uTalk

Official forum for Utopia Community

You are not logged in.

#1 Re: Utopia Guides » Docker-mining on dedicated servers. » 2022-11-20 23:00:26

bicpter;1912 wrote:

hi how can i allocate resources for CONTAINER ID? Thanks

I rarely come here, if you need help, find me on the channel "Utopia RUS | Mining support" (channel ID: 9481B440B6182EC69CE9371FE90B1491 ), so you will get help much faster.

#2 Re: Utopia Guides » Docker-mining on dedicated servers. » 2022-05-08 21:09:01

Don't be greedy wink
However, if you look at the ratio of the number of views to donations, hardly anyone will hear my words wink
For my guide, I received 4 donations, and a total of 16 CRP  lol

#3 Re: Utopia Guides » Docker-mining on dedicated servers. » 2022-03-16 16:26:07

Cromanes;1755 wrote:

Можно перевод инструкций на русский язык?

Can the instructions be translated into Russian?

А, собственно, зачем? Там очень простой гайд, по большому счету все можно сделать копипастой команд, что большинство и делает.

#4 Re: Utopia Guides » Docker-mining on dedicated servers. » 2022-01-09 23:31:01

money_ranger;1388 wrote:

<p>i don&#039;t understand: if 1 VM with 1 UAM works with a bridged connection through the VM why wouldnt the dockers works through the same setup? If your guide &#039;&#039;solves&#039;&#039; the NAT problem for the dockers?</p><p>You say the second network has a NAT too, but why isn&#039;t that an issue if i use just 1 Instance of the miner without the dockers?</p><p>Is it because the UAM resolves the NAT mapping ports through the Upnp only once? So basically your guide adds a virtual Upnp in the linux enviroment and the UAM maps through it natively just as it maps through my router NAT with his Upnp? </p><p>So basically if the UAM goes thorugh the Linux NAT enviroment it can&#039;t get through my Router NAT enviroment again?</p>

This question is already beyond the scope of this topic.
It describes how to mine on dedicated servers, and I will not analyze your particular case.
I already wrote above that you will have to solve the problem with double nat yourself.

#5 Re: Utopia Guides » Docker-mining on dedicated servers. » 2022-01-08 14:46:53

money_ranger;1297 wrote:

<p>I&#039;m sorry to bother you, but i tried following your guide and i can&#039;t get incoming connections to the docker. </p><p>I&#039; am through a VM in Virtual Box (where a single instance of Ubuntu is able to mine correctly) and i tried your distro and a ubuntu one, and both don&#039;t work. If i start a docker with the --network=host the miner start receiving incoming connections so i guess the problem is with the miniupnpd. </p><p>The UAM says it detected Upnp and the node is switched on, but even after 1 hr i have no incoming connections.</p><p>EDIT: i was trying to see if i could make it work on the VM as a test. Eventually im in the middle of buying some hardware and make some dedicated servers for utopia. So this may be a non issue. But i would still gladly appreciate some feedback on the situation.</p>

This guide is written for dedicated or bare metal servers.
You are using a virtual machine
, read what a double nat is, and the general theory of network administration in linux

I can briefly explain, in your case you have two layers of networks through which you need to send network packets:
The first is the docker network, and it is written about this in the manual, i.e. you have overcome one nat.
The second is the network in which your computer is located, if it does not have a white IP and is located behind the router, that you need to solve this problem yourself

#6 Re: Utopia Guides » Docker-mining on dedicated servers. » 2021-12-23 12:25:17

iTruji;1003 wrote:

Does this guide works after the new requeriments of RAM?
I'm noob at the linux os.

I proceed from the standard system requirements for 1 bot: 4 cores, 4 gigabytes of RAM. In order for the OS to work and the bot to work stably, I recommend increasing the amount of RAM to 6 gigabytes.

#7 Re: Crypton Purchase, Sale and Exchange » Crypton Exchange - vote for new coin » 2021-11-25 21:15:44

I am against the introduction of any pairs for Crypton, except for stablecoins, because this will turn Crypton into a speculative or transit coin such as Dogecoin.
Crypton should be a value in itself, not a way to accumulate capital in Bitcoins.
If Crypton becomes a tool in speculative schemes, it will automatically destabilize the network of utopia, because It will be easier to buy Crypton on the market than to launch bots, which does not contribute to the growth and stable operation of the network.
This offer should be interesting only for the hucksters on the stock exchanges, but not in any way for people who are interested in the stable development of the project and long-term investments.
IMHO.

#8 Re: Borderless Society » Команда единомышленников для развития экосистемы Utopia » 2021-10-17 05:56:00

Linux-админ и фанат оного с 20-летним стажем.

Web-специализация.
Виртуализация.
Кластеризация bare-metal серверов.

В майнинге 5 лет(с большим перерывом), до криптона копал монеро на бульдозерах, принимал активное участие в тестировании и сборке под Linux новых релизов xmrig-miner вместе с его создателем.

send money to: 74982EEED68434832FB9F0642594375D315C137172C9616D32335552C906425E

#9 Utopia Guides » Docker-mining on dedicated servers. » 2021-09-10 15:38:51

Face/Off
Replies: 40

Hi all, I’m Face/Off, in this tutorial I will show you step by step how to run UAM in a docker-container on linux.
A small remark: I'm not very handy with creating documents and I've never been able to insert pictures properly, so only text so far.

First we have to decide on a Linux distribution. There are many of them, but if you use your computer solely as a node for the Utopia network, I recommend installing firmware-debian-10.11-amd64-netinst (this version contains additional proprietary drivers for your hardware), a distribution featuring minimal installation of additional software, which means we will give maximum computer resources to uam-bots.

Installing and configuring a Linux system for the Utopia network node (Part 1)

So, here we go:

Download the distribution package: https://cdimage.debian.org/cdimage/arch … etinst.iso

Save it to a convenient medium (usb stick, cd-disk). You can google how to do this.

Set it up. Out of old habit, I choose the usual NOT graphical installer. Select the Install option and let's go:

● Choose your language and keyboard layout (I am more used to English and US layout).
● Next, DHCP will automatically configure your IP address and subnet mask, but if you want to avoid it, click <Cancel> and configure manually.
● Enter a host name (whatever you like) and press <Continue>.
● Domain name can be skipped, since we are not going to deploy a web site or mail server on this computer - leave the output field blank. Click <Continue>.
● Root password, this is an important thing, come up with a complex but memorable password. I highly recommend NOT writing it down on a piece of paper though...
● Next is your username, but we are on an anonymous network, so use your usual nickname and click <Continue>.
● Repeat to create a new user (just press Enter).
● Enter the password for the new user.
● In the next dialog box, repeat the password entry, passwords must of course be the same.
● Next, choose a time zone, in principle any time zone will do for our purposes, so you can simply press Enter.
● In the next window, you need to partition your hard drive (IMPORTANT: it should be empty, preferably new and at least SSD or SSD NVME) into partitions, to avoid confusion just select Guided - use entire disk and press Enter four times.
● When the installer asks you: Write the changes to disk? - Select Yes and press Enter. This completes the disk installation process and the installer will install the base system.
● Later on the installer will ask you: Scan another CD or DVD? But since we have only one CD and it's a minimal one, just click No.
● Next, the installer will ask you to select a mirror from which it will later install all the necessary programs, as well as proxy settings (if you have one on your network, you'd better not wink), just hit Enter three times.
● After selecting a mirror and proxy settings, the installer will ask you if you want to participate in the system improvement program (do we need it?), hit No.

And finally we finally got to the end:
● Select the required software suites for further installation, removing all asterisks except SSH server and standard system utilities. Click <Continue>
The installer will download a bunch of required software from the Internet (we have a NetInst-distribution)
and ask Install the GRUB boot loader to the master boot record? Click Yes and then select the disk you just installed Debian Linux on from the list. For example, for me it's "/dev/sda" and hit Enter again.
● We wait for the system to install the bootloader and offer to restart the system, click <Continue> and reboot.

This completes the basic installation of Linux on your bot farm. It gets much more interesting from here... and more confusing, but we'll try to wade through the thorns to the stars.

Installing and configuring a Linux system for the Utopia network node (Part 2)

● login root / your root password (hope you haven't forgotten it?).

Next you need to update the system to the latest versions and install the required software, this is done with a single command:

apt update && apt full-upgrade -y && apt install ethtool miniupnpd nload mc screen htop docker.io -y

The miniupnpd package will ask if it is started automatically at boot. Choose Yes, it will also ask for the name of your external and internal network, the former will be typed in immediately, the latter will be docker0 and hit Enter. All other packages will be installed silently and without any questions.

That's it, your system is fully up to date and all the necessary software is installed. Yes, that's the magic of Linux.
Now we need to configure our software and start "doing things".

Run Midnight Commander, it is a console file manager, it helps to see more clearly where you are, a lot like Far Manager or Norton Commander (for oldtimers).
Command: mc
To start, we configure the miniupnpd and docker packages.

●  Go to /etc/systemd/system/multi-user.target.wants/
There we are interested in the @miniupnpd.service file, open it with the F4 button and correct one line:
Was: After=network-online.target
Became: After=network-online.target docker.service
Save (F2, same as in Far manager), exit.

● Reread service file:

systemctl daemon-reload

This will not only have miniupnpd loaded after all network drivers are loaded and the network
drivers themselves activated, it also adds the criterion of loading after docker is loaded, which
initializes docker0 virtual network driver. And after this miniupnpd is loaded and although it is
loaded, but not finding the network interface it immediately crashed with an error.

● Go to /etc/miniupnpd
See miniupnpd.conf file
Find string: #secure_mode=yes
Uncoment this line by removing the # sign in front of secure_mode=yes
Save (F2), exit.

This setting will force miniupnpd to only receive requests from the internal docker container network and prevent it from being used as a DDoS booster.

● Next we go to /etc/miniupnpd/
This is where miniupnpd_functions.sh
Fix firewall binary naming bug (yes, F4):
Was: IPTABLES=$(which iptables)
Became: IPTABLES=$(which iptables-legacy)
Just in case, let's also fix this:
Was: IPTABLES=$(which ip6tables)
Became: IPTABLES=$(which ip6tables-legacy)
Save (F2), exit.

● Another little detail I almost forgot about:
In /etc/sysctl.conf you need to uncomment the line #net.ipv4.ip_forward=1
Open sysctl.conf in file manager (F4) and remove # at the beginning of the line, save the file (F2).

This manipulation will enable gateway mode for our future docker containers.
We have now fixed the miniupnpd package a bit and it should now run and work properly with the docker.
And I'm too lazy to explain how to restart the services there, you can just reboot, type in the console: reboot and hit Enter. And then reboot, actually.

Loading...|

● Login as root and go ahead.
● Now we need to build an image for the docker containers.
Create an empty file:

touch Dockerfile

Type in this:

FROM debian:buster-slim
RUN cd /tmp && \
apt update && \
apt full-upgrade -y && \
apt install wget libglib2.0-0 netbase -y && \
wget https://update.u.is/downloads/uam/linux/uam-latest_amd64.deb && \
dpkg -i /tmp/uam-latest_amd64.deb
CMD /opt/uam/uam --pk %YOU_UTOPIA_KEY% --no-ui

where %YOU_UTOPIA_KEY% is your utopia public key.
and create an image:

docker build -t uam:latest .

(DOT AT THE END AND A SPACE BETWEEN "t" AND THE DOT IS REQUIRED)

● That's it, the image is created, it will weigh about 200 megabytes, which isn't much, now we need to make a couple of containers with manners:

docker run -d --restart always --cap-add=IPC_LOCK uam:latest

That's your first docker container is running, you can see the result in 15-30 minutes in utopia client on the Mining tab.
This last command can be repeated as many times as you need, the main thing to keep in mind is that your computer is not rubbery, and bots eat up resources quite decently.

Hints:

The number of containers can be seen with the command: docker ps
You can also check the load with the utilities: htop and load -m
Make sure that the Load Average in htop does not exceed 10-20, otherwise bots will drop
out, which is bad for the network. Ideally it should be less than a hundred at all, so don't be greedy.

Shaping

If you were still greedy and you had a high load average (you ran too many containers with a mining bot), then it makes sense to limit the network bandwidth of each bot, for this you need to take the following steps:
● Install wondershaper:

apt install wondershaper -y

● Create a script file:

touch shaper.sh

● We add these lines to it:

#!/bin/bash

for i in `ip a | grep veth | awk '{print $2}' | tr ':' ' ' | tr '@' ' ' | awk '{print $1}'`
do
echo "wondershaper $i 2048 2048".
wondershaper $i 2048 2048
done

● Change rights and run:

chmod 700 ./shaper.sh && /bin/bash ./shaper.sh

Do not forget that all manipulations must be done with root superuser rights.
Thus, each virtual network interface of the docker container will be limited to 2 Mbps for input and output.

Thanks for this simple and elegant solution:
sfdpmf: D9D2FFD70D50519707C3C7DCBE7D6F52DCFB3746432B7E78E7BE0D972B139E6B

Hetzner abuse reports

If you rent servers from Hetzner, then one day you will receive an abuse report.
If you want to fix this problem, you should do this:

● Install the iptables-persistent package: apt install iptables-persistent -y and answer <Yes> when the installer asks you to keep the existing rules.
● Go to /etc/iptables/ and find a file named rules.v4 and edit it.

Find string:

-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2

and insert BEFORE the line this commands:

-A DOCKER-ISOLATION-STAGE-1 -d 10.0.0.0/8 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-ISOLATION-STAGE-1 -d 100.64.0.0/10 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-ISOLATION-STAGE-1 -d 172.16.0.0/16 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-ISOLATION-STAGE-1 -d 192.168.0.0/16 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable

you should see this:

-A DOCKER-ISOLATION-STAGE-1 -d 10.0.0.0/8 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-ISOLATION-STAGE-1 -d 100.64.0.0/10 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-ISOLATION-STAGE-1 -d 172.16.0.0/16 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-ISOLATION-STAGE-1 -d 192.168.0.0/16 -i docker0 ! -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2

Also notice the line:

:FORWARD DROP [0:0]

If it says DROP, then replace it with ACCEPT in order to allow packet forwarding.

● Then you must upload this to iptables:

service netfilter-persistent reload

So now packets coming from docker containers to private addresses described in RFC 1918 should be blocked.

You can check this:

iptables -vnL

If you see this, then you have achieved success:

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- docker0 !docker0 0.0.0.0/0 10.0.0.0/8 reject-with icmp-port-unreachable
0 0 REJECT all -- docker0 !docker0 0.0.0.0/0 100.64.0.0/10 reject-with icmp-port-unreachable
0 0 REJECT all -- docker0 !docker0 0.0.0.0/0 172.16.0.0/16 reject-with icmp-port-unreachable
0 0 REJECT all -- docker0 !docker0 0.0.0.0/0 192.168.0.0/16 reject-with icmp-port-unreachable

To automatically load these rules on server reboot, you need to fix one line in /etc/systemd/system/multi-user.target.wants:
We need the @netfilter-persistent.service file and change there:
Was: After = systemd-modules-load.service local-fs.target
Became: After = systemd-modules-load.service local-fs.target docker.service

Reread this file:

systemctl daemon-reload

Remark: iptables-persistent package allows you not to think about how to save the rules when you restart the server.
After loading the rules, the server does not need to be rebooted, the rules are added immediately.

Send donations and thanks to:
Cryptocard: FACE0002FC5FE972

Yes, I remember this, but there is no time yet and there are more urgent things:
"Later in the tutorial I'll add a script to automatically deploy bots, and also tell you how to attach
the docker container management webmode - portainer.io"

Thanks for help in translating this guide into English:
Makedonskiy - 4FB62131A403EE7D00C0ECAA85D68A6F8C21B717023B45EF8B26F81C03DF1A18
MasterOfCat - A5169F827554A47437E6E131E5FCA2EB9FA89127AC44E68FA21B51CC1FDF0626

UPD: updated docker run command, rewrote private address filter

Board footer

Powered by FluxBB