Provisioning mina block producer nodes on mainnet/devnet
on Digital Ocean using terraform and ansible.
To be able to provision nodes, you will need the following:
- Digital Ocean account with billing enabled.
- (Optional) just simplify repeatedly running project-specific commands. See Justfile
Assumption is the mother of all... But mentioning them in the README makes them design choices.
The following were assumed:
- Users will create/copy their ssh key pair to ./secrets folder and set the key's name (not path) as
value in terraform.tfvars. Default isid_rsa_DO_mina_node
. - Users will name their public ssh key on Digital Ocean as
git clone this repository and cd
to the root folder of it.
git clone minanode
cd minanode
The following secrets are required:
- DO token
- SSH keys used to ssh/provision droplets
- generate before provisioning
- store SSH keys in
folder - add generated public key to DO and name it
- Mina wallet private key passcode
- typed in prompt during provisioning
In your DO web panel, go to API
> Generate New Token
. Store it for later use.
Generate the ssh key pair and place it in the secrets
ssh-keygen -t rsa -b 2048 -f ./secrets/id_rsa_DO_mina_node
Once the keys are in the secrets
folder, add the generated public key to DO. You can either add it through web, or use curl
NOTE: During terraform run it is expected that public ssh key on DO will be named mina-do-ssh
curl -X POST "" -H "Authorization: Bearer <your DO token>" -d '{"name":"mina-do-ssh", "public_key":"<contents of ./secrets/>"}'
By default, mina wallet key pair is created during ansible run. If you want to use existing wallet, set a full path in terraform.tfvars assigned to mina_wallet
Whether you chose to use your own wallet key pair, or create it during provisioning, you will be prompted to type your wallet passphrase during ansible run.
- Set needed variables in terraform.tfvars that are defined in
- Create the Digital Ocean resources
# When running for the first time, run terraform init
terraform -chdir=terraform init
terraform -chdir=terraform apply -auto-approve
- Provision mina node on created resources
ansible-playbook -i ./ansible/hosts --private-key=./secrets/id_rsa_DO_mina_node ./ansible/provision_nodes.yaml
After giving 5 minutes or so for the mina service to start, as a result you should have droplet(s) with mina block producer(s) running and listening on port 8302. You can ssh to the droplet(s) and inspect this with ss -ntlp
application will most likely crash when starting on a host that has less than 16GB of RAM. Make sure you use the right plan for this.- Digital Ocean droplet sizes can be retrieved with the following curl
# use `jq` to parse the json response
curl -X GET "" -H Authorization:\ Bearer\ <your DO token> |jq