Matic Mainnet Node - Sentry & Validator
Pre-requisites
Minimum System Requirements
Minimum system requirements are as follows:
16 GiB of memory
4 core CPU (t2 xLarge)
Minimum 60GB disk (make sure it is extendable)
It is essential that you have 2 different Machines / VM for your Sentry and Validator Node. Having a single Machine to run both, your Sentry and Validator nodes will run into issues
You can obviously opt for higher setup infra to future-proof your Node. However, anything below the minimum requirements, you will run into issues sooner than later. The minimum requirements set above is for both Sentry and Validator nodes.
Install build essentials
This is required for both your Sentry and Validator node
Install GO
This is required for both your Sentry and Validator node
Note: Go version 1.11+ is recommended
RabbitMq
This is required for both your Sentry and Validator node
RabbitMQ is a message-queueing software also known as a message broker or queue manager. Simply said; it is software where queues are defined, to which applications connect in order to transfer a message or messages.
A helper service called bridge
which is embedded into heimdall codebase requires rabbit-mq
to queue transactions to multiple networks. Installing it should be pretty straightforward.
Checkout the download instructions here: https://www.rabbitmq.com/download.html
Install Binaries
Heimdall
This is required for both your Sentry and Validator node
Next, install the latest version of Heimdall and services. Make sure you checkout the correct released version on Git
That will install the heimdalld
and heimdallcli
binaries. Verify that everything is OK:
Bor
This is required for both your Sentry and Validator node
Next, install the latest version of Bor. Make sure you checkout the correct released version via Git
That will install the bor
binary and bootnode
binary:
Setup node files
Fetch launch repo
Setup launch directory
To setup network directory, network name and type of node are required.
Available networks: mainnet-v1
Node types: sentry
and validator
For Sentry:
For Validator:
Setup network directories
This is required for both your Sentry and Validator node
Heimdall data setup
Bor data setup
Setup service files
This is required for both your Sentry and Validator node
Generate services files and copy them into system directory
Setup config files
For Sentry Node
Login to the remote machine / VM
You will need to add a few details in the
config.toml
file. To open theconfig.toml
file run the following commandvi ~/.heimdalld/config/config.toml
Now in the config file you will have to change
Moniker
and addseeds
informationmoniker=<enter unique identifier> For example, moniker=my-sentry-nodeseeds="f4f605d60b8ffaaf15240564e58a81103510631c@159.203.9.164:26656,4fb1bc820088764a564d4f66bba1963d47d82329@44.232.55.71:26656"Check for the parameter
private_peer_ids
. You will need to add your Validator NodeID here. To get your Validator NodeID, you will need to run this command on your Validator node instance:heimdalld tendermint show-node-id
. After you add your NodeID it should look something like thisprivate_peer_ids = "2170800c8a57.....a350f1c0ff"
Change the value of Pex to
true
Change the value of Prometheus to
true
Set the
max_open_connections
value to100
Make sure you keep the proper formatting when you make the changes above.
Next you need to make changes in the
[start.sh](http://start.sh)
file for Bor. Add the following flag invi ~/node/bor/start.sh
to thebor
start params:
Start services
Run these commands on your Sentry Node:
To Start Heimdall Service
To start Heimdall Rest-server
You check logs for Heimdall and rest-server here:
- Heimdall -
journalctl -u heimdalld.service -f
- Heimdall Rest Server -
journalctl -u heimdalld-rest-server.service -f
Now you need to make sure that Heimdall is synced completely and only then Start Bor. If you start Bor without Heimdall syncing completely, you will run into issues frequently.
- To check if Heimdall is synced
- On the remote machine/VM, run
curl localhost:26657/status
- In the output,
catching_up
value should befalse
- On the remote machine/VM, run
Now once Heimdall is synced, run
You can check Bor logs here:
- Bor -
journalctl -u bor.service -f
Setup Config Changes For Validator Node
Login to the remote machine / VM
You will need to add a few details in the
config.toml
file. To open theconfig.toml
file run the following commandvi ~/.heimdalld/config/config.tomlNow in the config file you will have to change
Moniker
and addseeds
informationmoniker=<enter unique identifier>Now in this file, check for the parameter
pex
. The value for this parameter should befalse
.Check for the parameter
private_peer_ids
. This should be commented out or there should be a "#" at the start of the line. Or you could leave it as is.In the
persistent_peers
, you will need to add your Sentry NodeID here. To get your Sentry NodeID, you will need run this command on the Sentry node instance:heimdalld tendermint show-node-idand add it in the following format as mentioned below
persistent_peers = "sentry_machineNodeID@sentry_instance_ip:26656"Change the value of Prometheus to
true
Make sure you keep the proper formatting when you make the changes above.
You will also need to make changes in the
heimdall-config.toml
file. Here you would be adding the RPC for your Ethereum full node. To open theheimdall-config.toml
file you can run the command```jsxvi ~/.heimdalld/config/heimdall-config.toml```Here you need to add the URL for your Ethereum Full Node.```jsxeth_rpc_url =<insert Infura or any full node RPC URL to Ethereum>```Configuring Bor changes on your Validator Node
You will need to add the
EnodeID
of your Sentry Node to the validator node config.To get your EnodeID, Run this command on your Sentry Node to get the enodeID
bootnode -nodekey ~/.bor/data/bor/nodekey -writeaddressNow you will need to update the
static-nodes.json
file on your Validator node. To open the file runvi ~/.bor/data/bor/static-nodes.json
on your Validator node. You should see an output like this:["<replace with enode://sentry_machine_enodeID@sentry_machine_ip:30303>"]Generate Heimdall private key
Note this is only needed for the Validator node, and not for the Sentry node.
This step is only required for your Validator Node. The Sentry node does not require generating
validatorkey
.The private key required as the input is your Ethereum wallet's Private key, where you have the Matic tokens. You will be able to locate it in the wallet settings, depending on the Ethereum wallet you use. You can
heimdallcli generate-validatorkey <Your Ethereum wallet *private* key>This will create
priv_validator_key.json
in the same folder. Move this validator key file to heimdall config folder.mv ./priv_validator_key.json ~/.heimdalld/configGenerate Bor keystore file
Note this is only needed for the Validator node, and not for the Sentry node
To generate a Bor keystore for your validator, you can run the following command. The private key required as the input is your Ethereum wallet Private key. This would be the same private key that you used for generating your
validator-key
.heimdallcli generate-keystore <Your Ethereum wallet private key>Once you run this command you will be requested for a passphrase. A passphrase can be considered as password too. This passphrase will be used to encrypt the keystore file.
This will create a keystore file in UTC format. For example:
UTC--2020-02-10T10-11-48.027180000Z--6c468cf8c9879006e22ec4029696e005c2319c9dDo
ls
here and you will see the file name in the above format.Now you will have to move the keystore file to bor data directory.
mv ./UTC-<time>-<address> ~/.bor/keystore/Add password.txt
Add the password that you entered in the password.txt file
vi ~/.bor/password.txtAdd phrase you choose during generating key store file in
password.txt
Lastly, you will need to add Metadata information
You can open the metadata file from here:
vi /etc/matic/metadataAnd then add your Address that is associated with your Private Key
VALIDATOR_ADDRESS=<Enter your Ethereum Address here>Starting Services for Heimdall and Bor
Run these commands on your Validator Node:
To Start Heimdall Service
sudo service heimdalld startTo start Heimdall Rest-server
sudo service heimdalld-rest-server startTo start Heimdall bridge
sudo service heimdalld-bridge start
You check logs for Heimdall and rest-server here:
- Heimdall -
journalctl -u heimdalld.service -f
- Heimdall Rest Server -
journalctl -u heimdalld-rest-server.service -f
- Heimdall Bridge -
journalctl -u heimdalld-bridge.service -f
Now you need to make sure that Heimdall is synced completely and only then Start Bor. If you start Bor without Heimdall syncing completely, you will run into issues frequently.
- To check if Heimdall is synced
- On the remote machine/VM, run
curl localhost:26657/status
- In the output,
catching_up
value should befalse
- On the remote machine/VM, run
Now once Heimdall is synced, run
You can check Bor logs here:
- Bor -
journalctl -u bor.service -f
Now, you have successfully setup your Sentry and Validator Node. Now all that you have to do is Stake by using the Matic Staking UI.
You can follow this step-by-step guide to understand how you can stake on Matic: https://www.notion.so/maticnetwork/Staking-on-Matic-Mainnet-5ad50f58fad348fc89c6dcf3a729f260
Logs
Logs are managed by journalctl
linux tool. Here is a link for advanced usage: https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs
Check Heimdall node logs
Check Heimdall rest server logs
Check Bor rest server logs
To check if Heimdall is synced
- On the remote machine/VM, run
curl localhost:26657/status
- In the output,
catching_up
value should befalse
Ports and firewall setup for Sentry
Open following ports 22, 26656 and 30303 to world (0.0.0.0/0) on sentry node firewall.
You can use VPN to restrict access for 22 port as per your requirement and security guidelines.
Validator node firewall configuration
On your validator node, open ports 22, 26656 and 30303 and point it to your sentry node.
Note: Don't open above ports in validator node to world/public (0.0.0.0/0). These ports should be open to sentry node only.