1. 长安链配置管理

本章节介绍长安链中经常会使用到的配置文件所在的项目、默认路径、以及可配置项。

1.1. 长安链配置文件介绍

长安链配置文件主要包括:(使用cluster_quick_start.sh启动链后)

  • 长安链节点配置:chainmaker.yml,用于设置自身节点的信息,如:网络、存储、节点发现、交易池等信息;

  • 长安链链配置:bc1.yml,bc2.yml,bc3.yml … …,一个节点可以有多个链配置;

  • 长安链日志配置:log.yml,用于配置长安链各个模块的日志级别、位置;

  • 长安链证书工具配置:crypto_config_template.yml,用于prepare.sh脚本生成ca、节点、用户证书;

  • 长安链SDK-GO/CMC配置:sdk_config.yml,用于向长安链发送交易、查询数据时需要的客户端配置信息。

默认目录结构如下:

# 主项目
chainmaker-go 
├── build/release/chainmaker-v2.3.0-wx-org1.chainmaker.org/config/wx-org1.chainmaker.org
	├── chainconfig
	   └── bc1.yml
	│── chainmaker.yml
	└── log.yml
└── tools
	├── chainmaker-cryptogen -> ../../chainmaker-cryptogen/
		└── config
			└── crypto_config_template.yml
	└── cmc
		└── testdata
			│── sdk_config.yml
			│── sdk_config_pk.yml
			└── sdk_config_pwk.yml
# 证书工具
chainmaker-cryptogen 
└── config
	└── crypto_config_template.yml

# go sdk
sdk-go 
└── testdata
    │── sdk_config.yml
    │── sdk_config_pk.yml
    └── sdk_config_pwk.yml

1.1.1. chainmaker-go

1.1.1.1. chainmaker.yml节点配置

长安链节点配置文件。

#
# Copyright (C) BABEC. All rights reserved.
# Copyright (C) THL A29 Limited, a Tencent company. All rights reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

# [*] the represented items could not be modified after startup

# "auth_type" should be consistent among the whole chain configuration files(e.g., bc1.yml and chainmaker.yml)
# The auth type can be permissionedWithCert, permissionedWithKey, public.
# By default it is permissionedWithCert.
# permissionedWithCert: permissioned blockchain, using x.509 certificate to identify members.
# permissionedWithKey: permissioned blockchain, using public key to identify members.
# public: public blockchain, using public key to identify members.
auth_type: "permissionedWithCert" # [*]

# Logger settings
log:
  # Logger configuration file path.
  config_file: ../config/{org_path}/log.yml

# Crypto engine config, support gmssl, tencentsm and tjfoc
crypto_engine: tjfoc # [*]

# Chains the node currently joined in
blockchain:
  # chain id and its genesis block file path.
  - chainId: chain1
    genesis: ../config/wx-org1.chainmaker.org/chainconfig/bc1.yml
#  - chainId: chain2
#    genesis: ../config/{org_path2}/chainconfig/bc2.yml
#  - chainId: chain3
#    genesis: ../config/{org_path3}/chainconfig/bc3.yml
#  - chainId: chain4
#    genesis: ../config/{org_path4}/chainconfig/bc4.yml

# Blockchain node settings
node:
  # Organization id is the node belongs to.
  # When the auth type is public, org id is ignored.
  org_id:            wx-org1.chainmaker.org  # [*]

  # Private key file path
  priv_key_file:     ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.key  # [*]

  # Certificate file path
  cert_file:         ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.crt  # [*]

  # Certificate cache size, used to speed up member identity verification.
  # By default the cache size is 1000.
  cert_cache_size:   1000

  # CertKeyUsageCheck, used to check if tx sender use the proper certificate to sign transactions
  cert_key_usage_check: true

  # fast sync settings
  fast_sync:
    # Enable it or not
    enabled: true  # [*]

    # The number of blocks that did not perform fast synchronization at the end
    min_full_blocks: 10

  # PKCS#11 crypto settings
  pkcs11:
    # Enable it or not
    enabled: false  # [*]

    # Type only support pkcs11 and sdf
    type: pkcs11

    # Path for the pkcs11 interface file(.so)
    library: /usr/local/lib64/pkcs11/libupkcs11.so

    # Label for the slot to be used
    label: HSM

    # HSM Password
    password: 11111111

    # Size for HSM session cache, default value is 10.
    session_cache_size: 10

    # Hash algorithm is used to calculate SKI.
    # It can be SHA256 or SM3.
    hash: "SHA256"  # [*]

# Network Settings
net:
  # Network provider, can be libp2p or liquid.
  # libp2p: using libp2p components to build the p2p module.
  # liquid: a new p2p network module. We build it from 0 to 1.
  # This item must be consistent across the blockchain network.
  provider: LibP2P

  # The address and port the node listens on.
  # By default, it uses 0.0.0.0 to listen on all network interfaces.
  listen_addr: /ip4/0.0.0.0/tcp/11301

  # Max stream of a connection.
  # peer_stream_pool_size: 100

  # Max number of peers the node can connect.
  # max_peer_count_allow: 20

  # The strategy for eliminating node when the amount of connected peers reaches the max value
  # It could be: 1 Random, 2 FIFO, 3 LIFO. The default strategy is LIFO.
  # peer_elimination_strategy: 3

  # The seeds list used to setup network among all the peer seed when system starting.
  # The connection supervisor will try to dial seed peer whenever the connection is broken.
  # Example ip format: "/ip4/127.0.0.1/tcp/11301/p2p/"+nodeid
  # Example dns format:"/dns/cm-node1.org/tcp/11301/p2p/"+nodeid
  seeds:
    - "/ip4/127.0.0.1/tcp/11301/p2p/QmQxemkyExG7cRszvjP9Mgvn7NaLLmAym9WczVTXrEBd9L"
    - "/ip4/127.0.0.1/tcp/11302/p2p/QmNrF7ynrXxLBuDqG1krt6HUGQcTToDcVxGke19xm1Eyhp"
    - "/ip4/127.0.0.1/tcp/11303/p2p/QmYZsNs3eC4KjbSAXNNPHCdocrSrSpvRYejdMovnR2ov3Q"
    - "/ip4/127.0.0.1/tcp/11304/p2p/QmVxCKsHMnGoy5AxycP7aHHWncCpBbttekruZeaRU6xixB"
  
  # Starting from v2.4.0, hot-reloading of seeds is supported
  # To update configuration:
  # 1. Modify both seeds and custom_chain_trust_roots
  # 2. Submit a configuration transaction
  # This eliminates the need for node restart that was required in previous versions
#  custom_chain_trust_roots:
#    - chain_id: chain2
#      trust_roots: ../config/wx-org1.chainmaker.org/certs/ca/wx-org5.chainmaker.org/ca.crt
  
  # Network tls settings.
  tls:
    # Enable tls or not. Currently it can only be true...
    enabled: true

    # TLS private key file path.
    priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key

    # TLS Certificate file path.
    cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt

    # TLS enc private key file path. (only for gmtls1.1)
    priv_enc_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.key

    # TLS enc Certificate file path.
    cert_enc_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.crt

  # The blacklist is automatically block the listed seed to connect.
  # blacklist:
      # The addresses in blacklist.
      # The address format can be ip or ip+port.
      # addresses:
      #   - "127.0.0.1:11301"
      #   - "192.168.1.8"

      # The node ids in blacklist.
      # node_ids:
      #   - "QmeyNRs2DwWjcHTpcVHoUSaDAAif4VQZ2wQDQAUNDP33gH"

# Transaction pool settings
# Other tx_pool settings can be found in tx_Pool_config.go
txpool:
  # tx_pool type, can be single, normal, batch.
  # By default the tx_pool type is normal.
  # Note: please delete dump_tx_wal folder in storage.store_path when change tx_pool type
  pool_type: "normal"

  # Max common transaction count in tx_pool.
  # If tx_pool is full, the following transactions will be discarded.
  max_txpool_size: 50000

  # Max config transaction count in tx_pool.
  max_config_txpool_size: 10

  # Whether dump unpacked config and common transactions in queue when stop node,
  # and replay these transactions when restart node.
  is_dump_txs_in_queue: true

  # Common transaction queue num, only for normal tx_pool.
  # Note: the num should be an exponent of 2 and less than 256, such as, 1, 2, 4, 8, 16, ..., 256
  common_queue_num: 8

  # The number of transactions contained in a batch, for normal and batch tx_pool.
  # Note: make sure that block.block_tx_capacity in bc.yml is an integer multiple of batch_max_size
  batch_max_size: 100

  # Interval of creating a transaction batch, for normal and batch tx_pool, in millisecond(ms).
  batch_create_timeout: 50

 # RPC service setting
rpc:
  # RPC type, can only be grpc now
  provider: grpc  # [*]

  # RPC port
  port: 12301

  # Interval of checking trust root changes, in seconds.
  # If changed, the rpc server's root certificate pool will also change.
  # Only valid if tls is enabled.
  # The minium value is 10.
  check_chain_conf_trust_roots_change_interval: 60

  # restful api gateway
  gateway:
    # enable restful api
    enabled: false
    # max resp body buffer size, unit: M
    max_resp_body_size: 16

  # Rate limit related settings
  # Here we use token bucket to limit rate.
  ratelimit:
    # Ratelimit switch. Default is false.
    enabled: false

    # Rate limit type
    # 0: limit globally, 1: limit by ip
    type: 0

    # Token number added to bucket per second.
    # -1: unlimited, by default is 10000.
    token_per_second: -1

    # Token bucket size.
    # -1: unlimited, by default is 10000.
    token_bucket_size: -1

  # Rate limit settings for subscriber
  subscriber:
    ratelimit:
      token_per_second: 100
      token_bucket_size: 100

  # RPC TLS settings
  tls:
    # TLS mode, can be disable, oneway, twoway.
    mode:           twoway

    # RPC TLS private key file path
    priv_key_file:  ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key

    # RPC TLS public key file path
    cert_file:      ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt

    # RPC enc TLS private key file path (only for gmtls1.1)
    priv_enc_key_file:  ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.key

    # RPC enc TLS public key file path
    cert_enc_file:      ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.enc.crt

  # RPC blacklisted ip addresses
  blacklist:
    addresses:
      # - "127.0.0.1"

  # RPC server max send/receive message size in MB
  max_send_msg_size: 100
  max_recv_msg_size: 100

tx_filter:
  # default(store) 0; bird's nest 1; map 2; 3 sharding bird's nest
  # 3 is recommended.
  type: 0
  # sharding bird's nest config
  # total keys = sharding.length * sharding.birds_nest.length * sharding.birds_nest.cuckoo.max_num_keys
  sharding:
    # sharding number
    length: 5
    # sharding task timeout in seconds
    timeout: 3
    snapshot:
      # serialize type
      # 0 Serialization by height interval
      # 1 Serialization by time interval
      type: 0
      timed:
        # Time interval in seconds
        interval: 10
      block_height:
        # Block height interval
        interval: 10
      # Serialization interval in seconds
      serialize_interval: 10
      # file path
      path: ../data/wx-org1.chainmaker.org/tx_filter
    # bird's nest config
    birds_nest:
      # bird's nest size
      length: 10
      # Transaction filter rules
      rules:
        # Absolute expiration time /second
        # Based on the number of transactions per day, for example, the current total capacity of blockchain transaction
        # filters is 100 million, and there are 10 million transaction requests per day.
        #
        # total keys = sharding.length * sharding.birds_nest.length * sharding.birds_nest.cuckoo.max_num_keys
        #
        # absolute expire time = total keys / number of requests per day
        absolute_expire_time: 172800
      cuckoo:
        # 0 NormalKey; 1 TimestampKey
        key_type: 1
        # num of tags for each bucket, which is b in paper. tag is fingerprint, which is f in paper.
        # If you are using a semi-sorted bucket, the default is 4
        # 2 is recommended.
        tags_per_bucket: 2
        # num of bits for each item, which is length of tag(fingerprint)
        # 11 is recommended.
        bits_per_item: 11
        # keys number
        max_num_keys: 2000000
        # 0 TableTypeSingle normal single table
        # 1 TableTypePacked packed table, use semi-sort to save 1 bit per item
        # 0 is recommended
        table_type: 0
  # bird's nest config
  # total keys = birds_nest.length * birds_nest.cuckoo.max_num_keys
  birds_nest:
    # bird's nest size
    length: 10
    snapshot:
      # serialize type
      # 0 Serialization by height interval
      # 1 Serialization by time interval
      type: 0
      timed:
        # Time interval in seconds
        interval: 10
      block_height:
        # Block height interval
        interval: 10
      # Serialization interval in seconds
      serialize_interval: 10
      # file path
      path: ../data/wx-org1.chainmaker.org/tx_filter
    # Transaction filter rules
    rules:
      # Absolute expiration time /second
      # Based on the number of transactions per day, for example, the current total capacity of blockchain transaction
      # filters is 100 million, and there are 10 million transaction requests per day.
      #
      # total keys = sharding.length * sharding.birds_nest.length * sharding.birds_nest.cuckoo.max_num_keys
      #
      # absolute expire time = total keys / number of requests per day
      absolute_expire_time: 172800
    cuckoo:
      # 0 NormalKey; 1 TimestampKey
      key_type: 1
      # num of tags for each bucket, which is b in paper. tag is fingerprint, which is f in paper.
      # If you are using a semi-sorted bucket, the default is 4
      # 2 is recommended.
      tags_per_bucket: 2
      # num of bits for each item, which is length of tag(fingerprint)
      # 11 is recommended.
      bits_per_item: 11
      # keys number
      max_num_keys: 2000000
      # 0 TableTypeSingle normal single table
      # 1 TableTypePacked packed table, use semi-sort to save 1 bit per item
      # 0 is recommended
      table_type: 0

# Monitor related settings
monitor:
  # Monitor service switch, default is false.
  enabled: false

  # Monitor service port
  port: 14321

# PProf Settings
pprof:
  # If pprof is enabled or not
  enabled: false

  # PProf port
  port: 24321

# Consensus related settings
consensus:
  raft:
    # Take a snapshot based on the set the number of blocks.
    # If raft nodes change, a snapshot is taken immediately.
    snap_count: 10

    # Saving wal asynchronously switch. Default is true.
    async_wal_save: true

    # Min time unit in rate election and heartbeat.
    ticker: 1

# Scheduler related settings
scheduler:
  # whether log the txRWSet map in debug mode
  rwset_log: false

# Storage config settings
# Contains blockDb, stateDb, historyDb, resultDb, contractEventDb
#
# blockDb: block transaction data,                          support leveldb, mysql, badgerdb, tikvdb
# stateDb: world state data,                                support leveldb, mysql, badgerdb, tikvdb
# historyDb: world state change history of transactions,    support leveldb, mysql, badgerdb, tikvdb
# resultDb: transaction execution results data,             support leveldb, mysql, badgerdb, tikvdb
# contractEventDb: contract emit event data,                support mysql
#
# provider, sqldb_type cannot be changed after startup.
# store_path, dsn the content cannot be changed after startup.
storage:
  # Default store path
  store_path: ../data/wx-org1.chainmaker.org/ledgerData1 # [*]

  # Prefix for mysql db name
  # db_prefix: org1_

  # Minimum block height not allowed to be archived
  unarchive_block_height: 300000

  # Archive dir scan interval time(s), default: 10(s)
  archive_check_interval: 10

  # Restore data merge on chain data wait time,
  # restore action start after "restoreBlock" action finished "restore_interval" time(s), default: 60(s)
  restore_interval: 60

  # Symmetric encryption algorithm for writing data to disk. can be sm4 or aes
  # encryptor: sm4    # [*]

  # Disable block file db, default: true
  disable_block_file_db: false  # [*]

  # async write block in file block db to disk (by blockfiledb or wal), default: false, so default is sync write disk
  logdb_segment_async: false

  # file size of stored block file
  # if disable_block_file_db: false, we use block filedb, this means .fdb file size(MB), default: 64
  # if disable_block_file_db: true, we use wal, this means .wal file size(MB), default: 20
  logdb_segment_size: 128

  # read bfdb block file time out(ms), default: 1000
  read_bfdb_timeout: 1000

  # bigfilter config, default false
  enable_bigfilter: false

  # effective when enable_bigfilter is true
  bigfilter_config:
    # redis host:port
    redis_hosts_port: "127.0.0.1:6300,127.0.0.1:6301"

    # redis password
    redis_password: abcpass

    # support max transaction capacity
    tx_capacity: 1000000000

    # false postive rate
    fp_rate: 0.000000001

  # RWC config, default false
  enable_rwc: true

  # effective when enable_rwc is true, default 1000000
  # suggest greater than max_txpool_size*1.1
  rolling_window_cache_capacity: 55000

  # Symmetric encryption key:16 bytes key
  # If pkcs11 is enabled, it is the keyID
  # encrypt_key: "1234567890123456"

  # 0 common write,1 quick write
  write_block_type: 0

  # record DB slow log (INFO level) when query spend time more than this value (millisecond), 0 means no record
  slow_log: 0

  # state db cache
  disable_state_cache: false # default enable state cache

  # effective when disable_state_cache is false
  state_cache_config:
    # key/value ttl time, ns
    life_window: 3000000000000

    # interval between removing expired keys and values(clean up).
    clean_window: 1000000000

    # max size of entry in bytes.
    max_entry_size: 500

    # max cache size MB
    hard_max_cache_size: 1024

  # Block db config
  blockdb_config:
    # Databases type support leveldb, sql, badgerdb, tikvdb
    provider: leveldb # [*]

    # If provider is leveldb, leveldb_config should not be null.
    leveldb_config:
      # LevelDb store path
      store_path: ../data/{org_id}/block

    # Example for sql provider
    # Databases type support leveldb, sql, badgerdb, tikvdb
    # provider: sql # [*]
    # If provider is sql, sqldb_config should not be null.
    # sqldb_config:
      # Sql db type, can be mysql, sqlite. sqlite only for test
      # sqldb_type: mysql # # [*]
      # Mysql connection info, the database name is not required. such as:  root:admin@tcp(127.0.0.1:3306)/
      # dsn: root:password@tcp(127.0.0.1:3306)/

    # Example for badgerdb provider
    # Databases type support leveldb, sql, badgerdb, tikvdb
    # provider: badgerdb
    # If provider is badgerdb, badgerdb_config should not be null.
    # badgerdb_config:
      # BadgerDb store path
      # store_path: ../data/wx-org1.chainmaker.org/history
      # Whether compression is enabled for stored data, default is 0: disabled
      # compression: 0
      # Key and value are stored separately when value is greater than this byte, default is 1024 * 10
      # value_threshold: 256
      # Number of key value pairs written in batch. default is 128
      # write_batch_size: 1024

    # Example for tikv provider
    # provider: tikvdb
    # If provider is tikvdb, tikvdb_config should not be null.
    # tikvdb_config:
      # db_prefix: "node1_" #default is ""
      # endpoints: "127.0.0.1:2379" # tikv pd server url,support multi url, example :"192.168.1.2:2379,192.168.1.3:2379"
      # max_batch_count: 128  # max tikv commit batch size, default: 128
      # grpc_connection_count: 16 # chainmaker and tikv connect count, default: 4
      # grpc_keep_alive_time: 10 # keep connnet alive count, default: 10
      # grpc_keep_alive_timeout: 3  # keep connnect alive time, default: 3
      # write_batch_size: 128 # commit tikv bacth size each time, default: 128

  # State db config
  statedb_config:
    provider: leveldb
    leveldb_config:
      store_path: ../data/{org_id}/state
      write_buffer_size: 256

      

  # History db config, default enable history db
  disable_historydb: false
  historydb_config:
    provider: leveldb
    disable_key_history: false
    disable_contract_history: true
    disable_account_history: true
    leveldb_config:
      store_path: ../data/{org_id}/history
      write_buffer_size: 64

  # Result db config, default enable result db
  disable_resultdb: false
  resultdb_config:
    provider: leveldb
    leveldb_config:
      store_path: ../data/{org_id}/result
      write_buffer_size: 64

  # Disable contract event database or not. If it is false, contract_eventdb_config must be mysql
  disable_contract_eventdb: true
  contract_eventdb_config:
    # Event db only support sql
    provider: sql
    # Sql db config
    sqldb_config:
      # Event db only support mysql
      sqldb_type: mysql
      # Mysql connection info, such as:  root:admin@tcp(127.0.0.1:3306)/
      dsn: root:password@tcp(127.0.0.1:3306)/

# Contract Virtual Machine(VM) configs
vm:
  # Common configs of docker vm
  common:
    # Grpc configs during communication between chainmaker and contract VM
    # Grpc max send message size, Default size is 100, unit: MB
    max_send_msg_size: 100
    # Grpc max receive message size, Default size is 100, unit: MB
    max_recv_msg_size: 100
    # Grpc dialing timeout, default size is 10, uint: s
    dial_timeout: 10

    #  Configs of docker runtime server (handle messages with contract sandbox)
    runtime_server:
      # runtime server host, default 127.0.0.1
      # host: 127.0.0.1
      # Runtime server port, default 32351
      port: 32351

    contract_engine:
      # Preload contract processes or not when starting
      preload_disable: false

      # The number of preload processes calculated by use frequency
      preload_num_by_use_frequency: 10

      # The number of preload processes calculated by recent invocation time
      preload_num_by_last_time: 10

      # cgroup is used to limit the resource usage of contract processes on the host machine
      cgroup:
        # disable the cgroup function means that there will be no restrictions
        # on the resource usage of the contract process on the host machine
        disable: true
        # max memory size per sandbox(MiB), -1 means no limit
        max_mem_size_per_process: -1
        # max cpu percent per sandbox, -1 means no limit
        max_cpu_percent_per_process: -1

        # allow devices list
        # detailed information can be found in the document:
        #     https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/7/html/resource_management_guide/sec-devices//
        devices_allow: ""

        # deny devices list
        # detailed information can be found in the document:
        #     https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/7/html/resource_management_guide/sec-devices//
        devices_deny: ""

  # Golang runtime in docker container
  go:
    # Enable docker go virtual machine, default: false
    enable: true
    # Mount data path in chainmaker, include contracts, uds socks
    data_mount_path: ../data/wx-org1.chainmaker.org/go
    # Mount log path in chainmaker
    log_mount_path: ../log/wx-org1.chainmaker.org/go
    # Communication protocol, used for chainmaker and docker manager communication
    # 1. tcp: docker vm uses TCP to communicate with chain
    # 2. uds: docker vm uses unix domain socket to communicate with chain
    protocol: tcp
    # If use a customized VM configuration file, supplement it; else, do not configure
    # Priority: chainmaker.yml > vm.yml > default settings
    # dockervm_config_path: /config_path/vm.yml
    # Whether to print log on terminal
    log_in_console: false
    # Log level of docker vm go
    log_level: INFO
    # max process num for execute original txs
    max_concurrency: 20

    # Configs of contract engine server (handle messages with contract engine)
    contract_engine:
      # Docker vm contract engine server host, default 127.0.0.1
      host: 127.0.0.1
      # Docker vm contract engine server port, default 22351
      port: 22351
      # Max number of connection created to connect docker vm service
      max_connection: 5

  # Java runtime in docker container
  java:
    # Enable docker java virtual machine, default: false
    enable: true

    # Mount data path in chainmaker, include contracts, uds socks
    data_mount_path: ../data/wx-org1.chainmaker.org/java

    # Mount log path in chainmaker
    log_mount_path: ../log/wx-org1.chainmaker.org/java

    # If use a customized VM configuration file, supplement it; else, do not configure
    # Priority: chainmaker.yml > vm.yml > default settings
    # dockervm_config_path: /config_path/vm.yml
    # Whether to print log on terminal
    log_in_console: false

    # Log level of docker vm java
    log_level: INFO

    # max process num for execute original txs
    max_concurrency: 20

    # Configs of contract engine server (handle messages with contract engine)
    contract_engine:
      # Docker vm contract engine server host, default 127.0.0.1
      host: 127.0.0.1

      # Docker vm contract engine server port, default 23351
      port: 23351

      # Max number of connection created to connect docker vm engine service
      max_connection: 5

节点配置中,常用的端口及其关系如下图所示。

1.1.1.2. bc1.yml 链配置

长安链链配置文件,一个节点可以有多个链。

#
# Copyright (C) BABEC. All rights reserved.
# Copyright (C) THL A29 Limited, a Tencent company. All rights reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

# This file is used to generate genesis block.
# The content should be consistent across all nodes in this chain.

# chain id
chain_id: chain1

# chain maker version
version: v2.4.0

# Starting from version 2.4.0, configuring the genesis block time is supported.
# default timestamp is "2024-10-30T00:00:00+08:00"
genesis_time: "2024-10-30T00:00:00+08:00"

# genesis extern config
# genesis_ext:
  # Starting from version 2.4.0, Additional extensions to display information in Genesis tx.
  # Do not configure this tag in other chain clusters that do not configure this tag.
  #notes: ""

# chain config sequence
sequence: 0

# The blockchain auth type, shoudle be consistent with auth type in node config (e.g., chainmaker.yml)
# The auth type can be permissionedWithCert, permissionedWithKey, public.
# By default it is permissionedWithCert.
# permissionedWithCert: permissioned blockchain, using x.509 certificate to identify members.
# permissionedWithKey: permissioned blockchain, using public key to identify members.
# public: public blockchain, using public key to identify members.
auth_type: "permissionedWithCert"

# Crypto settings
crypto:
  # Hash algorithm, can be SHA256, SHA3_256 and SM3
  hash: SHA256

# User contract related settings
contract:
  # If the sql support contract is enabled or not.
  # If it is true, storage.statedb_config.provider in chainmaker.yml should be sql.
  enable_sql_support: false

  # If it is true, Only creators are allowed to upgrade contract.
  only_creator_can_upgrade: false
  
# Virtual machine related settings
vm:
  # Address type
  # 0-chainmaker, 1-zxl, 2-ethereum
  addr_type: 2
  # Virtual machine support list, In the current version, there are wasmer, gasm, evm and dockergo
  # virtual machines to choose from. One or more virtual machines can be configured to be started
  support_list:
    - "wasmer"
    - "gasm"
    - "evm"
    - "dockergo"
    - "wxvm"
  native:
      multisign:
        enable_manual_run: true

# Block proposing related settings
block:
  # To enable this attribute, ensure that the clock of the node is consistent
  # Verify the transaction timestamp or not
  tx_timestamp_verify: true

  # Transaction timeout, in second.
  # if abs(now - tx_timestamp) > tx_timeout, the transaction is invalid.
  tx_timeout: 600

  # Max transaction count in a block.
  block_tx_capacity: 100

  # Max block size, in MB
  block_size: 10

  # The interval of block proposing attempts, in millisecond.
  # should be within the range of [10,10000]
  block_interval: 10

# Core settings
core:
  # Max scheduling time of a block, in second.
  # [0, 60]
  tx_scheduler_timeout: 10

  # Max validating time of a block, in second.
  # [0, 60]
  tx_scheduler_validate_timeout: 10

  # Used for handling txs with sender conflicts efficiently
  enable_sender_group: false

  # Used for dynamic tuning the capacity of tx execution goroutine pool
  enable_conflicts_bit_window: true

  # Consensus message compression related settings
  # consensus_turbo_config:
    # If consensus message compression is enabled or not(solo could not use consensus message turbo).
    # consensus_message_turbo: false

    # Max retry count of fetching transaction in txpool by txid.
    # retry_time: 500

    # Retry interval of fetching transaction in txpool by txid, in ms.
    # retry_interval: 20

# gas account config
account_config:
  # the flag to control if subtracting gas from transaction's origin account when sending tx.
  enable_gas: false
  # Deprecated,the default gas count set for admin account.
  gas_count: 0
  # the minimum gas count to be subtracted from transaction's origin account for invoking tx.
  default_gas: 100
  # the gas price per byte for invoking tx, accurate to 6 digits after the decimal point.
  default_gas_price: 0.1
  # the minimum gas count to be subtracted from transaction's origin account for installing|upgrading tx.
  install_base_gas: 10000
  # the gas price per byte for installing tx, accurate to 6 digits after the decimal point.
  install_gas_price: 0.001

# snapshot settings
# snapshot:
  # Enable the evidence snapshot or not.
  # enable_evidence: false

# scheduler settings
# scheduler:
  # Enable the evidence scheduler or not.
  # enable_evidence: false

# Consensus settings
consensus:
  # Consensus type
  # 0-SOLO, 1-TBFT, 3-MAXBFT, 4-RAFT, 5-DPOS, 6-ABFT
  type: 1

  # Consensus node list
  nodes:
    # Each org has one or more consensus nodes.
    # We use p2p node id to represent nodes here.
    - org_id: "wx-org1.chainmaker.org"
      node_id:
        - "QmQxemkyExG7cRszvjP9Mgvn7NaLLmAym9WczVTXrEBd9L"
    - org_id: "wx-org2.chainmaker.org"
      node_id:
        - "QmNrF7ynrXxLBuDqG1krt6HUGQcTToDcVxGke19xm1Eyhp"
    - org_id: "wx-org3.chainmaker.org"
      node_id:
        - "QmYZsNs3eC4KjbSAXNNPHCdocrSrSpvRYejdMovnR2ov3Q"
    - org_id: "wx-org4.chainmaker.org"
      node_id:
        - "QmVxCKsHMnGoy5AxycP7aHHWncCpBbttekruZeaRU6xixB"
#    - org_id: "{org5_id}"
#      node_id:
#        - "{org5_peerid}"
#    - org_id: "{org6_id}"
#      node_id:
#        - "{org6_peerid}"
#    - org_id: "{org7_id}"
#      node_id:
#        - "{org7_peerid}"
  # We can specify other consensus config here in key-value format.
  ext_config:
    # - key: aa
    #   value: chain01_ext11

# Trust roots is used to specify the organizations' root certificates in permessionedWithCert mode.
# When in permessionedWithKey mode or public mode, it represents the admin users.
trust_roots:
  - org_id: "wx-org4.chainmaker.org"
    root:
      - "../config/wx-org1.chainmaker.org/certs/ca/wx-org4.chainmaker.org/ca.crt"
  - org_id: "wx-org3.chainmaker.org"
    root:
      - "../config/wx-org1.chainmaker.org/certs/ca/wx-org3.chainmaker.org/ca.crt"
  - org_id: "wx-org2.chainmaker.org"
    root:
      - "../config/wx-org1.chainmaker.org/certs/ca/wx-org2.chainmaker.org/ca.crt"
  - org_id: "wx-org1.chainmaker.org"
    root:
      - "../config/wx-org1.chainmaker.org/certs/ca/wx-org1.chainmaker.org/ca.crt"

# Trust members are members that do not need to be verified against trust roots.
# trust_members:
# Each trust member should specify: member info file path, org id, role, and tls node id if any.
# - member_info: ""
#   org_id: ""
#   role: "consensus"
##   node_id:  ""

# Resource policies settings
resource_policies:
  - resource_name: CHAIN_CONFIG-NODE_ID_UPDATE
    policy:
      # Rule can be Any, All, Majority, Self...
      rule: SELF
      # The org id list, all organizations are need if here is null.
      org_list:
      # The role list
      role_list:
        - admin
  - resource_name: CHAIN_CONFIG-TRUST_ROOT_ADD
    policy:
      rule: MAJORITY
      org_list:
      role_list:
        - admin
  - resource_name: CHAIN_CONFIG-CERTS_FREEZE
    policy:
      rule: ANY
      org_list:
      role_list:
        - admin
  - resource_name: CONTRACT_MANAGE-INIT_CONTRACT
    policy:
      rule: ANY
      org_list:
      role_list:

# The disabled native contract list
# Disable the system contract by specifying the system contract name
# Can disabled native contract name contains CHAIN_CONFIG, CHAIN_QUERY, CERT_MANAGE, GOVERNANCE, MULTI_SIGN, PRIVATE_COMPUTE, DPOS_ERC20, DPOS_STAKE, CROSS_TRANSACTION, PUBKEY_MANAGE
disabled_native_contract:
# - CONTRACT_NAME

1.1.2. chainmaker-cryptogen

1.1.2.1. crypto_config_template.yml 证书生成配置

长安链自建CA证书生成配置文件

crypto_config:
  - domain: chainmaker.org
    host_name: wx-org
    count: 4                # 如果为1,直接使用host_name,否则添加递增编号
#    pk_algo: sm2		    # 国密配置
#    ski_hash: sm3
    pk_algo: ecc_p256
    ski_hash: sha256
    ## pkcs11配置
    pkcs11:
      enabled: false
      library: /usr/local/lib64/pkcs11/libupkcs11.so
      label: HSM
      password: 11111111
      session_cache_size: 10
      hash: "SHA256" # hash algorithm used to compute SKI
    specs: &specs_ref
      expire_year:  10
      sans:
        - chainmaker.org
        - localhost
        - 127.0.0.1
    location: &location_ref
      country:            CN
      locality:           Beijing
      province:           Beijing
    # CA证书配置
    ca:
      location:
        <<: *location_ref
      specs:
        <<: *specs_ref
    # 节点证书配置
    node:
      - type: consensus
        # 共识节点数量
        count: 1
        # 共识节点配置
        location:
          <<: *location_ref
        specs:
          <<: *specs_ref
          expire_year:  5
      - type: common
        # 普通节点数量
        count: 1
        # 普通节点配置
        location:
          <<: *location_ref
        specs:
          <<: *specs_ref
          expire_year:  5
    user:
      - type: admin
        # 管理员证书数量
        count: 1
        # 管理员证书配置
        location:
          <<: *location_ref
        expire_year:  5
      - type: client
        # 普通用户证书数量
        count: 1
        # 普通用户证书配置
        location:
          <<: *location_ref
        expire_year:  5
      - type: light
        # 轻节点用户证书数量
        count: 1
        # 轻节点用户证书配置
        location:
          <<: *location_ref
        expire_year:  5

1.1.2.2. pk_config_template.yml

长安链公私钥对生成配置

pk_config:
#    pk_algo: RSA2048
    pk_algo: ecc_p256
#    pk_algo: sm2
    hash_algo: SHA256
    #pkcs11配置
    pkcs11:
      enabled: false
      library: /usr/local/lib64/pkcs11/libupkcs11.so
      label: HSM
      password: 11111111
      session_cache_size: 10
      hash: "SHA256" # hash algorithm used to compute SKI

    # Admin配置
    admin:
      count: 5
    # 节点证书配置
    node:
      - count: 4
    user:
      - type: client
        # 普通用户证书数量
        count: 1
#      - type: light
#        # 轻节点用户证书数量
#        count: 4

1.1.2.3. pwk_config_template.yml

长安链公私钥对生成配置

pwk_config:
  - domain: chainmaker.org
    host_name: wx-org
    count: 4                # 如果为1,直接使用host_name,否则添加递增编号
#    pk_algo: sm2
    pk_algo: ecc_p256
#    pk_algo: RSA2048
    hash_algo: sha256
#    hash_algo: sm3
    #pkcs11配置
    pkcs11:
      enabled: false
      library: /usr/local/lib64/pkcs11/libupkcs11.so
      label: HSM
      password: 11111111
      session_cache_size: 10
      hash: "SHA256" # hash algorithm used to compute SKI

    # Admin配置
    admin:
    # 节点证书配置
    node:
      - type: consensus
        # 共识节点数量
        count: 1
      - type: common
        # 普通节点数量
        count: 1
    user:
      - type: admin
        # 管理员证书数量
        count: 1
      - type: client
        # 普通用户证书数量
        count: 1
      - type: light
        # 轻节点用户证书数量
        count: 1

1.1.3. sdk-go

1.1.3.1. sdk_config.yml 客户端连接配置

chain_client:
  # 链ID
  chain_id: "chain1"
  # 组织ID
  org_id: "wx-org1.chainmaker.org"
  # 客户端用户私钥路径
  user_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.key"
  # 客户端用户私钥密码(无密码则不需要设置)
#  user_key_pwd: "123"
  # 客户端用户证书路径
  user_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.crt"
  # 客户端用户加密私钥路径(tls加密证书对应私钥,应用于国密GMTLS双证书体系;若未设置仅使用单证书)
  user_enc_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.enc.key"
  # 客户端用户加密私钥密码(无密码则不需要设置)
#  user_enc_key_pwd: "123"
  # 客户端用户加密证书路径(tls加密证书,应用于国密GMTLS双证书体系;若未设置仅使用单证书)
  user_enc_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.enc.crt"
  # 客户端用户交易签名私钥路径(若未设置,将使用user_key_file_path)
  user_sign_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.key"
  # 客户端用户交易签名私钥密码(无密码则不需要设置)
#  user_sign_key_pwd: "123"
  # 客户端用户交易签名证书路径(若未设置,将使用user_crt_file_path)
  user_sign_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.crt"
  # 同步交易结果模式下,轮询获取交易结果时的最大轮询次数,删除此项或设为<=0则使用默认值 10
  retry_limit: 20
  # 同步交易结果模式下,每次轮询交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500
  retry_interval: 500
  # 当前签名证书的别名。当设置此配置项时,chain client 对象将自动检查链上是否已添加此别名,如果没有则自动上链此证书别名,
  # 并且后续所有交易都会使用别名,别名可降低交易体大小。若为空则不启用。
#  alias: my_cert_alias
  # txid配置项:默认支持TimestampKey,如果开启enableNormalKey则使用NormalKey
  enable_normal_key: false

  nodes:
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12301"
      # 节点连接数
      conn_cnt: 10
      # RPC连接是否启用双向TLS认证
      enable_tls: true
      # 信任证书池路径
      trust_root_paths:
        - "./testdata/crypto-config/wx-org1.chainmaker.org/ca"
      # TLS hostname
      tls_host_name: "chainmaker.org"
  rpc_client:
    max_receive_message_size: 100 # grpc客户端接收消息时,允许单条message大小的最大值(MB)
    max_send_message_size: 100 # grpc客户端发送消息时,允许单条message大小的最大值(MB)
    send_tx_timeout: 60 # grpc 客户端发送交易超时时间
    get_tx_timeout: 60 # rpc 客户端查询交易超时时间
  pkcs11:
    enabled: false # pkcs11 is not used by default
    library: /usr/local/lib64/pkcs11/libupkcs11.so # path to the .so file of pkcs11 interface
    label: HSM # label for the slot to be used
    password: 11111111 # password to logon the HSM(Hardware security module)
    session_cache_size: 10 # size of HSM session cache, default to 10
    hash: "SHA256" # hash algorithm used to compute SKI
  archive:
    # 数据归档链外存储相关配置
    # 如果使用了新版本的归档中心,这个地方配置为archivecenter
    type: "mysql" # archivecenter 归档中心, mysql mysql数据库
    dest: "root:123456:localhost:3306"
    secret_key: xxx
  # # 如果启用了归档中心,可以打开下面的归档中心配置  
  archive_center_query_first: true # 如果为true且归档中心配置打开,那么查询数据优先从归档中心查询 
  # archive_center_config:
  #   chain_genesis_hash: c670b598127f5795767d1acbae435e714797596f7e0a55dd05205da948de1a0a
  #   archive_center_http_url: http://127.0.0.1:13119
  #   request_second_limit: 10
  #   rpc_address: 127.0.0.1:13120
  #   tls_enable: false
  #   tls:
  #     server_name: archiveserver1.tls.wx-org.chainmaker.org
  #     priv_key_file: ./testdata/archivecenter/archiveclient1.tls.key
  #     cert_file: ./testdata/archivecenter/archiveclient1.tls.crt
  #     trust_ca_list:
  #       - ./testdata/archivecenter/ca.crt
  #   max_send_msg_size: 200
  #   max_recv_msg_size: 200 

1.1.3.2. sdk_config_pk.yml

chain_client:
  # 链ID
  chain_id: "chain1"

  # 客户端用户交易签名私钥路径
  user_sign_key_file_path: "./testdata/crypto-config-pk/public/user/user1/user1.key"
  # 客户端用户交易签名私钥密码(无密码则不需要设置)
#  user_sign_key_pwd: "123"
  # 签名使用的哈希算法,和节点保持一直
  crypto:
    hash: SHA256
  auth_type: public
  # 同步交易结果模式下,轮询获取交易结果时的最大轮询次数,删除此项或设为<=0则使用默认值 10
  retry_limit: 20
  # 同步交易结果模式下,每次轮询交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500
  retry_interval: 500
  # txid配置项:默认支持TimestampKey,如果开启enableNormalKey则使用NormalKey
  enable_normal_key: false

  nodes:
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12301"
      # 节点连接数
      conn_cnt: 10

  archive:
    # 数据归档链外存储相关配置
    # 如果使用了新版本的归档中心,这个地方配置为archivecenter
    type: "mysql" # archivecenter 归档中心, mysql mysql数据库
    dest: "root:123456:localhost:3306"
    secret_key: xxx

  rpc_client:
    max_receive_message_size: 100 # grpc客户端接收消息时,允许单条message大小的最大值(MB)
    max_send_message_size: 100 # grpc客户端发送消息时,允许单条message大小的最大值(MB)
    send_tx_timeout: 60 # grpc 客户端发送交易超时时间
    get_tx_timeout: 60 # rpc 客户端查询交易超时时间 
  # #如果启用了归档中心,可以打开下面的归档中心配置  
  archive_center_query_first: true # 如果为true且归档中心配置打开,那么查询数据优先从归档中心查询   
  # archive_center_config:
  #   chain_genesis_hash: c670b598127f5795767d1acbae435e714797596f7e0a55dd05205da948de1a0a
  #   archive_center_http_url: http://127.0.0.1:13119
  #   request_second_limit: 10
  #   rpc_address: 127.0.0.1:13120
  #   tls_enable: false
  #   tls:
  #     server_name: archiveserver1.tls.wx-org.chainmaker.org
  #     priv_key_file: ./testdata/archivecenter/archiveclient1.tls.key
  #     cert_file: ./testdata/archivecenter/archiveclient1.tls.crt
  #     trust_ca_list:
  #       - ./testdata/archivecenter/ca.crt
    
  #   max_send_msg_size: 200
  #   max_recv_msg_size: 200 

1.1.3.3. sdk_config_pwk.yml

chain_client:
  # 链ID
  chain_id: "chain1"
  # 组织ID
  org_id: "wx-org1.chainmaker.org"

  # 客户端用户交易签名私钥路径
  user_sign_key_file_path: "./testdata/crypto-config-pk/permissioned-with-key/wx-org1/user/client1/client1.key"
  # 客户端用户交易签名私钥密码(无密码则不需要设置)
#  user_sign_key_pwd: "123"
  # 签名使用的哈希算法,和节点保持一直
  crypto:
    hash: SHA256
  auth_type: permissionedWithKey
  # 同步交易结果模式下,轮询获取交易结果时的最大轮询次数,删除此项或设为<=0则使用默认值 10
  retry_limit: 20
  # 同步交易结果模式下,每次轮询交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500
  retry_interval: 500
  # txid配置项:默认支持TimestampKey,如果开启enableNormalKey则使用NormalKey
  enable_normal_key: false

  nodes:
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12301"
      # 节点连接数
      conn_cnt: 10

  archive:
    # 数据归档链外存储相关配置
    # 如果使用了新版本的归档中心,这个地方配置为archivecenter
    type: "mysql" # archivecenter 归档中心, mysql mysql数据库
    dest: "root:123456:localhost:3306"
    secret_key: xxx

  rpc_client:
    max_receive_message_size: 100 # grpc客户端接收消息时,允许单条message大小的最大值(MB)
    max_send_message_size: 100 # grpc客户端发送消息时,允许单条message大小的最大值(MB)
    send_tx_timeout: 60 # grpc 客户端发送交易超时时间
    get_tx_timeout: 60 # rpc 客户端查询交易超时时间  
  # #如果启用了归档中心,可以打开下面的归档中心配置  
  archive_center_query_first: true # 如果为true且归档中心配置打开,那么查询数据优先从归档中心查询 
  # archive_center_config:
  #   chain_genesis_hash: c670b598127f5795767d1acbae435e714797596f7e0a55dd05205da948de1a0a
  #   archive_center_http_url: http://127.0.0.1:13119
  #   request_second_limit: 10
  #   rpc_address: 127.0.0.1:13120
  #   tls_enable: false
  #   tls:
  #     server_name: archiveserver1.tls.wx-org.chainmaker.org
  #     priv_key_file: ./testdata/archivecenter/archiveclient1.tls.key
  #     cert_file: ./testdata/archivecenter/archiveclient1.tls.crt
  #     trust_ca_list:
  #       - ./testdata/archivecenter/ca.crt
    
  #   max_send_msg_size: 200
  #   max_recv_msg_size: 200 

1.1.4. sdk-java

1.1.4.1. sdk_config.yml

chain_client:
  # 链ID
  chain_id: "chain1"
  # 组织ID
  org_id: "wx-org1.chainmaker.org"
  # 客户端用户私钥路径
  user_key_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.key"
  # 客户端用户证书路径
  user_crt_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.crt"
  # 客户端用户交易签名私钥路径
  user_sign_key_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.key"
  # 客户端用户交易签名证书路径
  user_sign_crt_file_path: "src/test/resources/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.crt"
  # 同步交易结果模式下,轮训获取交易结果时的最大轮训次数,删除此项或设为<=0则使用默认值 10
  retry_limit: 10
  # 同步交易结果模式下,每次轮训交易结果时的等待时间,单位:ms 删除此项或设为<=0则使用默认值 500
  retry_interval: 500
  # 当前签名证书的别名。当设置此配置项时,chain client 对象将自动检查链上是否已添加此别名,如果没有则自动上链此证书别名,
  # 并且后续所有交易都会使用别名,别名可降低交易体大小。若为空则不启用。
#  alias: mycert5

  nodes:
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12301"
      # 节点连接数
      conn_cnt: 10
      # RPC连接是否启用双向TLS认证
      enable_tls: true
      # 信任证书池路径
      trust_root_paths:
        - "src/test/resources/crypto-config/wx-org1.chainmaker.org/ca"
        - "src/test/resources/crypto-config/wx-org2.chainmaker.org/ca"
      # TLS hostname
      tls_host_name: "chainmaker.org"
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12302"
      # 节点连接数
      conn_cnt: 10
      # RPC连接是否启用双向TLS认证
      enable_tls: true
      # 信任证书池路径
      trust_root_paths:
        - "src/test/resources/crypto-config/wx-org1.chainmaker.org/ca"
        - "src/test/resources/crypto-config/wx-org2.chainmaker.org/ca"
      # TLS hostname
      tls_host_name: "chainmaker.org"
  archive:
    # 数据归档链外存储相关配置
    type: "mysql"
    dest: "root:123456:localhost:3306"
    secret_key: xxx

  rpc_client:
    # grpc客户端最大接受容量(MB)
    max_receive_message_size: 16

  pkcs11:
    enabled: false # pkcs11 is not used by default

  # 交易结果是否订阅获取
  enable_tx_result_dispatcher: false

   ##连接池配置
  connPool:
    # 最大连接数
    maxTotal: 100
    # 最少空闲连接
    minIdle: 5
    #最大空闲连接
    maxIdle: 20
    #连接空闲最小保活时间,默认即为-1,单位:ms
    #当空闲的时间大于这个值时,强制移除该空闲对象
    minEvictableIdleTime: -1
    #连接空闲最小保活时间,默认即为30分钟(1800000),单位:ms
    #当对象的空闲时间超过这个值,并且当前空闲对象的数量大于最小空闲数量(minIdle)时,执行移除操作
    softMinEvictableIdleTime: 1800000
    #回收空闲线程的执行周期,单位毫秒。默认值5分钟(300000) ,-1 表示不启用线程回收资源,单位:ms
    timeBetweenEvictionRuns: 300000
    #没有空闲连接时,获取连接是否阻塞
    blockWhenExhausted: true
    #当没有空闲连接时,获取连接阻塞等待时间,单位:ms
    maxWaitMillis: 11000

1.1.4.2. sdk_config_pk.yml

chain_client:
  # 链ID
  chain_id: "chain1"

  # 客户端用户交易签名私钥路径
  user_sign_key_file_path: "/Users/superhin/Projects/chainmaker-go/build/crypto-config/node1/admin/admin1/admin1.key"

  # 签名使用的哈希算法,和节点保持一直
  crypto:
    hash: SHA256
  auth_type: public

  nodes:
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12301"
      # 节点连接数
      conn_cnt: 10
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12302"
      # 节点连接数
      conn_cnt: 10

  archive:
    # 数据归档链外存储相关配置
    type: "mysql"
    dest: "root:123456:localhost:3306"
    secret_key: xxx

  rpc_client:
    # grpc客户端最大接受容量(MB)
    max_receive_message_size: 16

  # 交易结果是否订阅获取
  enable_tx_result_dispatcher: false

  ##连接池配置
  connPool:
    # 最大连接数
    maxTotal: 100
    # 最少空闲连接
    minIdle: 5
    #最大空闲连接
    maxIdle: 20
    #连接空闲最小保活时间,默认即为-1,单位:ms
    #当空闲的时间大于这个值时,强制移除该空闲对象
    minEvictableIdleTime: -1
    #连接空闲最小保活时间,默认即为30分钟(1800000),单位:ms
    #当对象的空闲时间超过这个值,并且当前空闲对象的数量大于最小空闲数量(minIdle)时,执行移除操作
    softMinEvictableIdleTime: 1800000
    #回收空闲线程的执行周期,单位毫秒。默认值5分钟(300000) ,-1 表示不启用线程回收资源,单位:ms
    timeBetweenEvictionRuns: 300000
    #没有空闲连接时,获取连接是否阻塞
    blockWhenExhausted: true
    #当没有空闲连接时,获取连接阻塞等待时间,单位:ms
    maxWaitMillis: 11000

1.1.4.3. sdk_config_pwk.yml

chain_client:
  # 链ID
  chain_id: "chain1"
  # 组织ID
  org_id: "wx-org1.chainmaker.org"

  # 客户端用户交易签名私钥路径
  user_sign_key_file_path: "/Users/superhin/Projects/chainmaker-go/build/crypto-config/wx-org1.chainmaker.org/admin/admin.key"
  # 签名使用的哈希算法,和节点保持一直
  crypto:
    hash: SHA256
  auth_type: permissionedWithKey

  nodes:
    - # 节点地址,格式为:IP:端口:连接数
      node_addr: "127.0.0.1:12301"
      # 节点连接数
      conn_cnt: 10

  archive:
    # 数据归档链外存储相关配置
    type: "mysql"
    dest: "root:123456:localhost:3306"
    secret_key: xxx

  rpc_client:
    # grpc客户端最大接受容量(MB)
    max_receive_message_size: 16

  # 交易结果是否订阅获取
  enable_tx_result_dispatcher: false

  ##连接池配置
  connPool:
    # 最大连接数
    maxTotal: 100
    # 最少空闲连接
    minIdle: 5
    #最大空闲连接
    maxIdle: 20
    #连接空闲最小保活时间,默认即为-1,单位:ms
    #当空闲的时间大于这个值时,强制移除该空闲对象
    minEvictableIdleTime: -1
    #连接空闲最小保活时间,默认即为30分钟(1800000),单位:ms
    #当对象的空闲时间超过这个值,并且当前空闲对象的数量大于最小空闲数量(minIdle)时,执行移除操作
    softMinEvictableIdleTime: 1800000
    #回收空闲线程的执行周期,单位毫秒。默认值5分钟(300000) ,-1 表示不启用线程回收资源,单位:ms
    timeBetweenEvictionRuns: 300000
    #没有空闲连接时,获取连接是否阻塞
    blockWhenExhausted: true
    #当没有空闲连接时,获取连接阻塞等待时间,单位:ms
    maxWaitMillis: 11000

1.1.5. cmc

sdk_config.yml同 sdk-go的sdk_config.yml

1.2. 核心模块配置说明

1.2.1. node

  # 组织ID,用于区分不同组织的节点,PK模式下不填
  org_id: "wx-org1.chainmaker.org"

  # 节点私钥文件路径,用于节点身份认证、共识消息签名等
  priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.key

  # 节点证书路径
  cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.crt

  # 是否验证交易签名(默认开启)
  cert_key_usage_check: true

  # 证书缓存池大小,用于存储证书,加速证书验证(默认大小为1000)
  cert_cache_size:   1000

  # 快速同步配置
  fast_sync:
    # 是否开启快速同步,当开启快速同步时,同步节点或共识落后的节点仅对区块头、共识投票签名进行验证,而不需要执行区块内的交易,加速同步速率
    enabled: true  # [*]

  # PKCS11 硬件加密配置项
  pkcs11:
    # 是否开启 pkcs11 硬件加密,默认不开启
    enabled: false  # [*]

    # 硬件加密类型,仅支持 pkcs11 与 sdf
    # type为sdf,则仅需要配置library和session_cache_size,其他配置会被忽略
    type: pkcs11

    # 指定 pkcs11 接口库的路径(通常是 .so 动态链接库文件)
    library: /usr/local/lib64/pkcs11/libupkcs11.so

    # 指定使用的 HSM slot 的 label 名称
    label: HSM

    # 访问 HSM slot 时需要提供的密码
    password: 11111111

    # 缓存的 HSM 会话(Session)数量(默认值为10)
    session_cache_size: 10

    # 哈希算法类型
    hash: "SHA256"  # [*]

  # KMS 配置项
  kms:
    # 是否开启 KMS 加密,默认不开启
    enabled: false

    # 是否为公有云 KMS
    is_public: true

    # KMS 的认证 ID (如腾讯云的 SecretId)
    secret_id: ""

    # KMS 的认证 Key(如腾讯云的 SecretKey)
    secret_key: ""

    # KMS 服务的地址 (IP或域名)
    address: "kms.tencentcloudapi.com"

    # KMS 服务所在的地域
    region: "ap-guangzhou"

    # 指定使用 KMS SDK 请求的协议 (http 或 https)
    sdk_scheme: "https"

    # 扩展参数,用于传入一些 SDK 初始化时的其他配置项,类似 "{k1:v1, k2:v2}".
    ext_params: ""

1.2.2. net

  # 支持 liquid和libp2p ,不区分大小写
  provider: LibP2P

  # 本节点的listen地址,liquid和libp2p均支持tcp协议,仅liquid支持quic协议
  listen_addr: /ip4/0.0.0.0/tcp/11311

  # 流池中,流的个数,仅2.3.2之前的版本配置后生效,2.3.2之后取消了流池
  peer_stream_pool_size: 100

  # 最大连接个数
  max_peer_count_allow: 20

  # The strategy for eliminating node when the amount of connected peers reaches the max value
  # It could be: 1 Random, 2 FIFO, 3 LIFO. The default strategy is LIFO.
  # 连接个数超过max_peer_count_allow时的剔除策略,1是随机剔除,2是先进先出,3是先进后出,默认是3
  peer_elimination_strategy: 3

  # 种子节点列表,本节点会主动连接列表里的节点,支持下面几种格式
  # ip格式: "/ip4/127.0.0.1/tcp/11301/p2p/"+nodeid
  # dns格式:"/dns/cm-node1.org/tcp/11301/p2p/"+nodeid
  # 中继格式: "/ip4/127.0.0.1/tcp/11301/p2p/"+中继nodeid+"/p2p-circuit/p2p/"+目标nodeid
  seeds:
    - "/dns/node1.consensus/tcp/11301/p2p/QmXUXcKkCLZrit2Rvuk1YxUR2KdUQjEZsMxXgojfQJP3Dx"
    - "/ip4/127.0.0.1/tcp/11302/p2p/QmUiTTdDZ1SSEozG9nCKZwndM2r4eTHUXKtBEJrBGKpnR4/"
    - "/ip4/127.0.0.1/tcp/11302/p2p/QmUiTTdDZ1SSEozG9nCKZwndM2r4eTHUXKtBEJrBGKpnR4/p2p-circuit/p2p/QmcVgh7SioZJo8Fq5XKr7DeoHqmtGz5yDZ6XtXw2HmFz2d"

  # tls配置
  tls:
    # 是否开启tls,2.4.0之前仅支持true,2.4.0开始支持false,两个节点的tls.enabled不同则一定连不上
    enabled: true

    # tls私钥,用于tls双向验证
    priv_key_file: ../config/node11.tls.key
    # tls证书,用于tls双向验证,pk模式可以不填
    cert_file:     ../config/node11.tls.crt
  # 黑名单,配了之后无法建立连接,这个只对网络连接生效
  blacklist:
      # 可以按照ip或 ip+端口来设置
      addresses:
        - "127.0.0.1:11301"
        - "192.168.1.8"

      # 可以按照nodeid来设置
      node_ids:
        - "QmeyNRs2DwWjcHTpcVHoUSaDAAif4VQZ2wQDQAUNDP33gH"

1.2.3. sync

node:
  # 快速同步相关配置
  fast_sync:
    # 是否开启快速同步, true表示开启,同步到的区块中的交易不会被执行
    enabled: true
    
#同步相关配置
sync:
  # ---下面两项配置项被240版本后的新同步和240版本前的老同步共同使用---
  
  # 同一时刻可以缓存的从对端节点已获取待验证提交的最大区块个数
  block_pool_size: 128
  # 只向配置中指定的节点同步区块数据,空配置表示无指定。
  from_nodes:
  #  - {nodeId}
  #  - {nodeId}
  
  # ---下面的配置被240版本后的新同步使用---
  
  # 连接/请求的超时时间,单位毫秒
  conn_timeout_scale: 1000
  # 节点同步到的区块高度同链上最新高度的差值,差值内表示同步到了期望的高度。
  ideal_height_distance: 1
  # 节点同步到最新高度后,检查是否有新区块需要同步的时间间隔
  wait_period_seconds_after_latest: 5
  # 指定同一时间最多可以向多少个节点发起区块同步请求
  max_nodes_selected_count: 10
  
  # ---下面的配置被240版本前的老同步使用---
  
  # 发送区块后等待响应的超时时间,单位秒,默认30s
  wait_time_requested: 30

  # 一次区块请求请求的区块个数,默认1
  batch_size_from_one_node: 1

  # 验证请求获取到的区块的时间间隔,单位ms,默认20ms
  process_block_tick: 20

  # 广播获取其他节点高度状态的时间间隔,单位s,默认2s
  node_status_tick: 2

  # 检测是否有区块请求超时的时间间隔,单位s,默认1s
  liveness_tick: 1

  # 发送区块请求的时间间隔,单位ms,默认20ms
  scheduler_tick: 20

  # 当节点的高度同链上最新高度相差1个区块时,请求区块的最小时间间隔,单位s,默认1s
  req_time_threshold: 1

  # 处理来自同一个节点对同一个高度的区块请求的时间间隔,单位s,默认5s,时间间隔内的相同请求将会被忽略不做处理。
  block_request_time: 5

  # 节点每提交n个区块,进行一次自己高度状态的广播,默认为3个
  broadcast_status_per_blocks_committed: 3

1.2.4. txpool

  # 交易池的类型,可以选择 single, normal, batch.默认使用normal,在性能要求高的场景下推荐使用batch
  pool_type: "normal"

  # 普通交易池容量,如果发送交易量过大(超过了链处理性能),那么交易池达到该值时就会丢弃新的交易,直到有空闲空间
  max_txpool_size: 50000

  # 配置类交易的交易池容量,同max_txpool_size,但仅保存配置类交易
  max_config_txpool_size: 10

  # 当节点退出时(非断电或强制重启等操作),在交易池中的交易是否需要被写入到本地磁盘
  is_dump_txs_in_queue: true

  # 在normal交易池选择下,交易池内部分片数量,该值必须是2的指数倍,不建议修改
  common_queue_num: 8

  # 节点从客户端接收到交易后,往其他节点广播时一组交易的最大交易数量,该值仅在交易池为normal或batch时生效
  # 该值为了提高交易广播效率和网络利用率设计
  batch_max_size: 100

  # 同batch_max_size使用的场景类似,该值表示构建一个批次的超时时间
  # batch_max_size和batch_create_timeout只要有一个条件满足都会广播一组交易至其他节点
  batch_create_timeout: 50

  # v2.4.0版本开始新增的交易池配置
  # 该配置描述交易池二次广播的情况,防止交易因为未被共识处理而导致交易积压
  rebroadcast:
    # 是否开启交易二次广播功能
    tx_pool_sync_enable: false
    # 交易二次广播的定时处理周期,单位:秒
    # 该时间仅仅表示开始处理交易,但实际是否需要广播以tx_pool_sync_proportion为准
    tx_pool_status_tick: 10
    # 交易池比例:交易池队列中的交易数量 / 交易池容量,为触发二次广播的条件
    # 当前节点探测到有共识节点的交易池比例低于设置的比例时,将触发二次广播,广播到所有共识节点
    tx_pool_sync_proportion: 0.1

1.2.5. rpc

# RPC服务配置
rpc:
  # RPC类型,目前仅支持grpc
  provider: grpc  

  # RPC主机地址,例如 127.0.0.1, 0.0.0.0, localhost
  host: 0.0.0.0
  # RPC端口号
  port: 12301

  # 检查信任根证书变更的间隔时间(单位:秒)
  # 如果根证书变更,RPC服务器的根证书池也会相应更新
  # 仅在启用TLS时有效
  # 最小值为10
  check_chain_conf_trust_roots_change_interval: 60

  # API SendRequestSync同步调用的超时时间(单位:秒)
  # SendRequestSync返回包含交易执行结果的响应
  # 默认值为60,推荐设置为60
  sync_tx_result_timeout: 60

  # RESTful API网关配置
  gateway:
    # 是否启用RESTful API
    enabled: false
    # 最大响应体缓冲区大小(单位:MB)
    max_resp_body_size: 16

  # 限流相关配置
  # 使用令牌桶算法进行限流
  ratelimit:
    # 是否启用限流,默认为false
    # false(默认):关闭限流,所有请求不受限制。
    # true:启用限流,根据下方规则限制请求速率。
    #  若启用但配置错误(如令牌桶参数为0),可能导致所有请求被拒绝。
    enabled: false

    # 限流类型
    # 0: 全局限流,所有客户端共享同一个令牌桶
    # 1: 按IP限流,每个IP地址独立令牌桶
    # 示例:
    #  若 type: 0 且 token_per_second: 100,则所有客户端合计每秒最多100次请求。
    #  若 type: 1 且 token_per_second: 100,则每个IP独立享有每秒100次请求的配额。
    type: 0

    # 每秒添加到令牌桶的令牌数量
    #  令牌桶的填充速率,即每秒允许的请求数。
    # -1表示不限流,默认为10000
    # 正整数:如 100 表示每秒最多处理100个请求
    # 原理:令牌桶每秒自动添加指定数量的令牌,请求消耗令牌,无令牌时拒绝请求
    token_per_second: -1

    # 令牌桶容量
    #  令牌桶的最大容量,即突发请求的允许上限
    # -1表示不限流,默认为10000
    # 正整数:如 1000 表示桶中最多积压1000个令牌(允许瞬时突发1000次请求)
    # 与token_per_second的关系:
    #  若 token_per_second: 100 且 token_bucket_size: 500,则:
    #    长期平均速率 ≤ 100请求/秒。
    #    瞬时突发最高 500请求(需桶中有足够令牌)
    token_bucket_size: -1

  # 订阅者限流配置
  subscriber:
    ratelimit:
      # 是否启用限流,默认为false
      # false(默认):关闭限流,所有请求不受限制。
      # true:启用限流,根据下方规则限制请求速率。
      #  若启用但配置错误(如令牌桶参数为0),可能导致所有请求被拒绝。
      enabled: false

      # 限流类型
      # 0: 全局限流,所有客户端共享同一个令牌桶
      # 1: 按IP限流,每个IP地址独立令牌桶
      # 示例:
      #  若 type: 0 且 token_per_second: 100,则所有客户端合计每秒最多100次请求。
      #  若 type: 1 且 token_per_second: 100,则每个IP独立享有每秒100次请求的配额。
      type: 0

      # 每秒添加到令牌桶的令牌数量
      #  令牌桶的填充速率,即每秒允许的请求数。
      # 默认为100
      # 正整数:如 100 表示每秒最多处理100个请求
      # 原理:令牌桶每秒自动添加指定数量的令牌,请求消耗令牌,无令牌时拒绝请求
      token_per_second: 100

      # 令牌桶容量
      #  令牌桶的最大容量,即突发请求的允许上限
      # 默认为100
      # 正整数:如 1000 表示桶中最多积压1000个令牌(允许瞬时突发1000次请求)
      # 与token_per_second的关系:
      #  若 token_per_second: 100 且 token_bucket_size: 500,则:
      #    长期平均速率 ≤ 100请求/秒。
      #    瞬时突发最高 500请求(需桶中有足够令牌)
      token_bucket_size: 100

  # RPC TLS配置
  tls:
    # TLS模式,可选 disable(禁用), twoway(双向认证),默认为disable
    # 配置 disable(禁用):
    #  关闭TLS加密,所有RPC通信以明文传输
    #  下方的所有TLS相关配置(如证书路径、CA路径)均不生效
    #  适用场景:开发测试、性能压测(无加密开销)
    # 配置 twoway(双向认证):
    #  启用双向TLS认证,要求服务端和客户端均提供证书,并验证对方身份。
    #  通信全程加密,且双方身份强验证。
    #  以下TLS相关路径必须正确,否则服务启动失败。
    #    国密双证书需配置priv_enc_key_file、cert_enc_file、client_root_ca_paths
    #  适用场景:生产环境、跨公网通信、符合国密合规要求的场景。
    mode: disable

    # TLS私钥文件路径
    priv_key_file: ../config/node1/node1.tls.key

    # TLS证书文件路径
    cert_file: ../config/node1/node1.tls.crt

    # 以下配置是国密TLS1.1专属的加密密钥和证书,影响 RC通信的安全性和合规性
    # 在非国密环境下可忽略。
    # tls.crt     用途:身份认证+签名
    # tls.enc.crt 用途:密钥交换+加密
    # 如果未正确配置:
    #  TLS握手无法完成密钥交换,连接失败。
    #  数据无法加密,通信可能以明文传输(存在安全风险)
    # RPC加密TLS私钥文件路径(仅适用于gmtls1.1)
    priv_enc_key_file: ../config/node1/node1.tls.enc.key
    # RPC加密TLS公钥文件路径(仅适用于gmtls1.1)
    cert_enc_file: ../config/node1/node1.tls.enc.crt
    # TLS根证书路径(仅适用于gmtls1.1)
    client_root_ca_paths:
      - ../config/node1/ca

  # RPC黑名单IP地址
  # 将恶意 IP、异常请求源或不受信任的客户端加入黑名单,直接拒绝其所有请求
  blacklist:
    addresses:
      # - "127.0.0.1"

  # RPC服务器最大发送消息大小(单位:MB)
  max_send_msg_size: 100
  RPC服务器最大接收消息大小(单位:MB)
  max_recv_msg_size: 100

1.2.6. consensus

# 共识相关配置
consensus:
  # raft 共识相关配置
  raft:
    # 产生快照的固定间隔区块数,默认:10
    # 配置变更会立即产生快照
    snap_count: 10

    # 是否开启异步保存wal数据,默认:是
    async_wal_save: true

    # 选举和心跳的最小时间单位,默认:1,单位:秒
    ticker: 1
    
  # tbft 共识相关配置
  tbft:
    # 共识节点间的状态消息广播间隔,默认:1000,单位:毫秒
    broadcaster_interval: 1000

1.2.7. storage

# 存储相关配置
storage:
  # 存储路径,区块文件数据的存放路径
  store_path: ../data/wx-org1.chainmaker.org/ledgerData1 
  
  # 存储临时路径,区块数据会临时存放在此路径,后台会搬迁到store_path中
  # 一般在临时路径的磁盘性能较好但是容量较小的情况下使用。
  block_store_tmp_path: ../data2/wx-org1.chainmaker.org/ledgerData1
	
  # 区块数据写入的方式,0:普通写,1:快速写
  write_block_type: 0
	
  # 开启快速写时,等待写入的缓存的最大区块个数。
  quick_write_channel_size: 100
	
  # 是否禁用区块文件数据库,区块文件数据库会将区块数据存放在区块文件中,底层数据库(如leveldb)存放相关的索引信息,
  # 区块文件数据的使用可以优化写入效率,true表示禁用,此时区块数据会先写wal文件(底层数据库写完成后会被清除),
  # 再写底层数据库,默认false启用。
  disable_block_file_db: false
	
  # 区块文件/wal文件是否开启异步刷盘,true开启异步刷盘,异步刷盘会提高写入效率,但是有断电丢数据风险,默认false同步刷盘。
  logdb_segment_async: false
	
  # 单个区块文件/wal文件的大小,单位M,区块写入区块数据的过程中,文件会按照这个大小进行切割。
  logdb_segment_size: 64
	
  # 如果启用了区块文件数据库,read_bfdb_timeout表示读取区块文件的超时时间,单位ms。
  read_bfdb_timeout: 1000
	
  # 单个区块文件是否禁用mmap方式,mmap会加速文件读取,默认false,启用
  disable_logdb_mmap: false
	
  # 慢日志的耗时时间阈值,单位ms,超过配置的值被认定为是慢查询被记录,默认为0,不记录慢日志
  slow_log: 0
	
  # 如果encryptor和encrypt_key都被配置,表示启用存储加密。
  # encryptor表示使用的加密算法(sm4,aes)
  encryptor: sm4    # [*]
  # 加密所使用秘钥,16个字节长度,如果pkcs11被启用,encrypt_key表示是keyID
  encrypt_key: "1234567890123456"

  # 区块文件/wal文件的加密模式,sync: 表示同步加密,每次写入即加密,
  # async: 异步加密,区块文件切换的时候,对整个文件进行异步加密, 默认为空不加密
  wal_encrypt_mode: sync
	
  # sql类型db的数据库名前缀
  db_prefix: org1_  

  # 不允许归档的高度, 默认: 300000,归档最高高度为 当前高度 - unarchive_block_height。
  unarchive_block_height: 300000

  # 归档操作检查间隔,单位s, 默认: 10,即10s。
  archive_check_interval: 10
  
  # 恢复区块文件的间隔,单位s, 默认: 60,即60s,节点将在数据恢复操作60s后开始合并数据到链上。
  restore_interval: 60

  # 是否使用bigfilter,如果使用需要安装redis
  enable_bigfilter: false
  # bigfilter的相关配置
  bigfilter_config:
    # redis服务的地址
    redis_hosts_port: "127.0.0.1:6300,127.0.0.1:6301"
    # redis密码
    redis_password: abcpass
    # 支持的最大交易容量
    tx_capacity: 1000000000
    # 期望的误判率
    fp_rate: 0.000000001

  # 状态数据库是否启用缓存,默认启用
  disable_state_cache: false 
  # 状态数据库缓存的配置
  state_cache_config:
    # 状态数据库的类别,包括 slru, bigcache. 默认启用slru. 
    # 启用slru缓存,需要配置spec条目
    provider: slru
    
    # kv的ttl时间,bigcache的配置
    # life_window: 3000000000000,bigcache的配置
    # 移除过期kv的间隔时间,单位ns,bigcache的配置
    # clean_window: 1000000000
    # 每个entry的最大大小,单位字节. bigcache的配置
    # max_entry_size: 500,bigcache的配置
    # 缓存的大小,单位MB,bigcache的配置
    # hard_max_cache_size: 1024

    # 缓存的规格, 当前主要被slru使用
    spec: 
      # 缓存占用的内存限制,单位M
      memory: 1024 
      # 缓存中最大条目数
      capacity: 10000 

  # 区块数据库配置
  blockdb_config:
    # 使用的数据库类型,支持leveldb, sql, badgerdb, tikvdb
    provider: leveldb # [*]
    # leveldb的配置,如果使用leveldb, 需要对其进行配置.
    leveldb_config:
      # leveldb数据存储路径
      store_path: ../data/wx-org1.chainmaker.org/block
      # leveldb中memdb的大小,单位M
      write_buffer_size: 64

    # sql数据库类型示例
    # provider: sql # [*]
    # sql数据库配置
    # sqldb_config:
      # sql数据库的类型, 支持mysql, tdsql,sqlite. sqlite only for test
      # sqldb_type: mysql # # [*]
      # Mysql/TDsql的连接信息, 数据库名字不需要传递. 例如:  root:admin@tcp(127.0.0.1:3306)/
      # dsn: root:password@tcp(127.0.0.1:3306)/

    # badgerdb数据库示例
    # provider: badgerdb
    # badgerdb配置
    # badgerdb_config:
      # 数据存储路径
      # store_path: ../data/wx-org1.chainmaker.org/history
      # 是否开启压缩功能, 1:启用Snappy压缩算法 2:ZSTD压缩算法,默认0: 不启用压缩
      # compression: 0
      # 值的大小阈值,单位字节,默认10KB, 此阈值用来区分存储的value是大值还是小值。
      # value_threshold: 256
      # 一个批次中所容纳的kv键值对个个数,默认128
      # write_batch_size: 128

    # tikv数据库示例
    # provider: tikvdb
    # tikv配置
    # tikvdb_config:
    	# 数据库名字前缀,默认为空
      # db_prefix: "node1_" 
      # tikv pd server 的url信息,支持多个url,"192.168.1.2:2379,192.168.1.3:2379"
      # endpoints: "127.0.0.1:2379"
      # 最大提交的批次数量,默认128
      # max_batch_count: 128  
      # 每个tikv-server接受的最大连接数,默认4
      # grpc_connection_count: 16 
      # 客户端等待多久没有活动后开始发送 Keepalive 探测包,默认10s
      # grpc_keep_alive_time: 10
      # 客户端等待服务器响应Keepalive探测包的最长时间,如果时间后未收到响应,认为连接已断开,默认3s
      # grpc_keep_alive_timeout: 3  
      # 每一次提交tikv批次的大小,default: 128
      # write_batch_size: 128 # 

  # 状态数据库配置
  statedb_config:
    # statedb使用的存储类型,同blockdb
    provider: leveldb
    leveldb_config:
      store_path: ../data/wx-org1.chainmaker.org/state
      write_buffer_size: 64

    # 状态数据库的布隆过滤器配置,布隆过滤器只在使用kv数据库才生效
    bloom_config:
      # 启用布隆过滤器
      enable: true 
      # 布隆过滤器数据持久化路径
      dump_path: "../data/wx-org1.chainmaker.org/state/bloom" 
      # keys_capacity:布隆过滤器最大key容量, false_positive_rate:布隆过滤器的误判率
      # 布隆过滤器会通过容量和误判率来计算使用的hash函数数量和内存占用情况(1亿个key在0.01误判率下大约占用170M左右内存)
      keys_capacity: 1000000000
      false_positive_rate: 0.01
      # 布隆过滤器持久化一次的频率,即每写入多少个区块进行一次持久化
      dump_per_blocks_committed: 1000 

  # 是否启用historyDB,默认不启用
  disable_historydb: false
  # historydb配置
  historydb_config:
    # historydb使用的存储类型,同blockdb
    provider: leveldb
    leveldb_config:
      store_path: ../data/wx-org1.chainmaker.org/history
      write_buffer_size: 64
    # 是否存储写集的历史记录,默认false,记录
    disable_key_history: false
    # 是否存储合约的历史记录,默认false,记录
    disable_contract_history: true
    # 是否存储账户的历史记录,默认false,记录
    disable_account_history: true
    
  # 是否启用resultdb,默认false,不启用
  disable_resultdb: false
  resultdb_config:
    # resultdb使用的存储类型,同blockdb
    provider: leveldb
    leveldb_config:
      store_path: ../data/wx-org1.chainmaker.org/result
      write_buffer_size: 64

  # 是否禁止合约事件存储功能,默认为true,如果设置为false,需要配置mysql
  disable_contract_eventdb: true
  # 合约事件数据库配置
  contract_eventdb_config:
    # 只支持sql类型
    provider: sql
    # sql数据库配置
    sqldb_config:
      # 事件数据库支持持mysql
      sqldb_type: mysql
      # mysql的DSN配置
      dsn: root:password@tcp(127.0.0.1:3306)/

1.2.8. vm

# 合约虚拟机配置
vm:
  # 合约虚拟机容器的通用配置
  common:
    # 长安链节点与合约虚拟机通信的 Grpc 网络配置
    # Grpc 发送消息的最大体积,默认:100, 单位: MB
    max_send_msg_size: 100
    # Grpc 接收消息的最大体积,默认:100, 单位: MB
    max_recv_msg_size: 100
    # Grpc 连接超时时间, 默认:10, 单位: 秒
    dial_timeout: 10

    # 容器运行时服务器(用于在长安链节点侧处理合约执行进程发来的消息)连接配置
    runtime_server:
      # 运行时服务器的主机地址,默认:127.0.0.1
      host: 127.0.0.1
      # 运行时服务器的主机端口,默认:32351
      port: 32351

    # 合约引擎(在容器中运行,用于管理合约执行进程)配置
    contract_engine:
      # 启动时禁用合约进程预加载功能,默认:否(即默认启动时预加载合约进程),从v2.4.0_alpha_qc版本开始支持
      preload_disable: false

      # 通过对合约使用频率的计算、排序,所预加载的合约进程总数,默认:10(仅当preload_disable为false时,此项起作用)
      preload_num_by_use_frequency: 10

      # 通过对合约最近调用时间的排序,所预加载的合约进程总数,默认:10(仅当preload_disable为false时,此项起作用)
      preload_num_by_last_time: 10

      # 对虚拟机合约进程的系统cgroup配置(用于限制合约进程的资源使用情况)
      # 从v2.4.0_alpha_qc版本开始支持cgroup v2版本,并支持在chainmaker.yml中配置cgroup
      # cgroup使用v1还是v2版本,取决于合约虚拟机容器部署环境的操作系统类型和版本,合约引擎启动后会自行判断
      cgroup:
        # 是否禁用cgroup功能,默认:是(即默认不开启cgroup功能,对合约进程的资源使用情况不做限制),仅当cgroup功能不禁用时,后续cgroup相关配置起作用
        disable: true
        # 每个合约进程能够使用的最大内存大小,“-1”代表不做限制,默认:-1,单位:MiB
        max_mem_size_per_process: -1
        # 每个合约进程能够使用的最大cpu,“-1”代表不做限制,默认:-1,单位:无
        max_cpu_percent_per_process: -1

        # 允许访问的设备列表,默认:"",只支持cgroup v1
        # 详细配置方式可以在下列地址查看:
        #     https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/7/html/resource_management_guide/sec-devices//
        devices_allow: ""

        # 禁止访问的设备列表,默认:"",只支持cgroup v1
        # 详细配置方式可以在下列地址查看:
        #     https://access.redhat.com/documentation/zh-cn/red_hat_enterprise_linux/7/html/resource_management_guide/sec-devices//
        devices_deny: ""
        
  # Golang 合约虚拟机的相关配置
  go:
    # 开启docker-go合约虚拟机,默认:否,仅当该项开启时,后续各项Golang合约虚拟机的相关配置起作用
    enable: false
    # 挂载到宿主机的数据目录,该目录用于存储docker-go合约二进制文件、uds socket文件等
    data_mount_path: ../data/{org_id}/go
    
    # 挂载到宿主机的日志目录,该目录用于存储docker-go合约引擎与合约进程产生的日志信息
    log_mount_path: ../log/{org_id}/go

    # 用于长安链节点和docker-go合约虚拟机(包括合约引擎与合约进程)间的通信协议,默认:tcp
    # 1. tcp: docker-go合约虚拟机使用 TCP 协议与节点侧交互
    # 2. uds: docker-go合约虚拟机使用 unix 域套接字与节点侧交互
    protocol: tcp

    # 如果使用自定义配置文件,则需要配置自定义配置文件的路径,默认:不使用
    # 优先级: chainmaker.yml > vm.yml > 默认配置
    # dockervm_config_path: /config_path/vm.yml
    
    # 是否在终端打印日志,默认:否
    log_in_console: false

    # docker-go虚拟机的日志级别,默认:INFO
    log_level: INFO

    # 用于执行原始(即非跨合约交易)docker-go交易的最大并发进程数
    max_concurrency: 20

    # docker-go合约引擎(在容器中运行,用于管理docker-go合约执行进程)配置
    contract_engine:
      # docker-go合约引擎服务器地址,默认:127.0.0.1
      host: 127.0.0.1
      # docker-go合约引擎服务器端口,默认:22351
      port: 22351
      # 节点侧与docker-go合约引擎通信时所能创建的最大连接数,默认:5
      max_connection: 5

  # Java 合约虚拟机的相关配置
  java:
    # 开启docker-java合约虚拟机,默认:否,仅当该项开启时,后续各项JAVA合约虚拟机的相关配置起作用
    enable: true

    # 挂载到宿主机的数据目录,该目录用于存储docker-java合约二进制文件、uds socket文件等
    data_mount_path: ../data/{org_id}/java

    # 挂载到宿主机的日志目录,该目录用于存储docker-java合约引擎与合约进程产生的日志信息
    log_mount_path: ../log/{org_id}/java

    # 如果使用自定义配置文件,则需要配置自定义配置文件的路径,默认:不使用
    # 优先级: chainmaker.yml > vm.yml > 默认配置
    # dockervm_config_path: /config_path/vm.yml

    # 是否在终端打印日志,默认:否
    log_in_console: false

    # docker-java虚拟机的日志级别,默认:INFO
    log_level: INFO

    # 用于执行原始(即非跨合约交易)docker-java交易的最大并发进程数
    max_concurrency: 20

    # docker-java合约引擎(在容器中运行,用于管理docker-java合约执行进程)配置
    contract_engine:
      # docker-java合约引擎服务器地址,默认:127.0.0.1
      host: 127.0.0.1

      # docker-java合约引擎服务器端口,默认:23351
      port: 23351

      # 节点侧与docker-java合约引擎通信时所能创建的最大连接数,默认:5
      max_connection: 5

1.3. 链配置的管理

长安链·ChainMaker的链配置文件为bcN.yml。其中包含了节点初次启动时的创世纪块的配置信息。将根据该配置,生成创世纪块。

在同一条链中,创世纪块的内容必须严格一致

意味着:bc.yml的内容(若是路径则为路径对应的内容),在每个节点都必须一致

除了启动之前可修改bc.yml文件外,链上配置热修改可以通过SDK和CMC完成。

可修改的链配置主要包含如下几方面:

  1. VM引擎类型:vm.support_list

  2. 区块的交易数、超时时间、出块间隔:block.block_tx_capacity、block.time_out、block.block_interval

  3. 根证书管理:trust_roots

  4. 权限修改:resource_policies

  5. 共识节点管理:nodes