diff --git a/content/en/platform/corda/4.13/enterprise/api-rpc.md b/content/en/platform/corda/4.13/enterprise/api-rpc.md index eac2e2a362..e00c30efa3 100644 --- a/content/en/platform/corda/4.13/enterprise/api-rpc.md +++ b/content/en/platform/corda/4.13/enterprise/api-rpc.md @@ -18,50 +18,16 @@ access to the node’s `ServiceHub`. The key RPC operations exposed by the node are: - -* `CordaRPCOps.vaultQueryBy` - * Extract states from the node’s vault based on a query criteria - - -* `CordaRPCOps.vaultTrackBy` - * As above, but also returns an observable of future states matching the query - - -* `CordaRPCOps.networkMapFeed` - * A list of network nodes, and an observable of changes to the network map - - -* `CordaRPCOps.registeredFlows` - * See a list of registered flows on the node - - -* `CordaRPCOps.startFlowDynamic` - * Start one of the node’s registered flows - - -* `CordaRPCOps.startTrackedFlowDynamic` - * As above, but also returns a progress handle for the flow - - -* `CordaRPCOps.nodeDiagnosticInfo` - * Returns diagnostic information about the node, including the version and CorDapp details - - -* `CordaRPCOps.nodeInfo` - * Returns the network map entry of the node, including its address and identity details as well as the platform version information - - -* `CordaRPCOps.currentNodeTime` - * Returns the current time according to the node’s clock. It is a 'quick RPC'. It bypasses the thread pool and other regular RPCs waiting in it, allowing the node to reply relatively quickly. - - -* `CordaRPCOps.partyFromKey/CordaRPCOps.wellKnownPartyFromX500Name` - * Retrieves a party on the network based on a public key or X500 name - - -* `CordaRPCOps.uploadAttachment`/`CordaRPCOps.openAttachment`/`CordaRPCOps.attachmentExists` - * Uploads, opens and checks for the existence of attachments - -* `CordaRPCOps.killFlow()` - * Attempts to kill a flow. This is not a clean termination and should be reserved for exceptional cases such as stuck fibers. Returns whether the flow existed and was killed. - +- `CordaRPCOps.currentNodeTime`: Returns the current time according to the node’s clock. It is a 'quick RPC'. It bypasses the thread pool and other regular RPCs waiting in it, allowing the node to reply relatively quickly. +- `CordaRPCOps.isReadOnlyNode`: Allows you to check the [read-only status]({{< relref "node/setup/read-only-nodes.md" >}}) of a node. It returns true if the node is configured as read-only, otherwise false +- `CordaRPCOps.killFlow()`: Attempts to kill a flow. This is not a clean termination and should be reserved for exceptional cases such as stuck fibers. Returns whether the flow existed and was killed. +- `CordaRPCOps.networkMapFeed`: Returns a list of network nodes and observable changes to the network map +- `CordaRPCOps.nodeDiagnosticInfo`: Returns diagnostic information about the node, including the version and CorDapp details +- `CordaRPCOps.nodeInfo`: Returns the network map entry of the node, including its address and identity details as well as the platform version information +- `CordaRPCOps.partyFromKey/CordaRPCOps.wellKnownPartyFromX500Name`: Retrieves a party on the network based on a public key or X.500 name +- `CordaRPCOps.registeredFlows`: Returns a list of registered flows on the node +- `CordaRPCOps.startFlowDynamic`: Start one of the node’s registered flows +- `CordaRPCOps.startTrackedFlowDynamic`: The same as `startFlowDynamic` above, but also returns a progress handle for the flow +- `CordaRPCOps.uploadAttachment`/`CordaRPCOps.openAttachment`/`CordaRPCOps.attachmentExists`: Uploads, opens and checks for the existence of attachments +- `CordaRPCOps.vaultQueryBy`: Extract states from the node’s vault based on a query criteria +- `CordaRPCOps.vaultTrackBy`: The same as `vaultQueryBy` above, but also returns an observable of future states matching the query diff --git a/content/en/platform/corda/4.13/enterprise/messaging.md b/content/en/platform/corda/4.13/enterprise/messaging.md index 9c9c430d10..db2d6e3b3a 100644 --- a/content/en/platform/corda/4.13/enterprise/messaging.md +++ b/content/en/platform/corda/4.13/enterprise/messaging.md @@ -6,7 +6,7 @@ menu: tags: - messaging title: Networking and messaging -weight: 140 +weight: 1400 --- diff --git a/content/en/platform/corda/4.13/enterprise/node-services.md b/content/en/platform/corda/4.13/enterprise/node-services.md index 151e6bf443..a939872683 100644 --- a/content/en/platform/corda/4.13/enterprise/node-services.md +++ b/content/en/platform/corda/4.13/enterprise/node-services.md @@ -7,7 +7,7 @@ tags: - node - services title: Node services -weight: 180 +weight: 1800 --- diff --git a/content/en/platform/corda/4.13/enterprise/node/operating/clientrpc.md b/content/en/platform/corda/4.13/enterprise/node/operating/clientrpc.md index 9fa837e888..657a4fbe73 100644 --- a/content/en/platform/corda/4.13/enterprise/node/operating/clientrpc.md +++ b/content/en/platform/corda/4.13/enterprise/node/operating/clientrpc.md @@ -741,3 +741,7 @@ Note that RPC TLS does not use mutual authentication, and delegates fine-grained CorDapps must whitelist any classes used over RPC with Corda’s serialization framework, unless they are whitelisted by default in `DefaultWhitelist`. The whitelisting is done either via the plugin architecture or by using the `@CordaSerializable` annotation (see [Serialization]({{< relref "../../../../../../../en/platform/corda/4.13/enterprise/serialization-index.md" >}})). An example is shown in [Working with the CordaRPCClient API]({{< relref "../../get-started/tutorials/supplementary-tutorials/tutorial-clientrpc-api.md" >}}). + +## RPC operations list + +For a list of the key RPC operations available, see [RPC operations]({{< relref "../../api-rpc.md" >}}). \ No newline at end of file diff --git a/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-fields.md b/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-fields.md index 32ecaf8e24..1f9431e6a6 100644 --- a/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-fields.md +++ b/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-fields.md @@ -8,7 +8,7 @@ tags: - configuration - file title: Configuration fields -weight: 4 +weight: 40 --- # Configuration fields @@ -25,13 +25,13 @@ Nodes can use this configuration option to advertise HA endpoints and aliases to *Default:* empty list -## `attachmentContentCacheSizeMegaBytes` +## attachmentContentCacheSizeMegaBytes Optionally specify how much memory should be used to cache attachment contents in memory. *Default:* 8 MB plus 5% of all heap memory above 300MB. -## `blacklistedAttachmentSigningKeys` +## blacklistedAttachmentSigningKeys List of SHA-256 hashes of public keys. Attachments signed by any of these public keys will not be considered as trust roots for any attachments received over the network. This property is similar to `cordappSignerKeyFingerprintBlacklist` but only restricts CorDapps that were @@ -41,7 +41,7 @@ This property requires retrieving the hashes of public keys that need to be blac *Default:* not defined -## `compatibilityZoneURL` +## compatibilityZoneURL {{< important >}} Deprecated. Use `networkServices` instead. @@ -52,7 +52,7 @@ Cannot be set at the same time as the `networkServices` option. *Default:* not defined -## `cordappSignerKeyFingerprintBlacklist` +## cordappSignerKeyFingerprintBlacklist List of the public keys fingerprints (SHA-256 of public key hash) not allowed as CorDapp JARs signers. The node will not load CorDapps signed by those keys. @@ -62,7 +62,7 @@ This property requires retrieving the hashes of public keys that need to be blac *Default:* not defined -## `crlCheckArtemisServer` +## crlCheckArtemisServer Set this configuration field to `true` to enable CRL checking of TLS certificates for inbound P2P connections into the embedded Artemis messaging server. The CRL checking mode is defined by `crlCheckSoftFail` option. @@ -70,7 +70,7 @@ This setting is only relevant for node configurations with no Corda Firewall ena *Default:* `false` -## `crlCheckSoftFail` +## crlCheckSoftFail This is a boolean flag that when enabled (that is, `true` value is set) causes certificate revocation list (CRL) checking to use soft fail mode. Soft fail mode allows the revocation check to succeed if the revocation status cannot be determined because of a network error. @@ -106,15 +106,15 @@ For example: *Default:* true -## `cryptoServiceName` +## cryptoServiceName Optional name of the CryptoService implementation. This only needs to be set if you intend to use a different provider than the default one. -## `cryptoServiceConf` +## cryptoServiceConf Optional path to the configuration file for the CryptoService provider. This may have to be present if you use a different CryptoService provider than the default one. -## `cryptoServiceFlowRetryCount` +## cryptoServiceFlowRetryCount `cryptoServiceFlowRetryCount` is used to specify which actions should be taken in the event of a flow suffering a CryptoServiceException due to a timeout. @@ -130,13 +130,13 @@ For example, if `cryptoServiceFlowRetryCount` is set to `-2`, then the flow is r *Default:* -2 -## `cryptoServiceTimeout` +## cryptoServiceTimeout Optional time-out value of actions sent to the CryptoService (HSM). If the HSM takes longer than this duration to respond, then a `TimedCryptoServiceException` will be thrown and handled by the Flow hospital. You can increase it to mitigate the time-out error. *Default:* 10000 milliseconds -## `custom` +## custom Set custom command line attributes (for example, Java system properties) on the node process via the capsule launcher or on the external verifier process. @@ -150,7 +150,7 @@ Set custom command line attributes (for example, Java system properties) on the * A list of JVM arguments to apply to the external verifier process. * *Default:* not defined -## `database` +## database Database configuration @@ -162,7 +162,7 @@ Database configuration * `hibernateDialect` * Optional property for testing/development against an unsupported database. The value is passed to Hibernate `hibernate.dialect` option. All supported databases do not require this option, as Hibernate sets the correct dialect value out of box. -## `dataSourceProperties` +## dataSourceProperties This section is used to configure the JDBC connection and database driver used for the node's persistence. To add additional data source properties (for a specific JDBC driver) use the `dataSource.` prefix with the property name (for example, `dataSource.customProperty = value`). @@ -185,7 +185,7 @@ dataSource.user = sa dataSource.password = "" ``` -## `detectPublicIp` +## detectPublicIp This flag toggles the auto IP detection behaviour. If enabled, on startup the node will attempt to discover its externally visible IP address first by looking for any public addresses on its network interfaces, and then by sending an IP discovery request to the network map service. @@ -193,7 +193,7 @@ Set to `true` to enable. *Default:* false -## `devMode` +## devMode This flag sets the node to run in development mode. On startup, if the keystore `/certificates/sslkeystore.jks` @@ -208,7 +208,7 @@ This flag affects the default value for Java heap size. *Default:* Corda will try to establish based on OS environment -## `devModeOptions` +## devModeOptions Allows modification of certain `devMode` features @@ -216,19 +216,19 @@ Allows modification of certain `devMode` features This is an unsupported configuration. {{< /important >}} -## `allowCompatibilityZone` +## allowCompatibilityZone Allows a node configured to operate in development mode to connect to a compatibility zone. *Default:* not defined -## `emailAddress` +## emailAddress The email address responsible for node administration, used by the Compatibility Zone administrator. *Default:* company@example.com -## `enterpriseConfiguration` +## enterpriseConfiguration Allows fine-grained controls of various features only available in the enterprise version of Corda. @@ -512,7 +512,7 @@ Allows fine-grained controls of various features only available in the enterpris } ``` -## `extraNetworkMapKeys` +## extraNetworkMapKeys An optional list of private network map UUIDs. Your node will fetch the public network and private network maps based on these keys. Private network UUID should be provided by network operator and lets you see nodes not visible on public network. @@ -521,25 +521,25 @@ Private network UUID should be provided by network operator and lets you see nod *Default:* not defined -## `flowExternalOperationThreadPoolSize` +## flowExternalOperationThreadPoolSize The number of threads available to execute external operations that have been called from flows. *Default:* Set to the lower value between the maximum number of cores allocated to the node, or 10 cores if the maximum exceeds 10. -## `flowMonitorPeriodMillis` +## flowMonitorPeriodMillis Duration of the period suspended flows waiting for IO are logged. *Default:* 60 seconds -## `flowMonitorSuspensionLoggingThresholdMillis` +## flowMonitorSuspensionLoggingThresholdMillis Threshold duration suspended flows waiting for IO need to exceed before they are logged. *Default:* 60 seconds -## `flowTimeout` +## flowTimeout When a flow implementing the `TimedFlow` interface and setting the `isTimeoutEnabled` flag does not complete within a defined elapsed time, it is restarted from the initial checkpoint. Currently only used for notarisation requests with clustered notaries: if a notary cluster member dies while processing a notarisation request, the client flow eventually times out and gets restarted. @@ -561,7 +561,7 @@ The jitter factor is set to a random number between 1 and 1.5, and is intended t * The base of the exponential backoff, `t_{wait} = timeout * backoffBase^{retryCount}` * Default: 1.8 -## `graphiteOptions` +## graphiteOptions Optionally export metrics to a Graphite server. When specified, the node will push out all JMX metrics to the specified Graphite server at regular intervals. @@ -589,7 +589,7 @@ For non-localhost address the database password needs to be set in `dataSourcePr *Default:* NULL -## `jarDirs` +## jarDirs An optional list of file system directories containing JARs to include in the classpath when launching via `corda.jar` only. Each should be a string. @@ -606,14 +606,14 @@ If an item in a list is overridden via an environment variable/system property, This property is only available for Corda distributed with Capsule. For the Corda tarball distribution this option is unavailable. It's advisable to copy any required JAR files to the 'drivers' subdirectory of the node base directory. -## `jmxMonitoringHttpPort` +## jmxMonitoringHttpPort If set, will enable JMX metrics reporting via the Jolokia HTTP/JSON agent on the corresponding port. Default Jolokia access url is `http://127.0.0.1:port/jolokia/`. *Default:* not defined -## `jmxReporterType` +## jmxReporterType Provides an option for registering an alternative JMX reporter. Available options are `JOLOKIA` and `NEW_RELIC`. @@ -623,7 +623,7 @@ The New Relic configuration leverages the Dropwizard NewRelicReporter solution. *Default:* `JOLOKIA` -## `keyStorePassword` +## keyStorePassword The password to unlock the keystore files `/certificates/sslkeystore.jks and `/certificates/nodestore.jks` containing the node certificate and private key. @@ -632,7 +632,7 @@ Alternatively, these keys can be managed in secure hardware devices.{{< /importa *Default:* cordacadevpass -## `lazyBridgeStart` +## lazyBridgeStart Internal option. @@ -640,13 +640,13 @@ Internal option. *Default:* true -## `manAllowed` +## manAllowed Enables the usage of the shell 'man' command. Please note it makes use of insecure APIs and should be enabled with caution. *Default:* false -## `messagingServerAddress` +## messagingServerAddress The address of the ArtemisMQ broker instance. If not provided the node will run one locally. @@ -655,7 +655,7 @@ If not provided the node will run one locally. *Default:* not defined -## `messagingServerExternal` +## messagingServerExternal If `messagingServerAddress` is specified the default assumption is that the artemis broker is running externally. Setting this to `false` overrides this behaviour and runs the artemis internally to the node, but bound to the address specified in `messagingServerAddress`. @@ -669,7 +669,7 @@ When `messagingServerExternal` = `true`, `messagingServerSslConfiguration` is re *Default:* not defined -## `myLegalName` +## myLegalName The legal identity of the node. This acts as a human-readable alias to the node's public key and can be used with the network map to look up the node's info. @@ -679,7 +679,7 @@ The name must be a valid X.500 distinguished name; see [Node identity]({{< relre *Default:* not defined -## `notary` +## notary Include this optional configuration object in the node configuration file if you want to configure the node to run as a notary. @@ -861,7 +861,7 @@ Once a notary is configured with a default value, it cannot be reconfigured. To } ``` -## `networkParameterAcceptanceSettings` +## networkParameterAcceptanceSettings Optional settings for managing the network parameter auto-acceptance behaviour. If not provided then the defined defaults below are used. @@ -874,7 +874,7 @@ If not provided then the defined defaults below are used. * List of auto-acceptable parameter names to explicitly exclude from auto-accepting. Allows a node operator to control the behaviour at a more granular level. * Default: empty list -## `networkServices` +## networkServices If both of the Corda compatibility zone services, network map and registration (doorman), are not running on the same endpoint and thus have different URLs, use this option in place of the `compatibilityZoneURL` setting. @@ -914,7 +914,7 @@ If the provided host is unreachable, the node will try to auto-discover its publ *Default:* not defined -## `quasarExcludePackages` +## quasarExcludePackages A list of packages to exclude from Quasar instrumentation. Wildcards are allowed, for example `org.xml**`. @@ -927,8 +927,11 @@ Example configuration: ```shell quasarExcludePackages=["org.xml**", "org.yaml**"] ``` +## readOnlyMode -## `relay` +`readOnlyMode` is a Boolean property. If set to true, then the node is set to be a [read-only node](read-only-nodes.md). + +## relay If provided, the node will attempt to tunnel inbound connections via an external relay. The relay's address will be advertised to the network map service instead of the provided `p2pAddress`. @@ -946,7 +949,7 @@ advertised to the network map service instead of the provided `p2pAddress`. * `sshPort` * Port to be used for SSH connection, default `22`. -## `rpcAddress` +## rpcAddress {{< important >}} Deprecated. Use `rpcSettings` instead. @@ -957,7 +960,7 @@ If not provided then the node will run without RPC. *Default:* not defined -## `rpcSettings` +## rpcSettings Options for the RPC server exposed by the Node. @@ -984,7 +987,7 @@ Options for the RPC server exposed by the Node. * Password for the key store. * *Default:* not defined -## `rpcUsers` +## rpcUsers A list of users who are authorised to access the RPC system. Each user in the list is a configuration object with the following fields: @@ -1000,11 +1003,11 @@ Each user in the list is a configuration object with the following fields: This value is intended for administrator users and for development. * *Default:* not defined -## `security` +## security Contains various nested fields controlling user authentication/authorization, in particular for RPC accesses. -## `sshd` +## sshd If provided, node will start internal SSH server which will provide a management shell. It uses the same credentials and permissions as RPC subsystem. @@ -1015,7 +1018,7 @@ It has one required parameter. *Default:* not defined -## `sslHandshakeTimeout` +## sslHandshakeTimeout Internal option. @@ -1023,14 +1026,14 @@ Internal option. *Default:* 60000 milliseconds -## `systemProperties` +## systemProperties An optional map of additional system properties to be set when launching via `corda.jar` only. Keys and values of the map should be strings; for example, `systemProperties = { "visualvm.display.name" = FooBar }` *Default:* not defined -## `telemetry` +## telemetry There are new configuration fields for telemetry. See the [OpenTelemetry]({{< relref "../operating/monitoring-and-logging/opentelemetry.md" >}}) section for more information. @@ -1056,13 +1059,13 @@ telemetry { } ``` -## `transactionCacheSizeMegaBytes` +## transactionCacheSizeMegaBytes Optionally specify how much memory should be used for caching of ledger transactions in memory. *Default:* 8 MB plus 5% of all heap memory above 300MB. -## `tlsCertCrlDistPoint` +## tlsCertCrlDistPoint CRL distribution point (i.e. URL) for the TLS certificate. Default value is NULL, which indicates no CRL availability for the TLS certificate. @@ -1071,7 +1074,7 @@ Default value is NULL, which indicates no CRL availability for the TLS certifica *Default:* NULL -## `tlsCertCrlIssuer` +## tlsCertCrlIssuer CRL issuer (given in the X500 name format) for the TLS certificate. Default value is NULL, which indicates that the issuer of the TLS certificate is also the issuer of the CRL. @@ -1080,19 +1083,19 @@ Default value is NULL, which indicates that the issuer of the TLS certificate is *Default:* NULL -## `trustStorePassword` +## trustStorePassword The password to unlock the Trust store file (`/certificates/truststore.jks`) containing the Corda network root certificate. This is the non-secret value for the development certificates automatically generated during the first node run. *Default:* trustpass -## `useOpenSsl` +## useOpenSsl If set to true, the node will use a native SSL implementation for TLS rather than the JVM SSL. The native SSL library currently shipped with Corda Enterprise is BoringSsl. The default is to use JVM SSL, i.e. the flag being set to `false`. This configuration offers higher performance than the built-in library, but you cannot use it with the Corda Firewall or an HSM—so this configuration is only recommended for private networks where there is a requirement to extract maximum performance. -## `useTestClock` +## useTestClock Internal option. @@ -1100,7 +1103,7 @@ Internal option. *Default:* false -## `verfierType` +## verfierType Internal option. @@ -1108,7 +1111,7 @@ Internal option. *Default:* InMemory -## `reloadCheckpointAfterSuspend` +## reloadCheckpointAfterSuspend This is an optional configuration option that enables you to detect unrestorable checkpoints when developing CorDapps and thus reduces the risk of writing flows that cannot be retried gracefully. To use this functionality, set `reloadCheckpointAfterSuspend` to `true`: diff --git a/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-file.md b/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-file.md index c5a74f5c18..6e7872c649 100644 --- a/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-file.md +++ b/content/en/platform/corda/4.13/enterprise/node/setup/corda-configuration-file.md @@ -8,7 +8,7 @@ tags: - configuration - file title: Node configuration -weight: 3 +weight: 30 --- # Node configuration diff --git a/content/en/platform/corda/4.13/enterprise/node/setup/host-prereq.md b/content/en/platform/corda/4.13/enterprise/node/setup/host-prereq.md index d890aef7cb..11c4823443 100644 --- a/content/en/platform/corda/4.13/enterprise/node/setup/host-prereq.md +++ b/content/en/platform/corda/4.13/enterprise/node/setup/host-prereq.md @@ -7,7 +7,7 @@ tags: - host - prereq title: Host prerequisites and database requirements -weight: 2 +weight: 20 --- diff --git a/content/en/platform/corda/4.13/enterprise/node/setup/node-structure.md b/content/en/platform/corda/4.13/enterprise/node/setup/node-structure.md index 3a7f446b15..6b09ac47ba 100644 --- a/content/en/platform/corda/4.13/enterprise/node/setup/node-structure.md +++ b/content/en/platform/corda/4.13/enterprise/node/setup/node-structure.md @@ -7,7 +7,7 @@ tags: - node - structure title: Node folder structure -weight: 1 +weight: 10 --- diff --git a/content/en/platform/corda/4.13/enterprise/node/setup/read-only-nodes.md b/content/en/platform/corda/4.13/enterprise/node/setup/read-only-nodes.md new file mode 100644 index 0000000000..0423bc1e57 --- /dev/null +++ b/content/en/platform/corda/4.13/enterprise/node/setup/read-only-nodes.md @@ -0,0 +1,156 @@ +--- +date: '2025-10-20' +menu: + corda-enterprise-4-13: + parent: corda-enterprise-4-13-corda-nodes-configuring +tags: +- corda +- configuration +- file +title: Read-only nodes +weight: 100 +--- + +# Read-only nodes + +This topic describes read-only nodes, why they might be required, and how to configure a node to be read-only. + +Making a node read-only is a feature that is used for many reasons, including the following: + +- [Making nodes read-only for regulatory reasons]({{< relref "#making-nodes-read-only-for-regulatory-reasons" >}}) +- [Making nodes real-only for scalable reporting solutions]({{< relref "#making-nodes-real-only-for-scalable-reporting-solutions" >}}) + +## Making nodes read-only for regulatory reasons + +Sometimes you may want to configure a node on a network so that is has no more involvement in new transactions, but there is still a regulatory requirement to keep its data available for further use. Corda ledger data is not easily interpreted outside of a Corda node because it is stored as binary blobs in an AMQP encoding. It is possible to interpret that data externally, but we currently provide no such tooling. Keeping the node online in the network is not a good option, as it continues to be an active participant in the network and could participate in new transactions on the ledger. + +It is possible to re-configure a node as read-only, with no ability to mutate data or participate with peers, but continue to perform vault queries or other reporting operations (read-only flows) to aid with data extraction or regulatory investigations. + +## Making nodes real-only for scalable reporting solutions + +Using a read-only node can be a way to provide a scalable reporting solution. + +One node handles transactions, while one node is dedicated to handling database queries for reporting purposes. The database for the reporting node is replicated to a read-only database replica, and the reporting node that queries the read-only database replica is set to be read-only. + +The purpose of this is so the database queries, which may take a long time, do not block the database transactions traffic; this might happen if only one node was used for transactions and for reporting. This scenario keeps reporting workloads fully segregated from transactional workloads, and is an easy route to getting additional scalability. + +## Impact of being a read-only node + +Read-only nodes have the following restrictions versus normal nodes: + +- A read-only node is not visible on the peer-to-peer network. +- It does not open its related port. +- It does not register on the network. +- It does not advertise itself. +- it does not get updates from the network. +- All of its knowledge about the network and its participants comes from its configuration and database, as well as the network map cache. +- Although if its database is a replication of a live node, it can get fresh information about the network through the database. +- It is not accessible to other nodes. +- All initiateFlow operations are disabled. +- Its JDBC connection is in read-only mode. +- All signing with private keys or key pair generation is disabled. +- The following RPC operations are disabled: + - clearRPCAuditDataBefore + - collectRPCAuditData + - collectRPCAuditDataWithPaging + - acceptNewNetworkParameters + - networkParametersFeed + - addVaultTransactionNote + - uploadAttachment + - uploadAttachmentWithMetadata + - refreshNetworkMapCache + - setFlowsDrainingModeEnabled + - terminate with drainingMode = true + - recoverFinalityFlow + - recoverFinalityFlows + - recoverAllFinalityFlows + - recoverFinalityFlowByTxnId + - recoverFinalityFlowByTxnIds + - recoverFinalityFlowsMatching + - acknowledgeDatabaseBackup + - markAllKeysUsed + +- The [clearNetworkMapCache]({{< relref "../../network/network-map.md#cleaning-the-network-map-cache" >}}) operation clears only the in-memory network map cache, leaving the database intact. In read-only mode, the network map cache's entries expire in 5 minutes to let the node pick up fresh information replicated into ts database from live nodes, if there is any. +- The [RPC audit functionality]({{< relref "rpc-audit-data-recording.md" >}}) writes its audit entries into the node's logs, instead of the database. The related log entries come from `ReadOnlyAuditServiceImpl` class. Also, related RPC operations are disabled. +- The node vault's produced states cache is disabled to prevent any stale data from being stored in memory. +- The node's internal checkpoint storage has been replaced by an in-memory one, which does not persist. That also means that flows cannot be restored, continued across restarts. +- Freshly installed CorDapps are not registered in the database, but only in memory. +- The Token SDK [in-memory selection]({{< relref "../../cordapps/token-selection.md#move-tokens-using-in-memory-selection" >}}) cannot be used. + +## Read-only node disabled functionality + +Read-only nodes have the following functionalities disabled: + +- Draining mode +- Notary +- Metering +- Scheduler +- Maintenance functionalities +- System flows +- Ledger recovery +- Key pair pre-generator +- Schema sync, database migrations, upgrades +- Mutual exclusions + +## Making a node read-only + +To make a node read-only, perform the following steps: + +1. [Prepare the node database](#prepare-the-node-database) +2. Either: + - [Configure readOnlyMode to true]({{< relref "#configure-readonlymode-to-true" >}}), *or* + - [Run the node in read-only mode from the CLI]({{< relref "#running-the-node-in-read-only-mode-from-cli" >}} ) + +### Prepare the node database + +To make a node read-only, first its database must be preinitialised. This preinitialization can happen when: + +- Restoring the database from a backup +- Replicating a normal node's database +- Configuring a normal node to a read-only node while keeping its database intact + +The node will not run any mutating operations on the database; however, the CorDapps installed by end-users may contain mutating queries. +To restrict any unintentional mutating operations, it is recommended to ensure the read-only state of the database by either: + +- Restricting the database user specified in the configuration's [dataSourceProperties]({{< relref "corda-configuration-fields.md#datasourceproperties" >}}) section from having any mutating privileges, *or* +- Setting the database itself to run in read-only mode. + +The Corda node will turn on the `readOnly` property of the database connection, but some database servers treat this only as a hint, and they do not restrict mutating operations. For example, SQL Server does not support this flag. + +### Configure readOnlyMode to true + +In the node configuration, set *[readOnlyMode]({{< relref "corda-configuration-fields.md#readonlymode" >}})* to true as shown in the following example: + +``` +enterpriseConfiguration { + readOnlyMode=true +} +``` + +### Running the node in read-only mode from CLI + +Instead of changing the node configuration, you can instead start a node in read-only mode by using the `--readonly-mode` flag. + +First, add an entry to the node's network map cache matching the node's `myLegalName` configuration option. + + + + +It is recommended to remove the nodekeystore and the related HSH keystore from the read-only node's configuration. + +A read-only node needs an SSL keystore whose key will be used for the internal TLS server. +These keys may differ from the original node's SSL keys. + +### Read-only node output + +A read-only node will display the following line when started in read-only mode: + +`Read-only mode is set to true.` + +Also, instead of the normal message `Running P2PMessaging loop`, the node instead displays the following message when it is ready: + +`Blocking main thread until stop() is called` + +### Checking a node is read-only + +The `isReadOnlyNode` [RPC operation]({{< relref "../operating/clientrpc.md" >}}) allows you to check the read-only status of a node. `isReadOnlyNode` returns true if the node is configured read-only, otherwise false. \ No newline at end of file diff --git a/content/en/platform/corda/4.13/enterprise/node/setup/rpc-audit-data-recording.md b/content/en/platform/corda/4.13/enterprise/node/setup/rpc-audit-data-recording.md index 53ee0b9416..a1d8ab7f87 100644 --- a/content/en/platform/corda/4.13/enterprise/node/setup/rpc-audit-data-recording.md +++ b/content/en/platform/corda/4.13/enterprise/node/setup/rpc-audit-data-recording.md @@ -8,7 +8,7 @@ tags: - audit - recording title: Recording of RPC audit data -weight: 4 +weight: 40 --- # Recording of RPC audit data diff --git a/content/en/platform/corda/4.13/enterprise/node/setup/tls-keys-in-hsm.md b/content/en/platform/corda/4.13/enterprise/node/setup/tls-keys-in-hsm.md index 5203cf2af8..66079b8f4c 100644 --- a/content/en/platform/corda/4.13/enterprise/node/setup/tls-keys-in-hsm.md +++ b/content/en/platform/corda/4.13/enterprise/node/setup/tls-keys-in-hsm.md @@ -8,7 +8,7 @@ tags: - tls - keys title: Storing node TLS keys in HSM without running the Corda Enterprise Firewall -weight: 40 +weight: 400 --- # Storing node TLS keys in HSM without running the Corda Enterprise Firewall diff --git a/content/en/platform/corda/4.13/enterprise/release-notes-enterprise.md b/content/en/platform/corda/4.13/enterprise/release-notes-enterprise.md index d07613b716..89f8c0ed49 100644 --- a/content/en/platform/corda/4.13/enterprise/release-notes-enterprise.md +++ b/content/en/platform/corda/4.13/enterprise/release-notes-enterprise.md @@ -49,11 +49,7 @@ For more information about platform versions, see [Versioning]({{< relref "corda * Corda Enterprise targets the flow thread pools directly when it starts a flow. Therefore, there is no conflict between starting flows if one pool is performing badly and has a big queue. - - - - - +* Nodes can now be configured to be [read-only]({{< relref "node/setup/read-only-nodes.md" >}}). Making a node read-only is a feature that is used for many reasons, including for regulatory reasons and to provide scalable reporting solutions. ### Fixed issues diff --git a/content/en/platform/corda/4.13/enterprise/tools-config-obfuscator.md b/content/en/platform/corda/4.13/enterprise/tools-config-obfuscator.md index d1bfc1f6db..b5d840cf45 100644 --- a/content/en/platform/corda/4.13/enterprise/tools-config-obfuscator.md +++ b/content/en/platform/corda/4.13/enterprise/tools-config-obfuscator.md @@ -8,7 +8,7 @@ tags: - config - obfuscator title: Configuration Obfuscator -weight: 70 +weight: 700 --- # Configuration Obfuscator