Skip to main content

GoQuorum command line options

This reference describes the syntax of the GoQuorum command line interface (CLI) options.

caution

GoQuorum is based on the Geth Go Ethereum client but only the GoQuorum-specific CLI options are listed here.

Visit the Go Ethereum documentation to view the CLI options for the geth command.

Specifying options

You can specify GoQuorum options:

Options

allowedfutureblocktime

--allowedfutureblocktime <INTEGER>

Maximum time from current time allowed for blocks before they're considered future blocks, in seconds. This allows nodes to be slightly out of sync without receiving "Mining too far in the future" messages. The default is 0.

emitcheckpoints

--emitcheckpoints

If included, emits specially formatted logging checkpoints.

immutabilitythreshold

--immutabilitythreshold <INTEGER>

Overrides the default immutability threshold for GoQuorum nodes. Blocks below the immutability threshold are moved to the ancient data folder. The default is 3162240.

multitenancy

--multitenancy

Enables multi-tenancy. This requires the JSON-RPC Security plugin to also be configured.

override.istanbul

--override.istanbul <INTEGER>

Custom fork block when using IBFT or QBFT consensus. The default is 0.

permissioned

--permissioned

Enables basic network permissioning. The node allows only a defined list of nodes to connect.

plugins

--plugins file:///<path>/<to>/plugins.json

URI of the plugins settings JSON file. Use this to configure plugins.

plugins.localverify

--plugins.localverify

If included, verifies plugin integrity from the local file system. This requires a plugin signature file and PGP public key file to be available.

plugins.publickey

--plugins.publickey file:///<path>/<to>/<publicKeyFile>

URI of the PGP public key for local plugin verification. This option is only valid if --plugins.localverify is set.

plugins.skipverify

--plugins.skipverify

If included, disables the plugin verification process.

privacymarker.enable

--privacymarker.enable

If included, GoQuorum creates a privacy marker transaction when a private transaction is submitted.

ptm.dialtimeout

--ptm.dialtimeout <INTEGER>

Dial timeout in seconds for the private transaction manager connection. Setting to 0 disables the timeout. The default is 1 second.

ptm.http.idletimeout

--ptm.http.idletimeout <INTEGER>

Idle timeout in seconds for the private transaction manager connection. Setting to 0 disables the timeout. The default is 10 seconds.

ptm.http.readbuffersize

--ptm.http.readbuffersize <INTEGER>

Size of the read buffer in bytes for the private transaction manager connection. Setting to 0 or not specifying uses the http.Transport default.

ptm.http.writebuffersize

--ptm.http.writebuffersize <INTEGER>

Size of the write buffer in bytes for the private transaction manager connection. Setting to 0 or not specifying uses the http.Transport default.

ptm.socket

--ptm.socket <path>/<to>/<ipc>/<file>

Path to the IPC file when using a Unix domain socket for the private transaction manager connection.

ptm.timeout

--ptm.timeout <INTEGER>

Timeout in seconds for communication over the private transaction manager connection. Setting to 0 disables the timeout. The default is 5 seconds.

ptm.tls.clientcert

--ptm.tls.clientcert <path>/<to>/<client_cert_pem_file>

Path to the file containing the client certificate (or chain of certificates) when using a TLS connection to the private transaction manager. This is required if the server is configured to use two-way authentication.

ptm.tls.clientkey

--ptm.tls.clientkey <path>/<to>/<client_key_pem_file>

Path to the file containing the client's private key when using a TLS connection to private transaction manager. This is required if the server is configured to use two-way authentication.

ptm.tls.insecureskipverify

--ptm.tls.insecureskipverify

If included, disables verification of the server's TLS certificate on connection to private transaction manager.

ptm.tls.mode

--ptm.tls.mode <STRING>

Setting to off disables TLS. Setting to strict enables TLS when using an HTTPS connection to the private transaction manager.

ptm.tls.rootca

--ptm.tls.rootca <path>/<to>/<rootca_pem_file>

Path to the file containing the root CA certificate when using a TLS connection to the private transaction manager. The default is the host's certificates.

ptm.url

--ptm.url <URL>

URL when using an HTTP/HTTPS connection to the private transaction manager.

qlight.client

--qlight.client

Enables the qlight client P2P protocol.

qlight.client.psi

--qlight.client.psi <STRING>

PSI the qlight client uses to connect to a server node. The default is private.

qlight.client.rpc.tls

--qlight.client.rpc.tls

Enables the qlight client RPC connection to use TLS.

qlight.client.rpc.tls.cacert

--qlight.client.rpc.tls.cacert <path>/<to>/<client-RPC certicate-auth-file>

Path to the qlight client RPC client certificate authority file.

qlight.client.rpc.tls.cert

--qlight.client.rpc.tls.cert <path>/<to>/<client-RPC-client-certificate-file>

Path to the qlight client RPC client certificate file.

qlight.client.rpc.tls.insecureskipverify

--qlight.client.rpc.tls.insecureskipverify

Enables the qlight client RPC connection to skip TLS verification.

qlight.client.rpc.tls.key

--qlight.client.rpc.tls.key <path>/<to>/<client_TLS_key_pem_file>

Path to the qlight client RPC client certificate private key.

qlight.client.serverNode

--qlight.client.serverNode <nodeID>

The node ID of the target server node.

qlight.client.serverNodeRPC

--qlight.client.serverNodeRPC <URL>

The RPC URL of the target server node.

qlight.client.token.enabled

--qlight.client.token.enabled

Enables the client to use a token when connecting to the qlight server.

qlight.client.token.management

--qlight.client.token.management <string>

Mechanism used to refresh the token. Possible values:

  • none - Developer mode. The token is not refreshed.
  • external - You must update the refreshed token in the running qlight client process by invoking the qlight.setCurrentToken RPC API.
  • client-security-plugin - You must deploy the client security plugin, which periodically refreshes the access token.

qlight.client.token.value

--qlight.client.token.value <TOKEN>

Token the qlight client uses to connect to a server node.

qlight.server

--qlight.server

Enables the qlight server P2P protocol.

qlight.server.p2p.maxpeers

--qlight.server.p2p.maxpeers <INTEGER>

Maximum number of qlight peers. The default is 10.

qlight.server.p2p.netrestrict

--qlight.server.p2p.netrestrict <NETWORK MASK>

Restricts network communication to the given IP networks (CIDR masks).

qlight.server.p2p.permissioning

--qlight.server.p2p.permissioning

Enables the qlight peers to check against a permissioned list and a disallowed list.

qlight.server.p2p.permissioning.prefix

--qlight.server.p2p.permissioning.prefix <prefix>

Prefix for the permissioned-nodes.json and disallowed-nodes.json files specific for the qlight server to distinguish from other permissioned nodes. File format is the prefix name, followed by a hyphen, followed by the default file name. For example, qlight-permissioned-nodes.json.

qlight.server.p2p.port

--qlight.server.p2p.port=<INTEGER>

Port the qlight network listens to. The default is 30305.

qlight.tls

--qlight.tls

Enables the qlight client P2P protocol to use TLS.

qlight.tls.cacerts

--qlight.tls.cacerts <path>/<to>/<qlight_tls_cacert_file>

Path to the certificate authorities file to use for validating P2P connection.

qlight.tls.cert

--qlight.tls.cert` <path>/<to>/<qlight_tls_cert_file>

Path to the certificate file to use for the qlight P2P connection.

qlight.tls.ciphersuites

--qlight.tls.ciphersuites <STRING>

Cipher suites to use for the qlight P2P connection.

qlight.tls.clientauth

--qlight.tls.clientauth <INTEGER>

Sets the method the client is authenticated. Possible values:

  • 0=NoClientCert (default)
  • 1=RequestClientCert
  • 2=RequireAnyClientCert
  • 3=VerifyClientCertIfGiven
  • 4=RequireAndVerifyClientCert

qlight.tls.key

--qlight.tls.key <path>/<to>/<qlight_tls_key_file>

Path to the key file to use for qlight P2P connection.

raft

--raft

Enables Raft for consensus.

raftblocktime

--raftblocktime <INTEGER>

Time between Raft block creations in milliseconds. The default is 50.

raftdnsenable

--raftdnsenable

Enables DNS resolution of peers.

raftjoinexisting

--raftjoinexisting <INTEGER>

Raft ID to assume when joining a pre-existing cluster. The default is 0.

raftlogdir

--raftlogdir <DIRECTORY>

Raft log directory used for the quorum-raft-state, raft-snap, and raft-wal folders. Defaults to the datadir option.

raftport

--raftport <PORT>

Port to bind for the Raft transport. The default is 50400.

revertreason

--revertreason

Enables including the revert reason in the eth_getTransactionReceipt response.

rpcclitls.cacert

--rpcclitls.cacert <path>/<to>/<TLS-CA-pem-file>

Path to the file containing the CA certificate for the server's TLS certificate when using a secured GoQuorum node connection.

rpcclitls.cert

--rpcclitls.cert <path>/<to>/<TLS-pem-file>

Path to the file containing the server's TLS certificate when using a secured GoQuorum node connection.

rpcclitls.ciphersuites

--rpcclitls.ciphersuites <STRING>

Comma-separated list of cipher suites to support when using a secured GoQuorum node connection.

rpcclitls.insecureskipverify

--rpcclitls.insecureskipverify

If included, disables verification of the server's TLS certificate when using a secured GoQuorum node connection.

rpcclitoken

--rpcclitoken <STRING>

JSON-RPC client access token when using a secured GoQuorum node connection.

vm.calltimeout

--vm.calltimeout <INTEGER>

Timeout in seconds when executing eth_call. The default is 5.