Skip to content

Compliance Requirements

The following document outlines compliance requirements for SKALE Network nodes. Failure to follow these requirements will result in a node forfeiting bounty for each month that it’s not in compliance as well as SKALE Chain payment claims. Please be sure to follow the entire proper setup and backup procedures described in Validator Denali Upgrade documentation to ensure your node is operating as intended.

Compliance Requirements

The following compliance requirements are required to ensure all nodes meet a standard of performance.

General Check

Node operators can use this general PASS/FAIL check to confirm whether a node meets the compliance requirements.

https://dune.com/skale/metrics

Wallet Balances

  • At least 0.5 ETH in self-recharging validator wallet (should be >= NODES_NUMBER * 0.5)
  • At least 1 ETH in each node wallet

Hardware

  • A Linux x86_84 machine
  • At least 8 physical cores (benchmark AWS t2.2xlarge)
  • At least 32 GB RAM
  • At least 100 GB root storage (not tested at the moment, recommended)
  • At minimum, separate not mounted block device - 2 Tb TB (1.9 TB actual measure) attached and unformatted non-boot storage (Note that separate not mounted block device - 2Tb TB storage results in < separate not mounted block device - 2Tb TB actual physical storage)
  • At least 16 GB swap

Test: http://YOUR_SKALE_NODE_IP:3009/status/hardware

Example response:

Terminal window
{"data": {"cpu_total_cores": 8, "cpu_physical_cores": 8, "memory": 33675792384, "swap": 67350032384, "system_release": "Linux-5.4.0-1045-aws", "uname_version": "#47~18.04.1-Ubuntu SMP Tue Apr 13 15:58:14 UTC 2021", "attached_storage_size": 214748364800}, "error": null}

Networking

  • Non-expired SSL certificates for each node.

    • The certificate file should be issued in PEM format, issued by a trusted authority, and contain a full certificate chain.
    • Certificate should always be renewed to avoid expiry
  • Don’t touch machine firewall (iptables installed by skale node software automatically sets machine firewall rules), external VPC or networking firewall ensure some_port_range.

Servers

SGXWallet

  • 1 SGX server for up to 5 SKALE nodes (not tested, but required)
  • 6 cores (not tested, but required)
  • 8GB RAM (not tested, but required)

Test: http://YOUR_SKALE_NODE_IP:3009/status/sgx

Example response:

Terminal window
{"data": {"status": 0, "status_name": "CONNECTED", "sgx_wallet_version": "1.75.0"}, "error": null}

ETH Mainnet Endpoint

After The Merge a Mainnet node operator must run both an execution client and a consensus client at the same time.

We highly recommend using Prysm as a consensus client because it’s the one which SKALE software is being tested on. You can find complete installation instructions here.

Test: http://YOUR_SKALE_NODE_IP:3009/status/endpoint

Example Response:

Terminal window
{"data": {"block_number": 8728517, "syncing": false, "trusted": true, "client": "Geth/v1.10.2-stable-c2d2f4ed/linux-amd64/go1.16"}, "error": null}

Software

Latest Mainnet software versions are defined here:

  • Mainnet Versions

  • https://github.com/skalenetwork/skale-network/tree/master/releases

  • Node software versions must be updated to the latest Denali requirements

  • SGXWallet software versions must be updated to the latest Denali requirements

  • SGX container should be up and running and should be responding to health check request

  • FILEBEAT_HOST should be defined in .env and the filebeat container should be up and running. The node must be sending logs to elastic server

  • All skale-containers are always running on the node

    • filebeat
    • skale-admin
    • bounty
    • transaction-manager
    • nginx
    • skale-api
    • celery
    • schain (if selected for SKALE Chain)

Test: http://YOUR_SKALE_NODE_IP:3009/status/meta-info

Example response:

Terminal window
{"data": {"version": "1.1.0", "config_stream": "1.2.1", "docker_lvmpy_stream": "1.0.1-stable.1"}, "error": null}

Test: http://YOUR_SKALE_NODE_IP:3009/status/schain-containers-versions

Example response:

Terminal window
{"data": {"skaled_version": "3.5.12-stable.1", "ima_version": "1.0.0-develop.148"}, "error": null}

Test: http://YOUR_SKALE_NODE_IP:3009/status/core

Example response:

Terminal window
{"data": [{"image": "skalenetwork/schain:3.5.12-stable.1", "name": "skale_schain_beautiful-al-anz", "state": {"Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 21709, "ExitCode": 0, "Error": "", "StartedAt": "2021-04-26T14:49:51.705052477Z", "FinishedAt": "0001-01-01T00:00:00Z"}}, ...

BTRFS kernel module must be enabled. http://YOUR_SKALE_NODE_IP:3009/status/btrfs returns information about btrfs kernel module (enabled/disabled).

Public IP must be the same as the registered node IP. http://YOUR_SKALE_NODE_IP:3009/status/public-ip returns public ip address (source of the packets that your node is sending to other nodes)

IMA Container must pass healthcheck. http://YOUR_SKALE_NODE_IP:3009/status/ima returns information about basic ima healthcheck

Networking

  • Check key-cert pair validity using http://YOUR_SKALE_NODE_IP:3009/status/ssl
  • Test ssl certificates using skale ssl check
  • Don’t touch machine firewall (iptables installed by skale node software automatically sets machine firewall rules), external VPC or networking firewall ensure Ports open on 80, 311, 443, 3009, 8080, 9100, 10000–18192, and ICMP IPv4 (in other words, not closed by an external firewall).