Skip to main content

iota_config/
node.rs

1// Copyright (c) Mysten Labs, Inc.
2// Modifications Copyright (c) 2024 IOTA Stiftung
3// SPDX-License-Identifier: Apache-2.0
4
5use std::{
6    net::{IpAddr, Ipv4Addr, SocketAddr},
7    num::NonZeroUsize,
8    path::{Path, PathBuf},
9    sync::Arc,
10    time::Duration,
11};
12
13use anyhow::Result;
14use iota_keys::keypair_file::{read_authority_keypair_from_file, read_keypair_from_file};
15use iota_names::config::IotaNamesConfig;
16use iota_sdk_types::Address;
17use iota_types::{
18    committee::EpochId,
19    crypto::{
20        AccountKeyPair, AuthorityKeyPair, AuthorityPublicKeyBytes, IotaKeyPair, KeypairTraits,
21        NetworkKeyPair, get_key_pair_from_rng,
22    },
23    messages_checkpoint::CheckpointSequenceNumber,
24    multiaddr::Multiaddr,
25    supported_protocol_versions::{Chain, SupportedProtocolVersions},
26    traffic_control::{PolicyConfig, RemoteFirewallConfig},
27};
28use once_cell::sync::OnceCell;
29use rand::rngs::OsRng;
30use serde::{Deserialize, Serialize};
31use starfish_config::Parameters as StarfishParameters;
32use tracing::info;
33
34use crate::{
35    Config, certificate_deny_config::CertificateDenyConfig, genesis,
36    migration_tx_data::MigrationTxData, object_storage_config::ObjectStoreConfig, p2p::P2pConfig,
37    transaction_deny_config::TransactionDenyConfig, verifier_signing_config::VerifierSigningConfig,
38};
39
40// Default max number of concurrent requests served
41pub const DEFAULT_GRPC_CONCURRENCY_LIMIT: usize = 20000000000;
42
43/// Default gas price of 1000 Nanos
44pub const DEFAULT_VALIDATOR_GAS_PRICE: u64 = iota_types::transaction::DEFAULT_VALIDATOR_GAS_PRICE;
45
46/// Default commission rate of 2%
47pub const DEFAULT_COMMISSION_RATE: u64 = 200;
48
49#[derive(Clone, Debug, Deserialize, Serialize)]
50#[serde(rename_all = "kebab-case")]
51pub struct NodeConfig {
52    /// The public key bytes corresponding to the private key that the validator
53    /// holds to sign transactions.
54    #[serde(default = "default_authority_key_pair")]
55    pub authority_key_pair: AuthorityKeyPairWithPath,
56    /// The public key bytes corresponding to the private key that the validator
57    /// holds to sign consensus blocks.
58    #[serde(default = "default_key_pair")]
59    pub protocol_key_pair: KeyPairWithPath,
60    #[serde(default = "default_key_pair")]
61    pub account_key_pair: KeyPairWithPath,
62    /// The public key bytes corresponding to the private key that the validator
63    /// uses to establish TLS connections.
64    #[serde(default = "default_key_pair")]
65    pub network_key_pair: KeyPairWithPath,
66    pub db_path: PathBuf,
67
68    /// The network address for gRPC communication.
69    ///
70    /// Can be overwritten with args `listen-address` parameters.
71    #[serde(default = "default_grpc_address")]
72    pub network_address: Multiaddr,
73    #[serde(default = "default_json_rpc_address")]
74    pub json_rpc_address: SocketAddr,
75
76    /// The address for Prometheus metrics.
77    #[serde(default = "default_metrics_address")]
78    pub metrics_address: SocketAddr,
79
80    /// The address for the admin interface that is
81    /// run in the metrics separate runtime and provides access to
82    /// admin node commands such as logging and tracing options.
83    #[serde(default = "default_admin_interface_address")]
84    pub admin_interface_address: SocketAddr,
85
86    /// Configuration struct for the consensus.
87    #[serde(skip_serializing_if = "Option::is_none")]
88    pub consensus_config: Option<ConsensusConfig>,
89
90    /// Flag to enable index processing for a full node.
91    ///
92    /// If set to true, node creates `IndexStore` for transaction
93    /// data including ownership and balance information.
94    #[serde(default = "default_enable_index_processing")]
95    pub enable_index_processing: bool,
96
97    // only allow websocket connections for jsonrpc traffic
98    #[serde(default)]
99    /// Determines the jsonrpc server type as either:
100    /// - 'websocket' for a websocket based service (deprecated)
101    /// - 'http' for an http based service
102    /// - 'both' for both a websocket and http based service (deprecated)
103    pub jsonrpc_server_type: Option<ServerType>,
104
105    /// Flag to enable gRPC load shedding to manage and
106    /// mitigate overload conditions by shedding excess
107    /// load with `LoadShedLayer` middleware.
108    #[serde(default)]
109    pub grpc_load_shed: Option<bool>,
110
111    #[serde(default = "default_concurrency_limit")]
112    pub grpc_concurrency_limit: Option<usize>,
113
114    /// Configuration struct for P2P.
115    #[serde(default)]
116    pub p2p_config: P2pConfig,
117
118    /// Contains genesis location that might be `InPlace`
119    /// for reading all genesis data to memory or `InFile`,
120    /// and `OnceCell` pointer to a genesis struct.
121    pub genesis: Genesis,
122
123    /// Contains the path where to find the migration blob.
124    pub migration_tx_data_path: Option<PathBuf>,
125
126    /// Configuration for pruning of the authority store, to define when
127    /// an old data is removed from the storage space.
128    #[serde(default = "default_authority_store_pruning_config")]
129    pub authority_store_pruning_config: AuthorityStorePruningConfig,
130
131    /// Size of the broadcast channel used for notifying other systems of end of
132    /// epoch.
133    ///
134    /// If unspecified, this will default to `128`.
135    #[serde(default = "default_end_of_epoch_broadcast_channel_capacity")]
136    pub end_of_epoch_broadcast_channel_capacity: usize,
137
138    /// Configuration for the checkpoint executor for limiting
139    /// the number of checkpoints to execute concurrently,
140    /// and to allow for checkpoint post-processing.
141    #[serde(default)]
142    pub checkpoint_executor_config: CheckpointExecutorConfig,
143
144    #[serde(skip_serializing_if = "Option::is_none")]
145    pub metrics: Option<MetricsConfig>,
146
147    /// In a `iota-node` binary, this is set to
148    /// SupportedProtocolVersions::SYSTEM_DEFAULT in iota-node/src/main.rs.
149    /// It is present in the config so that it can be changed by tests in
150    /// order to test protocol upgrades.
151    #[serde(skip)]
152    pub supported_protocol_versions: Option<SupportedProtocolVersions>,
153
154    /// Configuration to manage database checkpoints,
155    /// including whether to perform checkpoints at the end of an epoch,
156    /// the path for storing checkpoints, and other related settings.
157    #[serde(default)]
158    pub db_checkpoint_config: DBCheckpointConfig,
159
160    /// Configuration for enabling/disabling expensive safety checks.
161    #[serde(default)]
162    pub expensive_safety_check_config: ExpensiveSafetyCheckConfig,
163
164    /// Configuration to specify rules for denying transactions
165    /// based on `objectsIDs`, `addresses`, or enable/disable many
166    /// features such as publishing new packages or using shared objects.
167    #[serde(default)]
168    pub transaction_deny_config: TransactionDenyConfig,
169
170    /// Config used to deny execution for certificate digests
171    /// know for crashing or hanging validator nodes.
172    ///
173    /// Should be used for a fast temporary fixes and
174    /// removed once the issue is fixed.
175    #[serde(default)]
176    pub certificate_deny_config: CertificateDenyConfig,
177
178    /// Used to determine how state debug information is dumped
179    /// when a node forks.
180    #[serde(default)]
181    pub state_debug_dump_config: StateDebugDumpConfig,
182
183    /// Configuration for writing state archive. If `ObjectStorage`
184    /// config is provided, `ArchiveWriter` will be created
185    /// for checkpoints archival.
186    #[serde(default)]
187    pub state_archive_write_config: StateArchiveConfig,
188
189    #[serde(default)]
190    pub state_archive_read_config: Vec<StateArchiveConfig>,
191
192    /// Determines if snapshot should be uploaded to the remote storage.
193    #[serde(default)]
194    pub state_snapshot_write_config: StateSnapshotConfig,
195
196    #[serde(default)]
197    pub indexer_max_subscriptions: Option<usize>,
198
199    #[serde(default = "default_transaction_kv_store_config")]
200    pub transaction_kv_store_read_config: TransactionKeyValueStoreReadConfig,
201
202    // TODO: write config seem to be unused.
203    #[serde(skip_serializing_if = "Option::is_none")]
204    pub transaction_kv_store_write_config: Option<TransactionKeyValueStoreWriteConfig>,
205
206    /// Configuration for defining thresholds and settings
207    /// for managing system overload conditions in a node.
208    #[serde(default = "default_authority_overload_config")]
209    pub authority_overload_config: AuthorityOverloadConfig,
210
211    /// Specifies the ending epoch for a node for debugging purposes.
212    ///
213    ///  Ignored if set by config, can be configured only by cli arguments.
214    #[serde(skip_serializing_if = "Option::is_none")]
215    pub run_with_range: Option<RunWithRange>,
216
217    // For killswitch use None
218    #[serde(
219        skip_serializing_if = "Option::is_none",
220        default = "default_traffic_controller_policy_config"
221    )]
222    pub policy_config: Option<PolicyConfig>,
223
224    #[serde(skip_serializing_if = "Option::is_none")]
225    pub firewall_config: Option<RemoteFirewallConfig>,
226
227    #[serde(default)]
228    pub execution_cache_config: ExecutionCacheConfig,
229
230    #[serde(default = "bool_true")]
231    pub enable_validator_tx_finalizer: bool,
232
233    /// Enables the pre-consensus soft-locking mechanism used by the
234    /// certificate-less (pcool) transaction flow (default: enabled).
235    ///
236    /// When disabled, post-consensus validation alone resolves owned-object
237    /// conflicts. Has no effect unless the pcool flow is enabled.
238    #[serde(default = "bool_true")]
239    pub enable_soft_locking: bool,
240
241    #[serde(default)]
242    pub verifier_signing_config: VerifierSigningConfig,
243
244    /// If a value is set, it determines if writes to DB can stall, which can
245    /// halt the whole process. By default, write stall is enabled on
246    /// validators but not on fullnodes.
247    #[serde(skip_serializing_if = "Option::is_none")]
248    pub enable_db_write_stall: Option<bool>,
249
250    #[serde(default, skip_serializing_if = "Option::is_none")]
251    pub iota_names_config: Option<IotaNamesConfig>,
252
253    /// Flag to enable the gRPC API.
254    #[serde(default)]
255    pub enable_grpc_api: bool,
256    #[serde(
257        default = "default_grpc_api_config",
258        skip_serializing_if = "Option::is_none"
259    )]
260    pub grpc_api_config: Option<GrpcApiConfig>,
261
262    /// Allow overriding the chain for testing purposes. For instance, it allows
263    /// you to create a test network that believes it is mainnet or testnet.
264    /// Attempting to override this value on production networks will result
265    /// in an error.
266    #[serde(skip_serializing_if = "Option::is_none")]
267    pub chain_override_for_testing: Option<Chain>,
268
269    /// Configuration for the validator client monitor that tracks
270    /// client-observed performance metrics for validators.
271    #[serde(default, skip_serializing_if = "Option::is_none")]
272    pub validator_client_monitor_config:
273        Option<crate::validator_client_monitor_config::ValidatorClientMonitorConfig>,
274}
275
276#[derive(Clone, Debug, Default, serde::Deserialize, serde::Serialize)]
277#[serde(rename_all = "kebab-case")]
278pub struct TlsConfig {
279    /// File path to a PEM formatted TLS certificate chain
280    cert: String,
281    /// File path to a PEM formatted TLS private key
282    key: String,
283}
284
285impl TlsConfig {
286    pub fn cert(&self) -> &str {
287        &self.cert
288    }
289
290    pub fn key(&self) -> &str {
291        &self.key
292    }
293}
294
295/// Configuration for the gRPC API service
296#[derive(Clone, Debug, serde::Deserialize, serde::Serialize)]
297#[serde(rename_all = "kebab-case")]
298pub struct GrpcApiConfig {
299    /// The address to bind the gRPC server to
300    #[serde(default = "default_grpc_api_address")]
301    pub address: SocketAddr,
302
303    /// TLS configuration for the gRPC server.
304    ///
305    /// If not provided, the gRPC server will use plain TCP without TLS.
306    #[serde(skip_serializing_if = "Option::is_none")]
307    pub tls: Option<TlsConfig>,
308
309    /// Maximum message size for gRPC responses (in bytes)
310    #[serde(default = "default_grpc_api_max_message_size_bytes")]
311    pub max_message_size_bytes: u32,
312
313    /// Buffer size for broadcast channels used for streaming
314    #[serde(default = "default_grpc_api_broadcast_buffer_size")]
315    pub broadcast_buffer_size: u32,
316
317    /// Maximum number of concurrent subscribers to checkpoint streaming RPCs.
318    /// Once the cap is reached, additional subscribe requests are rejected
319    /// with `Unavailable` to protect the server from being overwhelmed by
320    /// unbounded streaming clients. Values below 1 are clamped to 1 at
321    /// server startup.
322    #[serde(default = "default_grpc_api_max_concurrent_stream_subscribers")]
323    pub max_concurrent_stream_subscribers: u32,
324
325    /// Maximum size for Move values when rendering to JSON
326    /// in bytes.
327    #[serde(default = "default_grpc_api_max_json_move_value_size")]
328    pub max_json_move_value_size: usize,
329
330    /// Maximum number of transactions allowed in a single ExecuteTransactions
331    /// batch request.
332    #[serde(default = "default_grpc_api_max_execute_transaction_batch_size")]
333    pub max_execute_transaction_batch_size: u32,
334
335    /// Maximum number of transactions allowed in a single SimulateTransactions
336    /// batch request.
337    #[serde(default = "default_grpc_api_max_simulate_transaction_batch_size")]
338    pub max_simulate_transaction_batch_size: u32,
339
340    /// Maximum allowed timeout in milliseconds for waiting for checkpoint
341    /// inclusion in ExecuteTransactions requests. Client-specified timeouts
342    /// are clamped to this value.
343    #[serde(default = "default_grpc_api_max_checkpoint_inclusion_timeout_ms")]
344    pub max_checkpoint_inclusion_timeout_ms: u64,
345}
346
347fn default_grpc_api_address() -> SocketAddr {
348    SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 50051)
349}
350
351fn default_grpc_api_broadcast_buffer_size() -> u32 {
352    100
353}
354
355fn default_grpc_api_max_concurrent_stream_subscribers() -> u32 {
356    1024
357}
358
359fn default_grpc_api_max_message_size_bytes() -> u32 {
360    128 * 1024 * 1024 // 128MB
361}
362
363fn default_grpc_api_max_json_move_value_size() -> usize {
364    1024 * 1024 // 1 MB
365}
366
367fn default_grpc_api_max_execute_transaction_batch_size() -> u32 {
368    20
369}
370
371fn default_grpc_api_max_simulate_transaction_batch_size() -> u32 {
372    20
373}
374
375fn default_grpc_api_max_checkpoint_inclusion_timeout_ms() -> u64 {
376    60_000 // 60 seconds
377}
378
379impl Default for GrpcApiConfig {
380    fn default() -> Self {
381        Self {
382            address: default_grpc_api_address(),
383            tls: None,
384            max_message_size_bytes: default_grpc_api_max_message_size_bytes(),
385            broadcast_buffer_size: default_grpc_api_broadcast_buffer_size(),
386            max_concurrent_stream_subscribers: default_grpc_api_max_concurrent_stream_subscribers(),
387            max_json_move_value_size: default_grpc_api_max_json_move_value_size(),
388            max_execute_transaction_batch_size: default_grpc_api_max_execute_transaction_batch_size(
389            ),
390            max_simulate_transaction_batch_size:
391                default_grpc_api_max_simulate_transaction_batch_size(),
392            max_checkpoint_inclusion_timeout_ms:
393                default_grpc_api_max_checkpoint_inclusion_timeout_ms(),
394        }
395    }
396}
397
398impl GrpcApiConfig {
399    // The default maximum uncompressed size in bytes for a message, based on
400    // tonic's default.
401    const GRPC_TONIC_DEFAULT_MAX_RECV_MESSAGE_SIZE: u32 = 4 * 1024 * 1024; // 4MB
402    const GRPC_MIN_CLIENT_MAX_MESSAGE_SIZE_BYTES: u32 =
403        Self::GRPC_TONIC_DEFAULT_MAX_RECV_MESSAGE_SIZE;
404
405    pub fn tls_config(&self) -> Option<&TlsConfig> {
406        self.tls.as_ref()
407    }
408
409    pub fn max_message_size_bytes(&self) -> u32 {
410        // Ensure max message size is at least the minimum allowed
411        self.max_message_size_bytes
412            .max(Self::GRPC_MIN_CLIENT_MAX_MESSAGE_SIZE_BYTES)
413    }
414
415    /// Calculate the maximum size for a message that can be
416    /// sent to a client, taking into account the client's max message size
417    /// preference.
418    pub fn max_message_size_client_bytes(&self, client_max_message_size_bytes: Option<u32>) -> u32 {
419        client_max_message_size_bytes
420            // if the client did not specify a max message size, use the tonic default receive
421            // message size
422            .unwrap_or(Self::GRPC_TONIC_DEFAULT_MAX_RECV_MESSAGE_SIZE)
423            // clamp the value between the tonic default and the service max message size
424            .clamp(
425                Self::GRPC_MIN_CLIENT_MAX_MESSAGE_SIZE_BYTES,
426                self.max_message_size_bytes(),
427            )
428    }
429}
430
431#[derive(Clone, Debug, Default, Deserialize, Serialize)]
432#[serde(rename_all = "kebab-case")]
433pub struct ExecutionCacheConfig {
434    #[serde(default)]
435    pub writeback_cache: WritebackCacheConfig,
436}
437
438#[derive(Clone, Debug, Default, Deserialize, Serialize)]
439#[serde(rename_all = "kebab-case")]
440pub struct WritebackCacheConfig {
441    /// Maximum number of entries in each cache. (There are several
442    /// different caches).
443    #[serde(default, skip_serializing_if = "Option::is_none")]
444    pub max_cache_size: Option<u64>, // defaults to 100000
445
446    #[serde(default, skip_serializing_if = "Option::is_none")]
447    pub package_cache_size: Option<u64>, // defaults to 1000
448
449    #[serde(default, skip_serializing_if = "Option::is_none")]
450    pub object_cache_size: Option<u64>, // defaults to max_cache_size
451    #[serde(default, skip_serializing_if = "Option::is_none")]
452    pub marker_cache_size: Option<u64>, // defaults to object_cache_size
453    #[serde(default, skip_serializing_if = "Option::is_none")]
454    pub object_by_id_cache_size: Option<u64>, // defaults to object_cache_size
455
456    #[serde(default, skip_serializing_if = "Option::is_none")]
457    pub transaction_cache_size: Option<u64>, // defaults to max_cache_size
458    #[serde(default, skip_serializing_if = "Option::is_none")]
459    pub executed_effect_cache_size: Option<u64>, // defaults to transaction_cache_size
460    #[serde(default, skip_serializing_if = "Option::is_none")]
461    pub effect_cache_size: Option<u64>, // defaults to executed_effect_cache_size
462
463    #[serde(default, skip_serializing_if = "Option::is_none")]
464    pub events_cache_size: Option<u64>, // defaults to transaction_cache_size
465
466    #[serde(default, skip_serializing_if = "Option::is_none")]
467    pub transaction_objects_cache_size: Option<u64>, // defaults to 1000
468
469    /// Number of uncommitted transactions at which to pause consensus
470    /// handler.
471    #[serde(default, skip_serializing_if = "Option::is_none")]
472    pub backpressure_threshold: Option<u64>, // defaults to 100_000
473
474    /// Number of uncommitted transactions at which to refuse new
475    /// transaction submissions. Defaults to backpressure_threshold
476    /// if unset.
477    #[serde(default, skip_serializing_if = "Option::is_none")]
478    pub backpressure_threshold_for_rpc: Option<u64>, // defaults to backpressure_threshold
479
480    /// Percentage of `backpressure_threshold` at which graduated load shedding
481    /// based on writeback-cache pending transaction count begins. The
482    /// locally-calculated shedding percentage increases linearly from 0% at
483    /// `backpressure_threshold * backpressure_soft_limit_pct / 100` up to
484    /// 100% at the `backpressure_threshold` if the cache size continues to
485    /// increase. The calculated shedding percentage is broadcast to other
486    /// validators for a coordinated response. Defaults to 50.
487    #[serde(default, skip_serializing_if = "Option::is_none")]
488    pub backpressure_soft_limit_pct: Option<u32>,
489}
490
491impl WritebackCacheConfig {
492    pub fn max_cache_size(&self) -> u64 {
493        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_MAX")
494            .ok()
495            .and_then(|s| s.parse().ok())
496            .or(self.max_cache_size)
497            .unwrap_or(100000)
498    }
499
500    pub fn package_cache_size(&self) -> u64 {
501        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_PACKAGE")
502            .ok()
503            .and_then(|s| s.parse().ok())
504            .or(self.package_cache_size)
505            .unwrap_or(1000)
506    }
507
508    pub fn object_cache_size(&self) -> u64 {
509        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_OBJECT")
510            .ok()
511            .and_then(|s| s.parse().ok())
512            .or(self.object_cache_size)
513            .unwrap_or_else(|| self.max_cache_size())
514    }
515
516    pub fn marker_cache_size(&self) -> u64 {
517        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_MARKER")
518            .ok()
519            .and_then(|s| s.parse().ok())
520            .or(self.marker_cache_size)
521            .unwrap_or_else(|| self.object_cache_size())
522    }
523
524    pub fn object_by_id_cache_size(&self) -> u64 {
525        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_OBJECT_BY_ID")
526            .ok()
527            .and_then(|s| s.parse().ok())
528            .or(self.object_by_id_cache_size)
529            .unwrap_or_else(|| self.object_cache_size())
530    }
531
532    pub fn transaction_cache_size(&self) -> u64 {
533        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_TRANSACTION")
534            .ok()
535            .and_then(|s| s.parse().ok())
536            .or(self.transaction_cache_size)
537            .unwrap_or_else(|| self.max_cache_size())
538    }
539
540    pub fn executed_effect_cache_size(&self) -> u64 {
541        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_EXECUTED_EFFECT")
542            .ok()
543            .and_then(|s| s.parse().ok())
544            .or(self.executed_effect_cache_size)
545            .unwrap_or_else(|| self.transaction_cache_size())
546    }
547
548    pub fn effect_cache_size(&self) -> u64 {
549        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_EFFECT")
550            .ok()
551            .and_then(|s| s.parse().ok())
552            .or(self.effect_cache_size)
553            .unwrap_or_else(|| self.executed_effect_cache_size())
554    }
555
556    pub fn events_cache_size(&self) -> u64 {
557        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_EVENTS")
558            .ok()
559            .and_then(|s| s.parse().ok())
560            .or(self.events_cache_size)
561            .unwrap_or_else(|| self.transaction_cache_size())
562    }
563
564    pub fn transaction_objects_cache_size(&self) -> u64 {
565        std::env::var("IOTA_CACHE_WRITEBACK_SIZE_TRANSACTION_OBJECTS")
566            .ok()
567            .and_then(|s| s.parse().ok())
568            .or(self.transaction_objects_cache_size)
569            .unwrap_or(1000)
570    }
571
572    pub fn backpressure_threshold(&self) -> u64 {
573        std::env::var("IOTA_CACHE_WRITEBACK_BACKPRESSURE_THRESHOLD")
574            .ok()
575            .and_then(|s| s.parse().ok())
576            .or(self.backpressure_threshold)
577            .unwrap_or(100_000)
578    }
579
580    pub fn backpressure_threshold_for_rpc(&self) -> u64 {
581        std::env::var("IOTA_CACHE_WRITEBACK_BACKPRESSURE_THRESHOLD_FOR_RPC")
582            .ok()
583            .and_then(|s| s.parse().ok())
584            .or(self.backpressure_threshold_for_rpc)
585            .unwrap_or(self.backpressure_threshold())
586    }
587
588    pub fn backpressure_soft_limit_pct(&self) -> u32 {
589        std::env::var("IOTA_CACHE_WRITEBACK_BACKPRESSURE_SOFT_LIMIT_PCT")
590            .ok()
591            .and_then(|s| s.parse().ok())
592            .or(self.backpressure_soft_limit_pct)
593            .unwrap_or(50)
594            .min(100)
595    }
596}
597
598#[derive(Clone, Copy, Debug, Deserialize, Serialize)]
599#[serde(rename_all = "lowercase")]
600pub enum ServerType {
601    WebSocket,
602    Http,
603    Both,
604}
605
606#[derive(Clone, Debug, Deserialize, Serialize)]
607#[serde(rename_all = "kebab-case")]
608pub struct TransactionKeyValueStoreReadConfig {
609    #[serde(default = "default_base_url")]
610    pub base_url: String,
611
612    #[serde(default = "default_cache_size")]
613    pub cache_size: u64,
614}
615
616impl Default for TransactionKeyValueStoreReadConfig {
617    fn default() -> Self {
618        Self {
619            base_url: default_base_url(),
620            cache_size: default_cache_size(),
621        }
622    }
623}
624
625fn default_base_url() -> String {
626    "".to_string()
627}
628
629fn default_cache_size() -> u64 {
630    100_000
631}
632
633fn default_transaction_kv_store_config() -> TransactionKeyValueStoreReadConfig {
634    TransactionKeyValueStoreReadConfig::default()
635}
636
637fn default_authority_store_pruning_config() -> AuthorityStorePruningConfig {
638    AuthorityStorePruningConfig::default()
639}
640
641pub fn default_enable_index_processing() -> bool {
642    true
643}
644
645fn default_grpc_address() -> Multiaddr {
646    "/ip4/0.0.0.0/tcp/8080".parse().unwrap()
647}
648fn default_authority_key_pair() -> AuthorityKeyPairWithPath {
649    AuthorityKeyPairWithPath::new(get_key_pair_from_rng::<AuthorityKeyPair, _>(&mut OsRng).1)
650}
651
652fn default_key_pair() -> KeyPairWithPath {
653    KeyPairWithPath::new(
654        get_key_pair_from_rng::<AccountKeyPair, _>(&mut OsRng)
655            .1
656            .into(),
657    )
658}
659
660fn default_metrics_address() -> SocketAddr {
661    SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 9184)
662}
663
664pub fn default_admin_interface_address() -> SocketAddr {
665    SocketAddr::new(IpAddr::V4(Ipv4Addr::LOCALHOST), 1337)
666}
667
668pub fn default_json_rpc_address() -> SocketAddr {
669    SocketAddr::new(IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)), 9000)
670}
671
672pub fn default_grpc_api_config() -> Option<GrpcApiConfig> {
673    Some(GrpcApiConfig::default())
674}
675
676pub fn default_concurrency_limit() -> Option<usize> {
677    Some(DEFAULT_GRPC_CONCURRENCY_LIMIT)
678}
679
680pub fn default_end_of_epoch_broadcast_channel_capacity() -> usize {
681    128
682}
683
684pub fn bool_true() -> bool {
685    true
686}
687
688fn is_true(value: &bool) -> bool {
689    *value
690}
691
692impl Config for NodeConfig {}
693
694impl NodeConfig {
695    pub fn authority_key_pair(&self) -> &AuthorityKeyPair {
696        self.authority_key_pair.authority_keypair()
697    }
698
699    pub fn protocol_key_pair(&self) -> &NetworkKeyPair {
700        match self.protocol_key_pair.keypair() {
701            IotaKeyPair::Ed25519(kp) => kp,
702            other => {
703                panic!("invalid keypair type: {other:?}, only Ed25519 is allowed for protocol key")
704            }
705        }
706    }
707
708    pub fn network_key_pair(&self) -> &NetworkKeyPair {
709        match self.network_key_pair.keypair() {
710            IotaKeyPair::Ed25519(kp) => kp,
711            other => {
712                panic!("invalid keypair type: {other:?}, only Ed25519 is allowed for network key")
713            }
714        }
715    }
716
717    pub fn authority_public_key(&self) -> AuthorityPublicKeyBytes {
718        self.authority_key_pair().public().into()
719    }
720
721    pub fn db_path(&self) -> PathBuf {
722        self.db_path.join("live")
723    }
724
725    pub fn db_checkpoint_path(&self) -> PathBuf {
726        self.db_path.join("db_checkpoints")
727    }
728
729    pub fn archive_path(&self) -> PathBuf {
730        self.db_path.join("archive")
731    }
732
733    pub fn snapshot_path(&self) -> PathBuf {
734        self.db_path.join("snapshot")
735    }
736
737    pub fn network_address(&self) -> &Multiaddr {
738        &self.network_address
739    }
740
741    pub fn consensus_config(&self) -> Option<&ConsensusConfig> {
742        self.consensus_config.as_ref()
743    }
744
745    pub fn genesis(&self) -> Result<&genesis::Genesis> {
746        self.genesis.genesis()
747    }
748
749    pub fn load_migration_tx_data(&self) -> Result<MigrationTxData> {
750        let Some(location) = &self.migration_tx_data_path else {
751            anyhow::bail!("no file location set");
752        };
753
754        // Load from file
755        let migration_tx_data = MigrationTxData::load(location)?;
756
757        // Validate migration content in order to avoid corrupted or malicious data
758        migration_tx_data.validate_from_genesis(self.genesis.genesis()?)?;
759        Ok(migration_tx_data)
760    }
761
762    pub fn iota_address(&self) -> Address {
763        (&self.account_key_pair.keypair().public()).into()
764    }
765
766    pub fn archive_reader_config(&self) -> Vec<ArchiveReaderConfig> {
767        self.state_archive_read_config
768            .iter()
769            .flat_map(|config| {
770                config
771                    .object_store_config
772                    .as_ref()
773                    .map(|remote_store_config| ArchiveReaderConfig {
774                        remote_store_config: remote_store_config.clone(),
775                        download_concurrency: NonZeroUsize::new(config.concurrency)
776                            .unwrap_or(NonZeroUsize::new(5).unwrap()),
777                        use_for_pruning_watermark: config.use_for_pruning_watermark,
778                    })
779            })
780            .collect()
781    }
782
783    pub fn jsonrpc_server_type(&self) -> ServerType {
784        self.jsonrpc_server_type.unwrap_or(ServerType::Http)
785    }
786}
787
788#[derive(Debug, Clone, Deserialize, Serialize)]
789#[serde(rename_all = "kebab-case")]
790pub struct ConsensusConfig {
791    /// Base consensus DB path for all epochs.
792    pub db_path: PathBuf,
793
794    /// The number of epochs for which to retain the consensus DBs.
795    /// Setting it to 0 will make a consensus DB getting dropped
796    /// as soon as system is switched to a new epoch.
797    pub db_retention_epochs: Option<u64>,
798
799    /// Pruner will run on every epoch change but it will also check
800    /// periodically on every `db_pruner_period_secs` seconds to see
801    /// if there are any epoch DBs to remove.
802    pub db_pruner_period_secs: Option<u64>,
803
804    /// Hard limit on the number of pending transactions to submit to
805    /// consensus, including those in submission wait. Used as the upper
806    /// bound for graduated pre-consensus load shedding
807    /// (`graduated_load_shedding_soft_limit_pct`) in the certificate-less
808    /// (P-COOL) mode, and as the threshold for the binary
809    /// cutoff in `ConsensusAdapter::check_consensus_overload()` in both
810    /// certificate-less and certificate-based flows.
811    ///
812    /// Default to 20_000 inflight limit, assuming 20_000 txn tps * 1 sec
813    /// consensus latency.
814    pub max_pending_transactions: Option<usize>,
815
816    /// When defined caps the calculated submission position to the
817    /// max_submit_position.
818    ///
819    /// Even if the is elected to submit from a higher
820    /// position than this, it will "reset" to the max_submit_position.
821    pub max_submit_position: Option<usize>,
822
823    /// The submit delay step to consensus defined in milliseconds.
824    ///
825    /// When provided it will override the current back off logic otherwise the
826    /// default backoff logic will be applied based on consensus latency
827    /// estimates.
828    pub submit_delay_step_override_millis: Option<u64>,
829
830    /// Parameters for Starfish consensus
831    #[serde(skip_serializing_if = "Option::is_none", alias = "starfish_parameters")]
832    pub parameters: Option<StarfishParameters>,
833
834    /// Percentage of `max_pending_transactions` (hard limit) defining the soft
835    /// limit at which graduated pre-consensus load shedding begins. When
836    /// in-flight transactions are at or below the soft limit, no shedding
837    /// occurs; above it, the shedding rate scales linearly from 0% to 100% at
838    /// `max_pending_transactions`. Used in the certificate-less (P-COOL) mode.
839    #[serde(skip_serializing_if = "Option::is_none")]
840    pub graduated_load_shedding_soft_limit_pct: Option<u32>,
841}
842
843impl ConsensusConfig {
844    pub fn db_path(&self) -> &Path {
845        &self.db_path
846    }
847
848    /// Returns the hard limit on the number of pending transactions to submit
849    /// to consensus, including those in submission wait. Defaults to 20_000
850    /// inflight limit, assuming 20_000 txn tps * 1 sec consensus latency.
851    pub fn max_pending_transactions(&self) -> usize {
852        self.max_pending_transactions.unwrap_or(20_000)
853    }
854
855    /// Returns the percentage of `max_pending_transactions` (hard limit)
856    /// defining the soft limit at which graduated pre-consensus load
857    /// shedding begins. Defaults to 50%. Used in the certificate-less
858    /// (P-COOL) mode.
859    pub fn graduated_load_shedding_soft_limit_pct(&self) -> u32 {
860        self.graduated_load_shedding_soft_limit_pct
861            .unwrap_or(50)
862            .min(100)
863    }
864
865    pub fn submit_delay_step_override(&self) -> Option<Duration> {
866        self.submit_delay_step_override_millis
867            .map(Duration::from_millis)
868    }
869
870    pub fn db_retention_epochs(&self) -> u64 {
871        self.db_retention_epochs.unwrap_or(0)
872    }
873
874    pub fn db_pruner_period(&self) -> Duration {
875        // Default to 1 hour
876        self.db_pruner_period_secs
877            .map(Duration::from_secs)
878            .unwrap_or(Duration::from_secs(3_600))
879    }
880}
881
882#[derive(Clone, Debug, Deserialize, Serialize)]
883#[serde(rename_all = "kebab-case")]
884pub struct CheckpointExecutorConfig {
885    /// Upper bound on the number of checkpoints that can be concurrently
886    /// executed.
887    ///
888    /// If unspecified, this will default to `200`
889    #[serde(default = "default_checkpoint_execution_max_concurrency")]
890    pub checkpoint_execution_max_concurrency: usize,
891
892    /// Number of seconds to wait for effects of a batch of transactions
893    /// before logging a warning. Note that we will continue to retry
894    /// indefinitely.
895    ///
896    /// If unspecified, this will default to `10`.
897    #[serde(default = "default_local_execution_timeout_sec")]
898    pub local_execution_timeout_sec: u64,
899
900    /// Optional directory used for data ingestion pipeline.
901    ///
902    /// When specified, each executed checkpoint will be saved in a local
903    /// directory for post-processing
904    #[serde(default, skip_serializing_if = "Option::is_none")]
905    pub data_ingestion_dir: Option<PathBuf>,
906}
907
908#[derive(Clone, Debug, Default, Deserialize, Serialize)]
909#[serde(rename_all = "kebab-case")]
910pub struct ExpensiveSafetyCheckConfig {
911    /// If enabled, at epoch boundary, we will check that the storage
912    /// fund balance is always identical to the sum of the storage
913    /// rebate of all live objects, and that the total IOTA in the network
914    /// remains the same.
915    #[serde(default)]
916    enable_epoch_iota_conservation_check: bool,
917
918    /// If enabled, we will check that the total IOTA in all input objects of a
919    /// tx (both the Move part and the storage rebate) matches the total IOTA
920    /// in all output objects of the tx + gas fees.
921    #[serde(default)]
922    enable_deep_per_tx_iota_conservation_check: bool,
923
924    /// Disable epoch IOTA conservation check even when we are running in debug
925    /// mode.
926    #[serde(default)]
927    force_disable_epoch_iota_conservation_check: bool,
928
929    /// If enabled, at epoch boundary, we will check that the accumulated
930    /// live object state matches the end of epoch root state digest.
931    #[serde(default)]
932    enable_state_consistency_check: bool,
933
934    /// Disable state consistency check even when we are running in debug mode.
935    #[serde(default)]
936    force_disable_state_consistency_check: bool,
937
938    #[serde(default)]
939    enable_secondary_index_checks: bool,
940    // TODO: Add more expensive checks here
941}
942
943impl ExpensiveSafetyCheckConfig {
944    pub fn new_enable_all() -> Self {
945        Self {
946            enable_epoch_iota_conservation_check: true,
947            enable_deep_per_tx_iota_conservation_check: true,
948            force_disable_epoch_iota_conservation_check: false,
949            enable_state_consistency_check: true,
950            force_disable_state_consistency_check: false,
951            enable_secondary_index_checks: false, // Disable by default for now
952        }
953    }
954
955    pub fn new_disable_all() -> Self {
956        Self {
957            enable_epoch_iota_conservation_check: false,
958            enable_deep_per_tx_iota_conservation_check: false,
959            force_disable_epoch_iota_conservation_check: true,
960            enable_state_consistency_check: false,
961            force_disable_state_consistency_check: true,
962            enable_secondary_index_checks: false,
963        }
964    }
965
966    pub fn force_disable_epoch_iota_conservation_check(&mut self) {
967        self.force_disable_epoch_iota_conservation_check = true;
968    }
969
970    pub fn enable_epoch_iota_conservation_check(&self) -> bool {
971        (self.enable_epoch_iota_conservation_check || cfg!(debug_assertions))
972            && !self.force_disable_epoch_iota_conservation_check
973    }
974
975    pub fn force_disable_state_consistency_check(&mut self) {
976        self.force_disable_state_consistency_check = true;
977    }
978
979    pub fn enable_state_consistency_check(&self) -> bool {
980        (self.enable_state_consistency_check || cfg!(debug_assertions))
981            && !self.force_disable_state_consistency_check
982    }
983
984    pub fn enable_deep_per_tx_iota_conservation_check(&self) -> bool {
985        self.enable_deep_per_tx_iota_conservation_check || cfg!(debug_assertions)
986    }
987
988    pub fn enable_secondary_index_checks(&self) -> bool {
989        self.enable_secondary_index_checks
990    }
991}
992
993fn default_checkpoint_execution_max_concurrency() -> usize {
994    4
995}
996
997fn default_local_execution_timeout_sec() -> u64 {
998    30
999}
1000
1001impl Default for CheckpointExecutorConfig {
1002    fn default() -> Self {
1003        Self {
1004            checkpoint_execution_max_concurrency: default_checkpoint_execution_max_concurrency(),
1005            local_execution_timeout_sec: default_local_execution_timeout_sec(),
1006            data_ingestion_dir: None,
1007        }
1008    }
1009}
1010
1011#[derive(Debug, Clone, Deserialize, Serialize)]
1012#[serde(rename_all = "kebab-case")]
1013pub struct AuthorityStorePruningConfig {
1014    /// number of the latest epoch dbs to retain
1015    #[serde(default = "default_num_latest_epoch_dbs_to_retain")]
1016    pub num_latest_epoch_dbs_to_retain: usize,
1017    /// number of epochs to keep the latest version of objects for.
1018    /// Note that a zero value corresponds to an aggressive pruner.
1019    /// This mode is experimental and needs to be used with caution.
1020    /// Use `u64::MAX` to disable the pruner for the objects.
1021    #[serde(default)]
1022    pub num_epochs_to_retain: u64,
1023    /// pruner's runtime interval used for aggressive mode
1024    #[serde(skip_serializing_if = "Option::is_none")]
1025    pub pruning_run_delay_seconds: Option<u64>,
1026    /// maximum number of checkpoints in the pruning batch. Can be adjusted to
1027    /// increase performance
1028    #[serde(default = "default_max_checkpoints_in_batch")]
1029    pub max_checkpoints_in_batch: usize,
1030    /// maximum number of transaction in the pruning batch
1031    #[serde(default = "default_max_transactions_in_batch")]
1032    pub max_transactions_in_batch: usize,
1033    /// enables periodic background compaction for old SST files whose last
1034    /// modified time is older than `periodic_compaction_threshold_days`
1035    /// days. That ensures that all sst files eventually go through the
1036    /// compaction process
1037    #[serde(
1038        default = "default_periodic_compaction_threshold_days",
1039        skip_serializing_if = "Option::is_none"
1040    )]
1041    pub periodic_compaction_threshold_days: Option<usize>,
1042    /// number of epochs to keep the latest version of transactions and effects
1043    /// for
1044    #[serde(skip_serializing_if = "Option::is_none")]
1045    pub num_epochs_to_retain_for_checkpoints: Option<u64>,
1046    #[serde(default = "default_smoothing", skip_serializing_if = "is_true")]
1047    pub smooth: bool,
1048    /// Enables the compaction filter for pruning the objects table.
1049    /// If disabled, a range deletion approach is used instead.
1050    /// While it is generally safe to switch between the two modes,
1051    /// switching from the compaction filter approach back to range deletion
1052    /// may result in some old versions that will never be pruned.
1053    #[serde(default, skip_serializing_if = "std::ops::Not::not")]
1054    pub enable_compaction_filter: bool,
1055    #[serde(skip_serializing_if = "Option::is_none")]
1056    pub num_epochs_to_retain_for_indexes: Option<u64>,
1057}
1058
1059fn default_num_latest_epoch_dbs_to_retain() -> usize {
1060    3
1061}
1062
1063fn default_max_transactions_in_batch() -> usize {
1064    1000
1065}
1066
1067fn default_max_checkpoints_in_batch() -> usize {
1068    10
1069}
1070
1071fn default_smoothing() -> bool {
1072    cfg!(not(test))
1073}
1074
1075fn default_periodic_compaction_threshold_days() -> Option<usize> {
1076    Some(1)
1077}
1078
1079impl Default for AuthorityStorePruningConfig {
1080    fn default() -> Self {
1081        Self {
1082            num_latest_epoch_dbs_to_retain: default_num_latest_epoch_dbs_to_retain(),
1083            num_epochs_to_retain: 0,
1084            pruning_run_delay_seconds: if cfg!(msim) { Some(2) } else { None },
1085            max_checkpoints_in_batch: default_max_checkpoints_in_batch(),
1086            max_transactions_in_batch: default_max_transactions_in_batch(),
1087            periodic_compaction_threshold_days: None,
1088            num_epochs_to_retain_for_checkpoints: if cfg!(msim) { Some(2) } else { None },
1089            smooth: true,
1090            enable_compaction_filter: cfg!(test) || cfg!(msim),
1091            num_epochs_to_retain_for_indexes: None,
1092        }
1093    }
1094}
1095
1096impl AuthorityStorePruningConfig {
1097    pub fn set_num_epochs_to_retain(&mut self, num_epochs_to_retain: u64) {
1098        self.num_epochs_to_retain = num_epochs_to_retain;
1099    }
1100
1101    pub fn set_num_epochs_to_retain_for_checkpoints(&mut self, num_epochs_to_retain: Option<u64>) {
1102        self.num_epochs_to_retain_for_checkpoints = num_epochs_to_retain;
1103    }
1104
1105    pub fn num_epochs_to_retain_for_checkpoints(&self) -> Option<u64> {
1106        self.num_epochs_to_retain_for_checkpoints
1107            // if n less than 2, coerce to 2 and log
1108            .map(|n| {
1109                if n < 2 {
1110                    info!("num_epochs_to_retain_for_checkpoints must be at least 2, rounding up from {}", n);
1111                    2
1112                } else {
1113                    n
1114                }
1115            })
1116    }
1117}
1118
1119#[derive(Debug, Clone, Deserialize, Serialize)]
1120#[serde(rename_all = "kebab-case")]
1121pub struct MetricsConfig {
1122    #[serde(skip_serializing_if = "Option::is_none")]
1123    pub push_interval_seconds: Option<u64>,
1124    #[serde(skip_serializing_if = "Option::is_none")]
1125    pub push_url: Option<String>,
1126}
1127
1128#[derive(Default, Debug, Clone, Deserialize, Serialize)]
1129#[serde(rename_all = "kebab-case")]
1130pub struct DBCheckpointConfig {
1131    #[serde(default)]
1132    pub perform_db_checkpoints_at_epoch_end: bool,
1133    #[serde(skip_serializing_if = "Option::is_none")]
1134    pub checkpoint_path: Option<PathBuf>,
1135    #[serde(skip_serializing_if = "Option::is_none")]
1136    pub object_store_config: Option<ObjectStoreConfig>,
1137    #[serde(skip_serializing_if = "Option::is_none")]
1138    pub perform_index_db_checkpoints_at_epoch_end: Option<bool>,
1139    #[serde(skip_serializing_if = "Option::is_none")]
1140    pub prune_and_compact_before_upload: Option<bool>,
1141}
1142
1143#[derive(Debug, Clone)]
1144pub struct ArchiveReaderConfig {
1145    pub remote_store_config: ObjectStoreConfig,
1146    pub download_concurrency: NonZeroUsize,
1147    pub use_for_pruning_watermark: bool,
1148}
1149
1150#[derive(Default, Debug, Clone, Deserialize, Serialize)]
1151#[serde(rename_all = "kebab-case")]
1152pub struct StateArchiveConfig {
1153    #[serde(skip_serializing_if = "Option::is_none")]
1154    pub object_store_config: Option<ObjectStoreConfig>,
1155    pub concurrency: usize,
1156    pub use_for_pruning_watermark: bool,
1157}
1158
1159/// Configuration for the per-epoch state-snapshot publisher.
1160///
1161/// **Operator note (V2 snapshot publishing).** A node configured to publish
1162/// V2 snapshots must have a perpetual store containing no pre-V2
1163/// (`StoreObjectV1`) rows. This means a snapshot-publishing node must have
1164/// either synced from genesis under V2 or been restored from a V2 snapshot.
1165/// There is no on-disk backfill: a fresh sync is the only supported path.
1166#[derive(Default, Debug, Clone, Deserialize, Serialize)]
1167#[serde(rename_all = "kebab-case")]
1168pub struct StateSnapshotConfig {
1169    #[serde(skip_serializing_if = "Option::is_none")]
1170    pub object_store_config: Option<ObjectStoreConfig>,
1171    pub concurrency: usize,
1172}
1173
1174#[derive(Default, Debug, Clone, Deserialize, Serialize)]
1175#[serde(rename_all = "kebab-case")]
1176pub struct TransactionKeyValueStoreWriteConfig {
1177    pub aws_access_key_id: String,
1178    pub aws_secret_access_key: String,
1179    pub aws_region: String,
1180    pub table_name: String,
1181    pub bucket_name: String,
1182    pub concurrency: usize,
1183}
1184
1185/// Configuration for the threshold(s) at which we consider the system
1186/// to be overloaded. When one of the threshold is passed, the node may
1187/// stop processing new transactions and/or certificates until the congestion
1188/// resolves.
1189#[derive(Clone, Debug, Deserialize, Serialize)]
1190#[serde(rename_all = "kebab-case")]
1191pub struct AuthorityOverloadConfig {
1192    /// Maximum time a transaction can wait in the transaction manager execution
1193    /// queue before it triggers an overload detection on the object it depends
1194    /// on.
1195    #[serde(default = "default_max_txn_age_in_queue")]
1196    pub max_txn_age_in_queue: Duration,
1197
1198    /// The interval of checking overload signal.
1199    #[serde(default = "default_overload_monitor_interval")]
1200    pub overload_monitor_interval: Duration,
1201
1202    /// The execution queueing latency when entering load shedding mode.
1203    #[serde(default = "default_execution_queue_latency_soft_limit")]
1204    pub execution_queue_latency_soft_limit: Duration,
1205
1206    /// The execution queueing latency when entering aggressive load shedding
1207    /// mode.
1208    #[serde(default = "default_execution_queue_latency_hard_limit")]
1209    pub execution_queue_latency_hard_limit: Duration,
1210
1211    /// The maximum percentage of transactions to shed in load shedding mode.
1212    #[serde(default = "default_max_load_shedding_percentage")]
1213    pub max_load_shedding_percentage: u32,
1214
1215    /// When in aggressive load shedding mode, the minimum percentage of
1216    /// transactions to shed.
1217    #[serde(default = "default_min_load_shedding_percentage_above_hard_limit")]
1218    pub min_load_shedding_percentage_above_hard_limit: u32,
1219
1220    /// If transaction ready rate is below this rate, we consider the validator
1221    /// is well under used, and will not enter load shedding mode.
1222    #[serde(default = "default_safe_transaction_ready_rate")]
1223    pub safe_transaction_ready_rate: u32,
1224
1225    /// When set to true, transaction signing may be rejected when the validator
1226    /// is overloaded.
1227    #[serde(default = "default_check_system_overload_at_signing")]
1228    pub check_system_overload_at_signing: bool,
1229
1230    /// When set to true, transaction execution may be rejected when the
1231    /// validator is overloaded.
1232    #[serde(default, skip_serializing_if = "std::ops::Not::not")]
1233    pub check_system_overload_at_execution: bool,
1234
1235    /// Reject a transaction if transaction manager queue length is above this
1236    /// threshold. 100_000 = 10k TPS * 5s resident time in transaction
1237    /// manager (pending + executing) * 2.
1238    #[serde(default = "default_max_transaction_manager_queue_length")]
1239    pub max_transaction_manager_queue_length: usize,
1240
1241    /// Reject a transaction if the number of pending transactions depending on
1242    /// the object is above the threshold.
1243    #[serde(default = "default_max_transaction_manager_per_object_queue_length")]
1244    pub max_transaction_manager_per_object_queue_length: usize,
1245
1246    /// Percentage of `max_transaction_manager_queue_length` at which graduated
1247    /// load shedding begins in the certificate-less (P-COOL) mode. Read
1248    /// via the same-named accessor, which clamps the value to <=100.
1249    #[serde(default = "default_max_transaction_manager_queue_length_soft_limit_pct")]
1250    pub max_transaction_manager_queue_length_soft_limit_pct: u32,
1251}
1252
1253impl AuthorityOverloadConfig {
1254    /// Returns the soft-limit percentage, clamped to <=100 to guard against
1255    /// out-of-range operator-supplied values.
1256    pub fn max_transaction_manager_queue_length_soft_limit_pct(&self) -> u32 {
1257        self.max_transaction_manager_queue_length_soft_limit_pct
1258            .min(100)
1259    }
1260}
1261
1262fn default_max_txn_age_in_queue() -> Duration {
1263    Duration::from_millis(500)
1264}
1265
1266fn default_overload_monitor_interval() -> Duration {
1267    Duration::from_secs(10)
1268}
1269
1270fn default_execution_queue_latency_soft_limit() -> Duration {
1271    Duration::from_secs(1)
1272}
1273
1274fn default_execution_queue_latency_hard_limit() -> Duration {
1275    Duration::from_secs(10)
1276}
1277
1278fn default_max_load_shedding_percentage() -> u32 {
1279    95
1280}
1281
1282fn default_min_load_shedding_percentage_above_hard_limit() -> u32 {
1283    50
1284}
1285
1286fn default_safe_transaction_ready_rate() -> u32 {
1287    100
1288}
1289
1290fn default_check_system_overload_at_signing() -> bool {
1291    true
1292}
1293
1294fn default_max_transaction_manager_queue_length() -> usize {
1295    100_000
1296}
1297
1298fn default_max_transaction_manager_queue_length_soft_limit_pct() -> u32 {
1299    50
1300}
1301
1302fn default_max_transaction_manager_per_object_queue_length() -> usize {
1303    20
1304}
1305
1306impl Default for AuthorityOverloadConfig {
1307    fn default() -> Self {
1308        Self {
1309            max_txn_age_in_queue: default_max_txn_age_in_queue(),
1310            overload_monitor_interval: default_overload_monitor_interval(),
1311            execution_queue_latency_soft_limit: default_execution_queue_latency_soft_limit(),
1312            execution_queue_latency_hard_limit: default_execution_queue_latency_hard_limit(),
1313            max_load_shedding_percentage: default_max_load_shedding_percentage(),
1314            min_load_shedding_percentage_above_hard_limit:
1315                default_min_load_shedding_percentage_above_hard_limit(),
1316            safe_transaction_ready_rate: default_safe_transaction_ready_rate(),
1317            check_system_overload_at_signing: true,
1318            check_system_overload_at_execution: false,
1319            max_transaction_manager_queue_length: default_max_transaction_manager_queue_length(),
1320            max_transaction_manager_queue_length_soft_limit_pct:
1321                default_max_transaction_manager_queue_length_soft_limit_pct(),
1322            max_transaction_manager_per_object_queue_length:
1323                default_max_transaction_manager_per_object_queue_length(),
1324        }
1325    }
1326}
1327
1328fn default_authority_overload_config() -> AuthorityOverloadConfig {
1329    AuthorityOverloadConfig::default()
1330}
1331
1332fn default_traffic_controller_policy_config() -> Option<PolicyConfig> {
1333    Some(PolicyConfig::default_dos_protection_policy())
1334}
1335
1336#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Eq)]
1337pub struct Genesis {
1338    #[serde(flatten)]
1339    location: Option<GenesisLocation>,
1340
1341    #[serde(skip)]
1342    genesis: once_cell::sync::OnceCell<genesis::Genesis>,
1343}
1344
1345impl Genesis {
1346    pub fn new(genesis: genesis::Genesis) -> Self {
1347        Self {
1348            location: Some(GenesisLocation::InPlace {
1349                genesis: Box::new(genesis),
1350            }),
1351            genesis: Default::default(),
1352        }
1353    }
1354
1355    pub fn new_from_file<P: Into<PathBuf>>(path: P) -> Self {
1356        Self {
1357            location: Some(GenesisLocation::File {
1358                genesis_file_location: path.into(),
1359            }),
1360            genesis: Default::default(),
1361        }
1362    }
1363
1364    pub fn new_empty() -> Self {
1365        Self {
1366            location: None,
1367            genesis: Default::default(),
1368        }
1369    }
1370
1371    pub fn genesis(&self) -> Result<&genesis::Genesis> {
1372        match &self.location {
1373            Some(GenesisLocation::InPlace { genesis }) => Ok(genesis),
1374            Some(GenesisLocation::File {
1375                genesis_file_location,
1376            }) => self
1377                .genesis
1378                .get_or_try_init(|| genesis::Genesis::load(genesis_file_location)),
1379            None => anyhow::bail!("no genesis location set"),
1380        }
1381    }
1382}
1383
1384#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Eq)]
1385#[serde(untagged)]
1386enum GenesisLocation {
1387    InPlace {
1388        genesis: Box<genesis::Genesis>,
1389    },
1390    File {
1391        #[serde(rename = "genesis-file-location")]
1392        genesis_file_location: PathBuf,
1393    },
1394}
1395
1396/// Wrapper struct for IotaKeyPair that can be deserialized from a file path.
1397/// Used by network, worker, and account keypair.
1398#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
1399pub struct KeyPairWithPath {
1400    #[serde(flatten)]
1401    location: KeyPairLocation,
1402
1403    #[serde(skip)]
1404    keypair: OnceCell<Arc<IotaKeyPair>>,
1405}
1406
1407#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Eq)]
1408#[serde(untagged)]
1409enum KeyPairLocation {
1410    InPlace {
1411        #[serde(with = "bech32_formatted_keypair")]
1412        value: Arc<IotaKeyPair>,
1413    },
1414    File {
1415        path: PathBuf,
1416    },
1417}
1418
1419impl KeyPairWithPath {
1420    pub fn new(kp: IotaKeyPair) -> Self {
1421        let cell: OnceCell<Arc<IotaKeyPair>> = OnceCell::new();
1422        let arc_kp = Arc::new(kp);
1423        // OK to unwrap panic because authority should not start without all keypairs
1424        // loaded.
1425        cell.set(arc_kp.clone()).expect("failed to set keypair");
1426        Self {
1427            location: KeyPairLocation::InPlace { value: arc_kp },
1428            keypair: cell,
1429        }
1430    }
1431
1432    pub fn new_from_path(path: PathBuf) -> Self {
1433        let cell: OnceCell<Arc<IotaKeyPair>> = OnceCell::new();
1434        // OK to unwrap panic because authority should not start without all keypairs
1435        // loaded.
1436        cell.set(Arc::new(read_keypair_from_file(&path).unwrap_or_else(
1437            |e| panic!("invalid keypair file at path {:?}: {e}", &path),
1438        )))
1439        .expect("failed to set keypair");
1440        Self {
1441            location: KeyPairLocation::File { path },
1442            keypair: cell,
1443        }
1444    }
1445
1446    pub fn keypair(&self) -> &IotaKeyPair {
1447        self.keypair
1448            .get_or_init(|| match &self.location {
1449                KeyPairLocation::InPlace { value } => value.clone(),
1450                KeyPairLocation::File { path } => {
1451                    // OK to unwrap panic because authority should not start without all keypairs
1452                    // loaded.
1453                    Arc::new(
1454                        read_keypair_from_file(path).unwrap_or_else(|e| {
1455                            panic!("invalid keypair file at path {path:?}: {e}")
1456                        }),
1457                    )
1458                }
1459            })
1460            .as_ref()
1461    }
1462}
1463
1464/// Wrapper struct for AuthorityKeyPair that can be deserialized from a file
1465/// path.
1466#[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
1467pub struct AuthorityKeyPairWithPath {
1468    #[serde(flatten)]
1469    location: AuthorityKeyPairLocation,
1470
1471    #[serde(skip)]
1472    keypair: OnceCell<Arc<AuthorityKeyPair>>,
1473}
1474
1475#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Eq)]
1476#[serde(untagged)]
1477enum AuthorityKeyPairLocation {
1478    InPlace { value: Arc<AuthorityKeyPair> },
1479    File { path: PathBuf },
1480}
1481
1482impl AuthorityKeyPairWithPath {
1483    pub fn new(kp: AuthorityKeyPair) -> Self {
1484        let cell: OnceCell<Arc<AuthorityKeyPair>> = OnceCell::new();
1485        let arc_kp = Arc::new(kp);
1486        // OK to unwrap panic because authority should not start without all keypairs
1487        // loaded.
1488        cell.set(arc_kp.clone())
1489            .expect("failed to set authority keypair");
1490        Self {
1491            location: AuthorityKeyPairLocation::InPlace { value: arc_kp },
1492            keypair: cell,
1493        }
1494    }
1495
1496    pub fn new_from_path(path: PathBuf) -> Self {
1497        let cell: OnceCell<Arc<AuthorityKeyPair>> = OnceCell::new();
1498        // OK to unwrap panic because authority should not start without all keypairs
1499        // loaded.
1500        cell.set(Arc::new(
1501            read_authority_keypair_from_file(&path)
1502                .unwrap_or_else(|_| panic!("invalid authority keypair file at path {:?}", &path)),
1503        ))
1504        .expect("failed to set authority keypair");
1505        Self {
1506            location: AuthorityKeyPairLocation::File { path },
1507            keypair: cell,
1508        }
1509    }
1510
1511    pub fn authority_keypair(&self) -> &AuthorityKeyPair {
1512        self.keypair
1513            .get_or_init(|| match &self.location {
1514                AuthorityKeyPairLocation::InPlace { value } => value.clone(),
1515                AuthorityKeyPairLocation::File { path } => {
1516                    // OK to unwrap panic because authority should not start without all keypairs
1517                    // loaded.
1518                    Arc::new(
1519                        read_authority_keypair_from_file(path).unwrap_or_else(|_| {
1520                            panic!("invalid authority keypair file {:?}", &path)
1521                        }),
1522                    )
1523                }
1524            })
1525            .as_ref()
1526    }
1527}
1528
1529/// Configurations which determine how we dump state debug info.
1530/// Debug info is dumped when a node forks.
1531#[derive(Clone, Debug, Deserialize, Serialize, Default)]
1532#[serde(rename_all = "kebab-case")]
1533pub struct StateDebugDumpConfig {
1534    #[serde(skip_serializing_if = "Option::is_none")]
1535    pub dump_file_directory: Option<PathBuf>,
1536}
1537
1538#[cfg(test)]
1539mod tests {
1540    use std::path::PathBuf;
1541
1542    use fastcrypto::traits::KeyPair;
1543    use iota_keys::keypair_file::{write_authority_keypair_to_file, write_keypair_to_file};
1544    use iota_types::crypto::{
1545        AuthorityKeyPair, IotaKeyPair, NetworkKeyPair, get_key_pair_from_rng,
1546    };
1547    use rand::{SeedableRng, rngs::StdRng};
1548
1549    use super::Genesis;
1550    use crate::NodeConfig;
1551
1552    #[test]
1553    fn serialize_genesis_from_file() {
1554        let g = Genesis::new_from_file("path/to/file");
1555
1556        let s = serde_yaml::to_string(&g).unwrap();
1557        assert_eq!("---\ngenesis-file-location: path/to/file\n", s);
1558        let loaded_genesis: Genesis = serde_yaml::from_str(&s).unwrap();
1559        assert_eq!(g, loaded_genesis);
1560    }
1561
1562    #[test]
1563    fn fullnode_template() {
1564        const TEMPLATE: &str = include_str!("../data/fullnode-template.yaml");
1565
1566        let _template: NodeConfig = serde_yaml::from_str(TEMPLATE).unwrap();
1567    }
1568
1569    #[test]
1570    fn enable_soft_locking_defaults_to_enabled() {
1571        // The template omits `enable-soft-locking`, so this exercises the serde
1572        // default and pins the documented "default: enabled" contract.
1573        const TEMPLATE: &str = include_str!("../data/fullnode-template.yaml");
1574
1575        let config: NodeConfig = serde_yaml::from_str(TEMPLATE).unwrap();
1576        assert!(config.enable_soft_locking);
1577    }
1578
1579    #[test]
1580    fn load_key_pairs_to_node_config() {
1581        let authority_key_pair: AuthorityKeyPair =
1582            get_key_pair_from_rng(&mut StdRng::from_seed([0; 32])).1;
1583        let protocol_key_pair: NetworkKeyPair =
1584            get_key_pair_from_rng(&mut StdRng::from_seed([0; 32])).1;
1585        let network_key_pair: NetworkKeyPair =
1586            get_key_pair_from_rng(&mut StdRng::from_seed([0; 32])).1;
1587
1588        write_authority_keypair_to_file(&authority_key_pair, PathBuf::from("authority.key"))
1589            .unwrap();
1590        write_keypair_to_file(
1591            &IotaKeyPair::Ed25519(protocol_key_pair.copy()),
1592            PathBuf::from("protocol.key"),
1593        )
1594        .unwrap();
1595        write_keypair_to_file(
1596            &IotaKeyPair::Ed25519(network_key_pair.copy()),
1597            PathBuf::from("network.key"),
1598        )
1599        .unwrap();
1600
1601        const TEMPLATE: &str = include_str!("../data/fullnode-template-with-path.yaml");
1602        let template: NodeConfig = serde_yaml::from_str(TEMPLATE).unwrap();
1603        assert_eq!(
1604            template.authority_key_pair().public(),
1605            authority_key_pair.public()
1606        );
1607        assert_eq!(
1608            template.network_key_pair().public(),
1609            network_key_pair.public()
1610        );
1611        assert_eq!(
1612            template.protocol_key_pair().public(),
1613            protocol_key_pair.public()
1614        );
1615    }
1616}
1617
1618// RunWithRange is used to specify the ending epoch/checkpoint to process.
1619// this is intended for use with disaster recovery debugging and verification
1620// workflows, never in normal operations
1621#[derive(Clone, Copy, PartialEq, Debug, Serialize, Deserialize)]
1622pub enum RunWithRange {
1623    Epoch(EpochId),
1624    Checkpoint(CheckpointSequenceNumber),
1625}
1626
1627impl RunWithRange {
1628    // is epoch_id > RunWithRange::Epoch
1629    pub fn is_epoch_gt(&self, epoch_id: EpochId) -> bool {
1630        matches!(self, RunWithRange::Epoch(e) if epoch_id > *e)
1631    }
1632
1633    pub fn matches_checkpoint(&self, seq_num: CheckpointSequenceNumber) -> bool {
1634        matches!(self, RunWithRange::Checkpoint(seq) if *seq == seq_num)
1635    }
1636
1637    pub fn into_checkpoint_bound(self) -> Option<CheckpointSequenceNumber> {
1638        match self {
1639            RunWithRange::Epoch(_) => None,
1640            RunWithRange::Checkpoint(seq) => Some(seq),
1641        }
1642    }
1643}
1644
1645/// A serde helper module used with #[serde(with = "...")] to change the
1646/// de/serialization format of an `IotaKeyPair` to Bech32 when written to or
1647/// read from a node config.
1648mod bech32_formatted_keypair {
1649    use std::ops::Deref;
1650
1651    use iota_types::crypto::{EncodeDecodeBase64, IotaKeyPair};
1652    use serde::{Deserialize, Deserializer, Serializer};
1653
1654    pub fn serialize<S, T>(kp: &T, serializer: S) -> Result<S::Ok, S::Error>
1655    where
1656        S: Serializer,
1657        T: Deref<Target = IotaKeyPair>,
1658    {
1659        use serde::ser::Error;
1660
1661        // Serialize the keypair to a Bech32 string
1662        let s = kp.encode().map_err(Error::custom)?;
1663
1664        serializer.serialize_str(&s)
1665    }
1666
1667    pub fn deserialize<'de, D, T>(deserializer: D) -> Result<T, D::Error>
1668    where
1669        D: Deserializer<'de>,
1670        T: From<IotaKeyPair>,
1671    {
1672        use serde::de::Error;
1673
1674        let s = String::deserialize(deserializer)?;
1675
1676        // Try to deserialize the keypair from a Bech32 formatted string
1677        IotaKeyPair::decode(&s)
1678            .or_else(|_| {
1679                // For backwards compatibility try Base64 if Bech32 failed
1680                IotaKeyPair::decode_base64(&s)
1681            })
1682            .map(Into::into)
1683            .map_err(Error::custom)
1684    }
1685}