How to install Lisk node on testnet
This article is on how to install and run Lisk delegate node on testnet, on Digitalocean Ubuntu 16.04 droplet. It should help you to set up a new delegate node as easy as possible while still being secure and stable.
Before starting I assume you are already familiar with basic terminal commands and how to access a remote server via SSH.
Create a test account
Use Lisk Nano to create an account on testnet and register it as delegate. You'll need some test Lisk to register as delegate (the delegate registration costs 25 LSK). I asked on lisk.chat for some test Lisk (thanks @lisksnake).
Create a droplet (server node)
For this tutorial, a 4GB - 2vCPUs - 80GB SSD - 16.04.3 x64 droplet is used.
If you've never created a droplet before, follow this guide. You can choose a different configuration but be advised I found 2GB of RAM is the minimum when installing Lisk from source (otherwise npm install
won't work correctly).
Once you've created the droplet, you will receive an email from digitalocean containing the IP address and the root password required to access the droplet:
ssh root@123.456.789.012
There is a very good tutorial on how to do Initial Setup with Ubuntu 16.04, describing each step in detail, I'll focus on what commands you need to execute (in the given order) to setup a delegate node and start forging.
Create a new user and add the user to the sudo group
On the server
adduser sdrpa
usermod -aG sudo sdrpa
su - sdrpa
Disable Password Authentication and Root Login
Create ~/.ssh/authorized_keys
file on the server and paste local machine public key to ~/.ssh/authorized_keys
file. (If you've never created SSH keys follow this guide to create the RSA key pair):
mkdir ~/.ssh
chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
# paste content of ~/.ssh/id_rsa.pub from your local machine and save the file
chmod 600 ~/.ssh/authorized_keys
sudo nano /etc/ssh/sshd_config
In /etc/ssh/sshd_config
, set:
PasswordAuthentication no
PermitRootLogin no
Reload the SSH daemon and exit
sudo systemctl reload sshd
exit
Now you should be able to login to the remote server without a password
$ ssh sdrpa@123.456.789.012
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-112-generic x86_64)
...
Update all packages
sudo apt-get update && sudo apt-get dist-upgrade
Set up ufw firewall and install fail2ban
sudo ufw allow OpenSSH
sudo ufw allow 7000
sudo ufw enable
sudo apt-get install fail2ban
Install ntp
sudo apt-get install ntp
sudo ufw allow ntp
sudo service ntp stop
sudo apt-get install ntpdate
sudo ntpdate pool.ntp.org
sudo service ntp start
Install Lisk
wget https://downloads.lisk.io/lisk/test/installLisk.sh
cd lisk-test
chmod +x installLisk.sh
./installLisk.sh install
You'll be asked several questions, choose default location, testnet and when asked if you want to synchronize with genesis account answer no
.
chmod +x lisk.sh
./lisk.sh stop
Edit ~/list-test/config.json to enable forging
Replace secret
with your passphrase (passphrase for the testnet account you've created before)
...
"forging": {
"force": false,
"secret": ["first second third fourth fifth sixth seventh eighth ninth tenth eleventh twelfth"],
"access": {
"whiteList": [
"127.0.0.1"
]
}
},
...
Rebuild with the latest Lisk blockchain snapshot
./lisk.sh rebuild -u https://testnet-snapshot.lisknode.io -f blockchain.db.gz
Visit testnet explorer to check the current block height
Wait some time for your node to be fully synchronized with testnet.
You can check your node current height with:
./lisk.sh status
# output:
√ Lisk is running as PID: 7369
Current Block Height: 4344100
Once your node is in sync with testnet, the forging will be activated. Check it with:
grep Forging logs/lisk.log
# output:
[inf] 2018-01-31 13:41:34 | Forging enabled on account: 5055500162731337929L
That's it.
I advise you to check Best practices for hardening a new sever for further information regarding the server security, but at this point, you have a solid foundation for your delegate node.
Notes
I skipped enabling swap space on the server. According to Digitalocean recommendation:
"Although swap is generally recommended for systems utilizing traditional spinning hard drives, using swap with SSDs can cause issues with hardware degradation over time. Due to this consideration, we do not recommend enabling swap on DigitalOcean or any other provider that utilizes SSD storage...If you need to improve the performance of your server on DigitalOcean, we recommend upgrading your Droplet...".
Resources
Initial server setup with Ubuntu 16.04, Digitalocean
How To Use SSH Keys with DigitalOcean Droplets
How to add swap space on Ubuntu 16.04
Lisk GitHub, LiskHQ
Lisk Documentation, LiskHQ
How to setup a Lisk node (on testnet and mainnet), KyleFromOhio