How to set up ec2 t1.micro Ubuntu for Masternode part 2/3

[chaeplin]

* Use this guide only for EC2 instance with Security-Group
* Using this guide on non-EC2 instances is very dangerous ( Especially iptables )

* This guide is valid for RC3(local/remote setup)
* local is home linux cold wallet holding 1K DRK
* remote is server with empty wallet

I. Part 1/3 EC2 Setup
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-1-3.240/

II. Part 2/3 AMI Setup
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-2-3.241/
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-2-3-2.1754/

III. Part 3/3 Masternode update
https://darkcointalk.org/threads/how-to-set-up-ec2-t1-micro-ubuntu-for-masternode-part-3-3.262/


* cat >> blabla << EOF blablabla EOF things are removed.
* This guide is valid for RC3(local/remote setup)
* local is home linux cold wallet holding 1K DRK(With private ip address)
* remote is server with empty wallet
* You can use darkcoind or darkcoind-qt

* if public ip of remote is changed, change masternodeprivkey
* if you see log like "(ip_yours) dropped (banned)", restart darkcoind

* brief steps
- setup ami to compile normal darkcoind
- compile darkcoind and run, sync
- make an encrypted wallet holding 1000 DRK using home pc
- download RC darksend
- replace darkcoind


PART 1
This part use github src to compile to setup basic environment.
#########################
1. login to ec2 ami

ssh -i downloaded_pemfile ubuntu@ami_public_ip

2. disable root login and sudo to root
http://aws.amazon.com/articles/1233
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/building-shared-amis.html

sudo passwd -l root
sudo su -

3. update system

apt-get update
apt-get dist-upgrade

4. add swap

dd if=/dev/zero of=/swapfile bs=1M count=1024

mkswap /swapfile
swapon /swapfile

* add line to /etc/fstab

/swapfile  swap      swap    defaults        0 0

5. install files

apt-get install build-essential libssl-dev libboost-all-dev libdb5.1 libdb5.1-dev libdb5.1++-dev

read binary wallet compatibility : https://github.com/darkcoinproject/...#dependency-build-instructions-ubuntu--debian

Ubuntu precise has packages for libdb5.1-dev and libdb5.1++-dev, but using these will break binary wallet compatibility, and is not recommended.

apt-get install git ntp make g++ gcc autoconf cpp ngrep iftop sysstat

6. change system setting

update-rc.d ntp enable

* enable sysstat
* you can skip this system monitoring part.
* sysstat utilities are a collection of performance monitoring tools.

change line in /etc/default/sysstat
* /etc/default/sysstat : "ENABLED="true"
change line in /etc/cron.d/sysstat
* /etc/cron.d/sysstat : sar 10 min to 1 min :
5-55/10 * * * *
to
*/1 * * * *

* add iptables rule
* add a line to /etc/rc.local between # and 'exit 0'

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/sbin/iptables-restore < /etc/iptables
exit 0

* do not use this rule for other vm.
* rule for ec2 ami + ec2 security group.
* /etc/iptables

#-----
*filter
:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]
-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j DROP
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
-A INPUT -i eth0 -p tcp -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
#-----

* test iptables

/sbin/iptables-restore < /etc/iptables
iptables -L -v -n

7. reboot system

reboot

8. do step 1 and 2(login and switched to root)




*** if you don't want compile, you can skip step 9, 10, 11.
9. install darkcoin(git, compile, strip, copy)

cd /usr/local/src/
git clone https://github.com/darkcoinproject/darkcoin.git
cd darkcoin/src/

time make -f makefile.unix "USE_UPNP:=-" "USE_IPV6:=0"
strip darkcoind
cp darkcoind /usr/bin

10. logout root

exit

11. as ubuntu user

mkdir ~/.darkcoin

If you want more powerpool password do this, and use the result to darkcoin.conf.
You do not need to remember this password. It's used to connect rpc.
Anytime you can change it(after darkcoind is stopped)

darkcoind

This is output of darkcoind.

> darkcoind
Error: To use darkcoind, you must set a rpcpassword in the configuration file:
/home/ubuntu/.darkcoin/darkcoin.conf
It is recommended you use the following random password:
rpcuser=darkcoinrpc
rpcpassword=Z9u831PBcGvuQdassadasVQFZb5381EoadnjAebc
(you do not need to remember this password)
The username and password MUST NOT be the same.
If the file does not exist, create it with owner-readable-only file permissions.
It is also recommended to set alertnotify so you are notified of problems;
for example: alertnotify=echo %s | mail -s "DarkCoin Alert" [email protected]

* make and edit ~/.darkcoin/darkcoin.conf

#----
## change this
rpcuser=any_user_name_you_want_you_should_change_this_do_not_forget_
## change this
rpcpassword=any_password_you_like_name_you_want_you_should_change_this_do_not_forget
rpcallowip=127.0.0.1
listen=1
server=1
daemon=1
logtimestamps=1
maxconnections=256
#--------------------
# change change_this_to_your_ec2_public_ip_ami_public_ip to public ip address which you connected by ssh
externalip=change_this_to_your_ec2_public_ip_ami_public_ip
#---------------------

run darkcoind
check sync status
compare block height(no) with http://explorer.darkcoin.io/chain/DarkCoin or http://drk.poolhash.org/graph.html
use 'tail -f ~/.darkcoin/debug.log' to see log.

darkcoind
darkcoind getinfo
darkcoind getmininginfo
tail -f ~/.darkcoin/debug.log

Continued.. in PART II

 

[nj47]

I would recommend a few additional steps.
1.) fail2ban - slightly unnecessary if you are locking down ssh to your local IP, but it couldn't hurt
2.) Setup a root password - this is a big one.
3.) Create a dedicated darkcoin user and only let that user access the wallet file
4.) UFW makes managing the firewall so much easier
5.) Setup 2FA on your AWS account
6.) I would also say it is nearly imperative that you setup some sort of remote monitoring and get notifications if CPU usage gets too high, because on a micro instance if your CPU goes above like 50% for more than 1 minute, they throttle your CPU max usage to < 1000 mhz.

 

[chaeplin]

I would recommend a few additional steps.
1.) fail2ban - slightly unnecessary if you are locking down ssh to your local IP, but it couldn't hurt
2.) Setup a root password - this is a big one.
3.) Create a dedicated darkcoin user and only let that user access the wallet file
4.) UFW makes managing the firewall so much easier
5.) Setup 2FA on your AWS account
6.) I would also say it is nearly imperative that you setup some sort of remote monitoring and get notifications if CPU usage gets too high, because on a micro instance if your CPU goes above like 50% for more than 1 minute, they throttle your CPU max usage to < 1000 mhz.

I have learned how to use IAM and CloudWatch.
Thank you.

 

[TanteStefana]

I'm curious why you add a swap file? Isn't there one already from the default image?

 

[chaeplin]

I'm curious why you add a swap file? Isn't there one already from the default image?

No swap on default Ubuntu image.

 

[vertoe]

I'm curious why you add a swap file? Isn't there one already from the default image?

you dont really need a swap device but compiling darkcoin on micro instances you will usually run out of memory. good guide.

 

[TanteStefana]

Ah, I see. Since this is a downloaded pre compiled binary, I didn't notice a problem with memory, LOL.

Another question please, I've been searching for an answer all night but can't figure it out, what do the numbers inside the brackets represent?:

:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]

Thank you

 

[TanteStefana]

I can't believe it, hours and hours I've been searching, and I tried just now one more time, and I got the question right, LOL. I never once just asked "what are the numbers inside the brackets, I asked all kinds of other things, but that one hit the nail on the head!

Counters, I guess start counting on the lower end to the top end, eh?

 

[chaeplin]

Ah, I see. Since this is a downloaded pre compiled binary, I didn't notice a problem with memory, LOL.

Another question please, I've been searching for an answer all night but can't figure it out, what do the numbers inside the brackets represent?:

:INPUT ACCEPT [1038:145425]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [434:87191]

Thank you

That's packets and bytes of chain.

This is sample.

root@ip:~# iptables -L -v -n
Chain INPUT (policy ACCEPT 1034 packets, 119K bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9998 reject-with tcp-reset
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999flags: 0x17/0x02 #conn src/24 > 8 reject-with tcp-reset
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999flags: 0x17/0x02 #conn src/32 > 2 reject-with tcp-reset
524 31650 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:9999
832K 374M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 340 packets, 42833 bytes)
pkts bytes target prot opt in out source destination
3 3131 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:9999 ctstate NEW
369K 834M ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp spt:9999
153K 19M ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999
61302 3931K ACCEPT all -- * eth0 0.0.0.0/0 0.0.0.0/0

root@ip:~# iptables-save
# Generated by iptables-save v1.4.12 on Sat Apr 12 07:52:14 2014
*filter
:INPUT ACCEPT [1034:119457]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [340:42833]
-A INPUT -i eth0 -p tcp -m tcp --dport 9998 -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 8 --connlimit-mask 24 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m tcp --dport 9999 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset
-A INPUT -i eth0 -p tcp -m conntrack --ctstate NEW -m tcp --dport 9999 -j ACCEPT
-A INPUT -i eth0 -p tcp -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -m conntrack --ctstate NEW -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9999 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9999 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
COMMIT
# Completed on Sat Apr 12 07:52:14 2014

 

[mattmct]

Cheers for the guide!

With it being updated almost daily right now, maybe adding a section on how to update darkcoin would be worthwhile?

 

[mattmct]

Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp

/sbin/insserv: No such file or directory

ntp     0:off 1:off 2:on 3:on 4:on 5:on 6:0ff

Did I do this in the wrong dir or something?

Cheers!

 

[Propulsion]

Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp
/sbin/insserv: No such file or directory
ntp 0ff 1ff 2n 3n 4n 5n 6ff

Did I do this in the wrong dir or something?

Cheers!

Might want to edit that and use the Code button. So it doesn't show the smiles.

/sbin/insserv:No such file or directory
ntp0:ff

 

[mattmct]

Might want to edit that and use the Code button. So it doesn't show the smiles.

/sbin/insserv:No such file or directory
ntp0:ff

Good point lol, update the msg above. Cheers

 

[chaeplin]

Hi @chaeplin , on #6, I get the following error on entering chkconfig --add ntp

/sbin/insserv: No such file or directory

ntp     0:off 1:off 2:on 3:on 4:on 5:on 6:0ff

Did I do this in the wrong dir or something?

Cheers!

My fault, I have edited it.

Use

update-rc.d ntp defaults

 

[mattmct]

Cheers @chaeplin .

Sorry to say, I'm stuck on #9.

I'm not sure what "* change USE_UPNP:=- and USE_IPV6:=0" means.

After entering "time make -f makefile.unix"

g++ -c -O2 -pthread -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -g -DBOOST_SPIRIT_THREADSAFE -D_FILE_OFFSET_BITS=64 -I/usr/local/src/darkcoin/src -I/usr/local/src/darkcoin/src/obj -DUSE_UPNP=0 -DUSE_IPV6=1 -I/usr/local/src/darkcoin/src/leveldb/include -I/usr/local/src/darkcoin/src/leveldb/helpers -DHAVE_BUILD_INFO -fno-stack-protector -fstack-protector-all -Wstack-protector -D_FORTIFY_SOURCE=2  -MMD -MF obj/net.d -o obj/net.o net.cpp
net.cpp:18:32: fatal error: miniupnpc/miniwget.h: No such file or directory
compilation terminated.
make: *** [obj/net.o] Error 1

real    2m22.786s
user    2m3.992s
sys     0m10.645s
root@ip-172-31-11-22:/usr/local/src/darkcoin/src# strip darkcoind
strip: 'darkcoind': No such file

 

[mattmct]

My fault, I have edited it.

Use

Many thanks Chaeplin. I gave that a shot, got this:

update-rc.d ntp defaults
update-rc.d: warning: ntp stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
System start/stop links for /etc/init.d/ntp already exist.

 

[chaeplin]

Many thanks Chaeplin. I gave that a shot, got this:

update-rc.d ntp defaults
update-rc.d: warning: ntp stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
System start/stop links for /etc/init.d/ntp already exist.

file alredy created by chkcoinfig, so ignore it.

 

[mattmct]

file alredy created by chkcoinfig, so ignore it.

Okay awesome, thanks. Stuck on #9 above :/

 

[chaeplin]

Cheers @chaeplin .

Sorry to say, I'm stuck on #9.

I'm not sure what "* change USE_UPNP:=- and USE_IPV6:=0" means.

edit option in makefile.unix
or without edit

time make -f makefile.unix "USE_UPNP:=-" "USE_IPV6:=0"

 

[mattmct]

You're awesome @chaeplin ! Thanks for spelling it out for me! . I was just reading through the building guide and think I worked it out. But thanks for adding it in. Much appreciated!