Skip to content

FAQ

Jump to bottom
phahulin edited this page Jan 26, 2018 · 3 revisions

What are AWS access keys, how can I configure ut?

Before start, you need get AWS access key, please read the instruction: http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html

What are VPCs and subnets? Where do I find vpc_subnet_id?

Please refer to this guide that explains what are vpcs and subnets: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

You can use aws cli to get the list of available subnets:

aws ec2 describe-subnets

and find "AvailabilityZone" with the related "SubnetId": "subnet-XXXXXX"

How to add ssh key pair?

Please see: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

What's the difference between admins.pub and ssh_ROLENAME.pub?

File admins.pub contains keys used to access under root and ubuntu (sudo user).File ssh_role.pub provides unpriviledged access to a server. If priviledge separation is not required, just use symlink to admins.pub.

Where can I find IMAGE ID for ubuntu LTS?

In diffirent regions, ubuntu has unique IMAGE ID. Please see the required IMAGE ID at: https://cloud-images.ubuntu.com/locator/ec2/

What instance type to use?

We recommend type t2.large for mainnet (core) and m2.medium (sokol) for testnet, but you are free to decide. Please see all instance types at: https://aws.amazon.com/ec2/pricing/on-demand/

How do I prepare configuration files

Please selct correct branch (e.g. sokol for testnet, core for mainnet) and create file group_vars/all, copy-paste content from all.network (parameters shared by all roles) and add parameters from a specific role file group_vars/*.example

All variables must be set in site.yml (vars section) and group_vars/all file.

Before setting up instance or refreshing config, add server ip in file hosts and run:

How do I run playbook on AWS

First create an instance by running playbook:

bootnode instance setup: ansible-playbook bootnode.yml
validator instance setup: ansible-playbook validator.yml
netstat instance setup: ansible-playbook netstat.yml
moc instance setup: ansible-playbook moc.yml
explorer instance setup: ansible-playbook explorer.yml

Then install services

ansible-playbook -i hosts site.yml

When running ec2.yml/site.yml how to verify that everything has completed as expected? Please provide verification steps.

ansible-playbooks must pass all steps w/o errors. This means that everything has completed as expected.

How is validator's node secured? What are security guidelines here?

  1. Please make sure you have a strong password for ssh keypair that you use to access validator's node

  2. On the core network it is recommended to close external access to validator node by setting

allow_p2p: false

in group_vars/all file

  1. You can also close access to 22 port (ssh access) by setting
allow_ssh: false

WARNING: don't disable ssh access to a non-AWS instance, you won't be able to restore it since firewall settings will prevent you from doing it.

Home

Clone this wiki locally