Configure IOTA (IRI) Full Headless Node on Centos 7

Update (Automated Installation):
I’ve created an automated installation(click-‘n-go) to install the full node and some additional add-ons (Monitoring Graphs, alerts and IOTA peer manager).
It includes extensive documentation on subjects such as security hardening and troubleshooting. I recommend to use it to get you up and running:

Automated IRI Installation

 

For anyone interested in running an IOTA fullnode on Centos, here are the steps I’ve taken to get it working nicely. I guess this should also work for any other RedHat based systems.
Some basic understanding of linux is required.

Note that this installation does not make use of Docker, so IRI runs directly on the system.
While there are some advantages running IRI in Docker, it is only optional.
(Sorry, still didn’t have the time to write a tutorial on installing IRI with Docker).

 

 

Install Epel

Install requirements:

 

Install IRI

Install maven (also libappindicator, java and git if you don’t have)

Choose a location where you want to install and run iri in.
In this example I chose /var/lib/iri but it can also be located elsewhere (like under /opt).

Note that I ran the above commands as root — because I am lazy (which is typically discouraged). You can run those commands as a privileged user prefixing the commands with ‘sudo’ where needed.

Now that iri is installed we can proceed to create a user and configure some files.

 

Configure

User and Home Directory

Let’s start by adding a user under which iri will run:

Now we can chown the entire home directory recursively and set correct permissions:

 

Startup File

Add an environmental variables file in /etc/sysconfig/iri:

Regarding IRI_VERSION, make sure you put the correct version (in time of writing this was 1.3.0). You can see the version with ls /var/lib/iri/target/iri-*.jar

You can read more about the startup options here: https://github.com/iotaledger/iri#installing

I chose to use command-line startup arguments, but you can also use a config.ini file as mentioned in the link above. You will have to provide the config file in the systemd drop-in file which is shown here below.

Neighbors List

A word about the neighbors list:

At this point you should already have at least one neighbor to add to the list. You can, at any time, add neighbors to the daemon while it is running using API commands. If you’ve added neighbors during run-time you should also add them to the IRI_NEIGHBORS list in /etc/sysconfig/iri so they are kept across restarts/reboots etc.

 

Systemctl

Next we can create a systemd drop-in file to control iri’s process.
We create it in /usr/lib/systemd/system/iri.service:

Next we need to reload systemctl to read the new drop-in file, enable the service and start it up:

 

Firewall

Depending on the ports you are going to use, you need to allow them through the firewall. By default the ports 15600/tcp and 14600/udp are used for peer communication.
I am using firewalld to control iptables. If you are using the default iptables you can search on the web how to enable the specific ports and keep the configuration persist across reboots/restarts.

Let’s say we want to allow neighbors connect to the default tcp and udp ports, we will issue:

You can also add the 14265/tcp if you chose to use the –remote startup option.
For security reasons I am keeping my 14265/tcp to listen only on localhost and if needed I do some SSH port forwarding to allow me to connect to it.

Verify

There are a few ways to verify everything is up and running.
First check the status of the daemon, you should see something like this (shoud be Active: active). Also look if any errors or if service exited for some reason.

 

To ensure the communication with the neighbors is working you can use tcpdump and should see something like this:

(For security reasons I’ve hidden most of the IP addresses).
You will notice bi-directional traffic, i.e. your IP address sending UDP packets to your neighbors and your neighbors sending UDP packets to your IP.

 

Node Monitor

I would also like to recommend this nice utility to help managing the daemon at run time:

https://github.com/akashgoswami/ipm

It allows to add/remove neighbors and visualize (live) the activity with each neighbor.

 

Good luck!
Please leave a comment or catch me on the iota slack channel if any questions: @nuriel77

 

If you liked this tutorial and would like to donate mIOTA:

CSSFHHDBUQDGAUGYUHTENLBJ9JMTUFFLYLJZKTLRZVLLDCZZOQHOUXJOVDKXOLXGCJEMXJOULDIKADBHWMGVALMAUW

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.