# Lotus Seal Worker The `lotus-seal-worker` is an extra process that can offload heavy processing tasks from your `lotus-storage-miner`. It can be run on the same machine as your `lotus-storage-miner`, or on a different machine communicating over a fast network. ## Get Started Make sure that the `lotus-seal-worker` is installed by running: ```sh make lotus-seal-worker ``` ## Running Alongside Storage Miner You may wish to run the lotus seal worker on the same computer as the storage miner. This allows you to easily set the process priority of the sealing tasks to be lower than the priority of your more important storage miner process. To do this, simply run `lotus-seal-worker run`, and the seal worker will automatically pick up the correct authentication tokens from the `LOTUS_STORAGE_PATH` miner repository. To check that the seal worker is properly connected to your storage miner, run `lotus-storage-miner info` and check that the remote worker count has increased. ```sh why@computer ~/lotus> lotus-storage-miner info Miner: t0103 Sector Size: 16.0 MiB Power: 0 B / 16.0 MiB (0%) Worker use: Local: 0 / 2 (+1 reserved) **Remote: 0 / 1** PoSt Submissions: Not Proving Sectors: map[Committing:0 Proving:0 Total:0] ``` ## Running Over the Network To use an entirely separate computer for sealing tasks, you will want to run the `lotus-seal-worker` on a separate machine, connected to your storage miner via the local area network. This setup is a little more complex than running it locally. First, you will need to ensure your `lotus-storage-miner`'s API is accessible over the network. To do this, open up `~/.lotusstorage/config.toml` (Or if you manually set `LOTUS_STORAGE_PATH`, look under that directory) and look for the API field. By default it should look something like: ```toml [API] ListenAddress = "/ip4/127.0.0.1/tcp/2345/http" ``` To make your node accessible over the local area network, you will need to determine your machines IP on the LAN, and change the `127.0.0.1` in the file to that address. A less secure, but more permissive option is to change it to `0.0.0.0`. This will allow anyone who can connect to your computer on that port to access the API (though they will still need an auth token, as we will discuss next). Next, you will need to get an authentication token for the seal worker. All lotus APIs require authentication tokens to ensure your processes are as secure against attackers attempting to make unauthenticated requests to them. To create a token, run `lotus-storage-miner auth create-token --perm admin`. This will create a token with `admin` permissions. Note: This is an admin token, it can access any of the api endpoints of your node, take care not to leak it. See the [scripting support doc](api-scripting-support.md) for more details. This token will look something like this: ```sh why@computer ~> lotus-storage-miner auth create-token --perm admin eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJBbGxvdyI6WyJyZWFkIiwid3JpdGUiLCJzaWduIiwiYWRtaW4iXX0.KWWdh1jOVP_5YMAp8x5wNomFGgKS75ucOtj1ah5iP7k ``` Now that you have allowed the storage miner to be connected to, and have created an auth token, its time to connect up the seal worker. On the machine that you will be running the `lotus-seal-worker` on, you will need to set the `STORAGE_API_INFO` environment variable to `TOKEN:STORAGE_NODE_MULTIADDR`. Where `TOKEN` is the token we created above, and `STORAGE_NODE_MULTIADDR` is the multiaddr of the storage miners api that we set in the config file. Once this is set, you should be able to just run `lotus-seal-worker run`. To check that the seal worker is properly connected to your storage miner, run `lotus-storage-miner info` and check that the remote worker count has increased. ```sh why@computer ~/lotus> lotus-storage-miner info Miner: t05749 Sector Size: 1 GiB Power: 0 B / 136 TiB (0.0000%) Committed: 1 GiB Proving: 1 GiB Worker use: Local: 0 / 1 (+1 reserved) **Remote: 0 / 1** Sectors: map[Proving:1 Total:1] ```