Configuring the notary worker nodes

In configuring the notary worker nodes, please note the following:

  • The X500 name of the notary service is configured in notary.serviceLegalName.
  • Put the IP address or host name of the nearest shared DB server first in the JDBC URL. When running a DB node and a notary worker node on a single machine, list the local IP first
  • In addition to the connection to the shared DB holding the notary state, each notary worker needs to have access to its own local node DB. See the dataSourceProperties section in the configuration file
  • Omit compatibilityZoneURL and set devMode = true when using the bootstrapper
  • When using CockroachDB, set generateNativeSql = true in the JPA block. This guarantees the best performance.
  • If using load balancers in front of Cockroach DB nodes, set maxLifetime in the jpa/dataSourceProperties block. Use a sensible value in milliseconds. A value of maxLifetime=600000 is equivalent to 10 minutes.
    • The value should be less than the load balancer idle timeout. This avoids false Hibernate warnings about closed connections.

The configuration below will result in the JPA notary implementation being used:

notary {
  jpa {
    connectionRetries={{ number of database replicas }}
    // Only required if using CockroachDB.
    generateNativeSql = true

    // Only required if the schema isn't the default schema of the user.
    database.schema = {{ schema name, e.g. corda_adm }}

    dataSourceProperties {
      autoCommit="false"
      jdbcUrl="jdbc:dbidentifier://{{ your cluster IPs }}/{{ DB name, e.g. corda }}"
      username={{ DB username }}
      password={{ DB password }}
      // Only required if using CockroachDB.
      maxLifetime=600000
    }
    database {
      validateSchema = true
    }
  }
  validating=false
  // Only required for an HA notary.
  serviceLegalName="O=HA Notary, C=GB, L=London"
}

compatibilityZoneURL = "https://example.com:1300"
devMode = false

rpcSettings {
  address : "localhost:18003"
  adminAddress : "localhost:18004"
}
keyStorePassword = ""
trustStorePassword = ""
p2pAddress : "{{ fully qualified domain name, e.g. host.example.com (or localhost in development) }}:{{ P2P port }}"

rpcUsers=[]
myLegalName : "O=Worker 1, C=GB, L=London"

// R3 recommends using Postgres for the node database, or an other supported
// database that you already have set up. Note that the notarised states
// are written to the shared notary database configured in `notary.jpa`.
dataSourceProperties = {
  dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
  dataSource.url = "jdbc:postgresql://[HOST]:[PORT]/postgres"
  dataSource.user = [USER]
  dataSource.password = [PASSWORD]
}
database = {
  schema = [SCHEMA]
}
jarDirs = [PATH_TO_JDBC_DRIVER_DIR]

See Node configuration for a complete reference.

The configuration below will result in the MySQL notary being used. Note the lack of the jpa configuration tag and the presence of the mysql configuration tag. Only the notary tag is included in this excerpt - the remainder of the configuration file does not change.

notary {
  mysql {
      connectionRetries={{ number of Percona nodes }}
      dataSource {
          autoCommit="false"
          jdbcUrl="jdbc:mysql://{{ your cluster IPs }}/{{ DB name, e.g. corda }}?rewriteBatchedStatements=true&useSSL=false&failOverReadOnly=false"
          username={{ DB username }}
          password={{ DB password }}
      }
  }
  validating=false
  serviceLegalName="O=HA Notary, C=GB, L=London"
}

Corda Enterprise comes with a tool for obfuscating secret values in configuration files, which is strongly recommended for production deployments. For a notary worker node, the database IP addresses, database user credentials, keyStore and trustStore password fields in the configuration file should be obfuscated. Usage instructions can be found on the Configuration Obfuscator page.

Note that configuration obfuscation can be used with any notary.

Your configuration should look something like this:

notary {
  [jpa or mysql] {
      connectionRetries=[NUMBER_OF_REPLICAS]
      dataSource {
          autoCommit="false"
          jdbcUrl="<encrypt{jdbc connection string}>"
          username=[USER_NAME]
          password="<encrypt{your-data-source-password}>"
      }
  }
  validating=false
  serviceLegalName="O=HA Notary, C=GB, L=London"
}

...

keyStorePassword = "<encrypt{your-key-store-password}>"
trustStorePassword = "<encrypt{your-trust-store-password}>"

...

dataSourceProperties = {
    dataSourceClassName = "org.postgresql.ds.PGSimpleDataSource"
    dataSource.url = "jdbc:postgresql://[HOST]:[PORT]/postgres"
    dataSource.user = [USER_NAME]
    dataSource.password = "<encrypt{your-data-source-password}>"
}

The notary service is registered with the CENM identity service using the registration tool as documented in notary registration. Once the service is registered, each worker node is registered using the initial-registration process. See joining a compatibility zone.

Was this page helpful?

Thanks for your feedback!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.

We're sorry this page wasn't helpful. Let us know how we can make it better!

Chat with us

Chat with us on our #docs channel on slack. You can also join a lot of other slack channels there and have access to 1-on-1 communication with members of the R3 team and the online community.

Create an issue

Create a new GitHub issue in this repository - submit technical feedback, draw attention to a potential documentation bug, or share ideas for improvement and general feedback.

Propose documentation improvements directly

Help us to improve the docs by contributing directly. It's simple - just fork this repository and raise a PR of your own - R3's Technical Writers will review it and apply the relevant suggestions.