Set up a node on Polkadot or Kusama

Here is a simple guide to set up a Polkadot or Kusama node on a Debian 10 Linux machine.

We will detail here the security for a secure SSH connection to our node, the implementation of kusama / polkadot, the management of updates as well as useful commands.

Prerequisites

The prerequisites for running a node depend first of all on the network where the node is going to operate, indeed, Kusama requires less resources than Polkadot, so I’ll let you see on the official Polkadot and Kusama wiki.

Note : Polkadot and Kusama do not support multi-thearding. Therefore, the power of the CPU cores will be more important than the number of cores.

If you want to put a Kusama or Polkadot node into production, I recommend that you take a dedicated server from OVHcloud or Hetzner.

Server configuration

Before renting your dedicated server, it is important to create your public and private SSH keys to be able to communicate with your server as it will be requested when you order.

Key generation

On your computer, open your terminal (for Windows, use Powershell) and type the following command :

ssh-keygen -t rsa -b 4096

Enter the name of the key. Leave blank if you want to leave it as default. Then, you can specify a passphrase (password) for the key: leave empty so as not to put any and confirm.

Enter file in which to save the key (/home/gauth8z/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_ras
Your public key has been saved in id_ras.pub
The key fingerprint is:
SHA256:+PmqgvjNbGGBw7io1hy6QPInZglsm5N0xKjTmZAX6Z4 gauth8z@pop-os
The key's randomart image is:
+---[RSA 4096]----+
| .. |
| .+. |
|o=.+ |
|++*o. . |
|*B++ .. S |
|B+Eoo . . |
|o*Xoo. o |
|+=oOo . |
|.oo.+...... |
+----[SHA256]-----+

If you left everything by default, your SSH key was therefore in the .ssh folder of your home directory.

Note : a folder having a dot before their name is considered hidden.

Go to the directory of your SSH keys and list them.

cd .ssh
ls -lsa
-rw------- 1 gtstaking gtstaking 3434 avril 21 2020 id_rsa
-rw-rw-r-- 1 gtstaking gtstaking 739 avril 5 2020 id_rsa.pub

You have generated 2 keys:

  • A public (id_rsa.pub)
  • A private (id_rsa)

These two keys are related to each other. It is only by presenting the private key to the public key that it is possible to connect to our server.

These 2 files are to be duplicated in a safe place. If you lose the keys you “lose access” to your server.

When ordering your server, you must specify your public SSH key. You can display its contents by typing the following command :

cat id_rsa.pub

First connection to the server

Still on our terminal, we are going to connect to our server with the root user. Note that at OVHcloud, it is the debian user that must be entered.

ssh root@<ip_du_serveur>

System update and installation of prerequisites

Update your debian 10 server

apt update && apt upgrade

Then install the software required for the suite which will be useful to you

apt install curl ufw htop screen sudo

Creating a user

You are currently using a user (root or debian) on the server who is considered Administrator or Superuser of the machine, which is very dangerous.
You will create and use, for the following, a secondary user.
No password and will use the same ssh key as for the root user.
This will be the user you use to run the Polkadot / Kusama program.

Here is the command to create the user :

useradd -m -d /home/gtstaking -s /bin/bash gtstaking

Replace gtstaking with the username of your choice, of course. As root, authenticate and go to your home directory.

su gtstaking
cd ~

Then create the .ssh folder and change the rights.

mkdir .ssh
chmod 700 .ssh

Then, in the .ssh folder, create an authorized_keys file.

cd .ssh
nano authorized_keys

Then paste the contents of the public ssh key. Then Ctrl + x and y to quit and save.

Change the file’s permission as below.

chmod 600 authorized_keys

Finally, log out of your user to return to root :

exit

Add superuser rights (optional)

The created gtstaking user does not have superuser rights. Therefore, in case of maintenance, it may be interesting to have them.

To add a user, as a super user, we add the user gtstaking to the sudo group.

Note : The command below runs as the root user.

usermod -aG sudo gtstaking

Then we will allow the gtstaking user to use sudo without being asked for the user password.

sudo visudo

In this file, add the following line at the end

gtstaking  ALL=(ALL) NOPASSWD:ALL

Save and exit.

Installation and configuration of Polkadot / Kusama

Start by logging in with the gtstaking user.

su gtstaking

Or, if you have logged out of the machine :

ssh gtstaking@ip_du_serveur

Installation

For the installation go to the guide of the README.md file of the github polkadot

Here is the command to add the Polkadot program to your repositories and install it.

# Import the security@parity.io GPG key
gpg --recv-keys --keyserver hkps://keys.mailvelope.com 9D4B2B6EB8F97156D19669A9FF0812D491B96798
gpg --export 9D4B2B6EB8F97156D19669A9FF0812D491B96798 > /usr/share/keyrings/parity.gpg
# Add the Parity repository and update the package index
echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list
apt update
# Install the `parity-keyring` package - This will ensure the GPG key
# used by APT remains up-to-date
apt install parity-keyring
# Install polkadot
apt install polkadot

The commands will do:

  • Add the Polkadot program to the repositories
  • Update ResponsesInstall parity-keyring and Polkadot
  • Create a polkadot user (which will not be useful to us here)

To check the correct installation of the program, you can display the polkadot version with the command below :

polkadot --version

Command to start the program in archive mode

Here is a detailed command to launch its node as a validator in archive mode

polkadot \
--validator \
--chain kusama \
--name 'gtstaking' \
--pruning=archive
  • polkadot: launch polkadot / kusama
  • validator: indicates that we are launching our node in validator mode
  • chain kusama: We specify the blockchain. Not specifying this option is equivalent to choosing Polkadot.
  • name gtstaking: indicate the name of your node
  • pruning = archive

Here the node will download the whole blockchain, which takes a long time depending on the power of your CPU cores and internet speed.To be able to accelerate the download speed, add the following option:

--wasm-execution Compiled

Once the blockchain has downloaded, you need to remove the above option.

Note : Since update 0.9.0, the addition of the option — wasm-execution Compiled is required, even when the blockchain is synchronized.

Command to launch the program in non-archive mode

The mode without archive is a mode where one specifies the number of blocks to keep in memory. This option is very interesting when the blockchain becomes very heavy; however, you cannot switch from archive mode to without archive and vice versa: you will have to redownload the whole blockchain.

Here is a detailed command to launch polkadot in validator mode in non-archive mode:

polkadot \
--validator \
--chain kusama \
--name 'gtstaking' \
--unsafe-pruning \
--pruning=100000

- unsafe-pruning - pruning = 100000 : specifies the mode without archive and the number of blocks to keep in memory.

Here the program will download the blockchain starting from 0 but keeping only 100,000 blocks in memory.

Run the program in the background

Currently your validator is working. However, if you want to do something else or log out, the program will stop. To run the program in the background, there are 2 solutions:

  • The screen tool: for beginners.
  • systemd: for those who are more comfortable with Linux.

It’s up to you to choose one of the two options.

Screen

The screen tool installed in the prerequisites is an application which divides a physical terminal into several virtual sessions. The goal is that the program still works when you leave the session.

The advantage of screen:

  • Be able to see the program logs directly
  • Is easy to use for beginners.

Inconveniences of screen:

  • In case of reboot, the sessions must be recreated
  • Your orders are not saved
  • Risks of corrupting the database in the event of a forced reboot or if the program is violently stopped

Here is the command to create your session

screen -S session

You have just entered the session.
Type your polkadot command and hit enter.

To exit the session: Ctrl + a then d
To list the sessions: screen -ls
To enter a session: screen -dr session

Systemd

Systemd allows to run a program with specific options (user, groups, options, etc …) as a background service.

Advantage of systemd:

  • Allows you to start, stop or restart the service in a single command
  • Keeps in memory the configuration of our service
  • Allows to launch the service (the program therefore) automatically
  • The configuration of the service is extremely complete

Cons of systemd:

  • Complex to use and configure for beginners
  • Requires sudo

Create the mynode.service service file :

sudo nano /etc/systemd/system/mynode.service

Then enter the configuration below :

[Unit]
Description=Kusama validator

[Service]
User=gtstaking
Group=gtstaking
ExecStart=/usr/bin/polkadot \
--validator \
--chain kusama \
--name 'gtstaking' \
--unsafe-pruning \
--pruning=100000
Restart=always
RestartSec=120

[Install]
WantedBy=multi-user.target

Then, CTRL + C then YES to save the file.
Reload the deamon, launch and check the status of the service:

sudo systemctl daemon-reload
sudo systemctl start mynode.service
sudo systemctl status mynode.service

The mynode.service service must be ACTIVE.

You can view the program logs with the command below:

journalctl -fn 50 -u mynode.service

Nice ! Your node is functional! 🎉

Note: the chain blocks can be found in ~ .local /share/polkadot/chain/ksmcc3/db

Other useful options and commands of Polkadot

To add its node to a telemetry:

--telemetry-url 'wss://telemetry.polkadot.io/submit/ 1'

To purge, delete the chain (here Kusama):

polkadot purge-chain --chain kusama

Update Polkadot

To be notified of the latest polkadot updates, you can set up an automatic email on GitHub in Notification> Custom> Releases.

To update the program, you need to use the command as below :

sudo apt update && sudo apt upgrade polkadot -y

Then if you are using screen, in the virtual terminal, stop the program with Ctrl + C.
Press the ⬆️ key on your keyboard to retrieve your old order and hit ENTER.

If you are using systemd:

sudo systemctl restart mynode.service

And check the status of the service and the logs that everything is working fine and is up to date. (see systemd part)

The Polkadot program is relaunched and up to date.

Setting up the firewall

The firewall will allow us to open only the ports used by our node with UFW.

Start by activating the firewall (sudo or the root user is required for this part)

sudo ufw enable

Then we will allow ssh access (port 22) to be able to connect to our server afterwards and the 3033 in TCP which is used by Polkadot.

sudo ufw allow ssh
sudo ufw allow 3033/tpc

Then we will apply these changes with the following command :

sudo /etc/init.d/ufw restart

Here the UFW service is restarting and has just applied our rules.

Convenient linux commands

Here is a list of handy Linux commands.

To know the size of the files and folder where you are :

du --max-depth=1 -h

To find out the free space of your disks :

df -h

To know the state of your RAM and CPU :

htop

The guide is finished! Please feel free to send me your feedback! 😋

📩 Nominate my validator on Kusama ! : DxErsWqBducKTqxq7dwXKk2kevAzWEWaYJjwtwzqCu2r3F4

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
GTStaking

GTStaking

Validator on Kusama. We are new in the field of blockchain.