New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tessera process continue to throw exceptions and private transactions don't go through on distributed node/+ tessera setup #804
Comments
Hey. Two things here:
|
Thanks, @prd-fox. Well, we are building an open blockchain network with tesseras so we have to keep the discovery ON. So we have multiple such networks running and node of one network seem to discover nodes of other networks, as I described above. In one of our blockchain setup, we have tessera nodes running with Docker containers which are obviously given internal bridge IP address i.e. 172.. P2P serverIPAddress uses 172. and it passes the same to other nodes via /partyinfo |
Okay, so discovery must remain on, presumably because you may be adding other nodes to that network in the future? You have multiple networks, but they must not cross over. I am imagining a scenario like this: Network1: Network2: Now the problem is that the two networks have somehow crossed over to create one single network with all 6 nodes? |
Yes, the network will look like this. |
It makes sense. This is a misconfiguration, since the Docker containers should be set up with an externally accessible IP address, but I agree that the extra log noise is annoying. We will look to reduce that. Additionally, in the scenario I gave above, the only way for the networks to be merged is for one of the nodes to have added a node from the other network to it's startup list (or at runtime using the specific API endpoint for this). Again, the log noise will be annoying, but they two networks won't automatically merge, someone configured their node to do this. |
@prd-fox I submitted a pull request for this ticket. You can review and accept. Of course, we need to make one change, which is more universally accepted field name than "ledgerID" which is used in the code at present. |
Hi @golashr, We discussed the PR within ourselves and came to the conclusion that we are specifically targeting a permissioned environment rather than a public, non-permissioned one. Since in a permissioned environment, all the nodes should be happy to connect to each other, with other settings (such as the peer discovery flag, TLS certs) used to keep unwanted participants out. I have created another issue (#805) where we have identified a number of places that our logging can be improved, so you can track that there. Thanks for the contribution, we appreciate the interest in Tessera (and Quorum as a whole) even if we didn't accept the PR |
@prd-fox I am not sure how logging or setting it up with TLS certs will help the cause. Peer discovery can't be off as I explained before. TLS will only secure the network traffic but tessera node will still connect with externally accessible IP addresses. Appreciate if you can keep the issue open for further discussion. Thanks. |
I'm still thinking in terms of permissioned networks, which yeah I guess you're not using here. |
After reviewing this again with the team, we came to the decision to still not merge this. |
@golashr - Do you have any more comments/questions before we close this issue ? |
System information
Geth version: 1.8.18-stable
Quorum version:quorum-v2.2.3
Tessera version: quorumengineering/tessera:0.9.1
OS & Version: Linux/OSX
Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-47-generic x86_64)
We have Geth+Tessera nodes deployed on distributed machines. Peer tessera nodes are mentioned in the peer list of tessera-config.json of each tessera node. The issue is, the tessera node discovers peer nodes outside the specified peer network too. If the discovered peer list seems to have an issue with connectivity, it throws exceptions and it continues.
The text was updated successfully, but these errors were encountered: