# 长安链配置管理 本章节介绍长安链中经常会使用到的配置文件所在的项目、默认路径、以及可配置项。 ## 长安链配置文件介绍 长安链配置文件主要包括:(使用cluster_quick_start.sh启动链后) - 长安链节点配置:chainmaker.yml,用于设置自身节点的信息,如:网络、存储、节点发现、交易池等信息; - 长安链链配置:bc1.yml,bc2.yml,bc3.yml ... ...,一个节点可以有多个链配置; - 长安链日志配置:log.yml,用于配置长安链各个模块的日志级别、位置; - 长安链证书工具配置:crypto_config_template.yml,用于prepare.sh脚本生成ca、节点、用户证书; - 长安链SDK-GO/CMC配置:sdk_config.yml,用于向长安链发送交易、查询数据时需要的客户端配置信息。 默认目录结构如下: ```sh # 主项目 chainmaker-go ├── build/release/chainmaker-v2.3.0-wx-org1.chainmaker.org/config/wx-org1.chainmaker.org ├── chainconfig │   └── bc1.yml │── chainmaker.yml └── log.yml └── tools ├── chainmaker-cryptogen -> ../../chainmaker-cryptogen/ │ └── config │ └── crypto_config_template.yml └── cmc └── testdata │── sdk_config.yml │── sdk_config_pk.yml └── sdk_config_pwk.yml # 证书工具 chainmaker-cryptogen └── config └── crypto_config_template.yml # go sdk sdk-go └── testdata │── sdk_config.yml │── sdk_config_pk.yml └── sdk_config_pwk.yml ``` ### chainmaker-go #### chainmaker.yml节点配置 长安链节点配置文件。 ```yml # # Copyright (C) BABEC. All rights reserved. # Copyright (C) THL A29 Limited, a Tencent company. All rights reserved. # # SPDX-License-Identifier: Apache-2.0 # # [*] the represented items could not be modified after startup # "auth_type" should be consistent among the whole chain configuration files(e.g., bc1.yml and chainmaker.yml) # The auth type can be permissionedWithCert, permissionedWithKey, public. # By default it is permissionedWithCert. # permissionedWithCert: permissioned blockchain, using x.509 certificate to identify members. # permissionedWithKey: permissioned blockchain, using public key to identify members. # public: public blockchain, using public key to identify members. auth_type: "permissionedWithCert" # [*] # Logger settings log: # Logger configuration file path. config_file: ../config/{org_path}/log.yml # Crypto engine config, support gmssl, tencentsm and tjfoc crypto_engine: tjfoc # [*] # Chains the node currently joined in blockchain: # chain id and its genesis block file path. - chainId: chain1 genesis: ../config/wx-org1.chainmaker.org/chainconfig/bc1.yml # - chainId: chain2 # genesis: ../config/{org_path2}/chainconfig/bc2.yml # - chainId: chain3 # genesis: ../config/{org_path3}/chainconfig/bc3.yml # - chainId: chain4 # genesis: ../config/{org_path4}/chainconfig/bc4.yml # Blockchain node settings node: # Organization id is the node belongs to. # When the auth type is public, org id is ignored. org_id: wx-org1.chainmaker.org # [*] # Private key file path priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.key # [*] # Certificate file path cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.crt # [*] # Certificate cache size, used to speed up member identity verification. # By default the cache size is 1000. cert_cache_size: 1000 # CertKeyUsageCheck, used to check if tx sender use the proper certificate to sign transactions cert_key_usage_check: true # fast sync settings fast_sync: # Enable it or not enabled: true # [*] # The number of blocks that did not perform fast synchronization at the end min_full_blocks: 10 # PKCS#11 crypto settings pkcs11: # Enable it or not enabled: false # [*] # Type only support pkcs11 and sdf type: pkcs11 # Path for the pkcs11 interface file(.so) library: /usr/local/lib64/pkcs11/libupkcs11.so # Label for the slot to be used label: HSM # HSM Password password: 11111111 # Size for HSM session cache, default value is 10. session_cache_size: 10 # Hash algorithm is used to calculate SKI. # It can be SHA256 or SM3. hash: "SHA256" # [*] # Network Settings net: # Network provider, can be libp2p or liquid. # libp2p: using libp2p components to build the p2p module. # liquid: a new p2p network module. We build it from 0 to 1. # This item must be consistent across the blockchain network. provider: LibP2P # The address and port the node listens on. # By default, it uses 0.0.0.0 to listen on all network interfaces. listen_addr: /ip4/0.0.0.0/tcp/11301 # Max stream of a connection. # peer_stream_pool_size: 100 # Max number of peers the node can connect. # max_peer_count_allow: 20 # The strategy for eliminating node when the amount of connected peers reaches the max value # It could be: 1 Random, 2 FIFO, 3 LIFO. The default strategy is LIFO. # peer_elimination_strategy: 3 # The seeds list used to setup network among all the peer seed when system starting. # The connection supervisor will try to dial seed peer whenever the connection is broken. # Example ip format: "/ip4/127.0.0.1/tcp/11301/p2p/"+nodeid # Example dns format:"/dns/cm-node1.org/tcp/11301/p2p/"+nodeid seeds: - "/ip4/127.0.0.1/tcp/11301/p2p/QmQxemkyExG7cRszvjP9Mgvn7NaLLmAym9WczVTXrEBd9L" - "/ip4/127.0.0.1/tcp/11302/p2p/QmNrF7ynrXxLBuDqG1krt6HUGQcTToDcVxGke19xm1Eyhp" - "/ip4/127.0.0.1/tcp/11303/p2p/QmYZsNs3eC4KjbSAXNNPHCdocrSrSpvRYejdMovnR2ov3Q" - "/ip4/127.0.0.1/tcp/11304/p2p/QmVxCKsHMnGoy5AxycP7aHHWncCpBbttekruZeaRU6xixB" # Network tls settings. tls: # Enable tls or not. Currently it can only be true... enabled: true # TLS private key file path. priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key # TLS Certificate file path. cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt # TLS enc private key file path. (only for gmtls1.1) priv_enc_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.key # TLS enc Certificate file path. cert_enc_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.crt # The blacklist is automatically block the listed seed to connect. # blacklist: # The addresses in blacklist. # The address format can be ip or ip+port. # addresses: # - "127.0.0.1:11301" # - "192.168.1.8" # The node ids in blacklist. # node_ids: # - "QmeyNRs2DwWjcHTpcVHoUSaDAAif4VQZ2wQDQAUNDP33gH" # Transaction pool settings # Other tx_pool settings can be found in tx_Pool_config.go txpool: # tx_pool type, can be single, normal, batch. # By default the tx_pool type is normal. # Note: please delete dump_tx_wal folder in storage.store_path when change tx_pool type pool_type: "normal" # Max common transaction count in tx_pool. # If tx_pool is full, the following transactions will be discarded. max_txpool_size: 50000 # Max config transaction count in tx_pool. max_config_txpool_size: 10 # Whether dump unpacked config and common transactions in queue when stop node, # and replay these transactions when restart node. is_dump_txs_in_queue: true # Common transaction queue num, only for normal tx_pool. # Note: the num should be an exponent of 2 and less than 256, such as, 1, 2, 4, 8, 16, ..., 256 common_queue_num: 8 # The number of transactions contained in a batch, for normal and batch tx_pool. # Note: make sure that block.block_tx_capacity in bc.yml is an integer multiple of batch_max_size batch_max_size: 100 # Interval of creating a transaction batch, for normal and batch tx_pool, in millisecond(ms). batch_create_timeout: 50 # RPC service setting rpc: # RPC type, can only be grpc now provider: grpc # [*] # RPC port port: 12301 # Interval of checking trust root changes, in seconds. # If changed, the rpc server's root certificate pool will also change. # Only valid if tls is enabled. # The minium value is 10. check_chain_conf_trust_roots_change_interval: 60 # restful api gateway gateway: # enable restful api enabled: false # max resp body buffer size, unit: M max_resp_body_size: 16 # Rate limit related settings # Here we use token bucket to limit rate. ratelimit: # Ratelimit switch. Default is false. enabled: false # Rate limit type # 0: limit globally, 1: limit by ip type: 0 # Token number added to bucket per second. # -1: unlimited, by default is 10000. token_per_second: -1 # Token bucket size. # -1: unlimited, by default is 10000. token_bucket_size: -1 # Rate limit settings for subscriber subscriber: ratelimit: token_per_second: 100 token_bucket_size: 100 # RPC TLS settings tls: # TLS mode, can be disable, oneway, twoway. mode: twoway # RPC TLS private key file path priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key # RPC TLS public key file path cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt # RPC enc TLS private key file path (only for gmtls1.1) priv_enc_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.key # RPC enc TLS public key file path cert_enc_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.crt # RPC blacklisted ip addresses blacklist: addresses: # - "127.0.0.1" # RPC server max send/receive message size in MB max_send_msg_size: 100 max_recv_msg_size: 100 tx_filter: # default(store) 0; bird's nest 1; map 2; 3 sharding bird's nest # 3 is recommended. type: 0 # sharding bird's nest config # total keys = sharding.length * sharding.birds_nest.length * sharding.birds_nest.cuckoo.max_num_keys sharding: # sharding number length: 5 # sharding task timeout in seconds timeout: 3 snapshot: # serialize type # 0 Serialization by height interval # 1 Serialization by time interval type: 0 timed: # Time interval in seconds interval: 10 block_height: # Block height interval interval: 10 # Serialization interval in seconds serialize_interval: 10 # file path path: ../data/wx-org1.chainmaker.org/tx_filter # bird's nest config birds_nest: # bird's nest size length: 10 # Transaction filter rules rules: # Absolute expiration time /second # Based on the number of transactions per day, for example, the current total capacity of blockchain transaction # filters is 100 million, and there are 10 million transaction requests per day. # # total keys = sharding.length * sharding.birds_nest.length * sharding.birds_nest.cuckoo.max_num_keys # # absolute expire time = total keys / number of requests per day absolute_expire_time: 172800 cuckoo: # 0 NormalKey; 1 TimestampKey key_type: 1 # num of tags for each bucket, which is b in paper. tag is fingerprint, which is f in paper. # If you are using a semi-sorted bucket, the default is 4 # 2 is recommended. tags_per_bucket: 2 # num of bits for each item, which is length of tag(fingerprint) # 11 is recommended. bits_per_item: 11 # keys number max_num_keys: 2000000 # 0 TableTypeSingle normal single table # 1 TableTypePacked packed table, use semi-sort to save 1 bit per item # 0 is recommended table_type: 0 # bird's nest config # total keys = birds_nest.length * birds_nest.cuckoo.max_num_keys birds_nest: # bird's nest size length: 10 snapshot: # serialize type # 0 Serialization by height interval # 1 Serialization by time interval type: 0 timed: # Time interval in seconds interval: 10 block_height: # Block height interval interval: 10 # Serialization interval in seconds serialize_interval: 10 # file path path: ../data/wx-org1.chainmaker.org/tx_filter # Transaction filter rules rules: # Absolute expiration time /second # Based on the number of transactions per day, for example, the current total capacity of blockchain transaction # filters is 100 million, and there are 10 million transaction requests per day. # # total keys = sharding.length * sharding.birds_nest.length * sharding.birds_nest.cuckoo.max_num_keys # # absolute expire time = total keys / number of requests per day absolute_expire_time: 172800 cuckoo: # 0 NormalKey; 1 TimestampKey key_type: 1 # num of tags for each bucket, which is b in paper. tag is fingerprint, which is f in paper. # If you are using a semi-sorted bucket, the default is 4 # 2 is recommended. tags_per_bucket: 2 # num of bits for each item, which is length of tag(fingerprint) # 11 is recommended. bits_per_item: 11 # keys number max_num_keys: 2000000 # 0 TableTypeSingle normal single table # 1 TableTypePacked packed table, use semi-sort to save 1 bit per item # 0 is recommended table_type: 0 # Monitor related settings monitor: # Monitor service switch, default is false. enabled: false # Monitor service port port: 14321 # PProf Settings pprof: # If pprof is enabled or not enabled: false # PProf port port: 24321 # Consensus related settings consensus: raft: # Take a snapshot based on the set the number of blocks. # If raft nodes change, a snapshot is taken immediately. snap_count: 10 # Saving wal asynchronously switch. Default is true. async_wal_save: true # Min time unit in rate election and heartbeat. ticker: 1 # Scheduler related settings scheduler: # whether log the txRWSet map in debug mode rwset_log: false # Storage config settings # Contains blockDb, stateDb, historyDb, resultDb, contractEventDb # # blockDb: block transaction data, support leveldb, mysql, badgerdb, tikvdb # stateDb: world state data, support leveldb, mysql, badgerdb, tikvdb # historyDb: world state change history of transactions, support leveldb, mysql, badgerdb, tikvdb # resultDb: transaction execution results data, support leveldb, mysql, badgerdb, tikvdb # contractEventDb: contract emit event data, support mysql # # provider, sqldb_type cannot be changed after startup. # store_path, dsn the content cannot be changed after startup. storage: # Default store path store_path: ../data/wx-org1.chainmaker.org/ledgerData1 # [*] # Prefix for mysql db name # db_prefix: org1_ # Minimum block height not allowed to be archived unarchive_block_height: 300000 # Archive dir scan interval time(s), default: 10(s) archive_check_interval: 10 # Restore data merge on chain data wait time, # restore action start after "restoreBlock" action finished "restore_interval" time(s), default: 60(s) restore_interval: 60 # Symmetric encryption algorithm for writing data to disk. can be sm4 or aes # encryptor: sm4 # [*] # Disable block file db, default: true disable_block_file_db: false # [*] # async write block in file block db to disk (by blockfiledb or wal), default: false, so default is sync write disk logdb_segment_async: false # file size of stored block file # if disable_block_file_db: false, we use block filedb, this means .fdb file size(MB), default: 64 # if disable_block_file_db: true, we use wal, this means .wal file size(MB), default: 20 logdb_segment_size: 128 # read bfdb block file time out(ms), default: 1000 read_bfdb_timeout: 1000 # bigfilter config, default false enable_bigfilter: false # effective when enable_bigfilter is true bigfilter_config: # redis host:port redis_hosts_port: "127.0.0.1:6300,127.0.0.1:6301" # redis password redis_password: abcpass # support max transaction capacity tx_capacity: 1000000000 # false postive rate fp_rate: 0.000000001 # RWC config, default false enable_rwc: true # effective when enable_rwc is true, default 1000000 # suggest greater than max_txpool_size*1.1 rolling_window_cache_capacity: 55000 # Symmetric encryption key:16 bytes key # If pkcs11 is enabled, it is the keyID # encrypt_key: "1234567890123456" # 0 common write,1 quick write write_block_type: 0 # record DB slow log (INFO level) when query spend time more than this value (millisecond), 0 means no record slow_log: 0 # state db cache disable_state_cache: false # default enable state cache # effective when disable_state_cache is false state_cache_config: # key/value ttl time, ns life_window: 3000000000000 # interval between removing expired keys and values(clean up). clean_window: 1000000000 # max size of entry in bytes. max_entry_size: 500 # max cache size MB hard_max_cache_size: 1024 # Block db config blockdb_config: # Databases type support leveldb, sql, badgerdb, tikvdb provider: leveldb # [*] # If provider is leveldb, leveldb_config should not be null. leveldb_config: # LevelDb store path store_path: ../data/{org_id}/block # Example for sql provider # Databases type support leveldb, sql, badgerdb, tikvdb # provider: sql # [*] # If provider is sql, sqldb_config should not be null. # sqldb_config: # Sql db type, can be mysql, sqlite. sqlite only for test # sqldb_type: mysql # # [*] # Mysql connection info, the database name is not required. such as: root:admin@tcp(127.0.0.1:3306)/ # dsn: root:password@tcp(127.0.0.1:3306)/ # Example for badgerdb provider # Databases type support leveldb, sql, badgerdb, tikvdb # provider: badgerdb # If provider is badgerdb, badgerdb_config should not be null. # badgerdb_config: # BadgerDb store path # store_path: ../data/wx-org1.chainmaker.org/history # Whether compression is enabled for stored data, default is 0: disabled # compression: 0 # Key and value are stored separately when value is greater than this byte, default is 1024 * 10 # value_threshold: 256 # Number of key value pairs written in batch. default is 128 # write_batch_size: 1024 # Example for tikv provider # provider: tikvdb # If provider is tikvdb, tikvdb_config should not be null. # tikvdb_config: # db_prefix: "node1_" #default is "" # endpoints: "127.0.0.1:2379" # tikv pd server url,support multi url, example :"192.168.1.2:2379,192.168.1.3:2379" # max_batch_count: 128 # max tikv commit batch size, default: 128 # grpc_connection_count: 16 # chainmaker and tikv connect count, default: 4 # grpc_keep_alive_time: 10 # keep connnet alive count, default: 10 # grpc_keep_alive_timeout: 3 # keep connnect alive time, default: 3 # write_batch_size: 128 # commit tikv bacth size each time, default: 128 # State db config statedb_config: provider: leveldb leveldb_config: store_path: ../data/{org_id}/state write_buffer_size: 256 # bloom config for state db, it only takes effect when using kvdb # bloom_config: # enable: true # enable bloom filter or not # dump_path: "../data/{org_id}/state/bloom" # bloom filter data dump to file in the path # # bloom filter calculates the number of enabled hash functions and the number of bits used # # based on the key capacity and false positive rate. # keys_capacity: 1000000000 # false_positive_rate: 0.01 # dump_per_blocks_committed: 1000 # do dump every n blocks added to bloom filter # History db config, default enable history db disable_historydb: false historydb_config: provider: leveldb disable_key_history: false disable_contract_history: true disable_account_history: true leveldb_config: store_path: ../data/{org_id}/history write_buffer_size: 64 # Result db config, default enable result db disable_resultdb: false resultdb_config: provider: leveldb leveldb_config: store_path: ../data/{org_id}/result write_buffer_size: 64 # Disable contract event database or not. If it is false, contract_eventdb_config must be mysql disable_contract_eventdb: true contract_eventdb_config: # Event db only support sql provider: sql # Sql db config sqldb_config: # Event db only support mysql sqldb_type: mysql # Mysql connection info, such as: root:admin@tcp(127.0.0.1:3306)/ dsn: root:password@tcp(127.0.0.1:3306)/ # Contract Virtual Machine(VM) configs vm: # Golang runtime in docker container go: # Enable docker go virtual machine, default: false enable: true # Mount data path in chainmaker, include contracts, uds socks data_mount_path: ../data/wx-org1.chainmaker.org/go # Mount log path in chainmaker log_mount_path: ../log/wx-org1.chainmaker.org/go # Communication protocol, used for chainmaker and docker manager communication # 1. tcp: docker vm uses TCP to communicate with chain # 2. uds: docker vm uses unix domain socket to communicate with chain protocol: tcp # If use a customized VM configuration file, supplement it; else, do not configure # Priority: chainmaker.yml > vm.yml > default settings # dockervm_config_path: /config_path/vm.yml # Whether to print log on terminal log_in_console: false # Log level of docker vm go log_level: INFO # Grpc max send message size of the following 2 servers, Default size is 100, unit: MB max_send_msg_size: 100 # Grpc max receive message size of the following 2 servers, Default size is 100, unit: MB max_recv_msg_size: 100 # Grpc dialing timeout of the following 2 servers, default size is 100, uint: s dial_timeout: 10 # max process num for execute original txs max_concurrency: 20 # Configs of docker runtime server (handle messages with contract sandbox) runtime_server: # Runtime server port, default 32351 port: 32351 # Configs of contract engine server (handle messages with contract engine) contract_engine: # Docker vm contract engine server host, default 127.0.0.1 host: 127.0.0.1 # Docker vm contract engine server port, default 22351 port: 22351 # Max number of connection created to connect docker vm service max_connection: 5 ``` #### bc1.yml 链配置 长安链链配置文件,一个节点可以有多个链。 ```yml # # Copyright (C) BABEC. All rights reserved. # Copyright (C) THL A29 Limited, a Tencent company. All rights reserved. # # SPDX-License-Identifier: Apache-2.0 # # This file is used to generate genesis block. # The content should be consistent across all nodes in this chain. # chain id chain_id: chain1 # chain maker version version: v2.3.3 # chain config sequence sequence: 0 # The blockchain auth type, shoudle be consistent with auth type in node config (e.g., chainmaker.yml) # The auth type can be permissionedWithCert, permissionedWithKey, public. # By default it is permissionedWithCert. # permissionedWithCert: permissioned blockchain, using x.509 certificate to identify members. # permissionedWithKey: permissioned blockchain, using public key to identify members. # public: public blockchain, using public key to identify members. auth_type: "permissionedWithCert" # Crypto settings crypto: # Hash algorithm, can be SHA256, SHA3_256 and SM3 hash: SHA256 # User contract related settings contract: # If the sql support contract is enabled or not. # If it is true, storage.statedb_config.provider in chainmaker.yml should be sql. enable_sql_support: false # If it is true, Only creators are allowed to upgrade contract. only_creator_can_upgrade: false # Virtual machine related settings vm: # Address type # 0-chainmaker, 1-zxl, 2-ethereum addr_type: 2 # Virtual machine support list, In the current version, there are wasmer, gasm, evm and dockergo # virtual machines to choose from. One or more virtual machines can be configured to be started support_list: - "wasmer" - "gasm" - "evm" - "dockergo" - "wxvm" native: multisign: enable_manual_run: true # Block proposing related settings block: # To enable this attribute, ensure that the clock of the node is consistent # Verify the transaction timestamp or not tx_timestamp_verify: true # Transaction timeout, in second. # if abs(now - tx_timestamp) > tx_timeout, the transaction is invalid. tx_timeout: 600 # Max transaction count in a block. block_tx_capacity: 100 # Max block size, in MB block_size: 10 # The interval of block proposing attempts, in millisecond. # should be within the range of [10,10000] block_interval: 10 # Core settings core: # Max scheduling time of a block, in second. # [0, 60] tx_scheduler_timeout: 10 # Max validating time of a block, in second. # [0, 60] tx_scheduler_validate_timeout: 10 # Used for handling txs with sender conflicts efficiently enable_sender_group: false # Used for dynamic tuning the capacity of tx execution goroutine pool enable_conflicts_bit_window: true # Consensus message compression related settings # consensus_turbo_config: # If consensus message compression is enabled or not(solo could not use consensus message turbo). # consensus_message_turbo: false # Max retry count of fetching transaction in txpool by txid. # retry_time: 500 # Retry interval of fetching transaction in txpool by txid, in ms. # retry_interval: 20 # gas account config account_config: # the flag to control if subtracting gas from transaction's origin account when sending tx. enable_gas: false # Deprecated,the default gas count set for admin account. gas_count: 0 # the minimum gas count to be subtracted from transaction's origin account for invoking tx. default_gas: 100 # the gas price per byte for invoking tx, accurate to 6 digits after the decimal point. default_gas_price: 0.1 # the minimum gas count to be subtracted from transaction's origin account for installing|upgrading tx. install_base_gas: 10000 # the gas price per byte for installing tx, accurate to 6 digits after the decimal point. install_gas_price: 0.001 # snapshot settings # snapshot: # Enable the evidence snapshot or not. # enable_evidence: false # scheduler settings # scheduler: # Enable the evidence scheduler or not. # enable_evidence: false # Consensus settings consensus: # Consensus type # 0-SOLO, 1-TBFT, 3-MAXBFT, 4-RAFT, 5-DPOS, 6-ABFT type: 1 # Consensus node list nodes: # Each org has one or more consensus nodes. # We use p2p node id to represent nodes here. - org_id: "wx-org1.chainmaker.org" node_id: - "QmQxemkyExG7cRszvjP9Mgvn7NaLLmAym9WczVTXrEBd9L" - org_id: "wx-org2.chainmaker.org" node_id: - "QmNrF7ynrXxLBuDqG1krt6HUGQcTToDcVxGke19xm1Eyhp" - org_id: "wx-org3.chainmaker.org" node_id: - "QmYZsNs3eC4KjbSAXNNPHCdocrSrSpvRYejdMovnR2ov3Q" - org_id: "wx-org4.chainmaker.org" node_id: - "QmVxCKsHMnGoy5AxycP7aHHWncCpBbttekruZeaRU6xixB" # - org_id: "{org5_id}" # node_id: # - "{org5_peerid}" # - org_id: "{org6_id}" # node_id: # - "{org6_peerid}" # - org_id: "{org7_id}" # node_id: # - "{org7_peerid}" # We can specify other consensus config here in key-value format. ext_config: # - key: aa # value: chain01_ext11 # Trust roots is used to specify the organizations' root certificates in permessionedWithCert mode. # When in permessionedWithKey mode or public mode, it represents the admin users. trust_roots: - org_id: "wx-org4.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org4.chainmaker.org/ca.crt" - org_id: "wx-org3.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org3.chainmaker.org/ca.crt" - org_id: "wx-org2.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org2.chainmaker.org/ca.crt" - org_id: "wx-org1.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org1.chainmaker.org/ca.crt" # Trust members are members that do not need to be verified against trust roots. # trust_members: # Each trust member should specify: member info file path, org id, role, and tls node id if any. # - member_info: "" # org_id: "" # role: "consensus" ## node_id: "" # Resource policies settings resource_policies: - resource_name: CHAIN_CONFIG-NODE_ID_UPDATE policy: # Rule can be Any, All, Majority, Self... rule: SELF # The org id list, all organizations are need if here is null. org_list: # The role list role_list: - admin - resource_name: CHAIN_CONFIG-TRUST_ROOT_ADD policy: rule: MAJORITY org_list: role_list: - admin - resource_name: CHAIN_CONFIG-CERTS_FREEZE policy: rule: ANY org_list: role_list: - admin - resource_name: CONTRACT_MANAGE-INIT_CONTRACT policy: rule: ANY org_list: role_list: # The disabled native contract list # Disable the system contract by specifying the system contract name # Can disabled native contract name contains CHAIN_CONFIG, CHAIN_QUERY, CERT_MANAGE, GOVERNANCE, MULTI_SIGN, PRIVATE_COMPUTE, DPOS_ERC20, DPOS_STAKE, CROSS_TRANSACTION, PUBKEY_MANAGE disabled_native_contract: # - CONTRACT_NAME ``` ### chainmaker-cryptogen #### crypto_config_template.yml 证书生成配置 长安链自建CA证书生成配置文件 ```yml crypto_config: - domain: chainmaker.org host_name: wx-org count: 4 # 如果为1,直接使用host_name,否则添加递增编号 # pk_algo: sm2 # 国密配置 # ski_hash: sm3 pk_algo: ecc_p256 ski_hash: sha256 ## pkcs11配置 pkcs11: enabled: false library: /usr/local/lib64/pkcs11/libupkcs11.so label: HSM password: 11111111 session_cache_size: 10 hash: "SHA256" # hash algorithm used to compute SKI specs: &specs_ref expire_year: 10 sans: - chainmaker.org - localhost - 127.0.0.1 location: &location_ref country: CN locality: Beijing province: Beijing # CA证书配置 ca: location: <<: *location_ref specs: <<: *specs_ref # 节点证书配置 node: - type: consensus # 共识节点数量 count: 1 # 共识节点配置 location: <<: *location_ref specs: <<: *specs_ref expire_year: 5 - type: common # 普通节点数量 count: 1 # 普通节点配置 location: <<: *location_ref specs: <<: *specs_ref expire_year: 5 user: - type: admin # 管理员证书数量 count: 1 # 管理员证书配置 location: <<: *location_ref expire_year: 5 - type: client # 普通用户证书数量 count: 1 # 普通用户证书配置 location: <<: *location_ref expire_year: 5 - type: light # 轻节点用户证书数量 count: 1 # 轻节点用户证书配置 location: <<: *location_ref expire_year: 5 ``` #### pk_config_template.yml 长安链公私钥对生成配置 ```sh pk_config: # pk_algo: RSA2048 pk_algo: ecc_p256 # pk_algo: sm2 hash_algo: SHA256 #pkcs11配置 pkcs11: enabled: false library: /usr/local/lib64/pkcs11/libupkcs11.so label: HSM password: 11111111 session_cache_size: 10 hash: "SHA256" # hash algorithm used to compute SKI # Admin配置 admin: count: 5 # 节点证书配置 node: - count: 4 user: - type: client # 普通用户证书数量 count: 1 # - type: light # # 轻节点用户证书数量 # count: 4 ``` #### pwk_config_template.yml 长安链公私钥对生成配置 ```sh pwk_config: - domain: chainmaker.org host_name: wx-org count: 4 # 如果为1,直接使用host_name,否则添加递增编号 # pk_algo: sm2 pk_algo: ecc_p256 # pk_algo: RSA2048 hash_algo: sha256 # hash_algo: sm3 #pkcs11配置 pkcs11: enabled: false library: /usr/local/lib64/pkcs11/libupkcs11.so label: HSM password: 11111111 session_cache_size: 10 hash: "SHA256" # hash algorithm used to compute SKI # Admin配置 admin: # 节点证书配置 node: - type: consensus # 共识节点数量 count: 1 - type: common # 普通节点数量 count: 1 user: - type: admin # 管理员证书数量 count: 1 - type: client # 普通用户证书数量 count: 1 - type: light # 轻节点用户证书数量 count: 1 ``` ### sdk-go #### sdk_config.yml 客户端连接配置 ```yml chain_client: # 链ID chain_id: "chain1" # 组织ID org_id: "wx-org1.chainmaker.org" # 客户端用户私钥路径 user_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.key" # 客户端用户私钥密码(无密码则不需要设置) # user_key_pwd: "123" # 客户端用户证书路径 user_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.crt" # 客户端用户加密私钥路径(tls加密证书对应私钥,应用于国密GMTLS双证书体系;若未设置仅使用单证书) user_enc_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.enc.key" # 客户端用户加密私钥密码(无密码则不需要设置) # user_enc_key_pwd: "123" # 客户端用户加密证书路径(tls加密证书,应用于国密GMTLS双证书体系;若未设置仅使用单证书) user_enc_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.enc.crt" # 客户端用户交易签名私钥路径(若未设置,将使用user_key_file_path) user_sign_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.key" # 客户端用户交易签名私钥密码(无密码则不需要设置) # user_sign_key_pwd: "123" # 客户端用户交易签名证书路径(若未设置,将使用user_crt_file_path) user_sign_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.crt" # 同步交易结果模式下,轮询获取交易结果时的最大轮询次数,删除此项或设为<=0则使用默认值 10 retry_limit: 20 # 同步交易结果模式下,每次轮询交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500 retry_interval: 500 # 当前签名证书的别名。当设置此配置项时,chain client 对象将自动检查链上是否已添加此别名,如果没有则自动上链此证书别名, # 并且后续所有交易都会使用别名,别名可降低交易体大小。若为空则不启用。 # alias: my_cert_alias # txid配置项:默认支持TimestampKey,如果开启enableNormalKey则使用NormalKey enable_normal_key: false nodes: - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12301" # 节点连接数 conn_cnt: 10 # RPC连接是否启用双向TLS认证 enable_tls: true # 信任证书池路径 trust_root_paths: - "./testdata/crypto-config/wx-org1.chainmaker.org/ca" # TLS hostname tls_host_name: "chainmaker.org" rpc_client: max_receive_message_size: 100 # grpc客户端接收消息时,允许单条message大小的最大值(MB) max_send_message_size: 100 # grpc客户端发送消息时,允许单条message大小的最大值(MB) send_tx_timeout: 60 # grpc 客户端发送交易超时时间 get_tx_timeout: 60 # rpc 客户端查询交易超时时间 pkcs11: enabled: false # pkcs11 is not used by default library: /usr/local/lib64/pkcs11/libupkcs11.so # path to the .so file of pkcs11 interface label: HSM # label for the slot to be used password: 11111111 # password to logon the HSM(Hardware security module) session_cache_size: 10 # size of HSM session cache, default to 10 hash: "SHA256" # hash algorithm used to compute SKI archive: # 数据归档链外存储相关配置 # 如果使用了新版本的归档中心,这个地方配置为archivecenter type: "mysql" # archivecenter 归档中心, mysql mysql数据库 dest: "root:123456:localhost:3306" secret_key: xxx # # 如果启用了归档中心,可以打开下面的归档中心配置 archive_center_query_first: true # 如果为true且归档中心配置打开,那么查询数据优先从归档中心查询 # archive_center_config: # chain_genesis_hash: c670b598127f5795767d1acbae435e714797596f7e0a55dd05205da948de1a0a # archive_center_http_url: http://127.0.0.1:13119 # request_second_limit: 10 # rpc_address: 127.0.0.1:13120 # tls_enable: false # tls: # server_name: archiveserver1.tls.wx-org.chainmaker.org # priv_key_file: ./testdata/archivecenter/archiveclient1.tls.key # cert_file: ./testdata/archivecenter/archiveclient1.tls.crt # trust_ca_list: # - ./testdata/archivecenter/ca.crt # max_send_msg_size: 200 # max_recv_msg_size: 200 ``` #### sdk_config_pk.yml ```yaml chain_client: # 链ID chain_id: "chain1" # 客户端用户交易签名私钥路径 user_sign_key_file_path: "./testdata/crypto-config-pk/public/user/user1/user1.key" # 客户端用户交易签名私钥密码(无密码则不需要设置) # user_sign_key_pwd: "123" # 签名使用的哈希算法,和节点保持一直 crypto: hash: SHA256 auth_type: public # 同步交易结果模式下,轮询获取交易结果时的最大轮询次数,删除此项或设为<=0则使用默认值 10 retry_limit: 20 # 同步交易结果模式下,每次轮询交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500 retry_interval: 500 # txid配置项:默认支持TimestampKey,如果开启enableNormalKey则使用NormalKey enable_normal_key: false nodes: - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12301" # 节点连接数 conn_cnt: 10 archive: # 数据归档链外存储相关配置 # 如果使用了新版本的归档中心,这个地方配置为archivecenter type: "mysql" # archivecenter 归档中心, mysql mysql数据库 dest: "root:123456:localhost:3306" secret_key: xxx rpc_client: max_receive_message_size: 100 # grpc客户端接收消息时,允许单条message大小的最大值(MB) max_send_message_size: 100 # grpc客户端发送消息时,允许单条message大小的最大值(MB) send_tx_timeout: 60 # grpc 客户端发送交易超时时间 get_tx_timeout: 60 # rpc 客户端查询交易超时时间 # #如果启用了归档中心,可以打开下面的归档中心配置 archive_center_query_first: true # 如果为true且归档中心配置打开,那么查询数据优先从归档中心查询 # archive_center_config: # chain_genesis_hash: c670b598127f5795767d1acbae435e714797596f7e0a55dd05205da948de1a0a # archive_center_http_url: http://127.0.0.1:13119 # request_second_limit: 10 # rpc_address: 127.0.0.1:13120 # tls_enable: false # tls: # server_name: archiveserver1.tls.wx-org.chainmaker.org # priv_key_file: ./testdata/archivecenter/archiveclient1.tls.key # cert_file: ./testdata/archivecenter/archiveclient1.tls.crt # trust_ca_list: # - ./testdata/archivecenter/ca.crt # max_send_msg_size: 200 # max_recv_msg_size: 200 ``` #### sdk_config_pwk.yml ```yaml chain_client: # 链ID chain_id: "chain1" # 组织ID org_id: "wx-org1.chainmaker.org" # 客户端用户交易签名私钥路径 user_sign_key_file_path: "./testdata/crypto-config-pk/permissioned-with-key/wx-org1/user/client1/client1.key" # 客户端用户交易签名私钥密码(无密码则不需要设置) # user_sign_key_pwd: "123" # 签名使用的哈希算法,和节点保持一直 crypto: hash: SHA256 auth_type: permissionedWithKey # 同步交易结果模式下,轮询获取交易结果时的最大轮询次数,删除此项或设为<=0则使用默认值 10 retry_limit: 20 # 同步交易结果模式下,每次轮询交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500 retry_interval: 500 # txid配置项:默认支持TimestampKey,如果开启enableNormalKey则使用NormalKey enable_normal_key: false nodes: - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12301" # 节点连接数 conn_cnt: 10 archive: # 数据归档链外存储相关配置 # 如果使用了新版本的归档中心,这个地方配置为archivecenter type: "mysql" # archivecenter 归档中心, mysql mysql数据库 dest: "root:123456:localhost:3306" secret_key: xxx rpc_client: max_receive_message_size: 100 # grpc客户端接收消息时,允许单条message大小的最大值(MB) max_send_message_size: 100 # grpc客户端发送消息时,允许单条message大小的最大值(MB) send_tx_timeout: 60 # grpc 客户端发送交易超时时间 get_tx_timeout: 60 # rpc 客户端查询交易超时时间 # #如果启用了归档中心,可以打开下面的归档中心配置 archive_center_query_first: true # 如果为true且归档中心配置打开,那么查询数据优先从归档中心查询 # archive_center_config: # chain_genesis_hash: c670b598127f5795767d1acbae435e714797596f7e0a55dd05205da948de1a0a # archive_center_http_url: http://127.0.0.1:13119 # request_second_limit: 10 # rpc_address: 127.0.0.1:13120 # tls_enable: false # tls: # server_name: archiveserver1.tls.wx-org.chainmaker.org # priv_key_file: ./testdata/archivecenter/archiveclient1.tls.key # cert_file: ./testdata/archivecenter/archiveclient1.tls.crt # trust_ca_list: # - ./testdata/archivecenter/ca.crt # max_send_msg_size: 200 # max_recv_msg_size: 200 ``` ### sdk-java #### sdk_config.yml ```yaml chain_client: # 链ID chain_id: "chain1" # 组织ID org_id: "wx-org1.chainmaker.org" # 客户端用户私钥路径 user_key_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.key" # 客户端用户证书路径 user_crt_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.crt" # 客户端用户交易签名私钥路径 user_sign_key_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.key" # 客户端用户交易签名证书路径 user_sign_crt_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.crt" # 同步交易结果模式下,轮训获取交易结果时的最大轮训次数,删除此项或设为<=0则使用默认值 10 retry_limit: 10 # 同步交易结果模式下,每次轮训交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500 retry_interval: 500 # 当前签名证书的别名。当设置此配置项时,chain client 对象将自动检查链上是否已添加此别名,如果没有则自动上链此证书别名, # 并且后续所有交易都会使用别名,别名可降低交易体大小。若为空则不启用。 # alias: mycert5 nodes: - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12301" # 节点连接数 conn_cnt: 10 # RPC连接是否启用双向TLS认证 enable_tls: true # 信任证书池路径 trust_root_paths: - "src/test/resources/crypto-config/wx-org1.chainmaker.org/ca" - "src/test/resources/crypto-config/wx-org2.chainmaker.org/ca" # TLS hostname tls_host_name: "chainmaker.org" - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12302" # 节点连接数 conn_cnt: 10 # RPC连接是否启用双向TLS认证 enable_tls: true # 信任证书池路径 trust_root_paths: - "src/test/resources/crypto-config/wx-org1.chainmaker.org/ca" - "src/test/resources/crypto-config/wx-org2.chainmaker.org/ca" # TLS hostname tls_host_name: "chainmaker.org" archive: # 数据归档链外存储相关配置 type: "mysql" dest: "root:123456:localhost:3306" secret_key: xxx rpc_client: # grpc客户端最大接受容量(MB) max_receive_message_size: 16 pkcs11: enabled: false # pkcs11 is not used by default # 交易结果是否订阅获取 enable_tx_result_dispatcher: false ##连接池配置 connPool: # 最大连接数 maxTotal: 100 # 最少空闲连接 minIdle: 5 #最大空闲连接 maxIdle: 20 #连接空闲最小保活时间,默认即为-1,单位:ms #当空闲的时间大于这个值时,强制移除该空闲对象 minEvictableIdleTime: -1 #连接空闲最小保活时间,默认即为30分钟(1800000),单位:ms #当对象的空闲时间超过这个值,并且当前空闲对象的数量大于最小空闲数量(minIdle)时,执行移除操作 softMinEvictableIdleTime: 1800000 #回收空闲线程的执行周期,单位毫秒。默认值5分钟(300000) ,-1 表示不启用线程回收资源,单位:ms timeBetweenEvictionRuns: 300000 #没有空闲连接时,获取连接是否阻塞 blockWhenExhausted: true #当没有空闲连接时,获取连接阻塞等待时间,单位:ms maxWaitMillis: 11000 ``` #### sdk_config_pk.yml ```yaml chain_client: # 链ID chain_id: "chain1" # 客户端用户交易签名私钥路径 user_sign_key_file_path: "/Users/superhin/Projects/chainmaker-go/build/crypto-config/node1/admin/admin1/admin1.key" # 签名使用的哈希算法,和节点保持一直 crypto: hash: SHA256 auth_type: public nodes: - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12301" # 节点连接数 conn_cnt: 10 - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12302" # 节点连接数 conn_cnt: 10 archive: # 数据归档链外存储相关配置 type: "mysql" dest: "root:123456:localhost:3306" secret_key: xxx rpc_client: # grpc客户端最大接受容量(MB) max_receive_message_size: 16 # 交易结果是否订阅获取 enable_tx_result_dispatcher: false ##连接池配置 connPool: # 最大连接数 maxTotal: 100 # 最少空闲连接 minIdle: 5 #最大空闲连接 maxIdle: 20 #连接空闲最小保活时间,默认即为-1,单位:ms #当空闲的时间大于这个值时,强制移除该空闲对象 minEvictableIdleTime: -1 #连接空闲最小保活时间,默认即为30分钟(1800000),单位:ms #当对象的空闲时间超过这个值,并且当前空闲对象的数量大于最小空闲数量(minIdle)时,执行移除操作 softMinEvictableIdleTime: 1800000 #回收空闲线程的执行周期,单位毫秒。默认值5分钟(300000) ,-1 表示不启用线程回收资源,单位:ms timeBetweenEvictionRuns: 300000 #没有空闲连接时,获取连接是否阻塞 blockWhenExhausted: true #当没有空闲连接时,获取连接阻塞等待时间,单位:ms maxWaitMillis: 11000 ``` #### sdk_config_pwk.yml ```yaml chain_client: # 链ID chain_id: "chain1" # 组织ID org_id: "wx-org1.chainmaker.org" # 客户端用户交易签名私钥路径 user_sign_key_file_path: "/Users/superhin/Projects/chainmaker-go/build/crypto-config/wx-org1.chainmaker.org/admin/admin.key" # 签名使用的哈希算法,和节点保持一直 crypto: hash: SHA256 auth_type: permissionedWithKey nodes: - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12301" # 节点连接数 conn_cnt: 10 archive: # 数据归档链外存储相关配置 type: "mysql" dest: "root:123456:localhost:3306" secret_key: xxx rpc_client: # grpc客户端最大接受容量(MB) max_receive_message_size: 16 # 交易结果是否订阅获取 enable_tx_result_dispatcher: false ##连接池配置 connPool: # 最大连接数 maxTotal: 100 # 最少空闲连接 minIdle: 5 #最大空闲连接 maxIdle: 20 #连接空闲最小保活时间,默认即为-1,单位:ms #当空闲的时间大于这个值时,强制移除该空闲对象 minEvictableIdleTime: -1 #连接空闲最小保活时间,默认即为30分钟(1800000),单位:ms #当对象的空闲时间超过这个值,并且当前空闲对象的数量大于最小空闲数量(minIdle)时,执行移除操作 softMinEvictableIdleTime: 1800000 #回收空闲线程的执行周期,单位毫秒。默认值5分钟(300000) ,-1 表示不启用线程回收资源,单位:ms timeBetweenEvictionRuns: 300000 #没有空闲连接时,获取连接是否阻塞 blockWhenExhausted: true #当没有空闲连接时,获取连接阻塞等待时间,单位:ms maxWaitMillis: 11000 ``` ### cmc `sdk_config.yml`同 sdk-go的`sdk_config.yml` ## 链配置的管理 长安链·ChainMaker的链配置文件为bcN.yml。其中包含了节点初次启动时的创世纪块的配置信息。将根据该配置,生成创世纪块。 > 在同一条链中,创世纪块的内容必须严格一致 > > 意味着:bc.yml的内容(若是路径则为路径对应的内容),在每个节点都必须一致 除了启动之前可修改bc.yml文件外,链上配置热修改可以通过SDK和CMC完成。 可修改的链配置主要包含如下几方面: 1. VM引擎类型:vm.support_list 2. 区块的交易数、超时时间、出块间隔:block.block_tx_capacity、block.time_out、block.block_interval 3. 根证书管理:trust_roots 4. 权限修改:resource_policies 5. 共识节点管理:nodes - 通过CMC工具修改配置请参考[CMC工具使用文档](../dev/命令行工具.md) - 通过CMC工具修改配置请参考[如何使用长安链SDK文档](../sdk/GoSDK使用说明.md)