Tutorial: Getting A Dedicated Chain Server Set Up On Your Raspberry Pi 2

Discussion in 'Technical Support' started by ClokworkGremlin, Jan 30, 2016.

  1. 2017/12/15 - Decred v1.1.2 released! → Release Notes  → Downloads
  1. drunkenmugsy

    drunkenmugsy Sr. Member
    Advocate (Reddit)

    Dec 28, 2015
    405
    218
    Male
    #21 drunkenmugsy, Feb 1, 2016
    Last edited: Feb 1, 2016
    8)

    Excellent guide. I plan on running a full public node remotely on a RPi2. What would be concerns running my wallet on said node? Do I want to use a child address as I also want to do PoS mining? I am unclear on the use of multiple addresses.

    I would suggest that we add something about a firewall and screen support? I would like to lock down any ssh or vnc access while still allowing public node traffic. These would be must haves for me!

    To do that we need ports 22, 590x - limited. 19109 - public? Others? Maybe not even ports 590x. It might be more secure to just ssh tunnel to VNC ports?

    Any other things we can do to flesh out this howto?
     
  2. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    Firewalls are more @Lee Sharp 's specialty. I'd defer everything on that topic to him.
     
    Lee Sharp likes this.
  3. shoshin

    shoshin Member

    Dec 28, 2015
    86
    94
    Male
    Excellent guide @ClokworkGremlin thanks for putting this together. I was just getting ready to set up a few full nodes on some RPi2s I have lying around...
     
  4. drunkenmugsy

    drunkenmugsy Sr. Member
    Advocate (Reddit)

    Dec 28, 2015
    405
    218
    Male
    #24 drunkenmugsy, Feb 2, 2016
    Last edited: Feb 2, 2016
    I think there is a simple interface called fwbuilder that we can use for fw setup. I will check in to this. Tunneling through ssh for VNC is also simple to do. I will see if I can post something for this as well.

    I am going to get my node set up but may not have time to publish steps before launch.

    If someone else wants to jump on these feel free. I am doing maintenance and upgrades on my jeep getting ready for wheeling season this week. That always takes longer than I plan for. There is always to much beer to drink and buddies to drink it with when doing jeep things.

    *** UPDATE 1 ***
    Found a decent VNC setup for raspian Jessie to set up as systemd service.

    https://www.raspberrypi.org/forums/viewtopic.php?t=123457&p=830506

    *** UPDATE 2 ***
    I have made a simple config file you can load with fwbuilder on raspian. It allows only ssh, vnc, and decred rpc(?)19109. I am still testing it but I will post it here when I am done. Should be fairly simple to install if a bit manual in a spot.
     
    ClokworkGremlin likes this.
  5. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    I personally use X11VNC, since it doesn't lock out a screen for a particular service, but yeah, my Pi doesn't have a monitor hooked up to it.
     
  6. Lee Sharp

    Lee Sharp Sr. Member

    Dec 28, 2015
    308
    217
    Male
    Independent Consultant
    Houston, Texas
    If anything is attacked more then shh, it is VNC. :) Just stick it behind a gateway firewall, and VPN in to access it. And do NAT pinholes for the one port needed to see the full node.
     
    ClokworkGremlin likes this.
  7. drunkenmugsy

    drunkenmugsy Sr. Member
    Advocate (Reddit)

    Dec 28, 2015
    405
    218
    Male
    I agree for the most part. No open VNC on a public network. That said I am going to just leave SSH open and tunnel that. The whole point of this for me is to have the RPi2 somewhere other than my home where I dont have a firewall in front of it.
     
  8. Lee Sharp

    Lee Sharp Sr. Member

    Dec 28, 2015
    308
    217
    Male
    Independent Consultant
    Houston, Texas
    Well, keep good backups, and keep a close watch... :)
     
  9. chappjc

    chappjc Full Member
    Developer Pool Operator (PoS)

    Just disable passwords and learn to love your private keys.
     
  10. ZeroASIC

    ZeroASIC New Member

    Jan 21, 2016
    1
    2
    Male
    #30 ZeroASIC, Feb 8, 2016
    Last edited: Feb 8, 2016
    Raspberry Pi Chain Server Boot Script

    Once you have the config files set up you might want your Pi to start the chain server on boot. The server is designed to run as a normal user so log into your Pi as that user. Now we need to create the script so do:
    Code:
    $ nano ~/decred_startup.sh
    and paste this into it:
    Code:
    #!/bin/bash
    screen -dmS dcrd &&
    screen -S dcrd -p 0 -X stuff "~/bin/decred/dcrd`echo -ne '\015'`" &&
    screen -dmS dcrwallet &&
    screen -S dcrwallet -p 0 -X stuff "~/bin/decred/dcrwallet`echo -ne '\015'`";
    
    
    Don't forget the blank line at the bottom! Save the file.

    We need to update the permissions for the script:
    Code:
    $ chmod 755 ~/decred_startup.sh
    Now run this command:
    Code:
    $ crontab -e
    and paste this line into the bottom of the file:
    Code:
    @reboot /home/pi/decred_startup.sh
    Note: You need to change the username if you're not using the default user.

    Now reboot and you should see two sessions when you run
    Code:
    $ screen -ls
    You can connect to the screen session with this command, just replace the ### with the numbers you saw in the previous command.
    Code:
    $ screen -r ###
     
    drunkenmugsy and ClokworkGremlin like this.
  11. Voheen

    Voheen New Member

    Feb 7, 2016
    9
    3
    Since i'm too lazy to write and maintain a packet in AUR for archlinux/archarm, i'm sharing it here as a template:

    ONLY USE IT IF YOU KNOW WHAT YOU'RE DOING!!

    creating the user "decred" and directory for data (i have all the data in /var/lib/decred so you have to set datadir in dcrd.conf)

    Code:
    getent group decred &>/dev/null || groupadd -r decred >/dev/null
    getent passwd decred &>/dev/null || useradd -r -g decred -d /var/lib/decred -s /bin/false -c decred decred >/dev/null
    chown -R decred:decred /var/lib/decred
    
    and this is the dcrd.service file you need for systemd (put it in /usr/lib/systemd/system/):
    Code:
    [Unit]
    Description=Dcrd Daemon
    After=network.target
    
    [Service]
    Type=simple
    ExecStart=/usr/bin/dcrd -C /var/lib/decred/dcrd.conf
    Restart=on-abort
    KillSignal=SIGTERM
    User=decred
    Group=decred
    
    [Install]
    WantedBy=multi-user.target
    
    
     
    drunkenmugsy and ClokworkGremlin like this.
  12. Scott Briggs

    Scott Briggs New Member

    Jan 10, 2016
    11
    10
    Male
    Lawyer
    Bay Area, CA
    This looks amazing! Thank you for your contribution, I am looking forward to working through this as soon as possible. Thanks again!!
     
    ClokworkGremlin likes this.
  13. Wolf

    Wolf Jr. Member

    Jan 25, 2016
    107
    45
    The wallet doesn't start on boot with your tutorial, sadly.

    Also, a Pi might be a little underpowered if TXs really start flying across the network. I have mine running on a board about the size of a Pi I christened Meeya, which has an 8-core ARMv8, 2GB of DDR3, and Wifi. She ensures dcrd and dcrwallet are started (in that order) on boot after the network is brought up as an unprivileged user I made named "decred" for security with the shell set to /bin/false. I set the homedir to /srv/decred, where the .dcrd and .dcrwallet folders go. After that, it was a quick setup for my dcrctl.conf on other machines to allow access to it without specifying a ton of parameters.

    Two things I wish were better, though: for non-wallet commands, you seem to need to connect to dcrd, but for wallet commands, you need to connect to dcrwallet. It'd be nice if I could specify BOTH servers and login credentials in my dcrctl.conf and have dcrctl select which to use based on if you passed --wallet or not.

    The second thing is that I wish there was an automated way to unlock the wallet. If Meeya loses power, or the dcrwallet daemon aborts/crashes, she'll restart the daemon(s) upon power being restored/immediately after the abnormal termination. Besides having to remember to unlock it manually if I restart her or the daemons myself, it's entirely possibly they could be restarted and I never know - possibly meaning I lose staking rewards.
     
    ClokworkGremlin likes this.
  14. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    I think ZeroASIC's tutorial helps with that, but haven't really touched it.
    The CPU and memory footprints so far are pretty minor, but then I guess the transaction counts are too right now. We'll have to see once things get a little mor exciting.

    As far as I can tell (having used dcrd for both sets of commands), the wallet can route chain server commands back to dcrd, so it's entirely possible to simply specify --wallet for everything. Maybe not as secure, though.

    I suppose you could always send an unlock command to the wallet N seconds after bootup.
     
  15. Wolf

    Wolf Jr. Member

    Jan 25, 2016
    107
    45
    Hackish, but... I suppose likely functional.
     
  16. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    That describes everything I do ;)
     
  17. Grumlin

    Grumlin New Member

    Feb 25, 2016
    43
    1
    Male
    so, if I understand correctly, the powerfull of raspi wont have to process blockchain. correct?

    and why you split to chain to raspi and wallet to windows mine ferm, if the one is crashed, you wont vote in blockchain
     
  18. ClokworkGremlin

    ClokworkGremlin Sr. Member

    Jan 10, 2016
    535
    381
    Male
    Whatever I want.
    A Raspberry Pi, even a Pi 2, will not have enough processing power to mine Decred. It does still need to download the blockchain, but there's plenty of processing power for that.

    That would be covered in the optional 2nd step, where you set up a wallet on the pi(which is what I did, and leave open for staking 24/7). Setting up a wallet on Windows lets you access and manage your wallet from your everyday computer without having to access the Pi, or perhaps have a second wallet that isn't used for staking, and that's what the IP management in step 1 enables.
     
  19. michael sørensen

    Translator (Dansk)

    Jan 1, 2016
    130
    62
    Male
    I don't have a Pi, nor do I intend to get one any time soon. - But damn. I shared this on my facebook wall.
     
    ClokworkGremlin likes this.
  20. MiloIce

    MiloIce Jr. Member

    Jan 18, 2016
    206
    26
    Male
    ClokworkGremlin likes this.

Share This Page