Skip to content

Commit

Permalink
updated sentry and rpc_daemon
Browse files Browse the repository at this point in the history
  • Loading branch information
bloxster committed Nov 27, 2024
1 parent 5c76c26 commit 3af2c7a
Show file tree
Hide file tree
Showing 4 changed files with 316 additions and 45 deletions.
205 changes: 204 additions & 1 deletion src/advanced/rpc_daemon.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,206 @@
# RPC Daemon
*Remote Procedure Call*

<img src="/images/WIP.png" alt="" style="display: block; margin: 0 auto;">
Like any other Erigon component, the Remote Procedure Call (RPC) can run within the Erigon all-in-one client or as an independent process. This has many advantages, including easier development, the ability to run multiple RPC daemons at once, and the ability to run the daemon remotely. It is also possible to run the daemon locally (in read-only) if both processes have access to the data folder.

## Built-in RPC daemon

To enable RPC daemon as a built-in service in Erigon add the flags `--http` and `--ws` (sharing same port with http). For example:

```bash
./build/bin/erigon --internalcl --http.vhosts="*" --http.addr="0.0.0.0" --http.api=eth,web3,net,debug,trace,txpool
```
<div class="warning">

**Warning**: The above example is a convenient but insecure snippet to allow users to connect their wallet from any host. To have a secure connection it is recommended to utilize [TLS Authentication](./tls-authentication.md).
</div>

This command run Erigon on a remote server allowing connection from any host, enabling http api for eth, web3, net etc. To connect a remote wallet use IP address of the remote machine on the RPC URL. Default port is 8545 e.g. `http://123.123.123.123:8545`.

## Websocket

Erigon supports also WebSocket protocol, just add the flag `--ws` to enable the WS-RPC server (default: `false`) or `--ws.compression` to enable compression over WebSocket (default: `false`).

In order to specify websocket server listening port you can use the flag `--ws.port` (default: `8546`)

## GraphQL

GraphQL protocol is also supported, add flag `--graphql`.

## RPC as a separate process

To build the RPC daemon separately run the command:

```bash
make rpcdaemon
```

The RPC daemon can use:
- The local database, with Erigon running or on a snapshot of a database
- A remote database running on another machine.

### Running locally

Running RPC daemon on the same computer along with Erigon is the default option because it uses Shared Memory access to Erigon's db, which is much faster than TCP access. Remember to always provide the following options:
- `--datadir` to specify where Erigon data are stored ,by default `/home/user/.local/share/erigon`
- `--private.api.addr` to provide private api network address (default `127.0.0.1:9090`)

For example:

```bash
./build/bin/erigon --internalcl --private.api.addr=localhost:9090 --http=false
./build/bin/rpcdaemon --private.api.addr=localhost:9090 --http.vhosts="*" --http.addr="0.0.0.0" --http.api=eth,erigon,web3,net,debug,trace,txpool —-datadir=/home/admin/.local/share/erigon
```

With the above command it has also been specified which RPC namespaces to enable by `--http.api` flag.

### Running Remotely

In some cases, it is useful to run Erigon nodes in a different network (for example, in a public cloud), but RPC daemon locally. In this scenario the local machine requires no storing capacity and basic computing requirements.

<div class="warning">

**Warning**: to ensure the integrity of communication and access control to the Erigon node, [TLS Authentication](./tls-authentication.md) is needed.

</div>

This works regardless of whether RPC daemon is on the same computer with Erigon, or on a different one. They use TPC socket connection to pass data between them. To use this mode, run Erigon in one terminal window.

To start RPC daemon remotely - just don't set the `--datadir` flag:

```bash
./build/bin/erigon --internalcl --private.api.addr=localhost:9090 --http=false
./build/bin/rpcdaemon --private.api.addr=localhost:9090 --http.api=eth,erigon,web3,net,debug,trace,txpool
```

If the Erigon process is on one machine and RPC daemon is on another machine, use the `--private.api.addr` option for Erigon and open port `9090`:

```bash
./build/bin/erigon --internalcl --private.api.addr=0.0.0.0:9090 --http=false --http.vhosts="*" --http.addr="0.0.0.0"
```

On the other machine:

```bash
./build/bin/rpcdaemon --http.vhosts="*" --private.api.addr=123.123.123.123:9090 --http.api=eth,erigon,web3,net,debug,trace,txpool
```

For instance you can run also a number of different RPC daemon on different machines, attaching to the same Erigon process.

The daemon should respond with something like:

`INFO [date-time] HTTP endpoint opened url=localhost:8545...`

When running remotely, RPC daemon by default maintains a state cache that is updated each time Erigon imports a new block. When the state cache is reasonably warm, it allows such a remote RPC daemon to execute queries related to the latest block (i.e. current state) with comparable performance to a local RPC daemon (about 2x slower vs. 10x slower without state cache). Since there can be multiple such RPC daemons per Erigon node, it may scale well for some workloads that are heavy on current state queries.

## Healthcheck

There are 2 options for running healtchecks
- POST request
- GET request with custom headers.

Both options are available at the `/health` endpoint.

### POST request

If the health check is successful it returns `200 OK`.

If the health check fails it returns `500 Internal Server Error`.

Configuration of the health check is sent as POST body of the method.

```
{
"min_peer_count": <minimal number of the node peers>,
"known_block": <number_of_block_that_node_should_know>
}
```

Not adding a check disables that.

- `min_peer_count` checks for mimimum of healthy node peers. Requires net namespace to be listed in `http.api`.
- `known_block` sets up the block that node has to know about. Requires eth namespace to be listed in `http.api`.

Example request:

`http POST http://localhost:8545/health --raw '{"min_peer_count": 3, "known_block": "0x1F"}'`

Example response:
```
{
"check_block": "HEALTHY",
"healthcheck_query": "HEALTHY",
"min_peer_count": "HEALTHY"
}
```
### GET with headers

If the healthcheck is successful it will return a `200` status code.

If the healthcheck fails for any reason a status 500 will be returned. This is true if one of the criteria requested fails its check.

You can set any number of values on the X-ERIGON-HEALTHCHECK header. Ones that are not included are skipped in the checks.

Available Options:
- `synced` will check if the node has completed syncing
- `min_peer_count<count>` will check that the node has at least <count> many peers
- `check_block<block>` will check that the node is at least ahead of the specified <block>
- `max_seconds_behind<seconds>` - will check that the node is no more than <seconds> behind from its latest block

Example Request:

```
curl --location --request GET 'http://localhost:8545/health' \
--header 'X-ERIGON-HEALTHCHECK: min_peer_count1' \
--header 'X-ERIGON-HEALTHCHECK: synced' \
--header 'X-ERIGON-HEALTHCHECK: max_seconds_behind600'
```

Example Response:

```
{
"check_block":"DISABLED",
"max_seconds_behind":"HEALTHY",
"min_peer_count":"HEALTHY",
"synced":"HEALTHY"
}
```

## Testing

By default, the RPC daemon serves data from `localhost:8545`. You may send curl commands to see if things are working.

Try `eth_blockNumber` for example. In a third terminal window enter this command:

```bash
curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc": "2.0", "method": "eth_blockNumber", "params": [], "id":1}' localhost:8545
```

This should return something along the lines of this (depending on how far your Erigon node has synced):

```
{
"jsonrpc": "2.0",
"id": 1,
"result":" 0xa5b9ba"
}
```

Postman may also be used to test RPC daemon.

## Command Line Options

RPCdaemon is started and controlled using the command line and it is stopped by pressing `CTRL-C`.

You can configure RPCdaemon using command-line options (a.k.a. flags), which you can use to specify also sub-commands to invoke other functionalities.

The command-line help listing is reproduced below for your convenience. The same information can be obtained at any time from your own RPCdaemon instance by running:

```bash
./build/bin/rpcdaemon --help
```

For more detailed on RPC daemon info refer to this page:

<https://github.com/erigontech/erigon/blob/main/cmd/rpcdaemon/README.md>
63 changes: 62 additions & 1 deletion src/advanced/sentry.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,65 @@
# Sentry
*P2P network management*

Sentry connects Erigon to the Ethereum P2P network, enabling the discovery of other participants across the Internet and secure communication with them. It performs these main functions:

<img src="/images/WIP.png" alt="" style="display: block; margin: 0 auto;">
- Peer discovery via the following:
- Kademlia DHT
- DNS lookup
- Configured static peers
- Node info saved in the database
- Boot nodes pre-configured in the source code

- Peer management:
- handshakes
- holding p2p connection even if Erigon is restarted

The ETH core interacts with the Ethereum p2p network through the Sentry component. Sentry provides a simple interface to the core, with functions to download data, receive notifications about gossip messages, upload data on request from peers, and broadcast gossip messages either to a selected set of peers or to all peers.

## Running with an external Sentry or multiple Sentries

It is possible to have multiple Sentry to increase connectivity to the network or to obscure the location of the core computer. In this case it is necessary to define address and port of each Sentry that should be connected to the Core.

Before using the Sentry component the executable must be built. Head over to /erigon directory and type:

```bash
make sentry
```

Then it can be launched as an independent component with the command:

```bash
./build/bin/sentry
```

### Example

In this example we will run an instance of Erigon and Sentry on the same machine.

Following is the Sentry client running separately:

```bash
screen ./build/bin/sentry --datadir=~/.local/share/erigon
```

And here is Erigon attaching to it

```bash
./build/bin/erigon --internalcl --snapshots=true --sentry.api.addr=127.0.0.1:9091
```

Erigon might be attached to several Sentry instances running across different machines. As per Erigon help:

```bash
--sentry.api.addr value
```

Where `value` is comma separated sentry addresses '<host>:<port>,<host>:<port>'

## Command line options

To display available options for sentry digit:

```bash
./build/bin/sentry --help
```
72 changes: 37 additions & 35 deletions src/basic/ports.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
# Default Ports and Firewalls

Erigon Ports
-------------
## Erigon Ports

| Component | Port | Protocol | Purpose | Should Expose |
| --------- | ---- | -------- | ------- | -------------- |
Expand All @@ -14,50 +13,53 @@ Erigon Ports
| RPCdaemon | 8545 | TCP | HTTP & WebSockets & GraphQL | Private |
| Diagnostics | 8080 | TCP & UDP| Diagnostic Tool | Private |

Caplin ports
------------
## Caplin ports

| Component | Port | Protocol | Purpose | Should Expose |
| --------- | ---- | -------- | ------- | -------------- |
| Sentinel | 4000 | UDP | Peering | Public |
| Sentinel | 4001 | TCP | Peering | Public |

Shared ports
------------
## Shared ports

| Component | Port | Protocol | Purpose | Should Expose |
| --------- | ---- | -------- | ------- | -------------- |
| All | 6060 | TCP | pprof | Private |
| All | 6060 | TCP | metrics | Private |

Optional flags can be enabled that enable pprof or metrics (or both) - however, they both run on 6060 by default, so you'll have to change one if you want to run both at the same time.

Other ports
------------

* gRPC ports: 9092 consensus engine, 9093 snapshot downloader, 9094 TxPool

Hetzner firewall rules
----------------------

| IP Range | Description |
| ------------------------------| -------------------------------------------------------------------------------------------------------------|
| 0.0.0.0/8 | "This" Network (RFC 1122, Section 3.2.1.3) |
| 10.0.0.0/8 | Private-Use Networks (RFC 1918) |
| 100.64.0.0/10 | Carrier-Grade NAT (CGN) (RFC 6598, Section 7) |
| 127.16.0.0/12 | Private-Use Networks (RFC 1918) |
| 169.254.0.0/16 | Link Local (RFC 3927) |
| 172.16.0.0/12 | Private-Use Networks (RFC 1918) |
| 192.0.0.0/24 | IETF Protocol Assignments (RFC 5736) |
| 192.0.2.0/24 | TEST-NET-1 (RFC 5737) |
| 192.88.99.0/24 | 6to4 Relay Anycast (RFC 3068) |
| 192.168.0.0/16 | Private-Use Networks (RFC 1918) |
| 198.18.0.0/15 | Network Interconnect Device Benchmark Testing (RFC 2544) |
| 198.51.100.0/24 | TEST-NET-2 (RFC 5737) |
| 203.0.113.0/24 | TEST-NET-3 (RFC 5737) |
| 224.0.0.0/4 | Multicast (RFC 3171) |
| 240.0.0.0/4 | Reserved for Future Use (RFC 1112, Section 4) |
| 255.255.255.255/32 | Limited Broadcast (RFC 919, Section 7) |
| 255.255.255.255/32 | RFC 922, Section 7 |
- You can optionally enable additional flags to configure the system to expose different ports for **pprof** or **metrics**. However, both **pprof** and **metrics** are configured to use the same default port of 6060/tcp.
- To run both **pprof** and **metrics** at the same time, you'll need to manually modify the port assignments or choose an alternative approach.

# gRPC ports

| Component | Port |
| ------------------- | ---- |
| http api | 9092 |
| Snapshots Downloader| 9093 |
| TxPool | 9094 |


# Hetzner firewall rules


| IP Range | Description |
|--------------------------------| ------------------------------------------|
| 0.0.0.0/8 | "This" Network (RFC 1122, Section 3.2.1.3)|
| 10.0.0.0/8 | Private-Use Networks (RFC 1918) |
| 100.64.0.0/10 | Carrier-Grade NAT (CGN) (RFC 6598, Section 7)|
| 127.16.0.0/12 | Private-Use Networks (RFC 1918)|
| 169.254.0.0/16 | Link Local (RFC 3927) |
| 172.16.0.0/12 | Private-Use Networks (RFC 1918) |
| 192.0.0.0/24 | IETF Protocol Assignments (RFC 5736) |
| 192.0.2.0/24 | TEST-NET-1 (RFC 5737) |
| 192.88.99.0/24 | 6to4 Relay Anycast (RFC 3068) |
| 192.168.0.0/16 | Private-Use Networks (RFC 1918) |
| 198.18.0.0/15 | Network Interconnect Device Benchmark Testing (RFC 2544)|
| 198.51.100.0/24 | TEST-NET-2 (RFC 5737) |
| 203.0.113.0/24 | TEST-NET-3 (RFC 5737) |
| 224.0.0.0/4 | Multicast (RFC 3171) |
| 240.0.0.0/4 | Reserved for Future Use (RFC 1112, Section 4)|
| 255.255.255.255/32 | Limited Broadcast (RFC 919, Section 7) |
| 255.255.255.255/32 | RFC 922, Section 7 |

Same in [IpTables](https://ethereum.stackexchange.com/questions/6386/how-to-prevent-being-blacklisted-for-running-an-ethereum-client/13068#13068) syntax.
Loading

0 comments on commit 3af2c7a

Please sign in to comment.