Node configuration

Follow these steps for the full node configuration:

  1. Create the accounts.conf configuration file before the generator start.
  2. Generate the keys pair for the each participant included into the policy using the generator. You need to create as many key pairs as number of nodes you want to connect to the network from the start of blockchain. All transactions which include the creation of the each initial participant will fall into the genesis block.
  3. Create the node configuration file according to the requirements.
  4. Provide the access to the node REST API.
  5. Sign the genesis block.
  6. Run the node.

The creation of the accounts.conf configuration file

When specifying a path, use the “forward slash” - / as a delimiting character for directory hierarchy levels. During Linux using the value wallet must match the directory structure of the operating system, for example /home/contract/nodeName/keystore.dat. During node setting it is prohibited to use cyrillic symbols for specifying paths to the working directory, keystore, etc.

// accounts.conf listing

accounts-generator {
  waves-crypto = yes
  chain-id = V
  amount = 1
  wallet = ${user.home}"/nodeName/keystore.dat"
  wallet-password = "some string as password"
  reload-node-wallet {
    enabled = false
    url = "http://localhost:6869/utils/reload-wallet"
  }
}

The description of the configuration file parameters is represented below.

  • wavesCrypto – the choice of a cryptographic algorithm (“yes” - use cryptography Waves, “no” - use GOST-cryptography);
  • chain-id – identifying byte of the network, the value will be necessary further on for entry in parameter address-scheme-character of the node configuration file;
  • amount - number of generated key pairs;
  • wallet – the path to the key storage directory on the node, the value will be required further on for entry in parameter wallet > file of the node configuration file. For the Waves cryptography, the path to file keystore.dat is specified (example, ${user.home}/nodeName/keystore.dat`''), for the GOST-cryptography - the path to directory (``${user.home}/nodeName/keystore/);
  • wallet-password – password for access to closed node keys, the value will be necessary further on for enrty in parameter wallet > password of the node configuration file;
  • reload-node-wallet - an option to update the node keyStore without restarting the application, by default it is turned off (false). url parameter specifies the path to the /utils/reload-wallet method of the REST API node.

Key pairs generating

Public and private keys for initial participants are creating by the generator. You can get the last version of the generator on our GitHub page. Before running the utility you need to specify the accounts.conf configuration file which contains parameters for keys creating. During the creation think up and enter a password, then save it for later configuration. The given password will be used at creation of a global variable WE_NODE_OWNER_PASSWORD further. Press enter key if you do not want to use this password. Use the following command to run the generator:

java -jar generators-x.x.x.jar AccountsGeneratorApp accounts.conf

Global variables

We recommend to use a password for the keys pair to increase security. The Waves Enterprise platform supports two ways of the password usage:

  1. Enter the password manually at the each start of the node.
  2. Create global variables in your OS.

If you are using the manual enter the password there is no need to create global variables. But when you are planning to use containers or any similar services to run the node then create the following global variables in the OS for your convenience:

  1. WE_NODE_OWNER_PASSWORD - the keys pair password specified during the key pair creation.
  2. WE_NODE_OWNER_PASSWORD_EMPTY - true or false, specify the true value if you do not want to use the keys pair password, in this case it is not necessary to create the WE_NODE_OWNER_PASSWORD variable. When you are using the password than specify the false value and write into the WE_NODE_OWNER_PASSWORD variable the keys pair password.

Creation of the configuration file using the template

If you are planning to connect the new node to the existing network, it will be more easy to request full configuration file from your network administrator or from any of net participants. When you are creating the configuration file from a scratch or connecting to the “Waves Enterprise Mainnet”, you can get the example of the file from our GitHub page.

Warning

If your node’s version is 1.0.3 and higher you need to specify the following parameter in the node section of the node configuration file:

"features": {
"supported": [100]
}

This option becomes active when the total quantity of blocks from feature-check-blocks-period = 15000 and blocks-for-feature-activation = 10000 parameters is achieved (25 000 of blocks). These parameters are stored in the blockchain section and can not be changed during Mainnet or Partnernet connection. Nodes will not be able to connect to the network without activation of this option.

Note

Part of the configuration file settings describe parameters of the blockchain network to be joined and should not be modified.

Edit the configuration file template according to following recommendations:

  1. Specify the type of cryptography used (see Module Cryptography):

    waves-crypto = yes
    

Note

When using Waves Cryptography a network participant can be created automatically at node launch and the previous step can be skipped. For GOST-cryptography due to the need to use the biological random number generator, automatic generation of a key pair is impossible.

When using GOST-cryptography after starting the create participants command, the CryptoPro window will be displayed on the screen for initialization of the biological random number generator.

../_images/bio_rng.png

After the utility is executed, private keys of participants will be saved in the folder defined by the wallet parameter, and addresses and public keys will be displayed as strings: [main] accounts-generator - Address: 3PCKG8vUUQhbqyQnKuokEXmje5FByPHWiBt; public key: 6GffUw1XkAnpM7upBu7RPkWfBZSGfDKpPDUY5TygvrL6

  1. Specify the addresses of the home directory and blockchain storage directory in the corresponding fields:

    directory = ${user.home}"/nodeName"
    data-directory = ${nodeName.directory}"/data"
    

Important

If the node previously was part of another Waves Enterprise’s blockchain network, delete the data from the folder specified in parameter data-directory (by default, the path ${user.home}/nodeName is used for Ubuntu OS) is used.

  1. Specify the byte of the network which was used to generate addresses of network participants (parameter chain-id in accounts. conf). The network byte for the “Waves Enterprise Mainnet” - V, for the “Waves Enterprise Partnernet” - P.

    address-scheme-character: "V"
    
  2. Specify the total balance of network assets in the genesis unit:

    genesis {
      initial-balance: 100000000000
    

Important

You need to check the timestamp and block-timestamp fields of the genesis unit. The time is specified in milliseconds and the value must consist of 13 digits. If you specify the standard value timestamp consisting of 10 digits, then you need to add any three digits at the end.

  1. Specify <address-creation> addresses of participants – owners of initial network balance:

    transactions = [
    {recipient: "3P9nhmAEec4bDKsmLEZy2raimNJTVqedu43", amount: 100000000000} ]
    
  2. Specify the public keys of the network participants in the block network-participants in the same order as they were specified for participant addresses:

    network-participants = [
      {  public-key: "HaL7GYu5hKwkc64PGcByi2Hoe2VH2Uf2ueoD75rsf7SF", roles: [permissioner, connection_manager] },
      {  public-key: "HaL7GYu5hKwkc64PGcByi2Hoe2VH2Uf2ueoD75rsf7SF", roles: [miner]  },
      {  public-key: "HaL7GYu5hKwkc64PGcByi2Hoe2VH2Uf2ueoD75rsf7SF", roles: [miner, contract_developer] }
    ]
    
  3. Specify the node owner in the owner-address parameter:

    owner-address = "3P9nhmAEec4bDKsmLEZy2raimNJTVqedu43"
    
The node owner must have a positive balance and a set of roles.
  1. Specify network settings of customizable node:

    network {
      # Network address
      bind-address = "0.0.0.0"
      # Port number
      port = 6864
    
  2. Specify network addresses (hostnames) for nodes which will be connected to the network:

    known-peers = [
      "privatenet-1.example.net:6864",
      "privatenet-2.exemple.net:6864" ]
    
In case addresses of additional nodes of the network are not defined, it is permissible to specify the empty value known-peers = [ ]
  1. Specify the path and the password from the keystore - the storage of private keys of network participants created on the node (parameters wallet, wallet-password in accounts.conf). For Waves cryptography, specify the path to the file keystore.dat (for example, ${user.home}/nodeName/keystore.dat) for GOST-cryptography specify the path to the directory (${user.home}/nodeName/keystore/):

    wallet {
      file = ${user.home}"/nodeName/keystore.dat"
      password = "some string as password"
    }
    
  1. Specify the access to the node REST API interface and hash for the access to the privacy methods: POST /privacy/sendData, GET /privacy/getData/{policy-item-hash} and GET /privacy/getInfo/{policy-item-hash}:

    rest-api {
      enable = yes
      bind-address = "0.0.0.0"
      port = 6862
      api-key-hash = "5M7C...fztS"
      privacy-api-key-hash = "H6ns...Xqsu"
      transactions-by-address-limit = 10000
    }
    

Warning

We recommend to use different api-key-hash and privacy-api-key-hash values for the REST API and privacy access to provide more security.

  1. When using the privacy methods activate the option and fill in the privacy block with database settings for storing the private data:

    privacy {
      storage {
      enabled = true
      url = "jdbc:postgresql://"${POSTGRES_ADDRESS}":"${POSTGRES_PORT}"/"${POSTGRES_DB}
      driver = "org.postgresql.Driver"
      profile = "slick.jdbc.PostgresProfile$"
      user = ${POSTGRES_USER}
      password = ${POSTGRES_PASSWORD}
      connectionPool = HikariCP
      connectionTimeout = 5000
      connectionTestQuery = "SELECT 1"
      queueSize = 10000
      numThreads = 20
      schema = "public"
      migration-dir = "db/migration"
      }
     }
    

DB PostgreSQL is using as a database for the confidential data storage. The database should be installed on the same machine with the node and should have an DB access account. You can use PostgreSQL tutorial for download and install the database according with your operation system type.

During the installation the system will offer to create an access account. These credentials must be entered into the appropriate user/password parameters.

Specify the URL for the PostgreSQL connection into the url parameter. URL consists of:

  • POSTGRES_ADDRESS - a PostgreSQL host address.
  • POSTGRES_PORT - a PostgreSQL host port number.
  • POSTGRES_DB - a PostgreSQL name.

You can specify the PostgreSQL credentials with the URL in the same string. The example is represented bellow, where user=user_privacy_node_0@west-dev` is a login, password=7nZL7Jr41qOWUHz5qKdypA&sslmode=require - a password with require option during the authorization.

Example

privacy.storage.url = "jdbc:postgresql://vostk-dev.postgres.database.azure.com:5432/[email protected]&password=7nZL7Jr41qOWUHz5qKdypA&sslmode=require"

Anchoring settings

If you are using the anchoring option, please, configure the anchoring unit.

 anchoring {
 enable = yes
 height-range = 5
 height-above = 6
 threshold = 1

 mainnet-authorization {
 type = "api-key" # "api-key" or "auth-service"
 api-key = "some key word"

 //      type = "auth-service"
 //      authorization-token = "xxxx"
 //      authorization-service-url = "http://localhost:3000"
 //      token-update-interval = "7 minutes"
 }

 mainnet-scheme-byte = "K"
 mainnet-node-address = "http://node-1"
 mainnet-node-port = 6862
 mainnet-node-recipient-address = "3JWveBpXS1EcDpxcoAwVNAjFfUMrxaALgZt"

  wallet {
  file = "node-1_mainnet-wallet.dat"
  password = "small"
   }

 mainnet-fee = 500000
 sidechain-fee = 500000
}

Anchoring parameters

  • height-range - the number of blocks which is used as an interval between anchoring transactions.
  • height-above - the number of blocks in the Mainnet after which the private blockchain node creates the confirming data-transaction containing data from the first data-transaction. We recommend specifying this value close to the Mainnet maximum rollback depth max-rollback-depth.
  • threshold - the number of blocks subtracted from the current height of the private blockchain. The anchoring transaction sent to the Mainnet includes the data from the block at height current-height - threshold. When the value is 0, the current block is anchored. We recommend specifying this value close to the private blockchain maximum rollback depth max-rollback-depth.

Anchoring authorization parameters

  • type - authorization type for ancoring. api-key - api-key-hash - authorization , auth-service - authorization by a special security token.

For authorization by api-key-hash necessary a current key-value as api-key. For autorization by a special security token you must use a type = "auth-service" and comment config-file structure values:

  • authorization-token - a constant authorization token.
  • authorization-service-url - URL address authorization service.
  • token-update-interval - data interval for a token refresh.

Mainnet access parameters

A separate keystore.dat file with a key pair for the Mainnet access is generated for the node that will send the anchoring transaction to the Mainnet.

  • mainnet-scheme-byte - the Mainnet network byte.
  • mainnet-node-address - the node network address in the Mainnet for the sending of anchoring transactions.
  • mainnet-node-port - the node port number in the Mainnet for the sending of anchoring transactions.
  • mainnet-node-recipient-address - the node address in the Mainnet for the recording of anchoring transactions signed with a key pair of this address.

The network address and the port for the Mainnet/Partnernet networks anchoring can be obtained from Waves Enterprise technical support staff. If multiple private blockchains with mutual anchoring are used, you should use the appropriate private network settings.

Parameters of key pair file for the Mainnet anchoring transactions signing, wallet unit

  • file - a file name and a path to the key pair file for the Mainnet anchoring transactions signing. The file is located on the private network node.
  • password - a password of the key pair file.

Fee parameters

  • mainnet-fee - the fee for the anchoring transaction issue in the Mainnet.
  • sidechain-fee - the fee for the anchoring transaction issue in the private blockchain.

The REST API access

Use the utility generators-x.x.x.jar create the api-key-hash to get the access to the REST API node. To run the utility, you need to specify the api-key-hash.conf file as one of the parameters, which defines the parameters of creating api-key-hash. Use the following command to run the generator:

java -jar generators-x.x.x.jar ApiKeyHash api-key-hash.conf

Specify the value obtained as a result of the utility execution in the parameter api-key-hash in the node configuration file.

// api-key-hash.conf listing

apikeyhash-generator {
  waves-crypto = no
  api-key = "some string"
}

The parameters description:

  • wavesCrypto – the choice of a cryptographic algorithm (“yes” - use cryptography Waves, “no” - use GOST-cryptography);
  • api-key is the key you need to come up with. The value of this key will need to be specified in requests to REST API node (for more details see page REST API).

The privacy methods access

Use the utility generators-x.x.x.jar create the privacy-api-key-hash to get the access to the privacy methods of REST API node. To run the utility, you need to specify the api-key-hash.conf file as one of the parameters, which defines the parameters of creating privacy-api-key-hash. Use the following command to run the generator:

java -jar generators-x.x.x.jar ApiKeyHash api-key-hash.conf

Specify the value obtained as a result of the utility execution in the parameter privacy-api-key-hash in the node configuration file.

Signing the genesis block

Sign the genesis block using utility generators-x.x.x.jar. Command for signing: java -jar generators-x.x.x.jar GenesisBlockGenerator node-config.conf, where node-config.conf is the edited in this section node configuration file. After signing the fields genesis-public-key-base-58 and signature of the configuration file will be filled with values of the public key and the proof of the genesis block.

Example:
genesis-public-key-base-58: "4ozcAj...penxrm"
signature: "5QNVGF...7Bj4Pc"

Running of the node

Run the following command for the node start:

java -jar node-x.x.x.jar node-name.conf