Alejandro Lopez
df9e099fa7
All checks were successful
ci/woodpecker/push/pre-commit Pipeline was successful
Signed-off-by: Alejandro Lopez <a.lopez@yadro.com>
211 lines
7.2 KiB
Markdown
211 lines
7.2 KiB
Markdown
# Step-by-step private FrostFS deployment
|
|
|
|
This is a short guide on how to deploy a private FrostFS storage network on bare
|
|
metal without docker images. This guide does not cover details on how to start
|
|
consensus, Alphabet, or Storage nodes. This guide covers only `frostfs-adm`
|
|
related configuration details.
|
|
|
|
## Prerequisites
|
|
|
|
To follow this guide you need:
|
|
- latest released version of [neo-go](https://github.com/nspcc-dev/neo-go/releases) (v0.97.2 at the moment),
|
|
- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases) utility (v0.25.1 at the moment),
|
|
- latest released version of compiled [frostfs-contract](https://github.com/TrueCloudLab/frostfs-contract/releases) (v0.11.0 at the moment).
|
|
|
|
## Step 1: Prepare network configuration
|
|
|
|
To start a network, you need a set of consensus nodes, the same number of
|
|
Alphabet nodes and any number of Storage nodes. While the number of Storage
|
|
nodes can be scaled almost infinitely, the number of consensus and Alphabet
|
|
nodes can't be changed so easily right now. Consider this before going any further.
|
|
Note also that there is an upper limit on the number of alphabet nodes (currently 22).
|
|
|
|
It is easier to use`frostfs-adm` with a predefined configuration. First, create
|
|
a network configuration file. In this example, there is going to be only one
|
|
consensus / Alphabet node in the network.
|
|
|
|
```
|
|
$ frostfs-adm config init --path foo.network.yml
|
|
Initial config file saved to foo.network.yml
|
|
|
|
$ cat foo.network.yml
|
|
rpc-endpoint: https://neo.rpc.node:30333
|
|
alphabet-wallets: /home/user/deploy/alphabet-wallets
|
|
network:
|
|
max_object_size: 67108864
|
|
epoch_duration: 240
|
|
basic_income_rate: 0
|
|
fee:
|
|
audit: 0
|
|
candidate: 0
|
|
container: 0
|
|
withdraw: 0
|
|
credentials:
|
|
az: hunter2
|
|
```
|
|
|
|
For private installation, it is recommended to set all **fees** and **basic
|
|
income rate** to 0.
|
|
|
|
As for **epoch duration**, consider consensus node block generation frequency.
|
|
With default 15 seconds per block, 240 blocks are going to be a 1-hour epoch.
|
|
|
|
For **max object size**, 67108864 (64 MiB) or 134217728 (128 MiB) should provide
|
|
good chunk distribution in most cases.
|
|
|
|
With this config, generate wallets (private keys) of consensus nodes. The same
|
|
wallets will be used for Alphabet nodes. Make sure, that dir for alphabet
|
|
wallets already exists.
|
|
|
|
```
|
|
$ frostfs-adm -c foo.network.yml morph generate-alphabet --size 1
|
|
size: 1
|
|
alphabet-wallets: /home/user/deploy/alphabet-wallets
|
|
wallet[0]: hunter2
|
|
```
|
|
|
|
Do not lose wallet files and network config. Store it in an encrypted backed up
|
|
storage.
|
|
|
|
## Step 2: Launch consensus nodes
|
|
|
|
Configure blockchain nodes with the generated wallets from the previous step.
|
|
Config examples can be found in
|
|
[neo-go repository](https://github.com/nspcc-dev/neo-go/tree/master/config).
|
|
|
|
Gather public keys from **all** generated wallets. We are interested in the first
|
|
`simple signature contract` public key.
|
|
|
|
```
|
|
$ neo-go wallet dump-keys -w alphabet-wallets/az.json
|
|
NitdS4k4f1Hh5mbLJhAswBK3WC2gQgPN1o (simple signature contract):
|
|
02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
|
|
|
|
NiMKabp3ddi3xShmLAXhTfbnuWb4cSJT6E (1 out of 1 multisig contract):
|
|
02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
|
|
|
|
NiMKabp3ddi3xShmLAXhTfbnuWb4cSJT6E (1 out of 1 multisig contract):
|
|
02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
|
|
```
|
|
|
|
Put the list of public keys into `ProtocolConfiguration.StandbyCommittee`
|
|
section. Specify the wallet path and the password in `ApplicationConfiguration.P2PNotary`
|
|
and `ApplicationConfiguration.UnlockWallet` sections. If config includes
|
|
`ProtocolConfiguration.NativeActivations` section, add notary
|
|
contract `Notary: [0]`.
|
|
|
|
```yaml
|
|
ProtocolConfiguration:
|
|
StandbyCommittee:
|
|
- 02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
|
|
NativeActivations:
|
|
Notary: [0]
|
|
ApplicationConfiguration:
|
|
P2PNotary:
|
|
Enabled: true
|
|
UnlockWallet:
|
|
Path: "/home/user/deploy/alphabet-wallets/az.json"
|
|
Password: "hunter2"
|
|
UnlockWallet:
|
|
Path: "/home/user/deploy/alphabet-wallets/az.json"
|
|
Password: "hunter2"
|
|
```
|
|
|
|
Then, launch consensus nodes. They should connect to each other and start
|
|
producing blocks in consensus. You might want to deploy additional RPC
|
|
nodes at this stage because Storage nodes should be connected to the chain too.
|
|
It is not recommended to use a consensus node as an RPC node due to security policies
|
|
and possible overload issues.
|
|
|
|
## Step 3: Initialize sidechain
|
|
|
|
Use archive with compiled FrostFS contracts to initialize the sidechain.
|
|
|
|
```
|
|
$ tar -xzvf frostfs-contract-v0.11.0.tar.gz
|
|
|
|
$ ./frostfs-adm -c foo.network.yml morph init --contracts ./frostfs-contract-v0.11.0
|
|
Stage 1: transfer GAS to alphabet nodes.
|
|
Waiting for transactions to persist...
|
|
Stage 2: set notary and alphabet nodes in designate contract.
|
|
Waiting for transactions to persist...
|
|
Stage 3: deploy NNS contract.
|
|
Waiting for transactions to persist...
|
|
Stage 4: deploy FrostFS contracts.
|
|
Waiting for transactions to persist...
|
|
Stage 4.1: Transfer GAS to proxy contract.
|
|
Waiting for transactions to persist...
|
|
Stage 5: register candidates.
|
|
Waiting for transactions to persist...
|
|
Stage 6: transfer NEO to alphabet contracts.
|
|
Waiting for transactions to persist...
|
|
Stage 7: set addresses in NNS.
|
|
Waiting for transactions to persist...
|
|
NNS: Set alphabet0.frostfs -> f692dfb4d43a15b464eb51a7041160fb29c44b6a
|
|
NNS: Set audit.frostfs -> 7df847b993affb3852074345a7c2bd622171ee0d
|
|
NNS: Set balance.frostfs -> 103519b3067a66307080a66570c0491ee8f68879
|
|
NNS: Set container.frostfs -> cae60bdd689d185901e495352d0247752ce50846
|
|
NNS: Set frostfsid.frostfs -> c421fb60a3895865a8f24d197d6a80ef686041d2
|
|
NNS: Set netmap.frostfs -> 894eb854632f50fb124412ce7951ebc00763525e
|
|
NNS: Set proxy.frostfs -> ac6e6fe4b373d0ca0ca4969d1e58fa0988724e7d
|
|
Waiting for transactions to persist...
|
|
```
|
|
|
|
## Step 4: Launch Alphabet nodes
|
|
|
|
Configure Alphabet nodes with the wallets generated in step 1. For
|
|
`morph.validators` use a list of public keys from
|
|
`ProtocolConfiguration.StandbyCommittee`.
|
|
|
|
```yaml
|
|
wallet:
|
|
path: "/home/user/deploy/alphabet-wallets/az.json"
|
|
password: "hunter2"
|
|
account: "NitdS4k4f1Hh5mbLJhAswBK3WC2gQgPN1o"
|
|
|
|
morph:
|
|
validators:
|
|
- 02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
|
|
|
|
contracts:
|
|
alphabet:
|
|
amount: 1
|
|
```
|
|
|
|
## Step 4: Launch Storage node
|
|
|
|
Generate a new wallet for a Storage node.
|
|
|
|
```
|
|
$ frostfs-adm -c foo.network.yml morph generate-storage-wallet --storage-wallet ./sn01.json --initial-gas 10.0
|
|
New password >
|
|
Waiting for transactions to persist...
|
|
|
|
$ neo-go wallet dump-keys -w sn01.json
|
|
Ngr7p8Z9S22XDH6VkUG9oXobv8zZRAWwwv (simple signature contract):
|
|
0355eccb72cd46f09a3e5237eaa0f4949cceb5ecfa5a225bd3bb9fd021c4d75b85
|
|
```
|
|
|
|
Configure the Storage node to use this wallet.
|
|
|
|
```
|
|
node:
|
|
wallet:
|
|
path: "/home/user/deploy/sn01.json"
|
|
address: "Ngr7p8Z9S22XDH6VkUG9oXobv8zZRAWwwv"
|
|
password: "foobar"
|
|
```
|
|
|
|
The storage node will be included in the network map in the next FrostFS epoch. To
|
|
speed up this process, you can increment epoch counter immediately.
|
|
|
|
```
|
|
$ frostfs-adm -c foo.network.yml morph force-new-epoch
|
|
Current epoch: 8, increase to 9.
|
|
Waiting for transactions to persist...
|
|
```
|
|
|
|
---
|
|
|
|
After that, FrostFS Storage is ready to work. You can access it directly or
|
|
with protocol gates.
|