Validator Node Compliance Requirements
The following document outlines compliance requirements for SKALE Network nodes. Failure to follow these requirements will result in a node forfeiting bounty for each month that it’s not in compliance. Please be sure to follow the entire proper setup and backup procedures described in Validator Denali Upgrade documentation to ensure your node is operating as intended.
Compliance Requirements
The following compliance requirements are required to ensure all nodes meet a standard of performance.
Failure to meet ANY ONE of the following Denali compliance requirements will result in a node being marked “Out of Compliance” by the NODE Foundation and the node may be forced to forfeit monthly bounties if it is unable to return to "In Compliance" by the time the monthly getBounty is called.
|
Compliance requirements may be reviewed and modified at any given time. |
General Check
Node operators can use this general PASS/FAIL check to confirm whether a node meets the compliance requirements.
Wallet Balances
-
>= 0.5 ETH in self-recharging validator wallet (should be >= NODES_NUMBER * 0.5)
-
>= 1 ETH in each node wallet
Hardware
-
A Linux x86_64 machine
-
>= 8 physical cores physical cores (benchmark AWS t2.2xlarge)
-
>= 32GB RAM GB RAM
-
>= 100 GB root storage (not tested at the moment, recommended)
-
>= 2TB attached storage TB (1.9 TB actual measure) attached and unformatted non-boot storage (Note that 2TB attached storage TB storage results in < 2TB attached storage TB actual physical storage)
-
>= 16GB Swap GB swap
Example response:
{"data": {"cpu_total_cores": 8, "cpu_physical_cores": 8, "memory": 33675792384, "swap": 67350032384, "system_release": "Linux-5.4.0-1045-aws", "uname_version": "#47~18.04.1-Ubuntu SMP Tue Apr 13 15:58:14 UTC 2021", "attached_storage_size": 214748364800}, "error": null}
Networking
-
SSL certificates for each node. The certificate file should be issued in PEM format, issued by a trusted authority, and contain a full certificate chain.
-
Don’t touch machine firewall (iptables installed by skale node software automatically sets machine firewall rules), external VPC or networking firewall ensure Ports 80, 443, 3009, and 10000–18192, and ICMP IPv4 should not be closed by external firewall.
Servers
SGXWallet
-
1 SGX server for up to 5 SKALE nodes (not tested, but required)
-
>= 6 cores (not tested, but required)
-
>= 8GB RAM (not tested, but required)
Example response: {"data": {"status": 0, "status_name": "CONNECTED", "sgx_wallet_version": "1.75.0"}, "error": null}%
Geth Endpoint
-
Must be actual Geth node, not Infura or other service providers
-
1 Geth server for every ⇐ 5 SKALE Nodes (not tested, but required)
-
Geth vlatest (Berlin hard-fork support not tested, but required)
Example Response: {"data": {"block_number": 8728517, "syncing": false, "trusted": true, "client": "Geth/v1.10.2-stable-c2d2f4ed/linux-amd64/go1.16"}, "error": null}%
Software
Latest Mainnet software versions are defined here: * Mainnet Versions * https://github.com/skalenetwork/skale-network/tree/master/releases
-
Node software versions must be updated to the latest Denali requirements
-
SGXWallet software versions must be updated to the latest Denali requirements
-
SGX container should be up and running and should be responding to health check request
-
FILEBEAT_HOST should be defined in .env and the filebeat container should be up and running. The node must be sending logs to elastic server
-
All skale-containers are always running on the node
-
filebeat
-
skale-admin
-
bounty
-
transaction-manager
-
nginx
-
skale-api
-
celery
-
schain (if selected for SKALE Chain)
-
Example response: {"data": {"version": "1.1.0", "config_stream": "1.2.1", "docker_lvmpy_stream": "1.0.1-stable.1"}, "error": null}%
Example response: {"data": {"skaled_version": "3.5.12-stable.1", "ima_version": "1.0.0-develop.148"}, "error": null}%
Example response: {"data": [{"image": "skalenetwork/schain:3.5.12-stable.1", "name": "skale_schain_beautiful-al-anz", "state": {"Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 21709, "ExitCode": 0, "Error": "", "StartedAt": "2021-04-26T14:49:51.705052477Z", "FinishedAt": "0001-01-01T00:00:00Z"}}, …}
Upcoming Denali Update
Networking
-
Check key-cert pair validity using
http://YOUR_SKALE_NODE_IP:3009/status/ssl
-
Test ssl certificates using
skale ssl check
-
Don’t touch machine firewall (iptables installed by skale node software automatically sets machine firewall rules), external VPC or networking firewall ensure Ports open on 80, 311, 443, 3009, 8080, 9100, 10000–18192, and ICMP IPv4 (in other words, not closed by an external firewall).
Software
-
BTRFS kernel module must be enabled.
http://YOUR_SKALE_NODE_IP:3009/status/btrfs
returns information about btrfs kernel module (enabled/disabled). -
Public IP must be the same as the registered node IP.
http://YOUR_SKALE_NODE_IP:3009/status/public-ip
returns public ip address (source of the packets that your node is sending to other nodes) -
IMA Container must pass healthcheck.
http://YOUR_SKALE_NODE_IP:3009/status/ima
returns information about basic ima healthcheck