Skip to content

Instantly share code, notes, and snippets.

@mtnieto

mtnieto/config-example.yaml

Last active July 22, 2019 08:23
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mtnieto/02dd17097de64a73bd627594056598ed to your computer and use it in GitHub Desktop.
Save mtnieto/02dd17097de64a73bd627594056598ed to your computer and use it in GitHub Desktop.
Download ZIP
Raw
config-example.yaml
version: 2.0.0
#
# The client section used by GO SDK.
#
client:
# Which organization does this application instance belong to? The value must be the name of an org
# defined under "organizations"
organization: org1
logging:
level: info
# Global configuration for peer, event service and orderer timeouts
# if this this section is omitted, then default values will be used (same values as below)
peer:
timeout:
connection: 15s
response: 180s
discovery:
# Expiry period for discovery service greylist filter
# The channel client will greylist peers that are found to be offline
# to prevent re-selecting them in subsequent retries.
# This interval will define how long a peer is greylisted
greylistExpiry: 10s
orderer:
timeout:
connection: 15s
response: 15s
global:
timeout:
query: 180s
execute: 180s
resmgmt: 180s
cache:
connectionIdle: 30s
eventServiceIdle: 2m
channelConfig: 30m
channelMembership: 30s
discovery: 10s
selection: 10m
# Root of the MSP directories with keys and certs.
cryptoconfig:
path: {PATH}/crypto-config
# Some SDKs support pluggable KV stores, the properties under "credentialStore"
# are implementation specific
credentialStore:
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration
# and enrollments are performed elswhere.
path: "/tmp/state-store"
# [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations
# requiring a key store. PKCS#11 based implementations does not.
cryptoStore:
# Specific to the underlying KeyValueStore that backs the crypto key store.
path: /tmp/msp
# BCCSP config for the client. Used by GO SDK.
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
systemCertPool: true
# [Optional]. Client key and cert for TLS handshake with peers and orderers
client:
key:
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.key
cert:
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.crt
#
# [Optional]. But most apps would have this section so that channel objects can be constructed
# based on the content below. If an app is creating channels, then it likely will not need this
# section.
#
channels:
# multi-org test channel
examplechannel:
peers:
peer0.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org1.example.com:
endorsingPeer: false
chaincodeQuery: false
ledgerQuery: true
eventSource: true
peer2.org1.example.com:
endorsingPeer: false
chaincodeQuery: false
ledgerQuery: true
eventSource: true
peer0.org2.example.com:
endorsingPeer: false
chaincodeQuery: false
ledgerQuery: true
eventSource: true
peer1.org2.example.com:
endorsingPeer: false
chaincodeQuery: false
ledgerQuery: true
eventSource: true
# [Optional]. The application can use these options to perform channel operations like retrieving channel
# config etc.
policies:
#[Optional] options for retrieving channel configuration blocks
queryChannelConfig:
#[Optional] min number of success responses (from targets/peers)
minResponses: 1
#[Optional] channel config will be retrieved for these number of random targets
maxTargets: 1
#[Optional] retry options for query config block
retryOpts:
#[Optional] number of retry attempts
attempts: 5
#[Optional] the back off interval for the first retry attempt
initialBackoff: 500ms
#[Optional] the maximum back off interval for any retry attempt
maxBackoff: 5s
#[Optional] he factor by which the initial back off period is exponentially incremented
backoffFactor: 2.0
#
# list of participating organizations in this network
#
organizations:
org1:
mspid: org1MSP
# This org's MSP store (absolute path or relative to client.cryptoconfig)
cryptoPath: {PATH}/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
peers:
- peer0.org1.example.com
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
# network. Typically certificates provisioning is done in a separate process outside of the
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
# Fabric-CA servers.
certificateAuthorities:
- ca.org1.example.com
# Orderer Org name
ordererorg:
# Membership Service Provider ID for this organization
mspID: OrdererMSP
# Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode)
cryptoPath: {PATH}/crypto-config/ordererOrganizations/example.com/msp
#
# List of orderers to send transaction and channel create/update requests to. For the time
# being only one orderer is needed. If more than one is defined, which one get used by the
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers.
#
orderers:
orderer0.example.com:
url: localhost:7050
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
ssl-target-name-override: orderer0.example.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: {PATH}/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
#
# List of peers to send various requests to, including endorsement, query
# and event listener registration.
#
peers:
_default:
#common grpc options between all the peers
grpcOptions:
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
peer0.org1.example.com:
# this URL is used to send endorsement and query requests
url: localhost:7051
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
tlsCACerts:
# Certificate location absolute path
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
#
# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows
# certificate management to be done via REST APIs. Application may choose to use a standard
# Certificate Authority instead of Fabric-CA, in which case this section would not be specified.
#
certificateAuthorities:
ca.org1.example.com:
url: https://ca.org1.example.com:7054
tlsCACerts:
# Comma-Separated list of paths
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
# Client key and cert for SSL handshake with Fabric CA
client:
key:
path: {PATH}/sdk-keys/MyKey.key
cert:
path: {PATH}/sdk-keys/MyCertificate.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: adminCA
enrollSecret: adminpw
# [Optional] The optional name of the CA.
caName: ca.org1.example.com
entityMatchers:
peer:
- pattern: peer0.org1.example.com:(\d+)
urlSubstitutionExp: grpcs://localhost:7051
sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com
mappedHost: peer0.org1.example.com
- pattern: peer1.org1.example.com:(\d+)
urlSubstitutionExp: grpcs://localhost:9051
sslTargetOverrideUrlSubstitutionExp: peer1.org1.example.com
mappedHost: peer1.org1.example.com
- pattern: peer0.org2.example.com:(\d+)
urlSubstitutionExp: grpcs://localhost:8051
sslTargetOverrideUrlSubstitutionExp: peer0.org2.example.com
mappedHost: peer0.org2.example.com
- pattern: peer1.org2.example.com:(\d+)
urlSubstitutionExp: grpcs://localhost:6051
sslTargetOverrideUrlSubstitutionExp: peer1.org2.example.com
mappedHost: peer1.org2.example.com
- pattern: peer2.org1.example.com:(\d+)
urlSubstitutionExp: grpcs://localhost:15051
sslTargetOverrideUrlSubstitutionExp: peer2.org1.example.com
mappedHost: peer2.org1.example.com
#
orderer:
- pattern: orderer0.example.(\w+)
urlSubstitutionExp: grpcs://localhost:7050
sslTargetOverrideUrlSubstitutionExp: orderer0.example.com
mappedHost: orderer0.example.com
certificateAuthority:
- pattern: (\w+).org1.example.:(\d+)
urlSubstitutionExp: grpcs://localhost:7054
mappedHost: ca.org1.example.com
- pattern: (\w+).org2.example.(\w+)
urlSubstitutionExp: grpcs://localhost:8054
mappedHost: ca.org2.example.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment