mirror of
https://github.com/tahoe-lafs/tahoe-lafs.git
synced 2025-01-09 22:42:57 +00:00
386 lines
17 KiB
Plaintext
386 lines
17 KiB
Plaintext
|
|
= Configuring a Tahoe node =
|
|
|
|
A Tahoe node is configured by writing to files in its base directory. These
|
|
files are read by the node when it starts, so each time you change them, you
|
|
need to restart the node.
|
|
|
|
The node also writes state to its base directory, so it will create files on
|
|
its own.
|
|
|
|
This document contains a complete list of the config files that are examined
|
|
by the client node, as well as the state files that you'll observe in its
|
|
base directory.
|
|
|
|
The main file is named 'tahoe.cfg', which is an ".INI"-style configuration
|
|
file (parsed by the Python stdlib 'ConfigParser' module: "[name]" section
|
|
markers, lines with "key.subkey: value", rfc822-style continuations). There
|
|
are other files that contain information which does not easily fit into this
|
|
format. The 'tahoe create-client' command will create an initial tahoe.cfg
|
|
file for you. After creation, the node will never modify the 'tahoe.cfg'
|
|
file: all persistent state is put in other files.
|
|
|
|
The item descriptions below use the following types:
|
|
|
|
boolean: one of (True, yes, on, 1, False, off, no, 0), case-insensitive
|
|
strports string: a Twisted listening-port specification string, like "tcp:80"
|
|
or "tcp:8123:interface=127.0.0.1". For a full scription of
|
|
the format, see
|
|
http://twistedmatrix.com/documents/current/api/twisted.application.strports.html
|
|
FURL string: a Foolscap endpoint identifier, like
|
|
pb://soklj4y7eok5c3xkmjeqpw@192.168.69.247:44801/eqpwqtzm
|
|
|
|
|
|
== Overall Node Configuration ==
|
|
|
|
This section controls the network behavior of the node overall: which ports
|
|
and IP addresses are used, when connections are timed out, etc. This
|
|
configuration is independent of the services that the node is offering: the
|
|
same controls are used for client and introducer nodes.
|
|
|
|
[node]
|
|
|
|
nickname = (UTF-8 string, optional)
|
|
|
|
This value will be displayed in management tools as this node's "nickname".
|
|
If not provided, the nickname will be set to "<unspecified>". This string
|
|
shall be a UTF-8 encoded unicode string.
|
|
|
|
web.port = (strports string, optional)
|
|
|
|
This controls where the node's webserver should listen, providing filesystem
|
|
access and node status as defined in webapi.txt . This file contains a
|
|
Twisted "strports" specification such as "8123" or
|
|
"tcp:8123:interface=127.0.0.1". The 'tahoe create-client' command sets the
|
|
web.port to "tcp:8123:interface=127.0.0.1" by default, and is overridable by
|
|
the "--webport" option. You can make it use SSL by writing
|
|
"ssl:8123:privateKey=mykey.pem:certKey=cert.pem" instead.
|
|
|
|
If this is not provided, the node will not run a web server.
|
|
|
|
tub.port = (integer, optional)
|
|
|
|
This controls which port the node uses to accept Foolscap connections from
|
|
other nodes. If not provided, the node will ask the kernel for any available
|
|
port. The port will be written to a separate file (named client.port or
|
|
introducer.port), so that subsequent runs will re-use the same port.
|
|
|
|
advertised_ip_addresses = (comma-separated host[:port] string, optional)
|
|
|
|
The node normally uses tools like 'ifconfig' to determine the set of IP
|
|
addresses on which it can be reached from nodes both near and far. The node
|
|
introduces itself to the rest of the grid with a FURL that contains a series
|
|
of (ipaddr, port) pairs which other nodes will use to contact this one. By
|
|
providing this file, you can add to this list. This can be useful if your
|
|
node is running behind a firewall, but you have created a port-forwarding to
|
|
allow the outside world to access it. Each line must have a dotted-quad IP
|
|
address and an optional :portnum specification, like:
|
|
|
|
123.45.67.89
|
|
44.55.66.77:8098
|
|
|
|
Lines that do not provide a port number will use the same client.port as the
|
|
automatically-discovered addresses.
|
|
|
|
log_gatherer.furl = (FURL, optional)
|
|
|
|
If provided, this contains a single FURL string which is used to contact a
|
|
'log gatherer', which will be granted access to the logport. This can be
|
|
used by centralized storage meshes to gather operational logs in a single
|
|
place. Note that when an old-style BASEDIR/log_gatherer.furl file exists
|
|
(see 'Backwards Compatibility Files', below), both are used. (for most other
|
|
items, the separate config file overrides the entry in tahoe.cfg)
|
|
|
|
timeout.keepalive = (integer in seconds, optional)
|
|
timeout.disconnect = (integer in seconds, optional)
|
|
|
|
If timeout.keepalive is provided, it is treated as an integral number of
|
|
seconds, and sets the Foolscap "keepalive timer" to that value. For each
|
|
connection to another node, if nothing has been heard for a while, we will
|
|
attempt to provoke the other end into saying something. The duration of
|
|
silence that passes before sending the PING will be between KT and 2*KT.
|
|
This is mainly intended to keep NAT boxes from expiring idle TCP sessions,
|
|
but also gives TCP's long-duration keepalive/disconnect timers some traffic
|
|
to work with. The default value is 240 (i.e. 4 minutes).
|
|
|
|
If timeout.disconnect is provided, this is treated as an integral number of
|
|
seconds, and sets the Foolscap "disconnect timer" to that value. For each
|
|
connection to another node, if nothing has been heard for a while, we will
|
|
drop the connection. The duration of silence that passes before dropping the
|
|
connection will be between DT-2*KT and 2*DT+2*KT (please see ticket #521 for
|
|
more details). If we are sending a large amount of data to the other end
|
|
(which takes more than DT-2*KT to deliver), we might incorrectly drop the
|
|
connection. The default behavior (when this value is not provided) is to
|
|
disable the disconnect timer.
|
|
|
|
See ticket #521 for a discussion of how to pick these timeout values. Using
|
|
30 minutes means we'll disconnect after 22 to 68 minutes of inactivity.
|
|
Receiving data will reset this timeout, however if we have more than 22min
|
|
of data in the outbound queue (such as 800kB in two pipelined segments of 10
|
|
shares each) and the far end has no need to contact us, our ping might be
|
|
delayed, so we may disconnect them by accident.
|
|
|
|
ssh.port = (strports string, optional)
|
|
ssh.authorized_keys_file = (filename, optional)
|
|
|
|
This enables an SSH-based interactive Python shell, which can be used to
|
|
inspect the internal state of the node, for debugging. To cause the node to
|
|
accept SSH connections on port 8022 from the same keys as the rest of your
|
|
account, use:
|
|
|
|
[tub]
|
|
ssh.port = 8022
|
|
ssh.authorized_keys_file = ~/.ssh/authorized_keys
|
|
|
|
== Client Configuration ==
|
|
|
|
[client]
|
|
introducer.furl = (FURL string, mandatory)
|
|
|
|
This FURL tells the client how to connect to the introducer. Each Tahoe grid
|
|
is defined by an introducer. The introducer's furl is created by the
|
|
introducer node and written into its base directory when it starts,
|
|
whereupon it should be published to everyone who wishes to attach a client
|
|
to that grid
|
|
|
|
helper.furl = (FURL string, optional)
|
|
|
|
If provided, the node will attempt to connect to and use the given helper
|
|
for uploads. See docs/helper.txt for details.
|
|
|
|
key_generator.furl = (FURL string, optional)
|
|
|
|
If provided, the node will attempt to connect to and use the given
|
|
key-generator service, using RSA keys from the external process rather than
|
|
generating its own.
|
|
|
|
stats_gatherer.furl = (FURL string, optional)
|
|
|
|
If provided, the node will connect to the given stats gatherer and provide
|
|
it with operational statistics.
|
|
|
|
|
|
== Storage Server Configuration ==
|
|
|
|
[storage]
|
|
enabled = (boolean, optional)
|
|
|
|
If this is True, the node will run a storage server, offering space to other
|
|
clients. If it is False, the node will not run a storage server, meaning
|
|
that no shares will be stored on this node. Use False this for clients who
|
|
do not wish to provide storage service. The default value is True.
|
|
|
|
readonly = (boolean, optional)
|
|
|
|
If True, the node will run a storage server but will not accept any shares,
|
|
making it effectively read-only. Use this for storage servers which are
|
|
being decommissioned: the storage/ directory could be mounted read-only,
|
|
while shares are moved to other servers. Note that this currently only
|
|
affects immutable shares. Mutable shares (used for directories) will be
|
|
written and modified anyway. See ticket #390 for the current status of this
|
|
bug. The default value is False.
|
|
|
|
sizelimit = (str, optional)
|
|
|
|
If provided, this value establishes an upper bound (in bytes) on the amount
|
|
of storage consumed by share data (data that your node holds on behalf of
|
|
clients that are uploading files to the grid). To avoid providing more than
|
|
100MB of data to other clients, set this key to "100MB". Note that this is a
|
|
fairly loose bound, and the node may occasionally use slightly more storage
|
|
than this. To enforce a stronger (and possibly more reliable) limit, use a
|
|
symlink to place the 'storage/' directory on a separate size-limited
|
|
filesystem, and/or use per-user OS/filesystem quotas. If a size limit is
|
|
specified then Tahoe will do a "du" at startup (traversing all the storage
|
|
and summing the sizes of the files), which can take a long time if there are
|
|
a lot of shares stored.
|
|
|
|
This string contains a number, with an optional case-insensitive scale
|
|
suffix like "K" or "M" or "G", and an optional "B" suffix. So "100MB",
|
|
"100M", "100000000B", "100000000", and "100000kb" all mean the same thing.
|
|
|
|
|
|
== Running A Helper ==
|
|
|
|
A "helper" is a regular client node that also offers the "upload helper"
|
|
service.
|
|
|
|
[helper]
|
|
enabled = (boolean, optional)
|
|
|
|
If True, the node will run a helper (see docs/helper.txt for details). The
|
|
helper's contact FURL will be placed in private/helper.furl, from which it
|
|
can be copied to any clients which wish to use it. Clearly nodes should not
|
|
both run a helper and attempt to use one: do not create both helper.furl and
|
|
run_helper in the same node. The default is False.
|
|
|
|
|
|
== Running An Introducer ==
|
|
|
|
The introducer node uses a different '.tac' file (named introducer.tac), and
|
|
pays attention to the "[node]" section, but not the others.
|
|
|
|
The Introducer node maintains some different state than regular client
|
|
nodes.
|
|
|
|
BASEDIR/introducer.furl : This is generated the first time the introducer
|
|
node is started, and used again on subsequent runs, to give the introduction
|
|
service a persistent long-term identity. This file should be published and
|
|
copied into new client nodes before they are started for the first time.
|
|
|
|
|
|
== Other Files in BASEDIR ==
|
|
|
|
Some configuration is not kept in tahoe.cfg, for the following reasons:
|
|
|
|
* it is generated by the node at startup, e.g. encryption keys. The node
|
|
never writes to tahoe.cfg
|
|
* it is generated by user action, e.g. the 'tahoe create-alias' command
|
|
|
|
In addition, non-configuration persistent state is kept in the node's base
|
|
directory, next to the configuration knobs.
|
|
|
|
This section describes these other files.
|
|
|
|
|
|
private/node.pem : This contains an SSL private-key certificate. The node
|
|
generates this the first time it is started, and re-uses it on subsequent
|
|
runs. This certificate allows the node to have a cryptographically-strong
|
|
identifier (the Foolscap "TubID"), and to establish secure connections to
|
|
other nodes.
|
|
|
|
storage/ : Nodes which host StorageServers will create this directory to hold
|
|
shares of files on behalf of other clients. There will be a directory
|
|
underneath it for each StorageIndex for which this node is holding shares.
|
|
There is also an "incoming" directory where partially-completed shares are
|
|
held while they are being received.
|
|
|
|
client.tac : this file defines the client, by constructing the actual Client
|
|
instance each time the node is started. It is used by the 'twistd'
|
|
daemonization program (in the "-y" mode), which is run internally by the
|
|
"tahoe start" command. This file is created by the "tahoe create-client"
|
|
command.
|
|
|
|
private/control.furl : this file contains a FURL that provides access to a
|
|
control port on the client node, from which files can be uploaded and
|
|
downloaded. This file is created with permissions that prevent anyone else
|
|
from reading it (on operating systems that support such a concept), to insure
|
|
that only the owner of the client node can use this feature. This port is
|
|
intended for debugging and testing use.
|
|
|
|
private/logport.furl : this file contains a FURL that provides access to a
|
|
'log port' on the client node, from which operational logs can be retrieved.
|
|
Do not grant logport access to strangers, because occasionally secret
|
|
information may be placed in the logs.
|
|
|
|
private/helper.furl : if the node is running a helper (for use by other
|
|
clients), its contact FURL will be placed here. See docs/helper.txt for more
|
|
details.
|
|
|
|
private/root_dir.cap (optional): The command-line tools will read a directory
|
|
cap out of this file and use it, if you don't specify a '--dir-cap' option or
|
|
if you specify '--dir-cap=root'.
|
|
|
|
private/convergence (automatically generated): An added secret for encrypting
|
|
immutable files. Everyone who has this same string in their
|
|
private/convergence file encrypts their immutable files in the same way when
|
|
uploading them. This causes identical files to "converge" -- to share the
|
|
same storage space since they have identical ciphertext -- which conserves
|
|
space and optimizes upload time, but it also exposes files to the possibility
|
|
of a brute-force attack by people who know that string. In this attack, if
|
|
the attacker can guess most of the contents of a file, then they can use
|
|
brute-force to learn the remaining contents.
|
|
|
|
So the set of people who know your private/convergence string is the set of
|
|
people who converge their storage space with you when you and they upload
|
|
identical immutable files, and it is also the set of people who could mount
|
|
such an attack.
|
|
|
|
The content of the private/convergence file is a base-32 encoded string. If
|
|
the file doesn't exist, then when the Tahoe client starts up it will generate
|
|
a random 256-bit string and write the base-32 encoding of this string into
|
|
the file. If you want to converge your immutable files with as many people as
|
|
possible, put the empty string (so that private/convergence is a zero-length
|
|
file).
|
|
|
|
|
|
== Other files ==
|
|
|
|
logs/ : Each Tahoe node creates a directory to hold the log messages produced
|
|
as the node runs. These logfiles are created and rotated by the "twistd"
|
|
daemonization program, so logs/twistd.log will contain the most recent
|
|
messages, logs/twistd.log.1 will contain the previous ones, logs/twistd.log.2
|
|
will be older still, and so on. twistd rotates logfiles after they grow
|
|
beyond 1MB in size. If the space consumed by logfiles becomes troublesome,
|
|
they should be pruned: a cron job to delete all files that were created more
|
|
than a month ago in this logs/ directory should be sufficient.
|
|
|
|
my_nodeid : this is written by all nodes after startup, and contains a
|
|
base32-encoded (i.e. human-readable) NodeID that identifies this specific
|
|
node. This NodeID is the same string that gets displayed on the web page (in
|
|
the "which peers am I connected to" list), and the shortened form (the first
|
|
characters) is recorded in various log messages.
|
|
|
|
|
|
== Backwards Compatibility Files ==
|
|
|
|
Tahoe releases before 1.3.0 had no 'tahoe.cfg' file, and used distinct files
|
|
for each item listed below. For each configuration knob, if the distinct file
|
|
exists, it will take precedence over the corresponding item in tahoe.cfg .
|
|
|
|
|
|
[node]nickname : BASEDIR/nickname
|
|
[node]web.port : BASEDIR/webport
|
|
[node]tub.port : BASEDIR/client.port (for Clients, not Introducers)
|
|
[node]tub.port : BASEDIR/introducer.port (for Introducers, not Clients)
|
|
(note that, unlike other keys, tahoe.cfg overrides the *.port file)
|
|
[node]advertised_ip_addresses : BASEDIR/advertised_ip_addresses (one per line)
|
|
[node]log_gatherer.furl : BASEDIR/log_gatherer.furl (one per line)
|
|
[node]timeout.keepalive : BASEDIR/keepalive_timeout
|
|
[node]timeout.disconnect : BASEDIR/disconnect_timeout
|
|
[node]ssh.port : BASEDIR/authorized_keys.SSHPORT
|
|
[node]ssh.authorized_keys_file : BASEDIR/authorized_keys.SSHPORT
|
|
[client]introducer.furl : BASEDIR/introducer.furl
|
|
[client]helper.furl : BASEDIR/helper.furl
|
|
[client]key_generator.furl : BASEDIR/key_generator.furl
|
|
[client]stats_gatherer.furl : BASEDIR/stats_gatherer.furl
|
|
[storage]enabled : BASEDIR/no_storage (False if no_storage exists)
|
|
[storage]readonly : BASEDIR/readonly_storage (True if readonly_storage exists)
|
|
[storage]sizelimit : BASEDIR/sizelimit
|
|
[storage]debug_discard : BASEDIR/debug_discard_storage
|
|
[helper]enabled : BASEDIR/run_helper (True if run_helper exists)
|
|
|
|
Note: the functionality of [node]ssh.port and [node]ssh.authorized_keys_file
|
|
were previously combined, controlled by the presence of a
|
|
BASEDIR/authorized_keys.SSHPORT file, in which the suffix of the filename
|
|
indicated which port the ssh server should listen on.
|
|
|
|
|
|
== Example ==
|
|
|
|
The following is a sample tahoe.cfg file, containing values for all keys
|
|
described above. Note that this is not a recommended configuration (most of
|
|
these are not the default values), merely a legal one.
|
|
|
|
[node]
|
|
port = 34912
|
|
advertised_ip_addresses = 123.45.67.89,44.55.66.77:8098
|
|
log_gatherer.furl = pb://soklj4y7eok5c3xkmjeqpw@192.168.69.247:44801/eqpwqtzm
|
|
timeout.keepalive = 240
|
|
timeout.disconnect = 1800
|
|
ssh.port = 8022
|
|
ssh.authorized_keys_file = ~/.ssh/authorized_keys
|
|
|
|
[client]
|
|
introducer.furl = pb://ok45ssoklj4y7eok5c3xkmj@tahoe.example:44801/ii3uumo
|
|
nickname = Bob's Tahoe Node
|
|
web.port = 8123
|
|
helper.furl = pb://ggti5ssoklj4y7eok5c3xkmj@helper.tahoe.example:7054/kk8lhr
|
|
|
|
[storage]
|
|
no_storage = False
|
|
readonly_storage = True
|
|
sizelimit = 10000000000
|
|
|
|
[helper]
|
|
run_helper = True
|