doc/catlfish-node.cfg.5.adoc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

:man source:   Catlfish
:man manual:   Catlfish Manual
CATLFISH-NODE.CFG(5)
====================

NAME
----
catlfish-node.cfg - catlfish node configuration

OPTIONS
-------
   **configurl**: __url__::
      URL to the global configuration file. The signature should be located at the same URL but with ".sig" appended. Handles http:, https:, and file: URL:s.
      When using file: URL:s, the magic cookie `CURRENTWORKINGDIRECTORY` can be used to indicate the current working directory.
      Example: `file:///CURRENTWORKINGDIRECTORY/myconfig.cfg` will refer to the file myconfig.cfg in the current directory.

   **ctapiaddress**: __ip-address__ (optional)::
      IP address and port for the external API if it is different from the global configuration, e.g. __10.0.0.1:443__.

   **dbbackend**: **permdb**|**fsdb** (default: fsdb)::
      The database backend that the node uses. **fsdb** uses plain files to store each database entry, using the database key as the filename.
      **permdb** uses a commit-based append-only file and has much better performance.

   **frontendaddress**: __ip-address__ (optional)::
      IP address and port for the frontend internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.

   **hsm**: ::

//    write description here

      **label**: __hsm-keyname__ (optional):::
         The name of the key in your HSM.

      **library**: __path__ (optional):::
         Path to the HSM library

      **pin**: __hsm-pin__ (optional):::
         The PIN used to access your HSM. If the first character is `@`, the rest of the string is a file name containing the PIN.

      **slot**: __hsm-slot__ (optional):::
         The slot number the key is in.

   **logadminkey**: __key__::
      The key that signs the global configuration file. In BASE64.

   **merge**: ::
      Configuration variables for merge nodes. Used when the node is the primary merge node.

      **backup-sendentries-chunksize**: __number-of-entries__:::
         Maximum number of entries to send to a backup node in one API call.

      **backup-sendlog-chunksize**: __number-of-entries__:::
         Maximum number of entry hashes to send to a backup node in one API call.

      **backup-window-size**: __number-of-entries__:::
         Maximum number of entries to distribute to a backupp node before verifying that the backup node has received them properly.

      **dist-sendentries-chunksize**: __number-of-entries__:::
         Maximum number of entries to send to a frontend node in one API call.

      **dist-sendlog-chunksize**: __number-of-entries__:::
         Maximum number of entry hashes to send to a frontend node in one API call.

      **dist-window-size**: __number-of-entries__:::
         Maximum number of entries to distribute to a frontend node before making the frontend node verify them.

      **min-delay**: __seconds__:::
         The interval between two attempts to create an STH.

   **mergeaddress**: __ip-address__ (optional)::
      IP address and port for the merge internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.

   **nodename**: __nodename__::
      Name of the node.

   **paths**: ::
//    write description here

      **configdir**: __path__:::
         The directory where compileconfig.py writes the Erlang configuration files.

      **db**: __path__:::
         The directory where the database is stored.

      **https_cacertfile**: __path__:::
         Certificate chain for the **https_certfile** certificate.

      **https_certfile**: __path__:::
         Certificate for the internal API.

      **https_keyfile**: __path__:::
         Private key for the **https_certfile** certificate.

      **knownroots**: __path__:::
         A directory with the root certificates that are accepted by the log, one per file, in PEM format, with a .pem filename extension.

      **logprivatekey**: __path__:::
         Private key for the log. Used on signing nodes that don\'t use an HSM.

      **privatekeys**: __path__:::
         Directory with the private key for this node in a file named __**nodename**-private.pem__

      **public_cacertfile**: __path__:::
         Certificate for the external API.

      **verifycert_bin**: __path__:::
         Path to verifycert.erl. Used on primary signing nodes.

   **publichttpaddress**: __ip-address__ (optional)::
      IP address and port for a non-HTTPS version of the external API, e.g. __10.0.0.1:80__.
      Use this if you need a plain HTTP server, e.g. if you are using a reverse proxy to handle the external requests.

   **ratelimits**: ::

//    write description here

      **add_chain**: __rate__:::
         Rate limiting of submissions to the log, formatted as "**frequency** per second|minute|hour", e.g. "10 per second".

   **signingaddress**: __ip-address__ (optional)::
      IP address and port for the signing internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.

   **storageaddress**: __ip-address__ (optional)::
      IP address and port for the storage internal API if it is different from the global configuration, e.g. __10.0.0.1:8443__.