Setup Elrond Testnet Validator Node

CryptoCrabb
20 min readNov 25, 2020

--

Written by @cryptocrabb

German Dutch Spanish Italian Bahasa Indonesia French Persian

See the Video Tutorial describing parts of the setup.

Guide for setting up an Elrond Testnet Node with short overview, server backup and monitoring.

  1. Introduction — What is ElrondNetworks eGLD, and what is the special about?

Today I would like to show you how you can set up an Elrond Gold (eGLD) Testnet Node in a few minutes. All you need is a server with 2vCPU, 4GM RAM and 100mBit/s network connection.

Short introduction, most people today know Bitcoin, many have also heard that extremely high power consumption (similar to Switzerland) and transaction costs are in case with Bitcoin, and that the network is only able to process about 5 TPS (transactions per second). But, since Bitcoin is very limited, there are only about 21 million of them, so it is a rare commodity. Imagine 8 billion people want Bitcoin, what will happen to the price.

Another very well known coin is ETH (Ethereum). One of its key features is its applicability. Ethereum forms a network, which is able to host other Blockchain projects and it allows the implementation of smart contracts. SC‘s (Smart Contracts) are very interesting because many economic use cases can be realized automatically using them. Ethereums transactions are slightly cheaper and faster than Bitcoin, but with about 15 TPS they are still much too slow to be able to map all the various use cases in the modern Internet.

This is where Elrond’s e-Gold [eGLD] comes in! eGLD was designed specifically to map the workload of the 21st century Internet. The network is extremely fast at 5000 TPS per shard, and is also linearly scalable. Scalable means additional 5000 TPS can be performed by adding another shard, which can be switched in parallel at very low cost (or energy consumption) and a throughput time of just under 10 seconds. In addition, similar to ETH, other projects and SC’s can be realized, where each user can individually generate his own “Coins” with the performance of eGLD using the ESDT model. To keep such a network stable, you need computers worldwide, and that’s exactly what we are setting up now, or rather the test version of it. Now some people might think, man, I don’t have such a killing machine, but this is also a special feature of Elrond Network. Despite the high performance, the demands on the servers are really very low, because the system is ingeniously super-optimized for its tasks. You can rent a Testnet server for about 5 € per month.

So in short, we have a real future technology here, whose adaptation can only be a question of time, and I think it is worth saddling up now! There are many more reasons for eGLD, just inform yourself on https://elrond.com, countless telegram channels or other media. But now enough praise, we want to set up a node!

2. Setup your Testnet-wallet

First of all, we need an „Elrond Testnet Wallet“, the wallet is already live for the Mainnet too (https://wallet.elrond.com), here you can send eGLD in seconds almost free of charge globally or stake it for up to 29% apy, and even better, soon you can do all that with the intuitive Maiar App on your SmartPhone. But let’s go on, since we want to create a testnet wallet, we visit https://testnet-wallet.elrond.com and click “CREATE WALLET”

By clicking both checkboxes we confirm that we save the following 24 words safely and press “CONTINUE“

Please pay attention now, these words are the key to your account, save these words in exactly this sequence well! Best offline, and inform yourself about “keyphrase”, “cold wallet” or “public key” and “private key”! These are important topics, because if you lose your password, you can reset your password with the 24 words, so they are the most powerful key to your account! It would be too much to cover all of this here, but just this much, secure these keys well! For this reason you have to confirm again with the checkbox that you have copied the words or saved them securely.

After clicking “CREATE WALLET” again, the next screen asks for 3 random words of your keyphrase. This is to make sure that you have saved the words in the correct order. Only after you have entered the requested words, you can continue with “Continue”.

Now you can choose your password. Again, this topic is not to be taken on a light shoulder, just so much, choose a secure password of at least 9 characters with upper and lower case, numbers and special characters. I prefer a modified nursery rhyme, with a length of 30 characters or more and peppered with special characters, but this is stuff for another tutorial.

Once we have confirmed our password, after clicking “Continue” we will receive the public key file, the “Keystore file”, named after the wallet address in json format. Please handle this file carefully too, do not upload it anywhere and use it only on secure computers in secure networks. I like to rename the file to “1” or similar, save it in a password protected .zip file on the desktop, if you want to access the wallet often. Others recommend commercial hardware wallets like Ledger or Trust Wallet. Elrond is compatible with some of them, but I don’t want to recommend one here because I don’t want to advertise it.

If you can’t find the “Keystore file”, you can download it again here, please check if you can access your wallet by clicking on “Access Wallet”. Then you will get to the wallet access interface, where you can drag and drop the keyfile into the red bordered drag and drop area or open the file browser by clicking and searching for the file on your computer. Enter your password and when you click on “Access Wallet” again, you are already in your Elrond Testnet Wallet.

The button “Recover Wallet” allows to reset your password using the 24 words you have stored securely. The steps described above work the same way in Mainnet, you just have to start from https://wallet.elrond.com. One more important hint, of course you should not send any real eGLD to the testnet wallet, only xEGLD, which are the testnet „game eGLD“.

Now you should see the dashboard interface of the wallet, cute, right? To make the difference to the Mainnet Wallets easier to see, the Testnet masks are designed black & white. On top you can see your address, your current balance, how much is available balance, how much you have delegated at currently 29% interest, how much you have currently staked at about 7% interest on the delegation waiting queue and how much you have invested as a “Validator” at currently 36% interest. On the left side are several menu items, among others the link to the “Validate” area. We will need this link later to make our node live as “Validator”. In the middle you can see the current exchange rate development and at the bottom you can see an overview of the executed transactions.

3. Rent-a-server, for example Hetzner

Some may have a server and the necessary data rate at home, for those who don’t have that, here is a short introduction to server rental. There are many providers, I will do this using Hetzner as an example, because I have rented there and therefore know a little bit about it. In addition, the cheapest providers are often not suitable for operating the node, because the available performance often fluctuates and is therefore not constant enough. Even if Elrond Network does not place extremely high demands on the servers, the stability of the network is of course very important. If you log on to Hetzner’s site with a secure password and set up the 2-factor authentication it is sufficient to rent a cloud server CX21 for currently approx. 5.68 € per month. Create a new project and add a server there. This server does not meet all requirements, but is ok for the test network for the time being. Choose from

1) the location that suits you,

2) as operating system Ubuntu 18.04, not the newer version,

3) Standard, local

4) CX21

and leave the rest. Maybe you can change the name under 8). The access data will be sent to you by mail after clicking on “ORDER”.

4. connect and set up “nonrootuser“

After receiving the login data you can click on the project and then on the server. In the following view you can see your server data, open a terminal or switch the server on and off.

Open the terminal, enter

root

and confirm with the Enter or Return key (in future, please always end code lines or confirm with one of the two keys). You will be asked for the password from the mail, enter it and confirm again, then you should be asked to set a new password. Choose it with at least 9 characters, as described above, confirm, enter it a second and after second confirmation you should be logged on to your server.

For security reasons, some areas of the image above are blackened. Instead of 1:~#, root@servername:~# should be at the bottom of your screen. This default “root” user is a linux major security risk, so we will create a “nonrootuser” and block the “root” access. You can call the “nonrootuser” whatever you want, but you must always remember to use your chosen name instead of “nonrootuser” when the “nonrootuser” is mentioned here. Enter the following line or copy and paste it from here and adapt it to your needs.

useradd -s /bin/bash -d /home/nonrootuser -m -G sudo nonrootuser

With this you have setup the user „nonrootuser“, now we set a password:

passwd nonrootuser

passwd nonrootuser

You will be asked to enter the same password twice, I cannot say it often enough, please use secure passwords! To avoid having to re-enter the password every time, we edit the following:

sudo nano -f /etc/sudoers.d/myOverrides

(if text editor „nano“ is not installed: sudo apt install nano)

Add the following line to the text file (possibly the file is empty, so add it to the first line):

nonrootuser ALL=(ALL) NOPASSWD:ALL

Hold the “Ctrl” key on your keyboard and press “x” to save. You will be asked if you want to save, which you confirm with “y” (maybe “y” and “z” are swapped). Afterwards please confirm the file name.

Log out now using

exit

or

logout

and try to log in with the “nonrootuser” and your password. If this works we can disable the “root” user and have closed a major linux security hole.

5. Connect with MobaXterm, enable SSH, disable root

The safest way to log on to your server is using a SSH client. You can also find many more detailed tutorials about this, here are just the essentials to set up our server. I use MobaXterm (https://mobaxterm.mobatek.net/download-home-edition.html), because it makes things easier, especially for beginners. This is also one reason why I explain everything else using its example. After free download and installation you will see this interface.

To ensure that the files are stored and retrieved correctly, please define your “Persistent home directory” (“$HOME” directory) using menu item Settings/Configuration tab General and activate the checkbox “Use internal SSH agent MobAgent” under tab SSH, if you are not already using an external pageant like PuTTy.

Don’t be surprised if you don’t see a key in the lower field yet, this is optional, you can load keys there at the start of the program. Just go on opening a bash window under menu item Session/Shell

and create a SSH-ID. First create a folder (.ssh) where your keys will be stored in the “$HOME” directory on your local machine (not the server) with

mkdir -p $HOME/.ssh

and generate your public and private key pair with

ssh-keygen -t ed25519 -a 100 -C “My SSH key”

The quotation marks contain the text you see when a dialog asks for the passphrase (additional password), this additional info can be useful if you use multiple ID’s. You will be asked for the path in which you want to create the keys, if you just confirm, the default folder “.ssh” and file name “id_ed25519” will be chosen. After that you should enter the passphrase twice for additional security. If everything went well you will receive a fingerprint and a randomart image as confirmation, so don’t give them into the wrong hands.

For the next step please check if the files are in the correct folder (.ssh) on your local machine (not the server). If not, please search and move the two files into the .ssh folder. Then you can add your generated ID to the ssh-agent, first select the agent:

eval `ssh-agent -s`

Then add the just generated key:

ssh-add $HOME/.ssh/id_ed25519

You will be asked for your passphrase, if entered correctly you will get the message “Identity added:…”. Now you can add your SSH-ID under Settings/Configuration tab SSH as shown above, then you will be asked fort he passphrase on programm start, but you don’t need to.

The ID is now stored in your local MobaXterm agent. You can now send the ID to the server by entering your IP address from the server after the @:

ssh-copy-id nonrootuser@your.ip.add.ress

If you do not remeber the IP immediately, go to your server providers homepage and check the the overview page of your server or check the mail with your login data. After that you can login with

ssh ‘nonrootuser@your.ip.add.ress’

securely to your server from the local bash window. You may have to enter your password for the “nonrootuser” here.

Now we deactivate the “root” user and change the SSH port (which is set to 22 by default, thus creating another linux security hole) with:

sudo nano /etc/ssh/sshd_config

here you can edit the SSH configuration file. Be careful, you can lock yourself out if you do something wrong in the next steps. But even then you should still be able to log in via the terminal window of your server provider and your “nonrootuser“.

Please set (watch out, the “#” at the beginning of a line means that this line will not be executed)

#Port 22

to

Port your-ssh-port

choose “your-ssh-port” between 49152 and 65535 e. g.:

Port 49152

(without #)

and change

PermitRootLogin yes

to

PermitRootLogin no

(forbids the root user login, attention, there can be several entries for this)

Please enter the following line below

AllowUsers nonrootuser

(this allows your created nonrootuser to log in)

and change

#PasswordAuthentication yes

to

PasswordAuthentication no

(without #)

Your entries should look similar, but I have deleted commented lines (the ones with # at the beginning, which are ignored by the system) to make the screenshot clearer. Don’t be surprised if you have to scroll a few screens over the file to find all entries.

To save, hold the “Ctrl” key on the keyboard again and press “x”. Confirm the question if you want to save with “y” (from MobaXterm “y” and “z” should not be mixed up anymore). After that please confirm the file name with the Enter key.

Now adjust the firewall, first switch off:

sudo ufw reset
(If not available: sudo apt install ufw)

use text editor

sudo nano /etc/default/ufw

to change

IPv6=yes

to

IPv6=no

because no IPv6 is needed we can switch it off. After saving, release
- the port you have chosen in the bash window
- lower line for system requirements

sudo ufw allow your-ssh-port
sudo ufw allow 37373:38383/tcp

(the previously selected between 49152 and 65535)

and enable the firewall again:

sudo ufw enable

and then, very important, reset the SSH:

sudo service ssh restart

Now you should be able to login to the individual port via SSH with your ID, please try this in a new session of MobaXterm by opening a new window selecting Session/Shell Bash:

ssh -p your-ssh-port -i $HOME/.ssh/id_ed25519

If this does not work, switch to the previous session and check the last steps! If you can log in you have done everything correct and you can now create a “User session” in MabaXterm. Just select Session/SSH and enter the following:

  • the IP of your server as “Remote Host“
  • the non-rootuser under “Specify Username” (activate checkbox)
  • and enter the port selected above
  • under “Advanced SSH settings” link the id_ed25519 in the .ssh directory and activate the checkbox “Use private key”.

An entry should appear in the left area “User sessions”, double clicking should connect you to your server.

Please also check, if you can still log in as root user from the server provider console. Sometimes the root login is configured several times in different files, so it is best to set the root password to “expired”, this should apply global:

sudo passwd -l root

Try to log in again to make sure the root user has no more access.

So first log out with

exit

or

logout

and then try to log in again with Login „root“ and your old password. This should no longer work now.

There are some more measures like 2-factor authentication or fail2ban to secure your server, but here this should be enough for now. Many thanks to Alwin from Viastake, who laid the groundwork for this manual part with the following article, which leads through additional steps to secure your server:

https://www.viastake.com/2020/05/01/how-to-secure-your-server-like-a-boss/

6. Update and basic Ubuntu settings

After initiating and securing the server, we can now finally prepare the installation. For some people this may come a bit late, but the security of such a network, and also of the own server, plays an essential role in my opinion. Therefore updates and settings should not be postponed. Therefore, we will now make sure that all necessary programs are updated. First the system update:

sudo apt update

then do upgrade:

sudo apt upgrade

set UTC time:

sudo dpkg-reconfigure tzdata

choose „none“, then „UTC“.

Now we install a few programs, git to get the latest version

sudo apt install git-all

Zip and unzip to pack, we need this later to store the keys correctly for automatic updates:

sudo apt-get install zip unzip

Reboot the server again:

sudo reboot

and we can finally install our node in the next section.

7. Node-Setup with Keys

If there have been any changes in the meantime you can find them on the Elrond Docs page:

https://docs.elrond.com/validators/testnet-node.

If you have started the MobaXterm session to connect to your server, you have to clone the Elrond Go script in the main directory

cd ~

and clone the git repository

git clone https://github.com/ElrondNetwork/elrond-go-scripts-testnet

set the variables, first we have to find our name using:

whoami

This should return your nonrootuser. Edit file variables.cfg in the folder /elrond-go-scripts-testnet/config:

cd ~/elrond-go-scripts-testnet/config
nano variables.cfg

Enter whoami output in the two blue marked lines instead of <yourusername> :

Save again with Ctrl+x and confirm with y.

Now install the node, making sure that you are not in the wrong folder, change to the root directory (not $HOME or /home$) using

cd ~

and run the script to install:

~/elrond-go-scripts-testnet/script.sh

In the appearing selection menu choose

1) select “install”, then enter the desired name of the node in the query and

12) Select “quit”. (Numbers (1–12) may vary, please adjust according to the function)

Then create the folder for the Validator Keys in the root directory

cd ~
mkdir -p ~/VALIDATOR_KEYS

and create keys

./elrond-utils/keygenerator

pack the created keys (file validatorKey.pem) in the file node-0.zip

zip node-0.zip validatorKey.pem

then move it to the created folder:

mv node-0.zip $HOME/VALIDATOR_KEYS/

Now move the keyfile to the config folder on the server

mv validatorKey.pem $HOME/elrond-nodes/node-0/config/

Please check if the zipped file node-0.zip is really in the folder VALIDATOR_KEYS afterwards. Input

ls

displays the directory contents, the folder VALIDATOR_KEYS should be displayed

cd VALIDATOR_KEYS

switches to the VALIDATOR_KEYS directory, typing again

ls

should then display the file node-0.zip.

This file structure is important so that the system can make updates automatically. Also for these keys, keep them safe! Because we need the file validatorKey.pem later on, we load it on the local machine desktop and store it safely. Ok, in the testnet it’s not so wild, but the testnet should help to practice the activities in the mainnet, so it’s best to practice the safe handling of keyfiles!

Now, please start the script again, therefor switch back to the main directory:

cd ~

execute

~/elrond-go-scripts-testnet/script.sh

once more. Choose

7) „start“ (number can vary)

then

12) „quit”

in the selection menu.

Now you can observe your node while working as Observer, first configure it:

$HOME/elrond-utils/termui -address localhost:8080

Then start:

./elrond-utils/termui

The display should look similar to yours, since my termui already shows a validator, the information may differ, e.g. the green “synchronized” will most likely not be displayed permanently.

To be on the safe side, check if there are updates, but normally you should have received the latest version when cloning, again:

~/elrond-go-scripts-testnet/script.sh

In the selection menu the (numbers can vary) choose

10) „github pull“ then
8) „stop“ then
3) „upgrade“ then
7) „start“ and leave with
12) „quit“

Now your Observer is running! In the last step we promote it to a validator by staking 2500 xEGLD.

8. Staking, Setup Telegram and basic monitoring

To promote from observer to validator you have to stake 2500 xEGLD. xEGLD is the testnet variant of eGLD and you can get it easiest in the Validator Chat from Elrond on Telegram. So you first have to install Telegram. Unfortunately the basic settings of Telegram are a bit scam and spam friendly. If someone writes to you and promises you a fortune, I haven’t got one yet, but instead I’ve gotten nothing but trouble, so we’ll turn off the faucet right away! To do so, click on the “Burger Button” on the top left, then select “Settings”.

Phone number: Who can see my phone number: Nobody or My contacts
Who can find me by my number: Nobody or My contacts

Groups and Channels: Nobody or My contacts

Here it looks like this:

The Groups and Channels setting is very important, otherwise you will be constantly invited by spam bots to groups you most likely don’t want to visit. However, it can be helpful to set the setting to “Contacts” so that friends can invite you to groups.

Then join the Validator group by entering https://t.me/ElrondValidators in the upper left corner of the search window, click on the group and click on “JOIN GROUP” at the bottom.

There are many Elrond Groups and Admins, but none of them make Airdrops and other gifts, and none of them will ever write to you! This is the first sign to recognize scammers, report such people immediately (the “Block” option is displayed at the top, after clicking that there is the “Report” option).

In the Validator group you can ask for 2510 xEGLD, 2500 xEGLD to stake, and 10 to test, you will get your first “Test-Rewards”! Make a second testwallet and check how long it takes to transfer 1 xEGLD from the first to the second. If you have any questions about the node or other things, you can ask them there too. In the worst case you will be referred to the right group. But please do not start any price discussions, for this purpose there is the Elrond Trader Channel https://t.me/elrondTRADER.

Also highly recommended are the Community Group https://t.me/ElrondNetwork and the German Community https://t.me/ElrondNetwork_de.

Usually the 2510 xeGLD are sent to your wallet in a few minutes. Log in as described above and if more than 2500 eGLD are displayed, select the “Validate” link at the bottom left of the dashboard. Then click on the button “Stake now” in the upper right corner, drag the previously saved validatorKey.pem file into the dialog and press “Continue”.

Afterwards you only have to confirm the transaction with „Confirm“

In the middle area “My Validator Keys” you can see the status of your staking, if it says „QUEUED“ you are in the queue and have to wait until other nodes are logged out, if you move the mouse pointer over „QUEUED“ you can see how many are in the queue before you.

You can also ask politely in the Validator Chat if someone can free a place. When the status changes to „STAKED“, you are finally Validator in the testnet. You will have to wait 2–3 more epochs (4h each) until you can actually be drawn to actively contribute to the operation of the testnet in one of the shards, i.e. to validate. You can find more details about the draw in the Elrond Docs or on the website.

Now you usually want to do some monitoring as well, there are very powerful tools, here we only want to introduce three very simple, but already quite effective methods:

Testnet-explorer:
Visit https://testnet-explorer.elrond.com/validators/nodes to monitor your node in the Testnet-explorer. You can find it faster by entering the node name you have chosen, in the search field on the upper right side.

If you click on the public key you will get more interesting information, or you can copy it from the search bar of your browser for the next monitoring method.

Elrond Testnet Monitor https://t.me/ElrondTestnetBot:
Just open the telegram chat, enter “/start” and add your public key (+ Add). By clicking on Status you can see the current status of your node and by clicking on Details you can find more information.

Server-logs:
Furthermore you can create logfiles on the server in the script.sh menu using option

11) “get logs”

and analyze them.

So there are already some monitoring facilities besides the Termui interface without much effort. For those who want to know exactly what is going on, there are much more powerful tools, e.g. from Netdata, but maybe more about that another time.

9. Outlook, further sources

Of course there is infinitely more information about Elrond, read up, join in! Good starting points are https://elrond.com or https://docs.elrond.com/. You can find an overview of the different chat groups and the like at https://linktr.ee/elrond.

To become a Mainnet Validator you have to do almost the same as before, but you need 2500 “real” eGLD, currently (09.11.2020) about 20.550 $ or 17.500 €. This may seem like a lot to some people, but it is intended. The principle is called PoS, Proof of Stake, and the validators prove your “reliability” via the “inlay” of the “stake”. Bad validators can be punished, good ones receive transaction fees or interest on your investment. This system has many advantages in terms of sustainability and security, if you are interested read the Economics Paper at https://elrond.com/assets/files/elrond-economics.pdf or visit the website of a staking provider like Istari Vision https://istari-vision.com. I hope you had fun and everything is running smooth, otherwise join the chat or just ask us directly
https://t.me/CryptoCrabb
Thanks to:

WolfgangRueckerl@IstariVision

Alwin from Viastake

Daniel@DisruptiveDigital.eu

Elrond Warriors (DE)

@ElrondNetwork

my wife Diana, my kids Max and Neo

and all I forgot!

For more intensive setup scenarios see the following guide by Alwin:
https://medium.com/elrond-community/run-and-maintain-one-or-multiple-elrond-nodes-in-ubuntu-18-04-5f5c9658e580
and many more, just check
https://medium.com/@haklander

--

--

No responses yet