https://www.haskell.org/ghcup/ to get the lastest command line.
source $HOME/.bashrc
ghcup install ghc 8.10.7ghcup install cabal 3.6.2.0ghcup set ghc 8.10.7ghcup set cabal 3.6.2.0
echo $PATH
Output may contains this::~/.local/bin:~/.ghcup/bin:
nano $HOME/.bashrc
export PATH="~/.local/bin:~/.ghcup/bin:$PATH"
source $HOME/.bashrc
cabal --version
ghc --version
mkdir -p $HOME/srccd $HOME/srcgit clone https://github.com/input-output-hk/libsodium
cd libsodiumgit checkout 66f017f1./autogen.sh./configuremakesudo make install
sudo nano $HOME/.bashrc
export LD_LIBRARY_PATH="/usr/local/lib:$LD_LIBRARY_PATH"export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH"
source $HOME/.bashrc
mkdir -p $HOME/srccd $HOME/srcgit clone https://github.com/input-output-hk/cardano-node.git
cd $HOME/src/cardano-nodegit fetch --all --recurse-submodules --tagsgit checkout tags/1.35.0
cabal configure --with-compiler=ghc-8.10.7
echo "package cardano-crypto-praos" >> cabal.project.localecho " flags: -external-libsodium-vrf" >> cabal.project.local
cabal cleancabal update
cabal build all
mkdir -p ~/.local/bincp -p "$(./scripts/bin-path.sh cardano-node)" ~/.local/bin/cp -p "$(./scripts/bin-path.sh cardano-cli)" ~/.local/bin/
echo ;\cardano-cli --version ;\echo ;\cardano-node version
sudo nano $HOME/.bashrc
export NODE_IP="0.0.0.0"export NODE_SSH_PORT="1234"export POOL_RELAY_PORT="6000"export NODE_HOME="$HOME/cardano"export NODE_DB_PATH="${NODE_HOME}/db"export NODE_CONFIG="${NODE_HOME}/mainnet-config.json"export NODE_TOPOLOGY="${NODE_HOME}/mainnet-topology.json"# Required by cardano-nodeexport CARDANO_NODE_SOCKET_PATH="${NODE_HOME}/db/socket"alias editbash="sudo nano $HOME/.bashrc"alias sourcebash="source $HOME/.bashrc"alias nodehome="cd $NODE_HOME"alias tip="cardano-cli query tip --mainnet | jq -r '.slot'"alias liveview="$NODE_HOME/simpleLiveView/./liveview.sh"alias startnode="sudo systemctl start cardano-node"alias stopnode="sudo systemctl stop cardano-node"alias restartnode="sudo systemctl restart cardano-node"alias nodelog="sudo journalctl --unit=cardano-node --follow"alias nodestatus="sudo systemctl status cardano-node"alias metrics="curl localhost:12798/metrics"alias editconfig="sudo nano $NODE_HOME/mainnet-config.json"alias topo="cat $NODE_HOME/mainnet-topology.json"alias peerin="echo ;\echo \"PEERS IN:\" ;\echo \"CONNECTIONS IP\" ;\netstat -tn 2 | grep ${NODE_IP}:${POOL_RELAY_PORT} | awk '{print \$5}' | cut -d: -f1 | sort | uniq -c | sort -nr"alias restartchrony="sudo systemctl restart chronyd"
source $HOME/.bashrc
mkdir $NODE_HOMEcd $NODE_HOME
cd $NODE_HOMEwget https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/mainnet-config.jsonwget https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/mainnet-byron-genesis.jsonwget https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/mainnet-shelley-genesis.jsonwget https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/mainnet-alonzo-genesis.jsonwget https://hydra.iohk.io/job/Cardano/cardano-node/cardano-deployment/latest-finished/download/1/mainnet-topology.json
sed -i mainnet-config.json \ -e "s/TraceBlockFetchDecisions\": false/TraceBlockFetchDecisions\": true/g"
echo -n 0.0.0.0 > $NODE_HOME/bp-node-ip.txt
cat > $NODE_HOME/mainnet-topology.json << EOF{ "Producers": [ { "addr": "0.0.0.0", "port": ${POOL_RELAY_PORT}, "valency": 1  } ]  }EOF
cat > $NODE_HOME/mainnet-topology.json << EOF{ "Producers": [ { "addr": "$(cat $NODE_HOME/bp-node-ip.txt)", "port": ${POOL_RELAY_PORT}, "valency": 1  }, { "addr": "relays-new.cardano-mainnet.iohk.io", "port": 3001, "valency": 2  } ]  }EOF
sudo ufw allow ${NODE_SSH_PORT}/tcp
sudo ufw allow proto tcp from 1.2.3.4 to any port ${POOL_RELAY_PORT}
sudo ufw default deny incomingsudo ufw default allow outgoing
sudo ufw enable
Output:Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
sudo ufw status numbered
Output should look like thisStatus: active To Action From -- ------ ----[ 1] POOL_RELAY_PORT/tcp ALLOW IN RELAY_NODE_IP[ 2] SSH_port/tcp ALLOW IN Anywhere
sudo ufw allow ${NODE_SSH_PORT}/tcpsudo ufw allow ${POOL_RELAY_PORT}/tcpsudo ufw default deny incomingsudo ufw default allow outgoingsudo ufw enable
Output:Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
sudo ufw status numbered
Output should look like thisStatus: active To Action From -- ------ ----[ 1] SSH_port/tcp ALLOW IN Anywhere[ 2] POOL_RELAY_PORT/tcp ALLOW IN Anywhere
cat > $NODE_HOME/startCardanoNode.sh << EOF#!/bin/bash$HOME/.local/bin/cardano-node +RTS -N -RTS run \--topology ${NODE_TOPOLOGY} \--database-path ${NODE_DB_PATH} \--socket-path ${CARDANO_NODE_SOCKET_PATH} \--host-addr ${NODE_IP} \--port ${POOL_RELAY_PORT} \--config ${NODE_CONFIG}EOF
chmod +x $NODE_HOME/startCardanoNode.sh
cat > $NODE_HOME/cardano-node.service << EOF[Unit]Description = Cardano Node systemd ServiceWants = network-online.targetAfter = network-online.target[Service]Type = simpleUser = ${USER}WorkingDirectory = ${NODE_HOME}ExecStart = /bin/bash -c '${NODE_HOME}/startCardanoNode.sh'KillSignal = SIGINTRestartKillSignal = SIGINTTimeoutStopSec = 5LimitNOFILE = 32768Restart = alwaysRestartSec = 5[Install]WantedBy = multi-user.targetEOF
sudo mv $NODE_HOME/cardano-node.service /etc/systemd/system/cardano-node.servicesudo chmod 644 /etc/systemd/system/cardano-node.service
sudo systemctl daemon-reloadsudo systemctl enable cardano-node
sudo ldconfig
sudo systemctl start cardano-node
sudo systemctl status cardano-node
🟢 cardano-node.service - Cardano Node systemd Service Loaded: loaded (/etc/systemd/system/cardano-node.service; enabled; vendor preset: en> Active: active (running) since ...
journalctl --unit=cardano-node --follow
Chain extended, new tip: xxx at slot xxx
sudo systemctl stop cardano-node
sudo systemctl restart cardano-node
cd $NODE_HOMEgit clone https://github.com/crypto2099/simpleLiveView
chmod +x $NODE_HOME/simpleLiveView/liveview.shsed -i $NODE_HOME/simpleLiveView/liveview.sh \-e "s/cardanoport=3001/cardanoport=\${POOL_RELAY_PORT}/g"
$NODE_HOME/simpleLiveView/./liveview.sh
scp -r -P SSH_port -i /path/to/id_rsa username@server_ip:~/cardano/file_to_download /path/to/Downloads/folder
scp -r -P 1234 -i /Users/Charles/RSA/id_rsa charles@12.34.56.78:~/cardano/tx.raw /Users/Charles/Downloads
scp -r -P SSH_port -i /path/to/id_rsa /path/to/file_to_upload username@server_ip:~/cardano
scp -r -P 1234 -i /Users/Charles/RSA/id_rsa /Users/Charles/Uploads/file_to_upload charles@12.34.56.78:~/cardano
scp -r -P SSH_port -i /path/to/id_rsa username@ip_of_node:.local/bin/cardano-cli /path/to/Downloads/folder
scp -r -P 1234 -i /Users/Charles/RSA/id_rsa charles@12.34.56.78:.local/bin/cardano-cli /Users/Charles/Downloads
ls $HOME/cardano
sudo chmod +x $HOME/cardano/cardano-cli
sudo nano $HOME/.bashrc
alias cardano-cli="$HOME/cardano/cardano-cli"
source $HOME/.bashrc
cardano-cli
Output should show cardano-cli helpcardano-cli - utility to support a variety of key operations (genesisgeneration, migration, pretty-printing..) for different system generations....
slotsPerKESPeriod=$(cat $NODE_HOME/mainnet-shelley-genesis.json | jq -r '.slotsPerKESPeriod') ;\slotNo=$(cardano-cli query tip --mainnet | jq -r '.slot') ;\kesPeriod=$((${slotNo} / ${slotsPerKESPeriod})) ;\echo ;\echo ● slotsPerKESPeriod: ${slotsPerKESPeriod} ;\echo ● slotNo: ${slotNo} ;\echo ● kesPeriod: ${kesPeriod}
mkdir $HOME/cardano/cold-keyscardano-cli node key-gen \ --cold-verification-key-file $HOME/cardano/cold-keys/cold-pool.vkey \ --cold-signing-key-file $HOME/cardano/cold-keys/cold-pool.skey \ --operational-certificate-issue-counter $HOME/cardano/cold-keys/cold-op-cert-issue.counter
cardano-cli address key-gen \ --verification-key-file $HOME/cardano/cold-keys/cold-payment.vkey \ --signing-key-file $HOME/cardano/cold-keys/cold-payment.skey
cardano-cli stake-address key-gen \ --verification-key-file $HOME/cardano/cold-keys/cold-stake.vkey \ --signing-key-file $HOME/cardano/cold-keys/cold-stake.skey
cardano-cli node key-gen-VRF \ --verification-key-file $HOME/cardano/cold-keys/cold-vrf.vkey \ --signing-key-file $HOME/cardano/vrf.skey
cardano-cli node key-gen-KES \ --verification-key-file $HOME/cardano/cold-keys/cold-kes.vkey \ --signing-key-file $HOME/cardano/kes.skey
cardano-cli node issue-op-cert \ --kes-verification-key-file $HOME/cardano/cold-keys/cold-kes.vkey \ --cold-signing-key-file $HOME/cardano/cold-keys/cold-pool.skey \ --operational-certificate-issue-counter $HOME/cardano/cold-keys/cold-op-cert-issue.counter \ --kes-period kesPeriod \ --out-file $HOME/cardano/pool-operation.cert
cardano-cli stake-address build \ --stake-verification-key-file $HOME/cardano/cold-keys/cold-stake.vkey \ --out-file $HOME/cardano/stake.addr \ --mainnet
cardano-cli address build \ --payment-verification-key-file $HOME/cardano/cold-keys/cold-payment.vkey \ --stake-verification-key-file $HOME/cardano/cold-keys/cold-stake.vkey \ --out-file $HOME/cardano/payment-with-stake.addr \ --mainnet
cardano-cli stake-address registration-certificate \ --stake-verification-key-file $HOME/cardano/cold-keys/cold-stake.vkey \ --out-file $HOME/cardano/stake.cert
scp -r -P SSH_port -i /path/to/id_rsa /path/to/pool-operation.cert username@ip_of_block_producing_node:~/cardano
scp -r -P 1234 -i /Users/Charles/RSA/id_rsa /Users/Charles/Uploads/pool-operation.cert charles@12.34.56.78:~/cardano
ls $NODE_HOME
cat > $NODE_HOME/startCardanoNode.sh << EOF#!/bin/bash$HOME/.local/bin/cardano-node +RTS -N -RTS run \--topology ${NODE_TOPOLOGY} \--database-path ${NODE_DB_PATH} \--socket-path ${CARDANO_NODE_SOCKET_PATH} \--host-addr ${NODE_IP} \--port ${POOL_RELAY_PORT} \--config ${NODE_CONFIG} \--shelley-kes-key ${NODE_HOME}/kes.skey \--shelley-vrf-key ${NODE_HOME}/vrf.skey \--shelley-operational-certificate ${NODE_HOME}/pool-operation.certEOF
sudo systemctl restart cardano-node
cd $NODE_HOME/simpleLiveView./liveview.sh
cardano-cli query protocol-parameters \ --mainnet \ --out-file $NODE_HOME/params.json
echo $(cat $NODE_HOME/payment-with-stake.addr)
Address begins with "addr", for example:addr1q8skk3gwmm0cunv...
cardano-cli query utxo \ --address $(cat $NODE_HOME/payment-with-stake.addr) \ --mainnet
TxHash TxIx Amount------------------------------------------------0b66... 0 10000000 lovelace
sudo nano $HOME/.bashrc
alias mybalance="cardano-cli query utxo --address $(cat $NODE_HOME/payment-with-stake.addr) --mainnet"
source $HOME/.bashrc
TxHash TxIx Amount----------------------------------------------------------0b66.. 0 10000000 lovelace0d99.. 1 100000000 lovelace
--tx-in 0b66..#0 \--tx-in 0b99..#1
mv $NODE_HOME/tx.draft $NODE_HOME/tx-old.draft 2>/dev/null ;\mv $NODE_HOME/tx.raw $NODE_HOME/tx-old.raw 2>/dev/null ;\mv $NODE_HOME/tx.signed $NODE_HOME/tx-old.signed 2>/dev/null ;\cd $NODE_HOME ;\\cardano-cli query utxo \ --address $(cat $NODE_HOME/payment-with-stake.addr) \ --mainnet > fullUtxo.out ;\tail -n +3 fullUtxo.out | sort -k3 -nr > balance.out ;\tx_in="" ;\lovelace_total_balance=0 ;\while read -r utxo; do in_addr=$(awk '{ print $1 }' <<< "${utxo}") idx=$(awk '{ print $2 }' <<< "${utxo}") utxo_balance=$(awk '{ print $3 }' <<< "${utxo}") lovelace_total_balance=$((${lovelace_total_balance}+${utxo_balance})) tx_in="${tx_in} --tx-in ${in_addr}#${idx}"done < balance.out ;\tx_in_count=$(cat balance.out | wc -l) ;\currentSlot=$(cardano-cli query tip --mainnet | jq -r '.slot') ;\invalidHereafter=$((${currentSlot} + 10000)) ;\\echo ;\echo ✅ VERIFY THE INFORMATION BELOW: ;\echo ● UTxOs List: ; \cat balance.out ; \echo ● Total Lovelace balance: ${lovelace_total_balance} ;\echo ● Number of UTxOs: ${tx_in_count} ;\echo ● Transaction Input: ${tx_in} ;\echo ● Current Slot: $currentSlot ;\echo ● Transaction Invalid Hereafter: $invalidHereafter ;\\rm fullUtxo.out ;\rm balance.out
stakeAddressDeposit=$(cat $NODE_HOME/params.json | jq -r '.stakeAddressDeposit') ;\echo ;\echo ● stakeAddressDeposit: $stakeAddressDeposit
cardano-cli transaction build-raw \ ${tx_in} \ --tx-out $(cat $NODE_HOME/payment-with-stake.addr)+0 \ --invalid-hereafter ${invalidHereafter} \ --fee 0 \ --out-file $NODE_HOME/tx.draft \ --certificate $NODE_HOME/stake.cert
fee=$(cardano-cli transaction calculate-min-fee \ --tx-body-file $NODE_HOME/tx.draft \ --tx-in-count ${tx_in_count} \ --tx-out-count 1 \ --mainnet \ --witness-count 2 \ --byron-witness-count 0 \ --protocol-params-file $NODE_HOME/params.json | awk '{ print $1 }');\echo ;\echo ● fee: $fee
tx_out_change=$((${lovelace_total_balance}-${stakeAddressDeposit}-${fee})) ;\echo ;\echo ● Change Output: ${tx_out_change}
cardano-cli transaction build-raw \ ${tx_in} \ --tx-out $(cat $NODE_HOME/payment-with-stake.addr)+${tx_out_change} \ --invalid-hereafter ${invalidHereafter} \ --fee ${fee} \ --certificate-file $NODE_HOME/stake.cert \ --out-file $NODE_HOME/tx.raw
scp -r -P SSH_port -i /path/to/id_rsa username@ip_of_block_producing_node:~/cardano/tx.raw /path/to/Downloads/folder
scp -r -P 1234 -i /Users/Charles/RSA/id_rsa charles@12.34.56.78:~/cardano/tx.raw /Users/Charles/Downloads
mv $HOME/cardano/tx.signed $HOME/cardano/tx-old.signed ;\cardano-cli transaction sign \ --tx-body-file $HOME/cardano/tx.raw \ --signing-key-file $HOME/cardano/cold-keys/cold-payment.skey \ --signing-key-file $HOME/cardano/cold-keys/cold-stake.skey \ --mainnet \ --out-file $HOME/cardano/tx.signed
ls $NODE_HOME
Output should contain cardano-cli transaction submit \ --tx-file $NODE_HOME/tx.signed \ --mainnet
cardano-cli query utxo --address $(cat $NODE_HOME/payment-with-stake.addr) --mainnet ;\echo ● Expected total balance: ${tx_out_change}
minPoolCost=$(cat $NODE_HOME/params.json | jq -r .minPoolCost) ;\echo ;\echo --pool-cost ${minPoolCost}
cat > $NODE_HOME/poolMetadata.json << EOF{"name": "Cool Pool name","description": "Here's why you should stake with me","ticker": "3-5 CHARACTERS","homepage": "https://www.examplepooldomain.com Just leave blank if don't use","extended": "https://link/to/poolExtendedMetadata.json"}EOFcat $NODE_HOME/poolMetadata.json
cardano-cli stake-pool metadata-hash \ --pool-metadata-file $NODE_HOME/poolMetadata.json > $NODE_HOME/poolMetadataHash.txt ;\echo ;\echo ● Hash is: $(cat $NODE_HOME/poolMetadataHash.txt)
wget -O $NODE_HOME/poolMetadata.json https://git.io/abcde
cardano-cli stake-pool metadata-hash \ --pool-metadata-file $NODE_HOME/poolMetadata.json > $NODE_HOME/poolMetadataHash.txt ;\echo ;\echo ● Hash is: $(cat $NODE_HOME/poolMetadataHash.txt)
--pool-relay-ipv4 Relay_1_IPv4 \--pool-relay-port 6000 \--pool-relay-ipv4 Relay_2_IPv4 \--pool-relay-port 6000 \
Just list out all the IPs of your relays.PROS:--single-host-pool-relay relay1.examplepooldomain.com\--pool-relay-port 6000 \--single-host-pool-relay relay2.examplepooldomain.com\--pool-relay-port 6000 \
If you have a domain name for your stake pool, go to your domain's DNS setting and add an "--single-host-pool-relay relays.examplepooldomain.com \--pool-relay-port 6000 \
This time, you create only one subdomain for all relays.Depending on your domain registrar, you may be able to create a single "A" record and point to multiple IPs:--multi-host-pool-relay relays.examplepooldomain.com\--pool-relay-port 6000 \
Basically it's the same as method 3 but with support for weights and priorities among multiple IPs (and other things). More on that.cardano-cli stake-pool registration-certificate \ --pool-pledge YOUR_PLEDGE_IN_LOVELACE \ --pool-cost 340000000 \ --pool-margin 0.01 \ --single-host-pool-relay relays.examplepooldomain.com \ --pool-relay-port 6000 \ --metadata-url https://link/to/poolMetadata.json \ \ \ --metadata-hash $(cat $HOME/cardano/poolMetadataHash.txt) \ --cold-verification-key-file $HOME/cardano/cold-keys/cold-pool.vkey \ --vrf-verification- key-file $HOME/cardano/cold-keys/cold-vrf.vkey \ --pool-reward-account-verification-key-file $HOME/cardano/cold-keys/cold-stake.vkey \ --pool-owner-stake-verification-key-file $HOME/cardano/cold-keys/cold-stake.vkey \ --mainnet \ --out-file $HOME/cardano/pool-registration.certcat $HOME/cardano/pool-registration.cert
type: CertificateShelleydescription: Stake Pool Registration CertificatecborHex:885e22d5d63...
cardano-cli stake-address delegation-certificate \--stake-verification-key-file $HOME/cardano/cold-keys/cold-stake.vkey \--cold-verification-key-file $HOME/cardano/cold-keys/cold-pool.vkey \--out-file $HOME/cardano/delegation.cert
mv $NODE_HOME/tx.draft $NODE_HOME/tx-old.draft 2>/dev/null ;\mv $NODE_HOME/tx.raw $NODE_HOME/tx-old.raw 2>/dev/null ;\mv $NODE_HOME/tx.signed $NODE_HOME/tx-old.signed 2>/dev/null ;\cd $NODE_HOME ;\\cardano-cli query utxo \ --address $(cat $NODE_HOME/payment-with-stake.addr) \ --mainnet > fullUtxo.out ;\tail -n +3 fullUtxo.out | sort -k3 -nr > balance.out ;\tx_in="" ;\lovelace_total_balance=0 ;\while read -r utxo; do in_addr=$(awk '{ print $1 }' <<< "${utxo}") idx=$(awk '{ print $2 }' <<< "${utxo}") utxo_balance=$(awk '{ print $3 }' <<< "${utxo}") lovelace_total_balance=$((${lovelace_total_balance}+${utxo_balance})) tx_in="${tx_in} --tx-in ${in_addr}#${idx}"done < balance.out ;\tx_in_count=$(cat balance.out | wc -l) ;\currentSlot=$(cardano-cli query tip --mainnet | jq -r '.slot') ;\invalidHereafter=$((${currentSlot} + 10000)) ;\\echo ;\echo ✅ VERIFY THE INFORMATION BELOW: ;\echo ● UTxOs List: ; \cat balance.out ; \echo ● Total Lovelace balance: ${lovelace_total_balance} ;\echo ● Number of UTxOs: ${tx_in_count} ;\echo ● Transaction Input: ${tx_in} ;\echo ● Current Slot: $currentSlot ;\echo ● Transaction Invalid Hereafter: $invalidHereafter ;\\rm fullUtxo.out ;\rm balance.out
stakePoolDeposit=$(cat $NODE_HOME/params.json | jq -r '.stakePoolDeposit') ;\tx_out_before_fee="$(cat $NODE_HOME/payment-with-stake.addr)+$(($lovelace_total_balance - $stakePoolDeposit))" ;\echo ;\echo ✅ VERIFY THE INFORMATION BELOW: ;\echo ● Stake Pool Deposit: $stakePoolDeposit ;\echo ● Transaction Output BEFORE Fee: ${tx_out_before_fee}
cardano-cli transaction build-raw \ ${tx_in} \ --tx-out ${tx_out_before_fee} \ --invalid-hereafter ${invalidHereafter} \ --fee 0 \ --certificate-file $NODE_HOME/pool-registration.cert \ --certificate-file $NODE_HOME/delegation.cert \ --out-file $NODE_HOME/tx.draft
fee=$(cardano-cli transaction calculate-min-fee \ --tx-body-file $NODE_HOME/tx.draft \ --tx-in-count ${tx_in_count} \ --tx-out-count 1 \ --witness-count 3 \ --byron-witness-count 0 \ --mainnet \ --protocol-params-file $NODE_HOME/params.json | awk '{ print $1 }') ;\tx_out_change=$(($lovelace_total_balance - $stakePoolDeposit - $fee)) ;\tx_out_with_fee="$(cat $NODE_HOME/payment-with-stake.addr)+${tx_out_change}" ;\echo ;\echo ✅ VERIFY THE INFORMATION BELOW: ;\echo ● fee: $fee ;\echo ● Transaction Output Change: ${tx_out_change} ;\echo ● Transaction Output WITH Fee: ${tx_out_with_fee}
cardano-cli transaction build-raw \ ${tx_in} \ --tx-out ${tx_out_with_fee} \ --invalid-hereafter ${invalidHereafter} \ --fee ${fee} \ --certificate-file $NODE_HOME/pool-registration.cert \ --certificate-file $NODE_HOME/delegation.cert \ --out-file $NODE_HOME/tx.raw
mv $HOME/cardano/tx.signed $HOME/cardano/tx-old.signed ;\cardano-cli transaction sign \ --tx-body-file $HOME/cardano/tx.raw \ --signing-key-file $HOME/cardano/cold-keys/cold-payment.skey \ --signing-key-file $HOME/cardano/cold-keys/cold-pool.skey \ --signing-key-file $HOME/cardano/cold-keys/cold-stake.skey \ --mainnet \ --out-file $HOME/cardano/tx.signed
cardano-cli stake-pool id --cold-verification-key-file $HOME/cardano/cold-keys/cold-pool.vkey --output-format "hex" > $HOME/cardano/pool-id.txtcat $HOME/cardano/pool-id.txt
cardano-cli transaction submit \--tx-file $NODE_HOME/tx.signed \--mainnet
cardano-cli query utxo --address $(cat $NODE_HOME/payment-with-stake.addr) --mainnet ;\echo ● Expected total balance: ${tx_out_change}
cat > $NODE_HOME/topologyUpdater.sh << EOF#!/bin/bash# shellcheck disable=SC2086,SC2034USERNAME=$(whoami)CNODE_PORT=$POOL_RELAY_PORTecho \${CNODE_PORT}CNODE_HOSTNAME="CHANGE ME"CNODE_BIN="\${HOME}/.local/bin"CNODE_HOME=$NODE_HOMECNODE_LOG_DIR="\${CNODE_HOME}/logs"GENESIS_JSON="\${CNODE_HOME}/mainnet-shelley-genesis.json"NETWORKID=\$(jq -r .networkId \$GENESIS_JSON)CNODE_VALENCY=1 NWMAGIC=\$(jq -r .networkMagic < \$GENESIS_JSON)[[ "\${NETWORKID}" = "Mainnet" ]] && HASH_IDENTIFIER="--mainnet" || HASH_IDENTIFIER="--testnet-magic \${NWMAGIC}"[[ "\${NWMAGIC}" = "1097911063" ]] && NETWORK_IDENTIFIER="--mainnet" || NETWORK_IDENTIFIER="--testnet-magic \${NWMAGIC}"export PATH="\${CNODE_BIN}:\${PATH}"export CARDANO_NODE_SOCKET_PATH="\${CNODE_HOME}/db/socket"blockNo=\$($HOME/.local/bin/cardano-cli query tip \${NETWORK_IDENTIFIER} | jq -r .block )if [ "\${CNODE_HOSTNAME}" != "CHANGE ME" ]; then T_HOSTNAME="&hostname=\${CNODE_HOSTNAME}"else T_HOSTNAME=''fiif [ ! -d \${CNODE_LOG_DIR} ]; then mkdir -p \${CNODE_LOG_DIR};ficurl -s "https://api.clio.one/htopology/v1/?port=\${CNODE_PORT}&blockNo=\${blockNo}&valency=\${CNODE_VALENCY}&magic=\${NWMAGIC}\${T_HOSTNAME}" | tee -a \$CNODE_LOG_DIR/topologyUpdater_lastresult.jsonEOF
chmod +x $NODE_HOME/topologyUpdater.sh$NODE_HOME/./topologyUpdater.sh
Output should look like this{ "resultcode": "201", "datetime":"...", "clientIp": "123.45.67.89", "iptype": 4, "msg": "nice to meet you" }
crontab -e
54 * * * * ${NODE_HOME}/topologyUpdater.sh
BLOCK_PRODUCING_NODE_IP=$(cat $NODE_HOME/bp-node-ip.txt)curl -s -o $NODE_HOME/mainnet-topology.json "https://api.clio.one/htopology/v1/fetch/?max=20&customPeers=${BLOCK_PRODUCING_NODE_IP}:${POOL_RELAY_PORT}:1|relays-new.cardano-mainnet.iohk.io:3001:2"
cat $NODE_HOME/mainnet-topology.json
sudo systemctl restart cardano-node
sudo apt-get install -y prometheus prometheus-node-exporter
sudo apt-get install -y prometheus-node-exporter
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -
echo "deb https://packages.grafana.com/oss/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list
sudo apt-get updatesudo apt-get install -y grafana
sudo systemctl enable grafana-serversudo systemctl enable prometheussudo systemctl enable prometheus-node-exporter
sudo systemctl enable prometheus-node-exporter
cat > prometheus.yml << EOFglobal: scrape_interval: 10s external_labels: monitor: 'codelab-monitor'scrape_configs: # Scrape data from cardano-node - job_name: 'cardano-node' static_configs: - targets: ['localhost:12798'] - targets: ['$(cat $NODE_HOME/bp-node-ip.txt):12798'] # Add more relay nodes here if needed # Scrape data from prometheus-node-exporter - job_name: 'node-exporter' static_configs: - targets: ['localhost:9100'] - targets: ['$(cat $NODE_HOME/bp-node-ip.txt):9100'] # Add more relay nodes here if neededEOFsudo mv prometheus.yml /etc/prometheus/prometheus.yml
sudo nano /etc/grafana/grafana.ini
sudo systemctl restart grafana-serversudo systemctl restart prometheussudo systemctl restart prometheus-node-exporter
sudo systemctl status grafana-server prometheus prometheus-node-exporter
Output should look like this🟢 grafana-server.service - Grafana instance Loaded: loaded (/usr/lib/systemd/system/grafana-server.service; enabled; vendor pres> Active: active (running)...🟢 prometheus.service - Monitoring system and time series database Loaded: loaded (/lib/systemd/system/prometheus.service; enabled; vendor preset: enab> Active: active (running)...🟢 prometheus-node-exporter.service - Prometheus exporter for machine metrics Loaded: loaded (/lib/systemd/system/prometheus-node-exporter.service; enabled; vendo> Active: active (running)
sudo ufw allow grafana_port/tcp &&\sudo ufw status numbered
Output should look like thisStatus: active To Action From -- ------ ----[ 1] SSH_port/tcp ALLOW IN Anywhere[ 2] POOL_RELAY_PORT/tcp ALLOW IN Anywhere[ 3] grafana_port/tcp ALLOW IN Anywhere
MONITORING_RELAY_NODE_IP=1.2.3.4sudo ufw allow proto tcp from $MONITORING_RELAY_NODE_IP to any port 12798 &&\sudo ufw allow proto tcp from $MONITORING_RELAY_NODE_IP to any port 9100 &&\sudo ufw status numbered
Output should look like thisStatus: active To Action From -- ------ ----[ 1] POOL_RELAY_PORT/tcp ALLOW IN RELAY_NODE_IP[ 2] SSH_port/tcp ALLOW IN Anywhere[ 3] 12798/tcp ALLOW IN MONITORING_RELAY_NODE_IP[ 4] 9100/tcp ALLOW IN MONITORING_RELAY_NODE_IP
sed -i $NODE_HOME/mainnet-config.json -e "s/127.0.0.1/0.0.0.0/g"
sudo systemctl restart cardano-node
https://api.telegram.org/botYOUR_API_TOKEN/getUpdates
sudo grafana-cli plugins install grafana-image-renderer
Output:✔ Installed grafana-image-renderer successfully
sudo systemctl restart grafana-server
sudo apt install build-essential make zlib1g-dev libpcre2-dev libevent-dev libssl-dev -y
cd $HOME/srcgit clone https://github.com/ossec/ossec-hids.gitcd ossec-hidsgit checkout 3.6.0
sudo ./install.sh
Output:(en/br/cn/de/el/es/fr/hu/it/jp/nl/pl/ru/sr/tr) [en]:
You are about to start the installation process of the OSSEC HIDS.You must have a C compiler pre-installed in your system.... -- Press ENTER to continue or Ctrl-C to abort. --
1- What kind of installation do you want (server, agent, local, hybrid or help)?
2- Setting up the installation environment.- Choose where to install the OSSEC HIDS [/var/ossec]:
3- Configuring the OSSEC HIDS. 3.1- Do you want e-mail notification? (y/n) [y]:
3.2- Do you want to run the integrity check daemon? (y/n) [y]:
3.3- Do you want to run the rootkit detection engine? (y/n) [y]:
3.4- Active response allows you to execute a specific command based on the events received. For example, you can block an IP address or disable access for a specific user. More information at: http://www.ossec.net/en/manual.html#active-response - Do you want to enable active response? (y/n) [y]:
- By default, we can enable the host-deny and the firewall-drop responses. The first one will add a host to the /etc/hosts.deny and the second one will block the host on iptables (if linux) or on ipfilter (if Solaris, FreeBSD or NetBSD). - They can be used to stop SSHD brute force scans, portscans and some other forms of attacks. You can also add them to block on snort events, for example. - Do you want to enable the firewall-drop response? (y/n) [y]:
- Do you want to add more IPs to the white list? (y/n)? [n]:
3.6- Setting the configuration to analyze the following logs: -- /var/log/auth.log -- /var/log/syslog -- /var/log/dpkg.log- If you want to monitor any other file, just change the ossec.conf and add a new localfile entry. Any questions about the configuration can be answered by visiting us online at http://www.ossec.net . --- Press ENTER to continue ---
- System is Debian (Ubuntu or derivative).- Init script modified to start OSSEC HIDS during boot.- Configuration finished properly.- To start OSSEC HIDS: /var/ossec/bin/ossec-control start- To stop OSSEC HIDS: /var/ossec/bin/ossec-control stop- The configuration can be viewed or modified at /var/ossec/etc/ossec.conf Thanks for using the OSSEC HIDS. If you have any question, suggestion or if you find any bug, contact us at https://github.com/ossec/ossec-hids or using our public maillist at https://groups.google.com/forum/#!forum/ossec-list More information can be found at http://www.ossec.net --- Press ENTER to finish (maybe more information below). ---
cat > $HOME/ossec.service <<EOF[Unit]Description=OSSEC service[Service]Type=forkingExecStart=/var/ossec/bin/ossec-control startExecStop=/var/ossec/bin/ossec-control stop[Install]WantedBy=multi-user.targetEOFsudo mv $HOME/ossec.service /etc/systemd/systemsudo chmod 644 /etc/systemd/system/ossec.servicesudo systemctl daemon-reloadsudo systemctl enable ossec
sudo nano /var/ossec/active-response/bin/ossec-telegram.sh
#!/bin/sh# Author: Yevgeniy Goncharov aka xck, http://sys-adm.in# Send alert to Telegram fromm OSSEC# Sys env / paths / etc# -------------------------------\PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin# Telegram settingsTOKEN="telegram_bot_token"CHAT_ID="telegram_bot_chat_id"ACTION=$1USER=$2IP=$3ALERTID=$4RULEID=$5LOCAL=`dirname $0`;cd $LOCALcd ../PWD=`pwd`# Logging the callecho "`date` $0 $1 $2 $3 $4 $5 $6 $7 $8" >> ${PWD}/../logs/active-responses.log# Getting alert timeALERTTIME=`echo "$ALERTID" | cut -d "." -f 1`# Getting end of alertALERTLAST=`echo "$ALERTID" | cut -d "." -f 2`# Getting full alertALERT=`grep -A 5 "$ALERTTIME" ${PWD}/../logs/alerts/alerts.log | grep -v ".$ALERTLAST: " -A 5`curl -s \-X POST \https://api.telegram.org/bot$TOKEN/sendMessage \-d text="$ALERT" \-d chat_id=$CHAT_ID
sudo chmod +x /var/ossec/active-response/bin/ossec-telegram.sh
sudo nano /var/ossec/etc/ossec.conf
<command> <name>send-telegram</name> <executable>ossec-telegram.sh</executable> <expect></expect> </command> <active-response> <command>send-telegram</command> <location>local</location> <level>4</level> </active-response>
sudo nano /var/ossec/rules/local_rules.xml
<rule id="400001" level="0"> <if_sid>1003</if_sid> <description>ignore this message</description></rule><rule id="400002" level="0"> <if_sid>531</if_sid> <match>/dev/loop</match> <description>ignore this message</description></rule>
sudo systemctl start ossec
crontab -e
crontab -e
*/10 * * * * curl -fsS --retry 5 -o /dev/null ping_url
crontab: installing new crontab
ls $NODE_HOME | grep 'cold'ls $HOME | grep 'cold'
ls $NODE_HOME | grep '.vkey\|.skey\|.cert'ls $HOME | grep '.vkey\|.skey\|.cert'
+---------------------+----------------+| RUNNING IN BLOCK PRODUCER MODE! :) |+---------------------+----------------+