The firewall mechanism was updated in version 3.1.1. As a result, please proceed with the following steps with extra caution. Ensure that you perform these actions on each node individually.
Upgrade steps for the node server
-
Turn off sgxwallet
cd sgxwallet/run_sgx/ && docker-compose down && cd ../../
-
Turn off the node
skale node turn-off --unsafe --yes
-
Backup the node
Save the data on another machine
-
Backup
sgx_data folder and SGX backup key. Save the data on another machine
-
Upgrade packages
sudo apt update && sudo apt upgrade
sudo reboot
-
Upgrade to Ubuntu 22.04
do-release-upgrade
reboot
-
Turn off docker-lvmpy
systemctl stop docker-lvmpy && systemctl disable docker-lvmpy
-
Make sure nftables is installed
sudo apt update && sudo apt install nftables docker-compose-plugin
-
Disable ufw ipv6 configuration
sed -i 's/IPV6=yes/IPV6=no/' /etc/default/ufw.
-
Reload ufw
-
Pull latest changes from sgxwallet
cd sgxwallet/run_sgx && git checkout stable && git pull
-
Add
-b option in the command section of run_sgx/docker-compose.yml
-
Run sgxwallet
cd run_sgx && docker-compose up -d
-
Download new node-cli binary
curl -L https://github.com/skalenetwork/node-cli/releases/download/2.6.0/skale-2.6.0-Linux-x86_64 > /usr/local/bin/skale
-
Verify node-cli binary hash sum
sha512sum /usr/local/bin/skale
15b2aade24223da4f84ec79bd820d57f852fd7a5d78f10652823629da28aab5db49a5815a2be0c894bb00b99324b00b7d9da2ab1518ddc11f304378af54b427c
-
Make node-cli executable
chmod +x /usr/local/bin/skale
-
Update the following parameters to the new values
CONTAINER_CONFIGS_STREAM=3.1.1
-
Execute update
skale node update .env --yes
-
Restart nftables and docker services
Proceed with the execution in close collaboration with the core team, ensuring that the chains are fully stable beforehand.
systemctl restart nftables && systemctl restart docker
nft add rule inet firewall skale tcp dport 1026-1031 drop
