[Guide] FULL NODE OpenSUSE 15.3: bitcoind + electrs + c-lightning + RTL
n0nce:
Since I wanted to rebuild one of my full nodes anyway, and like to experiment with different distro's, this time I went for OpenSUSE. It's enterprise-ready software with long-term support and should be very stable. Perfect for a Bitcoin node!
Quote from: n0nce on October 21, 2021, 01:14:06 PM
Changelog:
[...]
15.01.2024: Update guide -- all latest versions! Bitcoin Core v26.0, electrs v0.10.2, Core Lightning v23.11.2 and RTL v0.15.0
Disclaimers: I used @mocacinno's great centos 7 guide in parts and he generously helped me with some SUSE issues as well, so I want to give credit for that. His walkthrough is very good, but CentOS 7 is now outdated and I also wanted to add Electrum as well as configuring Electrum & C-Lightning to use Tor.
I opted to configure Electrum and C-Lightning to just use Tor. I find this the best way for privacy, circumventing NAT issues (home networks) and it has built-in encryption thus requiring no TLS certificates.
Finally, your eyes might be bleeding looking at all the nano commands. I myself obviously prefer vim, but someone who isn't familiar with it might prefer nano instead, that's why I wrote it down like this.
The hardware is quite low-end stuff, which goes to show that even a cheap node can run the 'full stack' :)
Intel® Core™ i3-2328M -- 2 cores, 4 threads, 2.2GHz8GB RAMI started with 4GB, the additional 4 sped up the IBD a ton2x 500GB HDDsSwitched to 1TB SSDRegular broadband internet connection & LAN, nothing fancy
Note: By now, I switched to a 1TB SSD. Since then, the electrum server (still through Tor) is super snappy. My clients seem to connect and refresh much quicker. It still takes a bit longer than through clearnet, but Tor is hassle-free and secure.
mocacinno's remarks apply here as well:
Quote from: mocacinno on January 13, 2020, 12:33:11 PM
some remaks:
i didn't document the firewall rules, because there are several possible firewall-implementations, and basically, if i'd have to go into the details of setting up firewallrules, i'd need a completely seperate firewall tutorial alltogether. If you have a clean (unused) VPS or you're installing a server in your HOME network (behind your own firewall), you *might* want to disable the firewall for testing puposes (re-enable it afterwards tough!!!)i didn't document the backup procedures. Always make sure you backup wallets, seeds,...no guarantee... If you follow these steps and lose money: don't blame meno help... Sure, i might try to help you out if you run into problems, but i'm under no obligation to do so. Best effort only, and only when i have time to help youno docker. Sure, docker is great, but if you run docker containers, you'll never know what's under the hood :). It's easy to download and spin up a docker container, but you'll learn little (or nothing). Don't get me wrong, if you're building your own containers or if you don't want to learn how to setup your service, docker is great... Just not if you want to get your hands dirty :)
bitcoin core, c-lightning and RTL are built from source in this walktrough... It's up to you to periodically perform updates (not only for these binaries, but for all packages on your system)this tutorial is a work in progress... There are many other steps (hardening, cleanup,...) that could happen. I'll probably edit these steps when i get input, or when i think about something myself. This is also why i split up this thread, this way every step has the chance/space to grow in the future...
Software list
Bitcoin Core: Reference implementation of Bitcoin, fully verified, keeps whole blockchain, requires no trust.
ElectRS: Lightweight Electrum implementation - get privacy for your SPV wallets!
C-Lightning: Lightweight Lightning Network implementation - instant and cheap BTC payments.
Ride The Lightning: Lightning management GUI, accessible via LAN from other devices in the network.
My C-Lightning backup guide can now be found here:
https://bitcointalk.org/index.php?topic=5384133.0
How to update your node:
https://bitcointalk.org/index.php?topic=5366854.msg61920456#msg61920456
n0nce:
openSUSE
Setting up openSUSE is analogous to any other Linux install; I would just recommend to go with the Leap version for stability instead of rolling-release Tumbleweed option.
Quote from: https://get.opensuse.org/desktop/
For Sysadmins, Enterprise Developers, and ‘Regular’ Desktop Users
Regular release with the benefits of both enterprise-grade engineering and community-developed innovation.
Simply download the ISO and checksum here:
https://get.opensuse.org/leap/#download
And verify it on your local machine. Instructions can be found here:
https://www.suse.com/support/security/download-verification/
After installing openSUSE on the target machine, setup a Bitcoin user
Code:
sudo useradd -m bitcoin
sudo passwd bitcoin
Restrict sudo access to your administrator user account by editing sudoers via visudo:
Code:
sudo visudo
Go to the line that looks like:
Code:
root ALL=(ALL) ALL
And add another line like follows. Replace your_user with your 'admin' account which will be the only sudo-capable account.
Code:
your_user ALL=(ALL) ALL
Further edit the file to prevent the unprivileged bitcoin user to execute sudo commands, even if it has a root user's password.
The last two lines must be commented out like shown.
Code:
## In the default (unconfigured) configuration, sudo asks for the root password.
## This allows use of an ordinary user account for administration of a freshly
## installed system. When configuring sudo, delete the two
## following lines:
#Defaults targetpw # ask for the password of the target user i.e. root
#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'!
n0nce:
Bitcoin Core
[1] Install prerequisites:
Code:
sudo zypper addrepo https://download.opensuse.org/repositories/devel:languages:python:Factory/openSUSE_Leap_15.3/devel:languages:python:Factory.repo
sudo zypper refresh
sudo zypper -v install git python310 make automake autoconf gcc9 gcc9-c++ libtool libevent-devel libdb-4_8-devel
sudo zypper -v install libboost_filesystem-devel libboost_program_options-devel libboost_system-devel libboost_test-devel libboost_thread-devel
sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 20
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 30
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-9 30
sudo update-alternatives --install /usr/bin/c++ c++ /usr/bin/g++-9 30
[2] Switch to unprivileged bitcoin user. Commands should output bitcoin (user) and /home/bitcoin (working directory)
Code:
su - bitcoin
whoami
pwd
[3] Download & build Bitcoin Core. v26.0 parameter needs to be adapted to the latest version whenever you read this guide.
Code:
git clone https://github.com/bitcoin/bitcoin.git
cd bitcoin
git checkout v26.0
./autogen.sh
./configure
make -j $(nproc)
[4] Create random username and password to access core via RPC.
Code:
cd share/rpcauth/
python3 rpcauth.py the_username_of_the_user_you_want cleartext_password_unique_long
[4.1] Delete history, otherwise the password remains in history file in cleartext.
Code:
history -c
history -w
[5] Create Bitcoin config file
Code:
mkdir ~/.bitcoin
nano ~/.bitcoin/bitcoin.conf
[6] Fill it like follows:
Code:
daemon=1
server=1
maxmempool=50
mempoolexpiry=2
rpcauth=user_chose_in_step_4:hash_created_in_step_4
dbcache=2048
banscore=10
datadir=/home/bitcoin/.bitcoin/
[7] Exit back to admin account
Code:
exit
[8] Install Bitcoin
Code:
cd /home/bitcoin/bitcoin
sudo make install
cd
[9] Still logged in as sudoer, create Bitcoin service:
Code:
sudo nano /usr/lib/systemd/system/bitcoind.service
[10] Contents should be like shown:
Code:
[Unit]
Description=Bitcoin daemon
After=network.target
[Service]
ExecStart=/usr/local/bin/bitcoind -daemon -conf=/home/bitcoin/.bitcoin/bitcoin.conf
# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
# Process management
####################
Type=forking
Restart=on-failure
# Directory creation and permissions
####################################
# Run as bitcoin:bitcoin
User=bitcoin
Group=users
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
[11] Enable & start service
Code:
sudo systemctl enable bitcoind.service
sudo service bitcoind start
[12] Check if running
Code:
tail -f /home/bitcoin/.bitcoin/debug.log
[13] Exit with CTRL+C, now wait for many moons (or hours) for the IBD to finish.
To check on the progress, you may use the tail command from before again or check disk utilization.
Code:
du -h /home/bitcoin/.bitcoin/blocks
After initial block download is finished, bitcoin-cli getblockchaininfo should return 99.999% verification like this.
Code:
"verificationprogress": 0.9999999999,
"initialblockdownload": false
As alluded to in the start post, IBD was going for around a week and still under 50%. Then I bought a second stick of 4GB RAM, look what happened.
Quote from: n0nce on October 15, 2021, 02:46:21 PM
For now, I would like to share my experience with a node that I've setup a few days ago. It is one of my nodes that needed a bit of maintenance; it was quite cluttered and had outdated software so I rebuilt it from scratch. I will also post a guide about it soon (OpenSUSE node walkthrough).
The hardware is a laptop motherboard with 4GB RAM and 2 500GB HDDs.
After it had taken almost a week to achieve ~40% sync, it was going super slow; around 1-2% a day, so I thought it may be a good idea to just plop in a second stick of RAM and see if it does anything. I kind of expected something to happen, but I was astonished at the speed it was going at afterwards! The HDD arm was moving much less now (audible difference); I suspect it was swapping a ton before, and the log was literally flying.
Here's a graph of some measurements I took; I let you guys guess at which point in time I upgraded the node from 4GB to 8GB :D
n0nce:
electrs
Since one of the main benefits of running a full node is privacy during transaction & address lookup, an Electrum server is needed. Otherwise you'd have to query using Bitcoin Core all the time and can't just use your mobile and desktop applications for that.
[1] Install dependencies, make sure you're logged into your sudoer account and not in bitcoin.
Code:
sudo zypper install clang cargo rust tor libstdc++6-devel-gcc11
[2] Download and build electrs as bitcoin. It took my machine around 10 minutes.
Code:
su - bitcoin
git clone https://github.com/romanz/electrs
cd electrs
cargo build --locked --release --no-default-features
mkdir database
[3] Create electrs config file
Code:
nano electrs.toml
[4] Enter the following:
Code:
cookie_file = "/home/bitcoin/.bitcoin/.cookie"
# The listening RPC address of bitcoind, port is usually 8332
daemon_rpc_addr = "127.0.0.1:8332"
# The listening P2P address of bitcoind, port is usually 8333
daemon_p2p_addr = "127.0.0.1:8333"
# Directory where the index should be stored. It should have at least 70GB of free space.
db_dir = "/home/bitcoin/electrs/database"
# bitcoin means mainnet. Don't set to anything else unless you're a developer.
network = "bitcoin"
# How much information about internal workings should electrs print. Increase before reporting a bug.
log_filters = "INFO"
[5] Log back out into your sudo account, and open the Tor config file.
Code:
exit
sudo nano /etc/tor/torrc
[6] Add the following contents, preferably in the right section (somewhere where there's HiddenServiceDir stuff commented out).
Code:
HiddenServiceDir /var/lib/tor/electrs_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 50001 127.0.0.1:50001
ExitPolicy reject *:* # no exits allowed
[7] Start up Tor and fetch your electrs Tor hostname. The hostname can then be entered in wallets like Wasabi and BlueWallet settings.
Code:
sudo systemctl enable tor.service
sudo service tor restart
sudo cat /var/lib/tor/electrs_hidden_service/hostname
[8] Create a service so electrs starts on startup
Code:
sudo nano /usr/lib/systemd/system/electrs.service
[9] Enter this information
Code:
[Unit]
Description=Electrs
After=bitcoind.service
[Service]
WorkingDirectory=/home/bitcoin/electrs
ExecStart=/home/bitcoin/electrs/target/release/electrs
User=bitcoin
Group=users
Type=simple
KillMode=process
TimeoutSec=60
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
[10] Start the service
Code:
sudo systemctl enable electrs.service
sudo service electrs start
[11] Check that it's running. This should return the electrs version.
Code:
echo '{"jsonrpc": "2.0", "method": "server.version", "params": ["", "1.4"], "id": 0}' | netcat 127.0.0.1 50001
n0nce:
C-Lightning
[1] Install dependencies
Code:
sudo zypper install sqlite3-devel gmp-devel zlib-devel python3-Mako gettext-tools
echo -e '#!/bin/sh\ntouch $2\nexit 0' | sudo tee /usr/local/bin/mrkd
sudo chmod 755 /usr/local/bin/mrkd
[2] Create another Tor hidden service for C-Lightning. Similar procedure as before.
Code:
sudo nano /etc/tor/torrc
[3] Below the other hidden service, add this info for Lightning.
Code:
HiddenServiceDir /var/lib/tor/lightningd_hidden_service/
HiddenServiceVersion 3
HiddenServicePort 9735 127.0.0.1:9735
[4] Then restart Tor and retrieve the new v3 Tor hostname for your Lightning installation. Copy it somewhere so you have it handy in step 7.
Code:
sudo service tor restart
sudo cat /var/lib/tor/lightningd_hidden_service/hostname
[5] Log into bitcoin user and download + build Lightning. v23.05.1 needs to be set to the currently latest version.
Code:
su - bitcoin
git clone https://github.com/ElementsProject/lightning.git
cd lightning
git checkout v23.05.1
pip3 install --upgrade pip
pip3 install mako mistune==0.8.4 mrkd
pip3 install -r plugins/clnrest/requirements.txt
./configure
make -j $(nproc)
[6] Create Lightning config.
Code:
mkdir -p /home/bitcoin/.lightning/bitcoin
nano /home/bitcoin/.lightning/bitcoin/lightningd.conf
[7] Enter the following. Alias can be chosen at will! :) Replace onion_address_you_got with the hidden service hostname you got in step 4!
Code:
daemon
alias=alias_for_your_node
network=bitcoin
log-level=debug
log-file=/home/bitcoin/.lightning/debug.log
# incoming via tor
bind-addr=127.0.0.1:9735
announce-addr=onion_address_you_got.onion
# outgoing via tor
proxy=127.0.0.1:9050
always-use-proxy=true
# REST API
clnrest-port=3010
[8] Log back out of the unprivileged bitcoin account to install Lightning and create the service.
Code:
exit
cd /home/bitcoin/lightning
sudo git config --global --add safe.directory /home/bitcoin/lightning
sudo git config --global --add safe.directory /home/bitcoin/lightning/external/libwally-core
sudo make install
sudo nano /usr/lib/systemd/system/lightningd.service
[9] In the service file, we need the following contents.
Code:
[Unit]
Description=C-Lightning daemon
Requires=bitcoind.service
After=bitcoind.service
Wants=network-online.target
After=network-online.target
[Service]
ExecStart=/usr/local/bin/lightningd --daemon --conf /home/bitcoin/.lightning/bitcoin/lightningd.conf
User=bitcoin
Group=users
Type=forking
Restart=on-failure
# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
[10] Start the Lightning service
Code:
sudo systemctl enable lightningd.service
sudo service lightningd start
[11] To check if it's running, we can use the lightning-cli command as bitcoin user with any of its parameters.
Code:
su - bitcoin
lightning-cli getinfo
Navigation
[0] Message Index
[#] Next page