ICON Node Installation — Docker + AWS
In this tutorial article we will be setting up a P-Rep node on the ICON network (TestNet) using docker images, deploying the instances to Amazon Web Services (AWS).
Let’s first examine the requirements and make sure we have everything needed,
SW Requirements
OS requirements
- Linux (CentOS 7 or Ubuntu 16.04+)
Package requirements
- Docker 18.x or higher
For your reference, ICON node depends on the following packages. The packages are included in the P-Rep docker image that we provide, so you don’t need to install them separately.
- Python 3.6.5 or higher (3.7 is not supported)
- RabbitMQ 3.7 or higher
AWS EC2
In this tutorial we will go with Ubuntu 18.04, we’ll be working on AWS so make sure you have an account there.
Log in and launch EC2 dashboard, launch a new EC2 instance
From instance types, pick Ubuntu 18.04
Make sure to create a new private key, name it however you like. For security, we’ll be using the private key to log into the instance in the future.
Download the privatekey .pem
Next we’ll allocate a static IP and associate it to the instance
Top right of the EC2 dashboard you’ll find “Elastic IPs”, click on it and allocate from the Amazon pool. Right click on the newly allocated IP and associate it to the instance that we just created
Now we’re ready for installation, log into the instance with the private key we downloaded earlier.
For windows users using PuTTY, follow this guide https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html to convert the .pem into .ppk file.
For mac users you can simply SSH from terminal with the downloaded .pem
Log into the server (ubuntu@public_dns_name), port 22 (load ppk under SSH->auth menu for PuTTY).
Let’s inspect the installation document https://www.icondev.io/docs/p-rep-installation-and-configuration
We see the first requirement is to download an IP whitelist from the
IP List: https://download.solidwallet.io/conf/prep_iplist.json
ICON foundation will maintain the IP list of P-Reps. The JSON file will contain the list of IPs. You should configure your firewalls to allow in/outbound traffic from/to the IP addresses. Following TCP ports should be open.
Port 7100: Used by gRPC for peer to peer communication between nodes.
Port 9000: Used by JSON-RPC API server.
This has been updated to dynamic IP update, P-Reps no longer need to download an IP list manually. The IP list will be updated automatically on a daily basis from the endpoint of the seed node inside the P-Rep Node Docker.
Install P-Rep Node
## Update the apt package index:
$ sudo apt-get update
## Install necessary packages:
$ sudo apt-get install -y systemd apt-transport-https ca-certificates curl gnupg-agent software-properties-common
## Add Docker's official GPG key:
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
## Add the apt repository
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
## Update the apt package index:
$ sudo apt-get update
## Install docker-ce:
$ sudo apt-get -y install docker-ce docker-ce-cli containerd.io
## Add your user to the docker group with the following command.
$ sudo usermod -aG docker $(whoami)
## Set Docker to start automatically at boot time:
$ sudo systemctl enable docker.service
## Finally, start the Docker service:
$ sudo systemctl start docker.service
## Then we'll verify docker is installed successfully by checking the version:
$ sudo docker versionIf everything was installed correctly you should get something similar to
Client:
Version: 18.09.6
API version: 1.39
Go version: go1.10.8
Git commit: 481bc77
Built: Sat May 4 02:35:57 2019
OS/Arch: linux/amd64
Experimental: falseServer: Docker Engine - Community
Engine:
Version: 18.09.6
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 481bc77
Built: Sat May 4 01:59:36 2019
OS/Arch: linux/amd64
Experimental: false
Next install docker compose
## Install python-pip
$ sudo apt-get install -y python3-pip
## Then install Docker Compose:
$ sudo pip3 install docker-compose
## To verify the successful Docker Compose installation, run:
$ docker-compose versionBy now we have docker installed and we can simply pull the latest iconloop prep-node image
$ sudo docker pull iconloop/prep-node:1904111713xdde258Create a new docker-compose.yml
$ sudo touch docker-compose.yml
$ sudo nano docker-compose.ymlAnd paste the following content
version: '3'
services:
container:
image: 'iconloop/prep-node:1904111713xdde258'
container_name: 'prep-node'
volumes:
- ./data:/data
ports:
- 9000:9000
- 7100:7100Now we’ll run docker-compose with the above file
$ sudo docker-compose up -dYou can run
$ sudo docker psat any time to see which containers are running (and its health state under Status). You can also run
$ curl localhost:9000/api/v1/status/peerto view node status similar to the following
{
"made_block_count": 0,
"status": "Service is online: 0",
"state": "Vote",
"peer_type": "0",
"audience_count": "0",
"consensus": "siever",
"peer_id": "hx1787c2194f56bb550a8daba9bbaea00a4956ed58",
"block_height": 184,
"round": 1,
"epoch_height": 186,
"unconfirmed_block_height": 0,
"total_tx": 93,
"unconfirmed_tx": 0,
"peer_target": "20.20.1.195:7100",
"leader_complaint": 185,
"peer_count": 5,
"leader": "hx7ff69280a1483c660695039c14ba954bb101bb66",
"epoch_leader": "hx7ff69280a1483c660695039c14ba954bb101bb66",
"mq": {
"peer": {
"message_count": 0
},
"channel": {
"message_count": 0
},
"score": {
"message_count": 0
}
}
}Also notice data folder should be created with the following structure
.
|---- data
| |---- PREP-TestNet → Default ENV directory
| |---- .score_data
| | |-- db → root directory that SCOREs will be installed
| | |-- score → root directory that the state DB file will be created
| |---- .storage → root directory that the block DB will be stored
| |---- log → root directory that log files will be storedWhere you will find miscellaneous logs, for instance, this node isn’t whitelisted by ICON P-Rep team yet, so running the docker container will result in the following error under booting log
[2019-05-23 15:54:12.600] Your IP: 3.15.102.228
[2019-05-23 15:54:12.602] RPC_PORT: 9000 / RPC_WORKER: 3
[2019-05-23 15:54:12.605] DEFAULT_PATH=/data/PREP-TestNet in Docker Container
[2019-05-23 15:54:12.607] DEFAULT_LOG_PATH=/data/PREP-TestNet/log
[2019-05-23 15:54:12.610] DEFAULT_STORAGE_PATH=/data/PREP-TestNet/.storage
[2019-05-23 15:54:12.613] scoreRootPath=/data/PREP-TestNet/.score_data/score
[2019-05-23 15:54:12.615] stateDbRootPath=/data/PREP-TestNet/.score_data/db
[2019-05-23 15:54:12.618] P-REP package version info - 1904111713xdde258
[2019-05-23 15:54:14.979] iconcommons 1.0.5.1 iconrpcserver 1.2.6 iconservice 1.2.2 loopchain 2.1.2
[2019-05-23 15:54:16.152] [ERROR] Download Failed - https://download.solidwallet.io/cert/3.15.102.228_public.der status_code=403
[2019-05-23 15:54:16.155] [ERROR] Unauthorized IP address, Please contact our support team
[2019-05-23 15:54:16.158] [ERROR] Your External IP:3.15.102.228 / Your Enviroment IPADDR:3.15.102.228You node should be configured now. Let’s visit security settings again, recall that we needed to enable TCP 7100 and 9000 to the peers (whitelisted IPs). This was the case during testnet phase 1, in testnet phase 2 and onwards, the foundation will register all P-Rep IPs on-chain daily, so we no longer need to keep track of whitelisted IPs. For now we’ll configure port 7100 and 9000 to everyone, go to security group, I am using launch-wizard-1 which is the default security policy created by AWS at launch. Add Custom TCP Rule to allow traffic from port 9000 and 7100.
This should be it, you’ll be able to produce and verify blocks on the testnet once whitelisted to our testnet program. We’ll explore more about node security, failover strategies and high availability operations in future articles.
Also check back to the official installation and configuration documentation frequently: https://www.icondev.io/docs/p-rep-installation-and-configuration, the document will be kept up-to-date when new information become available.
