package config import ( "encoding/hex" "errors" "fmt" "io/ioutil" "net/http" "os" "path/filepath" "time" tmjson "github.com/tendermint/tendermint/libs/json" "github.com/tendermint/tendermint/libs/log" tmos "github.com/tendermint/tendermint/libs/os" "github.com/tendermint/tendermint/types" ) const ( // FuzzModeDrop is a mode in which we randomly drop reads/writes, connections or sleep FuzzModeDrop = iota // FuzzModeDelay is a mode in which we randomly sleep FuzzModeDelay // DefaultLogLevel defines a default log level as INFO. DefaultLogLevel = "info" ModeFull = "full" ModeValidator = "validator" ModeSeed = "seed" BlockSyncV0 = "v0" BlockSyncV2 = "v2" MempoolV0 = "v0" MempoolV1 = "v1" ) // NOTE: Most of the structs & relevant comments + the // default configuration options were used to manually // generate the config.toml. Please reflect any changes // made here in the defaultConfigTemplate constant in // config/toml.go // NOTE: libs/cli must know to look in the config dir! var ( DefaultTendermintDir = ".tendermint" defaultConfigDir = "config" defaultDataDir = "data" defaultConfigFileName = "config.toml" defaultGenesisJSONName = "genesis.json" defaultMode = ModeFull defaultPrivValKeyName = "priv_validator_key.json" defaultPrivValStateName = "priv_validator_state.json" defaultNodeKeyName = "node_key.json" defaultAddrBookName = "addrbook.json" defaultConfigFilePath = filepath.Join(defaultConfigDir, defaultConfigFileName) defaultGenesisJSONPath = filepath.Join(defaultConfigDir, defaultGenesisJSONName) defaultPrivValKeyPath = filepath.Join(defaultConfigDir, defaultPrivValKeyName) defaultPrivValStatePath = filepath.Join(defaultDataDir, defaultPrivValStateName) defaultNodeKeyPath = filepath.Join(defaultConfigDir, defaultNodeKeyName) defaultAddrBookPath = filepath.Join(defaultConfigDir, defaultAddrBookName) minSubscriptionBufferSize = 100 defaultSubscriptionBufferSize = 200 ) // Config defines the top level configuration for a Tendermint node type Config struct { // Top level options use an anonymous struct BaseConfig `mapstructure:",squash"` // Options for services RPC *RPCConfig `mapstructure:"rpc"` P2P *P2PConfig `mapstructure:"p2p"` Mempool *MempoolConfig `mapstructure:"mempool"` StateSync *StateSyncConfig `mapstructure:"statesync"` BlockSync *BlockSyncConfig `mapstructure:"blocksync"` Consensus *ConsensusConfig `mapstructure:"consensus"` TxIndex *TxIndexConfig `mapstructure:"tx-index"` Instrumentation *InstrumentationConfig `mapstructure:"instrumentation"` PrivValidator *PrivValidatorConfig `mapstructure:"priv-validator"` } // DefaultConfig returns a default configuration for a Tendermint node func DefaultConfig() *Config { return &Config{ BaseConfig: DefaultBaseConfig(), RPC: DefaultRPCConfig(), P2P: DefaultP2PConfig(), Mempool: DefaultMempoolConfig(), StateSync: DefaultStateSyncConfig(), BlockSync: DefaultBlockSyncConfig(), Consensus: DefaultConsensusConfig(), TxIndex: DefaultTxIndexConfig(), Instrumentation: DefaultInstrumentationConfig(), PrivValidator: DefaultPrivValidatorConfig(), } } // DefaultValidatorConfig returns default config with mode as validator func DefaultValidatorConfig() *Config { cfg := DefaultConfig() cfg.Mode = ModeValidator return cfg } // TestConfig returns a configuration that can be used for testing func TestConfig() *Config { return &Config{ BaseConfig: TestBaseConfig(), RPC: TestRPCConfig(), P2P: TestP2PConfig(), Mempool: TestMempoolConfig(), StateSync: TestStateSyncConfig(), BlockSync: TestBlockSyncConfig(), Consensus: TestConsensusConfig(), TxIndex: TestTxIndexConfig(), Instrumentation: TestInstrumentationConfig(), PrivValidator: DefaultPrivValidatorConfig(), } } // SetRoot sets the RootDir for all Config structs func (cfg *Config) SetRoot(root string) *Config { cfg.BaseConfig.RootDir = root cfg.RPC.RootDir = root cfg.P2P.RootDir = root cfg.Mempool.RootDir = root cfg.Consensus.RootDir = root cfg.PrivValidator.RootDir = root return cfg } // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg *Config) ValidateBasic() error { if err := cfg.BaseConfig.ValidateBasic(); err != nil { return err } if err := cfg.RPC.ValidateBasic(); err != nil { return fmt.Errorf("error in [rpc] section: %w", err) } if err := cfg.P2P.ValidateBasic(); err != nil { return fmt.Errorf("error in [p2p] section: %w", err) } if err := cfg.Mempool.ValidateBasic(); err != nil { return fmt.Errorf("error in [mempool] section: %w", err) } if err := cfg.StateSync.ValidateBasic(); err != nil { return fmt.Errorf("error in [statesync] section: %w", err) } if err := cfg.BlockSync.ValidateBasic(); err != nil { return fmt.Errorf("error in [blocksync] section: %w", err) } if err := cfg.Consensus.ValidateBasic(); err != nil { return fmt.Errorf("error in [consensus] section: %w", err) } if err := cfg.Instrumentation.ValidateBasic(); err != nil { return fmt.Errorf("error in [instrumentation] section: %w", err) } return nil } //----------------------------------------------------------------------------- // BaseConfig // BaseConfig defines the base configuration for a Tendermint node type BaseConfig struct { //nolint: maligned // chainID is unexposed and immutable but here for convenience chainID string // The root directory for all data. // This should be set in viper so it can unmarshal into this struct RootDir string `mapstructure:"home"` // TCP or UNIX socket address of the ABCI application, // or the name of an ABCI application compiled in with the Tendermint binary ProxyApp string `mapstructure:"proxy-app"` // A custom human readable name for this node Moniker string `mapstructure:"moniker"` // Mode of Node: full | validator | seed // * validator // - all reactors // - with priv_validator_key.json, priv_validator_state.json // * full // - all reactors // - No priv_validator_key.json, priv_validator_state.json // * seed // - only P2P, PEX Reactor // - No priv_validator_key.json, priv_validator_state.json Mode string `mapstructure:"mode"` // Database backend: goleveldb | cleveldb | boltdb | rocksdb // * goleveldb (github.com/syndtr/goleveldb - most popular implementation) // - pure go // - stable // * cleveldb (uses levigo wrapper) // - fast // - requires gcc // - use cleveldb build tag (go build -tags cleveldb) // * boltdb (uses etcd's fork of bolt - github.com/etcd-io/bbolt) // - EXPERIMENTAL // - may be faster is some use-cases (random reads - indexer) // - use boltdb build tag (go build -tags boltdb) // * rocksdb (uses github.com/tecbot/gorocksdb) // - EXPERIMENTAL // - requires gcc // - use rocksdb build tag (go build -tags rocksdb) // * badgerdb (uses github.com/dgraph-io/badger) // - EXPERIMENTAL // - use badgerdb build tag (go build -tags badgerdb) DBBackend string `mapstructure:"db-backend"` // Database directory DBPath string `mapstructure:"db-dir"` // Output level for logging LogLevel string `mapstructure:"log-level"` // Output format: 'plain' (colored text) or 'json' LogFormat string `mapstructure:"log-format"` // Path to the JSON file containing the initial validator set and other meta data Genesis string `mapstructure:"genesis-file"` // A JSON file containing the private key to use for p2p authenticated encryption NodeKey string `mapstructure:"node-key-file"` // Mechanism to connect to the ABCI application: socket | grpc ABCI string `mapstructure:"abci"` // If true, query the ABCI app on connecting to a new peer // so the app can decide if we should keep the connection or not FilterPeers bool `mapstructure:"filter-peers"` // false Other map[string]interface{} `mapstructure:",remain"` } // DefaultBaseConfig returns a default base configuration for a Tendermint node func DefaultBaseConfig() BaseConfig { return BaseConfig{ Genesis: defaultGenesisJSONPath, NodeKey: defaultNodeKeyPath, Mode: defaultMode, Moniker: defaultMoniker, ProxyApp: "tcp://127.0.0.1:26658", ABCI: "socket", LogLevel: DefaultLogLevel, LogFormat: log.LogFormatPlain, FilterPeers: false, DBBackend: "goleveldb", DBPath: "data", } } // TestBaseConfig returns a base configuration for testing a Tendermint node func TestBaseConfig() BaseConfig { cfg := DefaultBaseConfig() cfg.chainID = "tendermint_test" cfg.Mode = ModeValidator cfg.ProxyApp = "kvstore" cfg.DBBackend = "memdb" return cfg } func (cfg BaseConfig) ChainID() string { return cfg.chainID } // GenesisFile returns the full path to the genesis.json file func (cfg BaseConfig) GenesisFile() string { return rootify(cfg.Genesis, cfg.RootDir) } // NodeKeyFile returns the full path to the node_key.json file func (cfg BaseConfig) NodeKeyFile() string { return rootify(cfg.NodeKey, cfg.RootDir) } // LoadNodeKey loads NodeKey located in filePath. func (cfg BaseConfig) LoadNodeKeyID() (types.NodeID, error) { jsonBytes, err := ioutil.ReadFile(cfg.NodeKeyFile()) if err != nil { return "", err } nodeKey := types.NodeKey{} err = tmjson.Unmarshal(jsonBytes, &nodeKey) if err != nil { return "", err } nodeKey.ID = types.NodeIDFromPubKey(nodeKey.PubKey()) return nodeKey.ID, nil } // LoadOrGenNodeKey attempts to load the NodeKey from the given filePath. If // the file does not exist, it generates and saves a new NodeKey. func (cfg BaseConfig) LoadOrGenNodeKeyID() (types.NodeID, error) { if tmos.FileExists(cfg.NodeKeyFile()) { nodeKey, err := cfg.LoadNodeKeyID() if err != nil { return "", err } return nodeKey, nil } nodeKey := types.GenNodeKey() if err := nodeKey.SaveAs(cfg.NodeKeyFile()); err != nil { return "", err } return nodeKey.ID, nil } // DBDir returns the full path to the database directory func (cfg BaseConfig) DBDir() string { return rootify(cfg.DBPath, cfg.RootDir) } // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg BaseConfig) ValidateBasic() error { switch cfg.LogFormat { case log.LogFormatJSON, log.LogFormatText, log.LogFormatPlain: default: return errors.New("unknown log format (must be 'plain', 'text' or 'json')") } switch cfg.Mode { case ModeFull, ModeValidator, ModeSeed: case "": return errors.New("no mode has been set") default: return fmt.Errorf("unknown mode: %v", cfg.Mode) } // TODO (https://github.com/tendermint/tendermint/issues/6908) remove this check after the v0.35 release cycle. // This check was added to give users an upgrade prompt to use the new // configuration option in v0.35. In future release cycles they should no longer // be using this configuration parameter so the check can be removed. // The cfg.Other field can likely be removed at the same time if it is not referenced // elsewhere as it was added to service this check. if fs, ok := cfg.Other["fastsync"]; ok { if _, ok := fs.(map[string]interface{}); ok { return fmt.Errorf("a configuration section named 'fastsync' was found in the " + "configuration file. The 'fastsync' section has been renamed to " + "'blocksync', please update the 'fastsync' field in your configuration file to 'blocksync'") } } if fs, ok := cfg.Other["fast-sync"]; ok { if fs != "" { return fmt.Errorf("a parameter named 'fast-sync' was found in the " + "configuration file. The parameter to enable or disable quickly syncing with a blockchain" + "has moved to the [blocksync] section of the configuration file as blocksync.enable. " + "Please move the 'fast-sync' field in your configuration file to 'blocksync.enable'") } } return nil } //----------------------------------------------------------------------------- // PrivValidatorConfig // PrivValidatorConfig defines the configuration parameters for running a validator type PrivValidatorConfig struct { RootDir string `mapstructure:"home"` // Path to the JSON file containing the private key to use as a validator in the consensus protocol Key string `mapstructure:"key-file"` // Path to the JSON file containing the last sign state of a validator State string `mapstructure:"state-file"` // TCP or UNIX socket address for Tendermint to listen on for // connections from an external PrivValidator process ListenAddr string `mapstructure:"laddr"` // Client certificate generated while creating needed files for secure connection. // If a remote validator address is provided but no certificate, the connection will be insecure ClientCertificate string `mapstructure:"client-certificate-file"` // Client key generated while creating certificates for secure connection ClientKey string `mapstructure:"client-key-file"` // Path Root Certificate Authority used to sign both client and server certificates RootCA string `mapstructure:"root-ca-file"` } // DefaultBaseConfig returns a default private validator configuration // for a Tendermint node. func DefaultPrivValidatorConfig() *PrivValidatorConfig { return &PrivValidatorConfig{ Key: defaultPrivValKeyPath, State: defaultPrivValStatePath, } } // ClientKeyFile returns the full path to the priv_validator_key.json file func (cfg *PrivValidatorConfig) ClientKeyFile() string { return rootify(cfg.ClientKey, cfg.RootDir) } // ClientCertificateFile returns the full path to the priv_validator_key.json file func (cfg *PrivValidatorConfig) ClientCertificateFile() string { return rootify(cfg.ClientCertificate, cfg.RootDir) } // CertificateAuthorityFile returns the full path to the priv_validator_key.json file func (cfg *PrivValidatorConfig) RootCAFile() string { return rootify(cfg.RootCA, cfg.RootDir) } // KeyFile returns the full path to the priv_validator_key.json file func (cfg *PrivValidatorConfig) KeyFile() string { return rootify(cfg.Key, cfg.RootDir) } // StateFile returns the full path to the priv_validator_state.json file func (cfg *PrivValidatorConfig) StateFile() string { return rootify(cfg.State, cfg.RootDir) } func (cfg *PrivValidatorConfig) AreSecurityOptionsPresent() bool { switch { case cfg.RootCA == "": return false case cfg.ClientKey == "": return false case cfg.ClientCertificate == "": return false default: return true } } //----------------------------------------------------------------------------- // RPCConfig // RPCConfig defines the configuration options for the Tendermint RPC server type RPCConfig struct { RootDir string `mapstructure:"home"` // TCP or UNIX socket address for the RPC server to listen on ListenAddress string `mapstructure:"laddr"` // A list of origins a cross-domain request can be executed from. // If the special '*' value is present in the list, all origins will be allowed. // An origin may contain a wildcard (*) to replace 0 or more characters (i.e.: http://*.domain.com). // Only one wildcard can be used per origin. CORSAllowedOrigins []string `mapstructure:"cors-allowed-origins"` // A list of methods the client is allowed to use with cross-domain requests. CORSAllowedMethods []string `mapstructure:"cors-allowed-methods"` // A list of non simple headers the client is allowed to use with cross-domain requests. CORSAllowedHeaders []string `mapstructure:"cors-allowed-headers"` // TCP or UNIX socket address for the gRPC server to listen on // NOTE: This server only supports /broadcast_tx_commit // Deprecated: gRPC in the RPC layer of Tendermint will be removed in 0.36. GRPCListenAddress string `mapstructure:"grpc-laddr"` // Maximum number of simultaneous connections. // Does not include RPC (HTTP&WebSocket) connections. See max-open-connections // If you want to accept a larger number than the default, make sure // you increase your OS limits. // 0 - unlimited. // Deprecated: gRPC in the RPC layer of Tendermint will be removed in 0.36. GRPCMaxOpenConnections int `mapstructure:"grpc-max-open-connections"` // Activate unsafe RPC commands like /dial-persistent-peers and /unsafe-flush-mempool Unsafe bool `mapstructure:"unsafe"` // Maximum number of simultaneous connections (including WebSocket). // Does not include gRPC connections. See grpc-max-open-connections // If you want to accept a larger number than the default, make sure // you increase your OS limits. // 0 - unlimited. // Should be < {ulimit -Sn} - {MaxNumInboundPeers} - {MaxNumOutboundPeers} - {N of wal, db and other open files} // 1024 - 40 - 10 - 50 = 924 = ~900 MaxOpenConnections int `mapstructure:"max-open-connections"` // Maximum number of unique clientIDs that can /subscribe // If you're using /broadcast_tx_commit, set to the estimated maximum number // of broadcast_tx_commit calls per block. MaxSubscriptionClients int `mapstructure:"max-subscription-clients"` // Maximum number of unique queries a given client can /subscribe to // If you're using GRPC (or Local RPC client) and /broadcast_tx_commit, set // to the estimated maximum number of broadcast_tx_commit calls per block. MaxSubscriptionsPerClient int `mapstructure:"max-subscriptions-per-client"` // The number of events that can be buffered per subscription before // returning `ErrOutOfCapacity`. SubscriptionBufferSize int `mapstructure:"experimental-subscription-buffer-size"` // The maximum number of responses that can be buffered per WebSocket // client. If clients cannot read from the WebSocket endpoint fast enough, // they will be disconnected, so increasing this parameter may reduce the // chances of them being disconnected (but will cause the node to use more // memory). // // Must be at least the same as `SubscriptionBufferSize`, otherwise // connections may be dropped unnecessarily. WebSocketWriteBufferSize int `mapstructure:"experimental-websocket-write-buffer-size"` // If a WebSocket client cannot read fast enough, at present we may // silently drop events instead of generating an error or disconnecting the // client. // // Enabling this parameter will cause the WebSocket connection to be closed // instead if it cannot read fast enough, allowing for greater // predictability in subscription behavior. CloseOnSlowClient bool `mapstructure:"experimental-close-on-slow-client"` // How long to wait for a tx to be committed during /broadcast_tx_commit // WARNING: Using a value larger than 10s will result in increasing the // global HTTP write timeout, which applies to all connections and endpoints. // See https://github.com/tendermint/tendermint/issues/3435 TimeoutBroadcastTxCommit time.Duration `mapstructure:"timeout-broadcast-tx-commit"` // Maximum size of request body, in bytes MaxBodyBytes int64 `mapstructure:"max-body-bytes"` // Maximum size of request header, in bytes MaxHeaderBytes int `mapstructure:"max-header-bytes"` // The path to a file containing certificate that is used to create the HTTPS server. // Might be either absolute path or path related to Tendermint's config directory. // // If the certificate is signed by a certificate authority, // the certFile should be the concatenation of the server's certificate, any intermediates, // and the CA's certificate. // // NOTE: both tls-cert-file and tls-key-file must be present for Tendermint to create HTTPS server. // Otherwise, HTTP server is run. TLSCertFile string `mapstructure:"tls-cert-file"` // The path to a file containing matching private key that is used to create the HTTPS server. // Might be either absolute path or path related to tendermint's config directory. // // NOTE: both tls-cert-file and tls-key-file must be present for Tendermint to create HTTPS server. // Otherwise, HTTP server is run. TLSKeyFile string `mapstructure:"tls-key-file"` // pprof listen address (https://golang.org/pkg/net/http/pprof) PprofListenAddress string `mapstructure:"pprof-laddr"` } // DefaultRPCConfig returns a default configuration for the RPC server func DefaultRPCConfig() *RPCConfig { return &RPCConfig{ ListenAddress: "tcp://127.0.0.1:26657", CORSAllowedOrigins: []string{}, CORSAllowedMethods: []string{http.MethodHead, http.MethodGet, http.MethodPost}, CORSAllowedHeaders: []string{"Origin", "Accept", "Content-Type", "X-Requested-With", "X-Server-Time"}, GRPCListenAddress: "", GRPCMaxOpenConnections: 900, Unsafe: false, MaxOpenConnections: 900, MaxSubscriptionClients: 100, MaxSubscriptionsPerClient: 5, SubscriptionBufferSize: defaultSubscriptionBufferSize, TimeoutBroadcastTxCommit: 10 * time.Second, WebSocketWriteBufferSize: defaultSubscriptionBufferSize, MaxBodyBytes: int64(1000000), // 1MB MaxHeaderBytes: 1 << 20, // same as the net/http default TLSCertFile: "", TLSKeyFile: "", } } // TestRPCConfig returns a configuration for testing the RPC server func TestRPCConfig() *RPCConfig { cfg := DefaultRPCConfig() cfg.ListenAddress = "tcp://127.0.0.1:36657" cfg.GRPCListenAddress = "tcp://127.0.0.1:36658" cfg.Unsafe = true return cfg } // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg *RPCConfig) ValidateBasic() error { if cfg.GRPCMaxOpenConnections < 0 { return errors.New("grpc-max-open-connections can't be negative") } if cfg.MaxOpenConnections < 0 { return errors.New("max-open-connections can't be negative") } if cfg.MaxSubscriptionClients < 0 { return errors.New("max-subscription-clients can't be negative") } if cfg.MaxSubscriptionsPerClient < 0 { return errors.New("max-subscriptions-per-client can't be negative") } if cfg.SubscriptionBufferSize < minSubscriptionBufferSize { return fmt.Errorf( "experimental-subscription-buffer-size must be >= %d", minSubscriptionBufferSize, ) } if cfg.WebSocketWriteBufferSize < cfg.SubscriptionBufferSize { return fmt.Errorf( "experimental-websocket-write-buffer-size must be >= experimental-subscription-buffer-size (%d)", cfg.SubscriptionBufferSize, ) } if cfg.TimeoutBroadcastTxCommit < 0 { return errors.New("timeout-broadcast-tx-commit can't be negative") } if cfg.MaxBodyBytes < 0 { return errors.New("max-body-bytes can't be negative") } if cfg.MaxHeaderBytes < 0 { return errors.New("max-header-bytes can't be negative") } return nil } // IsCorsEnabled returns true if cross-origin resource sharing is enabled. func (cfg *RPCConfig) IsCorsEnabled() bool { return len(cfg.CORSAllowedOrigins) != 0 } func (cfg RPCConfig) KeyFile() string { path := cfg.TLSKeyFile if filepath.IsAbs(path) { return path } return rootify(filepath.Join(defaultConfigDir, path), cfg.RootDir) } func (cfg RPCConfig) CertFile() string { path := cfg.TLSCertFile if filepath.IsAbs(path) { return path } return rootify(filepath.Join(defaultConfigDir, path), cfg.RootDir) } func (cfg RPCConfig) IsTLSEnabled() bool { return cfg.TLSCertFile != "" && cfg.TLSKeyFile != "" } //----------------------------------------------------------------------------- // P2PConfig // P2PConfig defines the configuration options for the Tendermint peer-to-peer networking layer type P2PConfig struct { //nolint: maligned RootDir string `mapstructure:"home"` // Address to listen for incoming connections ListenAddress string `mapstructure:"laddr"` // Address to advertise to peers for them to dial ExternalAddress string `mapstructure:"external-address"` // Comma separated list of seed nodes to connect to // We only use these if we can’t connect to peers in the addrbook // NOTE: not used by the new PEX reactor. Please use BootstrapPeers instead. // TODO: Remove once p2p refactor is complete // ref: https://github.com/tendermint/tendermint/issues/5670 Seeds string `mapstructure:"seeds"` // Comma separated list of peers to be added to the peer store // on startup. Either BootstrapPeers or PersistentPeers are // needed for peer discovery BootstrapPeers string `mapstructure:"bootstrap-peers"` // Comma separated list of nodes to keep persistent connections to PersistentPeers string `mapstructure:"persistent-peers"` // UPNP port forwarding UPNP bool `mapstructure:"upnp"` // Path to address book AddrBook string `mapstructure:"addr-book-file"` // Set true for strict address routability rules // Set false for private or local networks AddrBookStrict bool `mapstructure:"addr-book-strict"` // Maximum number of inbound peers // // TODO: Remove once p2p refactor is complete in favor of MaxConnections. // ref: https://github.com/tendermint/tendermint/issues/5670 MaxNumInboundPeers int `mapstructure:"max-num-inbound-peers"` // Maximum number of outbound peers to connect to, excluding persistent peers. // // TODO: Remove once p2p refactor is complete in favor of MaxConnections. // ref: https://github.com/tendermint/tendermint/issues/5670 MaxNumOutboundPeers int `mapstructure:"max-num-outbound-peers"` // MaxConnections defines the maximum number of connected peers (inbound and // outbound). MaxConnections uint16 `mapstructure:"max-connections"` // MaxIncomingConnectionAttempts rate limits the number of incoming connection // attempts per IP address. MaxIncomingConnectionAttempts uint `mapstructure:"max-incoming-connection-attempts"` // List of node IDs, to which a connection will be (re)established ignoring any existing limits UnconditionalPeerIDs string `mapstructure:"unconditional-peer-ids"` // Maximum pause when redialing a persistent peer (if zero, exponential backoff is used) PersistentPeersMaxDialPeriod time.Duration `mapstructure:"persistent-peers-max-dial-period"` // Time to wait before flushing messages out on the connection FlushThrottleTimeout time.Duration `mapstructure:"flush-throttle-timeout"` // Maximum size of a message packet payload, in bytes MaxPacketMsgPayloadSize int `mapstructure:"max-packet-msg-payload-size"` // Rate at which packets can be sent, in bytes/second SendRate int64 `mapstructure:"send-rate"` // Rate at which packets can be received, in bytes/second RecvRate int64 `mapstructure:"recv-rate"` // Set true to enable the peer-exchange reactor PexReactor bool `mapstructure:"pex"` // Comma separated list of peer IDs to keep private (will not be gossiped to // other peers) PrivatePeerIDs string `mapstructure:"private-peer-ids"` // Toggle to disable guard against peers connecting from the same ip. AllowDuplicateIP bool `mapstructure:"allow-duplicate-ip"` // Peer connection configuration. HandshakeTimeout time.Duration `mapstructure:"handshake-timeout"` DialTimeout time.Duration `mapstructure:"dial-timeout"` // Testing params. // Force dial to fail TestDialFail bool `mapstructure:"test-dial-fail"` // UseLegacy enables the "legacy" P2P implementation and // disables the newer default implementation. This flag will // be removed in a future release. UseLegacy bool `mapstructure:"use-legacy"` // Makes it possible to configure which queue backend the p2p // layer uses. Options are: "fifo", "priority" and "wdrr", // with the default being "priority". QueueType string `mapstructure:"queue-type"` } // DefaultP2PConfig returns a default configuration for the peer-to-peer layer func DefaultP2PConfig() *P2PConfig { return &P2PConfig{ ListenAddress: "tcp://0.0.0.0:26656", ExternalAddress: "", UPNP: false, AddrBook: defaultAddrBookPath, AddrBookStrict: true, MaxNumInboundPeers: 40, MaxNumOutboundPeers: 10, MaxConnections: 64, MaxIncomingConnectionAttempts: 100, PersistentPeersMaxDialPeriod: 0 * time.Second, FlushThrottleTimeout: 100 * time.Millisecond, // The MTU (Maximum Transmission Unit) for Ethernet is 1500 bytes. // The IP header and the TCP header take up 20 bytes each at least (unless // optional header fields are used) and thus the max for (non-Jumbo frame) // Ethernet is 1500 - 20 -20 = 1460 // Source: https://stackoverflow.com/a/3074427/820520 MaxPacketMsgPayloadSize: 1400, SendRate: 5120000, // 5 mB/s RecvRate: 5120000, // 5 mB/s PexReactor: true, AllowDuplicateIP: false, HandshakeTimeout: 20 * time.Second, DialTimeout: 3 * time.Second, TestDialFail: false, QueueType: "priority", UseLegacy: false, } } // TestP2PConfig returns a configuration for testing the peer-to-peer layer func TestP2PConfig() *P2PConfig { cfg := DefaultP2PConfig() cfg.ListenAddress = "tcp://127.0.0.1:36656" cfg.FlushThrottleTimeout = 10 * time.Millisecond cfg.AllowDuplicateIP = true return cfg } // AddrBookFile returns the full path to the address book func (cfg *P2PConfig) AddrBookFile() string { return rootify(cfg.AddrBook, cfg.RootDir) } // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg *P2PConfig) ValidateBasic() error { if cfg.MaxNumInboundPeers < 0 { return errors.New("max-num-inbound-peers can't be negative") } if cfg.MaxNumOutboundPeers < 0 { return errors.New("max-num-outbound-peers can't be negative") } if cfg.FlushThrottleTimeout < 0 { return errors.New("flush-throttle-timeout can't be negative") } if cfg.PersistentPeersMaxDialPeriod < 0 { return errors.New("persistent-peers-max-dial-period can't be negative") } if cfg.MaxPacketMsgPayloadSize < 0 { return errors.New("max-packet-msg-payload-size can't be negative") } if cfg.SendRate < 0 { return errors.New("send-rate can't be negative") } if cfg.RecvRate < 0 { return errors.New("recv-rate can't be negative") } return nil } //----------------------------------------------------------------------------- // MempoolConfig // MempoolConfig defines the configuration options for the Tendermint mempool. type MempoolConfig struct { Version string `mapstructure:"version"` RootDir string `mapstructure:"home"` Recheck bool `mapstructure:"recheck"` Broadcast bool `mapstructure:"broadcast"` // Maximum number of transactions in the mempool Size int `mapstructure:"size"` // Limit the total size of all txs in the mempool. // This only accounts for raw transactions (e.g. given 1MB transactions and // max-txs-bytes=5MB, mempool will only accept 5 transactions). MaxTxsBytes int64 `mapstructure:"max-txs-bytes"` // Size of the cache (used to filter transactions we saw earlier) in transactions CacheSize int `mapstructure:"cache-size"` // Do not remove invalid transactions from the cache (default: false) // Set to true if it's not possible for any invalid transaction to become // valid again in the future. KeepInvalidTxsInCache bool `mapstructure:"keep-invalid-txs-in-cache"` // Maximum size of a single transaction // NOTE: the max size of a tx transmitted over the network is {max-tx-bytes}. MaxTxBytes int `mapstructure:"max-tx-bytes"` // Maximum size of a batch of transactions to send to a peer // Including space needed by encoding (one varint per transaction). // XXX: Unused due to https://github.com/tendermint/tendermint/issues/5796 MaxBatchBytes int `mapstructure:"max-batch-bytes"` // TTLDuration, if non-zero, defines the maximum amount of time a transaction // can exist for in the mempool. // // Note, if TTLNumBlocks is also defined, a transaction will be removed if it // has existed in the mempool at least TTLNumBlocks number of blocks or if it's // insertion time into the mempool is beyond TTLDuration. TTLDuration time.Duration `mapstructure:"ttl-duration"` // TTLNumBlocks, if non-zero, defines the maximum number of blocks a transaction // can exist for in the mempool. // // Note, if TTLDuration is also defined, a transaction will be removed if it // has existed in the mempool at least TTLNumBlocks number of blocks or if // it's insertion time into the mempool is beyond TTLDuration. TTLNumBlocks int64 `mapstructure:"ttl-num-blocks"` } // DefaultMempoolConfig returns a default configuration for the Tendermint mempool. func DefaultMempoolConfig() *MempoolConfig { return &MempoolConfig{ Version: MempoolV1, Recheck: true, Broadcast: true, // Each signature verification takes .5ms, Size reduced until we implement // ABCI Recheck Size: 5000, MaxTxsBytes: 1024 * 1024 * 1024, // 1GB CacheSize: 10000, MaxTxBytes: 1024 * 1024, // 1MB TTLDuration: 0 * time.Second, TTLNumBlocks: 0, } } // TestMempoolConfig returns a configuration for testing the Tendermint mempool func TestMempoolConfig() *MempoolConfig { cfg := DefaultMempoolConfig() cfg.CacheSize = 1000 return cfg } // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg *MempoolConfig) ValidateBasic() error { if cfg.Size < 0 { return errors.New("size can't be negative") } if cfg.MaxTxsBytes < 0 { return errors.New("max-txs-bytes can't be negative") } if cfg.CacheSize < 0 { return errors.New("cache-size can't be negative") } if cfg.MaxTxBytes < 0 { return errors.New("max-tx-bytes can't be negative") } if cfg.TTLDuration < 0 { return errors.New("ttl-duration can't be negative") } if cfg.TTLNumBlocks < 0 { return errors.New("ttl-num-blocks can't be negative") } return nil } //----------------------------------------------------------------------------- // StateSyncConfig // StateSyncConfig defines the configuration for the Tendermint state sync service type StateSyncConfig struct { // State sync rapidly bootstraps a new node by discovering, fetching, and restoring a // state machine snapshot from peers instead of fetching and replaying historical // blocks. Requires some peers in the network to take and serve state machine // snapshots. State sync is not attempted if the node has any local state // (LastBlockHeight > 0). The node will have a truncated block history, starting from // the height of the snapshot. Enable bool `mapstructure:"enable"` // State sync uses light client verification to verify state. This can be done either // through the P2P layer or the RPC layer. Set this to true to use the P2P layer. If // false (default), the RPC layer will be used. UseP2P bool `mapstructure:"use-p2p"` // If using RPC, at least two addresses need to be provided. They should be compatible // with net.Dial, for example: "host.example.com:2125". RPCServers []string `mapstructure:"rpc-servers"` // The hash and height of a trusted block. Must be within the trust-period. TrustHeight int64 `mapstructure:"trust-height"` TrustHash string `mapstructure:"trust-hash"` // The trust period should be set so that Tendermint can detect and gossip // misbehavior before it is considered expired. For chains based on the Cosmos SDK, // one day less than the unbonding period should suffice. TrustPeriod time.Duration `mapstructure:"trust-period"` // Time to spend discovering snapshots before initiating a restore. DiscoveryTime time.Duration `mapstructure:"discovery-time"` // Temporary directory for state sync snapshot chunks, defaults to os.TempDir(). // The synchronizer will create a new, randomly named directory within this directory // and remove it when the sync is complete. TempDir string `mapstructure:"temp-dir"` // The timeout duration before re-requesting a chunk, possibly from a different // peer (default: 15 seconds). ChunkRequestTimeout time.Duration `mapstructure:"chunk-request-timeout"` // The number of concurrent chunk and block fetchers to run (default: 4). Fetchers int32 `mapstructure:"fetchers"` } func (cfg *StateSyncConfig) TrustHashBytes() []byte { // validated in ValidateBasic, so we can safely panic here bytes, err := hex.DecodeString(cfg.TrustHash) if err != nil { panic(err) } return bytes } // DefaultStateSyncConfig returns a default configuration for the state sync service func DefaultStateSyncConfig() *StateSyncConfig { return &StateSyncConfig{ TrustPeriod: 168 * time.Hour, DiscoveryTime: 15 * time.Second, ChunkRequestTimeout: 15 * time.Second, Fetchers: 4, } } // TestStateSyncConfig returns a default configuration for the state sync service func TestStateSyncConfig() *StateSyncConfig { return DefaultStateSyncConfig() } // ValidateBasic performs basic validation. func (cfg *StateSyncConfig) ValidateBasic() error { if !cfg.Enable { return nil } // If we're not using the P2P stack then we need to validate the // RPCServers if !cfg.UseP2P { if len(cfg.RPCServers) < 2 { return errors.New("at least two rpc-servers must be specified") } for _, server := range cfg.RPCServers { if server == "" { return errors.New("found empty rpc-servers entry") } } } if cfg.DiscoveryTime != 0 && cfg.DiscoveryTime < 5*time.Second { return errors.New("discovery time must be 0s or greater than five seconds") } if cfg.TrustPeriod <= 0 { return errors.New("trusted-period is required") } if cfg.TrustHeight <= 0 { return errors.New("trusted-height is required") } if len(cfg.TrustHash) == 0 { return errors.New("trusted-hash is required") } _, err := hex.DecodeString(cfg.TrustHash) if err != nil { return fmt.Errorf("invalid trusted-hash: %w", err) } if cfg.ChunkRequestTimeout < 5*time.Second { return errors.New("chunk-request-timeout must be at least 5 seconds") } if cfg.Fetchers <= 0 { return errors.New("fetchers is required") } return nil } //----------------------------------------------------------------------------- // BlockSyncConfig (formerly known as FastSync) defines the configuration for the Tendermint block sync service // If this node is many blocks behind the tip of the chain, BlockSync // allows them to catchup quickly by downloading blocks in parallel // and verifying their commits. type BlockSyncConfig struct { Enable bool `mapstructure:"enable"` Version string `mapstructure:"version"` } // DefaultBlockSyncConfig returns a default configuration for the block sync service func DefaultBlockSyncConfig() *BlockSyncConfig { return &BlockSyncConfig{ Enable: true, Version: BlockSyncV0, } } // TestBlockSyncConfig returns a default configuration for the block sync. func TestBlockSyncConfig() *BlockSyncConfig { return DefaultBlockSyncConfig() } // ValidateBasic performs basic validation. func (cfg *BlockSyncConfig) ValidateBasic() error { switch cfg.Version { case BlockSyncV0: return nil case BlockSyncV2: return errors.New("blocksync version v2 is no longer supported. Please use v0") default: return fmt.Errorf("unknown blocksync version %s", cfg.Version) } } //----------------------------------------------------------------------------- // ConsensusConfig // ConsensusConfig defines the configuration for the Tendermint consensus service, // including timeouts and details about the WAL and the block structure. type ConsensusConfig struct { RootDir string `mapstructure:"home"` WalPath string `mapstructure:"wal-file"` walFile string // overrides WalPath if set // TODO: remove timeout configs, these should be global not local // How long we wait for a proposal block before prevoting nil TimeoutPropose time.Duration `mapstructure:"timeout-propose"` // How much timeout-propose increases with each round TimeoutProposeDelta time.Duration `mapstructure:"timeout-propose-delta"` // How long we wait after receiving +2/3 prevotes for “anything” (ie. not a single block or nil) TimeoutPrevote time.Duration `mapstructure:"timeout-prevote"` // How much the timeout-prevote increases with each round TimeoutPrevoteDelta time.Duration `mapstructure:"timeout-prevote-delta"` // How long we wait after receiving +2/3 precommits for “anything” (ie. not a single block or nil) TimeoutPrecommit time.Duration `mapstructure:"timeout-precommit"` // How much the timeout-precommit increases with each round TimeoutPrecommitDelta time.Duration `mapstructure:"timeout-precommit-delta"` // How long we wait after committing a block, before starting on the new // height (this gives us a chance to receive some more precommits, even // though we already have +2/3). TimeoutCommit time.Duration `mapstructure:"timeout-commit"` // Make progress as soon as we have all the precommits (as if TimeoutCommit = 0) SkipTimeoutCommit bool `mapstructure:"skip-timeout-commit"` // EmptyBlocks mode and possible interval between empty blocks CreateEmptyBlocks bool `mapstructure:"create-empty-blocks"` CreateEmptyBlocksInterval time.Duration `mapstructure:"create-empty-blocks-interval"` // Reactor sleep duration parameters PeerGossipSleepDuration time.Duration `mapstructure:"peer-gossip-sleep-duration"` PeerQueryMaj23SleepDuration time.Duration `mapstructure:"peer-query-maj23-sleep-duration"` DoubleSignCheckHeight int64 `mapstructure:"double-sign-check-height"` } // DefaultConsensusConfig returns a default configuration for the consensus service func DefaultConsensusConfig() *ConsensusConfig { return &ConsensusConfig{ WalPath: filepath.Join(defaultDataDir, "cs.wal", "wal"), TimeoutPropose: 3000 * time.Millisecond, TimeoutProposeDelta: 500 * time.Millisecond, TimeoutPrevote: 1000 * time.Millisecond, TimeoutPrevoteDelta: 500 * time.Millisecond, TimeoutPrecommit: 1000 * time.Millisecond, TimeoutPrecommitDelta: 500 * time.Millisecond, TimeoutCommit: 1000 * time.Millisecond, SkipTimeoutCommit: false, CreateEmptyBlocks: true, CreateEmptyBlocksInterval: 0 * time.Second, PeerGossipSleepDuration: 100 * time.Millisecond, PeerQueryMaj23SleepDuration: 2000 * time.Millisecond, DoubleSignCheckHeight: int64(0), } } // TestConsensusConfig returns a configuration for testing the consensus service func TestConsensusConfig() *ConsensusConfig { cfg := DefaultConsensusConfig() cfg.TimeoutPropose = 40 * time.Millisecond cfg.TimeoutProposeDelta = 1 * time.Millisecond cfg.TimeoutPrevote = 10 * time.Millisecond cfg.TimeoutPrevoteDelta = 1 * time.Millisecond cfg.TimeoutPrecommit = 10 * time.Millisecond cfg.TimeoutPrecommitDelta = 1 * time.Millisecond cfg.TimeoutCommit = 10 * time.Millisecond cfg.SkipTimeoutCommit = true cfg.PeerGossipSleepDuration = 5 * time.Millisecond cfg.PeerQueryMaj23SleepDuration = 250 * time.Millisecond cfg.DoubleSignCheckHeight = int64(0) return cfg } // WaitForTxs returns true if the consensus should wait for transactions before entering the propose step func (cfg *ConsensusConfig) WaitForTxs() bool { return !cfg.CreateEmptyBlocks || cfg.CreateEmptyBlocksInterval > 0 } // Propose returns the amount of time to wait for a proposal func (cfg *ConsensusConfig) Propose(round int32) time.Duration { return time.Duration( cfg.TimeoutPropose.Nanoseconds()+cfg.TimeoutProposeDelta.Nanoseconds()*int64(round), ) * time.Nanosecond } // Prevote returns the amount of time to wait for straggler votes after receiving any +2/3 prevotes func (cfg *ConsensusConfig) Prevote(round int32) time.Duration { return time.Duration( cfg.TimeoutPrevote.Nanoseconds()+cfg.TimeoutPrevoteDelta.Nanoseconds()*int64(round), ) * time.Nanosecond } // Precommit returns the amount of time to wait for straggler votes after receiving any +2/3 precommits func (cfg *ConsensusConfig) Precommit(round int32) time.Duration { return time.Duration( cfg.TimeoutPrecommit.Nanoseconds()+cfg.TimeoutPrecommitDelta.Nanoseconds()*int64(round), ) * time.Nanosecond } // Commit returns the amount of time to wait for straggler votes after receiving +2/3 precommits // for a single block (ie. a commit). func (cfg *ConsensusConfig) Commit(t time.Time) time.Time { return t.Add(cfg.TimeoutCommit) } // WalFile returns the full path to the write-ahead log file func (cfg *ConsensusConfig) WalFile() string { if cfg.walFile != "" { return cfg.walFile } return rootify(cfg.WalPath, cfg.RootDir) } // SetWalFile sets the path to the write-ahead log file func (cfg *ConsensusConfig) SetWalFile(walFile string) { cfg.walFile = walFile } // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg *ConsensusConfig) ValidateBasic() error { if cfg.TimeoutPropose < 0 { return errors.New("timeout-propose can't be negative") } if cfg.TimeoutProposeDelta < 0 { return errors.New("timeout-propose-delta can't be negative") } if cfg.TimeoutPrevote < 0 { return errors.New("timeout-prevote can't be negative") } if cfg.TimeoutPrevoteDelta < 0 { return errors.New("timeout-prevote-delta can't be negative") } if cfg.TimeoutPrecommit < 0 { return errors.New("timeout-precommit can't be negative") } if cfg.TimeoutPrecommitDelta < 0 { return errors.New("timeout-precommit-delta can't be negative") } if cfg.TimeoutCommit < 0 { return errors.New("timeout-commit can't be negative") } if cfg.CreateEmptyBlocksInterval < 0 { return errors.New("create-empty-blocks-interval can't be negative") } if cfg.PeerGossipSleepDuration < 0 { return errors.New("peer-gossip-sleep-duration can't be negative") } if cfg.PeerQueryMaj23SleepDuration < 0 { return errors.New("peer-query-maj23-sleep-duration can't be negative") } if cfg.DoubleSignCheckHeight < 0 { return errors.New("double-sign-check-height can't be negative") } return nil } //----------------------------------------------------------------------------- // TxIndexConfig // Remember that Event has the following structure: // type: [ // key: value, // ... // ] // // CompositeKeys are constructed by `type.key` // TxIndexConfig defines the configuration for the transaction indexer, // including composite keys to index. type TxIndexConfig struct { // The backend database list to back the indexer. // If list contains `null`, meaning no indexer service will be used. // // Options: // 1) "null" - no indexer services. // 2) "kv" (default) - the simplest possible indexer, // backed by key-value storage (defaults to levelDB; see DBBackend). // 3) "psql" - the indexer services backed by PostgreSQL. Indexer []string `mapstructure:"indexer"` // The PostgreSQL connection configuration, the connection format: // postgresql://:@:/? PsqlConn string `mapstructure:"psql-conn"` } // DefaultTxIndexConfig returns a default configuration for the transaction indexer. func DefaultTxIndexConfig() *TxIndexConfig { return &TxIndexConfig{ Indexer: []string{"kv"}, } } // TestTxIndexConfig returns a default configuration for the transaction indexer. func TestTxIndexConfig() *TxIndexConfig { return DefaultTxIndexConfig() } //----------------------------------------------------------------------------- // InstrumentationConfig // InstrumentationConfig defines the configuration for metrics reporting. type InstrumentationConfig struct { // When true, Prometheus metrics are served under /metrics on // PrometheusListenAddr. // Check out the documentation for the list of available metrics. Prometheus bool `mapstructure:"prometheus"` // Address to listen for Prometheus collector(s) connections. PrometheusListenAddr string `mapstructure:"prometheus-listen-addr"` // Maximum number of simultaneous connections. // If you want to accept a larger number than the default, make sure // you increase your OS limits. // 0 - unlimited. MaxOpenConnections int `mapstructure:"max-open-connections"` // Instrumentation namespace. Namespace string `mapstructure:"namespace"` } // DefaultInstrumentationConfig returns a default configuration for metrics // reporting. func DefaultInstrumentationConfig() *InstrumentationConfig { return &InstrumentationConfig{ Prometheus: false, PrometheusListenAddr: ":26660", MaxOpenConnections: 3, Namespace: "tendermint", } } // TestInstrumentationConfig returns a default configuration for metrics // reporting. func TestInstrumentationConfig() *InstrumentationConfig { return DefaultInstrumentationConfig() } // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg *InstrumentationConfig) ValidateBasic() error { if cfg.MaxOpenConnections < 0 { return errors.New("max-open-connections can't be negative") } return nil } //----------------------------------------------------------------------------- // Utils // helper function to make config creation independent of root dir func rootify(path, root string) string { if filepath.IsAbs(path) { return path } return filepath.Join(root, path) } //----------------------------------------------------------------------------- // Moniker var defaultMoniker = getDefaultMoniker() // getDefaultMoniker returns a default moniker, which is the host name. If runtime // fails to get the host name, "anonymous" will be returned. func getDefaultMoniker() string { moniker, err := os.Hostname() if err != nil { moniker = "anonymous" } return moniker }