REStakeMeet the teamBlock ExplorerHire Us

Full Node Build

Install pre-requisites

# update the local package list and install any available upgrades
sudo apt-get update && sudo apt upgrade -y

# install toolchain and ensure accurate time synchronization
sudo apt-get install make build-essential gcc git jq chrony -y

Install Go

Follow the instructions here to install Go.

For an Ubuntu LTS, we can use:

# find location of existing GO (if any)
which go
go version

# remove old GO if existing
sudo rm -rf /usr/local/go

# install updated GO
wget https://golang.org/dl/go1.20.3.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.20.3.linux-amd64.tar.gz
rm -rf go1.20.3.linux-amd64.tar.gz

Unless you want to configure in a non standard way, then set these in the .zshrc in the user's home (i.e. ~/) folder.

nano ~/.zshrc

Add the "export Pathing" rules at the bottom, and then save the file:

# add export PATHS below
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOROOT/bin:$GOBIN

After updating your ~/.zshrc you will need to source it:

source ~/.zshrc

Install SGX

If you're running a local machine and not a cloud-based VM -

  1. Go to your BIOS menu

  2. Enable SGX (Software controlled is not enough)

  3. Disable Secure Boot

  4. Disable Hyperthreading (recommended)

Download the SGX install script.

wget https://raw.githubusercontent.com/SecretFoundation/docs/main/docs/node-guides/sgxh

Execute the script.

sudo bash sgx

Build Daemon from source

# download secretd v1.8.0
wget "https://github.com/scrtlabs/SecretNetwork/releases/download/v1.9.3/secretnetwork_1.9.3_mainnet_goleveldb_amd64.deb"

# verify download
echo "d1bb747afd5cdbbd5330f37a8c1eeba1312cc891af19a1f589eb3e3f44630e23 secretnetwork_1.9.3_mainnet_goleveldb_amd64.deb" | sha256sum --check

#install secretd
sudo apt install -y ./secretnetwork_1.9.3_mainnet_*_amd64.deb

# verify installation
secretd version
# 1.9.3

To confirm that the installation has succeeded, you can run:

secretd version --long

Configuration of Shell Variables

For this guide, we will be using shell variables. This will enable the use of the client commands verbatim. It is important to remember that shell commands are only valid for the current shell session, and if the shell session is closed, the shell variables will need to be re-defined.

If you want variables to persist for multiple sessions, then set them explicitly in your shell .profile, as you did for the Go environment variables.

To clear a variable binding, use unset $VARIABLE_NAME. Shell variables should be named with ALL CAPS.

CHAIN_ID="secret-4"
MONIKER_NAME=<moniker-name>

Setting Up the Node

These instructions will direct you on how to initialize your node, synchronize to the network and upgrade your node to a validator.

Initialize the chain

Please replace YOUR_MONIKER with your own moniker.

secretd init YOUR_MONIKER --chain-id CHAIN_ID

This will generate the following files in ~/.osmosis/config/

  • genesis.json

  • node_key.json

  • priv_validator_key.json

Download the genesis file

wget -O ~/.secretd/config/genesis.json "https://github.com/scrtlabs/SecretNetwork/releases/download/v1.2.0/genesis.json"
# verify genesis.json checksum
echo "759e1b6761c14fb448bf4b515ca297ab382855b20bae2af88a7bdd82eb1f44b9 $HOME/.secretd/config/genesis.json" | sha256sum --check

This will replace the genesis file created using secretd init command with the mainnet genesis.json.

Intialize Secret Enclave

mkdir -p /opt/secret/.sgx_secrets

export SCRT_ENCLAVE_DIR=/usr/lib
export SCRT_SGX_STORAGE=/opt/secret/.sgx_secrets
secretd auto-register

Verify Enclave Intialization

ls -lh /opt/secret/.sgx_secrets/attestation_cert.der

PUBLIC_KEY=$(secretd parse /opt/secret/.sgx_secrets/attestation_cert.der 2> /dev/null | cut -c 3-)
echo $PUBLIC_KEY

Configure Secretd

secretd config chain-id secret-4
secretd config node https://lcd-secret.scrtlabs.com:443/rpc
secretd config output json

Set Persistent Peers

We can add these persistent_peers to our config.toml:

sed -i "s/persistent_peers =.*/persistent_peers = \"[email protected]:17656,[email protected]:34656,[email protected]:36656,[email protected]:26656,[email protected]:26656,[email protected]:40656,[email protected]:26656,[email protected]:26656,[email protected]:26656,[email protected]:46656,[email protected]:30656,[email protected]:26656,[email protected]:26656,[email protected]:16656,[email protected]:26656,[email protected]:26156,[email protected]:26656,[email protected]:26656,[email protected]:60756,[email protected]:26656"\"/g" "${HOME}"/.secretd/config/config.toml"

Update Node configs

We can use sed to update various node configuration values without having to manually edit each file - which can be a pain.

Replace the values below with your own. These commands will update the following:

  • minimum_gas_prices

  • pruning configs

  • snapshot configs

sed -i -e "s|^minimum-gas-prices *=.*|minimum-gas-prices = \"0.0125uscrt\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning *=.*|pruning = \"custom\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning-keep-recent *=.*|pruning-keep-recent = \"113\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning-keep-every *=.*|pruning-keep-every = \"0\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^pruning-interval *=.*|pruning-interval = \"17\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^snapshot-interval *=.*|snapshot-interval = \"0\"|" $HOME/.secretd/config/app.toml
sed -i -e "s|^snapshot-keep-recent *=.*|snapshot-keep-recent = \"2\"|" $HOME/.secretd/config/app.tom

Updating node ports

We'll use a powerful tool called sed for this process. sed is a stream editor that can perform operations, like substitutions, on a text file.

We will specifically focus on updating the ports to use a standardized prefix for your chain. This ensures consistency and improves overall system organization. It will also allow you to run multiple chains on a single server.

Let's start by understanding what we're updating:

  • proxy_app: This is the address used for inter-process communication between the ABCI application and the consensus engine.

  • laddr: This is the address that your node listens on for incoming connections.

  • pprof_laddr: This is the address for the profiling server to listen on.

  • prometheus_listen_addr: This is the address for the Prometheus metrics server to listen on.

  • address: These are various addresses that your node may use to listen for different types of connections.

Set Your Chain and Port Prefix

Your chain in this case is Secret Network. For Secret Network, we want to set the port prefix as 171. The port prefix will be used to replace the first 2 or 3 digits of the original ports.

# Set the prefix 
export PREFIX=171

Update config.toml

Next, we will update the config.toml file. For 5-digit ports, the first 3 digits will be replaced. Here is how to calculate the new port values and update the config.toml file:

PROXY_APP_PORT=$(echo 26658 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
LADDR_PORT1=$(echo 26657 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
LADDR_PORT2=$(echo 26656 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
PPROF_LADDR_PORT=$(echo 26660 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
PROMETHEUS_LISTEN_PORT=$(echo 26660 | awk -v prefix=$PREFIX '{print prefix substr($0,4)}')
sed -i.bak -e "\
s%^proxy_app = \"tcp://127.0.0.1:26658\"%proxy_app = \"tcp://127.0.0.1:$PROXY_APP_PORT\"%; \
s%^laddr = \"tcp://127.0.0.1:26657\"%laddr = \"tcp://0.0.0.0:$LADDR_PORT1\"%; \
s%^pprof_laddr = \"localhost:6060\"%pprof_laddr = \"localhost:$PPROF_LADDR_PORT\"%; \
s%^laddr = \"tcp://0.0.0.0:26656\"%laddr = \"tcp://0.0.0.0:$LADDR_PORT2\"%; \
s%^prometheus_listen_addr = \":26660\"%prometheus_listen_addr = \":$PROMETHEUS_LISTEN_PORT\"%" \
$HOME/.secretd/config/config.toml

Update app.toml

For 4-digit ports, the first 2 digits will be replaced. Here is how to calculate the new port values and update the app.toml file:

sed -i.bak -e "\
s%^address = \"tcp://0.0.0.0:1317\"%address = \"tcp://0.0.0.0:$ADDRESS_PORT1\"%; \
s%^address = \":8080\"%address = \":$ADDRESS_PORT2\"%; \
s%^address = \"0.0.0.0:9090\"%address = \"0.0.0.0:$ADDRESS_PORT3\"%; \
s%^address = \"0.0.0.0:9091\"%address = \"0.0.0.0:$ADDRESS_PORT4\"%" \
$HOME/.secretd/config/app.toml
ADDRESS_PORT1=$(echo 1317 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')
ADDRESS_PORT2=$(echo 8080 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')
ADDRESS_PORT3=$(echo 9090 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')
ADDRESS_PORT4=$(echo 9091 | awk -v prefix=$PREFIX '{print prefix substr($0,3)}')

Create (or restore) a local key pair

Either create a new key pair or restore an existing wallet for your validator:

# Create new keypair
secretd keys add YOURKEY

# Restore existing juno wallet with mnemonic seed phrase.
# You will be prompted to enter mnemonic seed.
secretd keys add YOURKEY --recover

# Query the keystore for your public address
secretd keys show YOURKEY -a

After creating a new key, the key information and seed phrase will be shown. It is essential to write this seed phrase down and keep it in a safe place. The seed phrase is the only way to restore your keys.

Configure Node Attestion

  1. Register Node onchain

secretd tx register auth /opt/secret/.sgx_secrets/attestation_cert.der -y --from <key-alias>

  1. Pull & Check node's encrypted seed from network

SEED=$(secretd query register seed $PUBLIC_KEY | cut -c 3-)
echo $SEED

  1. Get additional parameters

secretd query register secret-network-params
ls -lh ./io-master-key.txt ./node-master-key.txt

Configure Secret Node

mkdir -p ~/.secretd/.node
secretd configure-secret node-master-key.txt $SEED

Optimization

sed -i.bak -e "s/^contract-memory-enclave-cache-size *=.*/contract-memory-enclave-cache-size = \"15\"/" ~/.secretd/config/app.toml

Setup cosmovisor

Follow the Setup Cosmovisor instructions to setup cosmovisor and start the node.

Upgrade to a validator

Do not attempt to upgrade your node to a validator until the node is fully in sync as per the previous step.

To upgrade the node to a validator, you will need to submit a create-validator transaction:

secretd tx staking create-validator \
  --amount 1000000uscrt \
  --commission-max-change-rate "0.1" \
  --commission-max-rate "0.20" \
  --commission-rate "0.1" \
  --min-self-delegation "1" \
  --details "Your details here" \
  --pubkey=$(secretd tendermint show-validator) \
  --moniker $MONIKER_NAME \
  --chain-id $CHAIN_ID \
  --fees 5000uscrt \
  --node http://<YOURIP>:<YOURPORT> \
  --from <KEYNAME>

The above transaction is just an example. There are many more flags that can be set to customize your validator, such as your validator website, or keybase.io id, etc. To see a full list:

secretd tx staking create-validator --help

Backup critical files

There are certain files that you need to back up to be able to restore your validator if, for some reason, it damaged or lost in some way. Please make a secure backup of the following files located in ~/.secretd/config/:

  • priv_validator_key.json

  • node_key.json

It is recommended that you encrypt and backup of these files.

PreviousSecret NetworkNextSetup Cosmovisor

Last updated

Was this helpful?