You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

206 lines
7.4 KiB

7 years ago
  1. # Running in production
  2. ## Logging
  3. Default logging level (`main:info,state:info,*:`) should suffice for
  4. normal operation mode. Read [this
  5. post](https://blog.cosmos.network/one-of-the-exciting-new-features-in-0-10-0-release-is-smart-log-level-flag-e2506b4ab756)
  6. for details on how to configure `log_level` config variable. Some of the
  7. modules can be found [here](./how-to-read-logs.md#list-of-modules). If
  8. you're trying to debug Tendermint or asked to provide logs with debug
  9. logging level, you can do so by running tendermint with
  10. `--log_level="*:debug"`.
  11. ## DOS Exposure and Mitigation
  12. Validators are supposed to setup [Sentry Node
  13. Architecture](https://blog.cosmos.network/tendermint-explained-bringing-bft-based-pos-to-the-public-blockchain-domain-f22e274a0fdb)
  14. to prevent Denial-of-service attacks. You can read more about it
  15. [here](https://github.com/tendermint/aib-data/blob/develop/medium/TendermintBFT.md).
  16. ### P2P
  17. The core of the Tendermint peer-to-peer system is `MConnection`. Each
  18. connection has `MaxPacketMsgPayloadSize`, which is the maximum packet
  19. size and bounded send & receive queues. One can impose restrictions on
  20. send & receive rate per connection (`SendRate`, `RecvRate`).
  21. ### RPC
  22. Endpoints returning multiple entries are limited by default to return 30
  23. elements (100 max).
  24. Rate-limiting and authentication are another key aspects to help protect
  25. against DOS attacks. While in the future we may implement these
  26. features, for now, validators are supposed to use external tools like
  27. [NGINX](https://www.nginx.com/blog/rate-limiting-nginx/) or
  28. [traefik](https://docs.traefik.io/configuration/commons/#rate-limiting)
  29. to achieve the same things.
  30. ## Debugging Tendermint
  31. If you ever have to debug Tendermint, the first thing you should
  32. probably do is to check out the logs. See ["How to read
  33. logs"](./how-to-read-logs.md), where we explain what certain log
  34. statements mean.
  35. If, after skimming through the logs, things are not clear still, the
  36. second TODO is to query the /status RPC endpoint. It provides the
  37. necessary info: whenever the node is syncing or not, what height it is
  38. on, etc.
  39. $ curl http(s)://{ip}:{rpcPort}/status
  40. `dump_consensus_state` will give you a detailed overview of the
  41. consensus state (proposer, lastest validators, peers states). From it,
  42. you should be able to figure out why, for example, the network had
  43. halted.
  44. $ curl http(s)://{ip}:{rpcPort}/dump_consensus_state
  45. There is a reduced version of this endpoint - `consensus_state`, which
  46. returns just the votes seen at the current height.
  47. - [Github Issues](https://github.com/tendermint/tendermint/issues)
  48. - [StackOverflow
  49. questions](https://stackoverflow.com/questions/tagged/tendermint)
  50. ## Monitoring Tendermint
  51. Each Tendermint instance has a standard `/health` RPC endpoint, which
  52. responds with 200 (OK) if everything is fine and 500 (or no response) -
  53. if something is wrong.
  54. Other useful endpoints include mentioned earlier `/status`, `/net_info` and
  55. `/validators`.
  56. We have a small tool, called `tm-monitor`, which outputs information from
  57. the endpoints above plus some statistics. The tool can be found
  58. [here](https://github.com/tendermint/tools/tree/master/tm-monitor).
  59. ## What happens when my app dies?
  60. You are supposed to run Tendermint under a [process
  61. supervisor](https://en.wikipedia.org/wiki/Process_supervision) (like
  62. systemd or runit). It will ensure Tendermint is always running (despite
  63. possible errors).
  64. Getting back to the original question, if your application dies,
  65. Tendermint will panic. After a process supervisor restarts your
  66. application, Tendermint should be able to reconnect successfully. The
  67. order of restart does not matter for it.
  68. ## Signal handling
  69. We catch SIGINT and SIGTERM and try to clean up nicely. For other
  70. signals we use the default behaviour in Go: [Default behavior of signals
  71. in Go
  72. programs](https://golang.org/pkg/os/signal/#hdr-Default_behavior_of_signals_in_Go_programs).
  73. ## Hardware
  74. ### Processor and Memory
  75. While actual specs vary depending on the load and validators count,
  76. minimal requirements are:
  77. - 1GB RAM
  78. - 25GB of disk space
  79. - 1.4 GHz CPU
  80. SSD disks are preferable for applications with high transaction
  81. throughput.
  82. Recommended:
  83. - 2GB RAM
  84. - 100GB SSD
  85. - x64 2.0 GHz 2v CPU
  86. While for now, Tendermint stores all the history and it may require
  87. significant disk space over time, we are planning to implement state
  88. syncing (See
  89. [this issue](https://github.com/tendermint/tendermint/issues/828)). So,
  90. storing all the past blocks will not be necessary.
  91. ### Operating Systems
  92. Tendermint can be compiled for a wide range of operating systems thanks
  93. to Go language (the list of \$OS/\$ARCH pairs can be found
  94. [here](https://golang.org/doc/install/source#environment)).
  95. While we do not favor any operation system, more secure and stable Linux
  96. server distributions (like Centos) should be preferred over desktop
  97. operation systems (like Mac OS).
  98. ### Miscellaneous
  99. NOTE: if you are going to use Tendermint in a public domain, make sure
  100. you read [hardware recommendations (see "4.
  101. Hardware")](https://cosmos.network/validators) for a validator in the
  102. Cosmos network.
  103. ## Configuration parameters
  104. - `p2p.flush_throttle_timeout` `p2p.max_packet_msg_payload_size`
  105. `p2p.send_rate` `p2p.recv_rate`
  106. If you are going to use Tendermint in a private domain and you have a
  107. private high-speed network among your peers, it makes sense to lower
  108. flush throttle timeout and increase other params.
  109. [p2p]
  110. send_rate=20000000 # 2MB/s
  111. recv_rate=20000000 # 2MB/s
  112. flush_throttle_timeout=10
  113. max_packet_msg_payload_size=10240 # 10KB
  114. - `mempool.recheck`
  115. After every block, Tendermint rechecks every transaction left in the
  116. mempool to see if transactions committed in that block affected the
  117. application state, so some of the transactions left may become invalid.
  118. If that does not apply to your application, you can disable it by
  119. setting `mempool.recheck=false`.
  120. - `mempool.broadcast`
  121. Setting this to false will stop the mempool from relaying transactions
  122. to other peers until they are included in a block. It means only the
  123. peer you send the tx to will see it until it is included in a block.
  124. - `consensus.skip_timeout_commit`
  125. We want `skip_timeout_commit=false` when there is economics on the line
  126. because proposers should wait to hear for more votes. But if you don't
  127. care about that and want the fastest consensus, you can skip it. It will
  128. be kept false by default for public deployments (e.g. [Cosmos
  129. Hub](https://cosmos.network/intro/hub)) while for enterprise
  130. applications, setting it to true is not a problem.
  131. - `consensus.peer_gossip_sleep_duration`
  132. You can try to reduce the time your node sleeps before checking if
  133. theres something to send its peers.
  134. - `consensus.timeout_commit`
  135. You can also try lowering `timeout_commit` (time we sleep before
  136. proposing the next block).
  137. - `consensus.max_block_size_txs`
  138. By default, the maximum number of transactions per a block is 10_000.
  139. Feel free to change it to suit your needs.
  140. - `p2p.addr_book_strict`
  141. By default, Tendermint checks whenever a peer's address is routable before
  142. saving it to the address book. The address is considered as routable if the IP
  143. is [valid and within allowed
  144. ranges](https://github.com/tendermint/tendermint/blob/27bd1deabe4ba6a2d9b463b8f3e3f1e31b993e61/p2p/netaddress.go#L209).
  145. This may not be the case for private networks, where your IP range is usually
  146. strictly limited and private. If that case, you need to set `addr_book_strict`
  147. to `false` (turn off).