zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8189 Commits
183 Branches
291 MiB
Tree: 42e4e8b58e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '42e4e8b58e'
${ noResults }
tendermint/docs/tendermint-core/validators.md

108 lines
8.4 KiB
Raw Normal View History

Deprecate/refactor content in docs/specification (#1934) * docs: deprecate specification dir, closes #1814 * update genesis * old spec dir, deprecation complete * rm a file
6 years ago
docs: organize the specification
7 years ago
lint markdown docs using a stop-words and write-good linters (#2195) * lint docs with write-good, stop-words * remove package-lock.json * update changelog * fix wrong paragraph formatting * fix some docs formatting * fix docs format * fix abci spec format
6 years ago
correct an error in validator's specification [ci skip] (Refs #756)
7 years ago
docs: organize the specification
7 years ago
Deprecate/refactor content in docs/specification (#1934) * docs: deprecate specification dir, closes #1814 * update genesis * old spec dir, deprecation complete * rm a file
6 years ago
docs: organize the specification
7 years ago
docs: validator setup & Key info (#4604) - defined what variables needed to be changed in the `config.toml` in order to run a validator. - Briefly explained how a sentry node archtecture should look - add section explaing importance of key secruity Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
4 years ago
lint: add markdown linter (#5254)
4 years ago
docs: validator setup & Key info (#4604) - defined what variables needed to be changed in the `config.toml` in order to run a validator. - Briefly explained how a sentry node archtecture should look - add section explaing importance of key secruity Signed-off-by: Marko Baricevic <marbar3778@yahoo.com>
4 years ago
docs: organize the specification
7 years ago
Deprecate/refactor content in docs/specification (#1934) * docs: deprecate specification dir, closes #1814 * update genesis * old spec dir, deprecation complete * rm a file
6 years ago
docs: organize the specification
7 years ago
lint: add markdown linter (#5254)
4 years ago
docs: organize the specification
7 years ago
Deprecate/refactor content in docs/specification (#1934) * docs: deprecate specification dir, closes #1814 * update genesis * old spec dir, deprecation complete * rm a file
6 years ago
docs: minor doc fixes (#4335) * docs: minor doc fixes - minor doc fixes that i ran into while reading things - test if we have github actions Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * no github actions yet * add with * revert and change wording
4 years ago
Deprecate/refactor content in docs/specification (#1934) * docs: deprecate specification dir, closes #1814 * update genesis * old spec dir, deprecation complete * rm a file
6 years ago
docs: minor doc fixes (#4335) * docs: minor doc fixes - minor doc fixes that i ran into while reading things - test if we have github actions Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * no github actions yet * add with * revert and change wording
4 years ago
Deprecate/refactor content in docs/specification (#1934) * docs: deprecate specification dir, closes #1814 * update genesis * old spec dir, deprecation complete * rm a file
6 years ago
docs: minor doc fixes (#4335) * docs: minor doc fixes - minor doc fixes that i ran into while reading things - test if we have github actions Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * no github actions yet * add with * revert and change wording
4 years ago
 
  1. # Validators

  2. 

  3. Validators are responsible for committing new blocks in the blockchain.
  4. These validators participate in the consensus protocol by broadcasting
  5. _votes_ which contain cryptographic signatures signed by each
  6. validator's private key.
  7. 

  8. Some Proof-of-Stake consensus algorithms aim to create a "completely"
  9. decentralized system where all stakeholders (even those who are not
  10. always available online) participate in the committing of blocks.
  11. Tendermint has a different approach to block creation. Validators are
  12. expected to be online, and the set of validators is permissioned/curated
  13. by some external process. Proof-of-stake is not required, but can be
  14. implemented on top of Tendermint consensus. That is, validators may be
  15. required to post collateral on-chain, off-chain, or may not be required
  16. to post any collateral at all.
  17. 

  18. Validators have a cryptographic key-pair and an associated amount of
  19. "voting power". Voting power need not be the same.
  20. 

  21. ## Becoming a Validator

  22. 

  23. There are two ways to become validator.
  24. 

  25. 1. They can be pre-established in the [genesis state](./using-tendermint.md#genesis)
  26. 2. The ABCI app responds to the EndBlock message with changes to the
  27.    existing validator set.
  28. 

  29. ## Setting up a Validator

  30. 

  31. When setting up a validator there are countless ways to configure your setup. This guide is aimed at showing one of them, the sentry node design. This design is mainly for DDOS prevention.
  32. 

  33. ### Network Layout

  34. 

  35. ![ALT Network Layout](./sentry_layout.png)
  36. 

  37. The diagram is based on AWS, other cloud providers will have similar solutions to design a solution. Running nodes is not limited to cloud providers, you can run nodes on bare metal systems as well. The architecture will be the same no matter which setup you decide to go with.
  38. 

  39. The proposed network diagram is similar to the classical backend/frontend separation of services in a corporate environment. The “backend” in this case is the private network of the validator in the data center. The data center network might involve multiple subnets, firewalls and redundancy devices, which is not detailed on this diagram. The important point is that the data center allows direct connectivity to the chosen cloud environment. Amazon AWS has “Direct Connect”, while Google Cloud has “Partner Interconnect”. This is a dedicated connection to the cloud provider (usually directly to your virtual private cloud instance in one of the regions).
  40. 

  41. All sentry nodes (the “frontend”) connect to the validator using this private connection. The validator does not have a public IP address to provide its services.
  42. 

  43. Amazon has multiple availability zones within a region. One can install sentry nodes in other regions too. In this case the second, third and further regions need to have a private connection to the validator node. This can be achieved by VPC Peering (“VPC Network Peering” in Google Cloud). In this case, the second, third and further region sentry nodes will be directed to the first region and through the direct connect to the data center, arriving to the validator.
  44. 

  45. A more persistent solution (not detailed on the diagram) is to have multiple direct connections to different regions from the data center. This way VPC Peering is not mandatory, although still beneficial for the sentry nodes. This overcomes the risk of depending on one region. It is more costly.
  46. 

  47. ### Local Configuration

  48. 

  49. ![ALT Local Configuration](./local_config.png)
  50. 

  51. The validator will only talk to the sentry that are provided, the sentry nodes will communicate to the validator via a secret connection and the rest of the network through a normal connection. The sentry nodes do have the option of communicating with each other as well.
  52. 

  53. When initializing nodes there are five parameters in the `config.toml` that may need to be altered.
  54. 

  55. - `pex:` boolean. This turns the peer exchange reactor on or off for a node. When `pex=false`, only the `persistent_peers` list is available for connection.
  56. - `persistent_peers:` a comma separated list of `nodeID@ip:port` values that define a list of peers that are expected to be online at all times. This is necessary at first startup because by setting `pex=false` the node will not be able to join the network.
  57. - `unconditional_peer_ids:` comma separated list of nodeID's. These nodes will be connected to no matter the limits of inbound and outbound peers. This is useful for when sentry nodes have full address books.
  58. - `private_peer_ids:` comma separated list of nodeID's. These nodes will not be gossiped to the network. This is an important field as you do not want your validator IP gossiped to the network.
  59. - `addr_book_strict:` boolean. By default nodes with a routable address will be considered for connection. If this setting is turned off (false), non-routable IP addresses, like addresses in a private network can be added to the address book.
  60. 

  61. #### Validator Node Configuration

  62. 

  63. | Config Option          | Setting                    |
  64. | ---------------------- | -------------------------- |
  65. | pex                    | false                      |
  66. | persistent_peers       | list of sentry nodes       |
  67. | private_peer_ids       | none                       |
  68. | unconditional_peer_ids | optionally sentry node IDs |
  69. | addr_book_strict       | false                      |
  70. 

  71. The validator node should have `pex=false` so it does not gossip to the entire network. The persistent peers will be your sentry nodes. Private peers can be left empty as the validator is not trying to hide who it is communicating with. Setting unconditional peers is optional for a validator because they will not have a full address books.
  72. 

  73. #### Sentry Node Configuration

  74. 

  75. | Config Option          | Setting                                       |
  76. | ---------------------- | --------------------------------------------- |
  77. | pex                    | true                                          |
  78. | persistent_peers       | validator node, optionally other sentry nodes |
  79. | private_peer_ids       | validator node ID                             |
  80. | unconditional_peer_ids | validator node ID, optionally sentry node IDs |
  81. | addr_book_strict       | false                                         |
  82. 

  83. The sentry nodes should be able to talk to the entire network hence why `pex=true`. The persistent peers of a sentry node will be the validator, and optionally other sentry nodes. The sentry nodes should make sure that they do not gossip the validator's ip, to do this you must put the validators nodeID as a private peer. The unconditional peer IDs will be the validator ID and optionally other sentry nodes.
  84. 

  85. > Note: Do not forget to secure your node's firewalls when setting them up.

  86. 

  87. More Information can be found at these links:
  88. 

  89. - <https://kb.certus.one/>
  90. - <https://forum.cosmos.network/t/sentry-node-architecture-overview/454>
  91. 

  92. ### Validator keys

  93. 

  94. Protecting a validator's consensus key is the most important factor to take in when designing your setup. The key that a validator is given upon creation of the node is called a consensus key, it has to be online at all times in order to vote on blocks. It is **not recommended** to merely hold your private key in the default json file (`priv_validator_key.json`). Fortunately, the [Interchain Foundation](https://interchain.io/) has worked with a team to build a key management server for validators. You can find documentation on how to use it [here](https://github.com/iqlusioninc/tmkms), it is used extensively in production. You are not limited to using this tool, there are also [HSMs](https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/), there is not a recommended HSM.
  95. 

  96. Currently Tendermint uses [Ed25519](https://ed25519.cr.yp.to/) keys which are widely supported across the security sector and HSMs.
  97. 

  98. ## Committing a Block

  99. 

  100. > **+2/3 is short for "more than 2/3"**

  101. 

  102. A block is committed when +2/3 of the validator set sign [precommit
  103. votes](https://github.com/tendermint/spec/blob/953523c3cb99fdb8c8f7a2d21e3a99094279e9de/spec/blockchain/blockchain.md#vote) for that block at the same `round`.
  104. The +2/3 set of precommit votes is called a
  105. [_commit_](https://github.com/tendermint/spec/blob/953523c3cb99fdb8c8f7a2d21e3a99094279e9de/spec/blockchain/blockchain.md#commit). While any +2/3 set of
  106. precommits for the same block at the same height&round can serve as
  107. validation, the canonical commit is included in the next block (see
  108. [LastCommit](https://github.com/tendermint/spec/blob/953523c3cb99fdb8c8f7a2d21e3a99094279e9de/spec/blockchain/blockchain.md#lastcommit)).