Harvest new blocks through a proxy account for added security.
Remote harvesting enables node owners to receive rewards from creating new blocks without exposing their main account’s private key in the node’s configuration files.
Note
Blocks can only be harvested by nodes. If you do not own a node but still want to receive harvesting fees you will have to request a node to harvest for you using Delegated harvesting.
This guide has two sections, depending on how you created your node: Using Symbol Bootstrap or manually.
If you have followed the Running a node guide then you have used Symbol Bootstrap to create your node. The out-of-the-box presets enable remote harvesting by default so there is nothing you need to do if you enabled harvesting when following that guide.
To clarify, Symbol Bootstrap automatically creates a remote account (labelled remote
in the addresses.yml
file) and sets it as the signer of the new blocks (using its private key in the harvesterSigningPrivateKey
property). Then, the symbol-bootstrap link
command announces the VrfKeyLinkTransaction transactions required to finish the activation.
Note
It is worth noting that, although this is NOT recommended, you can omit the remote account and sign the new block directly with your main account by using a custom preset file with this line:
nodeUseRemoteAccount: false
Needless to say your main account’s private key will then be present in the node configuration files and will be accessible if the node is compromised.
If you have deployed a node yourself, for example by following the catapult-client instructions, then you have to enable harvesting manually.
The catapult-client documentation explains how to enable local harvesting, which stores your main account’s private key on the client. This section explains how to enable remote harvesting instead, which uses a proxy account and is therefore much more secure.
This will be done using the symbol-cli tool. The required steps are:
Set the remote account as the harvester in the node configuration.
Announce an AccountKeyLinkTransaction linking your main and your remote accounts.
(Optional) Configure the VRF account if it is not already set.
Create a brand new account to act as the remote account. This account must have never sent nor received any transaction, and it cannot be involved in any transaction while it acts as remote account, so it is safest to create it from scratch.
Run this from a terminal:
catapult.tools.addressgen --network public
# Change the network type to suit your needs
symbol-cli account generate
# Do NOT save the account, and set the import type to PrivateKey
Note the public and private keys for this new account.
Now edit the config-harvesting.properties
file (it should be in a resources
directory if you followed the catapult-client instructions). Look for the harvesterSigningPrivateKey
field and write the remote account’s private key.
Make sure you have configured symbol-cli so that your main account is your default profile (if this is not the case, use the --profile
parameter).
Then run this command from a terminal:
symbol-cli transaction accountkeylink --action Link -u <PUBLIC-REMOTE-KEY> --sync
Use the <PUBLIC-REMOTE-KEY>
obtained in Step 1. The --sync
parameter will wait until the transaction is confirmed. Check out the fees documentation to know how much to pay to announce this transaction.
All eligible accounts must have registered a VRF key. Check out the harvesterVrfPrivateKey
field in the config-harvesting.properties
file. If it’s already filled-in, you can skip this step.
Otherwise, create another account just like you did in Step 1, to act as the VRF account:
catapult.tools.addressgen --network public
# Change the network type to suit your needs
symbol-cli account generate
# Do NOT save the account, and set the import type to PrivateKey
Write the private key in the harvesterVrfPrivateKey
field of the configuration file, and announce a VrfKeyLinkTransaction to link the VRF and main accounts:
symbol-cli transaction vrfkeylink --action Link -u <PUBLIC-VRF-KEY> --sync
The node should now be configured with remote harvesting. Keep these important points in mind, though:
Accounts with higher importance are selected more often to perform harvesting. Even if you successfully enable remote harvesting, you will not harvest any block (nor receive any fees) unless your main account’s importance score is high enough.
Importance score calculation does not happen continuously. By default, account importance scores are recalculated every 1440 blocks (about every 12 hours). See the importanceGrouping
property in the Configuring network properties guide.