# # Copyright SecureKey Technologies Inc. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # # # The network connection profile provides client applications the information about the target # blockchain network that are necessary for the applications to interact with it. These are all # knowledge that must be acquired from out-of-band sources. This file provides such a source. # # # Schema version of the content. Used by the SDK to apply the corresponding parsing rules. # version: 1.0.0 # # The client section used by GO SDK. # client: # Which organization does this application instance belong to? The value must be the name of an org # defined under "organizations" organization: org1 logging: level: info # Global configuration for peer, event service and orderer timeouts # if this this section is omitted, then default values will be used (same values as below) # peer: # timeout: # connection: 10s # response: 180s # discovery: # # Expiry period for discovery service greylist filter # # The channel client will greylist peers that are found to be offline # # to prevent re-selecting them in subsequent retries. # # This interval will define how long a peer is greylisted # greylistExpiry: 10s # eventService: # the below timeouts are commented out to use the default values that are found in # "pkg/fab/endpointconfig.go" # the client is free to override the default values by uncommenting and resetting # the values as they see fit in their config file # timeout: # registrationResponse: 15s # orderer: # timeout: # connection: 15s # response: 15s # global: # timeout: # query: 180s # execute: 180s # resmgmt: 180s # cache: # connectionIdle: 30s # eventServiceIdle: 2m # channelConfig: 30m # channelMembership: 30s # discovery: 10s # selection: 10m # Root of the MSP directories with keys and certs. cryptoconfig: path: fabric-network/first-network/crypto-config # Some SDKs support pluggable KV stores, the properties under "credentialStore" # are implementation specific credentialStore: # [Optional]. Used by user store. Not needed if all credentials are embedded in configuration # and enrollments are performed elswhere. path: "/tmp/state-store" # [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations # requiring a key store. PKCS#11 based implementations does not. cryptoStore: # Specific to the underlying KeyValueStore that backs the crypto key store. path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp # BCCSP config for the client. Used by GO SDK. BCCSP: security: enabled: true default: provider: "SW" hashAlgorithm: "SHA2" softVerify: true level: 256 tlsCerts: # [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false # systemCertPool: true # [Optional]. Client key and cert for TLS handshake with peers and orderers client: key: path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.key cert: path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.crt # # [Optional]. But most apps would have this section so that channel objects can be constructed # based on the content below. If an app is creating channels, then it likely will not need this # section. # channels: # Default channel is used if channel configuration is missing or if defined channel configuration is missing info # If channel doesn't define peers then peers from default channel will be used # If channel doesn't define orderes then orderes from default channel will be used # If channel doesn't define policies then policies from default channel will be used. # Also, if channel defines policies and some policy info is missing than that missing info will be filled from default channel. _default: # Optional. list of peers from participating orgs peers: peer1.org1.example.com: # [Optional]. will this peer be sent transaction proposals for endorsement? The peer must # have the chaincode installed. The app can also use this property to decide which peers # to send the chaincode install request. Default: true endorsingPeer: true # [Optional]. will this peer be sent query proposals? The peer must have the chaincode # installed. The app can also use this property to decide which peers to send the # chaincode install request. Default: true chaincodeQuery: true # [Optional]. will this peer be sent query proposals that do not require chaincodes, like # queryBlock(), queryTransaction(), etc. Default: true ledgerQuery: true # [Optional]. will this peer be the target of the SDK's listener registration? All peers can # produce events but the app typically only needs to connect to one to listen to events. # Default: true eventSource: true # [Optional]. The application can use these options to perform channel operations like retrieving channel # config etc. policies: #[Optional] options for retrieving channel configuration blocks queryChannelConfig: #[Optional] min number of success responses (from targets/peers) minResponses: 1 #[Optional] channel config will be retrieved for these number of random targets maxTargets: 1 #[Optional] retry options for query config block retryOpts: #[Optional] number of retry attempts attempts: 5 #[Optional] the back off interval for the first retry attempt initialBackoff: 500ms #[Optional] the maximum back off interval for any retry attempt maxBackoff: 5s #[Optional] he factor by which the initial back off period is exponentially incremented backoffFactor: 2.0 #[Optional] options for retrieving discovery info discovery: #[Optional] discovery info will be retrieved for these number of random targets maxTargets: 2 #[Optional] retry options for retrieving discovery info retryOpts: #[Optional] number of retry attempts attempts: 4 #[Optional] the back off interval for the first retry attempt initialBackoff: 500ms #[Optional] the maximum back off interval for any retry attempt maxBackoff: 5s #[Optional] he factor by which the initial back off period is exponentially incremented backoffFactor: 2.0 #[Optional] options for the event service eventService: # [Optional] resolverStrategy specifies the peer resolver strategy to use when connecting to a peer # Possible values: [PreferOrg (default), MinBlockHeight, Balanced] # # PreferOrg: # Determines which peers are suitable based on block height lag threshold, although will prefer the peers in the # current org (as long as their block height is above a configured threshold). If none of the peers from the current org # are suitable then a peer from another org is chosen. # MinBlockHeight: # Chooses the best peer according to a block height lag threshold. The maximum block height of all peers is # determined and the peers whose block heights are under the maximum height but above a provided "lag" threshold are load # balanced. The other peers are not considered. # Balanced: # Chooses peers using the configured balancer. resolverStrategy: PreferOrg # [Optional] balancer is the balancer to use when choosing a peer to connect to # Possible values: [Random (default), RoundRobin] balancer: Random # [Optional] blockHeightLagThreshold sets the block height lag threshold. This value is used for choosing a peer # to connect to. If a peer is lagging behind the most up-to-date peer by more than the given number of # blocks then it will be excluded from selection. # Note that this parameter is applicable only when minBlockHeightResolverMode is set to ResolveByThreshold. # Default: 5 blockHeightLagThreshold: 5 # [Optional] reconnectBlockHeightLagThreshold - the event client will disconnect from the peer if the peer's # block height falls behind the specified number of blocks and will reconnect to a better performing peer. # Note that this parameter is only applicable if peerMonitor is set to Enabled (default). # Default: 10 # NOTES: # - Setting this value too low may cause the event client to disconnect/reconnect too frequently, thereby # affecting performance. reconnectBlockHeightLagThreshold: 8 # [Optional] peerMonitorPeriod is the period in which the connected peer is monitored to see if # the event client should disconnect from it and reconnect to another peer. # Default: 0 (disabled) for Balanced resolverStrategy; 5s for PreferOrg and MinBlockHeight strategy peerMonitorPeriod: 6s #[Required if _default not defined; Optional if _default defined]. # name of the channel mychannel: # list of orderers designated by the application to use for transactions on this # channel. This list can be a result of access control ("org1" can only access "ordererA"), or # operational decisions to share loads from applications among the orderers. The values must # be "names" of orgs defined under "organizations/peers" # deprecated: not recommended, to override any orderer configuration items, entity matchers should be used. # orderers: # - orderer.example.com #[Required if _default peers not defined; Optional if _default peers defined]. # list of peers from participating orgs peers: peer0.org1.example.com: # [Optional]. will this peer be sent transaction proposals for endorsement? The peer must # have the chaincode installed. The app can also use this property to decide which peers # to send the chaincode install request. Default: true endorsingPeer: true # [Optional]. will this peer be sent query proposals? The peer must have the chaincode # installed. The app can also use this property to decide which peers to send the # chaincode install request. Default: true chaincodeQuery: true # [Optional]. will this peer be sent query proposals that do not require chaincodes, like # queryBlock(), queryTransaction(), etc. Default: true ledgerQuery: true # [Optional]. will this peer be the target of the SDK's listener registration? All peers can # produce events but the app typically only needs to connect to one to listen to events. # Default: true eventSource: true peer1.org1.example.com: endorsingPeer: true chaincodeQuery: true ledgerQuery: true eventSource: true peer0.org2.example.com: endorsingPeer: true chaincodeQuery: true ledgerQuery: true eventSource: true # peer1.org2.example.com: # endorsingPeer: true # chaincodeQuery: true # ledgerQuery: true # eventSource: true # # list of participating organizations in this network # organizations: org1: mspid: Org1MSP # This org's MSP store (absolute path or relative to client.cryptoconfig) cryptoPath: peerOrganizations/org1.example.com/users/{username}@org1.example.com/msp users: Admin: cert: path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem User1: cert: path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/signcerts/User1@org1.example.com-cert.pem peers: - peer0.org1.example.com - peer1.org1.example.com # [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based # network. Typically certificates provisioning is done in a separate process outside of the # runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for # dynamic certificate management (enroll, revoke, re-enroll). The following section is only for # Fabric-CA servers. # certificateAuthorities: # - ca.example.com # the profile will contain public information about organizations other than the one it belongs to. # These are necessary information to make transaction lifecycles work, including MSP IDs and # peers with a public URL to send transaction proposals. The file will not contain private # information reserved for members of the organization, such as admin key and certificate, # fabric-ca registrar enroll ID and secret, etc. org2: mspid: Org2MSP # This org's MSP store (absolute path or relative to client.cryptoconfig) cryptoPath: peerOrganizations/org2.example.com/users/{username}@org2.example.com/msp users: Admin: cert: path: fabric-network/first-network/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem User1: cert: path: fabric-network/first-network/crypto-config/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/signcerts/User1@org2.example.com-cert.pem peers: - peer0.org2.example.com - peer1.org2.example.com # certificateAuthorities: # - ca.example.com # Orderer Org name Orderer: # Membership Service Provider ID for this organization mspID: OrdererMSP # Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode) cryptoPath: ordererOrganizations/example.com/users/{username}@example.com/msp peers: - orderer.example.com # # List of orderers to send transaction and channel create/update requests to. For the time # being only one orderer is needed. If more than one is defined, which one get used by the # SDK is implementation specific. Consult each SDK's documentation for its handling of orderers. # orderers: orderer.example.com: url: localhost:7050 # these are standard properties defined by the gRPC library # they will be passed in as-is to gRPC client constructor grpcOptions: ssl-target-name-override: orderer.example.com # These parameters should be set in coordination with the keepalive policy on the server, # as incompatible settings can result in closing of connection. # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled keep-alive-time: 0s keep-alive-timeout: 20s keep-alive-permit: false fail-fast: false # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs allow-insecure: false tlsCACerts: # Certificate location absolute path path: fabric-network/first-network/crypto-config/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem # # List of peers to send various requests to, including endorsement, query # and event listener registration. # peers: peer0.org1.example.com: # this URL is used to send endorsement and query requests url: localhost:7051 eventUrl: localhost:7053 grpcOptions: ssl-target-name-override: peer0.org1.example.com # These parameters should be set in coordination with the keepalive policy on the server, # as incompatible settings can result in closing of connection. # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled keep-alive-time: 0s keep-alive-timeout: 20s keep-alive-permit: false fail-fast: false # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs allow-insecure: false tlsCACerts: # Certificate location absolute path path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem peer1.org1.example.com: # this URL is used to send endorsement and query requests url: localhost:8051 eventUrl: localhost:8053 grpcOptions: ssl-target-name-override: peer1.org1.example.com # These parameters should be set in coordination with the keepalive policy on the server, # as incompatible settings can result in closing of connection. # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled keep-alive-time: 0s keep-alive-timeout: 20s keep-alive-permit: false fail-fast: false # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs allow-insecure: false tlsCACerts: # Certificate location absolute path path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem peer0.org2.example.com: url: localhost:9051 eventUrl: localhost:9053 grpcOptions: ssl-target-name-override: peer0.org2.example.com # These parameters should be set in coordination with the keepalive policy on the server, # as incompatible settings can result in closing of connection. # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled keep-alive-time: 0s keep-alive-timeout: 20s keep-alive-permit: false fail-fast: false # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs allow-insecure: false tlsCACerts: path: fabric-network/first-network/crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem peer1.org2.example.com: url: localhost:10051 eventUrl: localhost:10053 grpcOptions: ssl-target-name-override: peer1.org2.example.com # These parameters should be set in coordination with the keepalive policy on the server, # as incompatible settings can result in closing of connection. # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled keep-alive-time: 0s keep-alive-timeout: 20s keep-alive-permit: false fail-fast: false # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs allow-insecure: false tlsCACerts: path: fabric-network/first-network/crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem # # Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows # certificate management to be done via REST APIs. Application may choose to use a standard # Certificate Authority instead of Fabric-CA, in which case this section would not be specified. # #certificateAuthorities: # ca.org1.example.com: # url: https://ca.example.com:7054 # tlsCACerts: # # Comma-Separated list of paths # path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem # # Client key and cert for SSL handshake with Fabric CA # client: # key: # path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.key # cert: # path: fabric-network/first-network/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.crt # # # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is # # needed to enroll and invoke new users. # registrar: # enrollId: admin # enrollSecret: adminpw # # [Optional] The optional name of the CA. # caName: ca.example.com # EntityMatchers enable substitution of network hostnames with static configurations # so that properties can be mapped. Regex can be used for this purpose # UrlSubstitutionExp can be empty which means the same network hostname will be used # UrlSubstitutionExp can be given same as mapped peer url, so that mapped peer url can be used # UrlSubstitutionExp can have golang regex matchers like ${1}.local.example.${2}:${3} for pattern # like peer0.org1.example.com:1234 which converts peer0.org1.example.com to peer0.org1.local.example.com:1234 # sslTargetOverrideUrlSubstitutionExp follow in the same lines as # SubstitutionExp for the fields gprcOptions.ssl-target-name-override respectively # In any case mappedHost's config will be used, so mapped host cannot be empty, if entityMatchers are used #entityMatchers: entityMatchers: peer: - pattern: peer0.org1.example.com:7051 urlSubstitutionExp: localhost:7051 eventUrlSubstitutionExp: localhost:7053 sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com mappedHost: peer0.org1.example.com - pattern: peer1.org1.example.com:7051 urlSubstitutionExp: localhost:8051 eventUrlSubstitutionExp: localhost:8053 sslTargetOverrideUrlSubstitutionExp: peer1.org1.example.com mappedHost: peer1.org1.example.com - pattern: peer0.org2.example.com:7051 urlSubstitutionExp: localhost:9051 sslTargetOverrideUrlSubstitutionExp: peer0.org2.example.com mappedHost: peer0.org2.example.com - pattern: peer1.org2.example.com:7051 urlSubstitutionExp: localhost:10051 sslTargetOverrideUrlSubstitutionExp: peer1.org2.example.com mappedHost: peer1.org2.example.com # # - pattern: (\w+).example1.(\w+):(\d+) # urlSubstitutionExp: ${1}.org1.example.${2}:${3} # sslTargetOverrideUrlSubstitutionExp: ${1}.org1.example.${2} # mappedHost: peer0.org1.example.com # # - pattern: (\w+).org1.example.(\w+):(\d+) # urlSubstitutionExp: peer0.org1.example.com:7051 # sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com # mappedHost: peer0.org1.example.com # orderer: - pattern: orderer.example.com:7050 urlSubstitutionExp: localhost:7050 sslTargetOverrideUrlSubstitutionExp: orderer.example.com mappedHost: orderer.example.com # # - pattern: (\w+).example2.(\w+) # urlSubstitutionExp: localhost:7050 # sslTargetOverrideUrlSubstitutionExp: localhost # mappedHost: orderer.example.com # # - pattern: (\w+).example3.(\w+) # urlSubstitutionExp: # sslTargetOverrideUrlSubstitutionExp: # mappedHost: orderer.example.com # # - pattern: (\w+).example4.(\w+):(\d+) # urlSubstitutionExp: ${1}.example.${2}:${3} # sslTargetOverrideUrlSubstitutionExp: ${1}.example.${2} # mappedHost: orderer.example.com # # certificateAuthority: # - pattern: (\w+).org1.example.(\w+) # urlSubstitutionExp: # mappedHost: ca.org1.example.com # # - pattern: (\w+).org2.example.(\w+) # urlSubstitutionExp: # mappedHost: ca.org2.example.com