You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

515 lines
20 KiB

  1. # Upgrading Tendermint Core
  2. This guide provides steps to be followed when you upgrade your applications to
  3. a newer version of Tendermint Core.
  4. ## v0.34.0
  5. This release is not compatible with previous blockchains due to switching from
  6. amino to proto3 encoding and breaking changes to the header.
  7. ### Blockchain Protocol
  8. - `Header#LastResultsHash`, which previously was the root hash of a Merkle tree
  9. built from `ResponseDeliverTx(Code, Data)` responses, became the root hash of
  10. a Merkle tree built from:
  11. - `BeginBlock#Events`;
  12. - root hash of a Merkle tree built from `ResponseDeliverTx(Code, Data, GasWanted, GasUsed, Events)` responses;
  13. - `BeginBlock#Events`.
  14. ### Events
  15. - `KV.Pair` has been replaced with `abci.EventAttribute`. This allows
  16. applications to indicate if a msg should be indexed at runtime. Previously
  17. this was only possible if the node operator decided to index specific or all
  18. messages on startup of the node, now the application can indicate which msgs
  19. should be indexed.
  20. ### Crypto
  21. - `Multsig` & `PubKeyMultisigThreshold` have been moved to the
  22. [Cosmos-SDK](https://github.com/cosmos/cosmos-sdk).
  23. (https://github.com/cosmos/cosmos-sdk/blob/master/crypto/types/multisig/multisignature.go)
  24. ## v0.33.4
  25. ### Go API
  26. - `rpc/client` HTTP and local clients have been moved into `http` and `local` subpackages, and their constructors have been renamed to `New()`.
  27. ### Protobuf Changes
  28. When upgrading to version 0.33.4 you will have to fetch the `third_party` directory along with the updated proto files.
  29. ## v0.33.0
  30. This release is not compatible with previous blockchains due to commit becoming signatures only and fields in the header have been removed.
  31. ### Config Changes
  32. You will need to generate a new config if you have used a prior version of tendermint.
  33. - Tags have been entirely renamed throughout the codebase to events and there keys are called [compositeKeys](https://github.com/tendermint/tendermint/blob/6d05c531f7efef6f0619155cf10ae8557dd7832f/docs/app-dev/indexing-transactions.md).
  34. - Evidence Params has been changed to include duration.
  35. - `consensus_params.evidence.max_age_duration`.
  36. - Renamed `consensus_params.evidence.max_age` to `max_age_num_blocks`.
  37. ### Go API
  38. - `libs/common` has been removed in favor of specific pkgs.
  39. - `async`
  40. - `service`
  41. - `rand`
  42. - `net`
  43. - `strings`
  44. - `cmap`
  45. - removal of `errors` pkg
  46. ### RPC Changes
  47. - `/validators` is now paginated (default: 30 vals per page)
  48. - `/block_results` response format updated [see RPC docs for details](https://docs.tendermint.com/master/rpc/#/Info/block_results)
  49. - Event suffix has been removed from the ID in event responses
  50. - IDs are now integers not `json-client-XYZ`
  51. ## v0.32.0
  52. This release is compatible with previous blockchains,
  53. however the new ABCI Events mechanism may create some complexity
  54. for nodes wishing to continue operation with v0.32 from a previous version.
  55. There are some minor breaking changes to the RPC.
  56. ### Config Changes
  57. If you have `db_backend` set to `leveldb` in your config file, please change it
  58. to `goleveldb` or `cleveldb`.
  59. ### RPC Changes
  60. The default listen address for the RPC is now `127.0.0.1`. If you want to expose
  61. it publicly, you have to explicitly configure it. Note exposing the RPC to the
  62. public internet may not be safe - endpoints which return a lot of data may
  63. enable resource exhaustion attacks on your node, causing the process to crash.
  64. Any consumers of `/block_results` need to be mindful of the change in all field
  65. names from CamelCase to Snake case, eg. `results.DeliverTx` is now `results.deliver_tx`.
  66. This is a fix, but it's breaking.
  67. ### ABCI Changes
  68. ABCI responses which previously had a `Tags` field now have an `Events` field
  69. instead. The original `Tags` field was simply a list of key-value pairs, where
  70. each key effectively represented some attribute of an event occuring in the
  71. blockchain, like `sender`, `receiver`, or `amount`. However, it was difficult to
  72. represent the occurence of multiple events (for instance, multiple transfers) in a single list.
  73. The new `Events` field contains a list of `Event`, where each `Event` is itself a list
  74. of key-value pairs, allowing for more natural expression of multiple events in
  75. eg. a single DeliverTx or EndBlock. Note each `Event` also includes a `Type`, which is meant to categorize the
  76. event.
  77. For transaction indexing, the index key is
  78. prefixed with the event type: `{eventType}.{attributeKey}`.
  79. If the same event type and attribute key appear multiple times, the values are
  80. appended in a list.
  81. To make queries, include the event type as a prefix. For instance if you
  82. previously queried for `recipient = 'XYZ'`, and after the upgrade you name your event `transfer`,
  83. the new query would be for `transfer.recipient = 'XYZ'`.
  84. Note that transactions indexed on a node before upgrading to v0.32 will still be indexed
  85. using the old scheme. For instance, if a node upgraded at height 100,
  86. transactions before 100 would be queried with `recipient = 'XYZ'` and
  87. transactions after 100 would be queried with `transfer.recipient = 'XYZ'`.
  88. While this presents additional complexity to clients, it avoids the need to
  89. reindex. Of course, you can reset the node and sync from scratch to re-index
  90. entirely using the new scheme.
  91. We illustrate further with a more complete example.
  92. Prior to the update, suppose your `ResponseDeliverTx` look like:
  93. ```go
  94. abci.ResponseDeliverTx{
  95. Tags: []kv.Pair{
  96. {Key: []byte("sender"), Value: []byte("foo")},
  97. {Key: []byte("recipient"), Value: []byte("bar")},
  98. {Key: []byte("amount"), Value: []byte("35")},
  99. }
  100. }
  101. ```
  102. The following queries would match this transaction:
  103. ```go
  104. query.MustParse("tm.event = 'Tx' AND sender = 'foo'")
  105. query.MustParse("tm.event = 'Tx' AND recipient = 'bar'")
  106. query.MustParse("tm.event = 'Tx' AND sender = 'foo' AND recipient = 'bar'")
  107. ```
  108. Following the upgrade, your `ResponseDeliverTx` would look something like:
  109. the following `Events`:
  110. ```go
  111. abci.ResponseDeliverTx{
  112. Events: []abci.Event{
  113. {
  114. Type: "transfer",
  115. Attributes: kv.Pairs{
  116. {Key: []byte("sender"), Value: []byte("foo")},
  117. {Key: []byte("recipient"), Value: []byte("bar")},
  118. {Key: []byte("amount"), Value: []byte("35")},
  119. },
  120. }
  121. }
  122. ```
  123. Now the following queries would match this transaction:
  124. ```go
  125. query.MustParse("tm.event = 'Tx' AND transfer.sender = 'foo'")
  126. query.MustParse("tm.event = 'Tx' AND transfer.recipient = 'bar'")
  127. query.MustParse("tm.event = 'Tx' AND transfer.sender = 'foo' AND transfer.recipient = 'bar'")
  128. ```
  129. For further documentation on `Events`, see the [docs](https://github.com/tendermint/tendermint/blob/60827f75623b92eff132dc0eff5b49d2025c591e/docs/spec/abci/abci.md#events).
  130. ### Go Applications
  131. The ABCI Application interface changed slightly so the CheckTx and DeliverTx
  132. methods now take Request structs. The contents of these structs are just the raw
  133. tx bytes, which were previously passed in as the argument.
  134. ## v0.31.6
  135. There are no breaking changes in this release except Go API of p2p and
  136. mempool packages. Hovewer, if you're using cleveldb, you'll need to change
  137. the compilation tag:
  138. Use `cleveldb` tag instead of `gcc` to compile Tendermint with CLevelDB or
  139. use `make build_c` / `make install_c` (full instructions can be found at
  140. https://tendermint.com/docs/introduction/install.html#compile-with-cleveldb-support)
  141. ## v0.31.0
  142. This release contains a breaking change to the behaviour of the pubsub system.
  143. It also contains some minor breaking changes in the Go API and ABCI.
  144. There are no changes to the block or p2p protocols, so v0.31.0 should work fine
  145. with blockchains created from the v0.30 series.
  146. ### RPC
  147. The pubsub no longer blocks on publishing. This may cause some WebSocket (WS) clients to stop working as expected.
  148. If your WS client is not consuming events fast enough, Tendermint can terminate the subscription.
  149. In this case, the WS client will receive an error with description:
  150. ```json
  151. {
  152. "jsonrpc": "2.0",
  153. "id": "{ID}#event",
  154. "error": {
  155. "code": -32000,
  156. "msg": "Server error",
  157. "data": "subscription was cancelled (reason: client is not pulling messages fast enough)" // or "subscription was cancelled (reason: Tendermint exited)"
  158. }
  159. }
  160. Additionally, there are now limits on the number of subscribers and
  161. subscriptions that can be active at once. See the new
  162. `rpc.max_subscription_clients` and `rpc.max_subscriptions_per_client` values to
  163. configure this.
  164. ```
  165. ### Applications
  166. Simple rename of `ConsensusParams.BlockSize` to `ConsensusParams.Block`.
  167. The `ConsensusParams.Block.TimeIotaMS` field was also removed. It's configured
  168. in the ConsensusParsm in genesis.
  169. ### Go API
  170. See the [CHANGELOG](CHANGELOG.md). These are relatively straight forward.
  171. ## v0.30.0
  172. This release contains a breaking change to both the block and p2p protocols,
  173. however it may be compatible with blockchains created with v0.29.0 depending on
  174. the chain history. If your blockchain has not included any pieces of evidence,
  175. or no piece of evidence has been included in more than one block,
  176. and if your application has never returned multiple updates
  177. for the same validator in a single block, then v0.30.0 will work fine with
  178. blockchains created with v0.29.0.
  179. The p2p protocol change is to fix the proposer selection algorithm again.
  180. Note that proposer selection is purely a p2p concern right
  181. now since the algorithm is only relevant during real time consensus.
  182. This change is thus compatible with v0.29.0, but
  183. all nodes must be upgraded to avoid disagreements on the proposer.
  184. ### Applications
  185. Applications must ensure they do not return duplicates in
  186. `ResponseEndBlock.ValidatorUpdates`. A pubkey must only appear once per set of
  187. updates. Duplicates will cause irrecoverable failure. If you have a very good
  188. reason why we shouldn't do this, please open an issue.
  189. ## v0.29.0
  190. This release contains some breaking changes to the block and p2p protocols,
  191. and will not be compatible with any previous versions of the software, primarily
  192. due to changes in how various data structures are hashed.
  193. Any implementations of Tendermint blockchain verification, including lite clients,
  194. will need to be updated. For specific details:
  195. - [Merkle tree](https://github.com/tendermint/spec/blob/master/spec/blockchain/encoding.md#merkle-trees)
  196. - [ConsensusParams](https://github.com/tendermint/spec/blob/master/spec/blockchain/state.md#consensusparams)
  197. There was also a small change to field ordering in the vote struct. Any
  198. implementations of an out-of-process validator (like a Key-Management Server)
  199. will need to be updated. For specific details:
  200. - [Vote](https://github.com/tendermint/spec/blob/master/spec/consensus/signing.md#votes)
  201. Finally, the proposer selection algorithm continues to evolve. See the
  202. [work-in-progress
  203. specification](https://github.com/tendermint/tendermint/pull/3140).
  204. For everything else, please see the [CHANGELOG](./CHANGELOG.md#v0.29.0).
  205. ## v0.28.0
  206. This release breaks the format for the `priv_validator.json` file
  207. and the protocol used for the external validator process.
  208. It is compatible with v0.27.0 blockchains (neither the BlockProtocol nor the
  209. P2PProtocol have changed).
  210. Please read carefully for details about upgrading.
  211. **Note:** Backup your `config/priv_validator.json`
  212. before proceeding.
  213. ### `priv_validator.json`
  214. The `config/priv_validator.json` is now two files:
  215. `config/priv_validator_key.json` and `data/priv_validator_state.json`.
  216. The former contains the key material, the later contains the details on the last
  217. message signed.
  218. When running v0.28.0 for the first time, it will back up any pre-existing
  219. `priv_validator.json` file and proceed to split it into the two new files.
  220. Upgrading should happen automatically without problem.
  221. To upgrade manually, use the provided `privValUpgrade.go` script, with exact paths for the old
  222. `priv_validator.json` and the locations for the two new files. It's recomended
  223. to use the default paths, of `config/priv_validator_key.json` and
  224. `data/priv_validator_state.json`, respectively:
  225. ```
  226. go run scripts/privValUpgrade.go <old-path> <new-key-path> <new-state-path>
  227. ```
  228. ### External validator signers
  229. The Unix and TCP implementations of the remote signing validator
  230. have been consolidated into a single implementation.
  231. Thus in both cases, the external process is expected to dial
  232. Tendermint. This is different from how Unix sockets used to work, where
  233. Tendermint dialed the external process.
  234. The `PubKeyMsg` was also split into separate `Request` and `Response` types
  235. for consistency with other messages.
  236. Note that the TCP sockets don't yet use a persistent key,
  237. so while they're encrypted, they can't yet be properly authenticated.
  238. See [#3105](https://github.com/tendermint/tendermint/issues/3105).
  239. Note the Unix socket has neither encryption nor authentication, but will
  240. add a shared-secret in [#3099](https://github.com/tendermint/tendermint/issues/3099).
  241. ## v0.27.0
  242. This release contains some breaking changes to the block and p2p protocols,
  243. but does not change any core data structures, so it should be compatible with
  244. existing blockchains from the v0.26 series that only used Ed25519 validator keys.
  245. Blockchains using Secp256k1 for validators will not be compatible. This is due
  246. to the fact that we now enforce which key types validators can use as a
  247. consensus param. The default is Ed25519, and Secp256k1 must be activated
  248. explicitly.
  249. It is recommended to upgrade all nodes at once to avoid incompatibilities at the
  250. peer layer - namely, the heartbeat consensus message has been removed (only
  251. relevant if `create_empty_blocks=false` or `create_empty_blocks_interval > 0`),
  252. and the proposer selection algorithm has changed. Since proposer information is
  253. never included in the blockchain, this change only affects the peer layer.
  254. ### Go API Changes
  255. #### libs/db
  256. The ReverseIterator API has changed the meaning of `start` and `end`.
  257. Before, iteration was from `start` to `end`, where
  258. `start > end`. Now, iteration is from `end` to `start`, where `start < end`.
  259. The iterator also excludes `end`. This change allows a simplified and more
  260. intuitive logic, aligning the semantic meaning of `start` and `end` in the
  261. `Iterator` and `ReverseIterator`.
  262. ### Applications
  263. This release enforces a new consensus parameter, the
  264. ValidatorParams.PubKeyTypes. Applications must ensure that they only return
  265. validator updates with the allowed PubKeyTypes. If a validator update includes a
  266. pubkey type that is not included in the ConsensusParams.Validator.PubKeyTypes,
  267. block execution will fail and the consensus will halt.
  268. By default, only Ed25519 pubkeys may be used for validators. Enabling
  269. Secp256k1 requires explicit modification of the ConsensusParams.
  270. Please update your application accordingly (ie. restrict validators to only be
  271. able to use Ed25519 keys, or explicitly add additional key types to the genesis
  272. file).
  273. ## v0.26.0
  274. This release contains a lot of changes to core data types and protocols. It is not
  275. compatible to the old versions and there is no straight forward way to update
  276. old data to be compatible with the new version.
  277. To reset the state do:
  278. ```
  279. $ tendermint unsafe_reset_all
  280. ```
  281. Here we summarize some other notable changes to be mindful of.
  282. ### Config Changes
  283. All timeouts must be changed from integers to strings with their duration, for
  284. instance `flush_throttle_timeout = 100` would be changed to
  285. `flush_throttle_timeout = "100ms"` and `timeout_propose = 3000` would be changed
  286. to `timeout_propose = "3s"`.
  287. ### RPC Changes
  288. The default behaviour of `/abci_query` has been changed to not return a proof,
  289. and the name of the parameter that controls this has been changed from `trusted`
  290. to `prove`. To get proofs with your queries, ensure you set `prove=true`.
  291. Various version fields like `amino_version`, `p2p_version`, `consensus_version`,
  292. and `rpc_version` have been removed from the `node_info.other` and are
  293. consolidated under the tendermint semantic version (ie. `node_info.version`) and
  294. the new `block` and `p2p` protocol versions under `node_info.protocol_version`.
  295. ### ABCI Changes
  296. Field numbers were bumped in the `Header` and `ResponseInfo` messages to make
  297. room for new `version` fields. It should be straight forward to recompile the
  298. protobuf file for these changes.
  299. #### Proofs
  300. The `ResponseQuery.Proof` field is now structured as a `[]ProofOp` to support
  301. generalized Merkle tree constructions where the leaves of one Merkle tree are
  302. the root of another. If you don't need this functionality, and you used to
  303. return `<proof bytes>` here, you should instead return a single `ProofOp` with
  304. just the `Data` field set:
  305. ```
  306. []ProofOp{
  307. ProofOp{
  308. Data: <proof bytes>,
  309. }
  310. }
  311. ```
  312. For more information, see:
  313. - [ADR-026](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/docs/architecture/adr-026-general-merkle-proof.md)
  314. - [Relevant ABCI
  315. documentation](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/docs/spec/abci/apps.md#query-proofs)
  316. - [Description of
  317. keys](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/crypto/merkle/proof_key_path.go#L14)
  318. ### Go API Changes
  319. #### crypto/merkle
  320. The `merkle.Hasher` interface was removed. Functions which used to take `Hasher`
  321. now simply take `[]byte`. This means that any objects being Merklized should be
  322. serialized before they are passed in.
  323. #### node
  324. The `node.RunForever` function was removed. Signal handling and running forever
  325. should instead be explicitly configured by the caller. See how we do it
  326. [here](https://github.com/tendermint/tendermint/blob/30519e8361c19f4bf320ef4d26288ebc621ad725/cmd/tendermint/commands/run_node.go#L60).
  327. ### Other
  328. All hashes, except for public key addresses, are now 32-bytes.
  329. ## v0.25.0
  330. This release has minimal impact.
  331. If you use GasWanted in ABCI and want to enforce it, set the MaxGas in the genesis file (default is no max).
  332. ## v0.24.0
  333. New 0.24.0 release contains a lot of changes to the state and types. It's not
  334. compatible to the old versions and there is no straight forward way to update
  335. old data to be compatible with the new version.
  336. To reset the state do:
  337. ```
  338. $ tendermint unsafe_reset_all
  339. ```
  340. Here we summarize some other notable changes to be mindful of.
  341. ### Config changes
  342. `p2p.max_num_peers` was removed in favor of `p2p.max_num_inbound_peers` and
  343. `p2p.max_num_outbound_peers`.
  344. ```
  345. # Maximum number of inbound peers
  346. max_num_inbound_peers = 40
  347. # Maximum number of outbound peers to connect to, excluding persistent peers
  348. max_num_outbound_peers = 10
  349. ```
  350. As you can see, the default ratio of inbound/outbound peers is 4/1. The reason
  351. is we want it to be easier for new nodes to connect to the network. You can
  352. tweak these parameters to alter the network topology.
  353. ### RPC Changes
  354. The result of `/commit` used to contain `header` and `commit` fields at the top level. These are now contained under the `signed_header` field.
  355. ### ABCI Changes
  356. The header has been upgraded and contains new fields, but none of the existing
  357. fields were changed, except their order.
  358. The `Validator` type was split into two, one containing an `Address` and one
  359. containing a `PubKey`. When processing `RequestBeginBlock`, use the `Validator`
  360. type, which contains just the `Address`. When returning `ResponseEndBlock`, use
  361. the `ValidatorUpdate` type, which contains just the `PubKey`.
  362. ### Validator Set Updates
  363. Validator set updates returned in ResponseEndBlock for height `H` used to take
  364. effect immediately at height `H+1`. Now they will be delayed one block, to take
  365. effect at height `H+2`. Note this means that the change will be seen by the ABCI
  366. app in the `RequestBeginBlock.LastCommitInfo` at block `H+3`. Apps were already
  367. required to maintain a map from validator addresses to pubkeys since v0.23 (when
  368. pubkeys were removed from RequestBeginBlock), but now they may need to track
  369. multiple validator sets at once to accomodate this delay.
  370. ### Block Size
  371. The `ConsensusParams.BlockSize.MaxTxs` was removed in favour of
  372. `ConsensusParams.BlockSize.MaxBytes`, which is now enforced. This means blocks
  373. are limitted only by byte-size, not by number of transactions.