|
- # Copyright IBM Corp. All Rights Reserved.
- #
- # SPDX-License-Identifier: Apache-2.0
- #
-
- ###############################################################################
- #
- # LOGGING section
- #
- ###############################################################################
- logging:
-
- # Default logging levels are specified here.
-
- # Valid logging levels are case-insensitive strings chosen from
-
- # CRITICAL | ERROR | WARNING | NOTICE | INFO | DEBUG
-
- # The overall default logging level can be specified in various ways,
- # listed below from strongest to weakest:
- #
- # 1. The --logging-level=<level> command line option overrides all other
- # default specifications.
- #
- # 2. The environment variable CORE_LOGGING_LEVEL otherwise applies to
- # all peer commands if defined as a non-empty string.
- #
- # 3. The value of `level` that directly follows in this file.
- #
- # If no overall default level is provided via any of the above methods,
- # the peer will default to INFO (the value of defaultLevel in
- # common/flogging/logging.go)
-
- # Default for all modules running within the scope of a peer.
- # Note: this value is only used when --logging-level or CORE_LOGGING_LEVEL
- # are not set
- level: info
-
- # The overall default values mentioned above can be overridden for the
- # specific components listed in the override section below.
-
- # Override levels for various peer modules. These levels will be
- # applied once the peer has completely started. They are applied at this
- # time in order to be sure every logger has been registered with the
- # logging package.
- # Note: the modules listed below are the only acceptable modules at this
- # time.
- cauthdsl: warning
- gossip: warning
- grpc: error
- ledger: info
- msp: warning
- policies: warning
- peer:
- gossip: warning
-
- # Message format for the peer logs
- format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
-
- ###############################################################################
- #
- # Peer section
- #
- ###############################################################################
- peer:
-
- # The Peer id is used for identifying this Peer instance.
- id: jdoe
-
- # The networkId allows for logical seperation of networks
- networkId: dev
-
- # The Address at local network interface this Peer will listen on.
- # By default, it will listen on all network interfaces
- listenAddress: 0.0.0.0:7051
-
- # The endpoint this peer uses to listen for inbound chaincode connections.
- # If this is commented-out, the listen address is selected to be
- # the peer's address (see below) with port 7052
- # chaincodeListenAddress: 0.0.0.0:7052
-
- # When used as peer config, this represents the endpoint to other peers
- # in the same organization. For peers in other organization, see
- # gossip.externalEndpoint for more info.
- # When used as CLI config, this means the peer's endpoint to interact with
- address: 0.0.0.0:7051
-
- # Whether the Peer should programmatically determine its address
- # This case is useful for docker containers.
- addressAutoDetect: false
-
- # Setting for runtime.GOMAXPROCS(n). If n < 1, it does not change the
- # current setting
- gomaxprocs: -1
-
- # Gossip related configuration
- gossip:
- # Bootstrap set to initialize gossip with.
- # This is a list of other peers that this peer reaches out to at startup.
- # Important: The endpoints here have to be endpoints of peers in the same
- # organization, because the peer would refuse connecting to these endpoints
- # unless they are in the same organization as the peer.
- bootstrap: 127.0.0.1:7051
-
- # NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.
- # Setting both to true would result in the termination of the peer
- # since this is undefined state. If the peers are configured with
- # useLeaderElection=false, make sure there is at least 1 peer in the
- # organization that its orgLeader is set to true.
-
- # Defines whenever peer will initialize dynamic algorithm for
- # "leader" selection, where leader is the peer to establish
- # connection with ordering service and use delivery protocol
- # to pull ledger blocks from ordering service. It is recommended to
- # use leader election for large networks of peers.
- useLeaderElection: true
- # Statically defines peer to be an organization "leader",
- # where this means that current peer will maintain connection
- # with ordering service and disseminate block across peers in
- # its own organization
- orgLeader: false
-
- # Overrides the endpoint that the peer publishes to peers
- # in its organization. For peers in foreign organizations
- # see 'externalEndpoint'
- endpoint:
- # Maximum count of blocks stored in memory
- maxBlockCountToStore: 10000
- # Max time between consecutive message pushes(unit: millisecond)
- maxPropagationBurstLatency: 10ms
- # Max number of messages stored until a push is triggered to remote peers
- maxPropagationBurstSize: 100
- # Number of times a message is pushed to remote peers
- propagateIterations: 1
- # Number of peers selected to push messages to
- propagatePeerNum: 3
- # Determines frequency of pull phases(unit: second)
- pullInterval: 4s
- # Number of peers to pull from
- pullPeerNum: 3
- # Determines frequency of pulling state info messages from peers(unit: second)
- requestStateInfoInterval: 4s
- # Determines frequency of pushing state info messages to peers(unit: second)
- publishStateInfoInterval: 4s
- # Maximum time a stateInfo message is kept until expired
- stateInfoRetentionInterval:
- # Time from startup certificates are included in Alive messages(unit: second)
- publishCertPeriod: 10s
- # Should we skip verifying block messages or not (currently not in use)
- skipBlockVerification: false
- # Dial timeout(unit: second)
- dialTimeout: 3s
- # Connection timeout(unit: second)
- connTimeout: 2s
- # Buffer size of received messages
- recvBuffSize: 20000
- # Buffer size of sending messages
- sendBuffSize: 20000
- # Time to wait before pull engine processes incoming digests (unit: second)
- digestWaitTime: 1s
- # Time to wait before pull engine removes incoming nonce (unit: second)
- requestWaitTime: 1s
- # Time to wait before pull engine ends pull (unit: second)
- responseWaitTime: 2s
- # Alive check interval(unit: second)
- aliveTimeInterval: 5s
- # Alive expiration timeout(unit: second)
- aliveExpirationTimeout: 25s
- # Reconnect interval(unit: second)
- reconnectInterval: 25s
- # This is an endpoint that is published to peers outside of the organization.
- # If this isn't set, the peer will not be known to other organizations.
- externalEndpoint:
- # Leader election service configuration
- election:
- # Longest time peer waits for stable membership during leader election startup (unit: second)
- startupGracePeriod: 15s
- # Interval gossip membership samples to check its stability (unit: second)
- membershipSampleInterval: 1s
- # Time passes since last declaration message before peer decides to perform leader election (unit: second)
- leaderAliveThreshold: 10s
- # Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)
- leaderElectionDuration: 5s
-
- pvtData:
- # pullRetryThreshold determines the maximum duration of time private data corresponding for a given block
- # would be attempted to be pulled from peers until the block would be committed without the private data
- pullRetryThreshold: 60s
- # minPeers defines the minimum number of peers
- # that an endorsement containing private data would target for dissemination.
- # The endorsement would fail if an insufficient number of acknowledgements from
- # peers of the peer's organization wasn't obtained.
- minPeers: 1
- # maxPeers defines the maximum number of peers
- # that an endorsement containing private data would target for dissemination
- maxPeers: 1
- # As private data enters the transient store, it is associated with the peer's ledger's height at that time.
- # transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,
- # and the private data residing inside the transient store that is guaranteed not to be purged.
- # Private data is purged from the transient store when blocks with sequences that are multiples
- # of transientstoreMaxBlockRetention are committed.
- transientstoreMaxBlockRetention: 1000
-
- # EventHub related configuration
- events:
- # The address that the Event service will be enabled on the peer
- address: 0.0.0.0:7053
-
- # total number of events that could be buffered without blocking send
- buffersize: 100
-
- # timeout duration for producer to send an event.
- # if < 0, if buffer full, unblocks immediately and not send
- # if 0, if buffer full, will block and guarantee the event will be sent out
- # if > 0, if buffer full, blocks till timeout
- timeout: 10ms
-
- # timewindow is the acceptable difference between the peer's current
- # time and the client's time as specified in a registration event
- timewindow: 15m
-
- # TLS Settings
- # Note that peer-chaincode connections through chaincodeListenAddress is
- # not mutual TLS auth. See comments on chaincodeListenAddress for more info
- tls:
- # require server-side TLS
- enabled: false
- # require client certificates / mutual TLS.
- # note that clients that are not configured to use a certificate will
- # fail to connect to the peer.
- clientAuthRequired: false
- # X.509 certificate used for TLS server (and client if clientAuthEnabled
- # is set to true
- cert:
- file: tls/server.crt
- # private key used for TLS server (and client if clientAuthEnabled
- # is set to true
- key:
- file: tls/server.key
- # trusted root certificate chain for tls.cert
- rootcert:
- file: tls/ca.crt
- # set of root certificate authorities used to verify client certificates
- clientRootCAs:
- files:
- - tls/ca.crt
-
- # The server name use to verify the hostname returned by TLS handshake
- serverhostoverride:
-
- # Path on the file system where peer will store data (eg ledger). This
- # location must be access control protected to prevent unintended
- # modification that might corrupt the peer operations.
- fileSystemPath: /var/hyperledger/production
-
- # BCCSP (Blockchain crypto provider): Select which crypto implementation or
- # library to use
- BCCSP:
- Default: SW
- SW:
- # TODO: The default Hash and Security level needs refactoring to be
- # fully configurable. Changing these defaults requires coordination
- # SHA2 is hardcoded in several places, not only BCCSP
- Hash: SHA2
- Security: 256
- # Location of Key Store
- FileKeyStore:
- # If "", defaults to 'mspConfigPath'/keystore
- # TODO: Ensure this is read with fabric/core/config.GetPath() once ready
- KeyStore:
-
- # Path on the file system where peer will find MSP local configurations
- mspConfigPath: msp
-
- # Identifier of the local MSP
- # ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----
- # Deployers need to change the value of the localMspId string.
- # In particular, the name of the local MSP ID of a peer needs
- # to match the name of one of the MSPs in each of the channel
- # that this peer is a member of. Otherwise this peer's messages
- # will not be identified as valid by other nodes.
- localMspId: DEFAULT
-
- # Delivery service related config
- deliveryclient:
- # It sets the total time the delivery service may spend in reconnection
- # attempts until its retry logic gives up and returns an error
- reconnectTotalTimeThreshold: 3600s
-
- # Used with Go profiling tools only in none production environment. In
- # production, it should be disabled (eg enabled: false)
- profile:
- enabled: false
- listenAddress: 0.0.0.0:6060
-
- # Handlers defines custom handlers that can filter and mutate
- # objects passing within the peer, such as:
- # Auth filter - reject or forward proposals from clients
- # Decorators - append or mutate the chaincode input passed to the chaincode
- # Valid handler definition contains:
- # - A name which is a factory method name defined in
- # core/handlers/library/library.go for statically compiled handlers
- # - library path to shared object binary for pluggable filters
- # Auth filters and decorators are chained and executed in the order that
- # they are defined. For example:
- # authFilters:
- # -
- # name: FilterOne
- # library: /opt/lib/filter.so
- # -
- # name: FilterTwo
- # decorators:
- # -
- # name: DecoratorOne
- # -
- # name: DecoratorTwo
- # library: /opt/lib/decorator.so
- handlers:
- authFilters:
- -
- name: DefaultAuth
- decorators:
- -
- name: DefaultDecorator
-
- # Number of goroutines that will execute transaction validation in parallel.
- # By default, the peer chooses the number of CPUs on the machine. Set this
- # variable to override that choice.
- # NOTE: overriding this value might negatively influence the performance of
- # the peer so please change this value only if you know what you're doing
- validatorPoolSize:
-
- ###############################################################################
- #
- # Grpc section
- #
- ###############################################################################
- grpc:
- maxsize:
- #700 x 1024 x 1024
- recv: 73400320000
- send: 73400320000
- keepalivetime:
- # 1 min
- #client: 14400
- client: 10
- # 2 hours - gRPC default
- #server: 14400
- server: 10
- keepalivetimeout:
- # 20 sec - gRPC default
- #client: 600
- client: 5
- # 20 sec - gRPC default
- #server: 600
- server: 5
-
- ###############################################################################
- #
- # Agent section
- #
- ###############################################################################
- agent:
- etcd:
- endpoints: ["10.10.188.121:2379", "localhost:2379"]
- ratio: 1.0
- # mem or fabric
- repo: mem
- basedir: models
- timeout:
- trigger: 200m
-
-
- ###############################################################################
- #
- # VM section
- #
- ###############################################################################
- vm:
-
- # Endpoint of the vm management system. For docker can be one of the following in general
- # unix:///var/run/docker.sock
- # http://localhost:2375
- # https://localhost:2376
- endpoint: unix:///var/run/docker.sock
-
- # settings for docker vms
- docker:
- tls:
- enabled: false
- ca:
- file: docker/ca.crt
- cert:
- file: docker/tls.crt
- key:
- file: docker/tls.key
-
- # Enables/disables the standard out/err from chaincode containers for
- # debugging purposes
- attachStdout: false
-
- # Parameters on creating docker container.
- # Container may be efficiently created using ipam & dns-server for cluster
- # NetworkMode - sets the networking mode for the container. Supported
- # standard values are: `host`(default),`bridge`,`ipvlan`,`none`.
- # Dns - a list of DNS servers for the container to use.
- # Note: `Privileged` `Binds` `Links` and `PortBindings` properties of
- # Docker Host Config are not supported and will not be used if set.
- # LogConfig - sets the logging driver (Type) and related options
- # (Config) for Docker. For more info,
- # https://docs.docker.com/engine/admin/logging/overview/
- # Note: Set LogConfig using Environment Variables is not supported.
- hostConfig:
- NetworkMode: host
- Dns:
- # - 192.168.0.1
- LogConfig:
- Type: json-file
- Config:
- max-size: "500m"
- max-file: "50"
- Memory: 2147483648
-
- ###############################################################################
- #
- # Chaincode section
- #
- ###############################################################################
- chaincode:
- # This is used if chaincode endpoint resolution fails with the
- # chaincodeListenAddress property
- peerAddress:
-
- # The id is used by the Chaincode stub to register the executing Chaincode
- # ID with the Peer and is generally supplied through ENV variables
- # the `path` form of ID is provided when installing the chaincode.
- # The `name` is used for all other requests and can be any string.
- id:
- path:
- name:
-
- # Generic builder environment, suitable for most chaincode types
- builder: $(DOCKER_NS)/fabric-ccenv:$(ARCH)-$(PROJECT_VERSION)
-
- golang:
- # golang will never need more than baseos
- runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
-
- # whether or not golang chaincode should be linked dynamically
- dynamicLink: false
-
- car:
- # car may need more facilities (JVM, etc) in the future as the catalog
- # of platforms are expanded. For now, we can just use baseos
- runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
-
- java:
- # This is an image based on java:openjdk-8 with addition compiler
- # tools added for java shim layer packaging.
- # This image is packed with shim layer libraries that are necessary
- # for Java chaincode runtime.
- Dockerfile: |
- from $(DOCKER_NS)/fabric-javaenv:$(ARCH)-$(PROJECT_VERSION)
-
- node:
- # need node.js engine at runtime, currently available in baseimage
- # but not in baseos
- runtime: $(BASE_DOCKER_NS)/fabric-baseimage:$(ARCH)-$(BASE_VERSION)
-
- # Timeout duration for starting up a container and waiting for Register
- # to come through. 1sec should be plenty for chaincode unit tests
- startuptimeout: 300s
-
- # Timeout duration for Invoke and Init calls to prevent runaway.
- # This timeout is used by all chaincodes in all the channels, including
- # system chaincodes.
- # Note that during Invoke, if the image is not available (e.g. being
- # cleaned up when in development environment), the peer will automatically
- # build the image, which might take more time. In production environment,
- # the chaincode image is unlikely to be deleted, so the timeout could be
- # reduced accordingly.
- executetimeout: 30s
-
- # There are 2 modes: "dev" and "net".
- # In dev mode, user runs the chaincode after starting peer from
- # command line on local machine.
- # In net mode, peer will run chaincode in a docker container.
- mode: net
-
- # keepalive in seconds. In situations where the communiction goes through a
- # proxy that does not support keep-alive, this parameter will maintain connection
- # between peer and chaincode.
- # A value <= 0 turns keepalive off
- keepalive: 0
-
- # system chaincodes whitelist. To add system chaincode "myscc" to the
- # whitelist, add "myscc: enable" to the list below, and register in
- # chaincode/importsysccs.go
- system:
- cscc: enable
- lscc: enable
- escc: enable
- vscc: enable
- qscc: enable
- rscc: disable
-
- # System chaincode plugins: in addition to being imported and compiled
- # into fabric through core/chaincode/importsysccs.go, system chaincodes
- # can also be loaded as shared objects compiled as Go plugins.
- # See examples/plugins/scc for an example.
- # Like regular system chaincodes, plugins must also be white listed in the
- # chaincode.system section above.
- systemPlugins:
- # example configuration:
- # - enabled: true
- # name: myscc
- # path: /opt/lib/myscc.so
- # invokableExternal: true
- # invokableCC2CC: true
-
- # Logging section for the chaincode container
- logging:
- # Default level for all loggers within the chaincode container
- level: info
- # Override default level for the 'shim' module
- shim: warning
- # Format for the chaincode container logs
- format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
-
- ###############################################################################
- #
- # Ledger section - ledger configuration encompases both the blockchain
- # and the state
- #
- ###############################################################################
- ledger:
-
- blockchain:
-
- state:
- # stateDatabase - options are "goleveldb", "CouchDB"
- # goleveldb - default state database stored in goleveldb.
- # CouchDB - store state database in CouchDB
- stateDatabase: goleveldb
- couchDBConfig:
- # It is recommended to run CouchDB on the same server as the peer, and
- # not map the CouchDB container port to a server port in docker-compose.
- # Otherwise proper security must be provided on the connection between
- # CouchDB client (on the peer) and server.
- couchDBAddress: 127.0.0.1:5984
- # This username must have read and write authority on CouchDB
- username:
- # The password is recommended to pass as an environment variable
- # during start up (eg LEDGER_COUCHDBCONFIG_PASSWORD).
- # If it is stored here, the file must be access control protected
- # to prevent unintended users from discovering the password.
- password:
- # Number of retries for CouchDB errors
- maxRetries: 3
- # Number of retries for CouchDB errors during peer startup
- maxRetriesOnStartup: 10
- # CouchDB request timeout (unit: duration, e.g. 20s)
- requestTimeout: 35s
- # Limit on the number of records to return per query
- queryLimit: 10000
- # Limit on the number of records per CouchDB bulk update batch
- maxBatchUpdateSize: 1000
-
-
- history:
- # enableHistoryDatabase - options are true or false
- # Indicates if the history of key updates should be stored.
- # All history 'index' will be stored in goleveldb, regardless if using
- # CouchDB or alternate database for the state.
- enableHistoryDatabase: true
-
- ###############################################################################
- #
- # Metrics section
- #
- #
- ###############################################################################
- metrics:
- # enable or disable metrics server
- enabled: false
-
- # when enable metrics server, must specific metrics reporter type
- # currently supported type: "statsd","prom"
- reporter: statsd
-
- # determines frequency of report metrics(unit: second)
- interval: 1s
-
- statsdReporter:
-
- # statsd server address to connect
- address: 0.0.0.0:8125
-
- # determines frequency of push metrics to statsd server(unit: second)
- flushInterval: 2s
-
- # max size bytes for each push metrics request
- # intranet recommend 1432 and internet recommend 512
- flushBytes: 1432
-
- promReporter:
-
- # prometheus http server listen address for pull metrics
- listenAddress: 0.0.0.0:8080
|