|
| 1 | +# Sample AWS Blockchain Node Runner app for XRP Nodes |
| 2 | + |
| 3 | +| Contributed by | |
| 4 | +|:--------------------------------:| |
| 5 | +| Pedro Aceves < br/> [email protected] | |
| 6 | + |
| 7 | +XRP node deployment on AWS. All nodes are configure as ["Stock Servers"](https://xrpl.org/docs/infrastructure/configuration/server-modes/run-rippled-as-a-stock-server) |
| 8 | + |
| 9 | +## Overview of Deployment Architectures for Single and HA setups |
| 10 | + |
| 11 | +### Single node setup |
| 12 | + |
| 13 | + |
| 14 | + |
| 15 | +1. A XRP node deployed in the [Default VPC](https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) continuously synchronizes with the rest of nodes on the configured xrp network through [Internet Gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html). |
| 16 | +2. The XRP node is used by dApps or development tools internally from within the Default VPC. RPC API is not exposed to the Internet directly to protect nodes from unauthorized access. |
| 17 | +3. The XRP node sends various monitoring metrics for both EC2 and current XRP ledger sequence to Amazon CloudWatch. It also updates the dashboard with correct storage device names to display respective metrics properly. |
| 18 | + |
| 19 | +### HA setup |
| 20 | + |
| 21 | + |
| 22 | + |
| 23 | +1. A set of XRP nodes are deployed within an [Auto Scaling Group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-groups.html) in the [Default VPC](https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html) continuously synchronizing with the rest of nodes on the configured xrp network through [Internet Gateway](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html). |
| 24 | +2. The XRP nodes are accessed by dApps or development tools internally through [Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html). RPC API is not exposed to the Internet to protect nodes from unauthorized access. |
| 25 | +3. The XRP nodes send various monitoring metrics for EC2 to Amazon CloudWatch. |
| 26 | + |
| 27 | +## Setup Instructions |
| 28 | + |
| 29 | +### Open AWS CloudShell |
| 30 | + |
| 31 | +To begin, ensure you login to your AWS account with permissions to create and modify resources in IAM, EC2, EBS, VPC, S3, KMS, and Secrets Manager. |
| 32 | + |
| 33 | +From the AWS Management Console, open the [AWS CloudShell](https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html), a web-based shell environment. If unfamiliar, review the [2-minute YouTube video](https://youtu.be/fz4rbjRaiQM) for an overview and check out [CloudShell with VPC environment](https://docs.aws.amazon.com/cloudshell/latest/userguide/creating-vpc-environment.html) that we'll use to test nodes API from internal IP address space. |
| 34 | + |
| 35 | +Once ready, you can run the commands to deploy and test blueprints in the CloudShell. |
| 36 | + |
| 37 | +### Clone this repository and install dependencies |
| 38 | + |
| 39 | +```bash |
| 40 | +git clone https://github.com/aws-samples/aws-blockchain-node-runners.git |
| 41 | +cd aws-blockchain-node-runners |
| 42 | +npm install |
| 43 | +``` |
| 44 | + |
| 45 | +### Configure your setup |
| 46 | + |
| 47 | +1. Make sure you are in the root directory of the cloned repository |
| 48 | + |
| 49 | +2. If you have deleted or don't have the default VPC, create default VPC |
| 50 | + |
| 51 | +```bash |
| 52 | +aws ec2 create-default-vpc |
| 53 | +``` |
| 54 | + |
| 55 | +> **NOTE:** *You may see the following error if the default VPC already exists: `An error occurred (DefaultVpcAlreadyExists) when calling the CreateDefaultVpc operation: A Default VPC already exists for this account in this region.`. That means you can just continue with the following steps.* |
| 56 | +
|
| 57 | +3. Configure your setup |
| 58 | + |
| 59 | +Create your own copy of `.env` file and edit it to update with your AWS Account ID and Region: |
| 60 | +```bash |
| 61 | +cd lib/xrp |
| 62 | +cp ./sample-configs/.env-xrp-testnet .env |
| 63 | +nano .env |
| 64 | +``` |
| 65 | +> **NOTE:** *You can find more examples inside `sample-configs` * |
| 66 | +
|
| 67 | + |
| 68 | +4. Deploy common components such as IAM role: |
| 69 | + |
| 70 | +```bash |
| 71 | +npx cdk deploy XRP-common |
| 72 | +``` |
| 73 | + |
| 74 | + |
| 75 | +### Deploy a Single Node |
| 76 | + |
| 77 | +1. Deploy the node |
| 78 | + |
| 79 | +```bash |
| 80 | +npx cdk deploy XRP-single-node --json --outputs-file single-node-deploy.json |
| 81 | +``` |
| 82 | + |
| 83 | +2. After starting the node you need to wait for the initial synchronization process to finish. You can use Amazon CloudWatch to track the progress. There is a script that publishes CloudWatch metrics every 5 minutes, where you can watch `XRP Sequence` metrics. When the node is fully synced the sequence should match that of the configured xrp network (testnet, mainnet, etc). To see them: |
| 84 | + |
| 85 | + - Navigate to [CloudWatch service](https://console.aws.amazon.com/cloudwatch/) (make sure you are in the region you have specified for `AWS_REGION`) |
| 86 | + - Open `Dashboards` and select dashboard that starts with `XRP-single-node` from the list of dashboards. |
| 87 | + |
| 88 | +### Deploy HA Nodes |
| 89 | + |
| 90 | +1. Deploy multiple HA Nodes |
| 91 | + |
| 92 | +```bash |
| 93 | +pwd |
| 94 | +# Make sure you are in aws-blockchain-node-runners/lib/xrp |
| 95 | +npx cdk deploy XRP-ha-nodes --json --outputs-file ha-nodes-deploy.json |
| 96 | +``` |
| 97 | + |
| 98 | +2. Give the new nodes time to initialize |
| 99 | + |
| 100 | +> **NOTE:** *By default and for security reasons the load balancer is available only from within the default VPC in the region where it is deployed. It is not available from the Internet and is not open for external connections. Before opening it up please make sure you protect your RPC APIs.* |
| 101 | +
|
| 102 | +### Clearing up and undeploy everything |
| 103 | + |
| 104 | +Destroy HA Nodes, Single Nodes and Common stacks |
| 105 | + |
| 106 | +```bash |
| 107 | +# Setting the AWS account id and region in case local .env file is lost |
| 108 | + export AWS_ACCOUNT_ID=<your_target_AWS_account_id> |
| 109 | + export AWS_REGION=<your_target_AWS_region> |
| 110 | + |
| 111 | +pwd |
| 112 | +# Make sure you are in aws-blockchain-node-runners/lib/xrp |
| 113 | + |
| 114 | +# Destroy HA Nodes |
| 115 | +cdk destroy XRP-ha-nodes |
| 116 | + |
| 117 | +# Destroy Single Node |
| 118 | +cdk destroy XRP-single-node |
| 119 | + |
| 120 | +# Delete all common components like IAM role and Security Group |
| 121 | +cdk destroy XRP-common |
| 122 | +``` |
| 123 | + |
| 124 | +### FAQ |
| 125 | + |
| 126 | +1. How to check the logs from the EC2 user-data script? |
| 127 | + |
| 128 | +```bash |
| 129 | +pwd |
| 130 | +# Make sure you are in aws-blockchain-node-runners/lib/xrp |
| 131 | + |
| 132 | +export INSTANCE_ID=$(cat single-node-deploy.json | jq -r '..|.node-instance-id? | select(. != null)') |
| 133 | +echo "INSTANCE_ID=" $INSTANCE_ID |
| 134 | +aws ssm start-session --target $INSTANCE_ID --region $AWS_REGION |
| 135 | +sudo cat /var/log/cloud-init-output.log |
| 136 | +sudo cat /var/log/user-data.log |
| 137 | +``` |
| 138 | +2. How can I change rippled (XRP) configuration? |
| 139 | + There are two places of configuration for the xrp nodes: |
| 140 | + |
| 141 | + a. .env file. Here is where you specify the xrp network you want. This is the key into the config hash in part b |
| 142 | +```bash |
| 143 | +HUB_NETWORK_ID="testnet" |
| 144 | +``` |
| 145 | + |
| 146 | + b. lib/xrp/lib/assets/rippled/rippledconfig.py file. Here you can setup listners an network configuration for the network specified in part "a" |
| 147 | + |
| 148 | + |
| 149 | + |
0 commit comments