Hi,
After reading a lot I finally decide to jump in.
Some days ago I asked about the differences between AWs and baremetal, finally I decide AWS:
Following the Coincash guide and the first part of the @AlexD1985 for hardening, but there are some steps that confuse me. (not for the guide, just because I have lack of knowledge)
1 - Producer Node and realy are both with public ip at Amazon, is this the right way? or I have to assign a public IP to the relay node and leave the producer with an internal. If the 2nd option is the correct, do i have to modify the ip address at the topology.json?
2nd- the air-grapped part: I don’t understand anything 
what are exactly the steps?
do I have to run below commands at the air-gapped offline machine?
echo export NODE_HOME=$HOME/cardano-my-node >> $HOME/.bashrc
source $HOME/.bashrc
mkdir -p $NODE_HOME
2.2 Is the Offline machine a simply new installation ubuntu( live usb with persistent) or I need to repeat all the process like I did with the relay and bp?
3rd- regarding the topology.json. at relay node I have this:
ubuntu@ip-XXX.XX.XX.XX:~/cardano-my-node$ cat mainnet-topology.json
{
“Producers”: [
{
“addr”: “<1st public ip>”,
“port”: 6000,
“valency”: 1
}
]
}
and at my producer I have this info:
ubuntu@ixx-xx-xx-xx:~/cardano-my-node$ cat mainnet-topology.json
{
“Producers”: [
{
“addr”: “<2nd public ip>”,
“port”: 6000,
“valency”: 1
}
]
}
questions are:
- are the <> arrow characters be with the IP?
- Do I Have to open the 3001 port at both nodes (relay and Bp)?
- Do I Have to open same ports at the Aws instance panel? ( my common sense say yes, but If bp node it has to be at private network maybe the right option is leave it only open at relay)
4th- this is what I get when I try to run cardanocli
Summary
03 17:14:46 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:14:46.60 U>
May 03 17:14:56 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:14:56.60 U>
May 03 17:15:06 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:06.60 U>
May 03 17:15:16 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:16.61 U>
May 03 17:15:26 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:26.61 U>
May 03 17:15:36 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:36.61 U>
May 03 17:15:46 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:46.61 U>
May 03 17:15:56 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:56.61 U>
May 03 17:16:06 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:16:06.61 U>
~
~
~
~
lines 1-20/20 (END)
â—Ź cardano-node.service - Cardano node service
Loaded: loaded (/etc/systemd/system/cardano-node.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-05-02 18:29:05 UTC; 22h ago
Main PID: 2782 (startBlockProdu)
Tasks: 12 (limit: 4638)
Memory: 67.4M
CGroup: /system.slice/cardano-node.service
├─2782 /bin/bash /home/ubuntu/cardano-my-node/startBlockProducingNode.sh
└─2792 /usr/local/bin/cardano-node run --topology /home/ubuntu/cardano-my-node/mainnet-topology.json --database-path>
May 03 17:14:36 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:14:36.60 UT>
May 03 17:14:46 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:14:46.60 UT>
May 03 17:14:56 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:14:56.60 UT>
May 03 17:15:06 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:06.60 UT>
May 03 17:15:16 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:16.61 UT>
May 03 17:15:26 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:26.61 UT>
May 03 17:15:36 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:36.61 UT>
May 03 17:15:46 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:46.61 UT>
May 03 17:15:56 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:15:56.61 UT>
May 03 17:16:06 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:16:06.61 UT>
~
this is what I get after start the block producer and run the command: journalctl --unit=cardano-node --follow
Summary
– Logs begin at Sun 2021-05-02 11:42:18 UTC. –
May 03 17:26:26 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:26:26.68 UTC] Domain: “<54.194.41.43>” Failed to start all required subscriptions
May 03 17:26:36 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:26:36.69 UTC] Domain: “<54.194.41.43>” Failed to start all required subscriptions
May 03 17:26:46 ip-172-31-11-23 cardano-node[2792]: [ip-172-3:cardano.node.DnsSubscription:Warning:57] [2021-05-03 17:26:46.69 UTC] Domain: “<54.194.41.43>” Failed to start all required subscriptions
5- what happens with the relay.pem and producer.pem once create? do I leave at the vm machine that I use to connect both AWS instances?
thanks in advance, and sorry if any question is too basic.