Установка и использование платформы
Примеры конфигурационного файла ноды¶
node.conf¶
В этом разделе приведён пример конфигурационного файла узла node.conf. В этом примере конфигурации:
используется алгоритм консенсуса CFT;
включена защита канала связи по протоколу TLS с использованием ГОСТ (отключение допускается только в тестовых целях);
запущены инструменты gRPC и REST API с использованием канала связи по протоколу TLS с использованием ГОСТ;
включена авторизация по tls-whitelist для gRPC и REST API;
включено исполнение смарт-контрактов;
настроена функция периодического удаления невалидных транзакций из UTX-пула участника блокчейна, который не является майнером;
настроена задержка проверки UTX-пула (есть ли в пуле транзакции или он пуст) майнером.
Поля, значения которых вы получите при использовании пакета generators или настроите самостоятельно, исходя из конфигурации вашего оборудования и ПО, помечены как /FILL/.
Каждая секция снабжена дополнительным комментарием.
node.conf:
node { # Application logging level. Could be DEBUG | INFO | WARN | ERROR. Default value is INFO. logging-level = DEBUG # Node owner address owner-address = " /FILL/ " # Node "home" and data directories to store the state # Default: ${user.home}"/node" directory = " /FILL/ " # Location and name of a license file # Default: ${node.directory}"/node.license" license.file = " /FILL/ " # Crypto settings crypto { type = GOST pki { mode = ON # At least one of the OIDs is required to be listed in EKU of user's certificates to pass verification required-oids = [ /FILL/ ] crl-checks-enabled = true } } # NTP settings ntp { # Defaults: ["0.pool.ntp.org", "1.pool.ntp.org", "2.pool.ntp.org", "3.pool.ntp.org"] # servers = [/FILL/] # Socket timeout for synchonization request. request-timeout = 10 seconds # Time between synchronization requests. expiration-timeout = 1 minute # Maximum time without synchronization. Required for PoA consensus. fatal-timeout = 1 minute } # keystore access password wallet.password = " /FILL/ " } # Blockchain settings blockchain { type = CUSTOM # Must be configured for specific network topology and load consensus { type = CFT round-duration = 10s sync-duration = 2s ban-duration-blocks = 20 warnings-for-ban = 5 max-bans-percentage = 30 max-validators = 5 } custom { # Network byte, used to distinguish addresses from different networks address-scheme-character = "T" functionality { feature-check-blocks-period = 10000 blocks-for-feature-activation = 6600 pre-activated-features = { 2 = 0 3 = 0 4 = 0 5 = 0 6 = 0 7 = 0 9 = 0 10 = 0 100 = 0 101 = 0 119 = 0 120 = 0 130 = 0 140 = 0 160 = 0 162 = 0 173 = 0 180 = 0 190 = 0 } } genesis { pki { # SHA1 fingerprints of trusted roots trusted-root-fingerprints = [/FILL/] # Certificates of all participants of the genesis block certificates = [/FILL/] # Initial CRLs crls = [{publicKeyBase58 = " /FILL/ ", cdp = " /FILL/ ", crl = "/FILL/"}] } average-block-delay: 40s # Will be reset by GenesisBlockGenerator block-timestamp: 1662019967398 initial-base-target: 10000 initial-balance: 100000000000000000 # Will be reset by GenesisBlockGenerator genesis-public-key-base-58: " /FILL/ " # Well be reset by GenesisBlockGenerator signature: " /FILL/ " # Initial distribution of initial coins transactions = [ {recipient: " /FILL/ ", amount: /FILL/} ] # Initial network participants and role distribution among them network-participants = [ {public-key: " /FILL/ ", roles: [/FILL/]} ] } } } miner { enable = yes # Important: use quorum = 0 only for testing purposes, while running a single-node network; # In other cases always set quorum > 0 quorum = 2 interval-after-last-block-then-generation-is-allowed = 10d micro-block-interval = 1500ms min-micro-block-age = 0ms max-transactions-in-micro-block = 500 utx-check-delay = 1000ms } tls { # Supported TLS types: # • EMBEDDED: Certificate is signed by node's provider and packed into JKS Keystore. # The same file is used as a Truststore. # Has to be manually imported into system by user to avoid certificate warnings. # • DISABLED: TLS is fully disabled type = GOST keystore-type = "HDIMAGE" keystore-password = " /FILL/ " truststore-type = "CertStore" truststore-path = " /FILL/ " truststore-password = " /FILL/ " } # P2P Network settings network { # Network address bind-address = "0.0.0.0" # Port number port = 6864 # Enable/disable network TLS tls = true # ENUM: regular or watcher mode = regular # Peers network addresses and ports # Example: known-peers = ["node-1.com:6864", "node-2.com:6864"] known-peers = [/FILL/] # Node name to send during handshake. Comment this string out to set random node name. # Example: node-name = "your-node-name" node-name = " /FILL/ " # How long the information about peer stays in database after the last communication with it peers-data-residence-time = 2h # String with IP address and port to send as external address during handshake. # Example: declared-address = "your-node-address.com:6864" declared-address = "0.0.0.0:6864" # Delay between attempts to connect to a peer attempt-connection-delay = 5s break-idle-connections-timeout = 3m } # Nodes REST API settings api { rest { # Enable/disable REST API enable = yes # Network address to bind to bind-address = "0.0.0.0" # Port to listen to REST API requests port = 6862 # Enable/disable TLS for REST tls = true } grpc { # Enable/disable gRPC API enable = yes # Network address to bind to bind-address = "0.0.0.0" # Port to listen to gRPC API requests port = 6865 # Enable/disable TLS for gRPC tls = true } auth { type = "tls-whitelist" # Public keys are expected in Base64 format admin-public-keys = [ "MGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIDQwAEQLh7lrv/ioWdnUkvX3NybRoeew1PPz1vMaajxzpi1CYoWRl rPC9 RjlVul5PCMyAL2OuO4lgpcqBj1+y2cEjajXw=" ] } } # Docker smart contracts settings docker-engine { # Docker smart contracts enabled flag enable = yes # For starting contracts in a local docker use-node-docker-host = no # default-registry-domain = "registry.yourdomain.com" # Basic auth credentials for docker host #docker-auth { # username = "some user" # password = "some password" #} # Optional connection string to docker host docker-host = "unix:///var/run/docker.sock" # Optional string to node REST API if we use remote docker host # node-rest-api = "node-0" # Execution settings execution-limits { # Contract execution timeout timeout = 10s # Memory limit in Megabytes memory = 512 # Memory swap value in Megabytes (see https://docs.docker.com/config/containers/resource_constraints/) memory-swap = 0 } # Remove container with contract after specified duration passed remove-container-after = 10m # Remote registries auth information remote-registries = [] # Check registry auth on node startup check-registry-auth-on-startup = yes # Contract execution messages cache settings contract-execution-messages-cache { # Time to expire for messages in cache expire-after = 60m #Max number of messages in buffer. When the limit is reached, the node processes all messages in batch max-buffer-size = 10 # Max time for buffer. When time is out, the node processes all messages in batch max-buffer-time = 100ms # The interval after which invalid transactions (with Error status) are removed #from the UTX pool of a non-miner node utx-cleanup-interval = 1m # The minimum number of transaction Error statuses received from other nodes, # after which the transaction is removed from the UTX pool of a non-miner node contract-error-quorum = 2 } } }