configtx.yaml是Hyperledger Fabric區塊鏈網絡運維工具configtxgen用於生成通道創世塊或通道交易的配置文件,configtx.yaml的內容直接決定了所生成的創世區塊的內容。本文將給出configtx.yaml的詳細中文說明。
主要功能有如下三個:
- 生成啟動Orderer 需要的初始區塊,並支持檢查區塊內容
- 生成創建應用通道需要的配置交易,並支持檢查交易內容
- 生成錨點Peer 的更新配置交易
configtx.yaml 配置文件一般包括四個部分: Profiles 、Organizations 、Orderer 和Application
下面是一個完整配置信息
1 Organizations: 2 - &OrdererOrg 3 Name: OrdererOrg 4 ID: OrdererMSP 5 MSPDir: crypto-config/ordererOrganizations/example.com/msp 6 - &Org1 7 Name: Org1MSP 8 ID: Org1MSP 9 MSPDir: crypto-config/peerOrganizations/org1.example.com/msp 10 AnchorPeers: 11 - Host: peer0.org1.example.com 12 Port: 7051 13 - &Org2 14 Name: Org2MSP 15 ID: Org2MSP 16 MSPDir: crypto-config/peerOrganizations/org2.example.com/msp 17 AnchorPeers: 18 - Host: peer0.org2.example.com 19 Port: 7051 20 - &Org3 21 Name: Org3MSP 22 ID: Org3MSP 23 MSPDir: crypto-config/peerOrganizations/org3.example.com/msp 24 AnchorPeers: 25 - Host: peer0.org3.example.com 26 Port: 7051 27 - &Org4 28 Name: Org4MSP 29 ID: Org4MSP 30 MSPDir: crypto-config/peerOrganizations/org4.example.com/msp 31 AnchorPeers: 32 - Host: peer0.org4.example.com 33 Port: 7051 34 35 Orderer: &OrdererDefaults 36 OrdererType: solo 37 Addresses: 38 - orderer.example.com:7050 39 BatchTimeout: 2s 40 BatchSize: 41 MaxMessageCount: 10 42 AbsoluteMaxBytes: 98 MB 43 PreferredMaxBytes: 512 KB 44 Kafka: 45 Brokers: 46 - 127.0.0.1:9092 47 Organizations: 48 Application: &ApplicationDefaults 49 Organizations: 50 Profiles: 51 FourOrgsOrdererGenesis: 52 Orderer: 53 <<: *OrdererDefaults 54 Organizations: 55 - *OrdererOrg 56 Consortiums: 57 SampleConsortium: 58 Organizations: 59 - *Org1 60 - *Org2 61 - *Org3 62 - *Org4 63 FourOrgsChannel: 64 Consortium: SampleConsortium 65 Application: 66 <<: *ApplicationDefaults 67 Organizations: 68 - *Org1 69 - *Org2 70 - *Org3 71 - *Org4
下面我們開始逐一講解每個部分的作用和含義
1>Profiles部分
Orderer 系統通道模板必須包括Orderer 、Consortiurns 信息:
- Orderer :指定Orderer 系統通道自身的配置信息。包括Ordering 服務配置(包括類型、地址、批處理限制、Kafka 信息、最大應用通道數目等),參與到此Orderer 的組織信息。網絡啟動時,必須首先創Orderer 系統通道
- Consortiums : Orderer 所服務的聯盟列表。每個聯盟中組織彼此使用相同的通道創建策略,可以彼此創建應用通道
Profiles配置段用來定義用於configtxgen工具的配置入口。包含委員會(consortium)的配置入口可以用來生成排序節點的創世區塊。如果在排序節點的創世區塊中正確定義了consortium的成員,那么可以僅使用機構成員名稱和委員會的名稱來生成通道創建請求。
Profiles: # SampleInsecureSolo定義了一個使用Solo排序節點的簡單配置 SampleInsecureSolo: <<: *ChannelDefaults Orderer: <<: *OrdererDefaults Organizations: - *ExampleCom Capabilities: <<: *OrdererCapabilities Application: <<: *ApplicationDefaults Organizations: - *ExampleCom Capabilities: <<: *ApplicationCapabilities Policies: Readers: Type: ImplicitMeta Rule: ANY Readers Writers: Type: ImplicitMeta Rule: ANY Writers Admins: Type: ImplicitMeta Rule: MAJORITY Admins LifecycleEndorsement: Type: ImplicitMeta Rule: ANY Endorsement Endorsement: Type: ImplicitMeta Rule: ANY Endorsement Consortiums: SampleConsortium: Organizations: - *Org1ExampleCom - *Org2ExampleCom # SampleInsecureKafka定義了一個使用Kfaka排序節點的配置 SampleInsecureKafka: <<: *ChannelDefaults Orderer: <<: *OrdererDefaults OrdererType: kafka Addresses: - orderer0.example.com:7050 - orderer1.example.com:7050 - orderer2.example.com:7050 Organizations: - *ExampleCom Capabilities: <<: *OrdererCapabilities Application: <<: *ApplicationDefaults Organizations: - *ExampleCom Capabilities: <<: *ApplicationCapabilities Policies: Readers: Type: ImplicitMeta Rule: ANY Readers Writers: Type: ImplicitMeta Rule: ANY Writers Admins: Type: ImplicitMeta Rule: MAJORITY Admins LifecycleEndorsement: Type: ImplicitMeta Rule: ANY Endorsement Endorsement: Type: ImplicitMeta Rule: ANY Endorsement Consortiums: SampleConsortium: Organizations: - *ExampleCom - *Org1ExampleCom - *Org2ExampleCom # SampleSingleMSPSolo定義了一個使用Solo排序節點、包含單一MSP的配置 SampleSingleMSPSolo: Orderer: <<: *OrdererDefaults Organizations: - *ExampleCom Capabilities: <<: *OrdererCapabilities Application: <<: *ApplicationDefaults Organizations: - *ExampleCom Capabilities: <<: *ApplicationCapabilities Policies: Readers: Type: ImplicitMeta Rule: ANY Readers Writers: Type: ImplicitMeta Rule: ANY Writers Admins: Type: ImplicitMeta Rule: MAJORITY Admins LifecycleEndorsement: Type: ImplicitMeta Rule: ANY Endorsement Endorsement: Type: ImplicitMeta Rule: ANY Endorsement Consortiums: SampleConsortium: Organizations: - *ExampleCom - *Org1ExampleCom - *Org2ExampleCom # SampleEmptyInsecureChannel定義了一個不包含成員與訪問控制策略的通道 SampleEmptyInsecureChannel: Capabilities: <<: *ChannelCapabilities Consortium: SampleConsortium Application: Organizations: - *ExampleCom Capabilities: <<: *ApplicationCapabilities Policies: Readers: Type: ImplicitMeta Rule: ANY Readers Writers: Type: ImplicitMeta Rule: ANY Writers Admins: Type: ImplicitMeta Rule: MAJORITY Admins LifecycleEndorsement: Type: ImplicitMeta Rule: ANY Endorsement Endorsement: Type: ImplicitMeta Rule: ANY Endorsement # SysTestChannel定義了一個用於測試的通道 SysTestChannel: <<: *ChannelDefaults Capabilities: <<: *ChannelCapabilities Consortium: SampleConsortium Application: <<: *ApplicationDefaults Organizations: - *Org1ExampleCom - *Org2ExampleCom Capabilities: <<: *ApplicationCapabilities Policies: Readers: Type: ImplicitMeta Rule: ANY Readers Writers: Type: ImplicitMeta Rule: ANY Writers Admins: Type: ImplicitMeta Rule: MAJORITY Admins LifecycleEndorsement: Type: ImplicitMeta Rule: ANY Endorsement Endorsement: Type: ImplicitMeta Rule: ANY Endorsement # SampleSingleMSPChannel定義了一個僅包含單一成員機構的通道。 # 該配置通常與SampleSingleMSPSolo或SampleSingleMSPKafka同時使用 SampleSingleMSPChannel: <<: *ChannelDefaults Capabilities: <<: *ChannelCapabilities Consortium: SampleConsortium Application: <<: *ApplicationDefaults Organizations: - *Org1ExampleCom - *Org2ExampleCom Capabilities: <<: *ApplicationCapabilities Policies: Readers: Type: ImplicitMeta Rule: ANY Readers Writers: Type: ImplicitMeta Rule: ANY Writers Admins: Type: ImplicitMeta Rule: MAJORITY Admins LifecycleEndorsement: Type: ImplicitMeta Rule: ANY Endorsement Endorsement: Type: ImplicitMeta Rule: ANY Endorsement
2>Organizations 部分
Organizations配置段用來定義組織機構實體,以便在后續配置中引用。例如,下面的配置文件中,定義了三個機構,可以分別使用ExampleCom、Org1ExampleCom和Org2ExampleCom引用其配置:
Organizations: - &ExampleCom Name: ExampleCom ID: example.com AdminPrincipal: Role.ADMIN MSPDir: ./ordererOrganizations/example.com/msp Policies: Readers: Type: Signature Rule: OR('example.com.member') Writers: Type: Signature Rule: OR('example.com.member') Admins: Type: Signature Rule: OR('example.com.admin') Endorsement: Type: Signature Rule: OR('example.com.member') - &Org1ExampleCom Name: Org1ExampleCom ID: org1.example.com MSPDir: ./peerOrganizations/org1.example.com/msp AdminPrincipal: Role.ADMIN AnchorPeers: - Host: peer0.org1.example.com Port: 7051 Policies: Readers: Type: Signature Rule: OR('org1.example.com.member') Writers: Type: Signature Rule: OR('org1.example.com.member') Admins: Type: Signature Rule: OR('org1.example.com.admin') Endorsement: Type: Signature Rule: OR('org1.example.com.member') - &Org2ExampleCom Name: Org2ExampleCom ID: org2.example.com MSPDir: ./peerOrganizations/org2.example.com/msp AdminPrincipal: Role.ADMIN AnchorPeers: - Host: peer0.org2.example.com Port: 7051 Policies: Readers: Type: Signature Rule: OR('org2.example.com.member') Writers: Type: Signature Rule: OR('org2.example.com.member') Admins: Type: Signature Rule: OR('org2.example.com.admin') Endorsement: Type: Signature Rule: OR('org2.example.com.member')
3>orderer部分
Orderer配置段用來定義要編碼寫入創世區塊或通道交易的排序節點參數。
Orderer: &OrdererDefaults # 排序節點類型用來指定要啟用的排序節點實現,不同的實現對應不同的共識算法。 # 目前可用的類型為:solo和kafka OrdererType: solo Addresses: - orderer0.example.com:7050 BatchTimeout: 2s BatchSize: MaxMessageCount: 10 AbsoluteMaxBytes: 98 MB PreferredMaxBytes: 512 KB MaxChannels: 0 Kafka: Brokers: - kafka0:9092 - kafka1:9092 - kafka2:9092 - kafka3:9092 Organizations: # 定義本層級的排序節點策略,其權威路徑為 /Channel/Orderer/<PolicyName> Policies: Readers: Type: ImplicitMeta Rule: ANY Readers Writers: Type: ImplicitMeta Rule: ANY Writers Admins: Type: ImplicitMeta Rule: MAJORITY Admins # BlockValidation配置項指定了哪些簽名必須包含在區塊中,以便對等節點進行驗證 BlockValidation: Type: ImplicitMeta Rule: ANY Writers # Capabilities配置描述排序節點層級的能力需求,這里直接引用 # 前面Capabilities配置段中的OrdererCapabilities配置項 Capabilities: <<: *OrdererCapabilities
4>Applications部分
Application配置段用來定義要寫入創世區塊或配置交易的應用參數。
Application: &ApplicationDefaults ACLs: &ACLsDefault # ACLs配置段為系統中各種資源提供默認的策略。 # 這里所說的“資源”,可以是系統鏈碼的函數,例如qscc系統鏈碼的GetBlockByNumber方法 # 也可以是其他資源,例如誰可以接收區塊事件。 # 這個配置段不是用來定義資源或API,而僅僅是定義資源的訪問控制策略 # # 用戶可以在通道定義中重寫這些默認策略 #---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--# # _lifecycle系統鏈碼CommitChaincodeDefinition函數的ACL定義 _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers # _lifecycle系統鏈碼的QueryChaincodeDefinition函數的ACL定義 _lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers # _lifecycle系統鏈碼的QueryNamespaceDefinitions函數的ACL定義 _lifecycle/QueryNamespaceDefinitions: /Channel/Application/Readers #---Lifecycle System Chaincode (lscc) function to policy mapping for access control---# # lscc系統鏈碼的getid函數的ACL定義 lscc/ChaincodeExists: /Channel/Application/Readers # lscc系統鏈碼的getdepspec函數的ACL定義 lscc/GetDeploymentSpec: /Channel/Application/Readers # lscc系統鏈碼的getccdata函數的ACL定義 lscc/GetChaincodeData: /Channel/Application/Readers # lscc系統鏈碼的getchaincodes函數的ACL定義 lscc/GetInstantiatedChaincodes: /Channel/Application/Readers #---Query System Chaincode (qscc) function to policy mapping for access control---# # qscc系統鏈碼的GetChainInfo函數的ACL定義 qscc/GetChainInfo: /Channel/Application/Readers # qscc系統鏈碼的GetBlockByNumber函數的ACL定義 qscc/GetBlockByNumber: /Channel/Application/Readers # qscc系統 鏈碼的GetBlockByHash函數的ACL定義 qscc/GetBlockByHash: /Channel/Application/Readers # qscc系統鏈碼的GetTransactionByID函數的ACL定義 qscc/GetTransactionByID: /Channel/Application/Readers # qscc系統鏈碼GetBlockByTxID函數的ACL定義 qscc/GetBlockByTxID: /Channel/Application/Readers #---Configuration System Chaincode (cscc) function to policy mapping for access control---# # cscc系統鏈碼的GetConfigBlock函數的ACl定義 cscc/GetConfigBlock: /Channel/Application/Readers # cscc系統鏈碼的GetConfigTree函數的ACL定義 cscc/GetConfigTree: /Channel/Application/Readers # cscc系統鏈碼的SimulateConfigTreeUpdate函數的ACL定義 cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers #---Miscellanesous peer function to policy mapping for access control---# # 訪問對等節點上的鏈碼的ACL策略定義 peer/Propose: /Channel/Application/Writers # 從鏈碼中訪問其他鏈碼的ACL策略定義 peer/ChaincodeToChaincode: /Channel/Application/Readers #---Events resource to policy mapping for access control###---# # 發送區塊事件的ACL策略定義 event/Block: /Channel/Application/Readers # 發送過濾的區塊事件的ACL策略定義 event/FilteredBlock: /Channel/Application/Readers # Organizations配置列出參與到網絡中的機構清單 Organizations: # 定義本層級的應用控制策略,其權威路徑為 /Channel/Application/<PolicyName> Policies: &ApplicationDefaultPolicies Readers: Type: ImplicitMeta Rule: "ANY Readers" Writers: Type: ImplicitMeta Rule: "ANY Writers" Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" LifecycleEndorsement: Type: ImplicitMeta Rule: "ANY Endorsement" Endorsement: Type: ImplicitMeta Rule: "ANY Endorsement" # Capabilities配置描述應用層級的能力需求,這里直接引用 # 前面Capabilities配置段中的ApplicationCapabilities配置項 Capabilities: <<: *ApplicationCapabilities
5>channel部分
Channel配置段用來定義要寫入創世區塊或配置交易的通道參數。
Channel: &ChannelDefaults
# 定義本層級的通道訪問策略,其權威路徑為 /Channel/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
# Writes策略定義了調用Broadcast API提交交易的許可規則
Writers:
Type: ImplicitMeta
Rule: ANY Writers
# Admin策略定義了修改本層級配置的許可規則
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
# Capabilities配置描通道層級的能力需求,這里直接引用
# 前面Capabilities配置段中的ChannelCapabilities配置項
Capabilities:
<<: *ChannelCapabilities
6>Capabilities部分
Capabilities段用來定義fabric網絡的能力。這是版本v1.0.0引入的一個新的配置段,當與版本v1.0.x的對等節點與排序節點混合組網時不可使用。
Capabilities段定義了fabric程序要加入網絡所必須支持的特性。例如,如果添加了一個新的MSP類型,那么更新的程序可能會根據該類型識別並驗證簽名,但是老版本的程序就沒有辦法驗證這些交易。這可能導致不同版本的fabric程序中維護的世界狀態不一致。
因此,通過定義通道的能力,就明確了不滿足該能力要求的fabric程序,將無法處理交易,除非升級到新的版本。對於v1.0.x的程序而言,如果在Capabilities段定義了任何能力,即使聲明不需要支持這些能力,都會導致其有意崩潰。
Capabilities:
# Global配置同時應用於排序節點和對等節點,並且必須被兩種節點同時支持。
# 將該配置項設置為ture表明要求節點具備該能力
Global: &ChannelCapabilities
V1_3: true
# Orderer配置僅應用於排序節點,不需考慮對等節點的升級。將該配置項
# 設置為true表明要求排序節點具備該能力
Orderer: &OrdererCapabilities
V1_1: true
# Application配置僅應用於對等網絡,不需考慮排序節點的升級。將該配置項
# 設置為true表明要求對等節點具備該能力
Application: &ApplicationCapabilities
V1_3: true
參考文檔: