Set up a node on Polkadot or Kusama
Here is a simple guide to set up a Polkadot or Kusama node on a Debian 10 Linux machine.
We will detail here the security for a secure SSH connection to our node, the implementation of kusama / polkadot, the management of updates as well as useful commands.
The prerequisites for running a node depend first of all on the network where the node is going to operate, indeed, Kusama requires less resources than Polkadot, so I’ll let you see on the official Polkadot and Kusama wiki.
Note : Polkadot and Kusama do not support multi-thearding. Therefore, the power of the CPU cores will be more important than the number of cores.
Before renting your dedicated server, it is important to create your public and private SSH keys to be able to communicate with your server as it will be requested when you order.
On your computer, open your terminal (for Windows, use Powershell) and type the following command :
ssh-keygen -t rsa -b 4096
Enter the name of the key. Leave blank if you want to leave it as default. Then, you can specify a passphrase (password) for the key: leave empty so as not to put any and confirm.
Enter file in which to save the key (/home/gauth8z/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_ras
Your public key has been saved in id_ras.pub
The key fingerprint is:
The key's randomart image is:
| .. |
| .+. |
|++*o. . |
|*B++ .. S |
|B+Eoo . . |
|o*Xoo. o |
|+=oOo . |
If you left everything by default, your SSH key was therefore in the .ssh folder of your home directory.
Note : a folder having a dot before their name is considered hidden.
Go to the directory of your SSH keys and list them.
ls -lsa-rw------- 1 gtstaking gtstaking 3434 avril 21 2020 id_rsa
-rw-rw-r-- 1 gtstaking gtstaking 739 avril 5 2020 id_rsa.pub
You have generated 2 keys:
- A public (id_rsa.pub)
- A private (id_rsa)
These two keys are related to each other. It is only by presenting the private key to the public key that it is possible to connect to our server.
These 2 files are to be duplicated in a safe place. If you lose the keys you “lose access” to your server.
When ordering your server, you must specify your public SSH key. You can display its contents by typing the following command :
First connection to the server
Still on our terminal, we are going to connect to our server with the root user. Note that at OVHcloud, it is the debian user that must be entered.
System update and installation of prerequisites
Update your debian 10 server
apt update && apt upgrade
Then install the software required for the suite which will be useful to you
apt install curl ufw htop screen sudo
Creating a user
You are currently using a user (root or debian) on the server who is considered Administrator or Superuser of the machine, which is very dangerous.
You will create and use, for the following, a secondary user.
No password and will use the same ssh key as for the root user.
This will be the user you use to run the Polkadot / Kusama program.
Here is the command to create the user :
useradd -m -d /home/gtstaking -s /bin/bash gtstaking
Replace gtstaking with the username of your choice, of course. As root, authenticate and go to your home directory.
Then create the .ssh folder and change the rights.
chmod 700 .ssh
Then, in the .ssh folder, create an authorized_keys file.
Then paste the contents of the public ssh key. Then Ctrl + x and y to quit and save.
Change the file’s permission as below.
chmod 600 authorized_keys
Finally, log out of your user to return to root :
Add superuser rights (optional)
The created gtstaking user does not have superuser rights. Therefore, in case of maintenance, it may be interesting to have them.
To add a user, as a super user, we add the user gtstaking to the sudo group.
Note : The command below runs as the root user.
usermod -aG sudo gtstaking
Then we will allow the gtstaking user to use sudo without being asked for the user password.
In this file, add the following line at the end
gtstaking ALL=(ALL) NOPASSWD:ALL
Save and exit.
Installation and configuration of Polkadot / Kusama
Start by logging in with the gtstaking user.
Or, if you have logged out of the machine :
For the installation go to the guide of the README.md file of the github polkadot
Here is the command to add the Polkadot program to your repositories and install it.
# Import the email@example.com GPG key
gpg --recv-keys --keyserver hkps://keys.mailvelope.com 9D4B2B6EB8F97156D19669A9FF0812D491B96798
gpg --export 9D4B2B6EB8F97156D19669A9FF0812D491B96798 > /usr/share/keyrings/parity.gpg
# Add the Parity repository and update the package index
echo 'deb [signed-by=/usr/share/keyrings/parity.gpg] https://releases.parity.io/deb release main' > /etc/apt/sources.list.d/parity.list
# Install the `parity-keyring` package - This will ensure the GPG key
# used by APT remains up-to-date
apt install parity-keyring
# Install polkadot
apt install polkadot
The commands will do:
- Add the Polkadot program to the repositories
- Update ResponsesInstall parity-keyring and Polkadot
- Create a polkadot user (which will not be useful to us here)
To check the correct installation of the program, you can display the polkadot version with the command below :
Command to start the program in archive mode
Here is a detailed command to launch its node as a validator in archive mode
--chain kusama \
--name 'gtstaking' \
- polkadot: launch polkadot / kusama
- validator: indicates that we are launching our node in validator mode
- chain kusama: We specify the blockchain. Not specifying this option is equivalent to choosing Polkadot.
- name gtstaking: indicate the name of your node
- pruning = archive
Here the node will download the whole blockchain, which takes a long time depending on the power of your CPU cores and internet speed.To be able to accelerate the download speed, add the following option:
Once the blockchain has downloaded, you need to remove the above option.
Note : Since update 0.9.0, the addition of the option — wasm-execution Compiled is required, even when the blockchain is synchronized.
Command to launch the program in non-archive mode
The mode without archive is a mode where one specifies the number of blocks to keep in memory. This option is very interesting when the blockchain becomes very heavy; however, you cannot switch from archive mode to without archive and vice versa: you will have to redownload the whole blockchain.
Here is a detailed command to launch polkadot in validator mode in non-archive mode:
--chain kusama \
--name 'gtstaking' \
- unsafe-pruning - pruning = 100000 : specifies the mode without archive and the number of blocks to keep in memory.
Here the program will download the blockchain starting from 0 but keeping only 100,000 blocks in memory.
Run the program in the background
Currently your validator is working. However, if you want to do something else or log out, the program will stop. To run the program in the background, there are 2 solutions:
- The screen tool: for beginners.
- systemd: for those who are more comfortable with Linux.
It’s up to you to choose one of the two options.
The screen tool installed in the prerequisites is an application which divides a physical terminal into several virtual sessions. The goal is that the program still works when you leave the session.
The advantage of screen:
- Be able to see the program logs directly
- Is easy to use for beginners.
Inconveniences of screen:
- In case of reboot, the sessions must be recreated
- Your orders are not saved
- Risks of corrupting the database in the event of a forced reboot or if the program is violently stopped
Here is the command to create your session
screen -S session
You have just entered the session.
Type your polkadot command and hit enter.
To exit the session: Ctrl + a then d
To list the sessions: screen -ls
To enter a session: screen -dr session
Systemd allows to run a program with specific options (user, groups, options, etc …) as a background service.
Advantage of systemd:
- Allows you to start, stop or restart the service in a single command
- Keeps in memory the configuration of our service
- Allows to launch the service (the program therefore) automatically
- The configuration of the service is extremely complete
Cons of systemd:
- Complex to use and configure for beginners
- Requires sudo
Create the mynode.service service file :
sudo nano /etc/systemd/system/mynode.service
Then enter the configuration below :
--chain kusama \
--name 'gtstaking' \
Then, CTRL + C then YES to save the file.
Reload the deamon, launch and check the status of the service:
sudo systemctl daemon-reload
sudo systemctl start mynode.service
sudo systemctl status mynode.service
The mynode.service service must be ACTIVE.
You can view the program logs with the command below:
journalctl -fn 50 -u mynode.service
Nice ! Your node is functional! 🎉
Note: the chain blocks can be found in ~ .local /share/polkadot/chain/ksmcc3/db
Other useful options and commands of Polkadot
To add its node to a telemetry:
--telemetry-url 'wss://telemetry.polkadot.io/submit/ 1'
To purge, delete the chain (here Kusama):
polkadot purge-chain --chain kusama
To be notified of the latest polkadot updates, you can set up an automatic email on GitHub in Notification> Custom> Releases.
To update the program, you need to use the command as below :
sudo apt update && sudo apt upgrade polkadot -y
Then if you are using screen, in the virtual terminal, stop the program with Ctrl + C.
Press the ⬆️ key on your keyboard to retrieve your old order and hit ENTER.
If you are using systemd:
sudo systemctl restart mynode.service
And check the status of the service and the logs that everything is working fine and is up to date. (see systemd part)
The Polkadot program is relaunched and up to date.
Setting up the firewall
The firewall will allow us to open only the ports used by our node with UFW.
Start by activating the firewall (sudo or the root user is required for this part)
sudo ufw enable
Then we will allow ssh access (port 22) to be able to connect to our server afterwards and the 3033 in TCP which is used by Polkadot.
sudo ufw allow ssh
sudo ufw allow 3033/tpc
Then we will apply these changes with the following command :
sudo /etc/init.d/ufw restart
Here the UFW service is restarting and has just applied our rules.
Convenient linux commands
Here is a list of handy Linux commands.
To know the size of the files and folder where you are :
du --max-depth=1 -h
To find out the free space of your disks :
To know the state of your RAM and CPU :
The guide is finished! Please feel free to send me your feedback! 😋
📩 Nominate my validator on Kusama ! : DxErsWqBducKTqxq7dwXKk2kevAzWEWaYJjwtwzqCu2r3F4