329 lines
14 KiB
YAML
329 lines
14 KiB
YAML
version: 1.0.0
|
|
|
|
client:
|
|
|
|
# Which organization does this application instance belong to? The value must be the name of an org
|
|
# defined under "organizations"
|
|
organization: org2
|
|
|
|
logging:
|
|
level: info
|
|
|
|
|
|
# Root of the MSP directories with keys and certs.
|
|
cryptoconfig:
|
|
path: ${CONFIG_PATH}/crypto-config
|
|
|
|
# Some SDKs support pluggable KV stores, the properties under "credentialStore"
|
|
# are implementation specific
|
|
credentialStore:
|
|
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration
|
|
# and enrollments are performed elswhere.
|
|
path: "/tmp/state-store"
|
|
|
|
# [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations
|
|
# requiring a key store. PKCS#11 based implementations does not.
|
|
cryptoStore:
|
|
# Specific to the underlying KeyValueStore that backs the crypto key store.
|
|
path: /tmp/msp
|
|
|
|
# BCCSP config for the client. Used by GO SDK.
|
|
BCCSP:
|
|
security:
|
|
enabled: true
|
|
default:
|
|
provider: "SW"
|
|
hashAlgorithm: "SHA2"
|
|
softVerify: true
|
|
level: 256
|
|
|
|
tlsCerts:
|
|
#[Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
|
|
systemCertPool: true
|
|
|
|
#[Optional]. Client key and cert for TLS handshake with peers and orderers
|
|
client:
|
|
key:
|
|
path: ${CONFIG_PATH}/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/tls/server.key
|
|
cert:
|
|
path: ${CONFIG_PATH}/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/tls/server.crt
|
|
|
|
#
|
|
# [Optional]. But most apps would have this section so that channel objects can be constructed
|
|
# based on the content below. If an app is creating channels, then it likely will not need this
|
|
# section.
|
|
#
|
|
channels:
|
|
|
|
#[Required if _default not defined; Optional if _default defined].
|
|
# name of the channel
|
|
mychannel:
|
|
|
|
# list of orderers designated by the application to use for transactions on this
|
|
# channel. This list can be a result of access control ("FBI" can only access "ordererA"), or
|
|
# operational decisions to share loads from applications among the orderers. The values must
|
|
# be "names" of orgs defined under "organizations/p unable to load config backend: loading config feers"
|
|
# deprecated: not recommended, to override any orderer configuration items, entity matchers should be used.
|
|
# orderers:
|
|
# - orderer.citizens.com
|
|
|
|
#[Required if _default peers not defined; Optional if _default peers defined].
|
|
# list of peers from participating orgs
|
|
peers:
|
|
peer1.org2.example.com:
|
|
endorsingPeer: true
|
|
chaincodeQuery: true
|
|
ledgerQuery: true
|
|
eventSource: true
|
|
# peer0.org2.example.com:
|
|
# endorsingPeer: true
|
|
# chaincodeQuery: true
|
|
# ledgerQuery: true
|
|
# eventSource: true
|
|
#
|
|
# list of participating organizations in this network
|
|
#
|
|
organizations:
|
|
org1:
|
|
mspid: Org1MSP
|
|
|
|
# This org's MSP store (absolute path or relative to client.cryptoconfig)
|
|
cryptoPath: peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
|
|
|
|
peers:
|
|
- peer0.org1.example.com
|
|
- peer1.org1.example.com
|
|
|
|
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fab based
|
|
# network. Typically certificates provisioning is done in a separate process outside of the
|
|
# runtime network. CA is a special certificate authority that provides a REST APIs for
|
|
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
|
|
# CA servers.
|
|
# certificateAuthorities:
|
|
# - ca.fbi.citizens.com
|
|
|
|
# the profile will contain public information about organizations other than the one it belongs to.
|
|
# These are necessary information to make transaction lifecycles work, including MSP IDs and
|
|
# peers with a public URL to send transaction proposals. The file will not contain private
|
|
# information reserved for members of the organization, such as admin key and certificate,
|
|
# ca registrar enroll ID and secret, etc.
|
|
|
|
org2:
|
|
mspid: Org2MSP
|
|
|
|
# This org's MSP store (absolute path or relative to client.cryptoconfig)
|
|
cryptoPath: peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
|
|
|
|
peers:
|
|
- peer0.org2.example.com
|
|
- peer1.org2.example.com
|
|
|
|
#
|
|
# List of orderers to send transaction and channel create/update requests to. For the time
|
|
# being only one orderer is needed. If more than one is defined, which one get used by the
|
|
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers.
|
|
#
|
|
orderers:
|
|
orderer.example.com:
|
|
url: grpcs://localhost:7050
|
|
|
|
# these are standard properties defined by the gRPC library
|
|
# they will be passed in as-is to gRPC client constructor
|
|
grpcOptions:
|
|
ssl-target-name-override: orderer.example.com
|
|
# These parameters should be set in coordination with the keepalive policy on the server,
|
|
# as incompatible settings can result in closing of connection.
|
|
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
|
|
keep-alive-time: 0s
|
|
keep-alive-timeout: 20s
|
|
keep-alive-permit: false
|
|
fail-fast: false
|
|
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
|
|
allow-insecure: false
|
|
|
|
tlsCACerts:
|
|
# Certificate location absolute path
|
|
path: ${CONFIG_PATH}/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
|
|
|
|
#
|
|
# List of peers to send various requests to, including endorsement, query
|
|
# and event listener registration.
|
|
#
|
|
peers:
|
|
peer0.org1.example.com:
|
|
# this URL is used to send endorsement and query requests
|
|
url: grpcs://localhost:7051
|
|
eventUrl: grpcs://localhost:7053
|
|
grpcOptions:
|
|
ssl-target-name-override: peer0.org1.example.com
|
|
# These parameters should be set in coordination with the keepalive policy on the server,
|
|
# as incompatible settings can result in closing of connection.
|
|
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
|
|
keep-alive-time: 0s
|
|
keep-alive-timeout: 20s
|
|
keep-alive-permit: false
|
|
fail-fast: false
|
|
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
|
|
allow-insecure: false
|
|
|
|
tlsCACerts:
|
|
# Certificate location absolute path
|
|
path: ${CONFIG_PATH}/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
|
|
|
|
peer1.org1.example.com:
|
|
# this URL is used to send endorsement and query requests
|
|
url: grpcs://localhost:8051
|
|
eventUrl: grpcs://localhost:8053
|
|
grpcOptions:
|
|
ssl-target-name-override: peer1.org1.example.com
|
|
# These parameters should be set in coordination with the keepalive policy on the server,
|
|
# as incompatible settings can result in closing of connection.
|
|
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
|
|
keep-alive-time: 0s
|
|
keep-alive-timeout: 20s
|
|
keep-alive-permit: false
|
|
fail-fast: false
|
|
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
|
|
allow-insecure: false
|
|
|
|
tlsCACerts:
|
|
# Certificate location absolute path
|
|
path: ${CONFIG_PATH}/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
|
|
|
|
peer0.org2.example.com:
|
|
# this URL is used to send endorsement and query requests
|
|
url: grpcs://localhost:9051
|
|
eventUrl: grpcs://localhost:9053
|
|
grpcOptions:
|
|
ssl-target-name-override: peer0.org2.example.com
|
|
# These parameters should be set in coordination with the keepalive policy on the server,
|
|
# as incompatible settings can result in closing of connection.
|
|
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
|
|
keep-alive-time: 0s
|
|
keep-alive-timeout: 20s
|
|
keep-alive-permit: false
|
|
fail-fast: false
|
|
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
|
|
allow-insecure: false
|
|
|
|
tlsCACerts:
|
|
# Certificate location absolute path
|
|
path: ${CONFIG_PATH}/crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
|
|
|
|
peer1.org2.example.com:
|
|
# this URL is used to send endorsement and query requests
|
|
url: grpcs://localhost:10051
|
|
eventUrl: grpcs://localhost:10053
|
|
grpcOptions:
|
|
ssl-target-name-override: peer1.org2.example.com
|
|
# These parameters should be set in coordination with the keepalive policy on the server,
|
|
# as incompatible settings can result in closing of connection.
|
|
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
|
|
keep-alive-time: 0s
|
|
keep-alive-timeout: 20s
|
|
keep-alive-permit: false
|
|
fail-fast: false
|
|
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
|
|
allow-insecure: false
|
|
|
|
tlsCACerts:
|
|
# Certificate location absolute path
|
|
path: ${CONFIG_PATH}/crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
|
|
|
|
#
|
|
# CA is a special kind of Certificate Authority provided by Hyperledger Fab which allows
|
|
# certificate management to be done via REST APIs. Application may choose to use a standard
|
|
# Certificate Authority instead of CA, in which case this section would not be specified.
|
|
#
|
|
# certificateAuthorities:
|
|
# ca.org1.example.com:
|
|
# url: https://ca.org1.example.com:7053
|
|
# tlsCACerts:
|
|
# # Comma-Separated list of paths
|
|
# path: /home/shaojie/config_v1/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
|
|
# # Client key and cert for SSL handshake with Fab CA
|
|
# client:
|
|
# key:
|
|
# path: /home/shaojie/config_v1/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.key
|
|
# cert:
|
|
# path: /home/shaojie/config_v1/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.crt
|
|
|
|
# # CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
|
|
# # needed to enroll and invoke new users.
|
|
# registrar:
|
|
# enrollId: admin
|
|
# enrollSecret: adminpw
|
|
# # [Optional] The optional name of the CA.
|
|
# caName: ca.org1.example.com
|
|
|
|
|
|
# EntityMatchers enable substitution of network hostnames with static configurations
|
|
# so that properties can be mapped. Regex can be used for this purpose
|
|
# UrlSubstitutionExp can be empty which means the same network hostname will be used
|
|
# UrlSubstitutionExp can be given same as mapped peer url, so that mapped peer url can be used
|
|
# UrlSubstitutionExp can have golang regex matchers like 1.local.example.2:3 for pattern
|
|
# like peer0.fbi.citizens.com:1234 which converts peer0.fbi.citizens.com to peer0.FBI.local.citizens.com:1234
|
|
# sslTargetOverrideUrlSubstitutionExp follow in the same lines as
|
|
# SubstitutionExp for the fields gprcOptions.ssl-target-name-override respectively
|
|
# In any case mappedHost's config will be used, so mapped host cannot be empty, if entityMatchers are used
|
|
#entityMatchers:
|
|
entityMatchers:
|
|
peer:
|
|
- pattern: (\w*)peer0.org1.example.com:(\w*)
|
|
urlSubstitutionExp: grpcs://localhost:7051
|
|
eventUrlSubstitutionExp: grpcs://localhost:7053
|
|
sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com
|
|
mappedHost: peer0.org1.example.com
|
|
|
|
|
|
- pattern: (\w*)peer1.org1.example.com:(\w*)
|
|
urlSubstitutionExp: grpcs://localhost:8051
|
|
eventUrlSubstitutionExp: grpcs://localhost:8053
|
|
sslTargetOverrideUrlSubstitutionExp: peer1.org1.example.com
|
|
mappedHost: peer1.org1.example.com
|
|
|
|
- pattern: (\w*)peer0.org2.example.com:(\w*)
|
|
urlSubstitutionExp: grpcs://localhost:9051
|
|
eventUrlSubstitutionExp: grpcs://localhost:9053
|
|
sslTargetOverrideUrlSubstitutionExp: peer0.org2.example.com
|
|
mappedHost: peer0.org2.example.com
|
|
|
|
- pattern: (\w*)peer1.org2.example.com:(\w*)
|
|
urlSubstitutionExp: grpcs://localhost:10051
|
|
eventUrlSubstitutionExp: grpcs://localhost:10053
|
|
sslTargetOverrideUrlSubstitutionExp: peer1.org2.example.com
|
|
mappedHost: peer1.org2.example.com
|
|
|
|
# orderer:
|
|
# - pattern: (\w+).example.(\w+)
|
|
# urlSubstitutionExp: orderer.citizens.com:7050
|
|
# sslTargetOverrideUrlSubstitutionExp: orderer.citizens.com
|
|
# mappedHost: orderer.citizens.com
|
|
#
|
|
# - pattern: (\w+).example2.(\w+)
|
|
# urlSubstitutionExp: localhost:7050
|
|
# sslTargetOverrideUrlSubstitutionExp: localhost
|
|
# mappedHost: orderer.citizens.com
|
|
#
|
|
# - pattern: (\w+).example3.(\w+)
|
|
# urlSubstitutionExp:
|
|
# sslTargetOverrideUrlSubstitutionExp:
|
|
# mappedHost: orderer.citizens.com
|
|
#
|
|
# - pattern: (\w+).example4.(\w+):(\d+)
|
|
# urlSubstitutionExp: 1.example.2:3
|
|
# sslTargetOverrideUrlSubstitutionExp: 1.example.2
|
|
# mappedHost: orderer.citizens.com
|
|
#
|
|
# certificateAuthority:
|
|
# - pattern: (\w+).fbi.citizens.com.(\w+)
|
|
# urlSubstitutionExp:
|
|
# mappedHost: ca.fbi.citizens.com
|
|
#
|
|
#entityMatchers:
|
|
orderer:
|
|
- pattern: (\w*)orderer.example.com(\w*)
|
|
urlSubstitutionExp: grpcs://localhost:7050
|
|
sslTargetOverrideUrlSubstitutionExp: orderer.example.com
|
|
mappedHost: orderer.example.com
|