Skip to content

Instantly share code, notes, and snippets.

@daanporon

daanporon/configtx.yaml

Last active October 15, 2023 00:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save daanporon/5e4f2fc5270dfb99e4da7b3d1d343c75 to your computer and use it in GitHub Desktop.
Save daanporon/5e4f2fc5270dfb99e4da7b3d1d343c75 to your computer and use it in GitHub Desktop.
Download ZIP
Setting up HLF orderer
Raw
configtx.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: /client/org1/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
OrdererEndpoints:
org1-orderer-service:7050
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2_0 capability ensures that orderers and peers behave according
# to v2.0 channel capabilities. Orderers and peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 capability.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V2_0 orderer capability ensures that orderers behave according
# to v2.0 orderer capabilities. Orderers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 orderer capability.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2.5 for Application enables the new non-backwards compatible
# features of fabric v2.5, namely the ability to purge private data.
# Prior to enabling V2.5 application capabilities, ensure that all
# peers on a channel are at v2.5.0 or later.
V2_5: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
# Addresses used to be the list of orderer addresses that clients and peers
# could connect to. However, this does not allow clients to associate orderer
# addresses and orderer organizations which can be useful for things such
# as TLS validation. The preferred way to specify orderer addresses is now
# to include the OrdererEndpoints item in your org definition
Addresses:
- org1-orderer-service:7050
EtcdRaft:
Consenters:
- Host: org1-orderer-service
Port: 7050
ClientTLSCert: /client/org1/orderers/org1-orderer-service/tls/signcerts/cert.pem
ServerTLSCert: /client/org1/orderers/org1-orderer-service/tls/signcerts/cert.pem
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
DefaultApplicationGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
Organizations:
- *Org1
Capabilities: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
Capabilities: *ApplicationCapabilities
Raw
create channel script
#!/bin/bash
CHANNEL_NAME=$1
CONFIGTX_FILE=$2
CWD=${3:-"$PWD"}
mkdir -p $CWD
# https://hyperledger-fabric.readthedocs.io/fa/latest/create_channel/create_channel_participation.html#
cp $CONFIGTX_FILE $CWD/configtx.yaml
## Generate genesis block
configtxgen -configPath $CWD \
-channelID $CHANNEL_NAME \
-profile DefaultApplicationGenesis \
-outputBlock $CWD/${CHANNEL_NAME}.block
## Create the channel
osnadmin channel join \
--channelID $CHANNEL_NAME \
--config-block $CWD/${CHANNEL_NAME}.block \
--orderer-address $ORDERER_HOST:$ORDERER_PORT \
--ca-file $ORDERER_TLS_CA_FILE \
--client-cert $ORDERER_TLS_CERT_FILE \
--client-key $ORDERER_TLS_KEY_FILE
Raw
docker-compose
org1-orderer-service:
container_name: org1-orderer-service
image: hyperledger/fabric-orderer:latest
labels:
service: hyperledger-fabric
environment:
- FABRIC_LOGGING_SPEC=INFO
# - ORDERER_GENERAL_LISTENADDRESS=org1-orderer-service
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_LOCALMSPID=Org1MSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
# https://hyperledger-fabric.readthedocs.io/fa/latest/deployorderer/ordererchecklist.html
# https://github.com/hyperledger/fabric/blob/main/sampleconfig/orderer.yaml
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/cert.pem
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/key.pem
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem]
- ORDERER_GENERAL_BOOTSTRAPMETHOD=none
- ORDERER_CHANNELPARTICIPATION_ENABLED=true
- ORDERER_ADMIN_TLS_ENABLED=true
- ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/cert.pem
- ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/key.pem
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca-cert.pem]
# - ORDERER_ADMIN_LISTENADDRESS=org1-orderer-service:7053
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053
- ORDERER_OPERATIONS_LISTENADDRESS=org1-orderer-service:9443
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
working_dir: /root
command: orderer
volumes:
- ./services/network/org1-orderer/msp:/var/hyperledger/orderer/msp
- ./services/network/org1-orderer/tls/:/var/hyperledger/orderer/tls
- ./services/network/org1-orderer/service:/var/hyperledger/production/orderer
ports:
- 7050:7050
- 7053:7053
- 9443:9443
Raw
logs
org1-orderer-service | 2023-02-28 09:16:19.212 UTC 000e INFO [orderer.common.server] Main -> Starting orderer:
org1-orderer-service | Version: 2.4.7
org1-orderer-service | Commit SHA: df9c661
org1-orderer-service | Go version: go1.18.7
org1-orderer-service | OS/Arch: linux/amd64
org1-orderer-service | 2023-02-28 09:16:19.213 UTC 000f INFO [orderer.common.server] Main -> Beginning to serve requests
org1-create-channel | 2023-02-28 09:16:19.251 UTC 0001 INFO [common.tools.configtxgen] main -> Loading configuration
org1-create-channel | 2023-02-28 09:16:19.316 UTC 0002 INFO [common.tools.configtxgen.localconfig] completeInitialization -> orderer type: etcdraft
org1-create-channel | 2023-02-28 09:16:19.318 UTC 0003 INFO [common.tools.configtxgen.localconfig] completeInitialization -> Orderer.EtcdRaft.Options unset, setting to tick_interval:"500ms" election_tick:10 heartbeat_tick:1 max_inflight_blocks:5 snapshot_interval_size:16777216
org1-create-channel | 2023-02-28 09:16:19.318 UTC 0004 INFO [common.tools.configtxgen.localconfig] Load -> Loaded configuration: channel/configtx.yaml
org1-create-channel | 2023-02-28 09:16:19.343 UTC 0005 INFO [common.tools.configtxgen] doOutputBlock -> Generating genesis block
org1-create-channel | 2023-02-28 09:16:19.343 UTC 0006 INFO [common.tools.configtxgen] doOutputBlock -> Creating application channel genesis block
org1-create-channel | 2023-02-28 09:16:19.348 UTC 0007 INFO [common.tools.configtxgen] doOutputBlock -> Writing genesis block
org1-orderer-service | 2023-02-28 09:16:19.548 UTC 0010 INFO [blkstorage] newBlockfileMgr -> Getting block information from block storage
org1-orderer-service | 2023-02-28 09:16:19.574 UTC 0011 INFO [orderer.commmon.follower] NewChain -> Created with join-block number: 0, ledger height: 0 channel=mychannel
org1-orderer-service | 2023-02-28 09:16:19.575 UTC 0012 INFO [orderer.commmon.follower] Start -> Started channel=mychannel
org1-orderer-service | 2023-02-28 09:16:19.575 UTC 0013 INFO [orderer.commmon.multichannel] JoinChannel -> Joining channel: {mychannel follower onboarding 0}
org1-create-channel | Status: 201
org1-create-channel | {
org1-create-channel | "name": "mychannel",
org1-create-channel | "url": "/participation/v1/channels/mychannel",
org1-create-channel | "consensusRelation": "follower",
org1-create-channel | "status": "onboarding",
org1-create-channel | "height": 0
org1-create-channel | }
org1-create-channel |
org1-orderer-service | 2023-02-28 09:16:19.637 UTC 0014 INFO [comm.grpc.server] 1 -> streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=192.168.80.2:38758 grpc.peer_subject="CN=admin,OU=client,O=Hyperledger,ST=North Carolina,C=US" grpc.code=OK grpc.call_duration=4.177041ms
org1-orderer-service | 2023-02-28 09:16:19.644 UTC 0015 WARN [orderer.common.cluster.puller] fetchLastBlockSeq -> Received status:NOT_FOUND from org1-orderer-service:7050: faulty node, received: status:NOT_FOUND channel=mychannel
org1-orderer-service | 2023-02-28 09:16:19.646 UTC 0016 WARN [orderer.common.cluster.puller] func1 -> Received error of type 'faulty node, received: status:NOT_FOUND ' from org1-orderer-service:7050 channel=mychannel
org1-orderer-service | 2023-02-28 09:16:19.649 UTC 0017 WARN [orderer.common.cluster.puller] connectToSomeEndpoint -> Could not connect to any endpoint of [{"CAs":[{"Expired":false,"Issuer":"self","Subject":"CN=ca.tls.org1.settlemint.com,OU=Fabric,O=Settlemint,L=Leuven,ST=Flemish Brabant,C=BE"}],"Endpoint":"org1-orderer-service:7050"}] channel=mychannel
Raw
orderer TLS certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:87:c5:9d:fb:f1:e5:c5:a1:a0:c5:d3:8a:09:be:25:71:74:cc:e3
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=BE, ST=Flemish Brabant, L=Leuven, O=Settlemint, OU=Fabric, CN=ca.tls.org1.settlemint.com
Validity
Not Before: Feb 23 16:57:01 2023 GMT
Not After : Feb 28 10:49:00 2024 GMT
Subject: C=US, ST=North Carolina, O=Hyperledger, OU=client, CN=orderer
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:8a:23:a4:92:95:1d:6b:59:44:00:c0:e1:57:34:
a8:6b:82:4a:0b:33:6e:4e:e5:80:03:7a:3c:45:38:
3e:dc:2e:cc:79:96:43:b3:9a:c6:20:b8:16:43:63:
16:0c:82:b0:4f:70:7a:b8:9c:2d:c2:9f:2d:92:0b:
d1:c2:43:fa:16
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
D3:BF:B9:92:6F:C4:43:85:53:9A:37:ED:08:E6:A2:3E:23:04:C5:4F
X509v3 Authority Key Identifier:
keyid:9E:6F:78:B5:BF:19:5E:01:A3:92:F2:21:7F:B8:36:ED:D7:87:17:8D
X509v3 Subject Alternative Name:
DNS:host.docker.internal, DNS:org1-orderer-service, IP Address:0.0.0.0
1.2.3.4.5.6.7.8.1:
{"attrs":{"hf.Affiliation":"","hf.EnrollmentID":"orderer","hf.Type":"client"}}
Signature Algorithm: ecdsa-with-SHA256
30:44:02:20:49:c8:30:8d:36:ad:4d:28:9c:60:58:f3:c8:26:
a4:76:ab:21:a8:da:9b:2d:bb:24:52:73:ad:bc:6d:87:18:b2:
02:20:18:b2:48:28:98:9e:a8:2a:36:10:d6:92:59:c1:d4:00:
42:e1:53:83:68:96:72:39:23:e2:06:de:6f:a8:69:9a
-----BEGIN CERTIFICATE-----
MIIDADCCAqegAwIBAgIUY4fFnfvx5cWhoMXTigm+JXF0zOMwCgYIKoZIzj0EAwIw
gYMxCzAJBgNVBAYTAkJFMRgwFgYDVQQIDA9GbGVtaXNoIEJyYWJhbnQxDzANBgNV
BAcMBkxldXZlbjETMBEGA1UECgwKU2V0dGxlbWludDEPMA0GA1UECwwGRmFicmlj
MSMwIQYDVQQDDBpjYS50bHMub3JnMS5zZXR0bGVtaW50LmNvbTAeFw0yMzAyMjMx
NjU3MDFaFw0yNDAyMjgxMDQ5MDBaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5O
b3J0aCBDYXJvbGluYTEUMBIGA1UEChMLSHlwZXJsZWRnZXIxDzANBgNVBAsTBmNs
aWVudDEQMA4GA1UEAxMHb3JkZXJlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
BIojpJKVHWtZRADA4Vc0qGuCSgszbk7lgAN6PEU4PtwuzHmWQ7OaxiC4FkNjFgyC
sE9wericLcKfLZIL0cJD+hajggEaMIIBFjAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FNO/uZJvxEOFU5o37Qjmoj4jBMVPMB8GA1UdIwQYMBaAFJ5veLW/GV4Bo5LyIX+4
Nu3XhxeNMDsGA1UdEQQ0MDKCFGhvc3QuZG9ja2VyLmludGVybmFsghRvcmcxLW9y
ZGVyZXItc2VydmljZYcEAAAAADBaBggqAwQFBgcIAQROeyJhdHRycyI6eyJoZi5B
ZmZpbGlhdGlvbiI6IiIsImhmLkVucm9sbG1lbnRJRCI6Im9yZGVyZXIiLCJoZi5U
eXBlIjoiY2xpZW50In19MAoGCCqGSM49BAMCA0cAMEQCIEnIMI02rU0onGBY88gm
pHarIajamy27JFJzrbxthxiyAiAYskgomJ6oKjYQ1pJZwdQAQuFTg2iWcjkj4gbe
b6hpmg==
-----END CERTIFICATE-----
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment