Archway network, setting up a validator — sentry architecture for your infra

Archway is a blockchain oriented on decentralizing Smart Contracts development.

We wrote an article on how to set up sentries and validators on the same machine, but that specific use case is not a real mainnet scenario. So after participating in Archway’s testnet we decided to write this article on how to set up a validator — sentry node architecture in Archway (but could also valid for any other Cosmos networks), so it could help others with the task in the future.

First of all, you will have to set up all your nodes to be able to run the Archway node daemon and configure them to connect to the Archway Torii testnet network.

For the installation you need to install go in your server. After that, you have to get archway source code and compile it.

sudo apt install make clang build-essentials jq
git clone git@github.com:archway-network/archway.git
cd archway
make install

Check that your binary has compiled correctly (should return the archway binary version)

archwayd version

You’re ready to connect to Torii 1 network, so run the following command to init the node pointing to torii-1 network

archwayd init my-node — chain-id torii-1

No you should download the genesis file corresponding to torii-1 network

wget https://raw.githubusercontent.com/archway-network/testnets/main/torii-1/genesis.json
cp genesis.json ~/.archway/config/genesis.json

In order to be able to connect to the network add some seeds in the nodes config file (~/.archwayd/config/config.toml)

seeds = “dcc82542a94ab6407733802dd50c098da6f27f72@35.184.247.99:26656”

Now your node is good to start and get in sync with the chain, so start your node

archwayd start

That’s it for setting up a node, have in mind that you would have to repeat this process on each of the nodes that you’re running, in our case 4 nodes (3 sentries and 1 validator), so once you’re done continue with the guide.

For the validator you would need to create the validator on one of the nodes (should be synced to the network), for that you would need some torii-1 tokens.

First create the wallet that you would use to manage your validator.

archwayd keys add my-validator-wallet

Get the address of the wallet, visit Archway Discord faucet channel for sending some torii-1 tesnet tokens to it. Once you have tokens on that wallet you can create your validator.

archwayd tx staking create-validator \
— from my-validator-wallet \
— amount 1000000000utorii \
— min-self-delegation 1000000000utorii\
— commission-rate 0.01 \
— commission-max-rate 0.1 \
— commission-max-change-rate 0.1 \
— pubkey “$(archwayd tendermint show-validator)” \
— chain-id torii-1

Now check that your validator has created successfully by checking the voting power, should be greater than 0.

archwayd status | jq .ValidatorInfo.VotingPower

Congratulations! your node is validating in the Archway’s Torii-1 network. Now that all nodes are running and in sync, let’s begin configuring our sentry-validator architecture.

Archway helping decentralize smart contracts by developers incentivation, the future of web3 development

To config the nodes you should edit their corresponding config.toml files located at (~/.archway/config/config.toml) and set the corresponding configuration to each type (N sentry nodes and 1 validator).

For a mainnet setup composed of sentries and validator the configuration of your nodes should contain the following structure (replace the field values in the config file):

## Validator node configuration
pex = false
persistent_peers =list of sentry nodes
private_peer_ids =omitted
addr_book_strict =false

## Sentry Node Configuration
pex =true
persistent_peers =validator node, and optionally other sentry nodes private_peer_ids = validator node id
addr_book_strict = false

As you may know, the way to specify a node is the following:

node_id@node_ip:p2p_port

By defaultthe p2p port for Cosmos networks is 26656, and the tendemint node id can be obtained with the following command

archwayd tendermint show-node-id

To get your node ip execute the command

ip a

A valid example could be:

47a763c7c542db370f0a7e380d355f89c6f1115b@10.20.14.124:26656

If our setup nodes would have the following values (node ids and ip’s are not real, for the sake of simplicity of the guide):

Sentry 1: 111@1.1.1.1:26656
Sentry 2: 222@2.2.2.2:26656
Sentry 3: 333@3.3.3.3:26656
Validator: 444@4.4.4.4:26656

the setup configuration would actually look like this:

# Sentry 1 config (111@1.1.1.1:26656)
persistent_peers = “222@2.2.2.2:26656,333@3.3.3.3:26656,444@4.4.4.4:26656”
addr_book_strict = false
pex = true
private_peer_ids = “444”

# Sentry 2 config (222@2.2.2.2:26656)
persistent_peers = “111@1.1.1.1:26656,333@3.3.3.3:26656,444@4.4.4.4:26656”
addr_book_strict = false
pex = true
private_peer_ids = “444”

# Sentry 3 config (333@3.3.3.3:26656)
persistent_peers = “111@1.1.1.1:26656,222@2.2.2.2:26656,444@4.4.4.4:26656”
addr_book_strict = false
pex = true
private_peer_ids = “444”

# Validator config (444@4.4.4.4:26656)
seeds = “”
persistent_peers = “111@1.1.1.1:26656,222@2.2.2.2:26656,333@3.3.3.3:26656”
addr_book_strict = false
pex = false
private_peer_ids = “”

As you may see, all the sentries have the pex value set to true, this makes the nodes try to discover and connect to nodes of the network, but not for the validator. The sentries are also set to have the validator as a private peer (private_peer_ids value), so the validator it isn’t gossipped to the rest of the network and remains anonymous.

Besides that, the validator is connected to all the sentries that will act as a proxy connection to the P2P network, and the sentries are connected to the validator, and optionally to other validators (as in this case).

Now is time to restart all of your nodes, so stop the daemon on each server and start it again

archwayd start

A good way to test that your validator is hidden from the network, is to check that the validator is only able to connect to the network when at least 1 sentry node is running and in sync. So set all your nodes working, and stop all the 3 sentries, and check that the validator node is not able to sync and sign blocks anymore, start 1 sentry node again and check that the validator syncs again and begins signing blocks too.

Also, don’t forget to set your security practices on all your nodes (firewall, ssh access, certificates, service unit file, etc.).

And that’s it! Hope it helps you set a better infrastructure for your Cosmos validators and mitigate those possible DDoS attacks.

For further info you can have a look at Cosmos forums on the topic, or just ask in Archway validator communities Discord channels. And of course have a look at this interesting Cosmos DeFi project, Archway Network.

--

--

--

We're a company of Blockchain passionate individuals that aim to help decentralize the world while having fun with technology.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Set up GitLab CI/CD for testing your Firebase functions

5 Reasons Why Agile Is The Best For App Development

How to improve the DDDness of your application.

3 Reasons You Might Want To Switch To a NoSQL Database

Loading Arena Widget In Flutter Apps.

Numeric operators in Java

Building SwiftUI Video Game DB App using IGDB Remote API-Alfian Losari

Single SQL to count rows in tables

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Blockscope

Blockscope

We're a company of Blockchain passionate individuals that aim to help decentralize the world while having fun with technology.

More from Medium

KYVE — new step to reliable data

Introducing HydroSwap V2

Distinct Wallets (Optimism Bridge)

Unique Network. Rarity of Chelobrick