## 配置文件一览 ### chainmaker-go #### chainmaker.yml节点配置 ```yml # # Copyright (C) BABEC. All rights reserved. # Copyright (C) THL A29 Limited, a Tencent company. All rights reserved. # # SPDX-License-Identifier: Apache-2.0 # # [*] the represented items could not be modified after startup # "auth_type" should be consistent among the whole chain configuration files(e.g., bc1.yml and chainmaker.yml) # The auth type can be permissionedWithCert, permissionedWithKey, public. # By default it is permissionedWithCert. # permissionedWithCert: permissioned blockchain, using x.509 certificate to identify members. # permissionedWithKey: permissioned blockchain, using public key to identify members. # public: public blockchain, using public key to identify members. auth_type: "permissionedWithCert" # [*] # Logger settings log: # Logger configuration file path. config_file: ../config/wx-org1.chainmaker.org/log.yml # Chains the node currently joined in blockchain: # chain id and its genesis block file path. - chainId: chain1 genesis: ../config/wx-org1.chainmaker.org/chainconfig/bc1.yml - chainId: chain2 genesis: ../config/wx-org1.chainmaker.org/chainconfig/bc2.yml # - chainId: chain3 # genesis: ../config/{org_path3}/chainconfig/bc3.yml # - chainId: chain4 # genesis: ../config/{org_path4}/chainconfig/bc4.yml # Blockchain node settings node: # Organization id is the node belongs to. # When the auth type is public, org id is ignored. org_id: wx-org1.chainmaker.org # [*] # Private key file path priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.key # [*] # Certificate file path cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.crt # [*] # Certificate cache size, used to speed up member identity verification. # By default the cache size is 1000. cert_cache_size: 1000 # PKCS#11 crypto settings pkcs11: # Enable it or not enabled: false # [*] # Path for the pkcs11 interface file(.so) library: /usr/local/lib64/pkcs11/libupkcs11.so # Label for the slot to be used label: HSM # HSM Password password: 11111111 # Size for HSM session cache, default value is 10. session_cache_size: 10 # Hash algorithm is used to calculate SKI. # It can be SHA256 or SM3. hash: "SHA256" # [*] # Network Settings net: # Network provider, can be libp2p or liquid. # libp2p: using libp2p components to build the p2p module. # liquid: a new p2p network module. We build it from 0 to 1. # This item must be consistent across the blockchain network. provider: LibP2P # The address and port the node listens on. # By default, it uses 0.0.0.0 to listen on all network interfaces. listen_addr: /ip4/0.0.0.0/tcp/11301 # Max stream of a connection. # peer_stream_pool_size: 100 # Max number of peers the node can connect. # max_peer_count_allow: 20 # The strategy for eliminating node when the amount of connected peers reaches the max value # It could be: 1 Random, 2 FIFO, 3 LIFO. The default strategy is LIFO. # peer_elimination_strategy: 3 # The seeds list used to setup network among all the peer seed when system starting. # The connection supervisor will try to dial seed peer whenever the connection is broken. # Example ip format: "/ip4/127.0.0.1/tcp/11301/p2p/"+nodeid # Example dns format:"/dns/cm-node1.org/tcp/11301/p2p/"+nodeid seeds: - "/ip4/127.0.0.1/tcp/11301/p2p/QmbAJs1MXEMxB73emPdzN3pJ6fHSDRKNr8BLcJms1bT4Kz" - "/ip4/127.0.0.1/tcp/11302/p2p/QmVjyEBHCi7JdMNMipk1BiCphAEa2rGBbnbwcc8DhUfaZW" - "/ip4/127.0.0.1/tcp/11303/p2p/QmNSefpUis1kip2U7nPish8BamChhT1bafWSxsWAkYS3av" - "/ip4/127.0.0.1/tcp/11304/p2p/QmXy3S8reg2nhXEaiLUvVAMkqsFw9cSRmxDS95kosUWTuH" # Network tls settings. tls: # Enable tls or not. Currently it can only be true... enabled: true # TLS private key file path. priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key # TLS Certificate file path. cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt # The blacklist is automatically block the listed seed to connect. # blacklist: # The addresses in blacklist. # The address format can be ip or ip+port. # addresses: # - "127.0.0.1:11301" # - "192.168.1.8" # The node ids in blacklist. # node_ids: # - "QmeyNRs2DwWjcHTpcVHoUSaDAAif4VQZ2wQDQAUNDP33gH" # Transaction pool settings # Other txpool settings can be found in tx_Pool_config.go txpool: # txpool type, can be signle or batch. # By default the txpool type is single. pool_type: "single" # Max transaction count in txpool. # If txpool is full, the following transactions will be discarded. max_txpool_size: 50000 # Max config transaction count in config txpool. max_config_txpool_size: 10 # Interval of creating a transaction batch, only for batch txpool, in millisecond. # batch_create_timeout: 200 # RPC service setting rpc: # RPC type, can only be grpc now provider: grpc # [*] # RPC port port: 12301 # Interval of checking trust root changes, in seconds. # If changed, the rpc server's root certificate pool will also change. # Only valid if tls is enabled. # The minium value is 10. check_chain_conf_trust_roots_change_interval: 60 # Rate limit related settings # Here we use token bucket to limit rate. ratelimit: # Ratelimit switch. Default is false. enabled: false # Rate limit type # 0: limit globally, 1: limit by ip type: 0 # Token number added to bucket per second. # -1: unlimited, by default is 10000. token_per_second: -1 # Token bucket size. # -1: unlimited, by default is 10000. token_bucket_size: -1 # Rate limit settings for subscriber subscriber: ratelimit: token_per_second: 100 token_bucket_size: 100 # RPC TLS settings tls: # TLS mode, can be disable, oneway, twoway. mode: twoway # RPC TLS private key file path priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key # RPC TLS public key file path cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt # RPC blacklisted ip addresses blacklist: addresses: # - "127.0.0.1" # Monitor related settings monitor: # Monitor service switch, default is false. enabled: false # Monitor service port port: 14321 # PProf Settings pprof: # If pprof is enabled or not enabled: false # PProf port port: 24321 # Consensus related settings consensus: raft: # Take a snapshot based on the set the number of blocks. # If raft nodes change, a snapshot is taken immediately. snap_count: 10 # Saving wal asynchronously switch. Default is true. async_wal_save: true # Min time unit in rate election and heartbeat. ticker: 1 # Scheduler related settings scheduler: # whether log the txRWSet map in debug mode rwset_log: false # Storage config settings # Contains blockDb, stateDb, historyDb, resultDb, contractEventDb # # blockDb: block transaction data, support leveldb, mysql, badgerdb # stateDb: world state data, support leveldb, mysql, badgerdb # historyDb: world state change history of transactions, support leveldb, mysql, badgerdb # resultDb: transaction execution results data, support leveldb, mysql, badgerdb # contractEventDb: contract emit event data, support mysql # # provider, sqldb_type cannot be changed after startup. # store_path, dsn the content cannot be changed after startup. storage: # Default store path store_path: ../data/wx-org1.chainmaker.org/ledgerData1 # [*] # Prefix for mysql db name # db_prefix: org1_ # Minimum block height not allowed to be archived unarchive_block_height: 300000 # Symmetric encryption algorithm for writing data to disk. can be sm4 or aes # encryptor: sm4 # [*] # Symmetric encryption key:16 bytes key # If pkcs11 is enabled, it is the keyID # encrypt_key: "1234567890123456" # Block db config blockdb_config: # Databases type support leveldb, sql, badgerdb provider: leveldb # [*] # If provider is leveldb, leveldb_config should not be null. leveldb_config: # LevelDb store path store_path: ../data/wx-org1.chainmaker.org/block # Example for sql provider # Databases type support leveldb, sql, badgerdb # provider: sql # [*] # If provider is sql, sqldb_config should not be null. # sqldb_config: # Sql db type, can be mysql, sqlite. sqlite only for test # sqldb_type: mysql # # [*] # Mysql connection info, the database name is not required. such as: root:admin@tcp(127.0.0.1:3306)/ # dsn: root:password@tcp(127.0.0.1:3306)/ # Example for badgerdb provider # Databases type support leveldb, sql, badgerdb # provider: badgerdb # If provider is badgerdb, badgerdb_config should not be null. # badgerdb_config: # BadgerDb store path # store_path: ../data/wx-org1.chainmaker.org/history # Whether compression is enabled for stored data, default is 0: disabled # compression: 0 # Key and value are stored separately when value is greater than this byte, default is 1024 * 10 # value_threshold: 256 # Number of key value pairs written in batch. default is 128 # write_batch_size: 1024 # State db config statedb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/state # History db config historydb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/history # Result db config resultdb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/result # Disable contract event database or not. If it is false, contract_eventdb_config must be mysql disable_contract_eventdb: true # Contract event db config contract_eventdb_config: # Event db only support sql provider: sql # Sql db config sqldb_config: # Event db only support mysql sqldb_type: mysql # Mysql connection info, such as: root:admin@tcp(127.0.0.1:3306)/ dsn: root:password@tcp(127.0.0.1:3306)/ ``` #### bc1.yml 链配置 ```yml # # Copyright (C) BABEC. All rights reserved. # Copyright (C) THL A29 Limited, a Tencent company. All rights reserved. # # SPDX-License-Identifier: Apache-2.0 # # This file is used to generate genesis block. # The content should be consistent across all nodes in this chain. # chain id chain_id: chain1 # chain maker version version: v2.1.0 # chain config sequence sequence: 0 # The blockchain auth type, shoudle be consistent with auth type in node config (e.g., chainmaker.yml) # The auth type can be permissionedWithCert, permissionedWithKey, public. # By default it is permissionedWithCert. # permissionedWithCert: permissioned blockchain, using x.509 certificate to identify members. # permissionedWithKey: permissioned blockchain, using public key to identify members. # public: public blockchain, using public key to identify members. auth_type: "permissionedWithCert" # Crypto settings crypto: # Hash algorithm, can be SHA256, SHA3_256 and SM3 hash: SHA256 # User contract related settings contract: # If the sql support contract is enabled or not. # If it is true, storage.statedb_config.provider in chainmaker.yml should be sql. enable_sql_support: false # Block proposing related settings block: # Verify the transaction timestamp or not tx_timestamp_verify: true # Transaction timeout, in second. # if abs(now - tx_timestamp) > tx_timeout, the transaction is invalid. tx_timeout: 600 # Max transaction count in a block. block_tx_capacity: 100 # Max block size, in MB block_size: 10 # The interval of block proposing attempts block_interval: 2000 # Core settings core: # Max scheduling time of a block, in second. # [0, 60] tx_scheduler_timeout: 10 # Max validating time of a block, in second. # [0, 60] tx_scheduler_validate_timeout: 10 # Consensus message compression related settings # consensus_turbo_config: # If consensus message compression is enabled or not. # consensus_message_turbo: true # Max retry count of fetching transaction in txpool by txid. # retry_time: 500 # Retry interval of fetching transaction in txpool by txid, in ms. # retry_interval: 20 # snapshot settings # snapshot: # Enable the evidence snapshot or not. # enable_evidence: false # scheduler settings # scheduler: # Enable the evidence scheduler or not. # enable_evidence: false # Consensus settings consensus: # Consensus type # 0-SOLO, 1-TBFT, 3-HOTSTUFF, 4-RAFT, 5-DPOS, 6-ABFT type: 1 # Consensus node list nodes: # Each org has one or more consensus nodes. # We use p2p node id to represent nodes here. - org_id: "wx-org1.chainmaker.org" node_id: - "QmbAJs1MXEMxB73emPdzN3pJ6fHSDRKNr8BLcJms1bT4Kz" - org_id: "wx-org2.chainmaker.org" node_id: - "QmVjyEBHCi7JdMNMipk1BiCphAEa2rGBbnbwcc8DhUfaZW" - org_id: "wx-org3.chainmaker.org" node_id: - "QmNSefpUis1kip2U7nPish8BamChhT1bafWSxsWAkYS3av" - org_id: "wx-org4.chainmaker.org" node_id: - "QmXy3S8reg2nhXEaiLUvVAMkqsFw9cSRmxDS95kosUWTuH" # We can specify other consensus config here in key-value format. ext_config: # - key: aa # value: chain01_ext11 # Trust roots is used to specify the organizations' root certificates in permessionedWithCert mode. # When in permessionedWithKey mode or public mode, it represents the admin users. trust_roots: # org id and root file path list. - org_id: "wx-org1.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org1.chainmaker.org/ca.crt" - org_id: "wx-org2.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org2.chainmaker.org/ca.crt" - org_id: "wx-org3.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org3.chainmaker.org/ca.crt" - org_id: "wx-org4.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org4.chainmaker.org/ca.crt" # Trust members are members that do not need to be verified against trust roots. # trust_members: # Each trust member should specify: member info file path, org id, role, and tls node id if any. # - member_info: "" # org_id: "" # role: "consensus" # node_id: "" # Resource policies settings resource_policies: - resource_name: CHAIN_CONFIG-NODE_ID_UPDATE policy: # Rule can be Any, All, Majority, Self... rule: SELF # The org id list, all organizations are need if here is null. org_list: # The role list role_list: - admin - resource_name: CHAIN_CONFIG-TRUST_ROOT_ADD policy: rule: MAJORITY org_list: role_list: - admin - resource_name: CHAIN_CONFIG-CERTS_FREEZE policy: rule: ANY org_list: role_list: - admin # The disabled native contract list # Disable the system contract by specifying the system contract name # Can disabled native contract name contains CHAIN_CONFIG, CHAIN_QUERY, CERT_MANAGE, GOVERNANCE, MULTI_SIGN, PRIVATE_COMPUTE, DPOS_ERC20, DPOS_STAKE, CROSS_TRANSACTION, PUBKEY_MANAGE disabled_native_contract: # - CONTRACT_NAME ``` ### chainmaker-cryptogen #### crypto_config_template.yml证书生成配置 ```yml crypto_config: - domain: chainmaker.org host_name: wx-org count: 4 # 如果为1,直接使用host_name,否则添加递增编号 # pk_algo: sm2 pk_algo: ecc_p256 ski_hash: sha256 ## pkcs11配置 pkcs11: enabled: false library: /usr/local/lib64/pkcs11/libupkcs11.so label: HSM password: 11111111 session_cache_size: 10 hash: "SHA256" # hash algorithm used to compute SKI specs: &specs_ref expire_year: 10 sans: - chainmaker.org - localhost - 127.0.0.1 location: &location_ref country: CN locality: Beijing province: Beijing # CA证书配置 ca: location: <<: *location_ref specs: <<: *specs_ref # 节点证书配置 node: - type: consensus # 共识节点数量 count: 1 # 共识节点配置 location: <<: *location_ref specs: <<: *specs_ref expire_year: 5 - type: common # 普通节点数量 count: 1 # 普通节点配置 location: <<: *location_ref specs: <<: *specs_ref expire_year: 5 user: - type: admin # 管理员证书数量 count: 1 # 管理员证书配置 location: <<: *location_ref expire_year: 5 - type: client # 普通用户证书数量 count: 1 # 普通用户证书配置 location: <<: *location_ref expire_year: 5 - type: light # 轻节点用户证书数量 count: 1 # 轻节点用户证书配置 location: <<: *location_ref expire_year: 5 ``` ### sdk-go #### sdk_config.yml ```yml chain_client: # 链ID chain_id: "chain1" # 组织ID org_id: "wx-org1.chainmaker.org" # 客户端用户私钥路径 user_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.key" # 客户端用户证书路径 user_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.tls.crt" # 客户端用户交易签名私钥路径(若未设置,将使用user_key_file_path) user_sign_key_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.key" # 客户端用户交易签名证书路径(若未设置,将使用user_crt_file_path) user_sign_crt_file_path: "./testdata/crypto-config/wx-org1.chainmaker.org/user/client1/client1.sign.crt" nodes: - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12301" # 节点连接数 conn_cnt: 10 # RPC连接是否启用双向TLS认证 enable_tls: true # 信任证书池路径 trust_root_paths: - "./testdata/crypto-config/wx-org1.chainmaker.org/ca" - "./testdata/crypto-config/wx-org2.chainmaker.org/ca" # TLS hostname tls_host_name: "chainmaker.org" - # 节点地址,格式为:IP:端口:连接数 node_addr: "127.0.0.1:12302" # 节点连接数 conn_cnt: 1 # RPC连接是否启用双向TLS认证 enable_tls: true # 信任证书池路径 trust_root_paths: - "./testdata/crypto-config/wx-org1.chainmaker.org/ca" - "./testdata/crypto-config/wx-org2.chainmaker.org/ca" # TLS hostname tls_host_name: "chainmaker.org" ``` ### cmc `sdk_config.yml`同 sdk-go的`sdk_config.yml`