ĞDev5 smiths

HugoTrentesaux · 2 January 2023 15:58

Post copied from ĞDev3 smiths - #23 by HugoTrentesaux and modified

The duniter/duniter-v2s:sha-f442e6eb docker image is ready to join ĞDev5. It has the good embeded chainspecs (bootnodes and genesis).

Here is an example of docker-compose.yml file to start a rpc and a validator node. Read the documentation of this file to create your .env file.

# This is a docker template for running a gdev5 mirror and smith
# You should write a .env file aside with the environment variables:
#
# --- .env ---
# SERVER_DOMAIN=gdev.example.com
# PEER_ID=12D3KooWL7J8B2pUfgH2xhm8kpB88CiSNsSNHcWJJ6NdNffSg5ty
# VALIDATOR_PEER_ID=12D3KooWNyFo34PSHcg4cNd3d3MRs3dm1w3hQqo3QuFptd3DXW6H
# ------------
#
# The peer id has to be replaced withe the output of the following command
#
# Generate node.key and peer id
# >>> PEER_ID >>>
# docker run --rm -it --entrypoint duniter -v $PWD:/var/lib/duniter/ duniter/duniter-v2s:sha-f442e6eb key generate-node-key --file /var/lib/duniter/node.key
# >>> VALIDATOR_PEER_ID >>>
# docker run --rm -it --entrypoint duniter -v $PWD:/var/lib/duniter/ duniter/duniter-v2s:sha-f442e6eb key generate-node-key --file /var/lib/duniter/node.key
# <<<<<<<<<<<<<<<>>>>>>>>>>

version: "3.4"

services:
  
  # ===== RPC =====
  duniter-rpc:
    image: duniter/duniter-v2s:sha-f442e6eb
    restart: unless-stopped
    ports:
      # telemetry
      - 9615:9615
      # rpc
      - 9933:9933
      # rpc-ws
      - 9944:9944
      # p2p
      - 30333:30333
    volumes:
      - ./duniter-rpc/:/var/lib/duniter/
    environment:
      - DUNITER_CHAIN_NAME=gdev
    command:
      - "--node-key-file=/var/lib/duniter/node.key"
      - "--public-addr"
      - "/dns/${SERVER_DOMAIN?SERVER_DOMAIN should be set}/tcp/30333/p2p/${PEER_ID?PEER_ID should be set}"
      - "--rpc-cors=all"
      - "--pruning=14400"
      - "--name"
      - "YOUR-NAME-rpc"

  # ===== VALIDATOR =====
  duniter-validator:
    image: duniter/duniter-v2s:sha-f442e6eb
    restart: unless-stopped
    ports:
      # telemetry
      - 9616:9615
      # rpc
      - 9934:9933
      # rpc-ws
      - 9945:9944
      # p2p
      - 30334:30333
    volumes:
      - ./duniter-validator/:/var/lib/duniter/
    environment:
      - DUNITER_CHAIN_NAME=gdev
    command:
      - "--node-key-file=/var/lib/duniter/node.key"
      - "--rpc-cors=all"
      - "--rpc-methods=Unsafe"
      - "--validator"
      - "--pruning=14400"
      - "--name"
      - "YOUR-NAME-validator"

read and apply the documentation at the head of the file
change the --name option with your name (will appear in telemetry)
depending on your docker installation, there might be access rights issues
which can be solved with sudo chmod o+rwX -R . in your docker folder
I do not provide nginx config, there is one in Duniter documentation
tuxmain gave an example of Apache configuration

You should have everything needed to start a node. Please do not go online yet, you still have to rotate your session keys as mentioned in the documentation (that could be improved). And you have to become smith by getting smith certified if you are not smith in the genesis.

Here are the @smiths-GDev members who did not yet (), did (RPC only ), did (smith ) set up a node:

Pini · 2 January 2023 22:01

I read it, and I don’t get it. The docker-compose file has 2 services (rpc and validator), but the nginx config example has only one server.

Also I’d like to know if the P2P port could be managed via the reverse proxy. It is not the case in the example. As I understand the libp2p documentation on addressing I could use something like this as the public addr:

/dns/<my_server_dns_name>/tcp/443/wss/p2p/<peer_id>

and mapping location / to the instance’s P2P port (30333). Am I correct?

poka · 2 January 2023 22:10

you don’t need your smith node to be accessible via http, so don’t need nginx for smith node, only for RPC (mirror) node.

Pini · 2 January 2023 22:37

Then the smith node (validator service) only needs its P2P port exposed? Shouldn’t it use a --public-addr option as well?

vit · 3 January 2023 09:58

I am struggling to expose my rpc node publicly (wss://vit.fdn.org/ws) with duniter v2s and nginx in docker)

With the provided docker-compose for duniter and the nginx config example, as is.

By default, duniter listen to localhost (it refer to the duniter container).
But in nginx config I can not use localhost, as it refer to the nginx container.

Can somebody with a working nginx/duniter rpc node can show me his docker-compose and nginx config ?

poka · 3 January 2023 14:14

repalce localhost by 0.0.0.0 in your compose.

Ou juste, ne pas préciser d’ip c’est pareil.

services:
  duniter-rpc:
    image: duniter/duniter-v2s:sha-f442e6eb
    restart: unless-stopped
    ports:
      - "9944:9944"
    volumes:
      - ./duniter-data:/var/lib/duniter/
    environment:
      - DUNITER_CHAIN_NAME=gdev
    command:
      - "--rpc-cors=all"
      - "--rpc-methods=Unsafe"
      - "--pruning=archive"
      - "--name"
      - "poka-rpc"


root@axiom2-nginx:/home/poka/nginx/133# cat gdev.p2p.legal.conf 
upstream gdev.p2p.legal.rpc-http {
   server       192.168.9.33:9933;   #Production
}

upstream gdev.p2p.legal.rpc-websocket {
   server       192.168.9.33:9944;   #Production
}

server {
   server_name    gdev.p2p.legal;
   listen 443 ssl;
   listen [::]:443 ssl;
   include includes/ssl.conf;
   include includes/errors.conf;

   add_header X-Frame-Options SAMEORIGIN;
   add_header X-XSS-Protection "1; mode=block";
   proxy_redirect off;
   proxy_buffering off;
   proxy_set_header Host $host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;   
   proxy_set_header X-Forwarded-Port $server_port;
   proxy_read_timeout 90;

   location /http {
      proxy_pass        http://gdev.p2p.legal.rpc-http;
      proxy_http_version 1.1;
   }

   location /ws {
    proxy_pass        http://gdev.p2p.legal.rpc-websocket;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;

    proxy_read_timeout 1200s;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
   }

   ssl_certificate /etc/letsencrypt/live/gdev.p2p.legal/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/gdev.p2p.legal/privkey.pem;

   error_log  /var/log/nginx/gdev.p2p.legal_error.log;
   access_log  /var/log/nginx/gdev.p2p.legal_access.log;
}

server {
   listen 80;
   server_name     gdev.p2p.legal;
   include includes/letsencrypt.conf;

   if ($host = gdev.p2p.legal) {
       return 301 https://$host$request_uri;
   }

   return 404;
}

Hope this is helpfull.

vit · 3 January 2023 15:26

Thanks for the help, but the problem was between the chair and the keyboard…

wss://vit.fdn.org:9944/ws was configured in my nginx, but I was desperately trying to connect to wss://vit.fdn.org/ws.

Then I figured out that wss url without a port is resolved to wss://vit.fdn.org:443/ws

…Ooops.

So I configured wss://vit.fdn.org:443/ws in nginx and everything is fine.

I even do not need to add --ws-external to allow access by the docker host IP on substrate…

Sorry for the noise in the subject,

and Happy New Year to all devs in the Ğ1 project !

wss://vit.fdn.org/ws RPC mirror node is officially publicly available. I hope.

HugoTrentesaux · 3 January 2023 15:40

Duniter validator is listening on port 30334, there is no need for public address

--public-addr <PUBLIC_ADDR>...
    The public address that other nodes will use to connect to it.
    This can be used if there's a proxy in front of this node

Available with https://polkadot.js.org/apps/?rpc=wss://vit.fdn.or/ws. Now you have to become smith

vit · 3 January 2023 15:46

I have sometimes unexpected power failure from the power provider, so I will study how to become smith and if I have too much failures, may be I will not stay smith (my server is at home)…

I have opened 9615 port for Prometheus if you need it. Tell me if it works.

HugoTrentesaux · 3 January 2023 16:53

The goal is to learn what a smith need to know to be able to share with other smith and to make sure that the smith licence is fine. There is not pb if ĞDev is not very stable as it is a dev network. We will test stability with ǦTest later.

I do not know prometheus monitoring, I have to learn that.

HugoTrentesaux · 3 January 2023 17:29

Please

polux-smith-gdev
excited-account-9000

change the --name option to make it easier to know which node belongs to who.

Pini · 3 January 2023 18:41

Duniter validator is listening on default port 30333 actually. And the docker-compose file maps it to the host’s port 30334. How is it that no public addr is needed while one is provided for the RPC service which is mapped to the default 30333 port on the host?

HugoTrentesaux · 3 January 2023 19:06

I think public address is never needed, it is only here to make things easier for bootnodes. Maybe @poka has a better understanding of this than me.

Pini · 3 January 2023 19:45

When trying to start a simple RPC node for testing I get this error:

2023-01-03 19:36:31 Duniter    
2023-01-03 19:36:31 ✌️  version 0.3.0-f442e6eb161    
2023-01-03 19:36:31 ❤️  by Axiom-Team Developers <https://axiom-team.fr>, 2021-2023    
2023-01-03 19:36:31 📋 Chain specification: Ğdev    
2023-01-03 19:36:31 🏷  Node name: pini-gdev-rpc    
2023-01-03 19:36:31 👤 Role: FULL    
2023-01-03 19:36:31 💾 Database: ParityDb at /var/lib/duniter/chains/gdev/paritydb/full    
2023-01-03 19:36:31 ⛓  Native runtime: gdev-400 (duniter-gdev-1.tx1.au1)    
2023-01-03 19:36:33 Cannot create a runtime error=Other("cannot create module: compilation settings are not compatible with the native host")
Error: Service(Client(VersionInvalid("cannot create module: compilation settings are not compatible with the native host")))

My server has an Intel Atom N28000 CPU. Should I build my own image for this to work?

HugoTrentesaux · 3 January 2023 19:47

Interesting, I know nothing about Docker. Is it supposed to deal with processor architecture issues ? Try building Duniter on your machine, it should work.

vit · 3 January 2023 20:17

github.com/paritytech/substrate

Custom substrate node does not start in a VM without `--wasm-execution interpreted-i-know-what-i-do`

opened 01:10PM - 19 Aug 22 UTC

closed 08:57AM - 08 Sep 22 UTC

gdethier

J2-unconfirmed

### Is there an existing issue? - [X] I have searched the existing issues ### …Experiencing problems? Have you tried our Stack Exchange first? - [X] This is not a support question. ### Description of bug After an upgrade of the dependencies of our [node implementation](https://github.com/logion-network/logion-node) from substrate `polkadot-v0.9.25` to `polkadot-v0.9.26`, our nodes do not start up on some machines. The following error message is shown: ``` Cannot create a runtime error=Other("cannot create module: compilation settings are not compatible with the native host") ``` In [this issue](https://github.com/paritytech/substrate/issues/11848), it is mentioned that the problem could come from virtualization, which is indeed the case here (we are using a fully virtualized test infrastructure). Running the same executable on a bare metal machine does not produce the problem which enforces the hypothesis. A workaround is to pass the option `--wasm-execution interpreted-i-know-what-i-do`, then the nodes start up as usual and everything works as expected. The issue above suggests that the problem is coming from `wasmtime` which [has been upgraded to 0.38.x end of June](https://github.com/paritytech/substrate/commit/60b945caca440fdf6a7be96b7dc0db54923f039d). Maybe that another upgrade would help? ### Steps to reproduce 1. Build [this version of our node](https://github.com/logion-network/logion-node/releases/tag/v0.11.3) 2. Run it in a [qemu](https://www.qemu.org/) VM with --dev flag 3. The node does not start and an error message is displayed

Pini · 3 January 2023 20:33

Thanks @vit.

Do I understand correctly that this problem should be solved by upgrading the Duniter Substrate fork so that it uses wasmtime >= 0.40.0?

In the mean time I’ll use the provided workaround: --wasm-execution interpreted-i-know-what-i-do.

HugoTrentesaux · 3 January 2023 20:41

@tuxmain has started working on this ^^

Pini · 3 January 2023 20:42

Now my instance starts but spits this error every 2 ou 3 seconds:

2023-01-03 20:39:33 💔 The bootnode you want to connect provided a different peer ID than the one you expect: `12D3KooW9v5WsP38qU1kmafvA4CDw2vzYnFoWtdUqwonZtJK597r` with `12D3KooWMYJzk1FfBZjEAuEvwUnH2Luj5Bq4ouLX1tgZBPpFegaB`:`Dialer { address: "/dns/gdev.p2p.legal/tcp/30334/p2p/12D3KooW9v5WsP38qU1kmafvA4CDw2vzYnFoWtdUqwonZtJK597r", role_override: Dialer }`.

HugoTrentesaux · 3 January 2023 20:45

12D3KooWMYJzk1FfBZjEAuEvwUnH2Luj5Bq4ouLX1tgZBPpFegaB
is the current @poka smith bootnode
12D3KooW9v5WsP38qU1kmafvA4CDw2vzYnFoWtdUqwonZtJK597r
comes from an other genesis (the one in master branch)

If you are building Duniter yourself, you have to use release/poka-chainspec-gdev5 branch.