forked from hyperledger-archives/sawtooth-core
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add proc to restrict txn types for Sys Admin Guide
Show how to use "sawset proposal create" to set the allowed transaction types to those TPs/TFs used in this guide: Identity, IntegerKey, Settings, and PoET Validator Registry. Signed-off-by: Anne Chenette <chenette@bitwise.io>
- Loading branch information
1 parent
8fe21b9
commit 830c2cb
Showing
2 changed files
with
81 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| ************************************************ | ||
| Setting the Allowed Transaction Types (Optional) | ||
| ************************************************ | ||
|
|
||
| By default, a validator accepts transactions from any transaction processor. | ||
| However, Sawtooth allows you to limit the types of transactions that can be | ||
| submitted. | ||
|
|
||
| This setting, ``sawtooth.validator.transaction_families``, improves the | ||
| Sawtooth network's security by ignoring any unrecognized transaction processors. | ||
| It is an on-chain setting, which means that the change is submitted on one node; | ||
| the other nodes in the network apply the settings change when they receive the | ||
| block with this transaction. Note that the | ||
| :doc:`Settings transaction processor <../transaction_family_specifications/settings_transaction_family>` | ||
| is required to handle on-chain configuration settings. | ||
|
|
||
| In this procedure, you will configure the validator network to limit the | ||
| accepted transaction types to those from the Identity, IntegerKey, Settings, and | ||
| PoET Validator Registry transaction processors. | ||
|
|
||
| .. important:: | ||
|
|
||
| For the environment described in this guide, you **must** run this procedure | ||
| on the same node that created the genesis block, because the ``sawset | ||
| proposal create`` command requires the validator key that was generated on | ||
| that node. | ||
|
|
||
| #. Open a terminal window on the "genesis node" (the Sawtooth node that created | ||
| the genesis block in a previous procedure). | ||
|
|
||
| #. Use the ``sawset`` command to create and submit a batch of transactions that | ||
| changes the allowed transaction types. | ||
|
|
||
| .. code-block:: console | ||
| $ sudo sawset proposal create --key /etc/sawtooth/keys/validator.priv \ | ||
| sawtooth.validator.transaction_families='[{"family":"sawtooth_identity", "version":"1.0"}, {"family":"intkey", "version": "1.0"}, {"family":"sawtooth_settings", "version":"1.0"}, {"family":"sawtooth_validator_registry", "version":"1.0"}]' | ||
| This command sets ``sawtooth.validator.transaction_families`` to a JSON array | ||
| that specifies the family name and version of each allowed transaction | ||
| processor. For this information, see | ||
| :doc:`transaction family specification <../transaction_family_specifications>`). | ||
|
|
||
| #. Run the following command to check the setting change. | ||
|
|
||
| .. code-block:: console | ||
| $ sawtooth settings list | ||
| The output should be similar to this example: | ||
|
|
||
| .. code-block:: console | ||
| sawtooth.consensus.algorithm: poet | ||
| sawtooth.poet.initial_wait_time: 15 | ||
| sawtooth.poet.key_block_claim_limit: 100000 | ||
| sawtooth.poet.report_public_key_pem: -----BEGIN PUBL... | ||
| sawtooth.poet.target_wait_time: 15 | ||
| sawtooth.poet.valid_enclave_basenames: b785c58b77152cb... | ||
| sawtooth.poet.valid_enclave_measurements: c99f21955e38dbb... | ||
| sawtooth.poet.ztest_minimum_win_count: 100000 | ||
| sawtooth.publisher.max_batches_per_block: 200 | ||
| sawtooth.settings.vote.authorized_keys: 03e27504580fa15... | ||
| sawtooth.validator.transaction_families: [{"family": "in... | ||
| #. You can also check the log file for the Settings transaction processor, | ||
| ``/var/log/sawtooth/logs/settings-{xxxxxxx}-debug.log`` for a | ||
| ``TP_PROCESS_REQUEST`` message. (Note that the Settings log file has a unique | ||
| string in the file name.) The message will resemble this example: | ||
|
|
||
| .. code-block:: none | ||
| [20:07:58.039 [MainThread] core DEBUG] received message of type: TP_PROCESS_REQUEST | ||
| [20:07:58.190 [MainThread] handler INFO] Setting setting sawtooth.validator.transaction_families changed from None to [{"family": "intkey", "version": "1.0"}, {"family":"sawtooth_settings", "version":"1.0"}, {"family":"sawtooth_validator_registry", "version":"1.0"}]' | ||
| .. Licensed under Creative Commons Attribution 4.0 International License | ||
| .. https://creativecommons.org/licenses/by/4.0/ | ||