Skip to content

Instantly share code, notes, and snippets.

@afmsavage

afmsavage/keep-ecdsa-node.md

Last active September 27, 2020 20:26
Show Gist options
  • Save afmsavage/8fc19937a6b263f05c3e215d8860629c to your computer and use it in GitHub Desktop.
Save afmsavage/8fc19937a6b263f05c3e215d8860629c to your computer and use it in GitHub Desktop.
Download ZIP
Walkthrough to create Keep-ECDSA node for either mainnet or testnet
Raw
keep-ecdsa-node.md

Keep Network ECDSA Node Setup Guide

9/19/2020
NOTE: I will no longer be updating this guide with the newest testnet bootsrap peers and contract addresses (if they change). You can check the official docs for them at https://github.com/keep-network/keep-ecdsa/blob/master/docs/run-keep-ecdsa.adoc#72-testnet. This will only impact the BondedECDSAKeepFactory and SanctionedApplications contract addresses and the bootstrap peers list of the testnet config.toml example below. Last updated when mainnet launched mid Sept.

This guide describes the steps required to get a Keep-ECDSA node up and running on the Ropstein testnet and the Ethereum Mainnet. This guide assumes you are running Ubuntu. If you use a different distro such as Fedora, most commands should remain the same but keep that in mind. Also, please use Novy4's guide to get your server setup and ready to run the ECDSA node. I will be detailing out the key parts that differ from his Keep Client guide to get your ECDSA node up and running. guide found here. https://medium.com/@novysf/run-a-keep-network-testnet-node-37096946af35

Also, please setup some monitoring on your node if you are running on Mainnet. This is real money afterall, and slashing can occur. I have a guide here about how I monitor my node on Mainnet. https://gist.github.com/afmsavage/7c8a9ccf085bedbc0a2880472a9ef984

Links to utilize for help or info

Prep work

Authorize tBTC contracts and stake ETH

Mainnet

Go to https://dashboard.keep.network/applications/tbtc and authorize the tBtc contract and stake some Mainnet ETH.

Testnet

Go to https://dashboard.test.keep.network/applications/tbtc and authorize the tBtc contract and stake some Ropstein ETH.

Server Setup

Create the following folder structure

Use this command to create the following structure

mkdir -p $HOME/keep-ecdsa/{config,keystore,persistence}
$HOME
│
└───keep-ecdsa
   │
   │
   └───config
   │    └───config.toml
   │
   └───keystore
   │    └───keep_wallet.json
   │
   └───persistence

Create the following environment variables. You might have created these in Novy's walkthrough, also linked at the top of this guide

## Setup some environment variables
export SERVER_IP=$(curl ifconfig.co)
# Change with your ID from Infura.
export INFURA_PROJECT_ID="$INFURA-ID"
# Change with your ETH Wallet.
export ETH_WALLET="0x..."
# Enter the password in which you encrypted your wallet file with
export KEEP_CLIENT_ETHEREUM_PASSWORD="$ENTERPASSWORDHERE"

The above environment variables can also be added to your .bashrc file with the following command. This ensures they are present if the machine ever reboots

cat <<EOF >>$HOME/.bashrc

## Setup some environment variables
export SERVER_IP=$(curl ifconfig.co)
# Change with your ID from Infura.
export INFURA_PROJECT_ID="$INFURA-ID"
# Change with your ETH Wallet.
export ETH_WALLET="0x..."
# Enter the password in which you encrypted your wallet file with
export KEEP_CLIENT_ETHEREUM_PASSWORD="$ENTERPASSWORDHERE"
EOF

Now run the following command to create your config.toml for the Keep-ECDSA node.

MAINNET CONFIG

cat <<CONFIG >>$HOME/keep-ecdsa/config/config.toml

# Connection details of ethereum blockchain.
[ethereum]
  URL = "wss://mainnet.infura.io/ws/v3/$INFURA_PROJECT_ID"
  URLRPC = "https://mainnet.infura.io/v3/$INFURA_PROJECT_ID"


[ethereum.account]
  Address = "$ETH_WALLET"
  KeyFile = "/mnt/keep-ecdsa/keystore/keep_wallet.json"


# This address might change and need to be replaced from time to time
# if it does, the new contract address will be listed here:
# https://github.com/keep-network/keep-ecdsa/blob/master/docs/run-keep-ecdsa.adoc
[ethereum.ContractAddresses]
  BondedECDSAKeepFactory = "0xA7d9E842EFB252389d613dA88EDa3731512e40bD"


# This addresses might change and need to be replaced from time to time
# if it does, the new contract address will be listed here:
# https://github.com/keep-network/keep-ecdsa/blob/master/docs/run-keep-ecdsa.adoc
# Addresses of applications approved by the operator.
[SanctionedApplications]
  Addresses = [
    "0xe20A5C79b39bC8C363f0f49ADcFa82C2a01ab64a",
]

[Storage]
  DataDir = "/mnt/keep-ecdsa/persistence"
  
[LibP2P]
  Peers = ["/dns4/bst-a01.ecdsa.keep.boar.network/tcp/4001/ipfs/16Uiu2HAkzYFHsqbwt64ZztWWK1hyeLntRNqWMYFiZjaKu1PZgikN",
"/dns4/bst-b01.ecdsa.keep.boar.network/tcp/4001/ipfs/16Uiu2HAkxLttmh3G8LYzAy1V1g1b3kdukzYskjpvv5DihY4wvx7D"]
Port = 3919

# Override the node’s default addresses announced in the network
AnnouncedAddresses = ["/ip4/$SERVER_IP/tcp/5678"]

[TSS]
# Timeout for TSS protocol pre-parameters generation. The value
# should be provided based on resources available on the machine running the client.
# This is an optional parameter, if not provided timeout for TSS protocol
# pre-parameters generation will be set to .
  PreParamsGenerationTimeout = "2m30s"
CONFIG

TESTNET CONFIG

cat <<CONFIG >>$HOME/keep-ecdsa/config/config.toml

# Connection details of ethereum blockchain.
[ethereum]
  URL = "wss://ropsten.infura.io/ws/v3/$INFURA_PROJECT_ID"
  URLRPC = "https://ropsten.infura.io/v3/$INFURA_PROJECT_ID"


[ethereum.account]
  Address = "$ETH_WALLET"
  KeyFile = "/mnt/keep-ecdsa/keystore/keep_wallet.json"


# This address might change and need to be replaced from time to time
# if it does, the new contract address will be listed here:
# https://github.com/keep-network/keep-ecdsa/blob/master/docs/run-keep-ecdsa.adoc
[ethereum.ContractAddresses]
  BondedECDSAKeepFactory = "0x9EcCf03dFBDa6A5E50d7aBA14e0c60c2F6c575E6"


# This addresses might change and need to be replaced from time to time
# if it does, the new contract address will be listed here:
# https://github.com/keep-network/keep-ecdsa/blob/master/docs/run-keep-ecdsa.adoc
# Addresses of applications approved by the operator.
[SanctionedApplications]
  Addresses = [
    "0xc3f96306eDabACEa249D2D22Ec65697f38c6Da69",
]

[Storage]
  DataDir = "/mnt/keep-ecdsa/persistence"
  
[LibP2P]
  Peers = ["/dns4/bootstrap-1.ecdsa.keep.test.boar.network/tcp/4001/ipfs/16Uiu2HAmPFXDaeGWtnzd8s39NsaQguoWtKi77834A6xwYqeicq6N",
"/dns4/ecdsa-2.test.keep.network/tcp/3919/ipfs/16Uiu2HAmNNuCp45z5bgB8KiTHv1vHTNAVbBgxxtTFGAndageo9Dp",
"/dns4/ecdsa-3.test.keep.network/tcp/3919/ipfs/16Uiu2HAm8KJX32kr3eYUhDuzwTucSfAfspnjnXNf9veVhB12t6Vf",]
Port = 3919

# Override the node’s default addresses announced in the network
AnnouncedAddresses = ["/ip4/$SERVER_IP/tcp/3920"]

[TSS]
# Timeout for TSS protocol pre-parameters generation. The value
# should be provided based on resources available on the machine running the client.
# This is an optional parameter, if not provided timeout for TSS protocol
# pre-parameters generation will be set to .
  PreParamsGenerationTimeout = "2m30s"
CONFIG

Docker run cmd to start node

Once you have your config.toml file setup and ready to go inside of $HOME/keep-ecdsa/config, you can use the following command to start up the node. No need to pull the image first, this run command will recognize that you do not have the image locally and download it automatically

NOTE: I map 3920 local port to 3919 in this command because I have both the ECDSA node and the random beacon running on the same box. Since you cannot map both of these containers to the same local port, I have chosen to map the ECDSA node to 3920. The end result is the same as long as you map the container port as 3919.

Also, feel free to remove the line for --env LOG_LEVEL=debug if you only want to see warning logs. I have included this because debug logs are useful especially when troubleshooting your node.

sudo docker run -d \
  --restart always \
  --entrypoint /usr/local/bin/keep-ecdsa \
  --volume $HOME/keep-ecdsa:/mnt/keep-ecdsa \
  --env KEEP_ETHEREUM_PASSWORD=$KEEP_CLIENT_ETHEREUM_PASSWORD \
  --env LOG_LEVEL=debug \
  --name ecdsa \
  -p 3919:3919 \
  --log-opt max-size=100m \
  --log-opt max-file=3 \
  keepnetwork/keep-ecdsa-client:v1.2.0-rc.4 \
  --config /mnt/keep-ecdsa/config/config.toml start

Breakdown of the above command

sudo docker run -d \ # runs the container and detaches from it, meaning it runs in the background
  --restart always \ # self-explanator.  Your container will attempt to always restart on failure
  --entrypoint /usr/local/bin/keep-ecdsa \ # This is specifying that you want to execute the keep-ecdsa program at that location inside of the container
  --volume $HOME/keep-ecdsa:/mnt/keep-ecdsa \ # Mapping the local filesystem to the container filesystem.  LOCAL:CONTAINER
  --env KEEP_ETHEREUM_PASSWORD=$KEEP_CLIENT_ETHEREUM_PASSWORD \ # sets an environment variable inside the container, in this case your password to unlock your wallet.json
  --env LOG_LEVEL=debug \ # optional, sets logging level of this container to DEBUG and above
  --name ecdsa \ # name of the container, if not given, Docker will create a random one
  -p 3919:3919 \ # maps local port 3919 to 3919 of the container.  LOCAL:CONTAINER
  --log-opt max-size=100m \ # each log file size will be 100mb max
  --log-opt max-file=3 \ # only 3 log files of 100mb each will be stored locally
  keepnetwork/keep-ecdsa-client:v1.2.0-rc.4 \ # Specifies which Docker image to run, in this case the ECDSA node
  --config /mnt/keep-ecdsa/config/config.toml start # configures your container using your config.toml you created earlier and starts the container

Check to see if your node is running

NOTE: it will take awhile for your node to generate the primes. Please be patient while this occurs. Most likely if your node is not stuck in a restart loop, you are fine

docker ps -a

You should see similar to the following:

ubuntu@ip-172-31-25-217:~$ docker ps -a
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS
    PORTS                    NAMES
a355b76ca6d4        keepnetwork/keep-ecdsa-client:1.2.0-rc.5   "/usr/local/bin/keep…"   8 minutes ago       Up 8 minutes        0.0.0.0:3919->3919/tcp   ecdsa

Check to see that your node is running well

docker logs ecdsa --since 10m -f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment