-
Notifications
You must be signed in to change notification settings - Fork 35.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a switch to allow running in a pruned state #4481
Conversation
I think this is acceptable so long as you add a "-allowpruned" option that disables the "we have all blocks" check on startup and unsets the NODE_NETWORK service bit. (meaning we act like a SPV client) You could argue with that you might as well not disconnect peers that ask for blocks you don't have, as you aren't advertising that you have any blocks at all. That might be useful for some types of local usage, and probably does no harm. |
Agree with @petertodd here. If you don't run a full node, you should not have it advertise NODE_NETWORK. The P2P protocol at this point does not support advertising availability of only ranges of blocks, and disconnecting anyone that happens to request a block that's missing seems very crude. Also: |
@laanwj Good point. You could make pruning just disable some wallet functionality, but disabling all wallet functionality is simpler for now - we might not have the wallet in the future anyway. |
Thanks for the feedback. Pull updated, addressing the input. |
I like the idea of an UTXO-only, non-archival node.
|
@ashleyholman: I guess we should try and test fully what happens unsetting the flag, but that looks like the sensible thing to do. |
It should also check that so much hasn't been removed that it can't survive realistic reorganizations... a bunch of nodes that just refuse to reorg would be fairly harmful to the network (not to mention their users!). I'd suggest the check go back 288 blocks from tip since thats our default for the extensive checkblocks. This also needs at least a modest testplan to check that none of the exposed RPCs will crash, and that any that would crash are disabled. It should also be made incompatible with txindex. |
We may also want to leave this out of usage until it's had a fair amount of testing (e.g. in the first release with it)... esp I'd worry that there may be additional network triggerable misbehavior from places where this violates assumptions. |
So after giving this more though, instead of allowpruned— why not just go all the way and have a pruned=1 ... with the logic that if our validated height is >100k and a blockfiles highest block is <tip-288, just delete the block file? This would allow you to sync up without much free disk space (the first 119k blocks are small and fit in the first block file). |
(Sipa pointed out to me that the rational for the 100k limit was not obvious. The reason I proposed that was because without it if someone gave you a 400 block reorg during the very early initial block download you would not recover. The 100k limit gets the difficulty to a non-completely-trivial level, and is also few enough that its still in a single block file, so there would be no peak usage increase. Better to have a total-work check, but that would probably need headers first in order to be easy to implement). |
UTXO only cannot be done without substantial work because the node would be unable to reorganize. |
Yeah, obviously autoprune is a way lower hanging fruit. Maybe after #4468 utxoonly can be possible, but yes, at a significantly cost. |
Right, I did not think about reorganizations. A node that would fall over on even a small reorganization would be pointless. And storing a few blocks isn't a problem. @gmaxwell's idea about keeping only the recent N>288 blocks when height>100k sounds great, and is how auto-pruning should work. |
WRT UTXO-only, we'd also need to add code to hash the undo files, and add network code to fetch them (and make the undo datastructure normative along the way)... Or, just don't delete the undo files but this is unattractive since there is currently about 2gb of undo data. So I think for now we should just do the autopruned which disables the wallet and txindex and keeps enough blocks that reorg failure is very unlikely. Then we can think about the above steps with the undo data, along with keeping the ability to remain acting as a node-network. |
Shouldn't this also disable UPNP as the only reason it is used is to allow incoming connections to possibly sync from your node? |
I wouldn't bother, as we'll want to let nodes advertise useful services beyond the blockchain, e.g. tx relaying. On 12 July 2014 10:28:41 BST, Warren Togami notifications@github.com wrote:
|
We don't want to disable listening or UPNP because you may want to use the node with p2pool or the like, but we should probably suppress address messages when we're not node-network. I think that should just wait until another pull though. |
@gmaxwell Sounds good to me. On 12 July 2014 13:32:58 GMT+01:00, Gregory Maxwell notifications@github.com wrote:
|
Looks mostly OK, modulo nits. Do we want to be able to find pruned nodes? Seems like allocating a NODE_xxx service bit in this PR is appropriate. |
The bit ought to depend on willingness to at least relay the most recent N transactions from the tip. N=288 by definition sounds good to me, but if it's in the bit definition perhaps it needs more shed painting, which is why I didn't recommend this above (for this pull, e.g. we could do it in a separate one). |
@gmaxwell To forestall shed painting, I observe that NODE_NETWORK behavior has varied over time; only it's general definition "a full node!" has remained static. As such, it seems reasonable to add NODE_PRUNED or whatever we want to call the high level attribute being advertised. If it's only minor tweaks to find a good value for N, that seems like something that could be performed in-tree before the next release. It's all about communication. A release note "NODE_PRUNED is experimental until 0.11" can further extend the life. |
What about adding a service bit NODE_UTXO? And then having full nodes advertise it as well? This has been proposed before and I think that was a good suggestion (by @maaku?). Pruned nodes would only advertise NODE_UTXO. This would give NODE_NETWORK - starting from version X - the meaning of 'can serve blocks', and NODE_UTXO the meaning of 'tracks UTXO and can validate transactions'. This way, service bits actually tell about provided services. I like 'negative' service bits like NODE_PRUNED considerably less. |
I would move the meaning of block-servavility out of NODE_NETWORK, not the As to the meaning itself, I have previously proposed to use 2 service bits, |
I was trying to avoid the granularity rathole here. :) Can we please put the new flag in a subsequent pull to avoid delaying this based on that? The approach of removing node network on a pruning node is safe if far from perfect... and will suffice until the extra behavior is hammered out. |
I see that shed painting was not forestalled, @gmaxwell :) ACK |
Most nits has been addressed, and I added a branch in my repository for anybody willing to test the rejection instead of disconnecting case: https://github.com/Criptomonedas/bitcoin/tree/prunedreject It seems to work pretty fine, just a little more resource wasteful than disconnecting. |
utACK |
ut? |
+1 |
You would want to serve not just the most recent blocks, but also a On 07/14/2014 08:03 AM, Pieter Wuille wrote:
|
@maaku absolutely, but I think we should do that as part of a pull that turns back on network services bits. This pull just turns the node into a client, and the only reason to keep any blocks at all is otherwise a reorg leaves the node stuck and it needs a total (30gbyte) reinit, and while it's stuck it's forked and potentially following a losing chain. |
#ifdef ENABLE_WALLET | ||
if (fAllowPruned) { | ||
if (SoftSetBoolArg("-disablewallet", true)) | ||
LogPrintf("AppInit2 : parameter interaction: -allowpruned=1 -> setting -disablewallet=1\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those checks and the message don't belong here but in Step 2: parameter interactions
in init.
@@ -97,6 +97,7 @@ string strMiscWarning; | |||
bool fLogTimestamps = false; | |||
bool fLogIPs = false; | |||
volatile bool fReopenDebugLog = false; | |||
bool fPruned = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This really doesn't belong in util.
I'd say main, but apparently you need it inside net, which feels wrong. Feel like moving the pnodeLocalHost code to init?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about passing an extra parameter to StartNode to allow setting the service bits from the caller in init? Would that be a correct solution? It would seem to be simpler and less invasive, wouldn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree it does not belong in util, but also a parameter to StartNode does not seem appropriate. See NODE_EXT_SERVICES in the following WIP branch at https://github.com/jgarzik/bitcoin/tree/2014_ext_services
@jgarzik Please, let's not make this dependent on how to expose this functionality to the network yet, that can come later. All we need for now is something that disables full node functionality when running pruned. EDIT: Oh, you mean just modifying nLocalServices from init? That seems fine too. |
@sipa Correct, that's all I meant. Local service configuration will ultimately be multi-step, and can be handled directly from init. |
feaff36
to
d00a934
Compare
Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/p4481_d00a934cc05301d6a08f8d686428c4fd704ed76b/ for binaries and test log. |
Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/p4481_eae33b1af4f866257a84bcb438a1768fff07a63e/ for binaries and test log. |
Untested ACK. |
There are a few changes I'd like to make, but let's do that post-merge:
EDIT: this is actually about #4701. |
Added incompatibility with -txindex, as requested. |
Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/p4481_9045aa715c2a043af244d14170fc11b84f986dcb/ for binaries and test log. |
The check is now simpler, somewhat more efficient, and covers more data, to be sure the node can reorganize.
These are the main functional changes on this state: * Do not allow running with a wallet or a txindex. * Check for data at startup is mandatory up to last 288 blocks. * NODE_NETWORK flag is unset. * Requests for pruned blocks from other peers is answered with "notfound" and they are disconnected, not to stall their IBD. * The range of blocks pruned is logged.
9045aa7
to
efbf886
Compare
Automatic sanity-testing: PASSED, see http://jenkins.bluematt.me/pull-tester/p4481_efbf886cbe560950f432b5af78f63d4a57c81b51/ for binaries and test log. |
To avoid stalling the downloads of other peers, we disconnect those
who ask us for a block we don't have anymore.