This project was created to help ICON's PRep-node.
prep_docker (master) ✗ make build_python
----- Build Environment -----
DOCKERIZE_VERSION="v0.6.1"
DOWNLOAD_PACKAGE="http://tbears.icon.foundation.s3-website.ap-northeast-2.amazonaws.com/docker_resource/1910211829xc2286d/docker_1910211829xc2286d_packages.tar.gz"
GO_VERSION="1.12.7"
IS_LOCAL=true
NAME=prep-node
RABBITMQ_VERSION="3.7.17"
REPO_HUB=iconloop
TAGNAME=1909261038x4fa4a5
VERSION=1909261038x4fa4a5
docker build --no-cache --rm=true -f python_37/Dockerfile \
--build-arg DOCKERIZE_VERSION=v0.6.1 --build-arg DOWNLOAD_PACKAGE=http://tbears.icon.foundation.s3-website.ap-northeast-2.amazonaws.com/docker_resource/1909261038x4fa4a5/docker_1909261038x4fa4a5_packages.tar.gz --build-arg GO_VERSION=1.12.7 --build-arg ICON_RC_VERSION=1.0.0 --build-arg IS_LOCAL=true --build-arg NAME=prep-node --build-arg RABBITMQ_VERSION=3.7.17 --build-arg REPO_HUB=iconloop --build-arg TAGNAME=1909261038x4fa4a5 --build-arg VERSION=1909261038x4fa4a5 \
-t iconloop/prep-node:1910211829xc2286d .
Sending build context to Docker daemon 21.42MB
Step 1/44 : FROM python:3.7.3-slim-stretch
---> 338ae06dfca5
Step 2/44 : LABEL maintainer="JINWOO <jinwoo@iconloop.com>"
---> Running in 4804b6987e20
Removing intermediate container 4804b6987e20
---> aa348d5ab934
Step 3/44 : ENV TZ "Asia/Seoul"
---> Running in a42cf9cf045e
Removing intermediate container a42cf9cf045e
---> 4b94bc713990
Step 4/44 : ENV TERM "xterm-256color"
---> Running in 6a7f30c9acdb
Removing intermediate container 6a7f30c9acdb
---> 1dea771bb6be
Step 5/44 : ENV USERID 24988
---> Running in cd88bf497d89
Removing intermediate container cd88bf497d89
A certificate is required to operate a node.
There are three ways to create certificate file or keystore file.
a. When you start a docker, you can create a certificate using IS_AUTOGEN_CERT environment variables.
environment:
IS_AUTOGEN_CERT: "true"
PRIVATE_PASSWORD: "password123!@#"${CERT_PATH}/autogen_cert.pemfile is created with passwordpassword123!@#
b. You can create a certificate through the openssl command.
# openssl ecparam -genkey -name secp256k1 | openssl ec -aes-256-cbc -out my_private.pem -passout pass:'password123!@#'
read EC key
writing EC key
- It is created as
password123!@#under the namemy_private.pem. my_private.pemfile is created with passwordpassword123!@#- If you want to use special characters, you can use
'or"
c. You can create a certificate using tbears command.
If you have tbears
# tbears keystore keystore_tbears.json -p 'password123!@#'
keystore_tbears.jsonfile is created with passwordpassword123!@#
If you using docker image
# docker run -it --rm -v ${PWD}/cert:/cert/ iconloop/prep-node tbears keystore /cert/keystore_tbears.json -p 'password123!@#'
Made keystore file successfully
-itrunning interactive mode--rmRunning containers with --rm flag is good for those containers that you use for very short while just to accomplish something-v${PWD}/cert:/cert/tbears keystore /cert/keystore_tbears.json -p 'password123^^&'It executes with the tbears command in docker
d. Create an account and download keystore file using ICONex(wallet)
If you don't already have docker installed, you can install it here:
Open docker-compose.yml in a text editor and add the following content:
For MainNet
version: "3"
services:
prep:
image: iconloop/prep-node:2020.11.13
container_name: "prep-mainnet"
network_mode: host
restart: "on-failure"
# entrypoint: bash -c "while [ 1 ]; do sleep 1; done"
environment:
NETWORK_ENV: "mainnet" # mainnet, testnet, PREP-TestNet (zicon)
CERT_PATH: "/cert"
LOOPCHAIN_LOG_LEVEL: "DEBUG"
ICON_LOG_LEVEL: "DEBUG"
PRIVATE_KEY_FILENAME: "YOUR_KEYSTORE_or_YOUR_CERTKEY_FILENAME" # only filename
PRIVATE_PASSWORD: "YOUR_KEY_PASSWORD"
cap_add:
- SYS_TIME
volumes:
- ./data:/data # mount a data volumes
- ./cert:/cert # Automatically generate cert key files here
ports:
- 9000:9000
- 7100:7100
| Environment variable | Description | Default value | Allowed value |
|---|---|---|---|
| EXT_IPADDR | Getting external IP address | $(curl http://checkip.amazonaws.com) | |
| IPADDR | Setting the IP address | $EXT_IPADDR | |
| LOCAL_TEST | false | false | |
| TZ | Setting the TimeZone Environment | Asia/Seoul | List of TZ name |
| NETWORK_ENV | Network Environment name | PREP-TestNet | mainnet or PREP-TestNet |
| SERVICE | Service Name | zicon | mainnet/testnet/zicon |
| ENDPOINT_URL | ENDPOINT API URI | URI | |
| FIND_NEIGHBOR | Find fastest neighborhood PRep | true | |
| FIND_NEIGHBOR_COUNT | neighborhood count | 5 | |
| FIND_NEIGHBOR_OPTION | neighborhood option | -t (main|sub | |
| SERVICE_API | SERVICE_API URI | ${ENDPOINT_URL}/api/v3 | URI |
| NTP_SERVER | NTP SERVER ADDRESS | time.google.com | |
| NTP_REFRESH_TIME | NTP refresh time | 21600 | |
| USE_NTP_SYNC | whether use ntp or not | true | boolean (true/false) |
| FASTEST_START | It can be restored from Snapshot DB. | no | yes/no |
| FASTEST_START_POINT | |||
| GENESIS_NODE | false | false | |
| DEFAULT_PATH | Setting the Default Root PATH | /data/${NETWORK_ENV} | |
| DEFAULT_LOG_PATH | Setting the logging path | ${DEFAULT_PATH}/log | |
| DEFAULT_STORAGE_PATH | block DB will be stored | ${DEFAULT_PATH}/.storage | |
| USE_NAT | if you want to use NAT Network | no | |
| NETWORK_NAME | |||
| VIEW_CONFIG | for check deployment state | false | boolean (true/false) |
| AMQP_TARGET | 127.0.0.1 | 127.0.0.1 | |
| USE_EXTERNAL_MQ | false | false | |
| USE_LAZY_MQ | false | false | |
| USE_MQ_ADMIN | Enable RabbitMQ management Web interface.The management UI can be accessed using a Web browser at http://{node-hostname}:15672/. For example, for a node running on a machine with the hostname of prep-node, it can be accessed at http://prepnode:15672/ | false | boolean (true/false) |
| MQ_ADMIN | RabbitMQ management username | admin | |
| MQ_PASSWORD | RabbitMQ management password | iamicon | |
| LOOPCHAIN_LOG_LEVEL | loopchain log level | INFO | DEBUG, INFO, WARNING, ERROR |
| ICON_LOG_LEVEL | iconservice log level | INFO | DEBUG, INFO, WARNING, ERROR |
| LOG_OUTPUT_TYPE | loopchain's output log type | file | file, console, file|console |
| outputType | iconservice's output log type | $LOG_OUTPUT_TYPE | file, console, file|console |
| FIRST_PEER | for testnet | false | |
| NEWRELIC_LICENSE | for testnet | ||
| CONF_PATH | Setting the configure file path | /${APP_DIR}/conf | |
| CERT_PATH | Setting the certificate key file path | /${APP_DIR}/cert | |
| ICON_NID | Setting the ICON Network ID number | 0x50 | |
| CREP_ROOT_HASH | |||
| ALLOW_MAKE_EMPTY_BLOCK | true | true | |
| CHANNEL_BUILTIN | boolean (true/false) | true | |
| RECOVERY_MODE | boolean (true/false) | false | |
| PEER_NAME | $(uname) | $(uname) | |
| PRIVATE_KEY_FILENAME | YOUR_KEYSTORE or YOUR_CERTKEY FILENAME | YOUR_KEYSTORE_FILENAME | YOUR_KEYSTORE or YOUR_CERTKEY FILENAME |
| PRIVATE_PATH | public cert key or keystore file location | ${CERT_PATH}/${PRIVATE_KEY_FILENAME} | |
| PRIVATE_PASSWORD | private cert key or keystore file password | test | |
| LOAD_PEERS_FROM_IISS | true | true | |
| CHANNEL_MANAGE_DATA_PATH | ${CONF_PATH}/channel_manange_data.json | ${CONF_PATH}/channel_manange_data.json | |
| CONFIG_API_SERVER | https://download.solidwallet.io | https://download.solidwallet.io | |
| GENESIS_DATA_PATH | ${CONF_PATH}/genesis.json | ${CONF_PATH}/genesis.json | |
| BLOCK_VERSIONS | |||
| SWITCH_BH_VERSION3 | |||
| SWITCH_BH_VERSION4 | |||
| SWITCH_BH_VERSION5 | |||
| RADIOSTATIONS | |||
| SHUTDOWN_TIMER | SHUTDOWN_TIMER for citizen | 7200 | |
| SUBSCRIBE_LIMIT | 60 | 60 | |
| TIMEOUT_FOR_LEADER_COMPLAIN | 60 | 60 | |
| configure_json | ${CONF_PATH}/configure.json | ${CONF_PATH}/configure.json | |
| iconservice_json | ${CONF_PATH}/iconservice.json | ${CONF_PATH}/iconservice.json | |
| iconrpcserver_json | ${CONF_PATH}/iconrpcserver.json | ${CONF_PATH}/iconrpcserver.json | |
| FORCE_RUN_MODE | Setting the loopchain running parameter e.g. if FORCE_RUN_MODE is -r citizen then loop -r citizen
|
||
| ICON_REVISION | 5 | 5 | |
| ROLE_SWITCH_BLOCK_HEIGHT | 1 | 1 | |
| mainPRepCount | 22 | 22 | |
| mainAndSubPRepCount | 100 | 100 | |
| decentralizeTrigger | 0.002 | 0.002 | |
| iissCalculatePeriod | origin value is 43200 | 1800 | |
| termPeriod | origin value is 43120 | 1800 | |
| blockValidationPenaltyThreshold | 66000000 | 66000000 | |
| lowProductivityPenaltyThreshold | 85 | 85 | |
| score_fee | true | true | |
| score_audit | true | true | |
| scoreRootPath | ${DEFAULT_PATH}/.score_data/score | ${DEFAULT_PATH}/.score_data/score | |
| stateDbRootPath | ${DEFAULT_PATH}/.score_data/db | ${DEFAULT_PATH}/.score_data/db | |
| penaltyGracePeriod | 86400 | 86400 | |
| STAKE_LOCK_MAX | |||
| STAKE_LOCK_MIN | |||
| RPC_PORT | Choose a RPC service port | 9000 | |
| PORT | ${RPC_PORT} | ${RPC_PORT} | |
| RPC_WORKER | Setting the number of RPC workers | 3 | |
| RPC_GRACEFUL_TIMEOUT | rpc graceful timeout | 0 | |
| AMQP_KEY | Choose a AMQP_KEY for Rabbitmq connection | 7100 | 7100 |
| PORT_PEER | Choose a gRPC PORT | 7100 | 7100 |
| USE_PROC_HEALTH_CHECK | yes | yes | |
| USE_API_HEALTH_CHECK | yes | yes | |
| USE_HELL_CHECK | yes | yes | |
| HEALTH_CHECK_INTERVAL | Trigger if greater than 1 | 30 | |
| ERROR_LIMIT | 6 | 6 | |
| HELL_LIMIT | 300 | 300 | |
| CHECK_PROC_LIST | Watchdog process names | /bin/loop channel icon_rc icon_service gunicorn | |
| USE_SLACK | if you want to use the slack | no | |
| SLACK_URL | slack's webhook URL | ||
| SLACK_PREFIX | slack's prefix header message | ||
| IS_BROADCAST_MULTIPROCESSING | false | false | |
| IS_DOWNLOAD_CERT | false | false | |
| IS_AUTOGEN_CERT | auto generate cert key | false | true, false |
| IS_COMPRESS_LOG | auto compress loopchain and icon log via crontab | false | true, false |
| IS_WRITE_BH | write BH, TX, UX_TX, state on booting log | true | true, false |
| REPAIRDB_MODE | recovery crash leveldb | false | true, false, force |
| USER_DEFINED_ENV |