The setup consists of two machines: the P-Rep and a Citizen node.
Both machines use the prep-node docker image. Basically the only difference is that the P-Rep uses the keystore which were used to register on the network. The Citizen node uses a random keystore (as it does not sign blocks). Both nodes have a NGINX instance (acting as a reverse proxy) in front of the main node application which, for now, only rate limits the incoming traffic. The P-Rep is also connected to the Citizen node (via ENDPOINT_URL in the P-Rep's docker-compose.yml) and uses it to synchronize the blockchain.
In the future the NGINX instances will also make use of a whitelist to limit the access to the gRPC service (Port 7100) only to other P-Reps. The /nginx/access_lists/update_grpc_whitelist.sh script will constantly refresh the IP address whitelist and reload the NGINX.
We use Grafana to track and visualize our container metrics. Make sure to check out this repository: dockprom
We use uptime.io to track our P-Rep's uptime and get notified if something is wrong.
We use ngxtop to monitor NGINX load. It is a tool that takes the NGINX log files, parses and aggregates them. Check it out here: ngxtop
Install wscat in order to test websocket capabilities:
npm install -g wscat
Try to open a connection to your P-Rep's websocket:
wscat -c ws://<IP ADDRESS>:9000/api/ws/icon_dex
Check for a connected response. If you receive any error, your websocket is not working right.
To use ansible to copy over the files and render the docker-compose.yml with the appropriate entries (keystore_name, password, image, and network_name), run the following command.
ansible all \
-m include_role \
-a name=`pwd` \
--inventory='X.X.X.X,' \
--user=ubuntu \
--become-method=sudo \
--become \
--forks=5 \
--extra-vars='{"network_name":"testnet","image":"iconloop/prep-node","keystore_path":"keystore","keystore_password":"XXXX"}' \
--private-key='/home/<user>/.ssh/XXX' To fully bootstrap an instance with this role, the other required roles and playbook can be found at insight-infrastructure/ansible-icon-prep or simply contact Rob from Insight. These roles include:
- disable-ipv6
- install-packages
- mount-volumes
- keystore
- start-docker
This role doesn't copy over the keystore and assumes it is already there
- keystore_path can be set as the name of the keystore unless you use this role
This requires an exact path for private key and comma in inventory.
This project is licensed under the MIT license. For more information see LICENSE.md.
The MIT License
Copyright (c) 2019 block42 Blockchain Company GmbH
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.