Skip to content
Last update: June 9, 2022

GoQuorum command line options

This reference describes the syntax of the GoQuorum command line interface (CLI) options.

Important

GoQuorum is based on the Geth Go Ethereum client but only the GoQuorum-specific CLI options are listed here. Visit the Go Ethereum documentation to view the CLI options for the geth command.

Specifying options

You can specify GoQuorum options:

Options

allowedfutureblocktime

--allowedfutureblocktime <INTEGER>
--allowedfutureblocktime 1

Maximum time from current time allowed for blocks before they’re considered future blocks, in seconds. This allows nodes to be slightly out of sync without receiving “Mining too far in the future” messages. The default is 0.

emitcheckpoints

--emitcheckpoints

If included, emits specially formatted logging checkpoints.

immutabilitythreshold

--immutabilitythreshold <INTEGER>
--immutabilitythreshold 1000000

Overrides the default immutability threshold for GoQuorum nodes. Blocks below the immutability threshold are moved to the ancient data folder. The default is 3162240.

multitenancy

--multitenancy
--multitenancy

Enables multi-tenancy. This requires the JSON-RPC Security plugin to also be configured.

override.istanbul

--override.istanbul <INTEGER>
--override.istanbul 100

Custom fork block when using IBFT or QBFT consensus. The default is 0.

permissioned

--permissioned
--permissioned

Enables basic network permissioning. The node allows only a defined list of nodes to connect.

plugins

--plugins file:///<path>/<to>/plugins.json
--plugins file:///opt/geth/plugins.json

URI of the plugins settings JSON file. Use this to configure plugins.

plugins.localverify

--plugins.localverify

If included, verifies plugin integrity from the local file system. This requires a plugin signature file and PGP public key file to be available.

plugins.publickey

--plugins.publickey file:///<path>/<to>/<publicKeyFile>
--plugins.publickey file:///opt/geth/pubkey.pgp.asc

URI of the PGP public key for local plugin verification. This option is only valid if --plugins.localverify is set.

plugins.skipverify

--plugins.skipverify

If included, disables the plugin verification process.

privacymarker.enable

--privacymarker.enable

If included, GoQuorum creates a privacy marker transaction when a private transaction is submitted.

ptm.dialtimeout

--ptm.dialtimeout <INTEGER>
---ptm.dialtimeout 0

Dial timeout in seconds for the private transaction manager connection. Setting to 0 disables the timeout. The default is 1 second.

ptm.http.idletimeout

--ptm.http.idletimeout <INTEGER>
---ptm.http.idletimeout 0

Idle timeout in seconds for the private transaction manager connection. Setting to 0 disables the timeout. The default is 10 seconds.

ptm.http.readbuffersize

--ptm.http.readbuffersize <INTEGER>
---ptm.http.readbuffersize 0

Size of the read buffer in bytes for the private transaction manager connection. Setting to 0 or not specifying uses the http.Transport default.

ptm.http.writebuffersize

--ptm.http.writebuffersize <INTEGER>
---ptm.http.writebuffersize 0

Size of the write buffer in bytes for the private transaction manager connection. Setting to 0 or not specifying uses the http.Transport default.

ptm.socket

--ptm.socket <path>/<to>/<ipc>/<file>
---ptm.socket qdata/c1/tm.ipc

Path to the IPC file when using a Unix domain socket for the private transaction manager connection.

ptm.timeout

--ptm.timeout <INTEGER>
---ptm.timeout 0

Timeout in seconds for communication over the private transaction manager connection. Setting to 0 disables the timeout. The default is 5 seconds.

ptm.tls.clientcert

--ptm.tls.clientcert <path>/<to>/<client_cert_pem_file>
---ptm.tls.clientcert client.cert.pem

Path to the file containing the client certificate (or chain of certificates) when using a TLS connection to the private transaction manager. This is required if the server is configured to use two-way authentication.

ptm.tls.clientkey

--ptm.tls.clientkey <path>/<to>/<client_key_pem_file>
---ptm.tls.clientkey client.key.pem

Path to the file containing the client’s private key when using a TLS connection to private transaction manager. This is required if the server is configured to use two-way authentication.

ptm.tls.insecureskipverify

--ptm.tls.insecureskipverify

If included, disables verification of the server’s TLS certificate on connection to private transaction manager.

ptm.tls.mode

--ptm.tls.mode <STRING>
---ptm.tls.mode "strict"

Setting to off disables TLS. Setting to strict enables TLS when using an HTTPS connection to the private transaction manager.

ptm.tls.rootca

--ptm.tls.rootca <path>/<to>/<rootca_pem_file>
---ptm.tls.rootca certfile.pem

Path to the file containing the root CA certificate when using a TLS connection to the private transaction manager. The default is the host’s certificates.

ptm.url

--ptm.url <URL>
---ptm.url "https://127.0.0.1:9101"

URL when using an HTTP/HTTPS connection to the private transaction manager.

qlight.client

--qlight.client

Enables the qlight client P2P protocol.

qlight.client.psi

--qlight.client.psi <STRING>
--qlight.client.psi "private"

PSI the qlight client uses to connect to a server node. The default is private.

qlight.client.rpc.tls

--qlight.client.rpc.tls

Enables the qlight client RPC connection to use TLS.

qlight.client.rpc.tls.cacert

--qlight.client.rpc.tls.cacert <path>/<to>/<client-RPC certicate-auth-file>
--qlight.client.rpc.tls.cacert certfile.pem

Path to the qlight client RPC client certificate authority file.

qlight.client.rpc.tls.cert

--qlight.client.rpc.tls.cert <path>/<to>/<client-RPC-client-certificate-file>
--qlight.client.rpc.tls.cert certfile.pem

Path to the qlight client RPC client certificate file.

qlight.client.rpc.tls.insecureskipverify

--qlight.client.rpc.tls.insecureskipverify

Enables the qlight client RPC connection to skip TLS verification.

qlight.client.rpc.tls.key

--qlight.client.rpc.tls.key <path>/<to>/<client_TLS_key_pem_file>
--qlight.client.rpc.tls.key client.TLS.key.pem

Path to the qlight client RPC client certificate private key.

qlight.client.serverNode

--qlight.client.serverNode <nodeID>
--qlight.client.serverNode 0xc35c3...d615f

The node ID of the target server node.

qlight.client.serverNodeRPC

--qlight.client.serverNodeRPC <URL>
--qlight.client.serverNodeRPC "http://127.0.0.1:8888"

The RPC URL of the target server node.

qlight.client.token.enabled

--qlight.client.token.enabled

Enables the client to use a token when connecting to the qlight server.

qlight.client.token.management

--qlight.client.token.management <string>
--qlight.client.token.management "none"

Mechanism used to refresh the token. Possible values:

  • none - Developer mode. The token is not refreshed.
  • external - You must update the refreshed token in the running qlight client process by invoking the qlight.setCurrentToken RPC API.
  • client-security-plugin - You must deploy the client security plugin, which periodically refreshes the access token.

qlight.client.token.value

--qlight.client.token.value <TOKEN>
--qlight.client.token.value "bearer AYjcyMzY3ZDhiNmJkNTY"

Token the qlight client uses to connect to a server node.

qlight.server

--qlight.server

Enables the qlight server P2P protocol.

qlight.server.p2p.maxpeers

--qlight.server.p2p.maxpeers <INTEGER>
--qlight.server.p2p.maxpeers 10

Maximum number of qlight peers. The default is 10.

qlight.server.p2p.netrestrict

--qlight.server.p2p.netrestrict <NETWORK MASK>
--qlight.server.p2p.netrestrict "xyz"

Restricts network communication to the given IP networks (CIDR masks).

qlight.server.p2p.permissioning

--qlight.server.p2p.permissioning

Enables the qlight peers to check against a permissioned list and a disallowed list.

qlight.server.p2p.permissioning.prefix

--qlight.server.p2p.permissioning.prefix <prefix>
--qlight.server.p2p.permissioning.prefix "qlight"

Prefix for the permissioned-nodes.json and disallowed-nodes.json files specific for the qlight server to distinguish from other permissioned nodes. File format is the prefix name, followed by a hyphen, followed by the default file name. For example, qlight-permissioned-nodes.json.

qlight.server.p2p.port

--qlight.server.p2p.port=<INTEGER>
--qlight.server.p2p.port=30305

Port the qlight network listens to. The default is 30305.

qlight.tls

--qlight.tls

Enables the qlight client P2P protocol to use TLS.

qlight.tls.cacerts

--qlight.tls.cacerts <path>/<to>/<qlight_tls_cacert_file>
--qlight.tls.cacerts certfile.pem

Path to the certificate authorities file to use for validating P2P connection.

qlight.tls.cert

--qlight.tls.cert` <path>/<to>/<qlight_tls_cert_file>
--qlight.tls.cert certfile.pem

Path to the certificate file to use for the qlight P2P connection.

qlight.tls.ciphersuites

--qlight.tls.ciphersuites <STRING>
--qlight.tls.ciphersuites "CIPHER_SUITE_1,CIPHER_SUITE_2"

Cipher suites to use for the qlight P2P connection.

qlight.tls.clientauth

--qlight.tls.clientauth <INTEGER>
--qlight.tls.clientauth 0

Sets the method the client is authenticated. Possible values:

  • 0=NoClientCert (default)
  • 1=RequestClientCert
  • 2=RequireAnyClientCert
  • 3=VerifyClientCertIfGiven
  • 4=RequireAndVerifyClientCert

qlight.tls.key

--qlight.tls.key <path>/<to>/<qlight_tls_key_file>
--qlight.tls.key certfile.pem

Path to the key file to use for qlight P2P connection.

raft

--raft
--raft

Enables Raft for consensus.

raftblocktime

--raftblocktime <INTEGER>
--raftblocktime 100

Time between Raft block creations in milliseconds. The default is 50.

raftdnsenable

--raftdnsenable
--raftdnsenable

Enables DNS resolution of peers.

raftjoinexisting

--raftjoinexisting <INTEGER>
--raftjoinexisting 1

Raft ID to assume when joining a pre-existing cluster. The default is 0.

raftlogdir

--raftlogdir <DIRECTORY>
--raftlogdir raftlogdir

Raft log directory used for the quorum-raft-state, raft-snap, and raft-wal folders. Defaults to the datadir option.

raftport

--raftport <PORT>
--raftport 50500

Port to bind for the Raft transport. The default is 50400.

revertreason

--revertreason
--revertreason

Enables including the revert reason in the eth_getTransactionReceipt response.

rpcclitls.cacert

--rpcclitls.cacert <path>/<to>/<TLS-CA-pem-file>
--rpcclitls.cacert certfile.pem

Path to the file containing the CA certificate for the server’s TLS certificate when using a secured GoQuorum node connection.

rpcclitls.cert

--rpcclitls.cert <path>/<to>/<TLS-pem-file>
--rpcclitls.cert certfile.pem

Path to the file containing the server’s TLS certificate when using a secured GoQuorum node connection.

rpcclitls.ciphersuites

--rpcclitls.ciphersuites <STRING>
--rpcclitls.ciphersuites "CIPHER_SUITE_1,CIPHER_SUITE_2"

Comma-separated list of cipher suites to support when using a secured GoQuorum node connection.

rpcclitls.insecureskipverify

--rpcclitls.insecureskipverify

If included, disables verification of the server’s TLS certificate when using a secured GoQuorum node connection.

rpcclitoken

--rpcclitoken <STRING>
--rpcclitoken "AYjcyMzY3ZDhiNmJkNTY"

JSON-RPC client access token when using a secured GoQuorum node connection.

vm.calltimeout

--vm.calltimeout <INTEGER>
--vm.calltimeout 2

Timeout in seconds when executing eth_call. The default is 5.

Back to top