# Peer concepts and setup (core.yaml) The peer node process can be configured using configuration file core.yaml, which must be located in the directory specified by the environment variable FABRIC_CFG_PATH. Environment variables name rule `CORE_SECTION_SUB-Section_PROPERTY` e.g., `CORE_PEER_LISTENADDRESS`  ## peer section ### sub-section:  - id Peer's Identity `devpeer` - networkid Separation of newtworks When the chaincode is instantiated, peer sets up a docker image and the name of the image is prefixed with the networkid. `dev` - listenAddress Incoming GRPC connections by default listens on all network interface `0.0.0.0:7051` - address CLI config endpotint other peers in the same org `Private-IP-Address:7051` ::: warning If `address` not set then all incoming connections accepted `listenAddress` ::: - chaincodeAddress Conaincode listener address accept GRPC client connection from the Docker containers for the chaincode `0.0.0:7052` - localMspid This MUST match with the MSP ID in the genesis block `Org1MSP` - mspConfigPath File system path for MSP local configuration `../../peers/devpeer/msp` - fileSystemPath Folder in which peer writes the data e.g., Ledger as a best practice file system path must be protected/secured `../../simple-two-orgs/ledger` ::: warning If `fileSystemPath` is set to HOST file system then you may see LevelDB errors ::: :::info #### Transport Layer Security (TLS)  ::: - tls Transport Layer Security Configuration - enabled true | false - key Path to the private ket server.key - cert Path to the TLS certificate server.crt - rootcert Trusted root certificate ca.crt  - clientAuthRequired true | false(Accepts connection from any source) - clientRootCAS - files List of Client CA certs that can be trusted - clientCert - file Cert used by peer for client connections `peer.tls.cert.file` - clientKey - file Key used by peer for client connections `peer.tls.key.file`  :::info #### Enabling TLS on Peer    ::: - gossip Gossip setup :::info #### Gossip Data Dissemination Protocol  **https://hackmd.io/J10PK6DGTsOp8S8bqjOZJw** ::: - bootstrap List of bootstrap When the new peer launches, it uses the known bootstrap Peers address to connect to it, and it receives back the list of other peers available in the network.  - aliveTimeInterval Time(seconds) between alive message - aliveExpirationTimeout Alive expiration in seconds - orgLeader static leader `true | false` - useLeaderElection Elected dynamically at runtime `true | false` For large network for peers it is recommended to set `true` - election Leader election tuning :::warning `orgLeader` and `useLeaderElection` are mutually exclusive, only one of there can be true ::: - BCCSP Blockchain Crypto Service Provider - Default `SW`software CSP `PKCS11`hardware CSP - SW (if `Default:SW`) - Hash Hshing algorithm - Security Key size - FileKeyStore Location of the keystore - KeyStore Defaults to LocalMSPDIR/keystore - PKCS11 ::: info Peer Events - Peer emit events on receiving Blocks  - Envet subscription in on per channel basis - Only channel member organization can subsrcibe  - Subscriber may be form outside the organization  client Org B is in the same channel - Chaincode emit events - Developer defines the chaincode events - Emitted in code using SDK/API - Chaincode events included in the block event emitted by Peer - Chaincode event subsription - Client subscribe to events - Get the status of the transaction - Trigger asynchronous proceesing - Client Subsription modes - Filtered - Block information summary | Transaction status - Less restrictive in terms of access - Chaincode event name only - Un-Filtered - ALl of transaction information - Stricter access restrictions - Chaincode event payload ::: - events - Address the subsriber have to use for initiating a event subscription request. `0.0.0.0:7053` ## ledger section :::warning Transaction Log(blockchain data) define by `peer` section State data define by `ledger` section ::: :::info  - Txn Log - Use the local file system as opposed network drive - secure the file system - State - Co-locate the Peer and CouchDB on same server/host - Setup secure access credentials - Disable remote access to CounchDB in - if used for quering then whitelist IP from where to connect - state data written to CounchDB - Each chaincode has its own database - State data may be queried ::: - stateDatabase `goleveldb` levelDB `CouchDB` CouchDB - couchDBconfig (if `stateDatabase:CouchDB`) - couchDBAddress: Data base instance address - Username: for credentials - Password: - maxRetriesonStartup: the number of attempts that the peer will make to reconnect with the couchDB - maxRestries: number of attempts that the peer will make to reconnect with the couchDB - requestTimeout: the amount of time that the pure will wait for the response before logging an error - queryLimit: the maximum number of documents that will be written in response to a query :::info #### Setup CouchDB for State Date - CouchDB - CouchDB is a NoSQL database - CRUD(Create Retrieve Update Delete) operations carried out by way of API/JSON - Has an embedded admin tool   - You may need to modify the configuration file(local.ini) - Typically remote access is disabled(i.e., port 5984 available only on localhost) - Docker container installation alredy setup - expose port 5984 to remote machine - No user ID & Password    ::: ## operetions section ## metrics section ## vm section