Run a Tanssi Node Using Systemd¶

Introduction¶

In this guide, you'll learn how to spin up a Tanssi Node using the latest stable binary file release and manage the service using Systemd on Linux systems. Nodes provide essential API endpoints for applications and users to interact with the Tanssi network.

The article follows the good practice of running the service with its own non-root account and granting that account write access to a specific directory. However, you can adapt this article's steps and instructions to your infrastructure configuration, preferences, and security policies.

Checking Prerequisites¶

To get started, you'll need access to a computer running an Ubuntu Linux OS with Landlock enabled and root privileges. You will also need:

• Node binary files - a node requires three binary files: tanssi-relay, tanssi-relay-execute-worker, and tanssi-relay-prepare-worker ``

The instructions in this guide execute the latest official stable release. However, you can build your own file by compiling the source code.

Check Landlock Support¶

Tanssi nodes use the Linux kernel's Landlock feature as a security measure to restrict access to system resources, limiting the damage if the application is compromised.

Check the Landlock feature support in your system by running the following command:

sudo dmesg | grep landlock || journalctl -kg landlock

The output should look like:

If Landlock is disabled in your system, upgrade the kernel to version 5.13 or above.

Download the Latest Release¶

To get started, download the latest binary release and make it executable by running the following command:

wget https://github.com/moondance-labs/tanssi/releases/download/v0.12.0/tanssi-relay && \
wget https://github.com/moondance-labs/tanssi/releases/download/v0.12.0/tanssi-relay-execute-worker && \
wget https://github.com/moondance-labs/tanssi/releases/download/v0.12.0/tanssi-relay-prepare-worker && \
chmod +x ./tanssi-relay*

Set Up the Systemd Service¶

Systemd is a management system for Linux systems that manages services (daemons in Unix-like systems jargon), starting them automatically when the computer starts or reboots, or restarting them upon unexpected failures.

The following commands configure a new account, create the directory, and move the previously downloaded files to the right location.

1. Create a new account to run the service:

adduser tanssi_service --system --no-create-home

1. Create a directory to store the required files and data:

mkdir /var/lib/dancelight-data

1. Set the folder's ownership to the account that will run the service to ensure writing permission:

chown -R tanssi_service /var/lib/dancelight-data

1. Move the binaries to the folder:

mv ./tanssi-relay* /var/lib/dacelight-data

Generate the Node Key¶

To generate and store on disk the session keys that will be referenced on the start-up command, run the following command:

/var/lib/dancelight-data/tanssi-relay key generate-node-key --file /var/lib/dancelight-data/node-key

Create the Systemd Service Configuration File¶

The next step is to create the Systemd configuration file.

You can create the file by running the following command:

sudo touch /etc/systemd/system/tanssi.service

Now you can open the file using your favorite text editor (vim, emacs, nano, etc.) and add the configuration for the service, replacing the INSERT_YOUR_TANSSI_NODE_NAME tag with a human-readable name and INSERT_YOUR_IP_ADDRESS with your public IP address. The name will come in handy for connecting the log entries and metrics with the node that generates them.

[Unit]
Description="Tanssi Node systemd service"
After=network.target
StartLimitIntervalSec=0

[Service]
User=tanssi_service
Type=simple
Restart=always
RestartSec=10
SyslogIdentifier=tanssi
SyslogFacility=local7
KillSignal=SIGHUP
LimitNOFILE=100000
ExecStart=/var/lib/dancelight-data/tanssi-relay --chain=dancelight \
--base-path=/var/lib/tanssi-data/ \
--node-key-file /var/lib/dancelight-data/node-key \
--rpc-port=9944 \
--prometheus-port=9615 \
--prometheus-external \
--name=INSERT_YOUR_TANSSI_NODE_NAME \
--listen-addr=/ip4/0.0.0.0/tcp/30333 \
--public-addr=/ip4/INSERT_YOUR_IP_ADDRESS/tcp/30333 \
--state-pruning=archive \
--blocks-pruning=archive \
--database=paritydb \
--unsafe-rpc-external \
--telemetry-url='wss://telemetry.polkadot.io/submit/ 0'

[Install]
WantedBy=multi-user.target

Run Flags¶

The flags used in the ExecStart command can be adjusted according to your preferences and hardware configuration. The following ones are some of the most note-worthy:

• --state-pruning=archive - keeps all state data, which is necessary for historical state queries
• --blocks-pruning=archive - keeps all blocks, necessary for historical block data
• --database=paritydb - uses ParityDB as the database backend, which is optimized for RPC node performance
• --unsafe-rpc-external - allows external connections to the RPC server. This is required for the node to be accessible externally, but exposing RPC endpoints carries security risks. Ensure appropriate firewall and security measures are in place (see warning below)

You can view all available flags by running:

/var/lib/dancelight-data/tanssi-relay --help

Run the Service¶

Finally, enable the service and start it for the first time:

systemctl enable tanssi.service && \
systemctl start tanssi.service

You can verify that the service is up and running correctly:

systemctl status tanssi.service

Check the logs, if needed, with the following command:

journalctl -f -u tanssi.service

Testing Your Node¶

After your node is fully synced, you can verify that the RPC endpoint is working correctly by making a simple request. You can use curl to test the connection:

curl -H "Content-Type: application/json" -d '{"id":1, "jsonrpc":"2.0", "method":"chain_getHeader", "params":[]}' http://localhost:9944

If the RPC endpoint is working correctly, you should receive a JSON response containing the latest block header information.