Run a Dijets Node with AWS
Introduction#
This tutorial will guide you through setting up a Dijets node on Amazon Web Services (AWS). Cloud services like AWS are a good way to ensure that your node is highly secure, available, and accessible.
To get started, you'll need:
- An AWS account
- A terminal with which to SSH into your AWS machine
- A place to securely store and back up files
This tutorial assumes your local machine has a Unix style terminal. If you're on Windows, you'll have to adapt some of the commands used here.
Log Into AWS#
Signing up for AWS is outside the scope of this article, but Amazon has instructions here.
It is highly recommended that you set up Multi-Factor Authentication on your AWS root user account to protect it. Amazon has documentation for this here.
Once your account is set up, you should create a new EC2 instance. An EC2 is a virtual machine instance in AWS's cloud. Go to the AWS Management Console and enter the EC2 dashboard.
To log into the EC2 instance, you will need a key on your local machine that grants access to the instance. First, create that key so that it can be assigned to the EC2 instance later on. On the bar on the left side, under Network & Security, select Key Pairs.
Select Create key pair to launch the key pair creation wizard.
Name your key dijets. If your local machine has MacOS or Linux, select the
pem file format. If it's Windows, use the ppk file format. Optionally, you
can add tags for the key pair to assist with tracking.
Click Create key pair. You should see a success message, and the key file
should be downloaded to your local machine. Without this file, you will not be
able to access your EC2 instance. Make a copy of this file and put it on a
separate storage medium such as an external hard drive. Keep this file secret;
do not share it with others.
Create a Security Group#
An AWS Security Group defines what internet traffic can enter and leave your EC2 instance. Think of it like a firewall. Create a new Security Group by selecting Security Groups under the Network & Security drop-down.
This opens the Security Groups panel. Click Create security group in the top right of the Security Groups panel.
You'll need to specify what inbound traffic is allowed. Allow SSH traffic from your IP address so that you can log into your EC2 instance. (Each time your ISP changes your IP address, you will need to modify this rule. If your ISP changes regularly, you may allow SSH traffic from anywhere to avoid having to modify this rule frequently.) Allow TCP traffic on port 9651 so your node can communicate with other nodes on the network. Allow TCP traffic on port 9650 from your IP so you can make API calls to your node. It's important that you only allow traffic on this port from your IP. If you allow incoming traffic from anywhere, this could be used as an denial of service attack vector. Finally, allow all outbound traffic.
Add a tag to the new security group with key Name and valueDijets Security Group. This will enable us to know what this security group is when we see it
in the list of security groups.
Click Create security group. You should see the new security group in the list of security groups.
Launch an EC2 Instance#
Now you're ready to launch an EC2 instance. Go to the EC2 Dashboard and select Launch instance.
Select Ubuntu 20.04 LTS (HVM), SSD Volume Type for the operating system.
Next, choose your instance type. This defines the hardware specifications of the cloud instance. In this tutorial we set up a c5.2xlarge. This should be more than powerful enough since Dijets is a lightweight consensus protocol. To create a c5.2xlarge instance, select the Compute-optimized option from the filter drop-down menu.
Select the checkbox next to the c5.2xlarge instance in the table.
Click the Next: Configure Instance Details button in the bottom right-hand corner.
The instance details can stay as their defaults.
Add Storage, Tags, Security Group#
Click the Next: Add Storage button in the bottom right corner of the screen.
You need to add space to your instance's disk. You should start with at least 700GB of disk space. Although upgrades to reduce disk usage are always in development, on average the database will continually grow, so you need to constantly monitor disk usage on the node and increase disk space if needed.
Note that the image below shows 100GB as disk size, which was appropriate at the time the screenshot was taken. You should check the current recommended disk space size before entering the actual value here.
Click Next: Add Tags in the bottom right corner of the screen to add tags to
the instance. Tags enable us to associate metadata with our instance. Add a tag
with key Name and value My Dijets Node. This will make it clear what this
instance is on your list of EC2 instances.
Now assign the security group created earlier to the instance. Choose Select an existing security group and choose the security group created earlier.
Finally, click Review and Launch in the bottom right. A review page will show the details of the instance you're about to launch. Review those, and if all looks good, click the blue Launch button in the bottom right corner of the screen.
You'll be asked to select a key pair for this instance. Select Choose an
existing key pair and then select the dijets key pair you made earlier in
the tutorial. Check the box acknowledging that you have access to the .pem or
.ppk file created earlier (make sure you've backed it up!) and then click
Launch Instances.
You should see a new pop up that confirms the instance is launching!
Assign an Elastic IP#
By default, your instance will not have a fixed IP. Let's give it a fixed IP through AWS's Elastic IP service. Go back to the EC2 dashboard. Under Network & Security, select Elastic IPs.
Select Allocate Elastic IP address.
Select the region your instance is running in, and choose to use Amazon’s pool of IPv4 addresses. Click Allocate.
Select the Elastic IP you just created from the Elastic IP manager. From the Actions drop-down, choose Associate Elastic IP address.
Select the instance you just created. This will associate the new Elastic IP with the instance and give it a public IP address that won't change.
Set Up DijetsNodeGo#
Go back to the EC2 Dashboard and select Running Instances.
Select the newly created EC2 instance. This opens a details panel with information about the instance.
Copy the IPv4 Public IP field to use later. From now on we call this value PUBLICIP.
Remember: the terminal commands below assume you're running Linux. Commands may differ for MacOS or other operating systems. When copy-pasting a command from a code block, copy and paste the entirety of the text in the block.
Log into the AWS instance from your local machine. Open a terminal (try shortcut
CTRL + ALT + T) and navigate to the directory containing the .pem file you
downloaded earlier.
Move the .pem file to $HOME/.ssh (where .pem files generally live) with:
1mv dijets.pem ~/.ssh
Add it to the SSH agent so that we can use it to SSH into your EC2 instance, and mark it as read-only.
1ssh-add ~/.ssh/dijets.pem; chmod 400 ~/.ssh/dijets.pem
SSH into the instance. (Remember to replace PUBLICIP with the public IP field from earlier.)
ssh ubuntu@PUBLICIP
If the permissions are not set correctly, you will see the following error.
You are now logged into the EC2 instance.
If you have not already done so, update the instance to make sure it has the latest operating system and security updates:
sudo apt update; sudo apt upgrade -y; sudo reboot
This also reboots the instance. Wait 5 minutes, then log in again by running this command on your local machine:
1ssh ubuntu@PUBLICIP
You're logged into the EC2 instance again. Now we’ll need to set up our
Dijets node. Follow the Set Up Dijets Node With
Installer tutorial or Run Dijets Node manually
to run a Dijets Node instance. If using the installer script you will need the PUBLICIP we set up earlier.
Your DijetsNodeGo node should now be running and in the process of bootstrapping.
To check if it's done bootstrapping, you can issue an API call
using curl. If you're making the request from the EC2 instance, the request
is:
curl -X POST --data '{ "jsonrpc":"2.0", "id" :1, "method" :"info.isBootstrapped", "params": { "chain":"X" } }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/info
Once the node is finished bootstrapping, the response will be:
{ "jsonrpc": "2.0", "result": { "isBootstrapped": true }, "id": 1 }
You can continue on, even if DijetsNodeGo isn't done bootstrapping.
In order to make your node a validator, you'll need its node ID. To get it, run:
curl -X POST --data '{ "jsonrpc":"2.0", "id" :1, "method" :"info.getNodeID" }' -H 'content-type:application/json;' 127.0.0.1:9650/ext/info
The response contains the node ID.
{"jsonrpc":"2.0","result":{"nodeID":"NodeID-DznHmm3o7RkmpLkWMn9NqafH66mqunXbM"},"id":1}
In the above example the node ID isNodeID-DznHmm3o7RkmpLkWMn9NqafH66mqunXbM.
Copy your node ID for later. Your node ID is not a secret, so you can just paste
it into a text editor.
DijetsNodeGo has other APIs, such as the Health
API, that may be used to interact with
the node. Some APIs are disabled by default. To enable such APIs, modify the
ExecStart section of /etc/systemd/system/dijetsnodego.service (created during
the installation process) to include flags that enable these endpoints. Don't
manually enable any APIs unless you have a reason to.
Back up the node's staking key and certificate in case the EC2 instance is
corrupted or otherwise unavailable. The node's ID is derived from its staking
key and certificate. If you lose your staking key or certificate then your node
will get a new node ID, which could cause you to become ineligible for a staking
reward if your node is a validator. It is very strongly advised that you copy
your node's staking key and certificate. The first time you run a node, it
will generate a new staking key/certificate pair and store them in directory
/home/ubuntu/.dijetsnodego/staking.
Exit out of the SSH instance by running:
1exit
Now you're no longer connected to the EC2 instance; you're back on your local machine.
To copy the staking key and certificate to your machine, run the following
command. As always, replace PUBLICIP.
scp -r ubuntu@PUBLICIP:/home/ubuntu/.dijetsnodego/staking ~/aws_dijets_backup
Now your staking key and certificate are in directory ~/aws_dijets_backup .
The contents of this directory are secret. You should hold this directory on
storage not connected to the internet (like an external hard drive.)
Increase Volume Size#
If you need to increase the volume size, follow these instructions from AWS:
We recommend setting up AWS billing alerts so you can keep track of your billing and costs. If you have feedback on this tutorial, or anything else, send us a message on Qowalts.
