0x2) | |
Serial Number: | |
63:87:c5:9d:fb:f1:e5:c5:a1:a0:c5:d3:8a:09:be:25:71:74:cc:e3 | |
Signature Algorithm: ecdsa-with-SHA256 | |
Issuer: C=BE, ST=Flemish Brabant, L=Leuven, O=Settlemint, OU=Fabric, CN=ca.tls.org1.settlemint.com | |
Validity | |
Not Before: Feb 23 16:57:01 2023 GMT | |
Not After : Feb 28 10:49:00 2024 GMT | |
Subject: C=US, ST=North Carolina, O=Hyperledger, OU=client, CN=orderer | |
Subject Public Key Info: | |
Public Key Algorithm: id-ecPublicKey | |
Public-Key: (256 bit) | |
pub: | |
04:8a:23:a4:92:95:1d:6b:59:44:00:c0:e1:57:34: | |
a8:6b:82:4a:0b:33:6e:4e:e5:80:03:7a:3c:45:38: | |
3e:dc:2e:cc:79:96:43:b3:9a:c6:20:b8:16:43:63: | |
16:0c:82:b0:4f:70:7a:b8:9c:2d:c2:9f:2d:92:0b: | |
d1:c2:43:fa:16 | |
ASN1 OID: prime256v1 | |
NIST CURVE: P-256 | |
X509v3 extensions: | |
X509v3 Key Usage: critical | |
Digital Signature, Key Encipherment, Key Agreement | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 Basic Constraints: critical | |
CA:FALSE | |
X509v3 Subject Key Identifier: | |
D3:BF:B9:92:6F:C4:43:85:53:9A:37:ED:08:E6:A2:3E:23:04:C5:4F | |
X509v3 Authority Key Identifier: | |
keyid:9E:6F:78:B5:BF:19:5E:01:A3:92:F2:21:7F:B8:36:ED:D7:87:17:8D | |
X509v3 Subject Alternative Name: | |
DNS:host.docker.internal, DNS:org1-orderer-service, IP Address:0.0.0.0 | |
1.2.3.4.5.6.7.8.1: | |
{"attrs":{"hf.Affiliation":"","hf.EnrollmentID":"orderer","hf.Type":"client"}} | |
Signature Algorithm: ecdsa-with-SHA256 | |
30:44:02:20:49:c8:30:8d:36:ad:4d:28:9c:60:58:f3:c8:26: | |
a4:76:ab:21:a8:da:9b:2d:bb:24:52:73:ad:bc:6d:87:18:b2: | |
02:20:18:b2:48:28:98:9e:a8:2a:36:10:d6:92:59:c1:d4:00: | |
42:e1:53:83:68:96:72:39:23:e2:06:de:6f:a8:69:9a | |
-----BEGIN CERTIFICATE----- | |
MIIDADCCAqegAwIBAgIUY4fFnfvx5cWhoMXTigm+JXF0zOMwCgYIKoZIzj0EAwIw | |
gYMxCzAJBgNVBAYTAkJFMRgwFgYDVQQIDA9GbGVtaXNoIEJyYWJhbnQxDzANBgNV | |
BAcMBkxldXZlbjETMBEGA1UECgwKU2V0dGxlbWludDEPMA0GA1UECwwGRmFicmlj | |
MSMwIQYDVQQDDBpjYS50bHMub3JnMS5zZXR0bGVtaW50LmNvbTAeFw0yMzAyMjMx | |
NjU3MDFaFw0yNDAyMjgxMDQ5MDBaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5O | |
b3J0aCBDYXJvbGluYTEUMBIGA1UEChMLSHlwZXJsZWRnZXIxDzANBgNVBAsTBmNs | |
aWVudDEQMA4GA1UEAxMHb3JkZXJlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | |
BIojpJKVHWtZRADA4Vc0qGuCSgszbk7lgAN6PEU4PtwuzHmWQ7OaxiC4FkNjFgyC | |
sE9wericLcKfLZIL0cJD+hajggEaMIIBFjAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0l | |
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE | |
FNO/uZJvxEOFU5o37Qjmoj4jBMVPMB8GA1UdIwQYMBaAFJ5veLW/GV4Bo5LyIX+4 | |
Nu3XhxeNMDsGA1UdEQQ0MDKCFGhvc3QuZG9ja2VyLmludGVybmFsghRvcmcxLW9y | |
ZGVyZXItc2VydmljZYcEAAAAADBaBggqAwQFBgcIAQROeyJhdHRycyI6eyJoZi5B | |
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6Im9yZGVyZXIiLCJoZi5U | |
eXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0cAMEQCIEnIMI02rU0onGBY88gm | |
pHarIajamy27JFJzrbxthxiyAiAYskgomJ6oKjYQ1pJZwdQAQuFTg2iWcjkj4gbe | |
b6hpmg== | |
-----END CERTIFICATE----- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment