Run Full Node
How To Join IDEP Network as a Full Nodeโ
This document details how to join the IDEP Network Sanford-X testnet as a full node. Once your full node is running, you can turn it into a validator in the optional last step.
Requirementsโ
- Ubuntu/Debian host (with ZFS or LVM to be able to add more storage easily)
- A public IP address
- Open ports TCP
26656 & 26657Note: If you're behind a router or firewall then you'll need to port forward on the network device. - Reading Tendermint: Running in production
- RPC address of an already active node. You can use any node that exposes RPC services.
- Refer to Intel Processor Specifications if you're unsure if your processor supports SGX
Minimum requirementsโ
- 16GB RAM
- 512GB SDD
- 1 dedicated core of any Intel Skylake processor (Intelยฎ 6th generation) or better (Xeon gen3 (Ice Lake) NOT supported)
- Motherboard with support for SGX in the BIOS
Recommended requirementsโ
- 32GB RAM
- 1TB SSD
- 2 dedicated cores of any Intel Skylake processor (Intelยฎ 6th generation) or better (Xeon gen3 (Ice Lake) NOT supported)
- Motherboard with support for SGX in the BIOS
Installationโ
- Step up SGX on your local machine See instructions for setup and verification. See registration if you'd like a more comprehensive overview on what's happening in these steps.
1. Download the IDEP Network package installer for Debian/Ubuntu:โ
wget https://github.com/idepnetwork/<RELEASE>
check the hash of the downloaded binary
echo "<hash> release" | sha256sum --check
[(How to verify releases)]
2. Install the package:โ
sudo dpkg -i idepnetwork<RELEASE>.deb
Verify the installation by doing:
iond version
3. Initialize your installation of the IDEP Network.โ
Choose a moniker for yourself, and replace <MONIKER> with your moniker below. This moniker will serve as your public nickname in the network.
iond init <MONIKER> --chain-id Sanford-X
4. Download a copy of the Genesis Block file: genesis.jsonโ
wget -O ~/.iond/config/genesis.json "https://github.com/idepnetwork/gensis.json"
5. Validate the checksum for the genesis.json file you have just downloaded in the previous step:โ
echo "759e1b6761c14fb448bf4b515ca297ab382855b20bae2af88a7bdd82eb1f44b9 $HOME/.iond/config/genesis.json" | sha256sum --check
6. Validate that the genesis.json is a valid genesis file:โ
iond validate-genesis
7. The rest of the commands should be run from the home folder (/home/<your_username>)โ
cd ~
8. Initialize secret enclaveโ
You can choose between two ways, 8a (automatic) or 8b (manual):
Note: if this machine has been registered before, and have the following files:
/home/user/.sgx_secrets/
โโโ consensus_seed.sealed
โโโ new_node_seed_exchange_keypair.sealed
you can move them to /opt/idep/.sgx_secrets and skip to step 16 (if not working, try registering anyway).
8a. Initialize secret enclave - Automatic Registration (EXPERIMENTAL)โ
Note: Make sure SGX is running or this step might fail.
Make sure the directory
/opt/idep/.sgx_secretsexists:
mkdir -p /opt/idep/.sgx_secrets
Create env variables:
export SCRT_ENCLAVE_DIR=/usr/lib
export SCRT_SGX_STORAGE=/opt/idep/.sgx_secrets
Register:
iond auto-register --node http://<IP>:1317 --registration-node http://<IP>>:26667
If this step was successful, you can skip straight to step 16
8b. Initialize secret enclave - Manual Registration (legacy)โ
Make sure the directory /opt/idep/.sgx_secrets/ exists:
mkdir -p /opt/idep/.sgx_secrets/
Make sure SGX is running or this step might fail.
iond init-enclave
9. Check that initialization was successfulโ
Attestation certificate should have been created by the previous step
ls -lh /opt/idep/.sgx_secrets/attestation_cert.der
10. Check your certificate is validโ
Should print your 64 character registration key if it was successful.
PUBLIC_KEY=$(iond parse /opt/idep/.sgx_secrets/attestation_cert.der 2> /dev/null | cut -c 3-)
echo $PUBLIC_KEY
11. Config ioncli, to point to a working node and import a key with some $IDEPโ
The steps using ioncli can be run on any machine, they don't need to be on the full node itself. We'll refer to the machine where you are using ioncli as the "CLI machine" below.
To run the steps with ioncli on another machine, set up the CLI there.
Configure ioncli. Initially you'll be using the bootstrap node, as you'll need to connect to a running node and your own node is not running yet.
ioncli config chain-id sanford-x
ioncli config node http://<ip>>:26657/
ioncli config output json
Set up a key. Make sure you back up the mnemonic and the keyring password.
ioncli keys add <key-alias>
This will output your address, a 45 character-string starting with idep1.... Then you can fund it with some $IDEP.
12. Register your node on-chainโ
Run this step on the CLI machine. If you're using a different CLI machine than the full node, copy /opt/idep/.sgx_secrets/attestation_cert.der from the full node to the CLI machine.
ioncli tx register auth /opt/idep/.sgx_secrets/attestation_cert.der -y --from <key-alias>
13. Pull & check your node's encrypted seed from the networkโ
Run this step on the CLI machine.
SEED=$(ioncli query register seed $PUBLIC_KEY | cut -c 3-)
echo $SEED
14. Get additional network parametersโ
Run this step on the CLI machine.
These are necessary to configure the node before it starts.
ioncli query register idep-network-params
ls -lh ./io-master-cert.der ./node-master-cert.der
If you're using a different CLI machine than the validator node, copy node-master-cert.der from the CLI machine to the validator node.
15. Configure your IDEP nodeโ
From here on, run commands on the full node again.
mkdir -p ~/.iond/.node
iond configure-secret node-master-cert.der $SEED
16. Add persistent peers and seeds to your configuration file.โ
perl -i -pe 's/seeds = ""/seeds = "7649dcfda0eb77b38fde8e817da8071faea3cd13\@bootstrap.scrt.network:26656,ac74aa5908816a54c0da62b6f1cbfa9cc4a8a4ff\@45.77.125.31:26656"/' ~/.iond/config/config.toml
You may use the following peers, or you can choose your own from [this list].
perl -i -pe 's/persistent_peers = ""/persistent_peers = "555d083ffc6b4acca46fa0c78a545bb799f72296\@morty.secretnodes.com:26656,7c9f5e1cd79c4d5ee83e2a82b133efe0bd74732d\@secret-ibc.blockngine.io:26656,7ecc77c5d79520cd613488e69bfbb324ac22280c\@node.securesecrets.org:26656,4378c3df119539623d190e6b81e359b57b152675\@135.148.55.229:10656,971911193b09a17c347565d311a3cc4f6004156d\@peer.node.scrtlabs.com:26656"/' ~/.iond/config/config.toml
17. Listen for incoming RPC requests so that light nodes can connect to you:โ
perl -i -pe 's/laddr = .+?26657"/laddr = "tcp:\/\/0.0.0.0:26657"/' ~/.iond/config/config.toml
18. Enable IDEP-node as a system service:โ
Note that the idep-node system file is created in a previous step.
sudo systemctl enable secret-node
19. Start IDEP-node as a system service:โ
sudo systemctl start secret-node
20. If everything above worked correctly, the following command will show your node streaming blocks (this is for debugging purposes only, kill this command anytime with Ctrl-C):โ
journalctl -f -u idep-node
-- Logs begin at Mon 2022-04-28 12:11:24 UTC. --
Nov 09 11:16:31 idep-node-01 iond[619529]: 11:16AM INF indexed block height=12 module=txindex
Nov 09 11:16:35 idep-node-01 iond[619529]: 11:16AM INF Ensure peers module=pex numDialing=0 numInPeers=0 numOutPeers=0 numToDial=10
Nov 09 11:16:35 idep-node-01 iond[619529]: 11:16AM INF No addresses to dial. Falling back to seeds module=pex
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF Timed out dur=4983.86819 height=13 module=consensus round=0 step=1
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF received proposal module=consensus proposal={"Type":32,"block_id":{"hash":"0AF9693538AB0C753A7EA16CB618C5D988CD7DC01D63742DC4795606D10F0CA4","parts":{"hash":"58F6211ED5D6795E2AE4D3B9DBB1280AD92B2EE4EEBAA2910F707C104258D2A0","total":1}},"height":13,"pol_round":-1,"round":0,"signature":"eHY9dH8dG5hElNEGbw1U5rWqPp7nXC/VvOlAbF4DeUQu/+q7xv5nmc0ULljGEQR8G9fhHaMQuKjgrxP2KsGICg==","timestamp":"2021-11-09T11:16:36.7744083Z"}
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF received complete proposal block hash=0AF9693538AB0C753A7EA16CB618C5D988CD7DC01D63742DC4795606D10F0CA4 height=13 module=consensus
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF finalizing commit of block hash=0AF9693538AB0C753A7EA16CB618C5D988CD7DC01D63742DC4795606D10F0CA4 height=13 module=consensus num_txs=0 root=E4968C9B525DADA22A346D5E158C648BC561EEC351F402A611B9DA2706FD8267
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF minted coins from module account amount=6268801uscrt from=mint module=x/bank
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF executed block height=13 module=state num_invalid_txs=0 num_valid_txs=0
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF commit synced commit=436F6D6D697449447B5B373520353520323020352032342031312032333820353320383720313137203133372031323020313638203234302035302032323020353720343520363620313832203138392032333920393920323439203736203338203131322035342032332033203233362034375D3A447D
Nov 09 11:16:36 idep-node-01 iond[619529]: 11:16AM INF committed state app_hash=4B371405180BEE3557758978A8F032DC392D42B6BDEF63F94C2670361703EC2F height=13 module=state num_txs=0
^C
You are now a full node. ๐
21. Optimizationโ
In order to be able to handle NFT minting and other Secret Contract-heavy operations, it's recommended to update your SGX memory enclave cache:
sed -i.bak -e "s/^contract-memory-enclave-cache-size *=.*/contract-memory-enclave-cache-size = \"15\"/" ~/.secretd/config/app.toml
22. Get your node ID with:โ
iondd tendermint show-node-id
Be sure to point your CLI to your running node instead of the bootstrap node
ioncli config node tcp://localhost:26657
If someone wants to add you as a peer, have them add the above address to their persistent_peers in their ~/.iond/config/config.toml.
And if someone wants to use your node from their ioncli then have them run:
ioncli config chain-id Sanford-X
ioncli config output json
ioncli config node tcp://<your-public-ip>:26657
23. Optional: make your full node into a validatorโ
To turn your full node into a validator, see Joining Mainnet as a Validator.