Note
This information can be used by STRATO node administrators.
Overview
This section provides the steps to deploy a STRATO Mercata node with option to request the validator certificate.
Initial Setup Process
- Sign up for a Sendgrid account
- Sendgrid API Key (optional, required for Mercata Marketplace email notifications) - register and get on at https://sendgrid.com
- Go to sendgrid.com, login or create an account -> Settings (on the left) -> API Keys -> Create API Key:
- API Key Name:
- API Key Permissions: Restricted Access -> Check the "Mail Send"/"Mail Send" only -> click "Create & View”
- Keep the API key for steps below
- API Key Name:
- Purchase a domain name from DNS service of your choice. For examples:
- Purchase an SSL certificate for the domain from certificate authority of your choice. For examples:
- AWS Certificate Manager
- SSLs
- Let's Encrypt (short-term certificates; requires custom autorenewal set-up using Certbot)
- Download SSL files from SSL issuer
- Extract SSL private key and certificate zip files to local machine
- Deploy Linux VM (based on VM requirements)
- AWS (Supported today)
- Login to AWS Console
- In Console Home, search for the EC2 service.
- Create new instance with the following configurations:
- Name: stratomercata-node1
- AMI: Amazon Linux 2023 (default)
- Type: m6a.xlarge
- Key pair: create new with name blockapps-generated-key (save private key)
- VPC: Use Default or custom VPC if preferred
- Subnet: No preference
- Auto-assign public IP: "Disable"
- Create Security group: strato-ports, open ports:
- 443/tcp (::/0)
- 443/tcp(0.0.0.0)
- 30303/tcp (0.0.0.0)
- 30303/udp (0.0.0.0)
- keep 22/tcp (0.0.0.0)
- Disks: Keep default 8gb, add gp3 80Gb
- Click "Launch Instance"
- Go to Elastic IPs, allocate new IP, Associate with the new instance.
- ssh to the machine using the command:
ssh -i path/to/blockapps-generated-key.pem ec2-user@<elastic.ip.address.here>
- Azure (docs coming soon)
- GCP (docs coming soon)
- Oracle Cloud (docs coming soon)
- On-prem (docs coming soon)
- AWS (Supported today)
- Add VM IP address to DNS A record
- Sign up for BlockApps Open ID account
-
BlockApps OpenID credentials:
- Go to support.blockapps.net and sign up or login
- Select the “Request Client Credentials” type of support request
- Provide the domain name of your future node and the network that you want to join (Mercata) and click Send
Within 8 business hours please expect the email with your client credentials to use in the node deployment steps.
-
STRATO Node Install and Deployment Process
- SSH to VM and install software prerequisites
- SSH to VM and install STRATO software
- Copy SSL certificate and private key information to STRATO node script files
- Update config scripts with Open ID/emailed account data and Send Grid API key
- Execute STRATO scripts
- Confirm issuance of validator cert
STRATO Mercata requirements
System Requirements
- Unix-based x86 system (Linux, Intel-based Mac)
- 4 CPU cores
- 16GB RAM (32 GB is recommended)
- 80+ GB SSD Disk (100 GB is recommended)
- Static IP address
Recommended AWS EC2 Configuration
- Instance type: “m6a.xlarge” (or equivalent)
- Amazon Linux 2023 (other Linux distributions are supported, but the further steps are provided for that AMI)
- 80+ GB EBS volume (for more advanced setup we recommend using a data volume separate from the OS, but this case is not described in this document)
- Elastic IP attached
Network Requirements
- Domain name attached to the IP address
- TLS certificate issued by an authority for the domain name (.pem + .key) (optional if the DNS/CDN provider covers your domain with the certificate)
- Ports open to the world:
- Inbound: 30303/tcp, 30303/udp (P2P; IPv4), 443/tcp (Web UI; IPv4 (IPv6 optional)
- Outbound: All
Software Requirements
- Docker Engine v23 or newer
- Docker Compose v2
- Git
Example: Installing Software Requirements on Amazon Linux 2023
- Create a shell script named install.sh. Copy the block below and paste into the file on the remote machine:
#!/bin/bash set -e set -x if [[ $EUID -ne 0 ]]; then echo >&2 "Must be run as root" exit 1 fi sudo yum update -y sudo yum install -y docker git htop jq # Autostart on reboot sudo systemctl enable docker sudo systemctl start docker # Docker-compose DOCKER_CONFIG=/usr/local/lib/docker sudo mkdir -p $DOCKER_CONFIG/cli-plugins sudo curl -SL https://github.com/docker/compose/releases/download/v2.24.5/docker-compose-linux-x86_64 -o $DOCKER_CONFIG/cli-plugins/docker-compose sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose # ncdu (Amazon Linux 2023 steps) wget http://packages.eu-central-1.amazonaws.com/2018.03/main/c31535f74c6e/x86_64/Packages/ncdu-1.10-1.3.amzn1.x86_64.rpm sudo yum install -y ncdu-1.10-1.3.amzn1.x86_64.rpm - Execute the script with
sudo bash install.sh - Create
mount.shwith the following code block:#!/bin/bash set -ex # Mount volume to /datadrive dir with auto-mount (following the Cloud Provider’s steps): lsblk sudo file -s /dev/nvme1n1 # must return `/dev/nvme1n1: data` to confirm that no filesystem exists on a volume sudo mkfs -t xfs /dev/nvme1n1 sudo mkdir /datadrive sudo chmod 777 /datadrive/ sudo mount /dev/nvme1n1 /datadrive/ sudo cp /etc/fstab /etc/fstab.orig sudo bash -c "echo 'UUID=$(sudo blkid | grep nvme1n1 | cut -d\" -f2) /datadrive xfs defaults,nofail 0 2'>> /etc/fstab" sudo umount /datadrive && sudo mount -a # this is to make sure auto-mount works sudo chown ec2-user /datadrive/ df -h # confirm the /datadrive is attached to volume # Move Docker to the data volume sudo service docker stop sudo bash -c "echo '{\"data-root\": \"/datadrive/docker\"}' > /etc/docker/daemon.json" sudo rsync -aP /var/lib/docker/ /datadrive/docker sudo rm -rf /var/lib/docker sudo service docker start - Run the
mount.shscript withsudo bash mount.sh
Setting Up STRATO
- Execute
touch ~/_NOTE_all-data-is-in-root-datadrive-folderto create a reference file - Run the command
cd /datadrive - Clone the
strato-getting-startedfrom GitHub:git clone https://github.com/blockapps/strato-getting-started cd strato-getting-started - Use
sudo ./strato --composeto downloaddocker-compose.ymlof latest release version - Execute
sudo ./strato --pull -
Edit the
strato-run.shfile instrato-getting-starteddirectory containing all required parameters for running STRATO:sudo nano strato-run.sh#!/bin/bash NODE_HOST="<DOMAIN_NAME>" \ OAUTH_CLIENT_ID="<CLIENT_ID_HERE>" \ OAUTH_CLIENT_SECRET="<CLIENT_SECRET_HERE>" \ SENDGRID_API_KEY='<SENDGRID_API_KEY_HERE>' \ ssl=true \ ADMIN_EMAIL=<ADMIN_EMAIL> \ creatorForkBlockNumber=6200 \ BASE_CODE_COLLECTION="d979d67877db869f18283e93ea4bf2d256df92d2" \ ./stratoReplace the placeholders with saved values from prerequisites:
<DOMAIN_NAME>- domain name of your VM<COMMON_NAME>- a unique machine name for certificate<CLIENT_ID>- the client id issued to you by BlockApps<CLIENT_SECRET>- the client secret issued to you by BlockApps<SENDGRID_API_KEY>- (OPTIONAL) the Sendgrid API key to enable the Marketplace email notifications<ADMIN_EMAIL>- (OPTIONAL) an admin email address to send node health warning notifications to
If you are not using
<SENDGRID_API_KEY>remove the line for it in the script above along with the<ADMIN_EMAIL>line.Save and exit nano (Ctrl+X -> “y” -> Enter)
Note
For additional information about the parameters check the help topic:
sudo ./strato --help -
Copy your TLS certificate and private key into
ssl/directory:Note
strato-getting-startedcontains the dummy certificate by default that allows you to run the node without your own TLS certificate. This may be good for testing or for the cases if you have the TLS protection covered by your DNS provider (e.g. Cloudflare or AWS Route53 etc.)Replace placeholders and execute:
cp <path_to_your_pem_file> ssl/private/server.key cp <path_to_your_pem_file> ssl/cert/server.pem -
Execute
strato-run.sh:sudo ./strato-run.sh
Issuing a Cert to the Validator
Next, BlockApps must issue a cert to the validator, using the identity information they’ve requested.
In this example, that information would be service-account-