How to set up ec2 t1.micro Ubuntu for Masternode part 2/3

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
* Use this guide only for EC2 instance with Security-Group
* Using this guide on non-EC2 instances is very dangerous ( Especially iptables )


* This guide is valid for RC3(local/remote setup)
* local is home linux cold wallet holding 1K DRK
* remote is server with empty wallet


I. Part 1/3 EC2 Setup
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/

II. Part 2/3 AMI Setup
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-2-3.241/
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-2-3-2.1754/

III. Part 3/3 Masternode update
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-3-3.262/


* cat >> blabla << EOF blablabla EOF things are removed.
* This guide is valid for RC3(local/remote setup)
* local is home linux cold wallet holding 1K DRK(With private ip address)
* remote is server with empty wallet
* You can use darkcoind or darkcoind-qt

* if public ip of remote is changed, change masternodeprivkey
* if you see log like "(ip_yours) dropped (banned)", restart darkcoind


* brief steps
- setup ami to compile normal darkcoind
- compile darkcoind and run, sync
- make an encrypted wallet holding 1000 DRK using home pc
- download RC darksend
- replace darkcoind


PART 1
This part use github src to compile to setup basic environment.
#########################
1. login to ec2 ami
Code:
ssh -i downloaded_pemfile [email protected]_public_ip
2. disable root login and sudo to root
http://aws.amazon.com/articles/1233
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html
Code:
sudo passwd -l root
sudo su -
3. update system
Code:
apt-get update
apt-get dist-upgrade
4. add swap
Code:
dd if=/dev/zero of=/swapfile bs=1M count=1024
Code:
mkswap /swapfile
swapon /swapfile
* add line to /etc/fstab
Code:
/swapfile  swap      swap    defaults        0 0

5. install files
Code:
apt-get install build-essential libssl-dev libboost-all-dev libdb5.1 libdb5.1-dev libdb5.1++-dev
read binary wallet compatibility : https://github.com/darkcoinproject/...#dependency-build-instructions-ubuntu--debian
Ubuntu precise has packages for libdb5.1-dev and libdb5.1++-dev, but using these will break binary wallet compatibility, and is not recommended.
Code:
apt-get install git ntp make g++ gcc autoconf cpp ngrep iftop sysstat
6. change system setting
Code:
update-rc.d ntp enable
* enable sysstat
* you can skip this system monitoring part.
* sysstat utilities are a collection of performance monitoring tools.
change line in /etc/default/sysstat
* /etc/default/sysstat : "ENABLED="true"
change line in /etc/cron.d/sysstat
* /etc/cron.d/sysstat : sar 10 min to 1 min :
5-55/10 * * * *
to
*/1 * * * *
* add iptables rule
* add a line to /etc/rc.local between # and 'exit 0'
Code:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/sbin/iptables-restore < /etc/iptables
exit 0
* do not use this rule for other vm.
* rule for ec2 ami + ec2 security group.
* /etc/iptables
Code:
#-----
*filter
:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]
-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j DROP
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
-A INPUT -i eth0 -p tcp -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
#-----
* test iptables
Code:
/sbin/iptables-restore < /etc/iptables
iptables -L -v -n
7. reboot system
Code:
reboot
8. do step 1 and 2(login and switched to root)




*** if you don't want compile, you can skip step 9, 10, 11.
9. install darkcoin(git, compile, strip, copy)
Code:
cd /usr/local/src/
git clone https://github.com/darkcoinproject/darkcoin.git
cd darkcoin/src/
Code:
time make -f makefile.unix "USE_UPNP:=-" "USE_IPV6:=0"
strip darkcoind
cp darkcoind /usr/bin
10. logout root
Code:
exit
11. as ubuntu user
Code:
mkdir ~/.darkcoin
If you want more powerpool password do this, and use the result to darkcoin.conf.
You do not need to remember this password. It's used to connect rpc.
Anytime you can change it(after darkcoind is stopped)
Code:
darkcoind
This is output of darkcoind.
Code:
> darkcoind
Error: To use darkcoind, you must set a rpcpassword in the configuration file:
/home/ubuntu/.darkcoin/darkcoin.conf
It is recommended you use the following random password:
rpcuser=darkcoinrpc
rpcpassword=Z9u831PBcGvuQdassadasVQFZb5381EoadnjAebc
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "DarkCoin Alert" [email protected]

* make and edit ~/.darkcoin/darkcoin.conf
Code:
#----
## change this
rpcuser=any_user_name_you_want_you_should_change_this_do_not_forget_
## change this
rpcpassword=any_password_you_like_name_you_want_you_should_change_this_do_not_forget
rpcallowip=127.0.0.1
listen=1
server=1
daemon=1
logtimestamps=1
maxconnections=256
#--------------------
# change change_this_to_your_ec2_public_ip_ami_public_ip to public ip address which you connected by ssh
externalip=change_this_to_your_ec2_public_ip_ami_public_ip
#---------------------
run darkcoind
check sync status
compare block height(no) with http://explorer.darkcoin.io/chain/DarkCoin or http://drk.poolhash.org/graph.html
use 'tail -f ~/.darkcoin/debug.log' to see log.
Code:
darkcoind
darkcoind getinfo
darkcoind getmininginfo
tail -f ~/.darkcoin/debug.log

Continued.. in PART II
 
Last edited:
N

nj47

Guest
I would recommend a few additional steps.
1.) fail2ban - slightly unnecessary if you are locking down ssh to your local IP, but it couldn't hurt
2.) Setup a root password - this is a big one.
3.) Create a dedicated darkcoin user and only let that user access the wallet file
4.) UFW makes managing the firewall so much easier
5.) Setup 2FA on your AWS account
6.) I would also say it is nearly imperative that you setup some sort of remote monitoring and get notifications if CPU usage gets too high, because on a micro instance if your CPU goes above like 50% for more than 1 minute, they throttle your CPU max usage to < 1000 mhz.
 
  • Like
Reactions: chaeplin

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
I would recommend a few additional steps.
1.) fail2ban - slightly unnecessary if you are locking down ssh to your local IP, but it couldn't hurt
2.) Setup a root password - this is a big one.
3.) Create a dedicated darkcoin user and only let that user access the wallet file
4.) UFW makes managing the firewall so much easier
5.) Setup 2FA on your AWS account
6.) I would also say it is nearly imperative that you setup some sort of remote monitoring and get notifications if CPU usage gets too high, because on a micro instance if your CPU goes above like 50% for more than 1 minute, they throttle your CPU max usage to < 1000 mhz.

I have learned how to use IAM and CloudWatch.
Thank you.
 
Last edited by a moderator:

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,861
1,854
1,283
I'm curious why you add a swap file? Isn't there one already from the default image?
 

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,861
1,854
1,283
Ah, I see. Since this is a downloaded pre compiled binary, I didn't notice a problem with memory, LOL.

Another question please, I've been searching for an answer all night but can't figure it out, what do the numbers inside the brackets represent?:

:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]

Thank you :)
 

TanteStefana

Grizzled Member
Foundation Member
Mar 9, 2014
2,861
1,854
1,283
I can't believe it, hours and hours I've been searching, and I tried just now one more time, and I got the question right, LOL. I never once just asked "what are the numbers inside the brackets, I asked all kinds of other things, but that one hit the nail on the head!

Counters, I guess start counting on the lower end to the top end, eh?
 

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
Ah, I see. Since this is a downloaded pre compiled binary, I didn't notice a problem with memory, LOL.

Another question please, I've been searching for an answer all night but can't figure it out, what do the numbers inside the brackets represent?:

:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]

Thank you :)

That's packets and bytes of chain.

This is sample.

[email protected]:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 1034 packets, 119K bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9998 reject-with tcp-reset
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999flags: 0x17/0x02 #conn src/24 > 8 reject-with tcp-reset
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999flags: 0x17/0x02 #conn src/32 > 2 reject-with tcp-reset
524 31650 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:9999
832K 374M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 340 packets, 42833 bytes)
pkts bytes target prot opt in out source destination
3 3131 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:9999 ctstate NEW
369K 834M ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:9999
153K 19M ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999
61302 3931K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0

[email protected]:~# iptables-save
# Generated by iptables-save v1.4.12 on Sat Apr 12 07:52:14 2014
*filter
:INPUT ACCEPT [1034:119457]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [340:42833]
-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
-A INPUT -i eth0 -p tcp -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9999 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
# Completed on Sat Apr 12 07:52:14 2014
 

mattmct

Member
Mar 13, 2014
259
92
88
Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp
Code:
/sbin/insserv: No such file or directory

ntp     0:off 1:off 2:on 3:on 4:on 5:on 6:0ff
Did I do this in the wrong dir or something?

Cheers!
 
Last edited by a moderator:

Propulsion

The buck stops here.
Feb 26, 2014
1,008
467
183
Dash Address
XerHCGryyfZttUc6mnuRY3FNJzU1Jm9u5L
Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp
/sbin/insserv: No such file or directory
ntp 0:eek:ff 1:eek:ff 2:eek:n 3:eek:n 4:eek:n 5:eek:n 6:eek:ff

Did I do this in the wrong dir or something?

Cheers!
Might want to edit that and use the Code button. So it doesn't show the smiles.
Code:
/sbin/insserv:No such file or directory
ntp0:ff
 

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp
Code:
/sbin/insserv: No such file or directory

ntp     0:off 1:off 2:on 3:on 4:on 5:on 6:0ff
Did I do this in the wrong dir or something?

Cheers!
My fault, I have edited it.

Use
update-rc.d ntp defaults
 
Last edited by a moderator:
  • Like
Reactions: mattmct

mattmct

Member
Mar 13, 2014
259
92
88
Cheers @chaeplin .

Sorry to say, I'm stuck on #9.

I'm not sure what "* change USE_UPNP:=- and USE_IPV6:=0" means.

After entering "time make -f makefile.unix"

Code:
g++ -c -O2 -pthread -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -g -DBOOST_SPIRIT_THREADSAFE -D_FILE_OFFSET_BITS=64 -I/usr/local/src/darkcoin/src -I/usr/local/src/darkcoin/src/obj -DUSE_UPNP=0 -DUSE_IPV6=1 -I/usr/local/src/darkcoin/src/leveldb/include -I/usr/local/src/darkcoin/src/leveldb/helpers -DHAVE_BUILD_INFO -fno-stack-protector -fstack-protector-all -Wstack-protector -D_FORTIFY_SOURCE=2  -MMD -MF obj/net.d -o obj/net.o net.cpp
net.cpp:18:32: fatal error: miniupnpc/miniwget.h: No such file or directory
compilation terminated.
make: *** [obj/net.o] Error 1

real    2m22.786s
user    2m3.992s
sys     0m10.645s
[email protected]:/usr/local/src/darkcoin/src# strip darkcoind
strip: 'darkcoind': No such file
 

mattmct

Member
Mar 13, 2014
259
92
88
My fault, I have edited it.

Use
Many thanks Chaeplin. I gave that a shot, got this:


Code:
update-rc.d ntp defaults
update-rc.d: warning: ntp stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
System start/stop links for /etc/init.d/ntp already exist.
 

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
Many thanks Chaeplin. I gave that a shot, got this:


Code:
update-rc.d ntp defaults
update-rc.d: warning: ntp stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
System start/stop links for /etc/init.d/ntp already exist.
file alredy created by chkcoinfig, so ignore it.
 
  • Like
Reactions: mattmct

mattmct

Member
Mar 13, 2014
259
92
88
Looks like the d is missing from line cp darkcoin /usr/bin in #9. I assume it should be cp darkcoind /usr/bin
Tried to run it. Got this error :/
./darkcoind

************************
EXCEPTION: N5boost16exception_detail10clone_implINS0_19error_info_injectorINS_15program_options14invalid_syntaxEEEEE
unrecognized line in '----'
darkcoin in AppInit()

So close but yet so far!

Update: Tried running as root:


Error: To use darkcoind, you must set a rpcpassword in the configuration file:
/root/.darkcoin/darkcoin.conf
It is recommended you use the following random password:
rpcuser=darkcoinrpc
rpcpassword=93ZR2he5KT18yCevrZbG39AjVVtU8rqtSP1cSgMgLG8p
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "DarkCoin Alert" [email protected]

looks like I didn't make that file correctly, trying again
 

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
This is compile time
t1.micro

Code:
real13m51.049s
user12m30.675s
sys0m59.332s
m3.medium
Code:
real7m6.372s
user6m45.173s
sys0m14.749s
 

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
Looks like the d is missing from line cp darkcoin /usr/bin in #9. I assume it should be cp darkcoind /usr/bin
Tried to run it. Got this error :/
./darkcoind

************************
EXCEPTION: N5boost16exception_detail10clone_implINS0_19error_info_injectorINS_15program_options14invalid_syntaxEEEEE
unrecognized line in '----'
darkcoin in AppInit()

So close but yet so far!

Update: Tried running as root:


Error: To use darkcoind, you must set a rpcpassword in the configuration file:
/root/.darkcoin/darkcoin.conf
It is recommended you use the following random password:
rpcuser=darkcoinrpc
rpcpassword=93ZR2he5KT18yCevrZbG39AjVVtU8rqtSP1cSgMgLG8p
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "DarkCoin Alert" [email protected]

looks like I didn't make that file correctly, trying again

I correct "d".

When you run darkcoind without config(rpcuser, rpcpassword), darkcoind shows that msg.
 

mattmct

Member
Mar 13, 2014
259
92
88
I just made the config file, doubled checked the make sure it was there.

Now even as root , I can't get it to run.

Code:
darkcoind


************************
EXCEPTION: N5boost16exception_detail10clone_implINS0_19error_info_injectorINS_15program_options14invalid_syntaxEEEEE
unrecognized line in '----'
darkcoin in AppInit()
 

mattmct

Member
Mar 13, 2014
259
92
88
Check your darkcoin.conf, if there is line start with ----, add # in front of it.
I am sure.

Code:
#----
haha, you my man, are a genius! I'm not sure how I didn't work that our myself lol, but many thanks!

"Darkcoin server starting" :)
 
  • Like
Reactions: chaeplin

chaeplin

Active Member
Core Developer
Mar 29, 2014
749
356
133
haha, you my man, are a genius! I'm not sure how I didn't work that our myself lol, but many thanks!

"Darkcoin server starting" :)
Is that compiled darkcoind or Darksend/Masternode ?

I add compile step to assure "System is working", before run DarkSend Masternode.
 

mattmct

Member
Mar 13, 2014
259
92
88
Is that compiled darkcoind or Darksend/Masternode ?

I add compile step to assure "System is working", before run DarkSend Masternode.
No that's just the darkcoind server. It still says the same "Darkcoin server starting"

working out how to check sync status before I move on to the next steps.

Update: darkcoind getblockcount = 50890

Looks good so far!
 
Last edited by a moderator:
  • Like
Reactions: chaeplin

mattmct

Member
Mar 13, 2014
259
92
88
Cheers chaeplin!
I just noticed as I started the server as root, it created the blockchain etc in a different folder, and not the home. So I rebooted, fired up darkcoind not in root, and it makes the files / blockchain etc in the correct place.
It's currently syncing. :)