- Poa Https Ceremony.poa.network Just-generate-keys Form
- Poa Https Ceremony.poa.network Just-generate-keys Account
This shows a list of users that have any event keys / associated mailbox items. The user will be shown in the list only if the user has received an event (new mail, calendar or created a new contact) since the POA was restarted. If there has been no events for the user since the last restart of the POA, the user will not be shown in the list.
Setting up Non-AWS VM for Validator Node Deployment
Last Updated: 2018/02/01
Changelog:
- 2018/02/01: Add instructions to set validator metadata.
- 2018/01/28: Add instructions to recommend creating a local Ansible Control Station user, clarify where to collect AWS Node IP info, add more info and correct a few typos.
- 2017/12/27: Add info about Sokol testnet
- 2017/12/21: Rewrite part about security groups (how to close access). Add description of the option to use elastic IP.
MoC: Master of Ceremony Key Exchange & Generation
- Start Chrome
- Connect to the desired network in MetaMask by selecting the
Network
dropdown menu on MetaMask and addCustom RPC
with the following endpoints.
- Core Network:
https://core.poa.network
- Sokol Test Network:
https://sokol.poa.network
- Upload your initial key to MetaMask that MoC has supplied you using the password provided.
- Navigate your chrome browser to https://ceremony.poa.network/
- Make sure you have your
Initial Key
supplied by MoC, selected in MetaMask.
- Click 'Generate keys', confirm transaction.
- ATTENTION: This next part is VERY important and must be done correctly in order to be able to participate in the consensus immediately, follow directions below BEFORE closing out of the browser window. Open up a Notepad and copy required info as follows.
- Click the
Copy
Button next to eachAddress
. Mining, Payout, Voting. Paste them separately in the Notepad. - Click the
Copy
Button next to eachPassword
, matching to resulting address in the Notepad. Mining, Payout, Voting. - Finally, Click Button to download the JSON Keystore files for each key and keep the Notepad file & all 3 keys + initial key somewhere safe.
NOTE
Preferred method to store the keyfiles and information is to store on an encrypted drive. e.g. usb drive
If you go this route, please do not forget your password for the encryption as you will lose your data and will have to get your old keys voted out and new ones voted in if any issue happens with the validator's node.
After Ceremony Stage: Validators vote in new validators
After the initial ceremony stage, it's time for the initial set of validators to vote in new validators using the POA Voting Dapp. One validator will create a Ballot for each of the needed keys to participate and each validator will cast their own vote minus the MoC, who is not allowed to vote on consensus level. It has been agreed upon by the POA network that the next stage would end with 25 Validators on the Core network. This number may change in the future and can have any amount one desires, this would likely be proposed by a ballot to increase.
Before the ballot can be proposed, the applicant would need to generate 3 separate key pairs with passwords & JSON keyfiles. There is a very simple method of doing this, see below.
- Simply go to this URL in your browser to generate 3 key/pass pairs with needed keyfiles.
- ATTENTION: This next part is VERY important and must be done correctly in order to be able to participate in the consensus immediately, follow directions below BEFORE closing out of the browser window. Open up a Notepad and copy required info as follows.
- Click the
Copy
Button next to eachAddress
. Mining, Payout, Voting. Paste them separately in the Notepad. - Click the
Copy
Button next to eachPassword
, matching to resulting address in the Notepad. Mining, Payout, Voting. - Finally, Click Button to download the JSON Keystore files for each key and keep the Notepad file & all 3 keys + initial key somewhere safe.
NOTE
Preferred method to store the keyfiles and information is to store on an encrypted drive. e.g. usb drive. If you go this route, please do not forget your password for the encryption as you will lose your data and will have to get your old keys voted out and new ones voted in if any issue happens with the validator's node.
After you have successfully deployed your node, Submit your Validator MetaData
- Follow the guide on how to Update Validator MetaData.
Local/Remote Machine System Requirements
Remote Machine Minimum System Requirements
- Ubuntu 16.04 Image
- Minimum 1 CPU
- Minimum 1GB Memory
- Anything > 4GB will be good, but may need to be upgraded in the future
Control Machine Dependencies
- Linux Based Bash Terminal
- Python 2 (v2.6-v2.7)/Python3 (v3.5+)
- Ansible v2.3+
- Git
Getting Started
Poa Https Ceremony.poa.network Just-generate-keys Form
Log into your Cloud Dashboard and deploy a new node with a minimum of 1 CPU, 1GB (1024Mb) Memory & at least 4GB Hard Drive Capacity (This may need to be upgraded in future). This guide will be using
ubuntu
as the username, use the default or replace with your sudo
username.- If prompted to create new user during deployment, do so and skip the section about adding new user.
- If prompted to add SSH Key for your new user, follow the steps below to generate your SSH Key and follow directions how to add to deployment.
Generating SSH Key
- On your local control machine, open a terminal and generate your SSH key. It is recommended to use a different SSH Key for each POA network, key for
core
& key forsokol
. We can set a parameter in ansible inventory script to use the specific key.Enter a STRONG password (write it down) and save the key as something memorable, enter complete path to key to save as custom name, replacinguser
with your current local user. e.g. below
- This will save 2 files, .pub will be your public key and the other is your private key. Private SSH key stays on your local machine and Public key gets copied to remote machines you want access to.
Add User with Sudo Privileges
- SSH into Remote Node using the root password provided by cloud service (either by web portal or email) or using the SSH key supplied during deployment. If you already have
sudo
user, replaceroot
with your user and skip the next two steps.
Azure users will not have access to their root account by default, use your sudo user and skip to next section after connecting. - Logged in as
root
add user and grant sudo privileges. It is recommended to use default userubuntu
.
- Enter a STRONG password to protect the user and you can leave the next 5 fields blank. Confirm the information is correct. We will be using a parameter to ask
sudo
pass during ansible deployment.
- Grant user
ubuntu
sudo privileges
Your Non-AWS node is now ready for configuration using ansible-playbook provided by POA. Please follow the directions below to obtain the
deployment-playbooks
required to configure network node.Configure node with Deployment-playbook
To run playbook you will need a user on the server with
sudo
privileges and who can be logged in via SSH public key. By default it is assumed that this user is called ubuntu
. If you already have a user with different name who satisfies these requirements, at the top of site.yml
in -hosts: all
section change line user: ubuntu
to the sudo
user you haveNOTE: Playbook will additionally create a new unprivileged user named
validator
and add your ssh public key to root
account.- Clone repository with ansible playbooks and checkout branch with the network name you want to join (e.g.
core
for mainnet andsokol
for testnet)
![Ceremony.poa.network Ceremony.poa.network](/uploads/1/2/6/0/126071700/498086502.png)
- two files with ssh public key need to be created for ansible playbook to configure node correctly, use the path to your desired key.
- create configuration file
Poa Https Ceremony.poa.network Just-generate-keys Account
- edit the
group_vars/all
file and comment out parameters corresponding to aws:
- set values given to you by Master of Ceremony for the following parameters in
group_vars/all
:
NODE_FULLNAME
- your real name (will be visible to other mebers of the network)NODE_ADMIN_EMAIL
- your public email address (will be visible to other members of the network)MINING_KEYFILE
- insert content of your mining keystore json file. Resulting value should be enclosed in single quotes and look similar to this:MINING_KEYFILE: '{'address':'...'}'
MINING_ADDRESS
- insert your mining key address, e.g.MINING_ADDRESS: '0x...'
MINING_KEYPASS
- insert your mining key password
- set values given to you by Master of Ceremony for the following parameters in
group_vars/all
:
NETSTATS_SERVER
NETSTATS_SECRET
- set the following options as follows in
group_vars/all
:
Double check that
allow_validator_ssh
istrue
otherwise you won't be able to connect to the node.- create file
hosts
with the server's ip address (e.g. 192.0.2.1):
- run ansible playbook, replace the
--key-file
path with your desired SSH key
- open
NETSTATS_SERVER
url in the browser and check that the node namedNODE_FULLNAME
appeared in the list - NOTE skip this step if you are deploying your node to CORE network. You should not make your
enode
public as it will make your validator node an easy target for denial of service attacks.If you are deploying on a testnet (sokol), follow the steps below:login to the node and get enode from parity logs:
Without access toroot
you can usesudo
user instead, appendsudo
in front of commands after connecting to remote machine
copy
enode
uri and send it to Master of Ceremony. If this line is not found, restart parityand try again. If
enode
uri is still not found, use the commands below to restart all services.NOTE if after parity restart you notice that on
NETSTATS_SERVER
url your node starts to fall behind other nodes (block number is less than on other nodes), try to restart statistics service (assuming you are connected as root
):after that refresh
Without access to
NETSTATS_SERVER
url and check your node's block number. If your node is still not active or missing enode
, log in to root account and reboot.Without access to
root
you can use sudo
user instead, append sudo
in front of commands after connecting to remote machine