Last active
July 22, 2019 08:23
-
-
Save mtnieto/02dd17097de64a73bd627594056598ed to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: 2.0.0 | |
# | |
# The client section used by GO SDK. | |
# | |
client: | |
# Which organization does this application instance belong to? The value must be the name of an org | |
# defined under "organizations" | |
organization: org1 | |
logging: | |
level: info | |
# Global configuration for peer, event service and orderer timeouts | |
# if this this section is omitted, then default values will be used (same values as below) | |
peer: | |
timeout: | |
connection: 15s | |
response: 180s | |
discovery: | |
# Expiry period for discovery service greylist filter | |
# The channel client will greylist peers that are found to be offline | |
# to prevent re-selecting them in subsequent retries. | |
# This interval will define how long a peer is greylisted | |
greylistExpiry: 10s | |
orderer: | |
timeout: | |
connection: 15s | |
response: 15s | |
global: | |
timeout: | |
query: 180s | |
execute: 180s | |
resmgmt: 180s | |
cache: | |
connectionIdle: 30s | |
eventServiceIdle: 2m | |
channelConfig: 30m | |
channelMembership: 30s | |
discovery: 10s | |
selection: 10m | |
# Root of the MSP directories with keys and certs. | |
cryptoconfig: | |
path: {PATH}/crypto-config | |
# Some SDKs support pluggable KV stores, the properties under "credentialStore" | |
# are implementation specific | |
credentialStore: | |
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration | |
# and enrollments are performed elswhere. | |
path: "/tmp/state-store" | |
# [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations | |
# requiring a key store. PKCS#11 based implementations does not. | |
cryptoStore: | |
# Specific to the underlying KeyValueStore that backs the crypto key store. | |
path: /tmp/msp | |
# BCCSP config for the client. Used by GO SDK. | |
BCCSP: | |
security: | |
enabled: true | |
default: | |
provider: "SW" | |
hashAlgorithm: "SHA2" | |
softVerify: true | |
level: 256 | |
tlsCerts: | |
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false | |
systemCertPool: true | |
# [Optional]. Client key and cert for TLS handshake with peers and orderers | |
client: | |
key: | |
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.key | |
cert: | |
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/client.crt | |
# | |
# [Optional]. But most apps would have this section so that channel objects can be constructed | |
# based on the content below. If an app is creating channels, then it likely will not need this | |
# section. | |
# | |
channels: | |
# multi-org test channel | |
examplechannel: | |
peers: | |
peer0.org1.example.com: | |
endorsingPeer: true | |
chaincodeQuery: true | |
ledgerQuery: true | |
eventSource: true | |
peer1.org1.example.com: | |
endorsingPeer: false | |
chaincodeQuery: false | |
ledgerQuery: true | |
eventSource: true | |
peer2.org1.example.com: | |
endorsingPeer: false | |
chaincodeQuery: false | |
ledgerQuery: true | |
eventSource: true | |
peer0.org2.example.com: | |
endorsingPeer: false | |
chaincodeQuery: false | |
ledgerQuery: true | |
eventSource: true | |
peer1.org2.example.com: | |
endorsingPeer: false | |
chaincodeQuery: false | |
ledgerQuery: true | |
eventSource: true | |
# [Optional]. The application can use these options to perform channel operations like retrieving channel | |
# config etc. | |
policies: | |
#[Optional] options for retrieving channel configuration blocks | |
queryChannelConfig: | |
#[Optional] min number of success responses (from targets/peers) | |
minResponses: 1 | |
#[Optional] channel config will be retrieved for these number of random targets | |
maxTargets: 1 | |
#[Optional] retry options for query config block | |
retryOpts: | |
#[Optional] number of retry attempts | |
attempts: 5 | |
#[Optional] the back off interval for the first retry attempt | |
initialBackoff: 500ms | |
#[Optional] the maximum back off interval for any retry attempt | |
maxBackoff: 5s | |
#[Optional] he factor by which the initial back off period is exponentially incremented | |
backoffFactor: 2.0 | |
# | |
# list of participating organizations in this network | |
# | |
organizations: | |
org1: | |
mspid: org1MSP | |
# This org's MSP store (absolute path or relative to client.cryptoconfig) | |
cryptoPath: {PATH}/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp | |
peers: | |
- peer0.org1.example.com | |
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based | |
# network. Typically certificates provisioning is done in a separate process outside of the | |
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for | |
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for | |
# Fabric-CA servers. | |
certificateAuthorities: | |
- ca.org1.example.com | |
# Orderer Org name | |
ordererorg: | |
# Membership Service Provider ID for this organization | |
mspID: OrdererMSP | |
# Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode) | |
cryptoPath: {PATH}/crypto-config/ordererOrganizations/example.com/msp | |
# | |
# List of orderers to send transaction and channel create/update requests to. For the time | |
# being only one orderer is needed. If more than one is defined, which one get used by the | |
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers. | |
# | |
orderers: | |
orderer0.example.com: | |
url: localhost:7050 | |
# these are standard properties defined by the gRPC library | |
# they will be passed in as-is to gRPC client constructor | |
grpcOptions: | |
ssl-target-name-override: orderer0.example.com | |
# These parameters should be set in coordination with the keepalive policy on the server, | |
# as incompatible settings can result in closing of connection. | |
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled | |
keep-alive-time: 0s | |
keep-alive-timeout: 20s | |
keep-alive-permit: false | |
fail-fast: false | |
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs | |
allow-insecure: false | |
tlsCACerts: | |
# Certificate location absolute path | |
path: {PATH}/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem | |
# | |
# List of peers to send various requests to, including endorsement, query | |
# and event listener registration. | |
# | |
peers: | |
_default: | |
#common grpc options between all the peers | |
grpcOptions: | |
# These parameters should be set in coordination with the keepalive policy on the server, | |
# as incompatible settings can result in closing of connection. | |
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled | |
keep-alive-time: 0s | |
keep-alive-timeout: 20s | |
keep-alive-permit: false | |
fail-fast: false | |
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs | |
allow-insecure: false | |
peer0.org1.example.com: | |
# this URL is used to send endorsement and query requests | |
url: localhost:7051 | |
grpcOptions: | |
ssl-target-name-override: peer0.org1.example.com | |
tlsCACerts: | |
# Certificate location absolute path | |
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem | |
# | |
# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows | |
# certificate management to be done via REST APIs. Application may choose to use a standard | |
# Certificate Authority instead of Fabric-CA, in which case this section would not be specified. | |
# | |
certificateAuthorities: | |
ca.org1.example.com: | |
url: https://ca.org1.example.com:7054 | |
tlsCACerts: | |
# Comma-Separated list of paths | |
path: {PATH}/crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem | |
# Client key and cert for SSL handshake with Fabric CA | |
client: | |
key: | |
path: {PATH}/sdk-keys/MyKey.key | |
cert: | |
path: {PATH}/sdk-keys/MyCertificate.crt | |
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is | |
# needed to enroll and invoke new users. | |
registrar: | |
enrollId: adminCA | |
enrollSecret: adminpw | |
# [Optional] The optional name of the CA. | |
caName: ca.org1.example.com | |
entityMatchers: | |
peer: | |
- pattern: peer0.org1.example.com:(\d+) | |
urlSubstitutionExp: grpcs://localhost:7051 | |
sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com | |
mappedHost: peer0.org1.example.com | |
- pattern: peer1.org1.example.com:(\d+) | |
urlSubstitutionExp: grpcs://localhost:9051 | |
sslTargetOverrideUrlSubstitutionExp: peer1.org1.example.com | |
mappedHost: peer1.org1.example.com | |
- pattern: peer0.org2.example.com:(\d+) | |
urlSubstitutionExp: grpcs://localhost:8051 | |
sslTargetOverrideUrlSubstitutionExp: peer0.org2.example.com | |
mappedHost: peer0.org2.example.com | |
- pattern: peer1.org2.example.com:(\d+) | |
urlSubstitutionExp: grpcs://localhost:6051 | |
sslTargetOverrideUrlSubstitutionExp: peer1.org2.example.com | |
mappedHost: peer1.org2.example.com | |
- pattern: peer2.org1.example.com:(\d+) | |
urlSubstitutionExp: grpcs://localhost:15051 | |
sslTargetOverrideUrlSubstitutionExp: peer2.org1.example.com | |
mappedHost: peer2.org1.example.com | |
# | |
orderer: | |
- pattern: orderer0.example.(\w+) | |
urlSubstitutionExp: grpcs://localhost:7050 | |
sslTargetOverrideUrlSubstitutionExp: orderer0.example.com | |
mappedHost: orderer0.example.com | |
certificateAuthority: | |
- pattern: (\w+).org1.example.:(\d+) | |
urlSubstitutionExp: grpcs://localhost:7054 | |
mappedHost: ca.org1.example.com | |
- pattern: (\w+).org2.example.(\w+) | |
urlSubstitutionExp: grpcs://localhost:8054 | |
mappedHost: ca.org2.example.com | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment