Hyperledger Fabric 二进制安装部署 Peer 节点
2024-05-14 15:24:26
Hyperledger Fabric 二进制安装部署 Peer 节点
规划网络拓扑
3 个 orderer 节点; 组织 org1 , org1 下有两个 peer 节点, peer0 和 peer1; 组织 org2 , org2 下有两个 peer 节点, peer0 和 peer1;
| 节点 | 宿主机 IP | hosts | 端口 |
|---|---|---|---|
| cli | 192.168.1.66 | N/A | N/A |
| orderer0 | 192.168.1.66 | orderer0.example.com | 7050 , 8443 , 9443 |
| orderer1 | 192.168.1.66 | orderer1.example.com | 8050 , 8444 ,9444 |
| orderer2 | 192.168.1.66 | orderer2.example.com | 9050 , 8445 ,9445 |
| org1-peer0 | 192.168.1.66 | peer0.org1.example.com | 7051 , 7052 , 9446 , 8125 |
| org1-peer1 | 192.168.1.66 | peer1.org1.example.com | 8051 , 7053 , 9447 , 8126 |
| org2-peer0 | 192.168.1.66 | peer0.org2.example.com | 9051 , 7054 , 9448 , 8127 |
| org2-peer1 | 192.168.1.66 | peer1.org2.example.com | 10051 , 7055 , 9449 , 8128 |
vim /etc/hosts# 新增192.168.1.66 orderer0.example.com
192.168.1.66 orderer1.example.com
192.168.1.66 orderer2.example.com192.168.1.66 peer0.org1.example.com
192.168.1.66 peer1.org1.example.com192.168.1.66 peer0.org2.example.com
192.168.1.66 peer1.org2.example.com
部署 org1-peer0 节点
编辑 core.yaml 文件:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
################################################################################
#
# Peer section
#
###############################################################################
peer:# The peer id provides a name for this peer instance and is used when# naming docker resources.id: peer0.org1.example.com# The networkId allows for logical separation of networks and is used when# naming docker resources.networkId: dev# The Address at local network interface this Peer will listen on.# By default, it will listen on all network interfaceslistenAddress: 192.168.1.66:7051# The endpoint this peer uses to listen for inbound chaincode connections.# If this is commented-out, the listen address is selected to be# the peer's address (see below) with port 7052chaincodeListenAddress: 192.168.1.66:7052# The endpoint the chaincode for this peer uses to connect to the peer.# If this is not specified, the chaincodeListenAddress address is selected.# And if chaincodeListenAddress is not specified, address is selected from# peer address (see below). If specified peer address is invalid then it# will fallback to the auto detected IP (local IP) regardless of the peer# addressAutoDetect value.chaincodeAddress: 192.168.1.66:7052# When used as peer config, this represents the endpoint to other peers# in the same organization. For peers in other organization, see# gossip.externalEndpoint for more info.# When used as CLI config, this means the peer's endpoint to interact withaddress: 192.168.1.66:7051# Whether the Peer should programmatically determine its address# This case is useful for docker containers.# When set to true, will override peer address.addressAutoDetect: false# Settings for the Peer's gateway server.gateway:# Whether the gateway is enabled for this Peer.enabled: true# endorsementTimeout is the duration the gateway waits for a response# from other endorsing peers before returning a timeout error to the client.endorsementTimeout: 30s# dialTimeout is the duration the gateway waits for a connection# to other network nodes.dialTimeout: 2m# Keepalive settings for peer server and clientskeepalive:# Interval is the duration after which if the server does not see# any activity from the client it pings the client to see if it's aliveinterval: 7200s# Timeout is the duration the server waits for a response# from the client after sending a ping before closing the connectiontimeout: 20s# MinInterval is the minimum permitted time between client pings.# If clients send pings more frequently, the peer server will# disconnect themminInterval: 60s# Client keepalive settings for communicating with other peer nodesclient:# Interval is the time between pings to peer nodes. This must# greater than or equal to the minInterval specified by peer# nodesinterval: 60s# Timeout is the duration the client waits for a response from# peer nodes before closing the connectiontimeout: 20s# DeliveryClient keepalive settings for communication with ordering# nodes.deliveryClient:# Interval is the time between pings to ordering nodes. This must# greater than or equal to the minInterval specified by ordering# nodes.interval: 60s# Timeout is the duration the client waits for a response from# ordering nodes before closing the connectiontimeout: 20s# Gossip related configurationgossip:# Bootstrap set to initialize gossip with.# This is a list of other peers that this peer reaches out to at startup.# Important: The endpoints here have to be endpoints of peers in the same# organization, because the peer would refuse connecting to these endpoints# unless they are in the same organization as the peer.bootstrap: 192.168.1.66:7051# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.# Setting both to true would result in the termination of the peer# since this is undefined state. If the peers are configured with# useLeaderElection=false, make sure there is at least 1 peer in the# organization that its orgLeader is set to true.# Defines whenever peer will initialize dynamic algorithm for# "leader" selection, where leader is the peer to establish# connection with ordering service and use delivery protocol# to pull ledger blocks from ordering service.useLeaderElection: false# Statically defines peer to be an organization "leader",# where this means that current peer will maintain connection# with ordering service and disseminate block across peers in# its own organization. Multiple peers or all peers in an organization# may be configured as org leaders, so that they all pull# blocks directly from ordering service.orgLeader: true# Interval for membershipTracker pollingmembershipTrackerInterval: 5s# Overrides the endpoint that the peer publishes to peers# in its organization. For peers in foreign organizations# see 'externalEndpoint'endpoint:# Maximum count of blocks stored in memorymaxBlockCountToStore: 10# Max time between consecutive message pushes(unit: millisecond)maxPropagationBurstLatency: 10ms# Max number of messages stored until a push is triggered to remote peersmaxPropagationBurstSize: 10# Number of times a message is pushed to remote peerspropagateIterations: 1# Number of peers selected to push messages topropagatePeerNum: 3# Determines frequency of pull phases(unit: second)# Must be greater than digestWaitTime + responseWaitTimepullInterval: 4s# Number of peers to pull frompullPeerNum: 3# Determines frequency of pulling state info messages from peers(unit: second)requestStateInfoInterval: 4s# Determines frequency of pushing state info messages to peers(unit: second)publishStateInfoInterval: 4s# Maximum time a stateInfo message is kept until expiredstateInfoRetentionInterval:# Time from startup certificates are included in Alive messages(unit: second)publishCertPeriod: 10s# Should we skip verifying block messages or not (currently not in use)skipBlockVerification: false# Dial timeout(unit: second)dialTimeout: 3s# Connection timeout(unit: second)connTimeout: 2s# Buffer size of received messagesrecvBuffSize: 20# Buffer size of sending messagessendBuffSize: 200# Time to wait before pull engine processes incoming digests (unit: second)# Should be slightly smaller than requestWaitTimedigestWaitTime: 1s# Time to wait before pull engine removes incoming nonce (unit: milliseconds)# Should be slightly bigger than digestWaitTimerequestWaitTime: 1500ms# Time to wait before pull engine ends pull (unit: second)responseWaitTime: 2s# Alive check interval(unit: second)aliveTimeInterval: 5s# Alive expiration timeout(unit: second)aliveExpirationTimeout: 25s# Reconnect interval(unit: second)reconnectInterval: 25s# Max number of attempts to connect to a peermaxConnectionAttempts: 120# Message expiration factor for alive messagesmsgExpirationFactor: 20# This is an endpoint that is published to peers outside of the organization.# If this isn't set, the peer will not be known to other organizations.externalEndpoint:# Leader election service configurationelection:# Longest time peer waits for stable membership during leader election startup (unit: second)startupGracePeriod: 15s# Interval gossip membership samples to check its stability (unit: second)membershipSampleInterval: 1s# Time passes since last declaration message before peer decides to perform leader election (unit: second)leaderAliveThreshold: 10s# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)leaderElectionDuration: 5spvtData:# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block# would be attempted to be pulled from peers until the block would be committed without the private datapullRetryThreshold: 60s# As private data enters the transient store, it is associated with the peer's ledger's height at that time.# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,# and the private data residing inside the transient store that is guaranteed not to be purged.# Private data is purged from the transient store when blocks with sequences that are multiples# of transientstoreMaxBlockRetention are committed.transientstoreMaxBlockRetention: 1000# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer# at private data push at endorsement time.pushAckTimeout: 3s# Block to live pulling margin, used as a buffer# to prevent peer from trying to pull private data# from peers that is soon to be purged in next N blocks.# This helps a newly joined peer catch up to current# blockchain height quicker.btlPullMargin: 10# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to# pull from the other peers the most recent missing blocks with a maximum batch size limitation.# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a# single iteration.reconcileBatchSize: 10# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning# of the next reconciliation iteration.reconcileSleepInterval: 1m# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.reconciliationEnabled: true# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid# transaction's private data from other peers need to be skipped during the commit time and pulled# only through reconciler.skipPullingInvalidTransactionsDuringCommit: false# implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection.# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values# for disseminating private data.# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.implicitCollectionDisseminationPolicy:# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully# disseminate private data for its own implicit collection during endorsement. Default value is 0.requiredPeerCount: 0# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to# disseminate private data for its own implicit collection during endorsement. Default value is 1.maxPeerCount: 1# Gossip state transfer related configurationstate:# indicates whenever state transfer is enabled or not# default value is false, i.e. state transfer is active# and takes care to sync up missing blocks allowing# lagging peer to catch up to speed with rest network.# Keep in mind that when peer.gossip.useLeaderElection is true# and there are several peers in the organization,# or peer.gossip.useLeaderElection is false alongside with# peer.gossip.orgleader being false, the peer's ledger may lag behind# the rest of the peers and will never catch up due to state transfer# being disabled.enabled: false# checkInterval interval to check whether peer is lagging behind enough to# request blocks via state transfer from another peer.checkInterval: 10s# responseTimeout amount of time to wait for state transfer response from# other peersresponseTimeout: 3s# batchSize the number of blocks to request via state transfer from another peerbatchSize: 10# blockBufferSize reflects the size of the re-ordering buffer# which captures blocks and takes care to deliver them in order# down to the ledger layer. The actual buffer size is bounded between# 0 and 2*blockBufferSize, each channel maintains its own bufferblockBufferSize: 20# maxRetries maximum number of re-tries to ask# for single state transfer requestmaxRetries: 3# TLS Settingstls:# Require server-side TLSenabled: true# Require client certificates / mutual TLS for inbound connections.# Note that clients that are not configured to use a certificate will# fail to connect to the peer.clientAuthRequired: false# X.509 certificate used for TLS servercert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt# Private key used for TLS serverkey:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key# rootcert.file represents the trusted root certificate chain used for verifying certificates# of other nodes during outbound connections.# It is not required to be set, but can be used to augment the set of TLS CA certificates# available from the MSPs of each channel’s configuration.rootcert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt# If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates# used for verifying certificates of client connections.# It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration.# Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests.clientRootCAs:files:- /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt# Private key used for TLS when making client connections.# If not set, peer.tls.key.file will be used insteadclientKey:file:# X.509 certificate used for TLS when making client connections.# If not set, peer.tls.cert.file will be used insteadclientCert:file:# Authentication contains configuration parameters related to authenticating# client messagesauthentication:# the acceptable difference between the current server time and the# client's time as specified in a client request messagetimewindow: 15m# Path on the file system where peer will store data (eg ledger). This# location must be access control protected to prevent unintended# modification that might corrupt the peer operations.fileSystemPath: /var/hyperledger/production/org1-peer0# BCCSP (Blockchain crypto provider): Select which crypto implementation or# library to useBCCSP:Default: SW# Settings for the SW crypto provider (i.e. when DEFAULT: SW)SW:# TODO: The default Hash and Security level needs refactoring to be# fully configurable. Changing these defaults requires coordination# SHA2 is hardcoded in several places, not only BCCSPHash: SHA2Security: 256# Location of Key StoreFileKeyStore:# If "", defaults to 'mspConfigPath'/keystoreKeyStore:# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)PKCS11:# Location of the PKCS11 module libraryLibrary:# Token LabelLabel:# User PINPin:Hash:Security:# Path on the file system where peer will find MSP local configurationsmspConfigPath: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp# Identifier of the local MSP# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----# Deployers need to change the value of the localMspId string.# In particular, the name of the local MSP ID of a peer needs# to match the name of one of the MSPs in each of the channel# that this peer is a member of. Otherwise this peer's messages# will not be identified as valid by other nodes.localMspId: Org1MSP# CLI common client config optionsclient:# connection timeoutconnTimeout: 3s# Delivery service related configdeliveryclient:# Enables this peer to disseminate blocks it pulled from the ordering service# via gossip.# Note that 'gossip.state.enabled' controls point to point block replication# of blocks committed in the past.blockGossipEnabled: true# It sets the total time the delivery service may spend in reconnection# attempts until its retry logic gives up and returns an errorreconnectTotalTimeThreshold: 3600s# It sets the delivery service <-> ordering service node connection timeoutconnTimeout: 3s# It sets the delivery service maximal delay between consecutive retriesreConnectBackoffThreshold: 3600s# A list of orderer endpoint addresses which should be overridden# when found in channel configurations.addressOverrides:# - from:# to:# caCertsFile:# - from:# to:# caCertsFile:# Type for the local MSP - by default it's of type bccsplocalMspType: bccsp# Used with Go profiling tools only in none production environment. In# production, it should be disabled (eg enabled: false)profile:enabled: falselistenAddress: 0.0.0.0:6060# Handlers defines custom handlers that can filter and mutate# objects passing within the peer, such as:# Auth filter - reject or forward proposals from clients# Decorators - append or mutate the chaincode input passed to the chaincode# Endorsers - Custom signing over proposal response payload and its mutation# Valid handler definition contains:# - A name which is a factory method name defined in# core/handlers/library/library.go for statically compiled handlers# - library path to shared object binary for pluggable filters# Auth filters and decorators are chained and executed in the order that# they are defined. For example:# authFilters:# -# name: FilterOne# library: /opt/lib/filter.so# -# name: FilterTwo# decorators:# -# name: DecoratorOne# -# name: DecoratorTwo# library: /opt/lib/decorator.so# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality# as the default ESCC.# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar# to auth filters and decorators.# endorsers:# escc:# name: DefaultESCC# library: /etc/hyperledger/fabric/plugin/escc.sohandlers:authFilters:-name: DefaultAuth-name: ExpirationCheck # This filter checks identity x509 certificate expirationdecorators:-name: DefaultDecoratorendorsers:escc:name: DefaultEndorsementlibrary:validators:vscc:name: DefaultValidationlibrary:# library: /etc/hyperledger/fabric/plugin/escc.so# Number of goroutines that will execute transaction validation in parallel.# By default, the peer chooses the number of CPUs on the machine. Set this# variable to override that choice.# NOTE: overriding this value might negatively influence the performance of# the peer so please change this value only if you know what you're doingvalidatorPoolSize:# The discovery service is used by clients to query information about peers,# such as - which peers have joined a certain channel, what is the latest# channel config, and most importantly - given a chaincode and a channel,# what possible sets of peers satisfy the endorsement policy.discovery:enabled: true# Whether the authentication cache is enabled or not.authCacheEnabled: true# The maximum size of the cache, after which a purge takes placeauthCacheMaxSize: 1000# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulationauthCachePurgeRetentionRatio: 0.75# Whether to allow non-admins to perform non channel scoped queries.# When this is false, it means that only peer admins can perform non channel scoped queries.orgMembersAllowedAccess: false# Limits is used to configure some internal resource limits.limits:# Concurrency limits the number of concurrently running requests to a service on each peer.# Currently this option is only applied to endorser service and deliver service.# When the property is missing or the value is 0, the concurrency limit is disabled for the service.concurrency:# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,# including both user chaincodes and system chaincodes.endorserService: 2500# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.deliverService: 2500# gatewayService limits concurrent requests to gateway service that handles the submission and evaluation of transactions.gatewayService: 500# Since all nodes should be consistent it is recommended to keep# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize# Max message size in bytes GRPC server and client can receivemaxRecvMsgSize: 104857600# Max message size in bytes GRPC server and client can sendmaxSendMsgSize: 104857600###############################################################################
#
# VM section
#
###############################################################################
vm:# Endpoint of the vm management system. For docker can be one of the following in general# unix:///var/run/docker.sock# http://localhost:2375# https://localhost:2376# If you utilize external chaincode builders and don't need the default Docker chaincode builder,# the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered.endpoint: unix:///var/run/docker.sock# settings for docker vmsdocker:tls:enabled: falseca:file: docker/ca.crtcert:file: docker/tls.crtkey:file: docker/tls.key# Enables/disables the standard out/err from chaincode containers for# debugging purposesattachStdout: false# Parameters on creating docker container.# Container may be efficiently created using ipam & dns-server for cluster# NetworkMode - sets the networking mode for the container. Supported# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.# Dns - a list of DNS servers for the container to use.# Note: `Privileged` `Binds` `Links` and `PortBindings` properties of# Docker Host Config are not supported and will not be used if set.# LogConfig - sets the logging driver (Type) and related options# (Config) for Docker. For more info,# https://docs.docker.com/engine/admin/logging/overview/# Note: Set LogConfig using Environment Variables is not supported.hostConfig:NetworkMode: hostDns:# - 192.168.0.1LogConfig:Type: json-fileConfig:max-size: "50m"max-file: "5"Memory: 2147483648###############################################################################
#
# Chaincode section
#
###############################################################################
chaincode:# The id is used by the Chaincode stub to register the executing Chaincode# ID with the Peer and is generally supplied through ENV variables# the `path` form of ID is provided when installing the chaincode.# The `name` is used for all other requests and can be any string.id:path:name:# Generic builder environment, suitable for most chaincode typesbuilder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)# Enables/disables force pulling of the base docker images (listed below)# during user chaincode instantiation.# Useful when using moving image tags (such as :latest)pull: falsegolang:# golang will never need more than baseosruntime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)# whether or not golang chaincode should be linked dynamicallydynamicLink: falsejava:# This is an image based on java:openjdk-8 with addition compiler# tools added for java shim layer packaging.# This image is packed with shim layer libraries that are necessary# for Java chaincode runtime.runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)node:# This is an image based on node:$(NODE_VER)-alpineruntime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)# List of directories to treat as external builders and launchers for# chaincode. The external builder detection processing will iterate over the# builders in the order specified below.# If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above.# To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}]externalBuilders:- name: ccaas_builderpath: /opt/hyperledger/ccaas_builderpropagateEnvironment:- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG# The maximum duration to wait for the chaincode build and install process# to complete.installTimeout: 300s# Timeout duration for starting up a container and waiting for Register# to come through.startuptimeout: 300s# Timeout duration for Invoke and Init calls to prevent runaway.# This timeout is used by all chaincodes in all the channels, including# system chaincodes.# Note that during Invoke, if the image is not available (e.g. being# cleaned up when in development environment), the peer will automatically# build the image, which might take more time. In production environment,# the chaincode image is unlikely to be deleted, so the timeout could be# reduced accordingly.executetimeout: 30s# There are 2 modes: "dev" and "net".# In dev mode, user runs the chaincode after starting peer from# command line on local machine.# In net mode, peer will run chaincode in a docker container.mode: net# keepalive in seconds. In situations where the communication goes through a# proxy that does not support keep-alive, this parameter will maintain connection# between peer and chaincode.# A value <= 0 turns keepalive offkeepalive: 0# enabled system chaincodessystem:_lifecycle: enablecscc: enablelscc: enableqscc: enable# Logging section for the chaincode containerlogging:# Default level for all loggers within the chaincode containerlevel: info# Override default level for the 'shim' loggershim: warning# Format for the chaincode container logsformat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'###############################################################################
#
# Ledger section - ledger configuration encompasses both the blockchain
# and the state
#
###############################################################################
ledger:blockchain:state:# stateDatabase - options are "goleveldb", "CouchDB"# goleveldb - default state database stored in goleveldb.# CouchDB - store state database in CouchDBstateDatabase: goleveldb# Limit on the number of records to return per querytotalQueryLimit: 100000couchDBConfig:# It is recommended to run CouchDB on the same server as the peer, and# not map the CouchDB container port to a server port in docker-compose.# Otherwise proper security must be provided on the connection between# CouchDB client (on the peer) and server.couchDBAddress: 127.0.0.1:5984# This username must have read and write authority on CouchDBusername:# The password is recommended to pass as an environment variable# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).# If it is stored here, the file must be access control protected# to prevent unintended users from discovering the password.password:# Number of retries for CouchDB errorsmaxRetries: 3# Number of retries for CouchDB errors during peer startup.# The delay between retries doubles for each attempt.# Default of 10 retries results in 11 attempts over 2 minutes.maxRetriesOnStartup: 10# CouchDB request timeout (unit: duration, e.g. 20s)requestTimeout: 35s# Limit on the number of records per each CouchDB query# Note that chaincode queries are only bound by totalQueryLimit.# Internally the chaincode may execute multiple CouchDB queries,# each of size internalQueryLimit.internalQueryLimit: 1000# Limit on the number of records per CouchDB bulk update batchmaxBatchUpdateSize: 1000# Create the _global_changes system database# This is optional. Creating the global changes database will require# additional system resources to track changes and maintain the databasecreateGlobalChangesDB: false# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple# of 32 MB, the peer would round the size to the next multiple of 32 MB.# To disable the cache, 0 MB needs to be assigned to the cacheSize.cacheSize: 64history:# enableHistoryDatabase - options are true or false# Indicates if the history of key updates should be stored.# All history 'index' will be stored in goleveldb, regardless if using# CouchDB or alternate database for the state.enableHistoryDatabase: truepvtdataStore:# the maximum db batch size for converting# the ineligible missing data entries to eligible missing data entriescollElgProcMaxDbBatchSize: 5000# the minimum duration (in milliseconds) between writing# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entriescollElgProcDbBatchesInterval: 1000# The missing data entries are classified into two categories:# (1) prioritized# (2) deprioritized# Initially, all missing data are in the prioritized list. When the# reconciler is unable to fetch the missing data from other peers,# the unreconciled missing data would be moved to the deprioritized list.# The reconciler would retry deprioritized missing data after every# deprioritizedDataReconcilerInterval (unit: minutes). Note that the# interval needs to be greater than the reconcileSleepIntervaldeprioritizedDataReconcilerInterval: 60msnapshots:# Path on the file system where peer will store ledger snapshotsrootDir: /var/hyperledger/production/snapshots/org1-peer0###############################################################################
#
# Operations section
#
###############################################################################
operations:# host and port for the operations serverlistenAddress: 127.0.0.1:9446# TLS configuration for the operations endpointtls:# TLS enabledenabled: false# path to PEM encoded server certificate for the operations servercert:file:# path to PEM encoded server key for the operations serverkey:file:# most operations service endpoints require client authentication when TLS# is enabled. clientAuthRequired requires client certificate authentication# at the TLS layer to access all resources.clientAuthRequired: false# paths to PEM encoded ca certificates to trust for client authenticationclientRootCAs:files: []###############################################################################
#
# Metrics section
#
###############################################################################
metrics:# metrics provider is one of statsd, prometheus, or disabledprovider: disabled# statsd configurationstatsd:# network type: tcp or udpnetwork: udp# statsd server addressaddress: 127.0.0.1:8125# the interval at which locally cached counters and gauges are pushed# to statsd; timings are pushed immediatelywriteInterval: 10s# prefix is prepended to all emitted statsd metricsprefix:
启动 org1-peer0 节点:
nohup ./peer node start > org1-peer0.log 2>&1 &
部署 org1-peer1 节点
编辑 core.yaml 文件:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
################################################################################
#
# Peer section
#
###############################################################################
peer:# The peer id provides a name for this peer instance and is used when# naming docker resources.id: peer1.org1.example.com# The networkId allows for logical separation of networks and is used when# naming docker resources.networkId: dev# The Address at local network interface this Peer will listen on.# By default, it will listen on all network interfaceslistenAddress: 192.168.1.66:8051# The endpoint this peer uses to listen for inbound chaincode connections.# If this is commented-out, the listen address is selected to be# the peer's address (see below) with port 7052chaincodeListenAddress: 192.168.1.66:7053# The endpoint the chaincode for this peer uses to connect to the peer.# If this is not specified, the chaincodeListenAddress address is selected.# And if chaincodeListenAddress is not specified, address is selected from# peer address (see below). If specified peer address is invalid then it# will fallback to the auto detected IP (local IP) regardless of the peer# addressAutoDetect value.# chaincodeAddress: 192.168.1.66:7053# When used as peer config, this represents the endpoint to other peers# in the same organization. For peers in other organization, see# gossip.externalEndpoint for more info.# When used as CLI config, this means the peer's endpoint to interact withaddress: 192.168.1.66:8051# Whether the Peer should programmatically determine its address# This case is useful for docker containers.# When set to true, will override peer address.addressAutoDetect: false# Settings for the Peer's gateway server.gateway:# Whether the gateway is enabled for this Peer.enabled: true# endorsementTimeout is the duration the gateway waits for a response# from other endorsing peers before returning a timeout error to the client.endorsementTimeout: 30s# dialTimeout is the duration the gateway waits for a connection# to other network nodes.dialTimeout: 2m# Keepalive settings for peer server and clientskeepalive:# Interval is the duration after which if the server does not see# any activity from the client it pings the client to see if it's aliveinterval: 7200s# Timeout is the duration the server waits for a response# from the client after sending a ping before closing the connectiontimeout: 20s# MinInterval is the minimum permitted time between client pings.# If clients send pings more frequently, the peer server will# disconnect themminInterval: 60s# Client keepalive settings for communicating with other peer nodesclient:# Interval is the time between pings to peer nodes. This must# greater than or equal to the minInterval specified by peer# nodesinterval: 60s# Timeout is the duration the client waits for a response from# peer nodes before closing the connectiontimeout: 20s# DeliveryClient keepalive settings for communication with ordering# nodes.deliveryClient:# Interval is the time between pings to ordering nodes. This must# greater than or equal to the minInterval specified by ordering# nodes.interval: 60s# Timeout is the duration the client waits for a response from# ordering nodes before closing the connectiontimeout: 20s# Gossip related configurationgossip:# Bootstrap set to initialize gossip with.# This is a list of other peers that this peer reaches out to at startup.# Important: The endpoints here have to be endpoints of peers in the same# organization, because the peer would refuse connecting to these endpoints# unless they are in the same organization as the peer.bootstrap: 192.168.1.66:8051# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.# Setting both to true would result in the termination of the peer# since this is undefined state. If the peers are configured with# useLeaderElection=false, make sure there is at least 1 peer in the# organization that its orgLeader is set to true.# Defines whenever peer will initialize dynamic algorithm for# "leader" selection, where leader is the peer to establish# connection with ordering service and use delivery protocol# to pull ledger blocks from ordering service.useLeaderElection: false# Statically defines peer to be an organization "leader",# where this means that current peer will maintain connection# with ordering service and disseminate block across peers in# its own organization. Multiple peers or all peers in an organization# may be configured as org leaders, so that they all pull# blocks directly from ordering service.orgLeader: true# Interval for membershipTracker pollingmembershipTrackerInterval: 5s# Overrides the endpoint that the peer publishes to peers# in its organization. For peers in foreign organizations# see 'externalEndpoint'endpoint:# Maximum count of blocks stored in memorymaxBlockCountToStore: 10# Max time between consecutive message pushes(unit: millisecond)maxPropagationBurstLatency: 10ms# Max number of messages stored until a push is triggered to remote peersmaxPropagationBurstSize: 10# Number of times a message is pushed to remote peerspropagateIterations: 1# Number of peers selected to push messages topropagatePeerNum: 3# Determines frequency of pull phases(unit: second)# Must be greater than digestWaitTime + responseWaitTimepullInterval: 4s# Number of peers to pull frompullPeerNum: 3# Determines frequency of pulling state info messages from peers(unit: second)requestStateInfoInterval: 4s# Determines frequency of pushing state info messages to peers(unit: second)publishStateInfoInterval: 4s# Maximum time a stateInfo message is kept until expiredstateInfoRetentionInterval:# Time from startup certificates are included in Alive messages(unit: second)publishCertPeriod: 10s# Should we skip verifying block messages or not (currently not in use)skipBlockVerification: false# Dial timeout(unit: second)dialTimeout: 3s# Connection timeout(unit: second)connTimeout: 2s# Buffer size of received messagesrecvBuffSize: 20# Buffer size of sending messagessendBuffSize: 200# Time to wait before pull engine processes incoming digests (unit: second)# Should be slightly smaller than requestWaitTimedigestWaitTime: 1s# Time to wait before pull engine removes incoming nonce (unit: milliseconds)# Should be slightly bigger than digestWaitTimerequestWaitTime: 1500ms# Time to wait before pull engine ends pull (unit: second)responseWaitTime: 2s# Alive check interval(unit: second)aliveTimeInterval: 5s# Alive expiration timeout(unit: second)aliveExpirationTimeout: 25s# Reconnect interval(unit: second)reconnectInterval: 25s# Max number of attempts to connect to a peermaxConnectionAttempts: 120# Message expiration factor for alive messagesmsgExpirationFactor: 20# This is an endpoint that is published to peers outside of the organization.# If this isn't set, the peer will not be known to other organizations.externalEndpoint:# Leader election service configurationelection:# Longest time peer waits for stable membership during leader election startup (unit: second)startupGracePeriod: 15s# Interval gossip membership samples to check its stability (unit: second)membershipSampleInterval: 1s# Time passes since last declaration message before peer decides to perform leader election (unit: second)leaderAliveThreshold: 10s# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)leaderElectionDuration: 5spvtData:# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block# would be attempted to be pulled from peers until the block would be committed without the private datapullRetryThreshold: 60s# As private data enters the transient store, it is associated with the peer's ledger's height at that time.# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,# and the private data residing inside the transient store that is guaranteed not to be purged.# Private data is purged from the transient store when blocks with sequences that are multiples# of transientstoreMaxBlockRetention are committed.transientstoreMaxBlockRetention: 1000# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer# at private data push at endorsement time.pushAckTimeout: 3s# Block to live pulling margin, used as a buffer# to prevent peer from trying to pull private data# from peers that is soon to be purged in next N blocks.# This helps a newly joined peer catch up to current# blockchain height quicker.btlPullMargin: 10# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to# pull from the other peers the most recent missing blocks with a maximum batch size limitation.# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a# single iteration.reconcileBatchSize: 10# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning# of the next reconciliation iteration.reconcileSleepInterval: 1m# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.reconciliationEnabled: true# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid# transaction's private data from other peers need to be skipped during the commit time and pulled# only through reconciler.skipPullingInvalidTransactionsDuringCommit: false# implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection.# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values# for disseminating private data.# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.implicitCollectionDisseminationPolicy:# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully# disseminate private data for its own implicit collection during endorsement. Default value is 0.requiredPeerCount: 0# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to# disseminate private data for its own implicit collection during endorsement. Default value is 1.maxPeerCount: 1# Gossip state transfer related configurationstate:# indicates whenever state transfer is enabled or not# default value is false, i.e. state transfer is active# and takes care to sync up missing blocks allowing# lagging peer to catch up to speed with rest network.# Keep in mind that when peer.gossip.useLeaderElection is true# and there are several peers in the organization,# or peer.gossip.useLeaderElection is false alongside with# peer.gossip.orgleader being false, the peer's ledger may lag behind# the rest of the peers and will never catch up due to state transfer# being disabled.enabled: false# checkInterval interval to check whether peer is lagging behind enough to# request blocks via state transfer from another peer.checkInterval: 10s# responseTimeout amount of time to wait for state transfer response from# other peersresponseTimeout: 3s# batchSize the number of blocks to request via state transfer from another peerbatchSize: 10# blockBufferSize reflects the size of the re-ordering buffer# which captures blocks and takes care to deliver them in order# down to the ledger layer. The actual buffer size is bounded between# 0 and 2*blockBufferSize, each channel maintains its own bufferblockBufferSize: 20# maxRetries maximum number of re-tries to ask# for single state transfer requestmaxRetries: 3# TLS Settingstls:# Require server-side TLSenabled: true# Require client certificates / mutual TLS for inbound connections.# Note that clients that are not configured to use a certificate will# fail to connect to the peer.clientAuthRequired: false# X.509 certificate used for TLS servercert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.crt# Private key used for TLS serverkey:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.key# rootcert.file represents the trusted root certificate chain used for verifying certificates# of other nodes during outbound connections.# It is not required to be set, but can be used to augment the set of TLS CA certificates# available from the MSPs of each channel’s configuration.rootcert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt# If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates# used for verifying certificates of client connections.# It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration.# Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests.clientRootCAs:files:- /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt# Private key used for TLS when making client connections.# If not set, peer.tls.key.file will be used insteadclientKey:file:# X.509 certificate used for TLS when making client connections.# If not set, peer.tls.cert.file will be used insteadclientCert:file:# Authentication contains configuration parameters related to authenticating# client messagesauthentication:# the acceptable difference between the current server time and the# client's time as specified in a client request messagetimewindow: 15m# Path on the file system where peer will store data (eg ledger). This# location must be access control protected to prevent unintended# modification that might corrupt the peer operations.fileSystemPath: /var/hyperledger/production/org1-peer1# BCCSP (Blockchain crypto provider): Select which crypto implementation or# library to useBCCSP:Default: SW# Settings for the SW crypto provider (i.e. when DEFAULT: SW)SW:# TODO: The default Hash and Security level needs refactoring to be# fully configurable. Changing these defaults requires coordination# SHA2 is hardcoded in several places, not only BCCSPHash: SHA2Security: 256# Location of Key StoreFileKeyStore:# If "", defaults to 'mspConfigPath'/keystoreKeyStore:# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)PKCS11:# Location of the PKCS11 module libraryLibrary:# Token LabelLabel:# User PINPin:Hash:Security:# Path on the file system where peer will find MSP local configurationsmspConfigPath: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp# Identifier of the local MSP# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----# Deployers need to change the value of the localMspId string.# In particular, the name of the local MSP ID of a peer needs# to match the name of one of the MSPs in each of the channel# that this peer is a member of. Otherwise this peer's messages# will not be identified as valid by other nodes.localMspId: Org1MSP# CLI common client config optionsclient:# connection timeoutconnTimeout: 3s# Delivery service related configdeliveryclient:# Enables this peer to disseminate blocks it pulled from the ordering service# via gossip.# Note that 'gossip.state.enabled' controls point to point block replication# of blocks committed in the past.blockGossipEnabled: true# It sets the total time the delivery service may spend in reconnection# attempts until its retry logic gives up and returns an errorreconnectTotalTimeThreshold: 3600s# It sets the delivery service <-> ordering service node connection timeoutconnTimeout: 3s# It sets the delivery service maximal delay between consecutive retriesreConnectBackoffThreshold: 3600s# A list of orderer endpoint addresses which should be overridden# when found in channel configurations.addressOverrides:# - from:# to:# caCertsFile:# - from:# to:# caCertsFile:# Type for the local MSP - by default it's of type bccsplocalMspType: bccsp# Used with Go profiling tools only in none production environment. In# production, it should be disabled (eg enabled: false)profile:enabled: falselistenAddress: 0.0.0.0:6060# Handlers defines custom handlers that can filter and mutate# objects passing within the peer, such as:# Auth filter - reject or forward proposals from clients# Decorators - append or mutate the chaincode input passed to the chaincode# Endorsers - Custom signing over proposal response payload and its mutation# Valid handler definition contains:# - A name which is a factory method name defined in# core/handlers/library/library.go for statically compiled handlers# - library path to shared object binary for pluggable filters# Auth filters and decorators are chained and executed in the order that# they are defined. For example:# authFilters:# -# name: FilterOne# library: /opt/lib/filter.so# -# name: FilterTwo# decorators:# -# name: DecoratorOne# -# name: DecoratorTwo# library: /opt/lib/decorator.so# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality# as the default ESCC.# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar# to auth filters and decorators.# endorsers:# escc:# name: DefaultESCC# library: /etc/hyperledger/fabric/plugin/escc.sohandlers:authFilters:-name: DefaultAuth-name: ExpirationCheck # This filter checks identity x509 certificate expirationdecorators:-name: DefaultDecoratorendorsers:escc:name: DefaultEndorsementlibrary:validators:vscc:name: DefaultValidationlibrary:# library: /etc/hyperledger/fabric/plugin/escc.so# Number of goroutines that will execute transaction validation in parallel.# By default, the peer chooses the number of CPUs on the machine. Set this# variable to override that choice.# NOTE: overriding this value might negatively influence the performance of# the peer so please change this value only if you know what you're doingvalidatorPoolSize:# The discovery service is used by clients to query information about peers,# such as - which peers have joined a certain channel, what is the latest# channel config, and most importantly - given a chaincode and a channel,# what possible sets of peers satisfy the endorsement policy.discovery:enabled: true# Whether the authentication cache is enabled or not.authCacheEnabled: true# The maximum size of the cache, after which a purge takes placeauthCacheMaxSize: 1000# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulationauthCachePurgeRetentionRatio: 0.75# Whether to allow non-admins to perform non channel scoped queries.# When this is false, it means that only peer admins can perform non channel scoped queries.orgMembersAllowedAccess: false# Limits is used to configure some internal resource limits.limits:# Concurrency limits the number of concurrently running requests to a service on each peer.# Currently this option is only applied to endorser service and deliver service.# When the property is missing or the value is 0, the concurrency limit is disabled for the service.concurrency:# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,# including both user chaincodes and system chaincodes.endorserService: 2500# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.deliverService: 2500# gatewayService limits concurrent requests to gateway service that handles the submission and evaluation of transactions.gatewayService: 500# Since all nodes should be consistent it is recommended to keep# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize# Max message size in bytes GRPC server and client can receivemaxRecvMsgSize: 104857600# Max message size in bytes GRPC server and client can sendmaxSendMsgSize: 104857600###############################################################################
#
# VM section
#
###############################################################################
vm:# Endpoint of the vm management system. For docker can be one of the following in general# unix:///var/run/docker.sock# http://localhost:2375# https://localhost:2376# If you utilize external chaincode builders and don't need the default Docker chaincode builder,# the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered.endpoint: unix:///var/run/docker.sock# settings for docker vmsdocker:tls:enabled: falseca:file: docker/ca.crtcert:file: docker/tls.crtkey:file: docker/tls.key# Enables/disables the standard out/err from chaincode containers for# debugging purposesattachStdout: false# Parameters on creating docker container.# Container may be efficiently created using ipam & dns-server for cluster# NetworkMode - sets the networking mode for the container. Supported# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.# Dns - a list of DNS servers for the container to use.# Note: `Privileged` `Binds` `Links` and `PortBindings` properties of# Docker Host Config are not supported and will not be used if set.# LogConfig - sets the logging driver (Type) and related options# (Config) for Docker. For more info,# https://docs.docker.com/engine/admin/logging/overview/# Note: Set LogConfig using Environment Variables is not supported.hostConfig:NetworkMode: hostDns:# - 192.168.0.1LogConfig:Type: json-fileConfig:max-size: "50m"max-file: "5"Memory: 2147483648###############################################################################
#
# Chaincode section
#
###############################################################################
chaincode:# The id is used by the Chaincode stub to register the executing Chaincode# ID with the Peer and is generally supplied through ENV variables# the `path` form of ID is provided when installing the chaincode.# The `name` is used for all other requests and can be any string.id:path:name:# Generic builder environment, suitable for most chaincode typesbuilder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)# Enables/disables force pulling of the base docker images (listed below)# during user chaincode instantiation.# Useful when using moving image tags (such as :latest)pull: falsegolang:# golang will never need more than baseosruntime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)# whether or not golang chaincode should be linked dynamicallydynamicLink: falsejava:# This is an image based on java:openjdk-8 with addition compiler# tools added for java shim layer packaging.# This image is packed with shim layer libraries that are necessary# for Java chaincode runtime.runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)node:# This is an image based on node:$(NODE_VER)-alpineruntime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)# List of directories to treat as external builders and launchers for# chaincode. The external builder detection processing will iterate over the# builders in the order specified below.# If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above.# To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}]externalBuilders:- name: ccaas_builderpath: /opt/hyperledger/ccaas_builderpropagateEnvironment:- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG# The maximum duration to wait for the chaincode build and install process# to complete.installTimeout: 300s# Timeout duration for starting up a container and waiting for Register# to come through.startuptimeout: 300s# Timeout duration for Invoke and Init calls to prevent runaway.# This timeout is used by all chaincodes in all the channels, including# system chaincodes.# Note that during Invoke, if the image is not available (e.g. being# cleaned up when in development environment), the peer will automatically# build the image, which might take more time. In production environment,# the chaincode image is unlikely to be deleted, so the timeout could be# reduced accordingly.executetimeout: 30s# There are 2 modes: "dev" and "net".# In dev mode, user runs the chaincode after starting peer from# command line on local machine.# In net mode, peer will run chaincode in a docker container.mode: net# keepalive in seconds. In situations where the communication goes through a# proxy that does not support keep-alive, this parameter will maintain connection# between peer and chaincode.# A value <= 0 turns keepalive offkeepalive: 0# enabled system chaincodessystem:_lifecycle: enablecscc: enablelscc: enableqscc: enable# Logging section for the chaincode containerlogging:# Default level for all loggers within the chaincode containerlevel: info# Override default level for the 'shim' loggershim: warning# Format for the chaincode container logsformat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'###############################################################################
#
# Ledger section - ledger configuration encompasses both the blockchain
# and the state
#
###############################################################################
ledger:blockchain:state:# stateDatabase - options are "goleveldb", "CouchDB"# goleveldb - default state database stored in goleveldb.# CouchDB - store state database in CouchDBstateDatabase: goleveldb# Limit on the number of records to return per querytotalQueryLimit: 100000couchDBConfig:# It is recommended to run CouchDB on the same server as the peer, and# not map the CouchDB container port to a server port in docker-compose.# Otherwise proper security must be provided on the connection between# CouchDB client (on the peer) and server.couchDBAddress: 127.0.0.1:5984# This username must have read and write authority on CouchDBusername:# The password is recommended to pass as an environment variable# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).# If it is stored here, the file must be access control protected# to prevent unintended users from discovering the password.password:# Number of retries for CouchDB errorsmaxRetries: 3# Number of retries for CouchDB errors during peer startup.# The delay between retries doubles for each attempt.# Default of 10 retries results in 11 attempts over 2 minutes.maxRetriesOnStartup: 10# CouchDB request timeout (unit: duration, e.g. 20s)requestTimeout: 35s# Limit on the number of records per each CouchDB query# Note that chaincode queries are only bound by totalQueryLimit.# Internally the chaincode may execute multiple CouchDB queries,# each of size internalQueryLimit.internalQueryLimit: 1000# Limit on the number of records per CouchDB bulk update batchmaxBatchUpdateSize: 1000# Create the _global_changes system database# This is optional. Creating the global changes database will require# additional system resources to track changes and maintain the databasecreateGlobalChangesDB: false# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple# of 32 MB, the peer would round the size to the next multiple of 32 MB.# To disable the cache, 0 MB needs to be assigned to the cacheSize.cacheSize: 64history:# enableHistoryDatabase - options are true or false# Indicates if the history of key updates should be stored.# All history 'index' will be stored in goleveldb, regardless if using# CouchDB or alternate database for the state.enableHistoryDatabase: truepvtdataStore:# the maximum db batch size for converting# the ineligible missing data entries to eligible missing data entriescollElgProcMaxDbBatchSize: 5000# the minimum duration (in milliseconds) between writing# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entriescollElgProcDbBatchesInterval: 1000# The missing data entries are classified into two categories:# (1) prioritized# (2) deprioritized# Initially, all missing data are in the prioritized list. When the# reconciler is unable to fetch the missing data from other peers,# the unreconciled missing data would be moved to the deprioritized list.# The reconciler would retry deprioritized missing data after every# deprioritizedDataReconcilerInterval (unit: minutes). Note that the# interval needs to be greater than the reconcileSleepIntervaldeprioritizedDataReconcilerInterval: 60msnapshots:# Path on the file system where peer will store ledger snapshotsrootDir: /var/hyperledger/production/snapshots/org1-peer1###############################################################################
#
# Operations section
#
###############################################################################
operations:# host and port for the operations serverlistenAddress: 127.0.0.1:9447# TLS configuration for the operations endpointtls:# TLS enabledenabled: false# path to PEM encoded server certificate for the operations servercert:file:# path to PEM encoded server key for the operations serverkey:file:# most operations service endpoints require client authentication when TLS# is enabled. clientAuthRequired requires client certificate authentication# at the TLS layer to access all resources.clientAuthRequired: false# paths to PEM encoded ca certificates to trust for client authenticationclientRootCAs:files: []###############################################################################
#
# Metrics section
#
###############################################################################
metrics:# metrics provider is one of statsd, prometheus, or disabledprovider: disabled# statsd configurationstatsd:# network type: tcp or udpnetwork: udp# statsd server addressaddress: 127.0.0.1:8126# the interval at which locally cached counters and gauges are pushed# to statsd; timings are pushed immediatelywriteInterval: 10s# prefix is prepended to all emitted statsd metricsprefix:启动 org1-peer1 节点:
nohup ./peer node start > org1-peer1.log 2>&1 &
部署 org2-peer0 节点
编辑 core.yaml 文件:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
################################################################################
#
# Peer section
#
###############################################################################
peer:# The peer id provides a name for this peer instance and is used when# naming docker resources.id: peer0.org2.example.com# The networkId allows for logical separation of networks and is used when# naming docker resources.networkId: dev# The Address at local network interface this Peer will listen on.# By default, it will listen on all network interfaceslistenAddress: 192.168.1.66:9051# The endpoint this peer uses to listen for inbound chaincode connections.# If this is commented-out, the listen address is selected to be# the peer's address (see below) with port 7052chaincodeListenAddress: 192.168.1.66:7055# The endpoint the chaincode for this peer uses to connect to the peer.# If this is not specified, the chaincodeListenAddress address is selected.# And if chaincodeListenAddress is not specified, address is selected from# peer address (see below). If specified peer address is invalid then it# will fallback to the auto detected IP (local IP) regardless of the peer# addressAutoDetect value.chaincodeAddress: 192.168.1.66:7055# When used as peer config, this represents the endpoint to other peers# in the same organization. For peers in other organization, see# gossip.externalEndpoint for more info.# When used as CLI config, this means the peer's endpoint to interact withaddress: 192.168.1.66:9051# Whether the Peer should programmatically determine its address# This case is useful for docker containers.# When set to true, will override peer address.addressAutoDetect: false# Settings for the Peer's gateway server.gateway:# Whether the gateway is enabled for this Peer.enabled: true# endorsementTimeout is the duration the gateway waits for a response# from other endorsing peers before returning a timeout error to the client.endorsementTimeout: 30s# dialTimeout is the duration the gateway waits for a connection# to other network nodes.dialTimeout: 2m# Keepalive settings for peer server and clientskeepalive:# Interval is the duration after which if the server does not see# any activity from the client it pings the client to see if it's aliveinterval: 7200s# Timeout is the duration the server waits for a response# from the client after sending a ping before closing the connectiontimeout: 20s# MinInterval is the minimum permitted time between client pings.# If clients send pings more frequently, the peer server will# disconnect themminInterval: 60s# Client keepalive settings for communicating with other peer nodesclient:# Interval is the time between pings to peer nodes. This must# greater than or equal to the minInterval specified by peer# nodesinterval: 60s# Timeout is the duration the client waits for a response from# peer nodes before closing the connectiontimeout: 20s# DeliveryClient keepalive settings for communication with ordering# nodes.deliveryClient:# Interval is the time between pings to ordering nodes. This must# greater than or equal to the minInterval specified by ordering# nodes.interval: 60s# Timeout is the duration the client waits for a response from# ordering nodes before closing the connectiontimeout: 20s# Gossip related configurationgossip:# Bootstrap set to initialize gossip with.# This is a list of other peers that this peer reaches out to at startup.# Important: The endpoints here have to be endpoints of peers in the same# organization, because the peer would refuse connecting to these endpoints# unless they are in the same organization as the peer.bootstrap: 192.168.1.66:9051# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.# Setting both to true would result in the termination of the peer# since this is undefined state. If the peers are configured with# useLeaderElection=false, make sure there is at least 1 peer in the# organization that its orgLeader is set to true.# Defines whenever peer will initialize dynamic algorithm for# "leader" selection, where leader is the peer to establish# connection with ordering service and use delivery protocol# to pull ledger blocks from ordering service.useLeaderElection: false# Statically defines peer to be an organization "leader",# where this means that current peer will maintain connection# with ordering service and disseminate block across peers in# its own organization. Multiple peers or all peers in an organization# may be configured as org leaders, so that they all pull# blocks directly from ordering service.orgLeader: true# Interval for membershipTracker pollingmembershipTrackerInterval: 5s# Overrides the endpoint that the peer publishes to peers# in its organization. For peers in foreign organizations# see 'externalEndpoint'endpoint:# Maximum count of blocks stored in memorymaxBlockCountToStore: 10# Max time between consecutive message pushes(unit: millisecond)maxPropagationBurstLatency: 10ms# Max number of messages stored until a push is triggered to remote peersmaxPropagationBurstSize: 10# Number of times a message is pushed to remote peerspropagateIterations: 1# Number of peers selected to push messages topropagatePeerNum: 3# Determines frequency of pull phases(unit: second)# Must be greater than digestWaitTime + responseWaitTimepullInterval: 4s# Number of peers to pull frompullPeerNum: 3# Determines frequency of pulling state info messages from peers(unit: second)requestStateInfoInterval: 4s# Determines frequency of pushing state info messages to peers(unit: second)publishStateInfoInterval: 4s# Maximum time a stateInfo message is kept until expiredstateInfoRetentionInterval:# Time from startup certificates are included in Alive messages(unit: second)publishCertPeriod: 10s# Should we skip verifying block messages or not (currently not in use)skipBlockVerification: false# Dial timeout(unit: second)dialTimeout: 3s# Connection timeout(unit: second)connTimeout: 2s# Buffer size of received messagesrecvBuffSize: 20# Buffer size of sending messagessendBuffSize: 200# Time to wait before pull engine processes incoming digests (unit: second)# Should be slightly smaller than requestWaitTimedigestWaitTime: 1s# Time to wait before pull engine removes incoming nonce (unit: milliseconds)# Should be slightly bigger than digestWaitTimerequestWaitTime: 1500ms# Time to wait before pull engine ends pull (unit: second)responseWaitTime: 2s# Alive check interval(unit: second)aliveTimeInterval: 5s# Alive expiration timeout(unit: second)aliveExpirationTimeout: 25s# Reconnect interval(unit: second)reconnectInterval: 25s# Max number of attempts to connect to a peermaxConnectionAttempts: 120# Message expiration factor for alive messagesmsgExpirationFactor: 20# This is an endpoint that is published to peers outside of the organization.# If this isn't set, the peer will not be known to other organizations.externalEndpoint:# Leader election service configurationelection:# Longest time peer waits for stable membership during leader election startup (unit: second)startupGracePeriod: 15s# Interval gossip membership samples to check its stability (unit: second)membershipSampleInterval: 1s# Time passes since last declaration message before peer decides to perform leader election (unit: second)leaderAliveThreshold: 10s# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)leaderElectionDuration: 5spvtData:# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block# would be attempted to be pulled from peers until the block would be committed without the private datapullRetryThreshold: 60s# As private data enters the transient store, it is associated with the peer's ledger's height at that time.# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,# and the private data residing inside the transient store that is guaranteed not to be purged.# Private data is purged from the transient store when blocks with sequences that are multiples# of transientstoreMaxBlockRetention are committed.transientstoreMaxBlockRetention: 1000# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer# at private data push at endorsement time.pushAckTimeout: 3s# Block to live pulling margin, used as a buffer# to prevent peer from trying to pull private data# from peers that is soon to be purged in next N blocks.# This helps a newly joined peer catch up to current# blockchain height quicker.btlPullMargin: 10# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to# pull from the other peers the most recent missing blocks with a maximum batch size limitation.# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a# single iteration.reconcileBatchSize: 10# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning# of the next reconciliation iteration.reconcileSleepInterval: 1m# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.reconciliationEnabled: true# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid# transaction's private data from other peers need to be skipped during the commit time and pulled# only through reconciler.skipPullingInvalidTransactionsDuringCommit: false# implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection.# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values# for disseminating private data.# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.implicitCollectionDisseminationPolicy:# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully# disseminate private data for its own implicit collection during endorsement. Default value is 0.requiredPeerCount: 0# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to# disseminate private data for its own implicit collection during endorsement. Default value is 1.maxPeerCount: 1# Gossip state transfer related configurationstate:# indicates whenever state transfer is enabled or not# default value is false, i.e. state transfer is active# and takes care to sync up missing blocks allowing# lagging peer to catch up to speed with rest network.# Keep in mind that when peer.gossip.useLeaderElection is true# and there are several peers in the organization,# or peer.gossip.useLeaderElection is false alongside with# peer.gossip.orgleader being false, the peer's ledger may lag behind# the rest of the peers and will never catch up due to state transfer# being disabled.enabled: false# checkInterval interval to check whether peer is lagging behind enough to# request blocks via state transfer from another peer.checkInterval: 10s# responseTimeout amount of time to wait for state transfer response from# other peersresponseTimeout: 3s# batchSize the number of blocks to request via state transfer from another peerbatchSize: 10# blockBufferSize reflects the size of the re-ordering buffer# which captures blocks and takes care to deliver them in order# down to the ledger layer. The actual buffer size is bounded between# 0 and 2*blockBufferSize, each channel maintains its own bufferblockBufferSize: 20# maxRetries maximum number of re-tries to ask# for single state transfer requestmaxRetries: 3# TLS Settingstls:# Require server-side TLSenabled: true# Require client certificates / mutual TLS for inbound connections.# Note that clients that are not configured to use a certificate will# fail to connect to the peer.clientAuthRequired: false# X.509 certificate used for TLS servercert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt# Private key used for TLS serverkey:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key# rootcert.file represents the trusted root certificate chain used for verifying certificates# of other nodes during outbound connections.# It is not required to be set, but can be used to augment the set of TLS CA certificates# available from the MSPs of each channel’s configuration.rootcert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt# If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates# used for verifying certificates of client connections.# It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration.# Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests.clientRootCAs:files:- /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt# Private key used for TLS when making client connections.# If not set, peer.tls.key.file will be used insteadclientKey:file:# X.509 certificate used for TLS when making client connections.# If not set, peer.tls.cert.file will be used insteadclientCert:file:# Authentication contains configuration parameters related to authenticating# client messagesauthentication:# the acceptable difference between the current server time and the# client's time as specified in a client request messagetimewindow: 15m# Path on the file system where peer will store data (eg ledger). This# location must be access control protected to prevent unintended# modification that might corrupt the peer operations.fileSystemPath: /var/hyperledger/production/org2-peer0# BCCSP (Blockchain crypto provider): Select which crypto implementation or# library to useBCCSP:Default: SW# Settings for the SW crypto provider (i.e. when DEFAULT: SW)SW:# TODO: The default Hash and Security level needs refactoring to be# fully configurable. Changing these defaults requires coordination# SHA2 is hardcoded in several places, not only BCCSPHash: SHA2Security: 256# Location of Key StoreFileKeyStore:# If "", defaults to 'mspConfigPath'/keystoreKeyStore:# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)PKCS11:# Location of the PKCS11 module libraryLibrary:# Token LabelLabel:# User PINPin:Hash:Security:# Path on the file system where peer will find MSP local configurationsmspConfigPath: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp# Identifier of the local MSP# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----# Deployers need to change the value of the localMspId string.# In particular, the name of the local MSP ID of a peer needs# to match the name of one of the MSPs in each of the channel# that this peer is a member of. Otherwise this peer's messages# will not be identified as valid by other nodes.localMspId: Org2MSP# CLI common client config optionsclient:# connection timeoutconnTimeout: 3s# Delivery service related configdeliveryclient:# Enables this peer to disseminate blocks it pulled from the ordering service# via gossip.# Note that 'gossip.state.enabled' controls point to point block replication# of blocks committed in the past.blockGossipEnabled: true# It sets the total time the delivery service may spend in reconnection# attempts until its retry logic gives up and returns an errorreconnectTotalTimeThreshold: 3600s# It sets the delivery service <-> ordering service node connection timeoutconnTimeout: 3s# It sets the delivery service maximal delay between consecutive retriesreConnectBackoffThreshold: 3600s# A list of orderer endpoint addresses which should be overridden# when found in channel configurations.addressOverrides:# - from:# to:# caCertsFile:# - from:# to:# caCertsFile:# Type for the local MSP - by default it's of type bccsplocalMspType: bccsp# Used with Go profiling tools only in none production environment. In# production, it should be disabled (eg enabled: false)profile:enabled: falselistenAddress: 0.0.0.0:6060# Handlers defines custom handlers that can filter and mutate# objects passing within the peer, such as:# Auth filter - reject or forward proposals from clients# Decorators - append or mutate the chaincode input passed to the chaincode# Endorsers - Custom signing over proposal response payload and its mutation# Valid handler definition contains:# - A name which is a factory method name defined in# core/handlers/library/library.go for statically compiled handlers# - library path to shared object binary for pluggable filters# Auth filters and decorators are chained and executed in the order that# they are defined. For example:# authFilters:# -# name: FilterOne# library: /opt/lib/filter.so# -# name: FilterTwo# decorators:# -# name: DecoratorOne# -# name: DecoratorTwo# library: /opt/lib/decorator.so# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality# as the default ESCC.# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar# to auth filters and decorators.# endorsers:# escc:# name: DefaultESCC# library: /etc/hyperledger/fabric/plugin/escc.sohandlers:authFilters:-name: DefaultAuth-name: ExpirationCheck # This filter checks identity x509 certificate expirationdecorators:-name: DefaultDecoratorendorsers:escc:name: DefaultEndorsementlibrary:validators:vscc:name: DefaultValidationlibrary:# library: /etc/hyperledger/fabric/plugin/escc.so# Number of goroutines that will execute transaction validation in parallel.# By default, the peer chooses the number of CPUs on the machine. Set this# variable to override that choice.# NOTE: overriding this value might negatively influence the performance of# the peer so please change this value only if you know what you're doingvalidatorPoolSize:# The discovery service is used by clients to query information about peers,# such as - which peers have joined a certain channel, what is the latest# channel config, and most importantly - given a chaincode and a channel,# what possible sets of peers satisfy the endorsement policy.discovery:enabled: true# Whether the authentication cache is enabled or not.authCacheEnabled: true# The maximum size of the cache, after which a purge takes placeauthCacheMaxSize: 1000# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulationauthCachePurgeRetentionRatio: 0.75# Whether to allow non-admins to perform non channel scoped queries.# When this is false, it means that only peer admins can perform non channel scoped queries.orgMembersAllowedAccess: false# Limits is used to configure some internal resource limits.limits:# Concurrency limits the number of concurrently running requests to a service on each peer.# Currently this option is only applied to endorser service and deliver service.# When the property is missing or the value is 0, the concurrency limit is disabled for the service.concurrency:# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,# including both user chaincodes and system chaincodes.endorserService: 2500# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.deliverService: 2500# gatewayService limits concurrent requests to gateway service that handles the submission and evaluation of transactions.gatewayService: 500# Since all nodes should be consistent it is recommended to keep# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize# Max message size in bytes GRPC server and client can receivemaxRecvMsgSize: 104857600# Max message size in bytes GRPC server and client can sendmaxSendMsgSize: 104857600###############################################################################
#
# VM section
#
###############################################################################
vm:# Endpoint of the vm management system. For docker can be one of the following in general# unix:///var/run/docker.sock# http://localhost:2375# https://localhost:2376# If you utilize external chaincode builders and don't need the default Docker chaincode builder,# the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered.endpoint: unix:///var/run/docker.sock# settings for docker vmsdocker:tls:enabled: falseca:file: docker/ca.crtcert:file: docker/tls.crtkey:file: docker/tls.key# Enables/disables the standard out/err from chaincode containers for# debugging purposesattachStdout: false# Parameters on creating docker container.# Container may be efficiently created using ipam & dns-server for cluster# NetworkMode - sets the networking mode for the container. Supported# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.# Dns - a list of DNS servers for the container to use.# Note: `Privileged` `Binds` `Links` and `PortBindings` properties of# Docker Host Config are not supported and will not be used if set.# LogConfig - sets the logging driver (Type) and related options# (Config) for Docker. For more info,# https://docs.docker.com/engine/admin/logging/overview/# Note: Set LogConfig using Environment Variables is not supported.hostConfig:NetworkMode: hostDns:# - 192.168.0.1LogConfig:Type: json-fileConfig:max-size: "50m"max-file: "5"Memory: 2147483648###############################################################################
#
# Chaincode section
#
###############################################################################
chaincode:# The id is used by the Chaincode stub to register the executing Chaincode# ID with the Peer and is generally supplied through ENV variables# the `path` form of ID is provided when installing the chaincode.# The `name` is used for all other requests and can be any string.id:path:name:# Generic builder environment, suitable for most chaincode typesbuilder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)# Enables/disables force pulling of the base docker images (listed below)# during user chaincode instantiation.# Useful when using moving image tags (such as :latest)pull: falsegolang:# golang will never need more than baseosruntime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)# whether or not golang chaincode should be linked dynamicallydynamicLink: falsejava:# This is an image based on java:openjdk-8 with addition compiler# tools added for java shim layer packaging.# This image is packed with shim layer libraries that are necessary# for Java chaincode runtime.runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)node:# This is an image based on node:$(NODE_VER)-alpineruntime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)# List of directories to treat as external builders and launchers for# chaincode. The external builder detection processing will iterate over the# builders in the order specified below.# If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above.# To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}]externalBuilders:- name: ccaas_builderpath: /opt/hyperledger/ccaas_builderpropagateEnvironment:- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG# The maximum duration to wait for the chaincode build and install process# to complete.installTimeout: 300s# Timeout duration for starting up a container and waiting for Register# to come through.startuptimeout: 300s# Timeout duration for Invoke and Init calls to prevent runaway.# This timeout is used by all chaincodes in all the channels, including# system chaincodes.# Note that during Invoke, if the image is not available (e.g. being# cleaned up when in development environment), the peer will automatically# build the image, which might take more time. In production environment,# the chaincode image is unlikely to be deleted, so the timeout could be# reduced accordingly.executetimeout: 30s# There are 2 modes: "dev" and "net".# In dev mode, user runs the chaincode after starting peer from# command line on local machine.# In net mode, peer will run chaincode in a docker container.mode: net# keepalive in seconds. In situations where the communication goes through a# proxy that does not support keep-alive, this parameter will maintain connection# between peer and chaincode.# A value <= 0 turns keepalive offkeepalive: 0# enabled system chaincodessystem:_lifecycle: enablecscc: enablelscc: enableqscc: enable# Logging section for the chaincode containerlogging:# Default level for all loggers within the chaincode containerlevel: info# Override default level for the 'shim' loggershim: warning# Format for the chaincode container logsformat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'###############################################################################
#
# Ledger section - ledger configuration encompasses both the blockchain
# and the state
#
###############################################################################
ledger:blockchain:state:# stateDatabase - options are "goleveldb", "CouchDB"# goleveldb - default state database stored in goleveldb.# CouchDB - store state database in CouchDBstateDatabase: goleveldb# Limit on the number of records to return per querytotalQueryLimit: 100000couchDBConfig:# It is recommended to run CouchDB on the same server as the peer, and# not map the CouchDB container port to a server port in docker-compose.# Otherwise proper security must be provided on the connection between# CouchDB client (on the peer) and server.couchDBAddress: 127.0.0.1:5984# This username must have read and write authority on CouchDBusername:# The password is recommended to pass as an environment variable# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).# If it is stored here, the file must be access control protected# to prevent unintended users from discovering the password.password:# Number of retries for CouchDB errorsmaxRetries: 3# Number of retries for CouchDB errors during peer startup.# The delay between retries doubles for each attempt.# Default of 10 retries results in 11 attempts over 2 minutes.maxRetriesOnStartup: 10# CouchDB request timeout (unit: duration, e.g. 20s)requestTimeout: 35s# Limit on the number of records per each CouchDB query# Note that chaincode queries are only bound by totalQueryLimit.# Internally the chaincode may execute multiple CouchDB queries,# each of size internalQueryLimit.internalQueryLimit: 1000# Limit on the number of records per CouchDB bulk update batchmaxBatchUpdateSize: 1000# Create the _global_changes system database# This is optional. Creating the global changes database will require# additional system resources to track changes and maintain the databasecreateGlobalChangesDB: false# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple# of 32 MB, the peer would round the size to the next multiple of 32 MB.# To disable the cache, 0 MB needs to be assigned to the cacheSize.cacheSize: 64history:# enableHistoryDatabase - options are true or false# Indicates if the history of key updates should be stored.# All history 'index' will be stored in goleveldb, regardless if using# CouchDB or alternate database for the state.enableHistoryDatabase: truepvtdataStore:# the maximum db batch size for converting# the ineligible missing data entries to eligible missing data entriescollElgProcMaxDbBatchSize: 5000# the minimum duration (in milliseconds) between writing# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entriescollElgProcDbBatchesInterval: 1000# The missing data entries are classified into two categories:# (1) prioritized# (2) deprioritized# Initially, all missing data are in the prioritized list. When the# reconciler is unable to fetch the missing data from other peers,# the unreconciled missing data would be moved to the deprioritized list.# The reconciler would retry deprioritized missing data after every# deprioritizedDataReconcilerInterval (unit: minutes). Note that the# interval needs to be greater than the reconcileSleepIntervaldeprioritizedDataReconcilerInterval: 60msnapshots:# Path on the file system where peer will store ledger snapshotsrootDir: /var/hyperledger/production/snapshots/org2-peer0###############################################################################
#
# Operations section
#
###############################################################################
operations:# host and port for the operations serverlistenAddress: 127.0.0.1:9448# TLS configuration for the operations endpointtls:# TLS enabledenabled: false# path to PEM encoded server certificate for the operations servercert:file:# path to PEM encoded server key for the operations serverkey:file:# most operations service endpoints require client authentication when TLS# is enabled. clientAuthRequired requires client certificate authentication# at the TLS layer to access all resources.clientAuthRequired: false# paths to PEM encoded ca certificates to trust for client authenticationclientRootCAs:files: []###############################################################################
#
# Metrics section
#
###############################################################################
metrics:# metrics provider is one of statsd, prometheus, or disabledprovider: disabled# statsd configurationstatsd:# network type: tcp or udpnetwork: udp# statsd server addressaddress: 127.0.0.1:8127# the interval at which locally cached counters and gauges are pushed# to statsd; timings are pushed immediatelywriteInterval: 10s# prefix is prepended to all emitted statsd metricsprefix:启动 org2-peer0 节点:
nohup ./peer node start > org2-peer0.log 2>&1 &
部署 org2-peer1 节点
编辑 core.yaml 文件:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
################################################################################
#
# Peer section
#
###############################################################################
peer:# The peer id provides a name for this peer instance and is used when# naming docker resources.id: peer1.org2.example.com# The networkId allows for logical separation of networks and is used when# naming docker resources.networkId: dev# The Address at local network interface this Peer will listen on.# By default, it will listen on all network interfaceslistenAddress: 192.168.1.66:10051# The endpoint this peer uses to listen for inbound chaincode connections.# If this is commented-out, the listen address is selected to be# the peer's address (see below) with port 7052chaincodeListenAddress: 192.168.1.66:7056# The endpoint the chaincode for this peer uses to connect to the peer.# If this is not specified, the chaincodeListenAddress address is selected.# And if chaincodeListenAddress is not specified, address is selected from# peer address (see below). If specified peer address is invalid then it# will fallback to the auto detected IP (local IP) regardless of the peer# addressAutoDetect value.chaincodeAddress: 192.168.1.66:7056# When used as peer config, this represents the endpoint to other peers# in the same organization. For peers in other organization, see# gossip.externalEndpoint for more info.# When used as CLI config, this means the peer's endpoint to interact withaddress: 192.168.1.66:10051# Whether the Peer should programmatically determine its address# This case is useful for docker containers.# When set to true, will override peer address.addressAutoDetect: false# Settings for the Peer's gateway server.gateway:# Whether the gateway is enabled for this Peer.enabled: true# endorsementTimeout is the duration the gateway waits for a response# from other endorsing peers before returning a timeout error to the client.endorsementTimeout: 30s# dialTimeout is the duration the gateway waits for a connection# to other network nodes.dialTimeout: 2m# Keepalive settings for peer server and clientskeepalive:# Interval is the duration after which if the server does not see# any activity from the client it pings the client to see if it's aliveinterval: 7200s# Timeout is the duration the server waits for a response# from the client after sending a ping before closing the connectiontimeout: 20s# MinInterval is the minimum permitted time between client pings.# If clients send pings more frequently, the peer server will# disconnect themminInterval: 60s# Client keepalive settings for communicating with other peer nodesclient:# Interval is the time between pings to peer nodes. This must# greater than or equal to the minInterval specified by peer# nodesinterval: 60s# Timeout is the duration the client waits for a response from# peer nodes before closing the connectiontimeout: 20s# DeliveryClient keepalive settings for communication with ordering# nodes.deliveryClient:# Interval is the time between pings to ordering nodes. This must# greater than or equal to the minInterval specified by ordering# nodes.interval: 60s# Timeout is the duration the client waits for a response from# ordering nodes before closing the connectiontimeout: 20s# Gossip related configurationgossip:# Bootstrap set to initialize gossip with.# This is a list of other peers that this peer reaches out to at startup.# Important: The endpoints here have to be endpoints of peers in the same# organization, because the peer would refuse connecting to these endpoints# unless they are in the same organization as the peer.bootstrap: 192.168.1.66:10051# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.# Setting both to true would result in the termination of the peer# since this is undefined state. If the peers are configured with# useLeaderElection=false, make sure there is at least 1 peer in the# organization that its orgLeader is set to true.# Defines whenever peer will initialize dynamic algorithm for# "leader" selection, where leader is the peer to establish# connection with ordering service and use delivery protocol# to pull ledger blocks from ordering service.useLeaderElection: false# Statically defines peer to be an organization "leader",# where this means that current peer will maintain connection# with ordering service and disseminate block across peers in# its own organization. Multiple peers or all peers in an organization# may be configured as org leaders, so that they all pull# blocks directly from ordering service.orgLeader: true# Interval for membershipTracker pollingmembershipTrackerInterval: 5s# Overrides the endpoint that the peer publishes to peers# in its organization. For peers in foreign organizations# see 'externalEndpoint'endpoint:# Maximum count of blocks stored in memorymaxBlockCountToStore: 10# Max time between consecutive message pushes(unit: millisecond)maxPropagationBurstLatency: 10ms# Max number of messages stored until a push is triggered to remote peersmaxPropagationBurstSize: 10# Number of times a message is pushed to remote peerspropagateIterations: 1# Number of peers selected to push messages topropagatePeerNum: 3# Determines frequency of pull phases(unit: second)# Must be greater than digestWaitTime + responseWaitTimepullInterval: 4s# Number of peers to pull frompullPeerNum: 3# Determines frequency of pulling state info messages from peers(unit: second)requestStateInfoInterval: 4s# Determines frequency of pushing state info messages to peers(unit: second)publishStateInfoInterval: 4s# Maximum time a stateInfo message is kept until expiredstateInfoRetentionInterval:# Time from startup certificates are included in Alive messages(unit: second)publishCertPeriod: 10s# Should we skip verifying block messages or not (currently not in use)skipBlockVerification: false# Dial timeout(unit: second)dialTimeout: 3s# Connection timeout(unit: second)connTimeout: 2s# Buffer size of received messagesrecvBuffSize: 20# Buffer size of sending messagessendBuffSize: 200# Time to wait before pull engine processes incoming digests (unit: second)# Should be slightly smaller than requestWaitTimedigestWaitTime: 1s# Time to wait before pull engine removes incoming nonce (unit: milliseconds)# Should be slightly bigger than digestWaitTimerequestWaitTime: 1500ms# Time to wait before pull engine ends pull (unit: second)responseWaitTime: 2s# Alive check interval(unit: second)aliveTimeInterval: 5s# Alive expiration timeout(unit: second)aliveExpirationTimeout: 25s# Reconnect interval(unit: second)reconnectInterval: 25s# Max number of attempts to connect to a peermaxConnectionAttempts: 120# Message expiration factor for alive messagesmsgExpirationFactor: 20# This is an endpoint that is published to peers outside of the organization.# If this isn't set, the peer will not be known to other organizations.externalEndpoint:# Leader election service configurationelection:# Longest time peer waits for stable membership during leader election startup (unit: second)startupGracePeriod: 15s# Interval gossip membership samples to check its stability (unit: second)membershipSampleInterval: 1s# Time passes since last declaration message before peer decides to perform leader election (unit: second)leaderAliveThreshold: 10s# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)leaderElectionDuration: 5spvtData:# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block# would be attempted to be pulled from peers until the block would be committed without the private datapullRetryThreshold: 60s# As private data enters the transient store, it is associated with the peer's ledger's height at that time.# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,# and the private data residing inside the transient store that is guaranteed not to be purged.# Private data is purged from the transient store when blocks with sequences that are multiples# of transientstoreMaxBlockRetention are committed.transientstoreMaxBlockRetention: 1000# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer# at private data push at endorsement time.pushAckTimeout: 3s# Block to live pulling margin, used as a buffer# to prevent peer from trying to pull private data# from peers that is soon to be purged in next N blocks.# This helps a newly joined peer catch up to current# blockchain height quicker.btlPullMargin: 10# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to# pull from the other peers the most recent missing blocks with a maximum batch size limitation.# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a# single iteration.reconcileBatchSize: 10# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning# of the next reconciliation iteration.reconcileSleepInterval: 1m# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.reconciliationEnabled: true# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid# transaction's private data from other peers need to be skipped during the commit time and pulled# only through reconciler.skipPullingInvalidTransactionsDuringCommit: false# implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection.# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values# for disseminating private data.# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.implicitCollectionDisseminationPolicy:# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully# disseminate private data for its own implicit collection during endorsement. Default value is 0.requiredPeerCount: 0# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to# disseminate private data for its own implicit collection during endorsement. Default value is 1.maxPeerCount: 1# Gossip state transfer related configurationstate:# indicates whenever state transfer is enabled or not# default value is false, i.e. state transfer is active# and takes care to sync up missing blocks allowing# lagging peer to catch up to speed with rest network.# Keep in mind that when peer.gossip.useLeaderElection is true# and there are several peers in the organization,# or peer.gossip.useLeaderElection is false alongside with# peer.gossip.orgleader being false, the peer's ledger may lag behind# the rest of the peers and will never catch up due to state transfer# being disabled.enabled: false# checkInterval interval to check whether peer is lagging behind enough to# request blocks via state transfer from another peer.checkInterval: 10s# responseTimeout amount of time to wait for state transfer response from# other peersresponseTimeout: 3s# batchSize the number of blocks to request via state transfer from another peerbatchSize: 10# blockBufferSize reflects the size of the re-ordering buffer# which captures blocks and takes care to deliver them in order# down to the ledger layer. The actual buffer size is bounded between# 0 and 2*blockBufferSize, each channel maintains its own bufferblockBufferSize: 20# maxRetries maximum number of re-tries to ask# for single state transfer requestmaxRetries: 3# TLS Settingstls:# Require server-side TLSenabled: true# Require client certificates / mutual TLS for inbound connections.# Note that clients that are not configured to use a certificate will# fail to connect to the peer.clientAuthRequired: false# X.509 certificate used for TLS servercert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.crt# Private key used for TLS serverkey:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.key# rootcert.file represents the trusted root certificate chain used for verifying certificates# of other nodes during outbound connections.# It is not required to be set, but can be used to augment the set of TLS CA certificates# available from the MSPs of each channel’s configuration.rootcert:file: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt# If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates# used for verifying certificates of client connections.# It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration.# Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests.clientRootCAs:files:- /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt# Private key used for TLS when making client connections.# If not set, peer.tls.key.file will be used insteadclientKey:file:# X.509 certificate used for TLS when making client connections.# If not set, peer.tls.cert.file will be used insteadclientCert:file:# Authentication contains configuration parameters related to authenticating# client messagesauthentication:# the acceptable difference between the current server time and the# client's time as specified in a client request messagetimewindow: 15m# Path on the file system where peer will store data (eg ledger). This# location must be access control protected to prevent unintended# modification that might corrupt the peer operations.fileSystemPath: /var/hyperledger/production/org2-peer1# BCCSP (Blockchain crypto provider): Select which crypto implementation or# library to useBCCSP:Default: SW# Settings for the SW crypto provider (i.e. when DEFAULT: SW)SW:# TODO: The default Hash and Security level needs refactoring to be# fully configurable. Changing these defaults requires coordination# SHA2 is hardcoded in several places, not only BCCSPHash: SHA2Security: 256# Location of Key StoreFileKeyStore:# If "", defaults to 'mspConfigPath'/keystoreKeyStore:# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)PKCS11:# Location of the PKCS11 module libraryLibrary:# Token LabelLabel:# User PINPin:Hash:Security:# Path on the file system where peer will find MSP local configurationsmspConfigPath: /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp# Identifier of the local MSP# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----# Deployers need to change the value of the localMspId string.# In particular, the name of the local MSP ID of a peer needs# to match the name of one of the MSPs in each of the channel# that this peer is a member of. Otherwise this peer's messages# will not be identified as valid by other nodes.localMspId: Org2MSP# CLI common client config optionsclient:# connection timeoutconnTimeout: 3s# Delivery service related configdeliveryclient:# Enables this peer to disseminate blocks it pulled from the ordering service# via gossip.# Note that 'gossip.state.enabled' controls point to point block replication# of blocks committed in the past.blockGossipEnabled: true# It sets the total time the delivery service may spend in reconnection# attempts until its retry logic gives up and returns an errorreconnectTotalTimeThreshold: 3600s# It sets the delivery service <-> ordering service node connection timeoutconnTimeout: 3s# It sets the delivery service maximal delay between consecutive retriesreConnectBackoffThreshold: 3600s# A list of orderer endpoint addresses which should be overridden# when found in channel configurations.addressOverrides:# - from:# to:# caCertsFile:# - from:# to:# caCertsFile:# Type for the local MSP - by default it's of type bccsplocalMspType: bccsp# Used with Go profiling tools only in none production environment. In# production, it should be disabled (eg enabled: false)profile:enabled: falselistenAddress: 0.0.0.0:6060# Handlers defines custom handlers that can filter and mutate# objects passing within the peer, such as:# Auth filter - reject or forward proposals from clients# Decorators - append or mutate the chaincode input passed to the chaincode# Endorsers - Custom signing over proposal response payload and its mutation# Valid handler definition contains:# - A name which is a factory method name defined in# core/handlers/library/library.go for statically compiled handlers# - library path to shared object binary for pluggable filters# Auth filters and decorators are chained and executed in the order that# they are defined. For example:# authFilters:# -# name: FilterOne# library: /opt/lib/filter.so# -# name: FilterTwo# decorators:# -# name: DecoratorOne# -# name: DecoratorTwo# library: /opt/lib/decorator.so# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality# as the default ESCC.# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar# to auth filters and decorators.# endorsers:# escc:# name: DefaultESCC# library: /etc/hyperledger/fabric/plugin/escc.sohandlers:authFilters:-name: DefaultAuth-name: ExpirationCheck # This filter checks identity x509 certificate expirationdecorators:-name: DefaultDecoratorendorsers:escc:name: DefaultEndorsementlibrary:validators:vscc:name: DefaultValidationlibrary:# library: /etc/hyperledger/fabric/plugin/escc.so# Number of goroutines that will execute transaction validation in parallel.# By default, the peer chooses the number of CPUs on the machine. Set this# variable to override that choice.# NOTE: overriding this value might negatively influence the performance of# the peer so please change this value only if you know what you're doingvalidatorPoolSize:# The discovery service is used by clients to query information about peers,# such as - which peers have joined a certain channel, what is the latest# channel config, and most importantly - given a chaincode and a channel,# what possible sets of peers satisfy the endorsement policy.discovery:enabled: true# Whether the authentication cache is enabled or not.authCacheEnabled: true# The maximum size of the cache, after which a purge takes placeauthCacheMaxSize: 1000# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulationauthCachePurgeRetentionRatio: 0.75# Whether to allow non-admins to perform non channel scoped queries.# When this is false, it means that only peer admins can perform non channel scoped queries.orgMembersAllowedAccess: false# Limits is used to configure some internal resource limits.limits:# Concurrency limits the number of concurrently running requests to a service on each peer.# Currently this option is only applied to endorser service and deliver service.# When the property is missing or the value is 0, the concurrency limit is disabled for the service.concurrency:# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,# including both user chaincodes and system chaincodes.endorserService: 2500# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.deliverService: 2500# gatewayService limits concurrent requests to gateway service that handles the submission and evaluation of transactions.gatewayService: 500# Since all nodes should be consistent it is recommended to keep# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize# Max message size in bytes GRPC server and client can receivemaxRecvMsgSize: 104857600# Max message size in bytes GRPC server and client can sendmaxSendMsgSize: 104857600###############################################################################
#
# VM section
#
###############################################################################
vm:# Endpoint of the vm management system. For docker can be one of the following in general# unix:///var/run/docker.sock# http://localhost:2375# https://localhost:2376# If you utilize external chaincode builders and don't need the default Docker chaincode builder,# the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered.endpoint: unix:///var/run/docker.sock# settings for docker vmsdocker:tls:enabled: falseca:file: docker/ca.crtcert:file: docker/tls.crtkey:file: docker/tls.key# Enables/disables the standard out/err from chaincode containers for# debugging purposesattachStdout: false# Parameters on creating docker container.# Container may be efficiently created using ipam & dns-server for cluster# NetworkMode - sets the networking mode for the container. Supported# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.# Dns - a list of DNS servers for the container to use.# Note: `Privileged` `Binds` `Links` and `PortBindings` properties of# Docker Host Config are not supported and will not be used if set.# LogConfig - sets the logging driver (Type) and related options# (Config) for Docker. For more info,# https://docs.docker.com/engine/admin/logging/overview/# Note: Set LogConfig using Environment Variables is not supported.hostConfig:NetworkMode: hostDns:# - 192.168.0.1LogConfig:Type: json-fileConfig:max-size: "50m"max-file: "5"Memory: 2147483648###############################################################################
#
# Chaincode section
#
###############################################################################
chaincode:# The id is used by the Chaincode stub to register the executing Chaincode# ID with the Peer and is generally supplied through ENV variables# the `path` form of ID is provided when installing the chaincode.# The `name` is used for all other requests and can be any string.id:path:name:# Generic builder environment, suitable for most chaincode typesbuilder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)# Enables/disables force pulling of the base docker images (listed below)# during user chaincode instantiation.# Useful when using moving image tags (such as :latest)pull: falsegolang:# golang will never need more than baseosruntime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)# whether or not golang chaincode should be linked dynamicallydynamicLink: falsejava:# This is an image based on java:openjdk-8 with addition compiler# tools added for java shim layer packaging.# This image is packed with shim layer libraries that are necessary# for Java chaincode runtime.runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)node:# This is an image based on node:$(NODE_VER)-alpineruntime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)# List of directories to treat as external builders and launchers for# chaincode. The external builder detection processing will iterate over the# builders in the order specified below.# If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above.# To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}]externalBuilders:- name: ccaas_builderpath: /opt/hyperledger/ccaas_builderpropagateEnvironment:- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG# The maximum duration to wait for the chaincode build and install process# to complete.installTimeout: 300s# Timeout duration for starting up a container and waiting for Register# to come through.startuptimeout: 300s# Timeout duration for Invoke and Init calls to prevent runaway.# This timeout is used by all chaincodes in all the channels, including# system chaincodes.# Note that during Invoke, if the image is not available (e.g. being# cleaned up when in development environment), the peer will automatically# build the image, which might take more time. In production environment,# the chaincode image is unlikely to be deleted, so the timeout could be# reduced accordingly.executetimeout: 30s# There are 2 modes: "dev" and "net".# In dev mode, user runs the chaincode after starting peer from# command line on local machine.# In net mode, peer will run chaincode in a docker container.mode: net# keepalive in seconds. In situations where the communication goes through a# proxy that does not support keep-alive, this parameter will maintain connection# between peer and chaincode.# A value <= 0 turns keepalive offkeepalive: 0# enabled system chaincodessystem:_lifecycle: enablecscc: enablelscc: enableqscc: enable# Logging section for the chaincode containerlogging:# Default level for all loggers within the chaincode containerlevel: info# Override default level for the 'shim' loggershim: warning# Format for the chaincode container logsformat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'###############################################################################
#
# Ledger section - ledger configuration encompasses both the blockchain
# and the state
#
###############################################################################
ledger:blockchain:state:# stateDatabase - options are "goleveldb", "CouchDB"# goleveldb - default state database stored in goleveldb.# CouchDB - store state database in CouchDBstateDatabase: goleveldb# Limit on the number of records to return per querytotalQueryLimit: 100000couchDBConfig:# It is recommended to run CouchDB on the same server as the peer, and# not map the CouchDB container port to a server port in docker-compose.# Otherwise proper security must be provided on the connection between# CouchDB client (on the peer) and server.couchDBAddress: 127.0.0.1:5984# This username must have read and write authority on CouchDBusername:# The password is recommended to pass as an environment variable# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).# If it is stored here, the file must be access control protected# to prevent unintended users from discovering the password.password:# Number of retries for CouchDB errorsmaxRetries: 3# Number of retries for CouchDB errors during peer startup.# The delay between retries doubles for each attempt.# Default of 10 retries results in 11 attempts over 2 minutes.maxRetriesOnStartup: 10# CouchDB request timeout (unit: duration, e.g. 20s)requestTimeout: 35s# Limit on the number of records per each CouchDB query# Note that chaincode queries are only bound by totalQueryLimit.# Internally the chaincode may execute multiple CouchDB queries,# each of size internalQueryLimit.internalQueryLimit: 1000# Limit on the number of records per CouchDB bulk update batchmaxBatchUpdateSize: 1000# Create the _global_changes system database# This is optional. Creating the global changes database will require# additional system resources to track changes and maintain the databasecreateGlobalChangesDB: false# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple# of 32 MB, the peer would round the size to the next multiple of 32 MB.# To disable the cache, 0 MB needs to be assigned to the cacheSize.cacheSize: 64history:# enableHistoryDatabase - options are true or false# Indicates if the history of key updates should be stored.# All history 'index' will be stored in goleveldb, regardless if using# CouchDB or alternate database for the state.enableHistoryDatabase: truepvtdataStore:# the maximum db batch size for converting# the ineligible missing data entries to eligible missing data entriescollElgProcMaxDbBatchSize: 5000# the minimum duration (in milliseconds) between writing# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entriescollElgProcDbBatchesInterval: 1000# The missing data entries are classified into two categories:# (1) prioritized# (2) deprioritized# Initially, all missing data are in the prioritized list. When the# reconciler is unable to fetch the missing data from other peers,# the unreconciled missing data would be moved to the deprioritized list.# The reconciler would retry deprioritized missing data after every# deprioritizedDataReconcilerInterval (unit: minutes). Note that the# interval needs to be greater than the reconcileSleepIntervaldeprioritizedDataReconcilerInterval: 60msnapshots:# Path on the file system where peer will store ledger snapshotsrootDir: /var/hyperledger/production/snapshots/org2-peer1###############################################################################
#
# Operations section
#
###############################################################################
operations:# host and port for the operations serverlistenAddress: 127.0.0.1:9449# TLS configuration for the operations endpointtls:# TLS enabledenabled: false# path to PEM encoded server certificate for the operations servercert:file:# path to PEM encoded server key for the operations serverkey:file:# most operations service endpoints require client authentication when TLS# is enabled. clientAuthRequired requires client certificate authentication# at the TLS layer to access all resources.clientAuthRequired: false# paths to PEM encoded ca certificates to trust for client authenticationclientRootCAs:files: []###############################################################################
#
# Metrics section
#
###############################################################################
metrics:# metrics provider is one of statsd, prometheus, or disabledprovider: disabled# statsd configurationstatsd:# network type: tcp or udpnetwork: udp# statsd server addressaddress: 127.0.0.1:8128# the interval at which locally cached counters and gauges are pushed# to statsd; timings are pushed immediatelywriteInterval: 10s# prefix is prepended to all emitted statsd metricsprefix:
启动 org2-peer1 节点:
nohup ./peer node start > org2-peer1.log 2>&1 &
创建通道
export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_MSPCONFIGPATH=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp./peer channel create -o orderer0.example.com:7050 -c businesschannel -f "/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/businesschannel.tx" --timeout "30s" --tls --cafile /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
创建成功后会在当前路径下生成 businesschannel.block 文件。
mv businesschannel.block /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts
加入通道
org1-peer0 加入通道:
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051./peer channel join -b /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/businesschannel.block
加入成功可以看到如下输出:
2022-02-22 08:58:09.295 EST 0002 INFO [channelCmd] executeJoin -> Successfully submitted proposal to join channel
org1-peer1 加入通道:
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer1.org1.example.com:8051./peer channel join -b /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/businesschannel.block
org2-peer0 加入通道:
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:9051./peer channel join -b /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/businesschannel.block
org2-peer1 加入通道:
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer1.org2.example.com:10051./peer channel join -b /usr/project/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/businesschannel.block
查看 peer 节点加入的通道:
./peer channel list
输出如下:
2022-02-22 09:03:02.681 EST 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
Channels peers has joined:
businesschannel
Hyperledger Fabric 二进制安装部署 Peer 节点相关推荐
- 二进制安装部署 4 kubernetes集群---超详细教程
二进制安装部署kubernetes集群---超详细教程 前言:本篇博客是博主踩过无数坑,反复查阅资料,一步步搭建完成后整理的个人心得,分享给大家~~~ 本文所需的安装包,都上传在我的网盘中,需要的可以 ...
- DockerK8s---跟我一步步部署K8s(二进制安装部署)
文章目录 Docker&K8s---跟我一步步部署K8s(二进制安装部署) Kubernetes(K8s)概述 Kubernetes快速入门 四组基本概念 常见的K8s安装部署方式 准备工作 ...
- 二进制安装K8S - NODE 节点的安装
二进制安装K8S - NODE 节点的安装 安装系统 Linux node02 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x8 ...
- 二进制安装多master节点的k8s集群
二进制安装多master节点的k8s集群 k8s集群角色 IP 主机名 安装的组件 控制节点 192.168.1.180 master1 apiserver,controller-manager,sc ...
- Hyperledger Fabric/Fabric-samples 安装及使用(Mac)
因为未找到mac相关的安装方式,故根据优秀博主的文档以及本人安装.使用的经验整理此文. 1.安装清单 brew Git cUrl docker docker-compose GoLang Fabric ...
- k8s二进制安装部署(详细)
一.生产环境部署k8s常见的几种方式 说明:文章内使用到的yaml可到博客资源内下载 k8s-yaml 1.kubeadm Kubeadm是一个K8s部署工具,提供kubeadm init和kubea ...
- centos 7安装部署 单节点 Elasticsearch 6.6.0
centos 7安装部署Elasticsearch 安装java环境 先查看本地是否自带java环境 yum list installed |grep java 卸载自带的java(注:需要root权 ...
- 二进制包方式安装部署三节点k8s
一 .集群情况如下,master作为k8s的主节点,在slave1上搭建docker的私库 Master 192.168.235.128 etcd.kube-apiserver.kube-contro ...
- fabric测试网络在peer节点上安装链码时报错解决
报错信息: Error: chaincode install failed with status: 500 - failed to invoke backing implementation of ...
最新文章
- Asp.net Mvc Codeplex Preview 5 第三篇 实现Action参数传递繁杂类型 【转】
- python字符串解释_Python学习:字符串的简单解释,深入浅出
- Faster-RCNN的一些记录。
- 2018-2019 ACM—ICPC SEERC 题解
- 19、java中枚举
- w10系统自带linux系统,win10下,内置linux系统的安装和体验,你造吗?
- 添加文字 生成pdf_PDF 文件编辑方法和工具大全
- 新道电子沙盘系统_电子沙盘系统在房地产开发与销售过程中的优势
- Airpal安装部署
- 喜马拉雅音频解析插件
- 联想i微型计算机怎么拆,联想t410i如何拆机?联想t410i拆机方法【图文】
- 【宋红康 MySQL数据库 】【高级篇】【14】数据库的设计规范
- Android 项目必备(二十三)-->减小 APK 大小
- 深入浅出量化对冲Alpha基金的操作
- systemd-journald日志进程介绍
- VS2008运行过程中出现regsvr32问题解决方法记录
- C# 实现视频预览功能(附源码)
- Hannah荣获第六季完美童模全球总决赛全球人气总冠军
- HTML第六章上机练习1-5题
- C/C++内存泄漏及检测