Configuring the notary worker nodes
In configuring the notary worker nodes, please note the following:
- The X500 name of the notary service is configured in
notary.serviceLegalName
. - Put the IP address or host name of the nearest shared DB server first in the JDBC URL. When running a DB node and a notary worker node on a single machine, list the local IP first
- In addition to the connection to the shared DB holding the notary state, each notary worker needs to have access to its own local node DB. See the dataSourceProperties section in the configuration file
- Omit
compatibilityZoneURL
and setdevMode = true
when using the bootstrapper
The configuration below will result in the JPA notary implementation being used:
notary {
jpa {
connectionRetries={{ number of database replicas }}
// Only required if the schema isn't the default schema of the user.
database.schema = {{ schema name, e.g. corda_adm }}
dataSourceProperties {
autoCommit="false"
jdbcUrl="jdbc:dbidentifier://{{ your cluster IPs }}/{{ DB name, e.g. corda }}"
username={{ DB username }}
password={{ DB password }}
}
database {
validateSchema = true
}
}
validating=false
// Only required for an HA notary.
serviceLegalName="O=HA Notary, C=GB, L=London"
}
compatibilityZoneURL = "https://example.com:1300"
devMode = false
rpcSettings {
address : "localhost:18003"
adminAddress : "localhost:18004"
}
keyStorePassword = ""
trustStorePassword = ""
p2pAddress : "{{ fully qualified domain name, e.g. host.example.com (or localhost in development) }}:{{ P2P port }}"
rpcUsers=[]
myLegalName : "O=Worker 1, C=GB, L=London"
// We recommend using Postgres for the node database, or an other supported
// database that you already have set up. Note that the notarised states
// are written to the shared notary database configured in `notary.jpa`.
dataSourceProperties = {
dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
dataSource.url = "jdbc:postgresql://[HOST]:[PORT]/postgres"
dataSource.user = [USER]
dataSource.password = [PASSWORD]
}
database = {
schema = [SCHEMA]
}
jarDirs = [PATH_TO_JDBC_DRIVER_DIR]
See Node configuration for a complete reference.
MySQL notary (deprecated)
The configuration below will result in the MySQL notary being used. Note the lack of
the jpa
configuration tag and the presence of the mysql
configuration tag. Only the
notary
tag is included in this excerpt - the remainder of the configuration file does not
change.
notary {
mysql {
connectionRetries={{ number of Percona nodes }}
dataSource {
autoCommit="false"
jdbcUrl="jdbc:mysql://{{ your cluster IPs }}/{{ DB name, e.g. corda }}?rewriteBatchedStatements=true&useSSL=false&failOverReadOnly=false"
username={{ DB username }}
password={{ DB password }}
}
}
validating=false
serviceLegalName="O=HA Notary, C=GB, L=London"
}
Configuration Obfuscation
Corda Enterprise comes with a tool for obfuscating secret values in configuration files, which is strongly recommended for production deployments.
For a notary worker node, the database IP addresses, database user credentials, keyStore
and trustStore
password fields in
the configuration file should be obfuscated. Usage instructions can be found on the
Configuration Obfuscator page.
Note that configuration obfuscation can be used with any notary.
Your configuration should look something like this:
notary {
[jpa or mysql] {
connectionRetries=[NUMBER_OF_REPLICAS]
dataSource {
autoCommit="false"
jdbcUrl="<encrypt{jdbc connection string}>"
username=[USER_NAME]
password="<encrypt{your-data-source-password}>"
}
}
validating=false
serviceLegalName="O=HA Notary, C=GB, L=London"
}
...
keyStorePassword = "<encrypt{your-key-store-password}>"
trustStorePassword = "<encrypt{your-trust-store-password}>"
...
dataSourceProperties = {
dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
dataSource.url = "jdbc:postgresql://[HOST]:[PORT]/postgres"
dataSource.user = [USER_NAME]
dataSource.password = "<encrypt{your-data-source-password}>"
}
Obtaining the notary service identity
The notary service is registered with the CENM identity service using the registration tool as documented in
notary registration.
Once the service is registered, each worker node is registered using the initial-registration
process. See ../joining-a-compatibility-zone.