zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3938 Commits
183 Branches
291 MiB
Tree: c84be3b8dd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c84be3b8dd'
${ noResults }
tendermint/docs/running-in-production.rst

203 lines
7.1 KiB
Raw Normal View History

document logging Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
document logging Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
document logging Refs #1494
6 years ago
document DOS exposure and mitigation Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
document DOS exposure and mitigation Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
document DOS exposure and mitigation Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
fixes after @zramsay's review
6 years ago
document DOS exposure and mitigation Refs #1494
6 years ago
[docs] debugging/monitoring sections, restart handling Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
[docs] debugging/monitoring sections, restart handling Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
[docs] debugging/monitoring sections, restart handling Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
[docs] debugging/monitoring sections, restart handling Refs #1494
6 years ago
fixes after @zramsay's review
6 years ago
[docs] debugging/monitoring sections, restart handling Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
[docs] debugging/monitoring sections, restart handling Refs #1494
6 years ago
[docs] signal handling Refs #1494
6 years ago
hardware specs and configuration params Refs #1494
6 years ago
fixes after @zramsay's review
6 years ago
hardware specs and configuration params Refs #1494
6 years ago
note about state syncing
6 years ago
hardware specs and configuration params Refs #1494
6 years ago
more config variables Refs #1494
6 years ago
hardware specs and configuration params Refs #1494
6 years ago
fixes after @zramsay's review
6 years ago
more config variables Refs #1494
6 years ago
fixes after @zramsay's review
6 years ago
more config variables Refs #1494
6 years ago
 
  1. Running in production

  2. =====================

  3. 

  4. Logging

  5. -------

  6. 

  7. Default logging level (``main:info,state:info,*:``) should suffice for normal

  8. operation mode. Read `this post

  9. <https://blog.cosmos.network/one-of-the-exciting-new-features-in-0-10-0-release-is-smart-log-level-flag-e2506b4ab756>`__

  10. for details on how to configure ``log_level`` config variable. Some of the

  11. modules can be found `here <./how-to-read-logs.html#list-of-modules>`__. If

  12. you're trying to debug Tendermint or asked to provide logs with debug logging

  13. level, you can do so by running tendermint with ``--log_level="*:debug"``.

  14. 

  15. DOS Exposure and Mitigation

  16. ---------------------------

  17. 

  18. Validators are supposed to setup `Sentry Node Architecture

  19. <https://blog.cosmos.network/tendermint-explained-bringing-bft-based-pos-to-the-public-blockchain-domain-f22e274a0fdb>`__

  20. to prevent Denial-of-service attacks. You can read more about it `here

  21. <https://github.com/tendermint/aib-data/blob/develop/medium/TendermintBFT.md>`__.

  22. 

  23. P2P

  24. ~~~

  25. 

  26. The core of the Tendermint peer-to-peer system is ``MConnection``. Each

  27. connection has ``MaxPacketMsgPayloadSize``, which is the maximum packet size

  28. and bounded send & receive queues. One can impose restrictions on send &

  29. receive rate per connection (``SendRate``, ``RecvRate``).

  30. 

  31. RPC

  32. ~~~

  33. 

  34. Endpoints returning multiple entries are limited by default to return 30

  35. elements (100 max).

  36. 

  37. Rate-limiting and authentication are another key aspects to help protect

  38. against DOS attacks. While in the future we may implement these features, for

  39. now, validators are supposed to use external tools like `NGINX

  40. <https://www.nginx.com/blog/rate-limiting-nginx/>`__ or `traefik

  41. <https://docs.traefik.io/configuration/commons/#rate-limiting>`__ to achieve

  42. the same things.

  43. 

  44. Debugging Tendermint

  45. --------------------

  46. 

  47. If you ever have to debug Tendermint, the first thing you should probably do is

  48. to check out the logs. See `"How to read logs" <./how-to-read-logs.html>`__,

  49. where we explain what certain log statements mean.

  50. 

  51. If, after skimming through the logs, things are not clear still, the second

  52. TODO is to query the `/status` RPC endpoint. It provides the necessary info:

  53. whenever the node is syncing or not, what height it is on, etc.

  54. 

  55. ```

  56. $ curl http(s)://{ip}:{rpcPort}/status

  57. ```

  58. 

  59. `/dump_consensus_state` will give you a detailed overview of the consensus

  60. state (proposer, lastest validators, peers states). From it, you should be able

  61. to figure out why, for example, the network had halted.

  62. 

  63. ```

  64. $ curl http(s)://{ip}:{rpcPort}/dump_consensus_state

  65. ```

  66. 

  67. There is a reduced version of this endpoint - `/consensus_state`, which

  68. returns just the votes seen at the current height.

  69. 

  70. - `Github Issues <https://github.com/tendermint/tendermint/issues>`__

  71. - `StackOverflow questions <https://stackoverflow.com/questions/tagged/tendermint>`__

  72. 

  73. Monitoring Tendermint

  74. ---------------------

  75. 

  76. Each Tendermint instance has a standard `/health` RPC endpoint, which responds

  77. with 200 (OK) if everything is fine and 500 (or no response) - if something is

  78. wrong.

  79. 

  80. Other useful endpoints include mentioned earlier `/status`, `/net_info` and

  81. `/validators`.

  82. 

  83. We have a small tool, called tm-monitor, which outputs information from the

  84. endpoints above plus some statistics. The tool can be found `here

  85. <https://github.com/tendermint/tools/tree/master/tm-monitor>`__.

  86. 

  87. What happens when my app dies?

  88. ------------------------------

  89. 

  90. You are supposed to run Tendermint under a `process supervisor

  91. <https://en.wikipedia.org/wiki/Process_supervision>`__ (like systemd or runit).

  92. It will ensure Tendermint is always running (despite possible errors).

  93. 

  94. Getting back to the original question, if your application dies, Tendermint

  95. will panic. After a process supervisor restarts your application, Tendermint

  96. should be able to reconnect successfully. The order of restart does not matter

  97. for it.

  98. 

  99. Signal handling

  100. ---------------

  101. 

  102. We catch SIGINT and SIGTERM and try to clean up nicely. For other signals we

  103. use the default behaviour in Go: `Default behavior of signals in Go programs

  104. <https://golang.org/pkg/os/signal/#hdr-Default_behavior_of_signals_in_Go_programs>`__.

  105. 

  106. Hardware

  107. --------

  108. 

  109. Processor and Memory

  110. ~~~~~~~~~~~~~~~~~~~~

  111. 

  112. While actual specs vary depending on the load and validators count, minimal requirements are:

  113. 

  114. - 1GB RAM

  115. - 25GB of disk space

  116. - 1.4 GHz CPU

  117. 

  118. SSD disks are preferable for applications with high transaction throughput.

  119. 

  120. Recommended:

  121. 

  122. - 2GB RAM

  123. - 100GB SSD

  124. - x64 2.0 GHz 2v CPU

  125. 

  126. While for now, Tendermint stores all the history and it may require significant

  127. disk space over time, we are planning to implement state syncing (See `#828

  128. <https://github.com/tendermint/tendermint/issues/828>`__). So, storing all the

  129. past blocks will not be necessary.

  130. 

  131. Operating Systems

  132. ~~~~~~~~~~~~~~~~~

  133. 

  134. Tendermint can be compiled for a wide range of operating systems thanks to Go

  135. language (the list of $OS/$ARCH pairs can be found `here

  136. <https://golang.org/doc/install/source#environment>`__).

  137. 

  138. While we do not favor any operation system, more secure and stable Linux server

  139. distributions (like Centos) should be preferred over desktop operation systems

  140. (like Mac OS).

  141. 

  142. Misc.

  143. ~~~~~

  144. 

  145. NOTE: if you are going to use Tendermint in a public domain, make sure you read

  146. `hardware recommendations (see "4. Hardware")

  147. <https://cosmos.network/validators>`__ for a validator in the Cosmos network.

  148. 

  149. Configuration parameters

  150. ------------------------

  151. 

  152. - ``p2p.flush_throttle_timeout``

  153.   ``p2p.max_packet_msg_payload_size``

  154.   ``p2p.send_rate``

  155.   ``p2p.recv_rate``

  156. 

  157. If you are going to use Tendermint in a private domain and you have a private

  158. high-speed network among your peers, it makes sense to lower flush throttle

  159. timeout and increase other params.

  160. 

  161. ::

  162. 

  163.     [p2p]

  164. 

  165.     send_rate=20000000 # 2MB/s

  166.     recv_rate=20000000 # 2MB/s

  167.     flush_throttle_timeout=10

  168.     max_packet_msg_payload_size=10240 # 10KB

  169. 

  170. - ``mempool.recheck``

  171. 

  172. After every block, Tendermint rechecks every transaction left in the mempool to

  173. see if transactions committed in that block affected the application state, so

  174. some of the transactions left may become invalid. If that does not apply to

  175. your application, you can disable it by setting ``mempool.recheck=false``.

  176. 

  177. - ``mempool.broadcast``

  178. 

  179. Setting this to false will stop the mempool from relaying transactions to other

  180. peers until they are included in a block. It means only the peer you send the

  181. tx to will see it until it is included in a block.

  182. 

  183. - ``consensus.skip_timeout_commit``

  184. 

  185. We want skip_timeout_commit=false when there is economics on the line because

  186. proposers should wait to hear for more votes. But if you don't care about that

  187. and want the fastest consensus, you can skip it. It will be kept false by

  188. default for public deployments (e.g. `Cosmos Hub

  189. <https://cosmos.network/intro/hub>`__) while for enterprise applications,

  190. setting it to true is not a problem.

  191. 

  192. - ``consensus.peer_gossip_sleep_duration``

  193. 

  194. You can try to reduce the time your node sleeps before checking if theres something to send its peers.

  195. 

  196. - ``consensus.timeout_commit``

  197. 

  198. You can also try lowering ``timeout_commit`` (time we sleep before proposing the next block).

  199. 

  200. - ``consensus.max_block_size_txs``

  201. 

  202. By default, the maximum number of transactions per a block is 10_000. Feel free

  203. to change it to suit your needs.