eth节点二进制快速搭建
aws linux 2023 install cronie
默认去掉了crontab,可以安装cronie来继续使用
https://docs.aws.amazon.com/zh_cn/linux/al2023/ug/cron.html
sudo yum install cronie
sudo systemctl enable crond
crontab
crontab -e
* * * * * bash /home/ubuntu/script/eth_monitor.sh > /dev/null 2>&1
aws linux 2023 install redis6
sudo dnf install -y redis6
sudo systemctl start redis6
sudo systemctl enable redis6
sudo systemctl is-enabled redis6
redis6-server --version
redis6-cli ping
aws linux 2023 install openresty
# add the repo:
wget https://openresty.org/package/amazon/openresty.repo
sudo mv openresty.repo /etc/yum.repos.d/
# update the index:
sudo yum check-update
# install the package
sudo yum install -y openresty
# startup onboot
sudo systemctl enable openresty
openresty conf
#user nobody;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 60;
client_max_body_size 100M;
#gzip on;
#limit_conn_zone $binary_remote_addr zone=perip:10m;
#limit_conn_zone $server_name zone=perserver:10m;
server_tokens off;
#resolver 172.31.0.2;
init_worker_by_lua_block{
redis = require("resty.redis")
aes = require "resty.aes"
str = require "resty.string"
key = '1938705285589872450'
prefix1 = 'keyandcount'
prefix2 = 'existkeys'
b64 = require "ngx.base64"
}
#websocket
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#grafana
server {
listen 80 ;
server_name grafana.lancet.pro;
location /{
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
}
# Proxy Grafana Live WebSocket connections.
location /api/live/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ .static\media\.(svg|gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
location ~ .static\.(js|css)?$ {
expires 12h;
}
location ~ /\. {
deny all;
}
access_log access-grafana.log;
}
#rpc limit
server {
listen 80 default_server;
server_name bhtuwr2w90890y.lancet.pro;
#charset koi8-r;
#access_log logs/host.access.log main;
lua_code_cache on;
location /{
rewrite_by_lua_block
{
function split(str, delim)
local i, j, k
local t = {}
k = 1
while true do
i, j = string.find(str, delim, k)
if i == nil then
table.insert(t, string.sub(str, k))
return t
end
table.insert(t, string.sub(str, k, i - 1))
k = j + 1
end
end
function setapikey(redclient, key, array)
redclient:setex(prefix1 .. '::' .. key, 3600*24, array[4])
redclient:set(prefix2 .. '::' .. array[2], array[3] .. ':' .. key)
end
function errorandexit(status, message)
ngx.status = status
ngx.say(message)
ngx.exit(ngx.HTTP_OK)
end
local red = redis:new()
local ok, err = red:connect("127.0.0.1", 6379)
if not ok then
ngx.say("failed to connect: ", err)
return
end
red:select(0)
local apikey = ngx.req.get_uri_args()["apikey"]
if apikey == nil or apikey == '' then
errorandexit(ngx.HTTP_UNAUTHORIZED, 'unauthorized')
end
local key1 = prefix1 .. '::' .. apikey
ok, err = red:exists(key1)
if ok ~= 1 then
local binarykey, err = b64.decode_base64url(apikey)
if not binarykey then
-- invalid input
errorandexit(ngx.HTTP_UNAUTHORIZED, 'unauthorized')
end
local aes_java = aes:new(key .. string.rep('\0', 32 - #key), nil,
aes.cipher(256, "cbc"), { iv = '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' })
local realkey, err = aes_java:decrypt(binarykey)
if not realkey then
errorandexit(ngx.HTTP_UNAUTHORIZED, 'unauthorized')
end
local array = split(realkey, ":")
local pass = false
if (array[1] == 'v1') then
ok, err = red:exists(prefix2 .. '::' .. array[2])
if (ok ~= 1) then
setapikey(red, apikey, array)
pass = true
else
ok, err = red:get(prefix2 .. '::' .. array[2])
local array2 = split(ok, ':')
if (tonumber(array2[1]) <= tonumber(array[3])) then
red:del(prefix1 .. '::' .. array2[2])
setapikey(red, apikey, array)
pass = true
end
end
end
if (pass == false) then
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.say("unauthorized")
ngx.exit(ngx.HTTP_OK)
end
end
ok, err = red:decr(key1)
if ok < 0 then
ngx.status = ngx.HTTP_SERVICE_UNAVAILABLE
ngx.say("limit exceeded")
ngx.exit(ngx.HTTP_OK)
end
red:set_keepalive()
}
proxy_pass http://127.0.0.1:8802;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ .static\media\.(svg|gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
}
location ~ .static\.(js|css)?$ {
expires 12h;
}
location ~ /\. {
deny all;
}
access_log access-rpc-limit.log;
}
}
ethmonitor(lighthouse版本)
ubuntu@eth01-new:~$ cat script/eth_monitor.sh
#!/bin/bash
# Script name: eth_monitor.sh
# Script function: if a process be killed, start it
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
source /etc/profile
shell_name=$(echo $0 | awk -F "/" '{print $NF}')
log_file=$HOME/log/${shell_name}.log
# config array be use to save keyword for 'ps | grep'
declare -A config
config["lighthouse"]="./lighthouse bn --network"
config["geth"]="/home/ubuntu/geth-linux-amd64-1.14.5-0dd173a7/geth --datadir"
function shell_log()
{
local log_info=$1
echo -e "$(date +'%F %T') ${shell_name} ${log_info}" | tee -a ${log_file}
}
function monitor_process()
{
local proc_index=$1
local proc_keyword="${config[$proc_index]}"
local process_exists=$(ps -ef | grep "${proc_keyword}" | grep -v grep | grep -v ${shell_name} | wc -l)
if [ $process_exists -eq 0 ]; then
shell_log "[${proc_keyword}] process no found, start it..."
start_$proc_index
$HOME/script/sendim $proc_index &
else
shell_log "[${proc_keyword}] process number: $process_exists, do nothing."
fi
}
function start_lighthouse()
{
cd /home/ubuntu/lighthouse
/bin/sh start
}
function start_geth()
{
cd /home/ubuntu/ethereum
/bin/sh start
}
function main()
{
local i
for i in ${!config[*]}
do
monitor_process "$i"
done
}
main $*
ethmonitor(prysm版本)
#!/bin/bash
# Script name: eth_monitor.sh
# Script function: if a process be killed, start it
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
source /etc/profile
shell_name=$(echo $0 | awk -F "/" '{print $NF}')
log_file=$HOME/log/${shell_name}.log
# config array be use to save keyword for 'ps | grep'
declare -A config
config["prysm"]="prysm.sh --execution-endpoint"
config["geth"]="/home/ec2-user/geth-linux-amd64-1.14.11-f3c696fa/geth --datadir"
function shell_log()
{
local log_info=$1
echo -e "$(date +'%F %T') ${shell_name} ${log_info}" | tee -a ${log_file}
}
function monitor_process()
{
local proc_index=$1
local proc_keyword="${config[$proc_index]}"
local process_exists=$(ps -ef | grep "${proc_keyword}" | grep -v grep | grep -v ${shell_name} | wc -l)
if [ $process_exists -eq 0 ]; then
shell_log "[${proc_keyword}] process no found, start it..."
start_$proc_index
$HOME/script/sendim $proc_index &
else
shell_log "[${proc_keyword}] process number: $process_exists, do nothing."
fi
}
function start_lighthouse()
{
cd /home/ec2-user/prysm
/bin/sh start
}
function start_geth()
{
cd /home/ec2-user/ethereum
/bin/sh start
}
function main()
{
local i
for i in ${!config[*]}
do
monitor_process "$i"
done
}
main $*
sendim to wecom
ubuntu@eth01-new:~$ cat script/sendim
#!/bin/bash
url="https://qyapi.weixin.qq.com/cgi-bin/webhook"
header="'Content-Type:application/json'"
key="10e6737a-5ae8-49e5-b691-43ef53fb17f2"
text="通知名称: eth01-new节点异常 [$1] 进程重启
通知时间: $(date +'%F %T')
服务器IP: $(curl ip.sb)"
function tips()
{
if [ `jq -r .errcode` == "0" ];then
echo -e "\033[32mok\033[0m"
else
echo -e "\033[31merror\033[0m"
fi
}
function send_text()
{
local text="$*"
textmsg='{"msgtype":"text","text":{"content":"'${text}'","mentioned_list":[""]}}'
curl -s -H ${header} -d "$textmsg" "$url/send?key=$key"|tips
}
send_text "${text}"
create dir
mkdir lighthouse-v5.3.0
cd lighthouse-v5.3.0/
wget https://github.com/sigp/lighthouse/releases/download/v5.3.0/lighthouse-v5.3.0-x86_64-unknown-linux-gnu.tar.gz
tar -zxvf lighthouse-v5.3.0-x86_64-unknown-linux-gnu.tar.gz
lighthouse -V
ps -ef|grep light
cp lighthouse /usr/local/bin/
sudo cp lighthouse ../
wget https://gethstore.blob.core.windows.net/builds/geth-linux-amd64-1.14.9-c350d3ac.tar.gz
#!/bin/bash
nohup /home/ec2-user/geth-linux-amd64-1.14.9-c350d3ac/geth --datadir /data/ethdata --syncmode "snap" --cache 4096 --ws --ws.addr 0.0.0.0 --ws.port 8803 --ws.origins=* --http --http.addr 0.0.0.0 --http.port 8802 --port 30032 --authrpc.addr 0.0.0.0 --authrpc.jwtsecret /home/ec2-user/ethereum/jwt.hex --http.vhosts=* >> /data/log/eth.log 2>&1 &
eth start
ubuntu@eth01-new:~$ cat ethereum/start
#!/bin/bash
nohup /home/ubuntu/geth-linux-amd64-1.14.5-0dd173a7/geth --datadir /data/ethdata --syncmode "snap" --cache 4096 --ws --ws.addr 0.0.0.0 --ws.port 8803 --ws.origins=* --http --http.addr 0.0.0.0 --http.port 8802 --port 30032 --authrpc.addr 0.0.0.0 --authrpc.jwtsecret /home/ubuntu/ethereum/jwt.hex --http.vhosts=* >> /data/log/eth.log 2>&1 &
jwt
ubuntu@eth01-new:~$ cat ethereum/jwt.hex
0x9776750e52a72508aac3df6952e9c8d5d4ee61e1bf6a49992a4fe965248f5644
ubuntu@eth01-new:~$ cat lighthouse/jwt.hex
0x9776750e52a72508aac3df6952e9c8d5d4ee61e1bf6a49992a4fe965248f5644
lighthouse start
ubuntu@eth01-new:~$ cat lighthouse/start
nohup ./lighthouse bn --network=mainnet --datadir=./beacondata --checkpoint-sync-url=https://mainnet-checkpoint-sync.stakely.io --execution-endpoint=http://127.0.0.1:8551 --reconstruct-historic-states --execution-jwt=./jwt.hex >> log.log 2>&1 &
prysm start
(因为lighthouse5.3内存占用过高,后来改用了这个作为共识层)
首次执行,需要设置版本号,当时是v5.1.2,下载一下脚本,然后执行accept一下,最后再挂到后台来运行
#参考链接
https://docs.prylabs.network/docs/install/install-with-script
export USE_PRYSM_VERSION=v5.1.2
curl https://raw.githubusercontent.com/prysmaticlabs/prysm/master/prysm.sh --output prysm.sh && chmod +x prysm.sh
./prysm.sh beacon-chain --execution-endpoint=http://localhost:8551 --mainnet --jwt-secret=./jwt.hex --checkpoint-sync-url=https://beaconstate.info --genesis-beacon-api-url=https://beaconstate.info
Latest Prysm version is v5.1.2.
Beacon chain is up to date.
Verifying binary integrity.
beacon-chain-v5.1.2-linux-amd64: OK
gpg: Signature made Wed Oct 16 19:51:14 2024 UTC
gpg: using RSA key 0AE0051D647BA3C1A917AF4072E33E4DF1A5036E
gpg: Good signature from "Preston Van Loon preston@pvl.dev" [unknown]
gpg: aka "Preston Van Loon preston@prysmaticlabs.com" [unknown]
gpg: aka "Preston Van Loon preston90@gmail.com" [unknown]
gpg: aka "Preston Van Loon (0xf71E9C766Cdf169eDFbE2749490943C1DC6b8A55) preston@machinepowered.com" [unknown]
gpg: WARNING: Using untrusted key!
Verified /home/ec2-user/prysm/dist/beacon-chain-v5.1.2-linux-amd64 has been signed by Prysmatic Labs.
Starting Prysm beacon-chain --execution-endpoint=http://localhost:8551 --mainnet --jwt-secret=./jwt.hex --checkpoint-sync-url=https://beaconstate.info --genesis-beacon-api-url=https://beaconstate.info
Prysm Terms of Use
By downloading, accessing or using the Prysm implementation (“Prysm”), you (referenced herein
as “you” or the “user”) certify that you have read and agreed to the terms and conditions below.
TERMS AND CONDITIONS: https://github.com/prysmaticlabs/prysm/blob/develop/TERMS_OF_SERVICE.md
Type "accept" to accept this terms and conditions [accept/decline]: (default: decline):
accept
[2024-10-24 12:29:33] INFO execution: Finished reading JWT secret from ./jwt.hex
[2024-10-24 12:29:33] INFO flags: Running on Ethereum Mainnet
nohup bash prysm.sh beacon-chain --execution-endpoint=http://localhost:8551 --mainnet --jwt-secret=./jwt.hex --checkpoint-sync-url=https://beaconstate.info --genesis-beacon-api-url=https://beaconstate.info >>log.log 2>&1 &