Setup a Linux Box for Polkadot Environment
Introduction
The purpose of this article is perhaps to be a rough guide, a step before installing local substrate nodes and Polkadot/Kusama nodes in an internet environment. This was necessary since the different installations of nodes with different usability require knowledge and preparation of Linux boxes, which are not commonly mentioned in Parity’s documentation.
The need for this was present since during node installation workshops some previous steps were necessary, and common, ranging from a simple archiving node (Archive Nodes) to even a validator (Validator Nodes). Therefore, the objective here is to prepare Linux to receive local nodes and nodes that will actually operate in a real environment. So let’s work with these situations.
Choosing a Linux Distro
There are several distros on the Linux market, however our choice is Ubuntu, as it is extremely popular and is based on Debian. Since Ubuntu is considered practically a “fork” of Debian, it is completely similar to it, in addition to having a series of operational facilitators for the novice sysadmin.
Ubuntu comes with a series of distros prepared for each of the most common market situations. From its desktop version (with a graphical environment with a series of tools), to already prepared for a cloud environment. As the purpose of this article is to make a local box be sure which version of the distro you want to install. There are two excellent tutorials on the Ubuntu website for both versions, links can be accessed below:
Ubuntu Desktop — https://ubuntu.com/tutorials/install-ubuntu-desktop#1-overview
Ubuntu Server — https://ubuntu.com/tutorials/install-ubuntu-server#1-overview
If possible always get the latest version which is the most up to date. In our case, I’m going to work with the server version, only with a shell, without a graphical environment.
Hardware Considerations
I believe because it is your first node, we have some important points to talk about in terms of hardware. We performed several installations of substrate nodes and managed to run on a simple I5 notebook with 4 Gbytes of Ram and a 320 Mbytes hard drive (even with graphical environment support). We recommend if you have access to better features, running on an i5 with at least 8 Gbytes of Ram and a hard drive of at least 500 Gbytes.
Our substrate node today runs on an I5 with 16 GBytes and a 500 Gbytes SSD. When we talk about valuers, we are talking about much more robust machines, with 64 Gbytes of RAM, an I7 quad-core, in this case we can think about working in a cloud environment, which can offer these resources in a cheaper and more reliable way. In our case we are going to set up a local machine with 8 Gbytes of RAM HD of 500 Gbytes on an I5 or similar AMD.
Security Issues
Here is an important point regarding our box. Normally nowadays many processes are run in Linux containers (Docker is one of the most popular and used ones), to provide the real segregation of processes. These technologies are used in several examples in the Parity documentation. But suppose you also want to configure your Linux so that it is not an easy victim of some hacker attacks. There’s a pretty cool security guide for Linux administrators from Linuxtopia.
This guide can be accessed here:
https://www.linuxtopia.org/online_books/linux_administrators_security_guide/
Security is a factor to be considered nowadays, even if our node is the simplest, these precautions are necessary. One of the important points is that Ubuntu does not allow root account access by default and this is basic in security. Many of the operations are done through the sudo command and we will cover some topics later.
Firewall
Ubuntu already comes with the traditional IPTABLES or Netfilter, easy to understand, safe and very robust. Ubuntu comes with a very interesting package called, UFW — Uncomplicated Firewall (https://ubuntu.com/server/docs/security-firewall) , which allows you to configure a firewall quickly and effectively. In the example below we can illustrate example rules for a node.
# Simple Rules
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# Then block the reserved network 10.* and 192.* on the interface eth0
iptables -A INPUT -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
# Then we allow SSH and Substrate ports
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp — dport 22:22 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp — dport 8000:8000 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp — dport 9944:9944 -j ACCEPT
# Now we block all incoming traffic to ports between 1 and 1024. For your system
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p tcp -m tcp — dport 1:1024 -j REJECT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p udp -m udp — dport 1:1024 -j REJECT
If you are not experienced with IPTABLES, we recommend reading this tutorial https://phoenixnap.com/kb/iptables-tutorial-linux-firewall
Installation of Packages for our Linux
There are a series of basic packages to install on our box and that will facilitate the installation of subtsrate packages and other clients. We will list below all the necessary ones with your upgrade.
a) Ubuntu Update — From time to time the packages in the repositories are updated to more current versions and with possible security fixes. Therefore, we recommend running the commands below after your first login:
$ sudo apt update
$ sudo apt upgrade
b) Complementary tools — There are a set of extra tools that must be installed that most ubuntu installations do not come with by default:
$ sudo apt install net-tools — default networking tools
$ sudo apt apt install mc — Midnight Commander, a file manager, with options for editing text, renaming files, copying, etc.
$ sudo apt install build-essential — essential tools for work
$ sudo apt install clang — compiler front end for the C, C++
$ sudo apt install git — a free and open source distributed version control system
$ sudo apt install curl — curl is a tool for transferring data from or to a server
These tools will be necessary for you to work smoothly before installing a node.
c) SSH (Secure Shell)
Installing the SSH service is only interesting if you cannot work locally in your box’s shell. Installation of Openssh is done as follows:
$ sudo apt install openssh-server
$ sudo systemctl enable — now ssh
A set of security and best practices can be seen here: https://www.howtoforge.com/openssh-security-hardening-guide-for-linux/
Preparing the Environment for Rust
The final step for our box is the installation of Rust and some packages so that we can run our substrate node. For this we have to install the following packages:
a) Node.js — Node.js can be defined as a server-side Javascript runtime environment. It allows developers to build scalable backend functionality using JavaScript, a language many are already familiar with from browser-based web development. Its installation is necessary so that we can have a series of resources for our environment. In the case of Ubuntu it is done as follows:
$ sudo apt install nodejs
$ sudo apt install npm
After installation check the version:
$ sudo node — version
$ sudo npm — version
In case you want to install a different version of the repository, we recommend this tutorial
https://www.digitalocean.com/community/tutorials/how-to-install-node-js-on-ubuntu-22-04
b) Yarn — Yarn is a JavaScript dependency manager. It is a standard tool used by many developers. To install on our server, type:
$ sudo apt install yarn
Yarn makes a series of shell changes so we recommend right after installation you run the following command:
$ source ~/.bashrcStep I Installation of Lib-SSL
$ sudo apt install — assume-yes git clang curl libssl-dev
Step II — Installation of Rustup
$ sudo curl — proto ‘=https’ — tlsv1.2 -sSf https://sh.rustup.rs | sh
Step III Updating our shell environment
$ source $HOME/.cargo/env
Step IV Rust Version Verification
$ sudo rustc — version
Step V — Installation of the Rust Toolchain — This step is very important!
$ sudo rustup default stable
$ sudo rustup update
$sudo rustup update nightly
$sudo rustup target add wasm32-unknown-unknown — toolchain nightly
Step VI — Toolchain Verification
$sudo rustup show
$sudo rustup +nightly show
The result should be as follows
# rustup show
active toolchain
— — — — — — — —
stable-x86_64-unknown-linux-gnu (default)
rustc 1.61.0 (fe5b13d68 2022–05–18)
# rustup +nightly show
active toolchain
— — — — — — — —
nightly-x86_64-unknown-linux-gnu (overridden by +toolchain on the command line)
rustc 1.63.0-nightly (e71440575 2022–06–02)
We are with Rust and ready to build our local blockchain based on our Substrate node.
Final Thoughts
This article is an effort to create a future hands on guide for you to prepare a linux box to run a Substrate node, or even possible Polakdot Kusama nodes. Our goal in the next articles is to build in a friendly way and teach you how to build a local Blockchain, interact with the Polkadot/Kusama ecosystem and even some Parachains such as Moonbeam.
In addition, we will show how we can create an environment to deploy smart contracts and other technologies. Remembering that it is very important that you have a good knowledge of network architecture and Polkadot architecture. We recommend reading the fundamentals on the Parity website (https://docs.substrate.io/fundamentals/) as it will give you a pretty cool foundation of the technology.
I’d like to hear from you about this guide! Reviews and suggestions are very welcome! Until our next article!