Feb 21
Setting up 3 sentries and a validator on Umee (or any other Cosmos network)
We wrote an article on how set sentries and validators on the same machine on Bitcanna network, but that specific use case is not a real mainnet scenario. So we have decided to write this article on how to set up 3 sentry nodes and a validator node in Umee Network (but is also valid for any other Cosmos networks), so it could help others with the task in the future.
First of all, you will have to set your nodes configure to be able to run the Umee node daemon and configured to connect to the Umee network. But that’s not part of the article, you can find those instructions in Umee Github repositories.
For a mainnet setup composed of sentries and validator the configuration of your nodes should contain the following structure:
## Validator node configuration
pex = false
persistent_peers =list of sentry nodes
private_peer_ids =omitted
addr_book_strict =false
## Sentry Node Configuration
pex =true
persistent_peers =validator node, and optionally other sentry nodes private_peer_ids = validator node id
addr_book_strict = false
As you may know, the way to specify a node is the following:
node_id@node_ip:p2p_port
Usually the p2p port for Cosmos networks is 26656, and the tendemint node id can be obtained with the following command
umeed tendermint show-node-id
A valid example could be: 47a763c7c542db370f0a7e380d355f89c6f1115b@10.20.14.124
If our setup nodes would have the following values (node ids and ip’s are not real…):
Sentry 1: 111@1.1.1.1:26656
Sentry 2: 222@2.2.2.2:26656
Sentry 3: 333@3.3.3.3:26656
Validator: 444@4.4.4.4:26656
and the list of network seed nodes is represented by this string “REPLACE WITH NETWORK SEED NODES”, the setup configuration would look like this:
# Sentry 1 config (111@1.1.1.1:26656)
seeds = “REPLACE WITH NETWORK SEED NODES”
persistent_peers = “222@2.2.2.2:26656,333@3.3.3.3:26656,444@4.4.4.4:26656”
addr_book_strict = false
pex = true
private_peer_ids = “444”
# Sentry 2 config (222@2.2.2.2:26656)
seeds = “REPLACE WITH NETWORK SEED NODES”
persistent_peers = “111@1.1.1.1:26656,333@3.3.3.3:26656,444@4.4.4.4:26656”
addr_book_strict = false
pex = true
private_peer_ids = “444”
# Sentry 3 config (333@3.3.3.3:26656)
seeds = “REPLACE WITH NETWORK SEED NODES”
persistent_peers = “111@1.1.1.1:26656,222@2.2.2.2:26656,444@4.4.4.4:26656”
addr_book_strict = false
pex = true
private_peer_ids = “444”
# Validator config (444@4.4.4.4:26656)
seeds = “”
persistent_peers = “111@1.1.1.1:26656,222@2.2.2.2:26656,333@3.3.3.3:26656”
addr_book_strict = false
pex = false
private_peer_ids = “”
As you may see, all the sentries have the pex value set to true, this makes the nodes try to discover and connect to nodes of the network, but not for the validator. The sentries are also set to have the validator as a private peer (private_peer_ids value), so the validator it isn’t gossipped to the rest of the network and remains anonymous.
Besides that, the validator is connected to all the sentries that will act as a proxy connection to the P2P network, and the sentries are connected to the validator, and optionally to other validators (as in this case).
A good way to test that your validator is hidden from the network, is to check that the validator is only able to connect to the network when at least 1 sentry node is running and in sync. So set all your nodes working, and stop all the 3 sentries, and check that the validator node is not able to sync and sign blocks anymore, start 1 sentry node again and check that the validator syncs again and begins signing blocks too.
Also, don’t forget to set your security practices on all your nodes (firewall, ssh access, certificates, etc.).
And that’s it! Hope it helps you set a better infrastructure for your Cosmos validators and mitigate those possible DDoS attacks.
For further info you can have a look at Cosmos forums on the topic, or just ask in Umee validator communities Discord channels. And of course have a look at this interesting Cosmos DeFi project, Umee Network.
