2016-11-28 18:00:03 +00:00
|
|
|
Node configuration
|
|
|
|
==================
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-11-28 18:00:03 +00:00
|
|
|
File location
|
|
|
|
-------------
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2017-01-06 19:38:48 +00:00
|
|
|
The Corda all-in-one ``corda.jar`` file is generated by the ``gradle buildCordaJAR`` task and defaults to reading configuration
|
|
|
|
from a ``node.conf`` file in the present working directory. This behaviour can be overidden using the ``--config-file``
|
|
|
|
command line option to target configuration files with different names, or different file location (relative paths are
|
|
|
|
relative to the current working directory). Also, the ``--base-directory`` command line option alters the Corda node
|
|
|
|
workspace location and if specified a ``node.conf`` configuration file is then expected in the root of the workspace.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2017-01-06 19:38:48 +00:00
|
|
|
The configuration file templates used for the ``gradle deployNodes`` task are to be found in the ``/config/dev`` folder.
|
|
|
|
Also note that there is a basic set of defaults loaded from the built in resource file ``/node/src/main/resources/reference.conf``
|
|
|
|
of the ``:node`` gradle module. All properties in this can be overidden in the file configuration and for rarely changed
|
|
|
|
properties this defaulting allows the property to be excluded from the configuration file.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-11-25 14:29:13 +00:00
|
|
|
Format
|
|
|
|
------
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
The Corda configuration file uses the HOCON format which is superset of JSON. It has several features which makes it
|
|
|
|
very useful as a configuration format. Please visit their `page <https://github.com/typesafehub/config/blob/master/HOCON.md>`_
|
|
|
|
for further details.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-11-25 14:29:13 +00:00
|
|
|
Examples
|
|
|
|
--------
|
2016-08-31 09:48:19 +01:00
|
|
|
|
|
|
|
General node configuration file for hosting the IRSDemo services.
|
|
|
|
|
2016-11-22 18:10:50 +00:00
|
|
|
.. literalinclude:: example-code/src/main/resources/example-node.conf
|
2016-11-28 18:00:03 +00:00
|
|
|
:language: javascript
|
2016-08-31 09:48:19 +01:00
|
|
|
|
|
|
|
NetworkMapService plus Simple Notary configuration file.
|
|
|
|
|
2016-11-28 18:00:03 +00:00
|
|
|
.. parsed-literal::
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-09-23 11:55:40 +02:00
|
|
|
myLegalName : "Notary Service"
|
|
|
|
nearestCity : "London"
|
|
|
|
keyStorePassword : "cordacadevpass"
|
|
|
|
trustStorePassword : "trustpass"
|
|
|
|
artemisAddress : "localhost:12345"
|
|
|
|
webAddress : "localhost:12346"
|
|
|
|
extraAdvertisedServiceIds: ""
|
|
|
|
useHTTPS : false
|
2016-11-28 18:00:03 +00:00
|
|
|
devMode : true
|
2016-11-24 16:38:40 +00:00
|
|
|
// Certificate signing service will be hosted by R3 in the near future.
|
2016-11-28 18:00:03 +00:00
|
|
|
//certificateSigningService : "https://testnet.certificate.corda.net"
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-11-25 14:29:13 +00:00
|
|
|
Fields
|
|
|
|
------
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2017-01-06 19:38:48 +00:00
|
|
|
The available config fields are listed below. ``basedir`` is available as a substitution value, containing the absolute
|
|
|
|
path to the node's base directory.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:myLegalName: The legal identity of the node acts as a human readable alias to the node's public key and several demos use
|
|
|
|
this to lookup the NodeInfo.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:nearestCity: The location of the node as used to locate coordinates on the world map when running the network simulator
|
|
|
|
demo. See :doc:`network-simulator`.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:keyStorePassword: The password to unlock the KeyStore file (``<workspace>/certificates/sslkeystore.jks``) containing the
|
|
|
|
node certificate and private key.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
.. note:: This is the non-secret value for the development certificates automatically generated during the first node run.
|
|
|
|
Longer term these keys will be managed in secure hardware devices.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:trustStorePassword: The password to unlock the Trust store file (``<workspace>/certificates/truststore.jks``) containing
|
|
|
|
the Corda network root certificate. This is the non-secret value for the development certificates automatically
|
|
|
|
generated during the first node run.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-09-23 11:55:40 +02:00
|
|
|
.. note:: Longer term these keys will be managed in secure hardware devices.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:dataSourceProperties: This section is used to configure the jdbc connection and database driver used for the nodes persistence.
|
|
|
|
Currently the defaults in ``/node/src/main/resources/reference.conf`` are as shown in the first example. This is currently
|
|
|
|
the only configuration that has been tested, although in the future full support for other storage layers will be validated.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:artemisAddress: The host and port on which the node is available for protocol operations over ArtemisMQ.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
.. note:: In practice the ArtemisMQ messaging services bind to all local addresses on the specified port. However,
|
|
|
|
note that the host is the included as the advertised entry in the NetworkMapService. As a result the value listed
|
|
|
|
here must be externally accessible when running nodes across a cluster of machines.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:messagingServerAddress: The address of the ArtemisMQ broker instance. If not provided the node will run one locally.
|
2016-10-05 16:38:57 +01:00
|
|
|
|
2017-01-25 13:45:39 +00:00
|
|
|
:webAddress: The host and port on which the bundled webserver will listen if it is started.
|
2016-09-23 11:55:40 +02:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
.. note:: If HTTPS is enabled then the browser security checks will require that the accessing url host name is one
|
|
|
|
of either the machine name, fully qualified machine name, or server IP address to line up with the Subject Alternative
|
|
|
|
Names contained within the development certificates. This is addition to requiring the ``/config/dev/corda_dev_ca.cer``
|
|
|
|
root certificate be installed as a Trusted CA.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2017-01-25 13:45:39 +00:00
|
|
|
.. note:: The driver will not automatically create a webserver instance, but the Cordformation will. If this field
|
|
|
|
is present the web server will start.
|
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:extraAdvertisedServiceIds: A list of ServiceType id strings to be advertised to the NetworkMapService and thus be available
|
|
|
|
when other nodes query the NetworkMapCache for supporting nodes. This can also include plugin services loaded from .jar
|
|
|
|
files in the plugins folder. Optionally, a custom advertised service name can be provided by appending it to the service
|
|
|
|
type id: ``"corda.notary.validating|Notary A"``
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:notaryNodeAddress: The host and port to which to bind the embedded Raft server. Required only when running a distributed
|
|
|
|
notary service. A group of Corda nodes can run a distributed notary service by each running an embedded Raft server and
|
|
|
|
joining them to the same cluster to replicate the committed state log. Note that the Raft cluster uses a separate transport
|
|
|
|
layer for communication that does not integrate with ArtemisMQ messaging services.
|
2016-10-25 16:45:08 +01:00
|
|
|
|
2017-01-06 19:38:48 +00:00
|
|
|
:notaryClusterAddresses: List of Raft cluster member addresses used to join the cluster. At least one of the specified
|
|
|
|
members must be active and be able to communicate with the cluster leader for joining. If empty, a new cluster will be
|
2016-12-22 14:48:27 +00:00
|
|
|
bootstrapped. Required only when running a distributed notary service.
|
2016-10-25 16:45:08 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:networkMapService: If `null`, or missing the node is declaring itself as the NetworkMapService host. Otherwise this is
|
|
|
|
a config object with the details of the network map service:
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:address: Host and port string of the ArtemisMQ broker hosting the network map node
|
|
|
|
:legalName: Legal name of the node. This is required as part of the TLS host verification process. The node will
|
|
|
|
reject the connection to the network map service if it provides a TLS common name which doesn't match with this value.
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:useHTTPS: If false the node's web server will be plain HTTP. If true the node will use the same certificate and private
|
|
|
|
key from the ``<workspace>/certificates/sslkeystore.jks`` file as the ArtemisMQ port for HTTPS. If HTTPS is enabled
|
|
|
|
then unencrypted HTTP traffic to the node's **webAddress** port is not supported.
|
|
|
|
|
|
|
|
:rpcUsers: A list of users who are authorised to access the RPC system. Each user in the list is a config object with the
|
2016-11-11 15:59:37 +00:00
|
|
|
following fields:
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-11-11 15:59:37 +00:00
|
|
|
:user: Username consisting only of word characters (a-z, A-Z, 0-9 and _)
|
|
|
|
:password: The password
|
|
|
|
:permissions: A list of permission strings which RPC methods can use to control access
|
2016-08-31 09:48:19 +01:00
|
|
|
|
2016-11-11 15:59:37 +00:00
|
|
|
If this field is absent or an empty list then RPC is effectively locked down.
|
2016-11-28 18:00:03 +00:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:devMode: This flag indicate if the node is running in development mode. On startup, if the keystore ``<workspace>/certificates/sslkeystore.jks``
|
|
|
|
does not exist, a developer keystore will be used if ``devMode`` is true. The node will exit if ``devMode`` is false
|
|
|
|
and keystore does not exist.
|
2016-11-28 18:00:03 +00:00
|
|
|
|
2016-12-22 14:48:27 +00:00
|
|
|
:certificateSigningService: Certificate Signing Server address. It is used by the certificate signing request utility to
|
|
|
|
obtain SSL certificate. (See :doc:`permissioning` for more information.)
|