DHC Node Setup

Create Wallet Account

You can create a new wallet address directly within the browser plugin wallet like MetaMask and export the private key for later use.

To log into the SSH server via the account password set when purchasing the server and the public IPv4 address automatically assigned to the instance by the cloud service provider.

Option 1. the built-in system terminal:

For Mac systems and native Linux systems, you can use the built-in terminal simulator to log in.
For Windows systems, you can use the built-in PowerShell tool to log in. You need to run PowerShell as administrator and install the OpenSSH plugin. The plugin installation tutorial link is as Get started with OpenSSH for Windows

login Method: After opening the terminal, enter "ssh username@public IP address" (e.g. ssh [email protected]), then enter the password according to the prompt to complete the login.

Option 2. the third-party SSH login tools:

Third-party SSH login tools such as Xshell, PuTTY, SimpleRemote, Terminus, etc. You can refer to the relevant product tutorials to log in by yourself.

Option 3. the built-in server method of cloud service:

Different cloud service providers may provide their own online server management consoles, through which you can log in graphically, such as logging in to EC2 instances on Amazon Web Services through the EC2 console page. Please refer to the help documents provided by each cloud service provider.

Install runtime environment

# Install the Docker runtime environment
sudo curl -fsSL https://get.docker.com | bash -s docker
sudo systemctl enable docker
sudo systemctl start docker

# Check if the Docker service started correctly
sudo systemctl status docker
# Use "ctrl+c" to resume command status
sudo chmod 666 /var/run/docker.sock
docker version

# Download the docker-compose program
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

# Install docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

Create a node storage directory and startup file

# Create a Node Storage Catalog
mkdir -p bool-testnode/node-data

# Enter the node storage catalog
cd bool-testnode 

# Adjust user permissions
chmod 777 node-data

# Add a Configuration File
# You can also use "cat > docker-compose.yaml" first and then use "vim docker-compose.yaml" 
# Then paste the the remaining code between "<<EOF" and "EOF" and do save it.
cat > docker-compose.yaml <<EOF
version: "3"
services:
  bnk-node1:
    image: boolnetwork/bnk-node:alpha-testnet
    restart: always
    environment:
      RUST_LOG: info
    volumes:
    - "./node-data:/data"
    command: |
      --validator
      --enable-offchain-indexing true
      --rpc-methods Unsafe
      --unsafe-rpc-external
      --rpc-cors all
      --rpc-max-connections 100000
      --pool-limit 100000
      --pool-kbytes 2048000
      --tx-ban-seconds 600
      --ethapi=debug,trace,txpool
      --chain alpha_testnet
    ports:
      - 9944:9944
      - 30333:30333
EOF

# Start the service
docker-compose up -d

Note: Some hosting service providers' built-in terminals will recognize space characters as indent characters during code copying, which may lead to YAML program runtime errors. Please check and replace.

Configure the sgx server

# Pull github repositories
git clone https://github.com/boolnetwork/mining-scripts.git

# Install the sgx driver
apt update
apt install  build-essential  automake autoconf libtool wget python libssl-dev dkms
wget https://download.01.org/intel-sgx/latest/linux-latest/distro/ubuntu18.04-server/sgx_linux_x64_driver_1.41.bin
bash sgx_linux_x64_driver_1.41.bin

# View sgx status
cd mining-scripts && ./sgx-detect

# Initialize the account, the account information needs to be saved, will be used subsequently
docker run -it --rm boolnetwork/bnk-node:release identity generate

Modify keyring.toml configuration file

Please checkout the latest DHC bootnodes here in advance and do the replacement if changed.

Be aware of that identity = "0x" + "private key" and the total length must be 66.

# Enter the configuration mode of keyring.toml file
vim configs/keyring.toml

# Modify the file internally as follows:
node_ws_url = "ws://127.0.0.1:9944"
# local node_call server port.
node_call_port = 8720
# used to generate LocalKeyStore, used to get AccountId in substrate.
# import your privatekey from wallet like MetaMask and do the replacement
# Note that the first two digits must be started with "0x" and then the private key
identity = "0x0000000000000000000000000000000000000000000000000000000000000000"
# database path
db_path = "/host/data"
# tokio console port
console_port = 5555

# database start option
[db_option]
create_if_missing = true
atomic_flush = true

[network_config]
port = 38700
boot_nodes = ["/ip4/172.210.130.200/tcp/38700/p2p/12D3KooWJVjkr19spLuvmWb68zdxki2qucnubPzbHRjxRi8jhwzF"]
share_peer_interval = 30
only_global_ips = true

[key_server_config]
# Pay attention to this place, the first startup may need to be changed to 0, otherwise there will be an error can not get up!
version = 1
attestation_style = 2 #This corresponds to using an image, epid=1, dcap=2
seal_policy = "MRSIGNER"
exe_policy = { Multiply = { executors = 8 } }
round_time_limit = 60
clear_msg_interval = 180

Modify sgx_default_qcnl.conf file

Choose wisely with your cloud service provider and make the change.

# Enter the configuration mode of qcnl.conf file
vim configs/sgx_default_qcnl.conf

# Modify the file internally as follows:
# Ali Cloud
# [Region-ID] is the region of the server you purchased, like cn-hongkong and etc. 
# you can refer to https://help.aliyun.com/document_detail/140601.html
{
  "pccs_url": "https://sgx-dcap-server.[Region-ID].aliyuncs.com/sgx/certification/v3/",
  "use_secure_cert": true, # To accept insecure HTTPS cert, set this option to FALSE
  "retry_times": 6,
  "retry_delay": 10,
  "pck_cache_expire_hours": 168
}
# Tencent Cloud
{
  "pccs_url": "https://sgx-dcap-server-tc.bj.tencent.cn/sgx/certification/v3/",
  "use_secure_cert": true, # To accept insecure HTTPS cert, set this option to FALSE
  "retry_times": 6,
  "retry_delay": 10,
  "pck_cache_expire_hours": 168,
  "verify_collateral_cache_expire_hours": 168
}
# Microsoft Cloud
{
  "pccs_url": "https://global.acccache.azure.net/sgx/certification/v3/",
  "use_secure_cert": true, # To accept insecure HTTPS cert, set this option to FALSE
  "retry_times": 6,
  "retry_delay": 10,
  "pck_cache_expire_hours": 168
}

Modify docker-compose file (Optional)

You need to change the configuration here and replace the "<version_no>" underneath only when the official mirror version is updated, please refer to this link for the exact version information.

The latest version of the mirror is: v0.6.6

# Enter the configuration mode
vim docker-compose.yaml

# Modify the file internally as follows:
version: "3"
services:
  bnk-occlum-keyring:
    image: boolnetwork/bnk-occlum-keyring-dcap:<version_no>
    restart: always
    network_mode: "host"
    environment:
         RUST_LOG: info
    volumes:
        - ./configs:/configs
        - ./data:/root/occlum_instance/data
        - ./configs/sgx_default_qcnl.conf:/etc/sgx_default_qcnl.conf
    devices:
        - /dev/sgx/enclave:/dev/sgx/enclave
        - /dev/sgx/provision:/dev/sgx/provision
    command: bash -c 'cp /configs/keyring.toml /root/occlum_instance; apt update;apt install curl -y;source /root/.bashrc; cd /root/occlum_instance; occlum print mrsigner; occlum print mrenclave; occlum run /bin/bnk-watcher /host/keyring.toml'

Start DHC Node Service

# Start DHC node service
docker-compose up -d

# View node service Logs
docker-compose logs --tail 200 -f

Case Study

If you're facing problems in setup process, try to find a solution here.

Last updated 1 year ago