Setting up Aptos Validator Node for AIT3 — GCP version

8 min readAug 31, 2022

Hi because I’m so proud of my baby, thought it’s worth documenting my experience while it is fresh on my mind. Look at this beauty. I started with 100,000,000,000,000 tokens as starting stake.

0. Make sure you have:

pre-set up your computer for Aptos
pre-set up your computer for GCP
Ensure you are on the right CLI v0.3.2. You can update using:

$ git fetch 
$ git checkout b2228f286b5fe7631dee62690ae5d1087017e20d
$ cargo run -p aptos

Click on New Project and Create a project.

2. Login to your gcp account via your terminal

$ gcloud auth login — update-adc

3. Create a workspace name, and create a folder.

Note: The “testnet” here is just a placeholder name for the workspace. you can call it whatever you want

$ export WORKSPACE=testnet
$ export USERNAME=wintertoro
$ mkdir -p ~/$WORKSPACE
$ gsutil mb gs://ait3-bucket

Here the “ait3-bucket” is jut a name I have chosen for my gcp bucket. you can call it whatever you want. The gsutil command basically creates a storage bucket in your cloud acc.

3. So now you want to go into your working directory, and create a terraform file.

$ cd ~/$WORKSPACE
$ touch main.tf

4. Edit your main.tf file

Outside of the terminal, go to the folder which contains the main.tf file, and open with your Atom editor. It will let you edit the file the way you do a word file. Much much easier than vim edits.

terraform {
  required_version = "~> 1.2.0"
  backend "gcs" {
    bucket = "ait3-bucket" # bucket name created in step 2
    prefix = "state/aptos-node"
  }
}module "aptos-node" {
  # download Terraform module from aptos-labs/aptos-core repo
  source        = "github.com/aptos-labs/aptos-core.git//terraform/aptos-node/gcp?ref=testnet"
  region        = "us-central1"  # Specify the region
  zone          = "c"            # Specify the zone suffix
  project       = "ait3-project" # Specify your GCP project ID
  era           = 1              # bump era number to wipe the chain
  chain_id      = 43             # check in discord what chain ID to use
  image_tag     = "testnet_8141a975f9e7d831e9699c58a83724ac9635d991" # Specify the docker image tag to use. This often changes as the team puts out new releases, so you gotta checking announcements
  validator_name = "toro-node" # Name of Your Validator, no space, e.g. aptosbot
}

The content in the project area is the project name you created in your google account earlier on. Remember this step? Generally, the stuff in bold is what you gotta change.

5. Get that terraform building.

$ terraform init
$ terraform workspace new $WORKSPACE # This command will create a new workspace named after what you defined $WORKSPACE as in Step 3
$ terraform apply

Gotta wait like 20 mins here whilst it builds

6. Check that everything is working

# gcloud container clusters get-credentials aptos-$WORKSPACE --zone <region/zone> --project <project> to configure the access for k8s cluster. This should look like the below when you type into your CLI. Fill in the variables with what you put in Step 4.$ gcloud container clusters get-credentials aptos-$WORKSPACE --zone us-central1-c --project ait3-project$ kubectl get pods # this should have haproxy, validator and fullnode. with validator and fullnode pod pending (require further action in later steps)$ kubectl get svc # this should have validator-lb and fullnode-lb, with an external-IP you can share later for connectivity.

7. Get your node IP info

export VALIDATOR_ADDRESS=”$(kubectl get svc ${WORKSPACE}-aptos-node-0-validator-lb — output jsonpath=’{.status.loadBalancer.ingress[0].ip}’)”export FULLNODE_ADDRESS=”$(kubectl get svc ${WORKSPACE}-aptos-node-0-fullnode-lb — output jsonpath=’{.status.loadBalancer.ingress[0].ip}’)”

8. Generate the key pairs (node owner, voter, operator key, consensus key and networking key) in your working directory.

aptos genesis generate-keys --output-dir ~/$WORKSPACE/keys

This will create 4 key files under ~/$WORKSPACE/keys directory:

public-keys.yaml
private-keys.yaml
validator-identity.yaml
validator-full-node-identity.yaml

9. Configure the Validator information

aptos genesis set-validator-configuration \
  --local-repository-dir ~/$WORKSPACE \
  --username $USERNAME \
  --owner-public-identity-file ~/$WORKSPACE/keys/public-keys.yaml \
  --validator-host $VALIDATOR_ADDRESS:6180 \
  --full-node-host $FULLNODE_ADDRESS:6182 \
  --stake-amount 100000000000000

This will create two YAML files in the ~/$WORKSPACE/$USERNAME directory: owner.yaml and operator.yaml.

10. Create a layout template file, which defines the node in the Aptos validatorSet.

aptos genesis generate-layout-template --output-file ~/$WORKSPACE/layout.yaml

11. Edit the layout.yaml, add the root_key, the Validator node username, and chain_id:

root_key: "D04470F43AB6AEAA4EB616B72128881EEF77346F2075FFE68E14BA7DEBD8095E"
users: ["<username you specified from previous step>"]
chain_id: 47
allow_new_validators: false
epoch_duration_secs: 7200
is_test: true
min_stake: 100000000000000
min_voting_threshold: 100000000000000
max_stake: 100000000000000000
recurring_lockup_duration_secs: 86400
required_proposer_stake: 100000000000000
rewards_apy_percentage: 10
voting_duration_secs: 43200
voting_power_increase_limit: 20

a) Please make sure you use the same root public key as shown in the example and same chain ID, those config will be used during registration to verify your node.

b) Download the AptosFramework Move package into the ~/$WORKSPACE directory as framework.mrb

wget https://github.com/aptos-labs/aptos-core/releases/download/aptos-framework-v0.3.0/framework.mrb -P ~/$WORKSPACE

c) Compile the genesis blob and waypoint.

wget https://github.com/aptos-labs/aptos-ait3/blob/main/genesis.blob?raw=true -O genesis.blobwget https://github.com/aptos-labs/aptos-ait3/blob/main/waypoint.txt?raw=true -O waypoint.txt

This will download two files in your working directory:genesis.blob and waypoint.txt.

To summarize, in your working directory you should have a list of files:

main.tf: The Terraform files to install the aptos-node module (from steps 3 and 4).
keys folder, which includes:
public-keys.yaml: Publick keys for the owner account, consensus, networking
private-keys.yaml: Private keys for the owner account, consensus, networking
validator-identity.yaml: Private keys for setting the Validator identity.
validator-full-node-identity.yaml: Private keys for setting validator full node identity
username folder, which includes:
owner.yaml: define owner, operator, and voter mapping. They are all the same account in test mode
operator.yaml: Node information that will be used for both the Validator and the FullNode
layout.yaml: The layout file containing the key values for root key, validator user, and chain ID
framework.mrb: The AptosFramework Move package
waypoint.txt: The waypoint for the genesis transaction
genesis.blob The genesis binary that contains all the information about the framework, validatorSet and more

d) Insert genesis.blob, waypoint.txt and the identity files as secret into k8s cluster.

kubectl create secret generic ${WORKSPACE}-aptos-node-0-genesis-e1 \
 --from-file=genesis.blob=genesis.blob \
 --from-file=waypoint.txt=waypoint.txt \
 --from-file=validator-identity.yaml=keys/validator-identity.yaml \
 --from-file=validator-full-node-identity.yaml=keys/validator-full-node-identity.yaml

NOTE: The -e1 suffix refers to the era number. If you changed the era number, make sure it matches when creating the secret.

e) Check all pods running.

$ kubectl get pods

You will get the below as result

NAME                                        READY   STATUS    RESTARTS   AGE
node1-aptos-node-0-fullnode-e9-0              1/1     Running   0          4h31m
node1-aptos-node-0-haproxy-7cc4c5f74c-l4l6n   1/1     Running   0          4h40m
node1-aptos-node-0-validator-0                1/1     Running   0          4h30m

Token owner actions

To participate in the AIT-3 program, follow the below steps. Use these steps as a checklist to keep track of your progress. Click on the links in each step for a detailed documentation.

Install the Petra (Aptos Wallet) extension from this link. I like to download from Github repo as the chrome store always has a lag. Make sure you are on v0.1.8.
Create the first wallet using Petra chrome extension (Aptos Wallet). It’s pretty intuitive.

Make sure to store your seed phrase somewhere safe. This account will be used in the future. You need to connect the wallet to the community platform, which I won’t go into here cause that step is closed now. Then the Aptos team will airdrop coins to this owner wallet address. The only call-out is that you need to remember to go to Settings -> Network, and make sure you pick the right network. Otherwise you might think you don’t have tokens, but actually you do. The wallet address from the Petra wallet is essentially your token owner address. There’s a copy button next to the pink icon, to help you copy that owner address.

To initialize staking as token owner

You need to initialize the staking pool ,and delegating to the operator and the voter.

Go to the Staking section of the Aptos Governance page for AIT-3.
Make sure the wallet is connected with your owner account.
Provide the following inputs:

Staking Amount: 100000000000000 (1 million Aptos coin with 8 decimals)
Operator Address: The address of your operator account. This is the operator_account_address from the "operator.yaml" file, under ~/$WORKSPACE/$USERNAME folder.
Voter Address: The wallet address of your voter.

4. Click SUBMIT. You will see a green bar indicating that the transaction is successful.

5. Next, as the owner, using Petra wallet, transfer 10,000 coin each to your operator address and voter wallet address. There’s a send button on the wallet. Both the operator and the voter will use these funds to pay the gas fees while validating and voting.

Connecting your node to the AIT3

Using Terraform

Increase era number in your Terraform config, this will wipe the data once applied. Suggest 4
Update chain_id to 47.
Update your docker image to use tag testnet_b2228f286b5fe7631dee62690ae5d1087017e20d
Close metrics port and REST API port for validator (you can leave it open for fullnode), add the helm values in your main.tf file. Essentially, copy and paste that helm part into your main.tf file. for example:

module "aptos-node" {
 ...helm_values = {
 service = {
 validator = {
 enableRestApi = false
 enableMetricsPort = false
 }
 }
 }
}

Apply Terraform: terraform apply
Download the genesis.blob and waypoint.txt file published by Aptos Labs team.
Update your account_address in validator-identity.yaml to your owner wallet address, don't change anything else, keep the keys as is.
Recreate the secrets, make sure the secret name matches your era number, e.g. if you have era = 4, you should replace the secret name to be ${WORKSPACE}-aptos-node-0-genesis-e4

kubectl create secret generic ${WORKSPACE}-aptos-node-0-genesis-e4 \
 --from-file=genesis.blob=genesis.blob \
 --from-file=waypoint.txt=waypoint.txt \
 --from-file=validator-identity.yaml=keys/validator-identity.yaml \
 --from-file=validator-full-node-identity.yaml=keys/validator-full-node-identity.yaml

Joining Validator Set

At this point you already used your owner account to initialized a validator staking pool, and assigned the operator to your operator account. The step below is to setup the validator node using operator account, and join the validator set.

6. Initialize Aptos CLI

aptos init --profile ait3-operator \
--private-key <operator_account_private_key> \
--rest-url https://ait3.aptosdev.com \
--skip-faucet

Note: account_private_key for operator can be found in the private-keys.yaml file under ~/$WORKSPACE/keys folder.

Check your validator account balance, make sure you have some coins to pay gas. (If not, transfer some coin to this account from your owner account). You can check using aptos account list --profile ait3-operator

7. Update validator network addresses on chain

aptos node update-validator-network-addresses \
 --pool-address <owner-address> \
 --operator-config-file ~/$WORKSPACE/$USERNAME/operator.yaml \
 --profile ait3-operator

8. Update validator consensus key on chain

aptos node update-consensus-key \
 --pool-address <owner-address> \
 --operator-config-file ~/$WORKSPACE/$USERNAME/operator.yaml \
 --profile ait3-operator

9. Join validator set

aptos node join-validator-set \
 --pool-address <owner-address> \
 --profile ait3-operator \ 
 --max-gas 10000 #set this higher in case of error

ValidatorSet will be updated at every epoch change, which is once every 2 hours. You will only see your node joining the validator set in next epoch. Both Validator and fullnode will start syncing once your validator is in the validator set.

10. Check validator set

aptos node show-validator-set --profile ait3-operator | jq -r '.Result.pending_active'

You can cmd+f your owner address here to find it. After about 2 hours or so (end of an epoch), your validator will join the network, and you can check using:

aptos node show-validator-set --profile ait3-operator | jq -r '.Result.active_validators'

Then tadah! Wait for your stake to start accumulating rewards. You can view your node performance on the leaderboard here: https://aptoslabs.com/leaderboard/it3

Setting up Aptos Validator Node for AIT3 — GCP version

Token owner actions

To initialize staking as token owner

Connecting your node to the AIT3

Using Terraform​

Joining Validator Set​

Written by wintertoro

Using Terraform

Joining Validator Set