After several days of redeploying servers and building cardano-node and cardano-cli on CentOS 8 (which has SELinux enabled by default) from source, I never got a node to accept incoming connections.
The node would not even accept incoming connections when SELinux was disabled before building cardano-node and cardano-cli.
So I would like to know if others were able to run a node on CentOS 8 succesfully and which extra step was needed to get there.
I’m not installing the software with any scripts or with NIX, but am using the official documentation.
Now running on Debian, but that is not my preferred flavor for servers.
Does firewalld have the port open?
Yes, it did and the server was listening.
This is very interesting discussion as linux with shittemD is for sissies. I would also prefer running my node on BSD instead of ubuntu but things don’t good look over there, don’t look good at all.
I started off with NetBSD 9.0 since that used to have a prebuilt jormungander binary. However jormungander is rust based not haskell based it’s completely different technology. https://wiki.haskell.org/BSD#NetBSD.2C_DragonFly_BSD_.28and_others_using_pkgsrc.29
If you look it up ghc is not even in the ports collection for NetBSD, I have tried to build it from source but after fixing compilation errors for hours I just give up.
About FreeBSD12.1 situation is not much better, yes ghc is in the ports collection and yes it is the latest 8.6.5 but trying to build it… good luck with that again.
[155 of 291] Compiling Distribution.SPDX.LicenseId ( libraries/Cabal/Cabal/Distribution/SPDX/LicenseId.hs, bootstrapping/Distribution/SPDX/LicenseId.o )
ghc/ghc.mk:126: ghc/stage1/package-data.mk: No such file or directory
gmake[3]: *** [utils/ghc-cabal/ghc.mk:58: utils/ghc-cabal/dist/build/tmp/ghc-cabal] Killed
gmake[2]: *** [Makefile:124: all] Error 2
gmake[2]: Leaving directory '/usr/ports/lang/ghc/work/ghc-8.10.2'
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** Error code 1
After finding 6 years old bugs which still not resolved like: https://gitlab.haskell.org/ghc/ghc/-/issues/8709
I gave up with even trying to build ghc from source and went with the binary package, same with cabal. This will land you:
cabal-install version 3.0.1.0
The Glorious Glasgow Haskell Compilation System, version 8.8.3
with a cabal library under the requirements which is 3.2.0.0.
cabal update <= will not do much good
Regardless I have tried to build cardano-node as is but don’t have to tell you it failed.
Warning: Requested index-state2020-07-15T00:00:00Z is newer than
'hackage.haskell.org'! Falling back to older state ().
Resolving dependencies...
cabal: Could not resolve dependencies:
[__0] trying: Win32-network-0.1.0.0 (user goal)
[__1] next goal: base (dependency of Win32-network)
[__1] rejecting: base-4.13.0.0/installed-4.1... (conflict: Win32-network =>
base>=4.5 && <4.13)
[__1] fail (backjumping, conflict set: Win32-network, base)
After searching the rest of the dependency tree exhaustively, these were the
goals I've had most trouble fulfilling: Win32-network, base
This is the most of the time I willing to invest in this project. We need haskell to mature on BSD which might happens if some of the BSD devs get involved with Cardano. Anyway don’t expect much support on these forums for BSD. Maybe by the time the current cardano node matures enough that an average joe can put it together and it does not get stuck, crash and FreeBSD will be at 14.1 we might be able to build it.
I was looking at the wrong firewalls and did get it working.
I’m an OpenBSD man myself, but don’t expect that it will ever run on that.
FreeBSD does support cabal 3.2.0.0 but there the problem is ghc which will be either 8.6.3, 8.10.1 or 8.10.2.
So that will fail also, because ghc 8.10.1 is not supported yet.
And last but not least, IOHK forked libsodium and are still using 1.0.16 while FreeBSD is on 1.0.18 already.
So, you can forget that route too.
I’m looking into NixOS now myself, but that is also just another Linux distribution.
When using NixOS the IOHK cache can not be used, because all not Cardano related packages reside at the NixOS organization.
Just now starting in my stake pool journey. I too am a fan of BSD, namely FreeBSD. Within my local network I have both a producer and relay node fully sync’d. Both node are on the latest 12-release and I also have another producer node running on 14-current. Though I rebuilt world for the 14-current system, all nodes use prebuilt packages. I do not plan to build all packages from source as I feel it is not necessary and will not provide significant performance over prebuilt packages.
I should note all nodes were deployed in an automated fashion using Ansible following the CoinCashew guide. Considering the amount of manual steps the use of Ansible will ease deployment and allow the ability to quickly scale nodes. My goal is to have a fully working Ansible role for deploying Cardano nodes using FreeBSD.
After some time, I can confidently say I now have a Relay Node up and running on FreeBSD-12.2 Release. Deployment is ~90% automated via use of Ansible. Looking to share soon the git repo. For now the focus is on deployment of just the relay node.
Did you get round to setting up that repo. We currently run a mix of Centos 8 and Ubuntu 20.04LTS (with very stable results) but interested in spinning up on BSD as well.
@cyberruss : Thanks for your interest. Will try to publish something by this week. It is not 100%, but would be good to have others contribute. As mentioned the deployment is tailored towards a relay node for now.
Excellent. I think there are positives in a defence in depth approach, i.e. relays run on a separate OS to the BPNs. BSD is the perfect choice IMO for the external facing components given it’s enviable track record for security and stability. Been messing around with resolving the library dependencies and then found this thread. If you’ve cracked that it would allow integration with GuildOps scripts and open up deployment for a lot of SPOs should they choose.
@cyberruss : Curious to know what library dependency issues you faced? Were you using pkg or compiling packages via ports?
The ansible role: cnode_relay (GitHub) is now for the most part ready (also available on ansible-galaxy). Below is a sample run and I will start a new thread later for a quick setup guide for anyone who may not be familiar with ansible. Just make sure your inventory file looks similar to the following:
[all:vars]
ansible_user=remote-username
ansible_python_interpreter=/usr/local/bin/python3.7[producers]
Your producer hostname (used for peers) ansible_ssh_port=(if different than 22)[relays]
Your relay hostname ansible_ssh_port=(if different than 22)
I have incorporated most of the steps from guides already shared by @Alexd1985 and those on CoinCashew site. Again, this role is tailored for setting up a relay node on FreeBSD. From my side, I have tested on a clean install of 12.2-Release without issues.
As a prereq the remote user should be able to login to the relay node using ssh-keys and be able to sudo without being prompted for password (this should be setup manually for now). Also, the relay node should have python37 (# pkg install python37) installed.
Sample run:
TASK [cnode_relay : Updating cabal…] ****************************************************************************************************************************
changed: [remote-host-name]TASK [cnode_relay : Get cabal version] ****************************************************************************************************************************
changed: [remote-host-name]TASK [cnode_relay : Print cabal version] **************************************************************************************************************************
ok: [remote-host-name] => {
“msg”: [
[
“cabal-install version 3.2.0.0”,
"compiled using version 3.2.1.0 of the Cabal library "
]
]
}TASK [cnode_relay : Get ghc version] ******************************************************************************************************************************
changed: [remote-host-name]TASK [cnode_relay : Print ghc version] ****************************************************************************************************************************
ok: [remote-host-name] => {
“msg”: [
[
“The Glorious Glasgow Haskell Compilation System, version 8.10.3”
]
]
}TASK [cnode_relay : Checkout cardano-node repo @ 1.25.1] **********************************************************************************************************
…output truncated…
ok: [remote-host-name]
TASK [cnode_relay : Cron - Install topologyUpdater.sh to run hourly on the 22nd minute] ***************************************************************************
ok: [remote-host-name]TASK [cnode_relay : Cron - Install relay-topology_pull.sh to run once daily] **************************************************************************************
ok: [remote-host-name]TASK [cnode_relay : newsyslog - Log rotation setup] ***************************************************************************************************************
ok: [remote-host-name]PLAY RECAP ********************************************************************************************************************************************************
remote-host-name : ok=40 changed=15 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
The full run on a fresh install took about 1hr from my tests (not including full db sync after install. Though this can be speed up if your scp your db/ dir from another node).