Установка и использование платформы

Примеры конфигурационного файла ноды

node.conf

В этом разделе приведён пример конфигурационного файла узла node.conf. В этом примере конфигурации:

  • используется алгоритм консенсуса CFT;

  • включена защита канала связи по протоколу TLS с использованием ГОСТ (отключение допускается только в тестовых целях);

  • запущены инструменты gRPC и REST API с использованием канала связи по протоколу TLS с использованием ГОСТ;

  • включена авторизация по tls-whitelist для gRPC и REST API;

  • включено исполнение смарт-контрактов;

  • настроена функция периодического удаления невалидных транзакций из UTX-пула участника блокчейна, который не является майнером;

  • настроена задержка проверки UTX-пула (есть ли в пуле транзакции или он пуст) майнером.

Поля, значения которых вы получите при использовании пакета generators или настроите самостоятельно, исходя из конфигурации вашего оборудования и ПО, помечены как /FILL/.

Каждая секция снабжена дополнительным комментарием.

node.conf:
node {
  # Application logging level. Could be DEBUG | INFO | WARN | ERROR. Default value is INFO.
  logging-level = DEBUG

  # Node owner address
  owner-address = " /FILL/ "

  # Node "home" and data directories to store the state
  # Default: ${user.home}"/node"
  directory = " /FILL/ "

  # Location and name of a license file
  # Default: ${node.directory}"/node.license"
  license.file = " /FILL/ "

  # Crypto settings
  crypto {
    type = GOST

    pki {
      mode = ON
      # At least one of the OIDs is required to be listed in EKU of user's certificates to pass verification
      required-oids = [ /FILL/ ]
      crl-checks-enabled = true
    }
  }

  # NTP settings
  ntp {
    # Defaults: ["0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org", "3.pool.ntp.org"]
    # servers = [/FILL/]

    # Socket timeout for synchonization request.
    request-timeout = 10 seconds

    # Time between synchronization requests.
    expiration-timeout = 1 minute

    # Maximum time without synchronization. Required for PoA consensus.
    fatal-timeout = 1 minute
  }

  # keystore access password
  wallet.password = " /FILL/ "
  }

  # Blockchain settings
  blockchain {

    type = CUSTOM
    # Must be configured for specific network topology and load
    consensus {
      type = CFT
      round-duration = 10s
      sync-duration = 2s
      ban-duration-blocks = 20
      warnings-for-ban = 5
      max-bans-percentage = 30
      max-validators = 5
    }

    custom {
      # Network byte, used to distinguish addresses from different networks
      address-scheme-character = "T"
      functionality {
        feature-check-blocks-period = 10000
        blocks-for-feature-activation = 6600
        pre-activated-features = {
          2 = 0
          3 = 0
          4 = 0
          5 = 0
          6 = 0
          7 = 0
          9 = 0
          10 = 0
          100 = 0
          101 = 0
          119 = 0
          120 = 0
          130 = 0
          140 = 0
          160 = 0
          162 = 0
          173 = 0
          180 = 0
          190 = 0
        }
      }

      genesis {
        pki {
          # SHA1 fingerprints of trusted roots
          trusted-root-fingerprints = [/FILL/]
          # Certificates of all participants of the genesis block
          certificates = [/FILL/]
          # Initial CRLs
          crls = [{publicKeyBase58 = " /FILL/ ", cdp = " /FILL/ ", crl = "/FILL/"}]
        }
        average-block-delay: 40s
        # Will be reset by GenesisBlockGenerator
        block-timestamp: 1662019967398
        initial-base-target: 10000
        initial-balance: 100000000000000000
       # Will be reset by GenesisBlockGenerator
        genesis-public-key-base-58: " /FILL/ "
        # Well be reset by GenesisBlockGenerator
        signature: " /FILL/ "
        # Initial distribution of initial coins
        transactions = [
          {recipient: " /FILL/ ", amount: /FILL/}
        ]
        # Initial network participants and role distribution among them
        network-participants = [
          {public-key: " /FILL/ ", roles: [/FILL/]}
        ]
      }
    }
  }

  miner {
    enable = yes
    # Important: use quorum = 0 only for testing purposes, while running a single-node network;
    # In other cases always set quorum > 0
    quorum = 2
    interval-after-last-block-then-generation-is-allowed = 10d
    micro-block-interval = 1500ms
    min-micro-block-age = 0ms
    max-transactions-in-micro-block = 500
    utx-check-delay = 1000ms
  }

  tls {
    # Supported TLS types:
    #  • EMBEDDED: Certificate is signed by node's provider and packed into JKS Keystore.
    #             The same file is used as a Truststore.
    #             Has to be manually imported into system by user to avoid certificate warnings.
    # • DISABLED: TLS is fully disabled
    type = GOST
    keystore-type = "HDIMAGE"
    keystore-password = " /FILL/ "
    truststore-type = "CertStore"
    truststore-path = " /FILL/ "
    truststore-password = " /FILL/ "
  }

  # P2P Network settings
  network {
    # Network address
    bind-address = "0.0.0.0"
    # Port number
    port = 6864
    # Enable/disable network TLS
    tls = true

    # ENUM: regular or watcher
    mode = regular

    # Peers network addresses and ports
    #   Example: known-peers = ["node-1.com:6864", "node-2.com:6864"]
    known-peers = [/FILL/]

    # Node name to send during handshake. Comment this string out to set random node name.
    #   Example: node-name = "your-node-name"
    node-name = " /FILL/ "

    # How long the information about peer stays in database after the last communication with it
    peers-data-residence-time = 2h

    # String with IP address and port to send as external address during handshake.
    #   Example: declared-address = "your-node-address.com:6864"
    declared-address = "0.0.0.0:6864"

    # Delay between attempts to connect to a peer
    attempt-connection-delay = 5s

    break-idle-connections-timeout = 3m
  }

  # Nodes REST API settings
  api {
    rest {
      # Enable/disable REST API
      enable = yes

      # Network address to bind to
      bind-address = "0.0.0.0"

      # Port to listen to REST API requests
      port = 6862

      # Enable/disable TLS for REST
      tls = true
    }

    grpc {
      # Enable/disable gRPC API
      enable = yes

      # Network address to bind to
      bind-address = "0.0.0.0"

      # Port to listen to gRPC API requests
      port = 6865

      # Enable/disable TLS for gRPC
      tls = true
    }

    auth {
      type = "tls-whitelist"

      # Public keys are expected in Base64 format
      admin-public-keys = [
      "MGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIDQwAEQLh7lrv/ioWdnUkvX3NybRoeew1PPz1vMaajxzpi1CYoWRl rPC9 RjlVul5PCMyAL2OuO4lgpcqBj1+y2cEjajXw="
      ]
    }
  }


  # Docker smart contracts settings
  docker-engine {
    # Docker smart contracts enabled flag
    enable = yes

    # For starting contracts in a local docker
    use-node-docker-host = no

    # default-registry-domain = "registry.yourdomain.com"
    # Basic auth credentials for docker host
    #docker-auth {
    #  username = "some user"
    #  password = "some password"
    #}
    # Optional connection string to docker host
    docker-host = "unix:///var/run/docker.sock"

    # Optional string to node REST API if we use remote docker host
    # node-rest-api = "node-0"

    # Execution settings
    execution-limits {
      # Contract execution timeout
      timeout = 10s
      # Memory limit in Megabytes
    memory = 512
      # Memory swap value in Megabytes (see https://docs.docker.com/config/containers/resource_constraints/)
      memory-swap = 0
    }

    # Remove container with contract after specified duration passed
    remove-container-after = 10m

    # Remote registries auth information
    remote-registries = []

    # Check registry auth on node startup
    check-registry-auth-on-startup = yes

    # Contract execution messages cache settings
    contract-execution-messages-cache {
      # Time to expire for messages in cache
      expire-after = 60m
      #Max number of messages in buffer. When the limit is reached, the node processes all messages in batch
      max-buffer-size = 10
      # Max time for buffer. When time is out, the node processes all messages in batch
      max-buffer-time = 100ms
      # The interval after which invalid transactions (with Error status) are removed
      #from the UTX pool of a non-miner node
      utx-cleanup-interval = 1m
      # The minimum number of transaction Error statuses received from other nodes,
      # after which the transaction is removed from the UTX pool of a non-miner node
      contract-error-quorum = 2
    }
  }
}
Смотрите также