Full Node Build
Install pre-requisites
# update the local package list and install any available upgrades
sudo apt-get update && sudo apt upgrade -y
# install toolchain and ensure accurate time synchronization
sudo apt-get install make build-essential gcc git jq chrony -y
Install Go
Follow the instructions here to install Go.
For an Ubuntu LTS, we can use:
# find location of existing GO (if any)
which go
go version
# remove old GO if existing
sudo rm -rf /usr/local/go
# install updated GO
wget https://golang.org/dl/go1.20.3.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.20.3.linux-amd64.tar.gz
rm -rf go1.20.3.linux-amd64.tar.gz
Unless you want to configure in a non standard way, then set these in the .zshrc
in the user's home (i.e. ~/
) folder.
nano ~/.zshrc
Add the "export Pathing" rules at the bottom, and then save the file:
# add export PATHS below
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOROOT/bin:$GOBIN
After updating your ~/.zshrc
you will need to source it:
source ~/.zshrc
Install SGX
If you're running a local machine and not a cloud-based VM -
Go to your BIOS menu
Enable SGX (Software controlled is not enough)
Disable Secure Boot
Disable Hyperthreading (recommended)
Download the SGX install script.
wget https://raw.githubusercontent.com/SecretFoundation/docs/main/docs/node-guides/sgxh
Execute the script.
sudo bash sgx
Build Daemon from source
# download secretd v1.8.0
wget "https://github.com/scrtlabs/SecretNetwork/releases/download/v1.9.3/secretnetwork_1.9.3_mainnet_goleveldb_amd64.deb"
# verify download
echo "d1bb747afd5cdbbd5330f37a8c1eeba1312cc891af19a1f589eb3e3f44630e23 secretnetwork_1.9.3_mainnet_goleveldb_amd64.deb" | sha256sum --check
#install secretd
sudo apt install -y ./secretnetwork_1.9.3_mainnet_*_amd64.deb
# verify installation
secretd version
# 1.9.3
To confirm that the installation has succeeded, you can run:
secretd version --long
Configuration of Shell Variables
For this guide, we will be using shell variables. This will enable the use of the client commands verbatim. It is important to remember that shell commands are only valid for the current shell session, and if the shell session is closed, the shell variables will need to be re-defined.
If you want variables to persist for multiple sessions, then set them explicitly in your shell .profile, as you did for the Go environment variables.
To clear a variable binding, use unset $VARIABLE_NAME
. Shell variables should be named with ALL CAPS.
CHAIN_ID="secret-4"
MONIKER_NAME=<moniker-name>
Setting Up the Node
These instructions will direct you on how to initialize your node, synchronize to the network and upgrade your node to a validator.
Initialize the chain
Please replace YOUR_MONIKER
with your own moniker.
secretd init YOUR_MONIKER --chain-id CHAIN_ID
This will generate the following files in ~/.osmosis/config/
genesis.json
node_key.json
priv_validator_key.json
Download the genesis file
wget -O ~/.secretd/config/genesis.json "https://github.com/scrtlabs/SecretNetwork/releases/download/v1.2.0/genesis.json"
# verify genesis.json checksum
echo "759e1b6761c14fb448bf4b515ca297ab382855b20bae2af88a7bdd82eb1f44b9 $HOME/.secretd/config/genesis.json" | sha256sum --check
This will replace the genesis file created using secretd init
command with the mainnet genesis.json
.
Intialize Secret Enclave
mkdir -p /opt/secret/.sgx_secrets
export SCRT_ENCLAVE_DIR=/usr/lib
export SCRT_SGX_STORAGE=/opt/secret/.sgx_secrets
secretd auto-register
Verify Enclave Intialization
ls -lh /opt/secret/.sgx_secrets/attestation_cert.der
PUBLIC_KEY=$(secretd parse /opt/secret/.sgx_secrets/attestation_cert.der 2> /dev/null | cut -c 3-)
echo $PUBLIC_KEY
Configure Secretd
secretd config chain-id secret-4
secretd config node https://lcd-secret.scrtlabs.com:443/rpc
secretd config output json
Set Persistent Peers
We can add these persistent_peers
to our config.toml
:
sed -i "s/persistent_peers =.*/persistent_peers = \"[email protected]:17656,[email protected]:34656,[email protected]:36656,[email protected]:26656,[email protected]:26656,[email protected]:40656,[email protected]:26656,[email protected]:26656,[email protected]:26656,[email protected]:46656,[email protected]:30656,[email protected]:26656,[email protected]:26656,[email protected]:16656,[email protected]:26656,[email protected]:26156,[email protected]:26656,[email protected]:26656,[email protected]:60756,[email protected]:26656"\"/g" "${HOME}"/.secretd/config/config.toml"
Update Node configs
We can use sed
to update various node configuration values without having to manually edit each file - which can be a pain.
Replace the values below with your own. These commands will update the following:
minimum_gas_prices
pruning
configssnapshot
configs
sed -i -e "s|^minimum-gas-prices *=.*|minimum-gas-prices = \"0.0125uscrt\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning *=.*|pruning = \"custom\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning-keep-recent *=.*|pruning-keep-recent = \"113\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning-keep-every *=.*|pruning-keep-every = \"0\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning-interval *=.*|pruning-interval = \"17\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^snapshot-interval *=.*|snapshot-interval = \"0\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^snapshot-keep-recent *=.*|snapshot-keep-recent = \"2\"|" $HOME/.secretd/config/app.tom
Updating node ports
We'll use a powerful tool called sed
for this process. sed
is a stream editor that can perform operations, like substitutions, on a text file.
We will specifically focus on updating the ports to use a standardized prefix for your chain. This ensures consistency and improves overall system organization. It will also allow you to run multiple chains on a single server.
Let's start by understanding what we're updating:
proxy_app: This is the address used for inter-process communication between the ABCI application and the consensus engine.
laddr: This is the address that your node listens on for incoming connections.
pprof_laddr: This is the address for the profiling server to listen on.
prometheus_listen_addr: This is the address for the Prometheus metrics server to listen on.
address: These are various addresses that your node may use to listen for different types of connections.
Set Your Chain and Port Prefix
Your chain in this case is Secret Network. For Secret Network, we want to set the port prefix as 171. The port prefix will be used to replace the first 2 or 3 digits of the original ports.
# Set the prefix
export PREFIX=171
Update config.toml
Next, we will update the config.toml
file. For 5-digit ports, the first 3 digits will be replaced. Here is how to calculate the new port values and update the config.toml
file:
PROXY_APP_PORT=$(echo 26658 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
LADDR_PORT1=$(echo 26657 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
LADDR_PORT2=$(echo 26656 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
PPROF_LADDR_PORT=$(echo 26660 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
PROMETHEUS_LISTEN_PORT=$(echo 26660 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
sed -i.bak -e "\
s%^proxy_app = \"tcp://127.0.0.1:26658\"%proxy_app = \"tcp://127.0.0.1:$PROXY_APP_PORT\"%; \
s%^laddr = \"tcp://127.0.0.1:26657\"%laddr = \"tcp://0.0.0.0:$LADDR_PORT1\"%; \
s%^pprof_laddr = \"localhost:6060\"%pprof_laddr = \"localhost:$PPROF_LADDR_PORT\"%; \
s%^laddr = \"tcp://0.0.0.0:26656\"%laddr = \"tcp://0.0.0.0:$LADDR_PORT2\"%; \
s%^prometheus_listen_addr = \":26660\"%prometheus_listen_addr = \":$PROMETHEUS_LISTEN_PORT\"%" \
$HOME/.secretd/config/config.toml
Update app.toml
For 4-digit ports, the first 2 digits will be replaced. Here is how to calculate the new port values and update the app.toml
file:
sed -i.bak -e "\
s%^address = \"tcp://0.0.0.0:1317\"%address = \"tcp://0.0.0.0:$ADDRESS_PORT1\"%; \
s%^address = \":8080\"%address = \":$ADDRESS_PORT2\"%; \
s%^address = \"0.0.0.0:9090\"%address = \"0.0.0.0:$ADDRESS_PORT3\"%; \
s%^address = \"0.0.0.0:9091\"%address = \"0.0.0.0:$ADDRESS_PORT4\"%" \
$HOME/.secretd/config/app.toml
ADDRESS_PORT1=$(echo 1317 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')
ADDRESS_PORT2=$(echo 8080 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')
ADDRESS_PORT3=$(echo 9090 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')
ADDRESS_PORT4=$(echo 9091 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')
Create (or restore) a local key pair
Either create a new key pair or restore an existing wallet for your validator:
# Create new keypair
secretd keys add YOURKEY
# Restore existing juno wallet with mnemonic seed phrase.
# You will be prompted to enter mnemonic seed.
secretd keys add YOURKEY --recover
# Query the keystore for your public address
secretd keys show YOURKEY -a
After creating a new key, the key information and seed phrase will be shown. It is essential to write this seed phrase down and keep it in a safe place. The seed phrase is the only way to restore your keys.
Configure Node Attestion
Register Node onchain
secretd tx register auth /opt/secret/.sgx_secrets/attestation_cert.der -y --from <key-alias>
Pull & Check node's encrypted seed from network
SEED=$(secretd query register seed $PUBLIC_KEY | cut -c 3-)
echo $SEED
Get additional parameters
secretd query register secret-network-params
ls -lh ./io-master-key.txt ./node-master-key.txt
Configure Secret Node
mkdir -p ~/.secretd/.node
secretd configure-secret node-master-key.txt $SEED
Optimization
sed -i.bak -e "s/^contract-memory-enclave-cache-size *=.*/contract-memory-enclave-cache-size = \"15\"/" ~/.secretd/config/app.toml
Setup cosmovisor
Follow the Setup Cosmovisor instructions to setup cosmovisor and start the node.
Upgrade to a validator
Do not attempt to upgrade your node to a validator until the node is fully in sync as per the previous step.
To upgrade the node to a validator, you will need to submit a create-validator
transaction:
secretd tx staking create-validator \
--amount 1000000uscrt \
--commission-max-change-rate "0.1" \
--commission-max-rate "0.20" \
--commission-rate "0.1" \
--min-self-delegation "1" \
--details "Your details here" \
--pubkey=$(secretd tendermint show-validator) \
--moniker $MONIKER_NAME \
--chain-id $CHAIN_ID \
--fees 5000uscrt \
--node http://<YOURIP>:<YOURPORT> \
--from <KEYNAME>
The above transaction is just an example. There are many more flags that can be set to customize your validator, such as your validator website, or keybase.io id, etc. To see a full list:
secretd tx staking create-validator --help
Backup critical files
There are certain files that you need to back up to be able to restore your validator if, for some reason, it damaged or lost in some way. Please make a secure backup of the following files located in ~/.secretd/config/
:
priv_validator_key.json
node_key.json
It is recommended that you encrypt and backup of these files.
Last updated
Was this helpful?