Search…
How to setup a 'keystore' on a Validator node

1. Export your keystore file first

Export your Keystore file which you registered in. You can see how to get the Keystore file from this documentation page.

2. Place your keystore file in the proper path

The keystore file needs to be exported and stored in the cert directory. Below is a directory structure under the docker-compose.yml
1
|-- docker-compose.yml
2
|-- data → data directory
3
|-- mainnet → block DB directory
4
|-- log → log directory
5
|-- cert → keytore or cert key directory
6
|-- YOUR_KEYSTORE_FILE → put your keystore file
Copied!
Important - you should put your keystore file under the /cert folder.

3. Rename Keystore file simply

Enter a short name for the keystore file (recommended).

4. Import your keystore file into docker-compose.yml

If your keystore file name is textKeystore then the docker-compose.yml file looks like this:
$ cat docker-compose.yml
1
version: '3'
2
services:
3
icon2-node:
4
image: 'iconloop/icon2-node'
5
restart: "on-failure"
6
container_name: "icon2-node"
7
network_mode: "host"
8
stdin_open: true
9
environment:
10
SERVICE: "MainNet" # MainNet, SeJong
11
#IS_AUTOGEN_CERT: "true"
12
GOLOOP_LOG_LEVEL: "debug" # trace, debug, info, warn, error, fatal, panic
13
KEY_STORE_FILENAME: "INPUT_YOUR_KEY_STORE_FILENAME" # e.g. keystore.json read a config/keystore.json
14
KEY_PASSWORD: "INPUT_YOUR_KEY_PASSWORD" # e.g. "/goloop/config/keystore.json" read a "config/keystore.json" of host machine
15
FASTEST_START: "true" # It can be restored from latest Snapshot DB.
16
ROLE: 3 # preps = 3, citizen = 0
17
18
cap_add:
19
- SYS_TIME
20
21
volumes:
22
- ./config:/goloop/config
23
- ./data:/goloop/data
24
- ./logs:/goloop/logs
Copied!
Also, you can see the directory path as below:
1
|-- docker-compose.yml
2
|-- data → data directory
3
|-- mainnet → block DB directory
4
|-- log → log directory
5
|-- cert → keytore or cert key directory
6
|-- testKeystore → put your keystore file
Copied!

Troubleshooting

Q: How to check if container is running or not

The docker ps command shows the list of running docker containers.
1
$ docker ps
2
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3
0de99e33cdc9 iconloop/prep-node:1910211829xc2286d "/src/entrypoint.sh" 2 minutes ago Up 2 minutes(healthy) 0.0.0.0:7100->7100/tcp, 0.0.0.0:9000->9000/tcp prep_prep_1
Copied!
You should look at the STATUS field to see if the container is running up and in healthy state.
Inside the container, there is a healthcheck script running with the following configuration. It will return unhealthy when it fails.
Healthcheck option
value
retries
4
interval
30s
timeout
20s
start-period
60s
The container can have three states:
  • starting - container just starts
  • healthy - when the health check passes
  • unhealthy - when the health check fails
If the container does not start properly or went down unexpectedly, please check the booting.log. Below is the log messages on success.
1
$ cat data/PREP-MainNet/log/booting_${DATE}.log
2
3
[2019-10-23 17:47:05.204] Your IP: xxx.xxx.xxx.xxx
4
[2019-10-23 17:47:05.209] RPC_PORT: 9000 / RPC_WORKER: 3
5
[2019-10-23 17:47:05.214] DEFAULT_PATH=/data/mainnet in Docker Container
6
[2019-10-23 17:47:05.219] DEFAULT_LOG_PATH=/data/mainnet/log
7
[2019-10-23 17:47:05.224] DEFAULT_STORAGE_PATH=/data/mainnet/.storage
8
[2019-10-23 17:47:05.229] scoreRootPath=/data/mainnet/.score_data/score
9
[2019-10-23 17:47:05.234] stateDbRootPath=/data/mainnet/.score_data/db
10
[2019-10-23 17:47:05.239] Time synchronization with NTP / NTP SERVER: time.google.com
11
[2019-10-23 17:47:12.022] P-REP package version info - _1910211829xc2286d
12
[2019-10-23 17:47:12.697] iconcommons 1.1.2
13
iconrpcserver 1.4.5
14
iconsdk 1.2.0
15
iconservice 1.5.15
16
loopchain 2.4.15
Copied!

Q: How to find error

Error log messages example
Grep the ERROR messages from the log files to find the possible cause of the failure.
1
$ cat data/PREP-MainNet/log/booting_${DATE}.log | grep ERROR
2
3
[2019-08-12 02:08:48.746] [ERROR] Download Failed - http://20.20.1.149:5000/cert/20.20.1.195_public.der status_code=000
4
5
[2019-08-12 01:58:46.439] [ERROR] Unauthorized IP address, Please contact our support team
Copied!
Docker container generates below log files
  • booting.log
    • The log file contains the errors that occurred when the docker container starts up.
  • iconrpcserver.log
    • The log file contains information about the request/response message handling going through the iconrpcserver.
  • iconservice.log
    • The log file contains the internals of ICON Service
  • loopchain.channel-txcreator-icon_dex_broadcast.icon_dex.log
    • The log file contains information about TX broadcast from a node to other nodes
  • loopchain.channel-txcreator.icon_dex.log
    • The log file contains information about the process of confirming TXƒ
  • loopchain.channel-txreceiver.icon_dex.log
    • The log file contains information about receiving the broadcasted TX from a node.
  • loopchain.channel.icon_dex.log
    • The log file contains information about internals of loopchain engine

Q: How to monitor resources

We recommend the following tools for resource monitoring
  1. 1.
    Network monitoring - iftop, nethogs, vnstat
  2. 2.
    CPU/Memory monitoring - top, htop
  3. 3.
    Disk I/O monitoring - iostat, iotop
  4. 4.
    Docker monitoring - docker stats, ctop