Versions Compared

Old Version 9

changes.mady.by.user Nathan Bode

Saved on

compared with

New Version 10

changes.mady.by.user Nathan Bode

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Page Tree
expandCollapseAlltrue
rootSecure and Super Nodes

Ensure you are logged in as the non-root user being used to run zend and the node tracker

  • Install packages from the official guide
  • Stop tracker with pm2
  • Create systemd unit the node tracker
  • Start tracker with systemd
  • Stop zend with monit
  • Create systemd unit for zend
  • Start zend with systemd
  • Check status of zend and zentracker
  • Enable service units at boot
  • Ensure Firewall is monitored by systemd
  • Kill and remove pm2
  • Remove and purge monit
  • acme.sh - Migration to certbot



DescriptionCommand
1

Install packages for ssl-cert and certbot and ensure other packages are installed from the official guide


Code Block
sudo apt-get install build-essential software-properties-common apt-transport-https lsb-release dirmngr pwgen ssl-cert git jq ufw curl -y


2Update the package cache


Code Block
sudo apt-get update -y


3

Install curl and add the nodejs repository and update the package cache


NOTE: Skip this step for Ubuntu

Debian 9 only

Code Block
sudo apt-get install curl -y
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get update -y


4Install npm, upgrading it to the latest version


Code Block
sudo apt-get install npm -y && sudo npm install -g n && sudo n latest


5

Stop the node tracker


NOTE: If for some reason you have more than one tracker running in pm2, you may have to change "0" to the number that corresponds with your tracker, and stop those as well. You can get a listing of the numbers from running: pm2 list


Code Block
pm2 stop 0


6<INSERT STEPS TO MIGRATE AND UPGRADE NODE TRACKER>
7

Create a systemd unit file for the Node Tracker, copy and paste the entire block of text


Code Block
echo "\
[Unit]
Description=ZenCash node daemon installed on ~/nodetracker/ 
Requires=zend.service
After=zend.service

[Service]
User=$USER
Type=simple
WorkingDirectory=/home/$USER/nodetracker/
ExecStart=/usr/local/bin/node /home/$USER/nodetracker/app.js
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target" | sudo tee /lib/systemd/system/zentracker.service


8Test the tracker unit file


Code Block
sudo systemctl start zentracker


9Follow the tracker output log to check everything looks OK, if all appears fine, exit with CTRL+c


Code Block
sudo journalctl -fu zentracker



Panel
borderColorgrey
bgColorblack
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleExample Output

zenops@zsec01~$ zenops@node01~$ sudo journalctl -fu zentracker
-- Logs begin at Tue 2018-05-22 12:54:41 EDT. --
May 24 21:34:28 zsec01 node01 node[42000]: 2018-05-25 01:34:28 GMT -- Connected to server ts1.na. Initializing...
May 24 21:34:28 zsec01 node01 node[42000]: Secure Node t_address (not for stake)=znXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
May 24 21:34:28 zsec01 node01 node[42000]: Balance for challenge transactions is 0.0247
May 24 21:34:28 zsec01 node01 node[42000]: Using the following address for challenges
May 24 21:34:28 zsec01 node01 node[42000]: zcXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
May 24 21:34:29 zsec01 node01 node[42000]: 2018-05-25 01:34:29 GMT -- Authenticated
May 24 21:34:29 zsec01 node01 node[42000]: 2018-05-25 01:34:29 GMT -- Updated server list
May 24 21:34:29 zsec01 node01 node[42000]: 2018-05-25 01:34:29 GMT -- Stats: send initial stats.
May 24 21:34:29 zsec01 node01 node[42000]: 2018-05-25 01:34:29 GMT -- Stats received by ts1.na
May 24 21:34:29 zsec01 node01 node[42000]: 2018-05-25 01:34:29 GMT -- Cert check: valid=true. Hostname zsec01node01.zentest.win
matches CN zsec01node01.zentest.win


10

Stop zend with monit, then stop monit. Both commands are shown to stop via systemctl and sysinit (only one should be needed, but both are here for completeness)


Code Block
sudo monit stop zend && sleep 8
sudo systemctl stop monit
sudo service monit stop


11Create a systemd unit file for zend, copy and paste the entire block of text


Code Block
echo "\
[Unit]
Description=ZenCash daemon

[Service]
User=$USER
Type=forking
ExecStart=/usr/bin/zend -daemon -pid=/home/$USER/.zen/zend.pid
PIDFile=/home/$USER/.zen/zend.pid
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target" | sudo tee /lib/systemd/system/zend.service


12Test the zend unit file


Code Block
sudo systemctl start zend


13

Check the status of both zend and the tracker, both should return active (running), exit with CTRL+c


Code Block
sudo systemctl status zend zentracker



Panel
borderColorgrey
bgColorblack
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleExample Output

zenops@zsec01zenops@node01:~$ sudo systemctl status zend
 zend.service - ZenCash daemon
Loaded: loaded (/lib/systemd/system/zend.service; disabled; vendor preset: enabled)
Active: active (running) since Thu 2018-05-24 22:31:30 EDT; 34s ago
Process: 21612 ExecStart=/usr/bin/zend -daemon -pid=/home/zenops/.zen/zend.pid (code=exited, status=0/SUCCESS)
Main PID: 21615 (zend)
Tasks: 16
Memory: 810.0M
CPU: 18.963s
CGroup: /system.slice/zend.service
└─21615 /usr/bin/zend -daemon -pid=/home/zenops/.zen/zend.pid

May 24 22:31:30 zsec01 node01 systemd[1]: Started ZenCash daemon.

 zentracker.service - ZenCash node daemon installed on ~/nodetracker/

Loaded: loaded (/lib/systemd/system/zentracker.service; disabled; vendor preset: enabled)
Active: active (running) since Thu 2018-05-24 21:34:27 EDT; 1h 1min ago
Main PID: 19648 (node)
Tasks: 10
Memory: 38.9M
CPU: 4.110s
CGroup: /system.slice/zentracker.service
└─19648 /usr/local/bin/node /home/zenops/nodetracker/app.js

May 24 22:10:28 zsec01 node01 node[42000]: 2018-05-25 02:10:28 GMT -- Stat check: connected to:ts1.na blocks:313150 peers:8 bal:0.0247 isValidBal:true queueDepth:0 lastChalBlock:312579 lastExecSec:170.77
May 24 22:10:28 zsec01 node01 node[42000]: 2018-05-25 02:10:28 GMT -- Stats received by ts1.na


14If both work correctly, enable them at boot


Code Block
sudo systemctl enable zend zentracker


15

Use systemctl to enable the firewall

NOTE: Many guides lacked enabling this under systemctl

If the firewall is not installed, see: Part 5 - Securing the Host


Code Block
sudo ufw -f enable
sudo systemctl start ufw
sudo systemctl enable ufw
sudo systemctl status ufw



Panel
borderColorgrey
bgColorblack
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleExample Output

zenops@zsec01zenops@node01:~$ sudo systemctl status ufw
[sudo] password for zenops:
ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2018-05-26 16:03:39 EDT; 23min ago
Process: 603 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
Main PID: 603 (code=exited, status=0/SUCCESS)
Tasks: 0
Memory: 0B
CPU: 0
CGroup: /system.slice/ufw.service

May 26 16:03:39 zsec01 node01 systemd[1]: Started Uncomplicated firewall.


16Remove pm2 from startup


Code Block
sudo rm /etc/systemd/system/pm2*
sudo rm /etc/systemd/system/multi-user.target.wants/pm2*


17

Kill and remove PM2 (if all of the above executed without error)

You may see a message about updating npm, you may ignore this


Code Block
pm2 kill
sudo npm remove pm2 -g
sudo rm -r ~/.pm2



Panel
borderColorgrey
bgColorblack
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleExample Output

zenops@zsec01zenops@node01:~$ pm2 kill
[PM2] Stopping PM2...
[PM2] Applying action deleteProcessId on app [all](ids: 0)
[PM2] [securenodetracker](0) ✓
[PM2] All processes have been stopped and deleted
[PM2] PM2 stopped



Panel
borderColorgrey
bgColorblack
titleColorwhite
borderWidth2
titleBGColorblack
borderStylesolid
titleExample Output

zenops@zsec01zenops@node01:~$ sudo npm remove pm2 -g
removed 135 packages in 2.873s

╭──────────────────────────╮
........................................................................................
.............Update available 5.5.1 → 6.1.0..............
...............Run npm i -g npm to update..............
........................................................................................
╰──────────────────────────╯


18

Remove monit from startup (you may not require both commands, both are present to accommodate either systemd, or init script)

Run both commands if you're unsure of which way monit was configured


NOTE: It is expected that you will see an error if you execute the command that doesn't correspond with how monit was setup. You can safely dismiss errors from the one command of the two presented here.


Code Block
sudo systemctl disable monit
sudo update-rc.d monit remove


19

Remove and purge monit from system and remove old repositories (if all of the above executed without error)



Code Block
sudo apt-get remove monit -y
sudo apt-get purge monit -y
sudo apt-get -y autoremove
rm -rf ~/zen_node.sh


20

acme.sh - Migration to certbot



Insert excerpt
ZEN:Social Links
ZEN:Social Links
nopaneltrue