configtx.yaml是Hyperledger Fabric區塊鍊網絡運維工具configtxgen用于生成通道創世塊或通道交易的配置檔案,configtx.yaml的内容直接決定了所生成的創世區塊的内容。本文将給出configtx.yaml的詳細中文說明。
如果需要快速掌握Fabric區塊鍊的鍊碼與應用開發,推薦通路彙智網的線上互動教程:
Capabilities / 通道能力配置
Capabilities段用來定義fabric網絡的能力。這是版本v1.0.0引入的一個新的配置段,當與版本v1.0.x的對等節點與排序節點混合組網時不可使用。
Capabilities段定義了fabric程式要加入網絡所必須支援的特性。例如,如果添加了一個新的MSP類型,那麼更新的程式可能會根據該類型識别并驗證簽名,但是老版本的程式就沒有辦法驗證這些交易。這可能導緻不同版本的fabric程式中維護的世界狀态不一緻。
是以,通過定義通道的能力,就明确了不滿足該能力要求的fabric程式,将無法處理交易,除非更新到新的版本。對于v1.0.x的程式而言,如果在Capabilities段定義了任何能力,即使聲明不需要支援這些能力,都會導緻其有意崩潰。
Capabilities:
# Global配置同時應用于排序節點和對等節點,并且必須被兩種節點同時支援。
# 将該配置項設定為ture表明要求節點具備該能力
Global: &ChannelCapabilities
V1_3: true
# Orderer配置僅應用于排序節點,不需考慮對等節點的更新。将該配置項
# 設定為true表明要求排序節點具備該能力
Orderer: &OrdererCapabilities
V1_1: true
# Application配置僅應用于對等網絡,不需考慮排序節點的更新。将該配置項
# 設定為true表明要求對等節點具備該能力
Application: &ApplicationCapabilities
V1_3: true
Organizations / 組織機構配置
Organizations配置段用來定義組織機構實體,以便在後續配置中引用。例如,下面的配置檔案中,定義了三個機構,可以分别使用ExampleCom、Org1ExampleCom和Org2ExampleCom引用其配置:
Organizations:
- &ExampleCom
Name: ExampleCom
ID: example.com
AdminPrincipal: Role.ADMIN
MSPDir: ./ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: OR('example.com.member')
Writers:
Type: Signature
Rule: OR('example.com.member')
Admins:
Type: Signature
Rule: OR('example.com.admin')
Endorsement:
Type: Signature
Rule: OR('example.com.member')
- &Org1ExampleCom
Name: Org1ExampleCom
ID: org1.example.com
MSPDir: ./peerOrganizations/org1.example.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
Policies:
Readers:
Type: Signature
Rule: OR('org1.example.com.member')
Writers:
Type: Signature
Rule: OR('org1.example.com.member')
Admins:
Type: Signature
Rule: OR('org1.example.com.admin')
Endorsement:
Type: Signature
Rule: OR('org1.example.com.member')
- &Org2ExampleCom
Name: Org2ExampleCom
ID: org2.example.com
MSPDir: ./peerOrganizations/org2.example.com/msp
AdminPrincipal: Role.ADMIN
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Policies:
Readers:
Type: Signature
Rule: OR('org2.example.com.member')
Writers:
Type: Signature
Rule: OR('org2.example.com.member')
Admins:
Type: Signature
Rule: OR('org2.example.com.admin')
Endorsement:
Type: Signature
Rule: OR('org2.example.com.member')
Orderer / 排序節點配置
Orderer配置段用來定義要編碼寫入創世區塊或通道交易的排序節點參數。
Orderer: &OrdererDefaults
# 排序節點類型用來指定要啟用的排序節點實作,不同的實作對應不同的共識算法。
# 目前可用的類型為:solo和kafka
OrdererType: solo
Addresses:
- orderer0.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
MaxChannels: 0
Kafka:
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
- kafka3:9092
Organizations:
# 定義本層級的排序節點政策,其權威路徑為 /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
# BlockValidation配置項指定了哪些簽名必須包含在區塊中,以便對等節點進行驗證
BlockValidation:
Type: ImplicitMeta
Rule: ANY Writers
# Capabilities配置描述排序節點層級的能力需求,這裡直接引用
# 前面Capabilities配置段中的OrdererCapabilities配置項
Capabilities:
<<: *OrdererCapabilities
Channel / 通道配置
Channel配置段用來定義要寫入創世區塊或配置交易的通道參數。
Channel: &ChannelDefaults
# 定義本層級的通道通路政策,其權威路徑為 /Channel/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
# Writes政策定義了調用Broadcast API送出交易的許可規則
Writers:
Type: ImplicitMeta
Rule: ANY Writers
# Admin政策定義了修改本層級配置的許可規則
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
# Capabilities配置描通道層級的能力需求,這裡直接引用
# 前面Capabilities配置段中的ChannelCapabilities配置項
Capabilities:
<<: *ChannelCapabilities
Application / 應用配置
Application配置段用來定義要寫入創世區塊或配置交易的應用參數。
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# ACLs配置段為系統中各種資源提供預設的政策。
# 這裡所說的“資源”,可以是系統鍊碼的函數,例如qscc系統鍊碼的GetBlockByNumber方法
# 也可以是其他資源,例如誰可以接收區塊事件。
# 這個配置段不是用來定義資源或API,而僅僅是定義資源的通路控制政策
#
# 使用者可以在通道定義中重寫這些預設政策
#---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
# _lifecycle系統鍊碼CommitChaincodeDefinition函數的ACL定義
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# _lifecycle系統鍊碼的QueryChaincodeDefinition函數的ACL定義
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers
# _lifecycle系統鍊碼的QueryNamespaceDefinitions函數的ACL定義
_lifecycle/QueryNamespaceDefinitions: /Channel/Application/Readers
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# lscc系統鍊碼的getid函數的ACL定義
lscc/ChaincodeExists: /Channel/Application/Readers
# lscc系統鍊碼的getdepspec函數的ACL定義
lscc/GetDeploymentSpec: /Channel/Application/Readers
# lscc系統鍊碼的getccdata函數的ACL定義
lscc/GetChaincodeData: /Channel/Application/Readers
# lscc系統鍊碼的getchaincodes函數的ACL定義
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# qscc系統鍊碼的GetChainInfo函數的ACL定義
qscc/GetChainInfo: /Channel/Application/Readers
# qscc系統鍊碼的GetBlockByNumber函數的ACL定義
qscc/GetBlockByNumber: /Channel/Application/Readers
# qscc系統 鍊碼的GetBlockByHash函數的ACL定義
qscc/GetBlockByHash: /Channel/Application/Readers
# qscc系統鍊碼的GetTransactionByID函數的ACL定義
qscc/GetTransactionByID: /Channel/Application/Readers
# qscc系統鍊碼GetBlockByTxID函數的ACL定義
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# cscc系統鍊碼的GetConfigBlock函數的ACl定義
cscc/GetConfigBlock: /Channel/Application/Readers
# cscc系統鍊碼的GetConfigTree函數的ACL定義
cscc/GetConfigTree: /Channel/Application/Readers
# cscc系統鍊碼的SimulateConfigTreeUpdate函數的ACL定義
cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
#---Miscellanesous peer function to policy mapping for access control---#
# 通路對等節點上的鍊碼的ACL政策定義
peer/Propose: /Channel/Application/Writers
# 從鍊碼中通路其他鍊碼的ACL政策定義
peer/ChaincodeToChaincode: /Channel/Application/Readers
#---Events resource to policy mapping for access control###---#
# 發送區塊事件的ACL政策定義
event/Block: /Channel/Application/Readers
# 發送過濾的區塊事件的ACL政策定義
event/FilteredBlock: /Channel/Application/Readers
# Organizations配置列出參與到網絡中的機構清單
Organizations:
# 定義本層級的應用控制政策,其權威路徑為 /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
# Capabilities配置描述應用層級的能力需求,這裡直接引用
# 前面Capabilities配置段中的ApplicationCapabilities配置項
Capabilities:
<<: *ApplicationCapabilities
Profiles / 配置入口
Profiles配置段用來定義用于configtxgen工具的配置入口。包含委員會(consortium)的配置入口可以用來生成排序節點的創世區塊。如果在排序節點的創世區塊中正确定義了consortium的成員,那麼可以僅使用機構成員名稱和委員會的名稱來生成通道建立請求。
Profiles:
# SampleInsecureSolo定義了一個使用Solo排序節點的簡單配置
SampleInsecureSolo:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Consortiums:
SampleConsortium:
Organizations:
- *Org1ExampleCom
- *Org2ExampleCom
# SampleInsecureKafka定義了一個使用Kfaka排序節點的配置
SampleInsecureKafka:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Addresses:
- orderer0.example.com:7050
- orderer1.example.com:7050
- orderer2.example.com:7050
Organizations:
- *ExampleCom
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Consortiums:
SampleConsortium:
Organizations:
- *ExampleCom
- *Org1ExampleCom
- *Org2ExampleCom
# SampleSingleMSPSolo定義了一個使用Solo排序節點、包含單一MSP的配置
SampleSingleMSPSolo:
Orderer:
<<: *OrdererDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Consortiums:
SampleConsortium:
Organizations:
- *ExampleCom
- *Org1ExampleCom
- *Org2ExampleCom
# SampleEmptyInsecureChannel定義了一個不包含成員與通路控制政策的通道
SampleEmptyInsecureChannel:
Capabilities:
<<: *ChannelCapabilities
Consortium: SampleConsortium
Application:
Organizations:
- *ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
# SysTestChannel定義了一個用于測試的通道
SysTestChannel:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1ExampleCom
- *Org2ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
# SampleSingleMSPChannel定義了一個僅包含單一成員機構的通道。
# 該配置通常與SampleSingleMSPSolo或SampleSingleMSPKafka同時使用
SampleSingleMSPChannel:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1ExampleCom
- *Org2ExampleCom
Capabilities:
<<: *ApplicationCapabilities
Policies:
Readers:
Type: ImplicitMeta
Rule: ANY Readers
Writers:
Type: ImplicitMeta
Rule: ANY Writers
Admins:
Type: ImplicitMeta
Rule: MAJORITY Admins
LifecycleEndorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
Endorsement:
Type: ImplicitMeta
Rule: ANY Endorsement
原文連結:
configtx.yaml中文詳解 — 彙智網