Mainnet

Check your hardware

Before setting up a production mode, ensure that your hardware is properly configured. To do it, use mainnet checker.

Download and unzip checker:

wget https://github.com/SigmaGmbH/swisstronik-chain/releases/download/hw-checker/checker.zip && unzip checker.zip && cd checker

Copy libsgx_checker_wrapper_v1.0.7.x86_64.so to /usr/lib:

sudo cp libsgx_checker_wrapper_v1.0.7.x86_64.so /usr/lib/

To check your hardware, run:

ENCLAVE_HOME=path/to/v1.0.7_checker_enclave.signed.so ./swisstronikd_checker enclave status

If status is not OK or SGX_QL_QV_RESULT_SW_HARDENING_NEEDED, check your BIOS configs:

Enable SGX
Disable Secure Boot
Disable Hyper Threading
Disable Turbo Mode
Enable CPU AES
Disable Onboard VGA
Disable Intel Speedstep Technology
Set Primary Display to «PCI Express»

If it does not help contact with us in Discord

Download mainnet binaries

You can find archive with mainnet binaries at our Github Releases: https://github.com/SigmaGmbH/swisstronik-chain/releases/tag/v1.0.0-mainnet

Once you've downloaded file, unpack it

unzip swisstronikd.zip

Validate that files have correct checksums:

File

Checksum

v1.0.0_enclave.signed.so

d322ea113bfab5efe1babd69a89b2ee206631835eedf30e791d655dd24469ebd

libsgx_wrapper_v1.0.0.x86_64.so

34b459414b881d8c1839388db363a1264182c9f7c75c96ed12f2cbb0b3b080cc

swisstronikd

21a81717d5c3d8f620a940b45d4ee273cd4ff98e460b6729e12f22cf05d15730

Move libsgx_wrapper_v1.0.0.x86_64.soto /usr/lib:

sudo cp libsgx_wrapper_v1.0.0.x86_64.so /usr/lib

Move 1.0.0_enclave.signed.soto any folder. Later, you should specify ENCLAVE_HOME with path to directory with 1.0.0_enclave.signed.sofile.

Obtain epoch keys for mainnet

Before starting your node, you should obtain epoch keys, which will be used to encrypt and decrypt transactions and smart contract state.

Before running RA ensure that you have properly configured /etc/sgx_default_qcnl.conf file. Default pccs_url value should be changed from https://localhost:8081/sgx/certification/v4/ to https://api.trustedservices.intel.com/sgx/certification/v4/

To run Remote Attestation, use the the following command:

swisstronikd enclave request-epoch-keys-dcap mainnet.attestation.swisstronik.com:42321

The command above will pass Remote Attestation, during which, another node checks whether the correct software and hardware are used. If the command returns you same output as shown below, it means your node is ready to work:

Remote Attestation passed. Node is ready for work

Initialize Node

Monikers can only contain ASCII characters. The use of Unicode characters is not supported and will render the node unreachable.

Please replace YOUR_MONIKER with your own moniker.

swisstronikd init YOUR_MONIKER --chain-id swisstronik_1848-1

The moniker can be edited in the ~/.swisstronik/config/config.toml file:

# A custom human readable name for this node 
moniker = "<custom_moniker>"

Download the Genesis File

After initializing the node, download the genesis file and move it to the /config directory within the Swisstronik home directory.

wget https://github.com/SigmaGmbH/swisstronik-chain/releases/download/v1.0.0-mainnet/genesis.json

Set Gas Prices

A full node keeps unconfirmed transactions in its mempool. To protect it from spam, it is advisable to set a minimum-gas-prices that the transaction must meet to be accepted in the node's mempool. This parameter can be configured in ~/.swisstronik/config/app.toml.

# The minimum gas prices a validator is willing to accept for processing a # transaction. A transaction's fees must meet the minimum of any denomination 
# specified in this config 
minimum-gas-prices = "7aswtr"

Specify pruning option

This is an optional configuration

There are four strategies for pruning the state. These strategies apply only to the state and do not apply to block storage. A node operator may consider custom pruning if node storage is a concern or if there is an interest in running an archive node.

To set pruning, adjust the pruning parameter in the ~/.swisstronik/config/app.toml file. The following pruning state settings are available:

everything: Prune all saved states other than the current state.
nothing: Save all states and delete nothing.
default: Save the last 100 states and the state of every 10,000th block.
custom: Specify pruning settings with the pruning-keep-recent, pruning-keep-every, and pruning-interval parameters.

By default, every node is in default mode, which is the recommended setting for most environments. If a node operator wants to change their node's pruning strategy, this must be done before the node is initialized.

In ~/.swisstronik/config/app.toml

# default: the last 100 states are kept in addition to every 500th state; pruning at 10 block intervals 
# nothing: all historic states will be saved, nothing will be deleted (i.e. archiving node) 
# everything: all saved states will be deleted, storing only the current state; pruning at 10 block intervals 
# custom: allow pruning options to be manually specified through 'pruning-keep-recent', 'pruning-keep-every', and 'pruning-interval' pruning = "custom" 
# These are applied if and only if the pruning strategy is custom. 
pruning-keep-recent = "10" 
pruning-keep-every = "1000" 
pruning-interval = "10"

Passing a flag when starting swisstronikd will always override settings in the app.toml file. To change the node's pruning setting to everything mode pass the ---pruning everything flag when running swisstronikd start.

If the node is running with a pruned state, querying heights that are not in the node's store will not be possible.

RPC

This is an optional configuration

By default, RPC server for interactions with Cosmos part will be started on 0.0.0.0:26657 . To change it, edit the ~/.swisstronik/config/config.toml, and set laadr to desired address and port

#######################################################
###       RPC Server Configuration Options          ###
#######################################################
[rpc]

# TCP or UNIX socket address for the RPC server to listen on
laddr = "tcp://0.0.0.0:26657"

REST API

This is an optional configuration

By default, the REST API is disabled. To enable the REST API, edit the ~/.swisstronik/config/app.toml file, and set enable to true in the [api] section.

[api] 
# Enable defines if the API server should be enabled. 
enable = true 
# Swagger defines if swagger documentation should automatically be registered. swagger = false # Address defines the API server to listen on. 
address = "tcp://0.0.0.0:1317"

EVM JSON-RPC and Websockets

This is an optional configuration

By default, EVM JSON-RPC and Websockets are set to use ports 127.0.0.1:8545 and 127.0.0.1:8546 for encrypted transactions, and 127.0.0.1:8547, 127.0.0.1:8548 for unencrypted transactions. You can edit them by changing those values in ~/.swisstronik/config/app.toml

###############################################################################
###                           JSON RPC Configuration                        ###
###############################################################################

[json-rpc]

# Enable defines if the gRPC server should be enabled.
enable = true

# Address defines the EVM RPC HTTP server address to bind to.
address = "127.0.0.1:8545"

# Address defines the EVM WebSocket server address to bind to.
ws-address = "127.0.0.1:8546"

# Address defines the EVM RPC HTTP server address to bind to.
address-unencrypted = "127.0.0.1:8547"

# Address defines the EVM WebSocket server address to bind to.
ws-address-unencrypted = "127.0.0.1:8548"

Launch Node

Cosmovisor

Setting up Cosmovisor is relatively straightforward. However, it expects certain environment variables and folder structure to be set.

Install

First, go and get cosmovisor (recommended approach):

go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@latest

# To install a previous version, you can specify the version after the @ sign. Note that versions older than 1.4.0 can also target a specific version, at a slightly different location:
go install github.com/cosmos/cosmos-sdk/cosmovisor/cmd/[email protected]

You can set it to false by running the command

export DAEMON_ALLOW_DOWNLOAD_BINARIES=false

You can confirm your installation with:

which cosmovisor

Add environment variables to your shell.

In the .profile file, usually located at ~/.profile, add:

export DAEMON_NAME=swisstronikd
export DAEMON_HOME=$HOME/.swisstronik

Next, source your profile to gain access to these variables:

source ~/.profile

You can confirm success by executing:

echo $DAEMON_NAME

It should return swisstronikd.

Set up folder structure

Cosmovisor expects a certain folder structure:

.
├── current -> genesis or upgrades/<name>
├── genesis
│   └── bin
│       └── $DAEMON_NAME
└── upgrades
    └── <name>
        └── bin
            └── $DAEMON_NAME

Don't worry about current - that is simply a symlink used by Cosmovisor. The other folders will need setting up, but this is easy:

mkdir -p $DAEMON_HOME/cosmovisor/genesis/bin && mkdir -p $DAEMON_HOME/cosmovisor/upgrades

Set up genesis binary

Cosmovisor needs to know which binary to use at genesis. We put this in $DAEMON_HOME/cosmovisor/genesis/bin.

First, find the location of the binary you want to use:

which swisstronikd

Then use the path returned to copy it to the directory Cosmovisor expects. Let's assume the previous command returned /home/your-user/go/bin/swisstronik:

cp $HOME/go/bin/swisstronikd $DAEMON_HOME/cosmovisor/genesis/bin

Cosmovisor init

Post v1 versions of Cosmovisor include a command that creates the directories and copy the swisstronikd binary into the proper directory. To execute this process, use the following command:

cosmovisor init $HOME/go/bin/swisstronikd

Once you're done, check that the folder structure looks correct using a tool like tree.

Setting up the service

Commands sent to Cosmovisor are sent to the underlying binary. For example, cosmovisor version is the same as typing swisstronikd version.

Nevertheless, similar to managing swisstronikd using a process manager, we want to ensure that Cosmovisor is automatically restarted in case of events like errors or reboots.

First, create the service file:

sudo nano /etc/systemd/system/swisstronikd.service

Modify the content below to match your setup.cosmovisor is likely located at ~/go/bin/cosmovisor irrespective of the installation path you chose above, but it's worth verifying.

Note cosmovisor run start is only for the latest versions of cosmovisor. For earlier versions that line should be:

ExecStart=/home/<your-user>/go/bin/cosmovisor start

[Unit]
Description=Swisstronikd Daemon (cosmovisor)
After=network-online.target

[Service]
User=<your-user>
ExecStart=/home/<your-user>/go/bin/cosmovisor run start
Restart=always
RestartSec=3
LimitNOFILE=65536
ProtectHome = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
NoNewPrivileges = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
Environment="DAEMON_NAME=swisstronikd"
Environment="DAEMON_HOME=/home/<your-user>/.swisstronik"
Environment="DAEMON_ALLOW_DOWNLOAD_BINARIES=false"
Environment="DAEMON_RESTART_AFTER_UPGRADE=true"
Environment="DAEMON_LOG_BUFFER_SIZE=512"
Environment=ENCLAVE_HOME=/home/<your-user>/.swisstronik-enclave # PATH TO v1.0.0_enclave.signed.so
Environment=KEYMANAGER_HOME=/home/<your-user>/.swisstronik-enclave # PATH to directory with .keymanager file 

[Install]
WantedBy=multi-user.target

Start Cosmovisor

If syncing from a snapshot, do not start Cosmovisor yet.

Finally, enable the service and start it.

sudo -S systemctl daemon-reload
sudo -S systemctl enable swisstronikd
# check config one last time before starting!
sudo systemctl start swisstronikd

Verify that it is running by using:

sudo systemctl status swisstronikd

If you need to monitor the service after launch, you can view the logs by using:

sudo journalctl -fu swisstronikd

Other considerations

This installation guide is the bare minimum to get a node started. As you progress and gain experience as a node operator, consider the following:

Configure firewall to close most ports leaving only the p2p port (typically 26656);
Use custom ports for each node so you can run multiple nodes on the same server;
Do not expose unsafe endpoints, such as unsafe = truein config.toml or debugnamespace at json-rpc.api in app.toml.

If you encounter any issues or discover a bug in this installation guide, please reach out to us and inform us.

PreviousSetup node Nextv1.0.1 Upgrade

Last updated 7 months ago