config.yaml

version: 1.0.0

client:

  organization: org1

  logging:
    level: info

  cryptoconfig:
    path: /home/lei/3hostsdk/crypto-config

  credentialStore:

    path: "/tmp/state-store"

    cryptoStore:
      # Specific to the underlying KeyValueStore that backs the crypto key store.
      path: /tmp/msp

  BCCSP:
    security:
     enabled: true
     default:
      provider: "SW"
     hashAlgorithm: "SHA2"
     softVerify: true
     level: 256

  tlsCerts:
    # [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
    systemCertPool: true

    # [Optional]. Client key and cert for TLS handshake with peers and orderers
    client:
      key:
        path: /home/lei/3hostsdk/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.key
      cert:
        path: /home/lei/3hostsdk/crypto-config/peerOrganizations/org1.example.com/users/User1@org1.example.com/tls/client.crt


channels:
  _default:
    
    peers:
      peer0.org1.example.com:
        # [Optional]. will this peer be sent transaction proposals for endorsement? The peer must
        # have the chaincode installed. The app can also use this property to decide which peers
        # to send the chaincode install request. Default: true
        endorsingPeer: true

        # [Optional]. will this peer be sent query proposals? The peer must have the chaincode
        # installed. The app can also use this property to decide which peers to send the
        # chaincode install request. Default: true
        chaincodeQuery: true

        # [Optional]. will this peer be sent query proposals that do not require chaincodes, like
        # queryBlock(), queryTransaction(), etc. Default: true
        ledgerQuery: true

        # [Optional]. will this peer be the target of the SDK's listener registration? All peers can
        # produce events but the app typically only needs to connect to one to listen to events.
        # Default: true
        eventSource: true

    # [Optional]. The application can use these options to perform channel operations like retrieving channel
    # config etc.
    policies:
      #[Optional] options for retrieving discovery info
      discovery:
        #[Optional] discovery info will be retrieved for these number of random targets
        maxTargets: 2
        #[Optional] retry options for retriving discovery info
        retryOpts:
          #[Optional] number of retry attempts
          attempts: 4
          #[Optional] the back off interval for the first retry attempt
          initialBackoff: 500ms
          #[Optional] the maximum back off interval for any retry attempt
          maxBackoff: 5s
          #[Optional] he factor by which the initial back off period is exponentially incremented
          backoffFactor: 2.0
      #[Optional] options for selection service
      selection:
        #[Optional] endorser selection sorting strategy. Possible values: [BlockHeightPriority,Balanced]
        SortingStrategy: BlockHeightPriority
        #[Optional] load-balancer type. Possible values: [RoundRobin,Random]
        Balancer: RoundRobin
        #[Optional] the number of blocks from the highest block number of a group of peers that a peer
        #can lag behind and still be considered to be up-to-date. These peers will be sorted using the
        #given Balancer. If a peer's block height falls behind this threshold then it will be demoted
        #to a lower priority list of peers which will be sorted according to block height.
        #Note: This property only applies to BlockHeightPriority sorter.
        BlockHeightLagThreshold: 5
      #[Optional] options for retrieving channel configuration blocks
      queryChannelConfig:
        #[Optional] min number of success responses (from targets/peers)
        minResponses: 1
        #[Optional] channel config will be retrieved for these number of random targets
        maxTargets: 1
        #[Optional] retry options for query config block
        retryOpts:
          #[Optional] number of retry attempts
          attempts: 5
          #[Optional] the back off interval for the first retry attempt
          initialBackoff: 500ms
          #[Optional] the maximum back off interval for any retry attempt
          maxBackoff: 5s
          #[Optional] he factor by which the initial back off period is exponentially incremented
          backoffFactor: 2.0

      #[Optional] options for the event service
      eventService:
        # [Optional] resolverStrategy specifies the peer resolver strategy to use when connecting to a peer
        # Possible values: [PreferOrg (default), MinBlockHeight, Balanced]
        #
        # PreferOrg:
        #   Determines which peers are suitable based on block height lag threshold, although will prefer the peers in the
        #   current org (as long as their block height is above a configured threshold). If none of the peers from the current org
        #   are suitable then a peer from another org is chosen.
        # MinBlockHeight:
        #   Chooses the best peer according to a block height lag threshold. The maximum block height of all peers is
        #   determined and the peers whose block heights are under the maximum height but above a provided "lag" threshold are load
        #   balanced. The other peers are not considered.
        # Balanced:
        #   Chooses peers using the configured balancer.
        resolverStrategy: PreferOrg

        # [Optional] balancer is the balancer to use when choosing a peer to connect to
        # Possible values: [Random (default), RoundRobin]
        balancer: RoundRobin

        # [Optional] blockHeightLagThreshold sets the block height lag threshold. This value is used for choosing a peer
        # to connect to. If a peer is lagging behind the most up-to-date peer by more than the given number of
        # blocks then it will be excluded from selection.
        # Note that this parameter is applicable only when minBlockHeightResolverMode is set to ResolveByThreshold.
        # Default: 5
        blockHeightLagThreshold: 2

        # [Optional] reconnectBlockHeightLagThreshold - the event client will disconnect from the peer if the peer's
        # block height falls behind the specified number of blocks and will reconnect to a better performing peer.
        # Note that this parameter is only applicable if peerMonitor is set to Enabled (default).
        # Default: 10
        # NOTES:
        #   - Setting this value too low may cause the event client to disconnect/reconnect too frequently, thereby
        #     affecting performance.
        reconnectBlockHeightLagThreshold: 5

        # [Optional] peerMonitorPeriod is the period in which the connected peer is monitored to see if
        # the event client should disconnect from it and reconnect to another peer.
        # Default: 0 (disabled) for Balanced resolverStrategy; 5s for PreferOrg and MinBlockHeight strategy
        peerMonitorPeriod: 3s


  # multi-org test channel
  mychannel:
    peers:
      peer0.org1.example.com:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true
      peer1.org1.example.com:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true
      peer0.org2.example.com:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true
    policies:
      queryChannelConfig:
        minResponses: 1
        maxTargets: 1
        retryOpts:
          attempts: 5
          initialBackoff: 500ms
          maxBackoff: 5s
          backoffFactor: 2.0
#
# list of participating organizations in this network 
#
organizations:
  org1:
    mspid: Org1MSP

    # This org's MSP store (absolute path or relative to client.cryptoconfig)
    cryptoPath:  /home/lei/3hostsdk/crypto-config/peerOrganizations/org1.example.com/users/{username}@org1.example.com/msp

    peers:
      - peer0.org1.example.com
      - peer1.org1.example.com

    # [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
    # network. Typically certificates provisioning is done in a separate process outside of the
    # runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
    # dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
    # Fabric-CA servers.

    # certificateAuthorities:
      # - ca.org1.example.com
      # - tlsca.org1.example.com
  

    # certificateAuthorities:
    #   - ca.org2.example.com

  org2:
    mspid: Org2MSP

    # This org's MSP store (absolute path or relative to client.cryptoconfig)
    cryptoPath:  /home/lei/3hostsdk/crypto-config/peerOrganizations/org2.example.com/users/{username}@org2.example.com/msp

    peers:
      - peer0.org2.example.com

    # certificateAuthorities:
    #   - ca.org2.example.com

  # Orderer Org name
  ordererorg:
      # Membership Service Provider ID for this organization
      mspID: OrdererMSP

      # Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode)
      cryptoPath: /home/lei/3hostsdk/crypto-config/ordererOrganizations/example.com/users/{username}@example.com/msp


#
# List of orderers to send transaction and channel create/update requests to. For the time
# being only one orderer is needed. If more than one is defined, which one get used by the
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers.
#
orderers:
  orderer.example.com:
    # [Optional] Default: Infer from hostname
    url: orderer.example.com:7050

    # these are standard properties defined by the gRPC library
    # they will be passed in as-is to gRPC client constructor
    grpcOptions:
      ssl-target-name-override: orderer.example.com
      # These parameters should be set in coordination with the keepalive policy on the server,
      # as incompatible settings can result in closing of connection.
      # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
      keep-alive-time: 0s
      keep-alive-timeout: 20s
      keep-alive-permit: false
      fail-fast: false
      # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
      allow-insecure: false

    tlsCACerts:
      # Certificate location absolute path
      path: /home/lei/3hostsdk/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
  orderer2.example.com:
    # [Optional] Default: Infer from hostname
    url: orderer2.example.com:8050

    # these are standard properties defined by the gRPC library
    # they will be passed in as-is to gRPC client constructor
    grpcOptions:
      ssl-target-name-override: orderer2.example.com
      # These parameters should be set in coordination with the keepalive policy on the server,
      # as incompatible settings can result in closing of connection.
      # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
      keep-alive-time: 0s
      keep-alive-timeout: 20s
      keep-alive-permit: false
      fail-fast: false
      # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
      allow-insecure: false

    tlsCACerts:
      # Certificate location absolute path
      path: /home/lei/3hostsdk/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
  orderer3.example.com:
    # [Optional] Default: Infer from hostname
    url: orderer3.example.com:9050

    # these are standard properties defined by the gRPC library
    # they will be passed in as-is to gRPC client constructor
    grpcOptions:
      ssl-target-name-override: orderer3.example.com
      # These parameters should be set in coordination with the keepalive policy on the server,
      # as incompatible settings can result in closing of connection.
      # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
      keep-alive-time: 0s
      keep-alive-timeout: 20s
      keep-alive-permit: false
      fail-fast: false
      # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
      allow-insecure: false

    tlsCACerts:
      # Certificate location absolute path
      path: /home/lei/3hostsdk/crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

#
# List of peers to send various requests to, including endorsement, query
# and event listener registration.
#
peers:

  peer0.org1.example.com:
    # this URL is used to send endorsement and query requests
    # [Optional] Default: Infer from hostname
    url: peer0.org1.example.com:7051
    grpcOptions:
      ssl-target-name-override: peer0.org1.example.com
      # These parameters should be set in coordination with the keepalive policy on the server,
      # as incompatible settings can result in closing of connection.
      # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
      keep-alive-time: 0s
      keep-alive-timeout: 20s
      keep-alive-permit: false
      fail-fast: false
      # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
      allow-insecure: false

    tlsCACerts:
      # Certificate location absolute path
      path: /home/lei/3hostsdk/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem


  peer1.org1.example.com:
    url: peer1.org1.example.com:8051
    #grpcOptions:
    #  ssl-target-name-override: peer0.org1.example.com
    grpcOptions:
      ssl-target-name-override: peer1.org1.example.com
      # These parameters should be set in coordination with the keepalive policy on the server,
      # as incompatible settings can result in closing of connection.
      # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
      keep-alive-time: 0s
      keep-alive-timeout: 20s
      keep-alive-permit: false
      fail-fast: false
      # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
      allow-insecure: false
    tlsCACerts:
      path: /home/lei/3hostsdk/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem

  peer0.org2.example.com:
    # this URL is used to send endorsement and query requests
    # [Optional] Default: Infer from hostname
    url: peer0.org2.example.com:9051
    grpcOptions:
      ssl-target-name-override: peer0.org2.example.com
      # These parameters should be set in coordination with the keepalive policy on the server,
      # as incompatible settings can result in closing of connection.
      # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
      keep-alive-time: 0s
      keep-alive-timeout: 20s
      keep-alive-permit: false
      fail-fast: false
      # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
      allow-insecure: false
    #grpcOptions:
    #  ssl-target-name-override: peer0.org2.example.com

    tlsCACerts:
      # Certificate location absolute path
      path: /home/lei/3hostsdk/crypto-config/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem


#
# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows
# certificate management to be done via REST APIs. Application may choose to use a standard
# Certificate Authority instead of Fabric-CA, in which case this section would not be specified.
#
# certificateAuthorities:
#   ca.org1.example.com:
#     # [Optional] Default: Infer from hostname
#     url: https://ca.org1.example.com:7054
#     # [Optional] The optional server name for target override
#     #grpcOptions:
#     #  ssl-target-name-override: ca.org1.example.com
#     tlsCACerts:
#       # Comma-Separated list of paths
#       path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
#       # Client key and cert for SSL handshake with Fabric CA
#       client:
#         key:
#           path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.key
#         cert:
#           path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.crt

#     # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
#     # needed to enroll and invoke new users.
#     registrar:
#       enrollId: admin
#       enrollSecret: adminpw
#     # [Optional] The optional name of the CA.
#     caName: ca.org1.example.com
#   tlsca.org1.example.com:
#     # [Optional] Default: Infer from hostname
#     url: https://ca.org1.example.com:7154
#     tlsCACerts:
#       # Comma-Separated list of paths
#       path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
#       # Client key and cert for SSL handshake with Fabric CA
#       client:
#         key:
#           path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.key
#         cert:
#           path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.crt

#     # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
#     # needed to enroll and invoke new users.
#     registrar:
#       enrollId: admin2
#       enrollSecret: adminpw2
#     # [Optional] The optional name of the CA.
#     caName: tlsca.org1.example.com
#   ca.org2.example.com:
#     url: https://ca.org2.example.com:8054
#     # [Optional] The optional server name for target override
#     #grpcOptions:
#     #  ssl-target-name-override: ca.org2.example.com
#     tlsCACerts:
#       # Comma-Separated list of paths
#       path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
#       # Client key and cert for SSL handshake with Fabric CA
#       client:
#         key:
#           path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.key
#         cert:
#           path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.crt

#      # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
#      # needed to enroll and invoke new users.
#     registrar:
#       enrollId: admin
#       enrollSecret: adminpw
#     # [Optional] The optional name of the CA.
#     caName: ca.org2.example.com



# EntityMatchers enable substitution of network hostnames with static configurations
# so that properties can be mapped. Regex can be used for this purpose
# UrlSubstitutionExp can be empty which means the same network hostname will be used
# UrlSubstitutionExp can be given same as mapped peer url, so that mapped peer url can be used
# UrlSubstitutionExp can have golang regex matchers like ${1}.local.example.${2}:${3} for pattern
# like peer0.org1.example.com:1234 which converts peer0.org1.example.com to peer0.org1.local.example.com:1234
# sslTargetOverrideUrlSubstitutionExp follow in the same lines as
# SubstitutionExp for the fields gprcOptions.ssl-target-name-override respectively
# In any case mappedHost's config will be used, so mapped host cannot be empty, if entityMatchers are used

entityMatchers:
  peer:

    - pattern: (\w+).org1.example.com:(\d+)
      urlSubstitutionExp: ${1}.org1.example.com:${2}
      sslTargetOverrideUrlSubstitutionExp: ${1}.org1.example.com
      mappedHost: peer0.org1.example.com


    - pattern: (\w+).org2.example.com:(\d+)
      urlSubstitutionExp: ${1}.org2.example.com:${2}
      sslTargetOverrideUrlSubstitutionExp: ${1}.org2.example.com
      mappedHost: peer0.org2.example.com

  #   - pattern: (\w+).org1.example.(\w+)
  #     urlSubstitutionExp: peer0.org1.example.com:7051
  #     sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com
  #     mappedHost: peer0.org1.example.com
 
  #   - pattern: (\w+).org2.example.(\w+)
  #     urlSubstitutionExp: peer0.org2.example.com:8051
  #     sslTargetOverrideUrlSubstitutionExp: peer0.org2.example.com
  #     mappedHost: peer0.org2.example.com
 
  #   - pattern: (\w+).example1.(\w+):(\d+)
  #     urlSubstitutionExp: ${1}.org1.example.${2}:${3}
  #     sslTargetOverrideUrlSubstitutionExp: ${1}.org1.example.${2}
  #     mappedHost: peer0.org1.example.com
 
  #   - pattern: (\w+).org1.example.(\w+):(\d+)
  #     urlSubstitutionExp: peer0.org1.example.com:7051
  #     sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com
  #     mappedHost: peer0.org1.example.com
 
  # orderer:
  #   - pattern: (\w+).example.(\w+)
  #     urlSubstitutionExp: orderer.example.com:7050
  #     sslTargetOverrideUrlSubstitutionExp: orderer.example.com
  #     mappedHost: orderer.example.com
 
  #   - pattern: (\w+).example2.(\w+)
  #     urlSubstitutionExp: localhost:7050
  #     sslTargetOverrideUrlSubstitutionExp: localhost
  #     mappedHost: orderer.example.com
 
  #   - pattern: (\w+).example3.(\w+)
  #     urlSubstitutionExp:
  #     sslTargetOverrideUrlSubstitutionExp:
  #     mappedHost: orderer.example.com
 
  #   - pattern: (\w+).example4.(\w+):(\d+)
  #     urlSubstitutionExp: ${1}.example.${2}:${3}
  #     sslTargetOverrideUrlSubstitutionExp: ${1}.example.${2}
  #     mappedHost: orderer.example.com
 
  # certificateAuthority:
  #   - pattern: (\w+).org1.example.(\w+)
  #     urlSubstitutionExp:
  #     sslTargetOverrideUrlSubstitutionExp: ca.example.com
  #     mappedHost: ca.org1.example.com
 
  #   - pattern: (\w+).org2.example.(\w+)
  #     urlSubstitutionExp:
  #     sslTargetOverrideUrlSubstitutionExp: ca.example.com
  #     mappedHost: ca.org2.example.com

###############################################################################
#
#    Operations section
#    copied from Fabric's core.yaml
###############################################################################
# operations:
#   # host and port for the operations server
#   listenAddress: 127.0.0.1:8080

#   # TLS configuration for the operations endpoint
#   tls:
#     # TLS enabled
#     enabled: false

#     # TODO replace cert.file, key.file and clientRootCAs.files to tlsCACerts as used elsewhere in this config file
#     # path to PEM encoded server certificate for the operations server
#     cert:
#       file:

#     # path to PEM encoded server key for the operations server
#     key:
#       file:

#     # require client certificate authentication to access all resources
#     clientAuthRequired: false

#     # paths to PEM encoded ca certificates to trust for client authentication
#     clientRootCAs:
#       files: []

###############################################################################
#
#    Metrics section
#    copied from Fabric's core.yaml
###############################################################################
# metrics:
#   # metrics provider is one of statsd, prometheus, or disabled
#   provider: prometheus

#   # statsd configuration
#   statsd:
#     # network type: tcp or udp
#     network: udp

#     # statsd server address
#     address: 127.0.0.1:8125

#     # the interval at which locally cached counters and gauges are pushed
#     # to statsd; timings are pushed immediately
#     writeInterval: 10s

#     # prefix is prepended to all emitted statsd metrics
#     prefix: