Setting up Aptos Validator Node for AIT3 — GCP version
Hi because I’m so proud of my baby, thought it’s worth documenting my experience while it is fresh on my mind. Look at this beauty. I started with 100,000,000,000,000 tokens as starting stake.
0. Make sure you have:
- pre-set up your computer for Aptos
- pre-set up your computer for GCP
- Ensure you are on the right CLI v0.3.2. You can update using:
$ git fetch
$ git checkout b2228f286b5fe7631dee62690ae5d1087017e20d
$ cargo run -p aptos
- Click on New Project and Create a project.
2. Login to your gcp account via your terminal
$ gcloud auth login — update-adc
3. Create a workspace name, and create a folder.
Note: The “testnet” here is just a placeholder name for the workspace. you can call it whatever you want
$ export WORKSPACE=testnet
$ export USERNAME=wintertoro
$ mkdir -p ~/$WORKSPACE
$ gsutil mb gs://ait3-bucket
Here the “ait3-bucket” is jut a name I have chosen for my gcp bucket. you can call it whatever you want. The gsutil command basically creates a storage bucket in your cloud acc.
3. So now you want to go into your working directory, and create a terraform file.
$ cd ~/$WORKSPACE
$ touch main.tf
4. Edit your main.tf file
Outside of the terminal, go to the folder which contains the main.tf file, and open with your Atom editor. It will let you edit the file the way you do a word file. Much much easier than vim edits.
terraform {
required_version = "~> 1.2.0"
backend "gcs" {
bucket = "ait3-bucket" # bucket name created in step 2
prefix = "state/aptos-node"
}
}module "aptos-node" {
# download Terraform module from aptos-labs/aptos-core repo
source = "github.com/aptos-labs/aptos-core.git//terraform/aptos-node/gcp?ref=testnet"
region = "us-central1" # Specify the region
zone = "c" # Specify the zone suffix
project = "ait3-project" # Specify your GCP project ID
era = 1 # bump era number to wipe the chain
chain_id = 43 # check in discord what chain ID to use
image_tag = "testnet_8141a975f9e7d831e9699c58a83724ac9635d991" # Specify the docker image tag to use. This often changes as the team puts out new releases, so you gotta checking announcements
validator_name = "toro-node" # Name of Your Validator, no space, e.g. aptosbot
}
The content in the project area is the project name you created in your google account earlier on. Remember this step? Generally, the stuff in bold is what you gotta change.
5. Get that terraform building.
$ terraform init
$ terraform workspace new $WORKSPACE # This command will create a new workspace named after what you defined $WORKSPACE as in Step 3
$ terraform apply
Gotta wait like 20 mins here whilst it builds
6. Check that everything is working
# gcloud container clusters get-credentials aptos-$WORKSPACE --zone <region/zone> --project <project> to configure the access for k8s cluster. This should look like the below when you type into your CLI. Fill in the variables with what you put in Step 4.$ gcloud container clusters get-credentials aptos-$WORKSPACE --zone us-central1-c --project ait3-project$ kubectl get pods # this should have haproxy, validator and fullnode. with validator and fullnode pod pending (require further action in later steps)$ kubectl get svc # this should have validator-lb and fullnode-lb, with an external-IP you can share later for connectivity.
7. Get your node IP info
export VALIDATOR_ADDRESS=”$(kubectl get svc ${WORKSPACE}-aptos-node-0-validator-lb — output jsonpath=’{.status.loadBalancer.ingress[0].ip}’)”export FULLNODE_ADDRESS=”$(kubectl get svc ${WORKSPACE}-aptos-node-0-fullnode-lb — output jsonpath=’{.status.loadBalancer.ingress[0].ip}’)”
8. Generate the key pairs (node owner, voter, operator key, consensus key and networking key) in your working directory.
aptos genesis generate-keys --output-dir ~/$WORKSPACE/keys
This will create 4 key files under ~/$WORKSPACE/keys
directory:
- public-keys.yaml
- private-keys.yaml
- validator-identity.yaml
- validator-full-node-identity.yaml
9. Configure the Validator information
aptos genesis set-validator-configuration \
--local-repository-dir ~/$WORKSPACE \
--username $USERNAME \
--owner-public-identity-file ~/$WORKSPACE/keys/public-keys.yaml \
--validator-host $VALIDATOR_ADDRESS:6180 \
--full-node-host $FULLNODE_ADDRESS:6182 \
--stake-amount 100000000000000
This will create two YAML files in the ~/$WORKSPACE/$USERNAME
directory: owner.yaml
and operator.yaml
.
10. Create a layout template file, which defines the node in the Aptos validatorSet
.
aptos genesis generate-layout-template --output-file ~/$WORKSPACE/layout.yaml
11. Edit the layout.yaml
, add the root_key
, the Validator node username, and chain_id
:
root_key: "D04470F43AB6AEAA4EB616B72128881EEF77346F2075FFE68E14BA7DEBD8095E"
users: ["<username you specified from previous step>"]
chain_id: 47
allow_new_validators: false
epoch_duration_secs: 7200
is_test: true
min_stake: 100000000000000
min_voting_threshold: 100000000000000
max_stake: 100000000000000000
recurring_lockup_duration_secs: 86400
required_proposer_stake: 100000000000000
rewards_apy_percentage: 10
voting_duration_secs: 43200
voting_power_increase_limit: 20
a) Please make sure you use the same root public key as shown in the example and same chain ID, those config will be used during registration to verify your node.
b) Download the AptosFramework Move package into the ~/$WORKSPACE
directory as framework.mrb
wget https://github.com/aptos-labs/aptos-core/releases/download/aptos-framework-v0.3.0/framework.mrb -P ~/$WORKSPACE
c) Compile the genesis blob and waypoint.
wget https://github.com/aptos-labs/aptos-ait3/blob/main/genesis.blob?raw=true -O genesis.blobwget https://github.com/aptos-labs/aptos-ait3/blob/main/waypoint.txt?raw=true -O waypoint.txt
This will download two files in your working directory:genesis.blob
and waypoint.txt
.
To summarize, in your working directory you should have a list of files:
main.tf
: The Terraform files to install theaptos-node
module (from steps 3 and 4).keys
folder, which includes:public-keys.yaml
: Publick keys for the owner account, consensus, networkingprivate-keys.yaml
: Private keys for the owner account, consensus, networkingvalidator-identity.yaml
: Private keys for setting the Validator identity.validator-full-node-identity.yaml
: Private keys for setting validator full node identityusername
folder, which includes:owner.yaml
: define owner, operator, and voter mapping. They are all the same account in test modeoperator.yaml
: Node information that will be used for both the Validator and the FullNodelayout.yaml
: The layout file containing the key values for root key, validator user, and chain IDframework.mrb
: The AptosFramework Move packagewaypoint.txt
: The waypoint for the genesis transactiongenesis.blob
The genesis binary that contains all the information about the framework, validatorSet and more
d) Insert genesis.blob
, waypoint.txt
and the identity files as secret into k8s cluster.
kubectl create secret generic ${WORKSPACE}-aptos-node-0-genesis-e1 \
--from-file=genesis.blob=genesis.blob \
--from-file=waypoint.txt=waypoint.txt \
--from-file=validator-identity.yaml=keys/validator-identity.yaml \
--from-file=validator-full-node-identity.yaml=keys/validator-full-node-identity.yaml
NOTE: The -e1
suffix refers to the era number. If you changed the era number, make sure it matches when creating the secret.
e) Check all pods running.
$ kubectl get pods
You will get the below as result
NAME READY STATUS RESTARTS AGE
node1-aptos-node-0-fullnode-e9-0 1/1 Running 0 4h31m
node1-aptos-node-0-haproxy-7cc4c5f74c-l4l6n 1/1 Running 0 4h40m
node1-aptos-node-0-validator-0 1/1 Running 0 4h30m
Token owner actions
To participate in the AIT-3 program, follow the below steps. Use these steps as a checklist to keep track of your progress. Click on the links in each step for a detailed documentation.
- Install the Petra (Aptos Wallet) extension from this link. I like to download from Github repo as the chrome store always has a lag. Make sure you are on v0.1.8.
- Create the first wallet using Petra chrome extension (Aptos Wallet). It’s pretty intuitive.
Make sure to store your seed phrase somewhere safe. This account will be used in the future. You need to connect the wallet to the community platform, which I won’t go into here cause that step is closed now. Then the Aptos team will airdrop coins to this owner wallet address. The only call-out is that you need to remember to go to Settings -> Network, and make sure you pick the right network. Otherwise you might think you don’t have tokens, but actually you do. The wallet address from the Petra wallet is essentially your token owner address. There’s a copy button next to the pink icon, to help you copy that owner address.
To initialize staking as token owner
You need to initialize the staking pool ,and delegating to the operator and the voter.
- Go to the Staking section of the Aptos Governance page for AIT-3.
- Make sure the wallet is connected with your owner account.
- Provide the following inputs:
- Staking Amount: 100000000000000 (1 million Aptos coin with 8 decimals)
- Operator Address: The address of your operator account. This is the
operator_account_address
from the "operator.yaml" file, under~/$WORKSPACE/$USERNAME
folder. - Voter Address: The wallet address of your voter.
4. Click SUBMIT. You will see a green bar indicating that the transaction is successful.
5. Next, as the owner, using Petra wallet, transfer 10,000 coin each to your operator address and voter wallet address. There’s a send button on the wallet. Both the operator and the voter will use these funds to pay the gas fees while validating and voting.
Connecting your node to the AIT3
Using Terraform
- Increase
era
number in your Terraform config, this will wipe the data once applied. Suggest 4 - Update
chain_id
to 47. - Update your docker image to use tag
testnet_b2228f286b5fe7631dee62690ae5d1087017e20d
- Close metrics port and REST API port for validator (you can leave it open for fullnode), add the helm values in your
main.tf
file. Essentially, copy and paste that helm part into your main.tf file. for example:
module "aptos-node" {
...helm_values = {
service = {
validator = {
enableRestApi = false
enableMetricsPort = false
}
}
}
}
- Apply Terraform:
terraform apply
- Download the
genesis.blob
andwaypoint.txt
file published by Aptos Labs team. - Update your
account_address
invalidator-identity.yaml
to your owner wallet address, don't change anything else, keep the keys as is. - Recreate the secrets, make sure the secret name matches your
era
number, e.g. if you haveera = 4
, you should replace the secret name to be${WORKSPACE}-aptos-node-0-genesis-e4
kubectl create secret generic ${WORKSPACE}-aptos-node-0-genesis-e4 \
--from-file=genesis.blob=genesis.blob \
--from-file=waypoint.txt=waypoint.txt \
--from-file=validator-identity.yaml=keys/validator-identity.yaml \
--from-file=validator-full-node-identity.yaml=keys/validator-full-node-identity.yaml
Joining Validator Set
At this point you already used your owner account to initialized a validator staking pool, and assigned the operator to your operator account. The step below is to setup the validator node using operator account, and join the validator set.
6. Initialize Aptos CLI
aptos init --profile ait3-operator \
--private-key <operator_account_private_key> \
--rest-url https://ait3.aptosdev.com \
--skip-faucet
Note: account_private_key
for operator can be found in the private-keys.yaml
file under ~/$WORKSPACE/keys
folder.
Check your validator account balance, make sure you have some coins to pay gas. (If not, transfer some coin to this account from your owner account). You can check using aptos account list --profile ait3-operator
7. Update validator network addresses on chain
aptos node update-validator-network-addresses \
--pool-address <owner-address> \
--operator-config-file ~/$WORKSPACE/$USERNAME/operator.yaml \
--profile ait3-operator
8. Update validator consensus key on chain
aptos node update-consensus-key \
--pool-address <owner-address> \
--operator-config-file ~/$WORKSPACE/$USERNAME/operator.yaml \
--profile ait3-operator
9. Join validator set
aptos node join-validator-set \
--pool-address <owner-address> \
--profile ait3-operator \
--max-gas 10000 #set this higher in case of error
ValidatorSet will be updated at every epoch change, which is once every 2 hours. You will only see your node joining the validator set in next epoch. Both Validator and fullnode will start syncing once your validator is in the validator set.
10. Check validator set
aptos node show-validator-set --profile ait3-operator | jq -r '.Result.pending_active'
You can cmd+f your owner address here to find it. After about 2 hours or so (end of an epoch), your validator will join the network, and you can check using:
aptos node show-validator-set --profile ait3-operator | jq -r '.Result.active_validators'
Then tadah! Wait for your stake to start accumulating rewards. You can view your node performance on the leaderboard here: https://aptoslabs.com/leaderboard/it3