Update (Automated Installation):
I’ve created an automated installation(click-‘n-go) to install the full node and some additional add-ons (Monitoring Graphs, alerts and IOTA peer manager).
It includes extensive documentation on subjects such as security hardening and troubleshooting. I recommend to use it to get you up and running:
For anyone interested in running an IOTA fullnode on Centos, here are the steps I’ve taken to get it working nicely. I guess this should also work for any other RedHat based systems.
Some basic understanding of linux is required.
Note that this installation does not make use of Docker, so IRI runs directly on the system.
While there are some advantages running IRI in Docker, it is only optional.
(Sorry, still didn’t have the time to write a tutorial on installing IRI with Docker).
Install Epel
Install requirements:
|
1 |
yum install epel-release -y |
Install IRI
Install maven (also libappindicator, java and git if you don’t have)
|
1 |
$ sudo yum install maven git java-1.8.0 libappindicator |
Choose a location where you want to install and run iri in.
In this example I chose /var/lib/iri but it can also be located elsewhere (like under /opt).
|
1 2 3 4 5 |
# cd /var/lib # git clone https://github.com/iotaledger/iri # cd iri # mvn clean compile # mvn package |
Note that I ran the above commands as root — because I am lazy (which is typically discouraged). You can run those commands as a privileged user prefixing the commands with ‘sudo’ where needed.
Now that iri is installed we can proceed to create a user and configure some files.
Configure
User and Home Directory
Let’s start by adding a user under which iri will run:
|
1 |
# useradd -s /sbin/nologin -M -d /var/lib/iri iri |
Now we can chown the entire home directory recursively and set correct permissions:
|
1 2 |
# chown iri.iri /var/lib/iri -R # chmod 700 /var/lib/iri |
Startup File
Add an environmental variables file in /etc/sysconfig/iri:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# IRI Version IRI_VERSION=1.3.0 # API communication port IRI_PORT=14265 # Provide a list of neighbors delimited with space IRI_NEIGHBORS="udp://some.neighbor.org:14600 udp://another.neighbor.org:14600" # Limit the amount of memory that will be used: JAVA_MEM=1024m # Limit API commands to the following list REMOTE_LIMIT_API="removeNeighbors, addNeighbors, interruptAttachingToTangle, attachToTangle, getNeighbors" # Uncomment this line if you want port 14265 to listen on all interfaces. # If you leave this option out, 14265/tcp will only listen on localhost. #IRI_OPTIONS="--remote" |
Regarding IRI_VERSION, make sure you put the correct version (in time of writing this was 1.3.0). You can see the version with ls /var/lib/iri/target/iri-*.jar
You can read more about the startup options here: https://github.com/iotaledger/iri#installing
I chose to use command-line startup arguments, but you can also use a config.ini file as mentioned in the link above. You will have to provide the config file in the systemd drop-in file which is shown here below.
Neighbors List
A word about the neighbors list:
At this point you should already have at least one neighbor to add to the list. You can, at any time, add neighbors to the daemon while it is running using API commands. If you’ve added neighbors during run-time you should also add them to the IRI_NEIGHBORS list in /etc/sysconfig/iri so they are kept across restarts/reboots etc.
Systemctl
Next we can create a systemd drop-in file to control iri’s process.
We create it in /usr/lib/systemd/system/iri.service:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[Unit] Description=IOTA FullNode After=network-online.target [Service] WorkingDirectory=/var/lib/iri/target EnvironmentFile=-/etc/sysconfig/iri ExecStart=/usr/bin/java -Xmx${JAVA_MEM} -jar iri-${IRI_VERSION}.jar -p ${IRI_PORT} -n "${IRI_NEIGHBORS}" ${IRI_OPTIONS} --remote-limit-api "${REMOTE_LIMIT_API}" TimeoutStopSec=15 Restart=on-failure RestartSec=10 Type=simple User=iri [Install] WantedBy=multi-user.target |
Next we need to reload systemctl to read the new drop-in file, enable the service and start it up:
|
1 2 3 |
# systemctl daemon-reload # systemctl enable iri.service # systemctl start iri.service |
Firewall
Depending on the ports you are going to use, you need to allow them through the firewall. By default the ports 15600/tcp and 14600/udp are used for peer communication.
I am using firewalld to control iptables. If you are using the default iptables you can search on the web how to enable the specific ports and keep the configuration persist across reboots/restarts.
Let’s say we want to allow neighbors connect to the default tcp and udp ports, we will issue:
|
1 2 |
# firewall-cmd --zone=public --add-port=15600/tcp --add-port=14600/udp --permanent # firewall-cmd --reload |
You can also add the 14265/tcp if you chose to use the –remote startup option.
For security reasons I am keeping my 14265/tcp to listen only on localhost and if needed I do some SSH port forwarding to allow me to connect to it.
Verify
There are a few ways to verify everything is up and running.
First check the status of the daemon, you should see something like this (shoud be Active: active). Also look if any errors or if service exited for some reason.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# systemctl status iri ● iri.service - IOTA FullNode Loaded: loaded (/usr/lib/systemd/system/iri.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2017-08-09 08:57:53 CEST; 2h 44min ago Main PID: 25434 (java) CGroup: /system.slice/iri.service └─25434 /usr/bin/java -Xmx1024m -jar iri-1.3.0.jar -p 14265 -n udp://xx.xx.xx:14700 --remote-limit-api removeNeighbors, addNeighbors, interruptAttachingToTangle, attachToTangle, getNeighbors Aug 09 11:41:30 x-vps.com java[25434]: 08/09 11:41:30.174 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 2 , toReply = 0 / totalTransactions = 16015 Aug 09 11:41:40 x-vps.com java[25434]: 08/09 11:41:40.175 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 2 , toReply = 0 / totalTransactions = 16023 Aug 09 11:41:50 x-vps.com java[25434]: 08/09 11:41:50.176 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 1 , toReply = 0 / totalTransactions = 16031 Aug 09 11:42:00 x-vps.com java[25434]: 08/09 11:42:00.181 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 1 , toReply = 0 / totalTransactions = 16036 Aug 09 11:42:09 x-vps.com java[25434]: 08/09 11:42:09.901 [Latest Milestone Tracker] INFO com.iota.iri.Milestone - Latest milestone has changed from #152386 to #152387 Aug 09 11:42:10 x-vps.com java[25434]: 08/09 11:42:10.182 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 1 , toReply = 0 / totalTransactions = 16043 Aug 09 11:42:10 x-vps.com java[25434]: 08/09 11:42:10.383 [Solid Milestone Tracker] INFO com.iota.iri.Milestone - Latest SOLID SUBTANGLE milestone has changed from #152386 to #152387 Aug 09 11:42:20 x-vps.com java[25434]: 08/09 11:42:20.187 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 1 , toReply = 0 / totalTransactions = 16047 Aug 09 11:42:30 x-vps.com java[25434]: 08/09 11:42:30.189 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 2 , toReply = 0 / totalTransactions = 16050 Aug 09 11:42:40 x-vps.com java[25434]: 08/09 11:42:40.190 [pool-2-thread-2] INFO com.iota.iri.network.Node - toProcess = 0 , toBroadcast = 0 , toRequest = 1 , toReply = 0 / totalTransactions = 16053 |
To ensure the communication with the neighbors is working you can use tcpdump and should see something like this:
|
1 2 3 4 5 6 7 8 9 |
# tcpdump -i eth0 -nn port 14600 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 11:46:26.604855 IP 80.xx.xx.xx.15600 > 185.xx.xx.xx.14600: UDP, length 1650 11:46:26.605993 IP 185.xx.xx.xx.14600 > 80.xx.xx.xx.15600: UDP, length 1650 11:46:26.640945 IP 138.xx.xx.xx.14860 > 185.xx.xx.xx.14600: UDP, length 1650 11:46:26.940037 IP 138.xx.xx.xx.14600 > 185.xx.xx.xx.14600: UDP, length 1650 11:46:27.891289 IP 80.xx.xx.xx.15600 > 185.xx.xx.xx.14600: UDP, length 1650 11:46:27.895815 IP 185.xx.xx.xx.14600 > 5.xx.xx.xx.14700: UDP, length 1650 |
(For security reasons I’ve hidden most of the IP addresses).
You will notice bi-directional traffic, i.e. your IP address sending UDP packets to your neighbors and your neighbors sending UDP packets to your IP.
Node Monitor
I would also like to recommend this nice utility to help managing the daemon at run time:
https://github.com/akashgoswami/ipm
It allows to add/remove neighbors and visualize (live) the activity with each neighbor.
Good luck!
Please leave a comment or catch me on the iota slack channel if any questions: @nuriel77
If you liked this tutorial and would like to donate mIOTA:
CSSFHHDBUQDGAUGYUHTENLBJ9JMTUFFLYLJZKTLRZVLLDCZZOQHOUXJOVDKXOLXGCJEMXJOULDIKADBHWMGVALMAUW