Symbolノードv1.0.3.4へのアップデート手順

暗号資産XYMのブロックチェーンSymbolのノードアップデート手順を備忘録がてら。

私のノードはこちらです。
http://symbol-node-01.kokichi.tokyo
委任先にお悩みの場合は、ぜひ委任お願いします。

前提

OS:CentOS7.9
symbol-bootstrap(アップデート前):v1.1.6
symbolノード(アップデート前):v1.0.3.3

手順

作業ディレクトリへ移動

$ cd symbol-bootstrap

ノード停止

$ symbol-bootstrap stop

addresses.ymlのデコード

$ symbol-bootstrap decrypt --source target/addresses.yml --destination addresses.yml

データのバックアップ

$ sudo mv ./target ./target.BAK

symbol-bootstrapの更新

$ sudo npm install -g symbol-bootstrap
$ symbol-bootstrap -v
symbol-bootstrap/1.1.8 linux-x64 node-v14.16.0

カスタムプリセットのバックアップ

$ mv custom-preset.yml custom-preset.yml.bk

ウィザード実行。適宜質問に回答する。

$ symbol-bootstrap wizard
? Select a network:
Mainnet Node

? Select an assembly:
Dual Node

? Symbol Bootstrap is about to start working with sensitive information (private keys) so it is highly recommended that you disconnect from the network before continuing. Say YES if you are offline or if you don't care.
Yes

? Enter the password used to encrypt and decrypt custom presets, addresses.yml, and preset.yml files. When providing a password, private keys will be encrypted. Keep this password in a secure place!
XXXXXXXXXXXXXXXXXXXXXXX

? How do you want to create the Main account:
Entering a private key

? Enter the 64 HEX private key of the Main account (or press enter to select the option again).
XXXXXXXXXXXXXXXXXXXXXXX

? Is this the expected address XXXXXXXXXXXXXXXXXXXXXXX to used as Main account?
Yes

? How do you want to create the Transport account:
Entering a private key

? Enter the 64 HEX private key of the Transport account (or press enter to select the option again).
XXXXXXXXXXXXXXXXXXXXXXX

? Is this the expected address XXXXXXXXXXXXXXXXXXXXXXX to used as Transport account?
Yes

? How do you want to create the VRF account:
Entering a private key

? Enter the 64 HEX private key of the VRF account (or press enter to select the option again).
XXXXXXXXXXXXXXXXXXXXXXX

? Is this the expected address XXXXXXXXXXXXXXXXXXXXXXX to used as VRF account?
Yes

? How do you want to create the Remote account:
Entering a private key

? Enter the 64 HEX private key of the Remote account (or press enter to select the option again).
XXXXXXXXXXXXXXXXXXXXXXX

? Is this the expected address XXXXXXXXXXXXXXXXXXXXXXX to used as Remote account?
Yes

? Select your HTTPS setup method:
Automatic, all of your keys and certs will be generated/renewed automatically, using letsencyrpt.

? Enter the public domain name(eg. node-01.mysymbolnodes.com) that's pointing to your outbound host IP This value is required when you are running on HTTPS!
symbol-node-01.kokichi.tokyo

? Enter the friendly name of your node.
symbol-node-01-kokichi-tokyo

? Select the type of security you want to use:
ENCRYPT: All keys are encrypted, only password would be asked

? Are you creating a Voting node?
No

カスタムプリセットを適宜編集

$ vi custom-preset.yml

ノード起動

$ symbol-bootstrap start --upgrade -c custom-preset.yml -d

起動確認

$ symbol-bootstrap healthCheck

_             _         _                    _         _
___  _   _  _ __ ___  | |__    ___  | |       | |__    ___    ___  | |_  ___ | |_  _ __  __ _  _ __
/ __|| | | || '_ ` _ \ | '_ \  / _ \ | | _____ | '_ \  / _ \  / _ \ | __|/ __|| __|| '__|/ _` || '_ \
\__ \| |_| || | | | | || |_) || (_) || ||_____|| |_) || (_) || (_) || |_ \__ \| |_ | |  | (_| || |_) |
|___/ \__, ||_| |_| |_||_.__/  \___/ |_|       |_.__/  \___/  \___/  \__||___/ \__||_|   \__,_|| .__/
|___/                                                                                    |_|
2022-10-26T00:48:05.147Z info     User for docker resolved: 1000:993
2022-10-26T00:48:05.149Z info     Running image using Exec: symbolplatform/symbol-server:gcc-1.0.3.4 openssl x509 -enddate -noout -in node.crt.pem -checkend 2592000
2022-10-26T00:48:05.596Z info     The node.crt.pem certificate for node node will expire on Nov  5 00:36:41 2023 GMT. No need to renew it yet.
2022-10-26T00:48:05.627Z info     Container db is running
2022-10-26T00:48:05.628Z warn     Container node is NOT running YET.
2022-10-26T00:48:05.628Z warn     Container broker is NOT running YET.
2022-10-26T00:48:05.628Z info     Container rest-gateway is running
2022-10-26T00:48:05.631Z info     Container https-proxy is running
2022-10-26T00:48:05.633Z info     Container rest-gateway port 3000 -> 3000 is open
2022-10-26T00:48:05.635Z info     Testing http://localhost:3000/node/health
2022-10-26T00:48:05.641Z info     Container https-proxy port 80 -> 80 is open
2022-10-26T00:48:05.642Z info     Container https-proxy port 3001 -> 443 is open
2022-10-26T00:48:05.651Z warn     Rest http://localhost:3000/node/health is NOT up and running YET: {"statusCode":503,"statusMessage":"Service Unavailable","body":"{\"status\":{\"apiNode\":\"down\",\"db\":\"up\"}}"}
2022-10-26T00:48:05.651Z info     Retrying in 10 seconds. Polling will stop in 49.948 seconds

むむ!nodeとbrokerが起動しない!

ログ確認

$ docker logs node

RUNNING server NORMAL node
!!!! Starting server....
Copyright (c) Jaguar0625, gimre, BloodyRookie, Tech Bureau, Corp.
catapult version: 1.0.3.4 1c531307 [dev]
loading resources from "./server-config/resources"
loading configuration from "./server-config/resources/config-inflation.properties"
loading configuration from "./server-config/resources/config-extensions-server.properties"
loading configuration from "./server-config/resources/config-user.properties"
loading configuration from "./server-config/resources/config-logging-server.properties"
loading configuration from "./server-config/resources/config-node.properties"
loading configuration from "./server-config/resources/config-network.properties"
[2022-10-26 03:33:14.796684] [0x00007f310d2471c0] [info]
thread: server catapult
unhandled exception while running local node!
Throw location unknown (consider using BOOST_THROW_EXCEPTION)
Dynamic exception type: boost::wrapexcept<boost::thread_resource_error>
std::exception::what: boost::thread_resource_error: Resource temporarily unavailable [generic:11]
/symbol-commands/start.sh: line 126:    12 Aborted                 (core dumped) $catapultAppFolder/bin/$processName "$config"

なんじゃこりゃ!!!

こんなtweetを見つける。

Dockerを更新してみよう!

Dockerバージョン確認

$ docker version
Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      7d71120/1.13.1
 Built:           Wed Mar  2 15:25:43 2022
 OS/Arch:         linux/amd64

Server:
 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-209.git7d71120.el7.centos.x86_64
 Go version:      go1.10.3
 Git commit:      7d71120/1.13.1
 Built:           Wed Mar  2 15:25:43 2022
 OS/Arch:         linux/amd64
 Experimental:    false

20.10.14以下とかそういうレベルじゃない。
そもそも入れてるdockerが違う?
入れ替えてみる。

$ symbol-bootstrap stop
$ sudo systemctl stop docker
$ sudo systemctl disable docker
$ sudo yum remove docker docker-common docker-selinux docker-engine
$ sudo yum install -y yum-utils device-mapper-persistent-data lvm2
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum makecache fast
$ yum list docker-ce.x86_64 --showduplicates | sort -r
$ sudo yum install docker-ce

Dockerバージョン確認

$ docker version
Client: Docker Engine - Community
 Version:           20.10.21
 API version:       1.41
 Go version:        go1.18.7
 Git commit:        baeda1f
 Built:             Tue Oct 25 18:04:24 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Docker起動とユーザグループ追加

$ sudo systemctl enable docker
$ sudo systemctl start docker
$ sudo usermod -aG docker $USER

sshログインし直す

移動して権限設定

$ cd symbol-bootstrap
$ chgrp docker *

起動リベンジ

$ symbol-bootstrap start --upgrade -c custom-preset.yml -d

起動確認

$ symbol-bootstrap healthCheck
_             _         _                    _         _
___  _   _  _ __ ___  | |__    ___  | |       | |__    ___    ___  | |_  ___ | |_  _ __  __ _  _ __
/ __|| | | || '_ ` _ \ | '_ \  / _ \ | | _____ | '_ \  / _ \  / _ \ | __|/ __|| __|| '__|/ _` || '_ \
\__ \| |_| || | | | | || |_) || (_) || ||_____|| |_) || (_) || (_) || |_ \__ \| |_ | |  | (_| || |_) |
|___/ \__, ||_| |_| |_||_.__/  \___/ |_|       |_.__/  \___/  \___/  \__||___/ \__||_|   \__,_|| .__/
|___/                                                                                    |_|
2022-10-26T05:18:21.490Z info     User for docker resolved: 1000:993
2022-10-26T05:18:21.493Z info     Running image using Exec: symbolplatform/symbol-server:gcc-1.0.3.4 openssl x509 -enddate -noout -in node.crt.pem -checkend 2592000
2022-10-26T05:18:22.058Z info     The node.crt.pem certificate for node node will expire on Nov  5 05:16:56 2023 GMT. No need to renew it yet.
2022-10-26T05:18:22.087Z info     Container db is running
2022-10-26T05:18:22.087Z info     Container node is running
2022-10-26T05:18:22.091Z info     Container broker is running
2022-10-26T05:18:22.091Z info     Container rest-gateway is running
2022-10-26T05:18:22.091Z info     Container https-proxy is running
2022-10-26T05:18:22.094Z info     Container rest-gateway port 3000 -> 3000 is open
2022-10-26T05:18:22.095Z info     Testing http://localhost:3000/node/health
2022-10-26T05:18:22.102Z info     Container https-proxy port 80 -> 80 is open
2022-10-26T05:18:22.102Z info     Container https-proxy port 3001 -> 443 is open
2022-10-26T05:18:22.102Z info     Container node port 7900 -> 7900 is open
2022-10-26T05:18:22.122Z warn     Rest http://localhost:3000/node/health is NOT up and running YET: {"statusCode":503,"statusMessage":"Service Unavailable","body":"{\"status\":{\"apiNode\":\"down\",\"db\":\"up\"}}"}
2022-10-26T05:18:22.122Z info     Retrying in 10 seconds. Polling will stop in 49.939 seconds
2022-10-26T05:18:32.152Z info     Container db is running
2022-10-26T05:18:32.153Z info     Container node is running
2022-10-26T05:18:32.153Z info     Container broker is running
2022-10-26T05:18:32.153Z info     Container rest-gateway is running
2022-10-26T05:18:32.153Z info     Container https-proxy is running
2022-10-26T05:18:32.154Z info     Container node port 7900 -> 7900 is open
2022-10-26T05:18:32.155Z info     Container rest-gateway port 3000 -> 3000 is open
2022-10-26T05:18:32.155Z info     Testing http://localhost:3000/node/health
2022-10-26T05:18:32.157Z info     Container https-proxy port 80 -> 80 is open
2022-10-26T05:18:32.157Z info     Container https-proxy port 3001 -> 443 is open
2022-10-26T05:18:32.213Z info     Rest http://localhost:3000/node/health is up and running...
2022-10-26T05:18:32.213Z info     Network is running!

やった!無事起動した!

だいさんありがとう!

と、思ったら、https-proxyが落ちてる!!

ログ確認

$ docker logs https-proxy
・
・
Response: {u'status': 429, u'type': u'urn:ietf:params:acme:error:rateLimited', u'detail': u'Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: symbol-node-01.kokichi.tokyo, retry after 2022-10-27T11:34:00Z: see https://letsencrypt.org/docs/duplicate-certificate-limit/'}
・
・

let’sencryptを使った証明書発行に失敗してる。
繰り返し発行しすぎたっぽい。

後日、2022-10-27T11:34:00Z以降に、ノード再起動したらhttps-proxyも立ち上がりました。

めでたしめでたし。