Add steps to configure TMKMS in node deployments (#4)

Part of https://www.notion.so/Create-stacks-for-mainnet-1f2a6b22d4728034be4be2c51decf94e - TMKMS config is for `softsign` backend provider Reviewed-on: #4 Co-authored-by: Nabarun <nabarun@deepstacksoft.com> Co-committed-by: Nabarun <nabarun@deepstacksoft.com>
2025-05-20 13:55:15 +00:00 · 2025-05-20 13:55:15 +00:00 · 40ac26bd78
commit 40ac26bd78
parent 3d7ba45796
12 changed files with 570 additions and 53 deletions
--- a/docs/demo.md
+++ b/docs/demo.md
@ -4,12 +4,239 @@
 - [ansible](playbooks/README.md#ansible-installation)
 - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install)
 - [tmkms](https://github.com/iqlusioninc/tmkms?tab=readme-ov-file#installation)
  - Install with `softsign` feature
    ```bash
    cargo install tmkms --features=softsign --version=0.14.0
    ```
 - testnet-state.json ([exported testnet state](./run-first-validator.md#export-testnet-state)) 
 - distribution.json (JSON containing the `lps_lockup` distribution)
-## Run node
+## Steps
- Follow these steps to run first validator node: [run-first-validator.md](./run-first-validator.md)
+- In current working directory demo, keep exported `testnet-state.json` and `distribution.json` file from prerequisites
- Following steps can be used to run subsequent validator nodes
+- Fetch stack:
  ```bash
  laconic-so fetch-stack git.vdb.to/cerc-io/laconicd-stack --git-ssh --pull
  ```
 - Export current working directory
  ```bash
  export CWD=$(pwd)
  ```
 - Set envs:
  ```bash
  export EXPORTED_STATE_PATH=$CWD/testnet-state.json
  export LPS_DISTRIBUTION_PATH=$CWD/distribution.json
  # Test address that does not exist on testnet chain
  export EARLY_SUPPORTS_ACC_ADDR=laconic1gwytamfk3m5n0gsawh5vpwxkwd3vapmvzpp6nz
  ```
 - Copy the example variables file:
  ```bash
  cp ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.example.yml ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml
  ```
 - Run playbook to use exported state for generating mainnet genesis:
  ```bash
  ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/generate-genesis.yml -e "exported_state_path=$EXPORTED_STATE_PATH" -e "lps_distribution_path=$LPS_DISTRIBUTION_PATH" -e "early_supports_acc_address=$EARLY_SUPPORTS_ACC_ADDR"
  ```
 - Genesis file will be generated in output directory along with a file specifying the staking amount
  ```bash
  # List files in output directory - genesis.json and staking-amount.json
  ls -l output
  ```
 - Set env for key of account with balance in testnet:
  ```bash
  export FIRST_ACCOUNT_KEY=<KEY_OF_ACCOUNT_WITH_BALANCE_IN_TESTNET>
  ```
 - Create and populate first-validator-vars.yml:
  ```bash
  cat > ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml << EOL
  # Use a private key of an existing account with balance in testnet
  pvt_key: $FIRST_ACCOUNT_KEY
  # Path to the generated mainnet genesis file
  # Use the absolute path of generated output directory in the previous steps
  genesis_file: "$CWD/output/genesis.json"
  # Path to staking-amount.json generated in previous steps
  staking_amount_file: "$CWD/output/staking-amount.json"
  # Set custom moniker for the node
  cerc_moniker: "LaconicMainnet"
  # Set desired key name
  key_name: "laconic-validator"
  cerc_chain_id: "laconic-mainnet"
  min_gas_price: 0.001
  cerc_loglevel: "info"
  key_name: "laconic-validator"
  EOL
  ```
 - Export the data directory and mainnet deployment directory as environment variables:
  ```bash
  # Parent directory where the deployment directory will live
  export DATA_DIRECTORY=$CWD
  # Set mainnet deployment directory
  export MAINNET_DEPLOYMENT_DIR=mainnet-laconicd-deployment
  ```
 - Run ansible playbook to submit gentx and setup the node:
  ```bash
  ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/setup-first-validator.yml
  ```
 - Create tmks config directory for first validator node
  ```bash
  tmkms init ./tmkms-first-node
  ```
 - Update the TMKMS configuration file `./tmkms-first-node/tmkms.toml`:
  ```bash
  cat > ./tmkms-first-node/tmkms.toml << EOL
  [[chain]]
  id = "laconic-mainnet"
  key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" }
  state_file = "$CWD/tmkms-first-node/state/priv_validator_state.json"
  [[validator]]
  chain_id = "laconic-mainnet"
  addr = "tcp://localhost:26659"
  secret_key = "$CWD/tmkms-first-node/secrets/kms-identity.key"
  protocol_version = "v0.34"
  reconnect = true
  [[providers.softsign]]
  key_type = "consensus"
  path = "$CWD/tmkms-first-node/secrets/priv_validator_key"
  chain_ids = ["laconic-mainnet"]
  EOL
  ```
 - Import the private validator key into tmkms:
  ```bash
  tmkms softsign import $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json $CWD/tmkms-first-node/secrets/priv_validator_key
  ```
 - Start TMKMS:
  ```bash
  tmkms start --config $CWD/tmkms-first-node/tmkms.toml
  ```
  - Expected example output:
    ```bash
     INFO tmkms::commands::start: tmkms 0.14.0 starting up...
     INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="}
     INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c
    ERROR tmkms::client: [laconic-mainnet@tcp://localhost:26659] I/O error: Connection refused (os error 111)
    ```
    NOTE: The errors dissapear once the laconicd node starts
  - Note the pubkey logged at start for comparing later with validator pubkey on chain
 - In a new terminal export envs
  ```bash
  export CWD=$(pwd)
  export DATA_DIRECTORY=$CWD
  export MAINNET_DEPLOYMENT_DIR=mainnet-laconicd-deployment
  # Test address that does not exist on testnet chain
  export EARLY_SUPPORTS_ACC_ADDR=laconic1gwytamfk3m5n0gsawh5vpwxkwd3vapmvzpp6nz
  ```
 - Enable TMKMS in the laconicd node configuration:
  ```bash
  echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env
  ```
 - Remove the validator key from node deployment as it is no longer required
  ```bash
  rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json
  ```
 - Run the first validator node
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start
  ```
 - Check logs to ensure that node is running:
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f
  ```
 - Verify that validator and TMKMS pubkeys match
  - Get validator pubkey on chain
    ```bash
    # Check consensus_pubkey in output
    laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators -o json | jq .validators'
    ```
  - Compare it with the pubkey noted from logs in TMKMS
 - Check bonds list to confirm that testnet state was transferred properly:
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query bond list'
  ```
 - Check `alps` and `alnt` tokens total supply:
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query bank total-supply'
  ```
 - Query the `lps_lockup` account and view distribution:
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query auth module-account lps_lockup'
  ```
 - Query the `lps_lockup` and early supports accounts balances:
  ```bash
  lockup_account_address=$(laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query auth module-account lps_lockup -o json | jq -r .account.value.base_account.address')
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd query bank balances $lockup_account_address"
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd query bank balances $EARLY_SUPPORTS_ACC_ADDR"
  ```
 - Copy the genesis file to [config](./config) folder:
  ```bash
  cp $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/genesis.json ~/cerc/laconicd-stack/config/mainnet-genesis.json
  ```
 - Copy the staking amount file to [config](./config) folder:
  ```bash
  cp $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/tmp/staking-amount.json ~/cerc/laconicd-stack/config/staking-amount.json
  ```
 - Copy the example variables file:
@ -23,8 +250,6 @@
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'echo $(laconicd cometbft show-node-id)@host.docker.internal:26656'
  ```
  NOTE: Make sure that DATA_DIRECTORY and MAINNET_DEPLOYMENT_DIR values are that of first validator deployment
 - Update `cerc_peers` in `~/cerc/laconicd-stack/playbooks/validator/validator-vars.yml`:
  ```bash
@ -37,11 +262,10 @@
  ```bash
  # Parent directory where the deployment directory will live
-  export DATA_DIRECTORY=
+  export DATA_DIRECTORY=$CWD
  # Set mainnet deployment directory
-  # for eg: mainnet-validator-deployment
+  export MAINNET_DEPLOYMENT_DIR=mainnet-validator-deployment
  export MAINNET_DEPLOYMENT_DIR=
  ```
 - Update port mappings in `~/cerc/laconicd-stack/playbooks/validator/templates/specs/spec-template.yml.j2` to avoid port conflicts with first validator node:
@ -51,6 +275,7 @@
    ports:
      laconicd:
        - '3060:6060'
        - '36659:26659'
        - '36657:26657'
        - '36656:26656'
        - '3473:9473'
@ -58,10 +283,67 @@
        - '3317:1317'
  ```
- Run ansible playbook to set up and start your validator node:
+- Run ansible playbook to set up your validator node deployment:
  ```bash
-  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/run-validator.yml
+  ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/setup-validator.yml
  ```
 - Create tmks config directory for second validator node
  ```bash
  tmkms init ./tmkms-second-node
  ```
 - Update the TMKMS configuration file `./tmkms-second-node/tmkms.toml`:
  ```bash
  cat > ./tmkms-second-node/tmkms.toml << EOL
  [[chain]]
  id = "laconic-mainnet"
  key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" }
  state_file = "$CWD/tmkms-second-node/state/priv_validator_state.json"
  [[validator]]
  chain_id = "laconic-mainnet"
  addr = "tcp://localhost:36659"
  secret_key = "$CWD/tmkms-second-node/secrets/kms-identity.key"
  protocol_version = "v0.34"
  reconnect = true
  [[providers.softsign]]
  key_type = "consensus"
  path = "$CWD/tmkms-second-node/secrets/priv_validator_key"
  chain_ids = ["laconic-mainnet"]
  EOL
  ```
 - Import the private validator key into tmkms:
  ```bash
  tmkms softsign import $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json $CWD/tmkms-second-node/secrets/priv_validator_key
  ```
 - Start TMKMS:
  ```bash
  tmkms start --config $CWD/tmkms-second-node/tmkms.toml
  ```
 - In a new terminal export envs
  ```bash
  export CWD=$(pwd)
  export DATA_DIRECTORY=$CWD
  export MAINNET_DEPLOYMENT_DIR=mainnet-validator-deployment
  ```
 - Enable TMKMS in the laconicd node configuration:
  ```bash
  echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env
  ```
 - Start the node:
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start
  ```
 - Check logs to ensure that node is running:
@ -70,26 +352,20 @@
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f
  ```
-## Create Validator
+- Export required env vars for creating validator:
 - Export required env vars:
  ```bash
-  # private key of the existing account
+  # private key of another existing account with balance
  export PVT_KEY=<private-key-in-hex-format>
  # desired key name
-  export KEY_NAME=<key-name>
+  export KEY_NAME=validator-2
  export DATA_DIRECTORY=<data-directory>
  export MAINNET_DEPLOYMENT_DIR=<mainnet-deployment-dir>
  ```
 - Run ansible playbook to create validator on running chain:
  <!-- TODO: Use OS keyring -->
  ```bash
-  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/create-validator.yml
+  ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/create-validator.yml
  ```
 - Check the validator list:
@ -97,3 +373,16 @@
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators'
  ```
 - Remove the validator key from node deployment as it is no longer required
  ```bash
  rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json
  ```
 ## Cleanup
 - Remove deployments and other config files
  ```bash
  rm -rf *-spec.yml *-deployment tmkms-* output
  ```
--- a/docs/run-first-validator.md
+++ b/docs/run-first-validator.md
@ -5,7 +5,7 @@
 - [ansible](playbooks/README.md#ansible-installation)
 - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install)
-## Generate mainnet genesis file
+## Export testnet state
 - Get your private key from testnet deployment:
@ -35,6 +35,8 @@
  - The file will be generated in `<absolute-path-to-testnet-deployment>/export/testnet-state.json`
 ## Generate mainnet genesis file
 - If mainnet node is to be setup in a new machine, fetch the stack again:
  ```bash
@ -72,7 +74,7 @@
  ls -l output
  ```
-## Run node
+## Setup node
 - Copy the example variables file if not already done:
@ -111,10 +113,107 @@
  export MAINNET_DEPLOYMENT_DIR=
  ```
- Run ansible playbook to submit the gentx and run the node:
+- Run ansible playbook to submit gentx and setup the node:
  ```bash
-  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/run-first-validator.yml
+  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/setup-first-validator.yml
  ```
 ### Setup TMKMS (Optional but Recommended)
 <!-- Reference: https://docs.osmosis.zone/osmosis-core/keys/tmkms/#setup-tmkms -->
 - For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup
 - Set `$TMKMS_HOME` to the directory path containing TMKMS config files
  ```bash
  # Contents of tmkms config directory
  ls -l $TMKMS_HOME
  drwxrwxr-x 2 ... schema
  drwx------ 2 ... secrets
  drwxrwxr-x 2 ... state
  -rw-rw-r-- 1 ... tmkms.toml
  ```
 - Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`:
  ```toml
  [[chain]]
  id = "laconic-mainnet"
  key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" }
  # Replace <TMKMS_HOME> with absolute path to tmkms config directory
  state_file = "<TMKMS_HOME>/state/priv_validator_state.json"
  [[validator]]
  chain_id = "laconic-mainnet"
  # Replace <NODE_IP> with actual IP address of the laconicd node
  addr = "tcp://<NODE_IP>:26659"
  # Replace <TMKMS_HOME> with absolute path to tmkms config directory
  secret_key = "<TMKMS_HOME>/secrets/kms-identity.key"
  protocol_version = "v0.34"
  reconnect = true
  [[providers.softsign]]
  key_type = "consensus"
  # Replace <TMKMS_HOME> with absolute path to tmkms config directory
  path = "<TMKMS_HOME>/secrets/priv_validator_key"
  chain_ids = ["laconic-mainnet"]
  ```
 - Copy your validator key to TMKMS:
  - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json`
  - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/`
  - Import the private validator key into tmkms:
    ```bash
    tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key
    ```
  - Remove the JSON key file
    ```bash
    rm $TMKMS_HOME/secrets/priv_validator_key.json
    ```
 - Start TMKMS:
  ```bash
  tmkms start --config $TMKMS_HOME/tmkms.toml
  ```
  - Expected example output:
    ```bash
     INFO tmkms::commands::start: tmkms 0.14.0 starting up...
     INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="}
     INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c
    ERROR tmkms::client: [laconic-mainnet@tcp://localhost:26659] I/O error: Connection refused (os error 111)
    ```
    NOTE: The errors dissapear once the laconicd node starts
  - Note the pubkey logged at start for comparing later with validator pubkey on chain
 - Enable TMKMS in the laconicd node configuration:
  ```bash
  # Set TMKMS_ENABLED to true in the node's config.env
  echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env
  ```
 - Remove the validator key from node deployment as it is no longer required
  ```bash
  rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json
  ```
  NOTE: Store it safely offline in case of an emergency
 ## Run node
 - Command to run node
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start
  ```
 - Check logs to ensure that node is running:
@ -123,6 +222,16 @@
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f
  ```
 - If TMKMS has been configured verify that validator and TMKMS pubkeys match
  - Get validator pubkey on chain
    ```bash
    # Check consensus_pubkey in output
    laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators -o json | jq .validators'
    ```
  - Compare it with the pubkey noted from logs in TMKMS
 - Check bonds list to confirm that testnet state was transferred properly:
  ```bash
@ -161,7 +270,7 @@
 - Copy the staking amount file to [config](./config) folder:
  ```bash
-  cp <absolute-path-to-generated-output-dir>/staking-amount.json ~/cerc/laconicd-stack/config/staking-amount.json
+  cp $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/tmp/staking-amount.json ~/cerc/laconicd-stack/config/staking-amount.json
  ```
 - Get your node's address:
--- a/docs/run-validator.md
+++ b/docs/run-validator.md
@ -5,7 +5,7 @@
 - [ansible](playbooks/README.md#ansible-installation)
 - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install)
-## Run node
+## Setup Node
 - Get your private key from testnet deployment:
@ -57,14 +57,90 @@
  export MAINNET_DEPLOYMENT_DIR=
  ```
- Run ansible playbook to set up and start your validator node:
+- Run ansible playbook to set up your validator node deployment:
  ```bash
-  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/run-validator.yml
+  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/setup-validator.yml
  ```
 ### Setup TMKMS (Optional but Recommended)
 <!-- Reference: https://docs.osmosis.zone/osmosis-core/keys/tmkms/#setup-tmkms -->
 - For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup
 - Set `$TMKMS_HOME` to the directory path containing TMKMS config files
  ```bash
  # Contents of tmkms config directory
  ls -l $TMKMS_HOME
  drwxrwxr-x 2 ... schema
  drwx------ 2 ... secrets
  drwxrwxr-x 2 ... state
  -rw-rw-r-- 1 ... tmkms.toml
  ```
 - Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`:
  ```toml
  [[chain]]
  id = "laconic-mainnet"
  key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" }
  # Replace <TMKMS_HOME> with absolute path to tmkms config directory
  state_file = "<TMKMS_HOME>/state/priv_validator_state.json"
  [[validator]]
  chain_id = "laconic-mainnet"
  # Replace <NODE_IP> with actual IP address of the laconicd node
  addr = "tcp://<NODE_IP>:26659"
  # Replace <TMKMS_HOME> with absolute path to tmkms config directory
  secret_key = "<TMKMS_HOME>/secrets/kms-identity.key"
  protocol_version = "v0.34"
  reconnect = true
  [[providers.softsign]]
  key_type = "consensus"
  # Replace <TMKMS_HOME> with absolute path to tmkms config directory
  path = "<TMKMS_HOME>/secrets/priv_validator_key"
  chain_ids = ["laconic-mainnet"]
  ```
 - Copy your validator key to TMKMS:
  - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json`
  - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/`
  - Import the private validator key into tmkms:
    ```bash
    tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key
    ```
  - Remove the JSON key file
    ```bash
    rm $TMKMS_HOME/secrets/priv_validator_key.json
    ```
 - Start TMKMS:
  ```bash
  tmkms start --config $TMKMS_HOME/tmkms.toml
  ```
 - Enable TMKMS in the laconicd node configuration:
  ```bash
  # Set TMKMS_ENABLED to true in the node's config.env
  echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env
  ```
 ## Start Node
 - Start the laconicd node:
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start
  ```
 - Check logs to ensure that node is running:
  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f
  ```
@ -86,7 +162,6 @@
 - Run ansible playbook to create validator on running chain:
  <!-- TODO: Use OS keyring -->
  ```bash
  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/create-validator.yml
  ```
@ -97,6 +172,13 @@
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators'
  ```
 - If TMKMS has been configured, remove the validator key from node deployment as it is no longer required:
  ```bash
  rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json
  ```
  NOTE: Store it safely offline in case of an emergency
 ## Register Your Node
 - Get your node's address:
--- a/playbooks/first-validator/generate-genesis.yml
+++ b/playbooks/first-validator/generate-genesis.yml
@ -9,7 +9,7 @@
      ansible.builtin.shell:
        cmd: "laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd setup-repositories --git-ssh --pull"
-    # TODO: Add a flag to control force rebuild
+    # TODO: Add a playbook flag to control force rebuild
    - name: Build containers
      ansible.builtin.shell:
        cmd: "laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd build-containers --force-rebuild"
--- a/playbooks/first-validator/setup-first-validator.yml
+++ b/playbooks/first-validator/setup-first-validator.yml
@ -92,7 +92,3 @@
          -e "CERC_MONIKER={{ cerc_moniker }}" \
          -e "CERC_CHAIN_ID={{ cerc_chain_id }}" \
          cerc/laconicd:local bash -c "/scripts/create-and-collect-gentx.sh"
    - name: Run validator node
      shell: |
        laconic-so deployment --dir {{data_directory}}/{{ mainnet_deployment_dir }} start
--- a/playbooks/first-validator/templates/specs/spec-template.yml.j2
+++ b/playbooks/first-validator/templates/specs/spec-template.yml.j2
@ -2,6 +2,7 @@ network:
  ports:
    laconicd:
      - '6060:6060'
      - '26659:26659'
      - '26657:26657'
      - '26656:26656'
      - '9473:9473'
--- a/playbooks/validator/setup-validator.yml
+++ b/playbooks/validator/setup-validator.yml
@ -1,5 +1,5 @@
 ---
- name: Run mainnet validator node
+- name: Setup mainnet validator node
  hosts: localhost
  vars_files:
    - validator-vars.yml
@ -33,7 +33,7 @@
    - name: Build container images
      shell: |
-        laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd build-containers
+        laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd build-containers --force-rebuild
    - name: Create deployment spec file
      shell: |
@ -76,6 +76,11 @@
        dest: "{{data_directory}}/{{ mainnet_deployment_dir }}/data/laconicd-data/tmp/genesis.json"
        mode: '0644'
-    - name: Run validator node
+    - name: Initialize laconicd node
      shell: |
-        laconic-so deployment --dir {{data_directory}}/{{ mainnet_deployment_dir }} start
+        docker run -i \
          -v {{data_directory}}/{{ mainnet_deployment_dir }}/data/laconicd-data:/root/.laconicd \
          -v {{data_directory}}/{{ mainnet_deployment_dir }}/config/mainnet-laconicd:/scripts \
          -e "CERC_MONIKER={{ cerc_moniker }}" \
          -e "CERC_CHAIN_ID={{ cerc_chain_id }}" \
          cerc/laconicd:local bash -c "/scripts/setup-laconicd.sh"
--- a/playbooks/validator/templates/specs/spec-template.yml.j2
+++ b/playbooks/validator/templates/specs/spec-template.yml.j2
@ -2,6 +2,7 @@ network:
  ports:
    laconicd:
      - '6060:6060'
      - '26659:26659'
      - '26657:26657'
      - '26656:26656'
      - '9473:9473'
--- a/stack-orchestrator/compose/docker-compose-mainnet-laconicd.yml
+++ b/stack-orchestrator/compose/docker-compose-mainnet-laconicd.yml
@ -9,12 +9,15 @@ services:
      CERC_PEERS: ${CERC_PEERS}
      MIN_GAS_PRICE: ${MIN_GAS_PRICE:-0.001}
      CERC_LOGLEVEL: ${CERC_LOGLEVEL:-info}
      TMKMS_ENABLED: ${TMKMS_ENABLED:-false}
    volumes:
      - laconicd-data:/root/.laconicd
      - ../config/mainnet-laconicd/run-laconicd.sh:/opt/run-laconicd.sh
      - ../config/mainnet-laconicd/setup-laconicd.sh:/scripts/setup-laconicd.sh
      - ../config/mainnet-laconicd/create-validator.sh:/scripts/create-validator.sh
    ports:
      - "6060"
      - "26659"
      - "26657"
      - "26656"
      - "9473"
--- a/stack-orchestrator/config/mainnet-laconicd/create-and-collect-gentx.sh
+++ b/stack-orchestrator/config/mainnet-laconicd/create-and-collect-gentx.sh
@ -4,7 +4,6 @@ set -e
 NODE_HOME=/root/.laconicd
 genesis_file_path=$NODE_HOME/config/genesis.json
 # TODO: Set to OS keyring backend
 KEYRING="test"
 if [ -f "$genesis_file_path" ]; then
@ -45,6 +44,9 @@ laconicd config set client chain-id $CHAIN_ID --home $NODE_HOME
 laconicd config set client keyring-backend $KEYRING
 laconicd init $MONIKER --chain-id=$CHAIN_ID --home $NODE_HOME
 # Make config directory accessible without root permissions in docker host
 chmod -R 777 $NODE_HOME/config
 # Copy over provided genesis config
 cp $input_genesis_file $genesis_file_path
--- a/stack-orchestrator/config/mainnet-laconicd/run-laconicd.sh
+++ b/stack-orchestrator/config/mainnet-laconicd/run-laconicd.sh
@ -15,23 +15,12 @@ if [ ! -f ${input_genesis_file} ]; then
 fi
 echo "Env:"
 echo "Moniker: $CERC_MONIKER"
 echo "Chain Id: $CERC_CHAIN_ID"
 echo "Persistent peers: $CERC_PEERS"
 echo "Min gas price: $MIN_GAS_PRICE"
 echo "Log level: $CERC_LOGLEVEL"
 echo "TMKMS enabled: $TMKMS_ENABLED"
-# Set chain id in config
+/scripts/setup-laconicd.sh
 laconicd config set client chain-id $CERC_CHAIN_ID --home $NODE_HOME
 # Check if node data dir already exists
 if [ -z "$(ls -A "$NODE_HOME/data")" ]; then
  # Init node
  echo "Initializing a new laconicd node with moniker $CERC_MONIKER and chain id $CERC_CHAIN_ID"
  laconicd init $CERC_MONIKER --chain-id=$CERC_CHAIN_ID --home $NODE_HOME
 else
  echo "Node data dir $NODE_HOME/data already exists, skipping initialization..."
 fi
 # Use provided config files
 cp $input_genesis_file $NODE_HOME/config/genesis.json
@ -39,6 +28,17 @@ cp $input_genesis_file $NODE_HOME/config/genesis.json
 # Enable cors
 sed -i 's/cors_allowed_origins.*$/cors_allowed_origins = ["*"]/' $NODE_HOME/config/config.toml
 if [[ "${TMKMS_ENABLED,,}" == "true" ]]; then
  # Configure private validator for external tmkms
  sed -i "s/^priv_validator_laddr *=.*/priv_validator_laddr = \"tcp:\/\/0.0.0.0:26659\"/" $NODE_HOME/config/config.toml
  # Comment out validator key files when using external TMKMS
  sed -i 's/^priv_validator_key_file =/# priv_validator_key_file =/' $NODE_HOME/config/config.toml
  sed -i 's/^priv_validator_state_file =/# priv_validator_state_file =/' $NODE_HOME/config/config.toml
 else
  echo "Warning: TMKMS disabled, node will run with local validator keys"
 fi
 # Update config with persistent peers
 sed -i "s/^persistent_peers *=.*/persistent_peers = \"$CERC_PEERS\"/g" $NODE_HOME/config/config.toml
--- a/stack-orchestrator/config/mainnet-laconicd/setup-laconicd.sh
+++ b/stack-orchestrator/config/mainnet-laconicd/setup-laconicd.sh
@ -0,0 +1,29 @@
 #!/bin/bash
 if [[ -n "$CERC_SCRIPT_DEBUG" ]]; then
  set -x
 fi
 set -e
 NODE_HOME=/root/.laconicd
 echo "Env:"
 echo "Moniker: $CERC_MONIKER"
 echo "Chain Id: $CERC_CHAIN_ID"
 # Set chain id in config
 laconicd config set client chain-id $CERC_CHAIN_ID --home $NODE_HOME
 # Check if node data dir already exists
 if [ -z "$(ls -A "$NODE_HOME/data")" ]; then
  # Init node
  echo "Initializing a new laconicd node with moniker $CERC_MONIKER and chain id $CERC_CHAIN_ID"
  laconicd init $CERC_MONIKER --chain-id=$CERC_CHAIN_ID --home $NODE_HOME
  # Make config directory accessible without root permissions in docker host
  chmod -R 777 $NODE_HOME/config
 else
  echo "Node data dir $NODE_HOME/data already exists, skipping initialization..."
 fi