Database Snapshots
Database snapshots provide a point-in-time view of a database's store. In IOTA, the database snapshot captures a running database's view of the IOTA network from a particular node at the end of an epoch. While validators can enable snapshots, they are typically most valuable for Full node operators.
Snapshots of the IOTA network enable Full node operators a way to bootstrap a Full node without having to execute all the transactions that occurred after genesis. You can upload snapshots to remote object stores like S3, Google Cloud Storage, Azure Blob Storage, and similar services. These services typically run the export process in the background so there is no degradation in performance for your Full node. With snapshots stored in the cloud, you're more easily able to recover quickly from catastrophic failures in your system or hardware.
To maintain a healthy IOTA network, IOTA encourages the IOTA community to bring up additional snapshots to ensure stronger data availability across the network.
Supported snapshot types
IOTA supports two types of snapshots:
- RocksDB snapshots are a point-in-time view of a database store. This means that the snapshot keeps the state of the system at the moment it generates the snapshot, including non-pruned data, additional indices, and other data.
- Formal snapshots are database agnostic with a minimalistic format, in other words they contain only the data necessary to restore a node to a valid state at the specified epoch, thus they have a much smaller storage footprint and are generally faster to restore from when compared to database snapshots. Formal snapshots are also supported natively by the IOTA protocol. In this context, this means that we can cryptographically verify the contents of the formal snapshot against a commitment from the committee at the epoch we are restoring to. This verification happens automatically and by default during a Formal snapshot restore (unless explicitly bypassed).
Formal snapshots are not suitable for use if you are running an RPC node that does any historical data lookups. For more information on node data management, see Data Management.
You can configure a Full node snapshot to generate a state snapshot at the end of each epoch. A single Full node can generate RocksDB snapshots, Formal snapshots, or both.
Formal snapshots
Formal snapshots provide a mechanism for a node to restore to a canonical state (the state of a full pruned and compacted node at the end of an epoch) at some prior point in time without having to execute all the transactions that have occurred since genesis. Unlike existing database snapshots, these formal snapshots have the following properties:
- Minimalism: Formal snapshots currently contain only the end of epoch live object set (the set of all object versions eligible for use as input objects for future transactions). IOTA syncs all other critical chain information from the chain or derives it. Thus, formal snapshots contain only the necessary data required for a node to startup at epoch boundary and participate in the network.
- Agnosticism: Formal snapshots are by nature agnostic to the underlying database choice or implementation of the protocol. As the live object set is protocol defined, so is the formal snapshot.
- Verifiability: Formal snapshots have first-class support in the core IOTA protocol. As such, they must be trustless/verifiable by the node operator upon download. To support this, the protocol signs a commitment to the live object state at end of epoch, which formal snapshots are checked against at restore time. If this verification fails, the node state is moved back to the state before the snapshot restore attempt.
Because these snapshots do not contain indexes, they are most immediately useful for validators and state sync Full nodes (SSFNs). You can upload snapshots to remote object stores like S3, Google Cloud Storage, Azure Blob Storage, and similar services. These services typically run the export process in the background so there is no degradation in performance for your Full node. With snapshots stored in the cloud, you can recover from catastrophic failures in your system or hardware more efficiently.
Restoring a Full node using snapshots
Restoring using RocksDB snapshots
To restore from a RocksDB snapshot, follow these steps:
-
Download the snapshot for the epoch you want to restore to your local disk. There is one snapshot per epoch in s3 bucket.
-
Place the snapshot into the directory that the
db-config
value points to in yourfullnode.yaml
file. For example, if thedb-config
value points to/opt/iota/db/authorities_db/full_node_db
and you want to restore from epoch 10, then copy the snapshot to the directory with this command:You can use the aws cli (provided you have credentials to associate with the download):
aws s3 cp s3://<BUCKET_NAME>/epoch_10 /opt/iota/db/authorities_db/full_node_db/live --recursive
.An alternative is to use
iota-tool
to copy the files:iota-tool download-db-snapshot --latest \
--network <NETWORK> --snapshot-bucket <BUCKET-NAME> \
--snapshot-bucket-type <TYPE> --path <PATH-TO-NODE-DB> \
--num-parallel-downloads 25 \
--skip-indexes \
--no-sign-request--epoch
: The epoch that you want to download, for example200
. The buckets hosted by the IOTA Foundation will only keep the last 90 epochs, you can check the most recent epoch on the IOTA Explorer.--latest
: Rather than explicitly passing a epoch via--epoch
, you can pass the--latest
flag, which will automatically select the latest snapshot`--network
: Network to download snapshot for. Defaults to "mainnet".--path
: Path to snapshot directory on local filesystem.--no-sign-request
: If set,--snapshot-bucket
and--snapshot-bucket-type
are ignored, and Cloudflare R2 is used.--snapshot-bucket
: Source snapshot bucket name, egiota-mainnet-snapshots
. This cannot be used with--no-sign-request
.--snapshot-bucket-type
: Snapshot bucket type. S3 currently supported. This cannot be used with--no-sign-request
.--skip-indexes
: Skips downloading the very largeindexes/
dir, used by jsonrpc on the fullnode.
The following environment variables are used if
--no-sign-request
is not set:- AWS:
AWS_SNAPSHOT_ACCESS_KEY_ID
,AWS_SNAPSHOT_SECRET_ACCESS_KEY
,AWS_SNAPSHOT_REGION
-
When using
iota-tool download-db-snapshot
the database is copied to the location you pass to--path
, in a directory namedepoch_[NUM]
. Move this directory to thelive/
Full node database directory, for example/opt/iota/db/authorities_db/full_node_db/live
. -
Make sure you update the ownership of the downloaded directory to the
iota
user (or whichever linux user you runiota-node
as):sudo chown -R iota:iota /opt/iota/db/authorities_db/full_node_db/live
. -
Start the IOTA node.
When you restore a Full node from a snapshot, write it to the path /opt/iota/db/authorities_db/full_node_db/live
. To restore a Validator node, use the path /opt/iota/db/authorities_db/live
.
Restoring using Formal snapshots
To restore using a Formal snapshot, use the iota-tool
binary. iota-tool
can be downloaded along with other iota binaries.
See Install IOTA for more details.
The following steps can be used to restore a node from a Formal snapshot:
-
If it's running, stop the node.
-
Run the command:
iota-tool download-formal-snapshot --latest --genesis "<PATH-TO-GENESIS-BLOB>" \
--network <NETWORK> --snapshot-bucket <BUCKET-NAME> --snapshot-bucket-type <TYPE> \
--path <PATH-TO-NODE-DB> --num-parallel-downloads 50 --no-sign-request--epoch
: The epoch that you want to download, for example200
. The buckets hosted by the IOTA Foundation will only keep the last 90 epochs, you can check the most recent epoch on the IOTA Explorer.--genesis
: The path to the location of the network'sgenesis.blob
.--network
: Network to download snapshot for. Defaults to "mainnet".--path
: Path to snapshot directory on local filesystem.--no-sign-request
: If set,--snapshot-bucket
and--snapshot-bucket-type
are ignored, and Cloudflare R2 is used.--snapshot-bucket
: Source snapshot bucket name, egiota-mainnet-snapshots
. This cannot be used with--no-sign-request
.--snapshot-bucket-type
: Snapshot bucket type. S3 currently supported. This cannot be used with--no-sign-request
.
The following environment variables are used if
--no-sign-request
is not set:- AWS:
AWS_SNAPSHOT_ACCESS_KEY_ID
,AWS_SNAPSHOT_SECRET_ACCESS_KEY
,AWS_SNAPSHOT_REGION
IOTA Foundation managed snapshots
The IOTA Foundation hosts two tiers of snapshot storage access. High throughput, Requester Pays enabled buckets, and free, permissionless buckets.
Free, permissionless buckets:
- These are currently hosted on Cloudflare R2, currently only in North America, but we plan on adding more regions soon.
- Since the bucket is open to the internet, there's no need to provide any cloud credentials.
Bucket Names
S3
Testnet: s3://iota-rebased-testnet-snapshots/
, s3://iota-rebased-testnet-formal/
Devnet: s3://iota-rebased-devnet-snapshots/
, s3://iota-rebased-devnet-formal/
Enabling snapshots
Full nodes do not take snapshots by default. To enable this feature you must apply specific configs to your Full node.
Follow these steps to change the configs for a Full node:
- Stop your node, if it's running.
- Open your fullnode.yaml config file and apply config updates as the following sections show.
- Save the fullnode.yaml file and restart the node.
Enabling DB snapshots
Add an entry to the config file for db-checkpoint-config
. Using Amazon's S3 service as an example:
db-checkpoint-config:
perform-db-checkpoints-at-epoch-end: true
perform-index-db-checkpoints-at-epoch-end: true
object-store-config:
object-store: "S3"
bucket: "<BUCKET-NAME>"
aws-access-key-id: “<ACCESS-KEY>”
aws-secret-access-key: “<SHARED-KEY>”
aws-region: "<BUCKET-REGION>"
object-store-connection-limit: 20
object-store
: The remote object store to upload snapshots. Set as Amazon'sS3
service in the example.bucket
: The S3 bucket name to store the snapshots.aws-access-key-id
andaws-secret-access-key
: AWS authentication information with write access to the bucket.aws-region
: Region where bucket exists.object-store-connection-limit
: Number of simultaneous connections to the object store.
Enabling Formal snapshots
Add an entry to the config file for state-snapshot-write-config
. Using Amazon's S3 service as an example:
state-snapshot-write-config:
object-store-config:
object-store: "S3"
bucket: "<BUCKET-NAME>"
aws-access-key-id: “<ACCESS-KEY>”
aws-secret-access-key: “<SHARED-KEY>”
aws-region: "<BUCKET-REGION>"
object-store-connection-limit: 200
The configuration settings shown in the example are specific to AWS S3.