# Run First Validator Node

## Prerequisites

- Machine 1: Where the SAPO testnet node is already running

  - Install `zstd` using `sudo apt install zstd`

- Machine 2: Where the mainnet first validator node is to be setup

- Machine 3: Where the genesis file is to be generated

  - Install `zstd` using `sudo apt install zstd`

  - LPS distribution Google spreadsheet URL or CSV file path

- Machine 4: Where the TMKMS service is to be setup

- Following tools are required in all machines:

  - [ansible](playbooks/README.md#ansible-installation)
  - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install)

  - laconicd-stack

    ```bash
    laconic-so fetch-stack git.vdb.to/cerc-io/laconicd-stack --git-ssh --pull
    ```

## Build laconicd to generate genesis file

- Run the following steps in a secure machine (machine 3) separate from the one where the node is to be setup (machine 2)

- Run playbook to build laconicd container:

  ```bash
  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/build-laconicd.yml
  ```

## Setup node

- Run the following steps in the machine where the mainnet node is to be setup (machine 2)

- Copy the example variables file if not already done:

  ```bash
  cp ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.example.yml ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml
  ```

- Update `~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml` with required values:

  ```bash
  # Set custom moniker for the node
  cerc_moniker: "LaconicMainnetNode"

  # Set desired key name
  key_name: "laconic-validator"
  ```

- Export the data directory and mainnet deployment directory as environment variables:

  ```bash
  # Parent directory where the deployment directory will live
  export DATA_DIRECTORY=

  # Set mainnet deployment directory
  export MAINNET_DEPLOYMENT_DIR=mainnet-laconicd-deployment
  ```

- Run ansible playbook to setup the node:

  ```bash
  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/setup-first-validator.yml
  ```

- Get the public key of your node:

  ```bash
    docker run -it \
    -v $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data:/root/.laconicd \
    cerc/laconicd:local bash -c "laconicd tendermint show-validator"
  ```

  NOTE: This public key is required in [next step to generate the genesis file](#generate-mainnet-genesis-file)

- Copy over the `priv_validator_key.json` located at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` to the machine where the TMKMS service is to be setup (machine 4)

## Setup TMKMS

- For integrating TMKMS with laconicd, follow steps below in the machine where the TMKMS service is to be setup (machine 4)

- Export the data directory and TMKMS deployment directory as environment variables:

  ```bash
  # Parent directory where the deployment directory will live
  export DATA_DIRECTORY=
  ```

- Run ansible playbook to setup the TMKMS service:

  ```bash
  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/setup-tmkms.yml
  ```

## Export testnet state

- Run the following steps in machine where the testnet node is already running (machine 1)

- Get your private key from testnet deployment:

  ```bash
  laconic-so deployment --dir <testnet-deployment-dir> exec laconicd "laconicd keys export <key-name> --unarmored-hex --unsafe"
  ```

  NOTE: Store this key securely as it is needed in later steps

- Stop the node for SAPO testnet:

  ```bash
  laconic-so deployment --dir <testnet-deployment-dir> stop
  ```

- Run script to export state from testnet chain:

  ```bash
  ~/cerc/laconicd-stack/scripts/export-testnet-state.sh <absolute-path-to-testnet-deployment>
  ```

  - The compressed zst file will be generated at `<absolute-path-to-testnet-deployment>/export/testnet-state.zst`

## Generate mainnet genesis file

- Run the following steps in machine where [the genesis file is to be generated (machine 3)](#build-laconicd-to-generate-genesis-file)

- Copy over compressed `testnet-state.zst` file to target machine

- Set envs:

  ```bash
  # Path where exported testnet state JSON file will be created
  export EXPORTED_STATE_PATH=<absolute-path-to-be-exported-testnet-state-json>

  # Path where LPS distribution JSON file will be created
  export LPS_DISTRIBUTION_PATH=<absolute-path-to-be-generated-distribution-json>

  export EARLY_SUPPORTS_ACC_ADDR=<account-address-controlled-by-laconic-foundation>

  # Parent directory where the deployment directory will live
  export DATA_DIRECTORY=
  ```

- Extract the testnet-state JSON file:

  ```bash
  zstd -dc <path-to-compressed-file>/testnet-state.zst > $EXPORTED_STATE_PATH

  # Remove zst folder
  rm -rf <path-to-compressed-file>/testnet-state.zst
  ```

- Generate LPS lockup distribution JSON file

  ```bash
  ~/cerc/laconicd-stack/scripts/generate-lps-lock.sh -i "<lps-distribution-spreadsheet-url-or-csv-file-path>" -o $LPS_DISTRIBUTION_PATH
  ```

  - This will generate the `distribution.json` file at `$LPS_DISTRIBUTION_PATH`

- Copy the example variables file:

  ```bash
  cp ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.example.yml ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml
  ```

- Edit `~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml` with required values:

  NOTE: Use the public key exported in [previous step](#setup-node)

  ```bash
  # Make sure to wrap it with single quotes ('')
  validator_pub_key: '<public-key-of-your-node>'
  ```

- Run playbook to use exported state for generating mainnet genesis file with gentx:

  ```bash
  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/generate-genesis.yml -e "exported_state_path=$EXPORTED_STATE_PATH" -e "lps_distribution_path=$LPS_DISTRIBUTION_PATH" -e "early_supports_acc_address=$EARLY_SUPPORTS_ACC_ADDR"
  ```

  - Input private key of the existing account that was exported in previous steps when prompted

- Genesis file will be generated in output directory along with a file specifying the staking amount

  ```bash
  # List files in output directory - genesis.json and staking-amount.json
  ls -l output
  ```

## Run node

### Start TMKMS

- Run these steps in the machine where the TMKMS service is setup (machine 4)

- Copy the example variables file:

  ```bash
  cp ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.example.yml ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml
  ```

- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values:

  NOTE: Use the `priv_validator_key.json` file copied from the node setup machine (Machine 2) in [previous step](#setup-node)

  ```yaml
  # Absolute path to the node's private validator key file
  priv_validator_key_file_path: "</path/to/priv_validator_key.json>"

  # Set the IP address of the machine where the laconicd node is setup
  node_ip: "<NODE_PUBLIC_IP_ADDRESS>"

  # Set the port of the laconicd node
  node_port: "26659"
  ```

- Run ansible playbook to run the TMKMS:

  ```bash
  ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/run-tmkms.yml
  ```

- Check logs to ensure that TMKMS is running:

  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/tmkms-deployment logs tmkms -f
  ```

  - Expected example output:

    ```bash
     INFO tmkms::commands::start: tmkms 0.14.0 starting up...
     INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="}
     INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c
    ERROR tmkms::client: [laconic-mainnet@tcp://<node-ip>:26659] I/O error: Connection refused (os error 111)
    ```

    NOTE: The errors dissapear once the laconicd node starts

- Note the pubkey logged at start for comparing later with validator pubkey on chain

- Remove the validator key from node deployment as it is no longer required:

  ```bash
  rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json
  ```

  NOTE: Store it safely offline in case of an emergency

### Start node

- Run the following steps in the machine where the mainnet node is setup (machine 2)

- Enable TMKMS in the laconicd node configuration:

  ```bash
  # Set TMKMS_ENABLED to true in the node's config.env
  echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env
  ```

- Copy the genesis file to the mainnet deployment tmp directory:

  ```bash
  cp <absolute-path-to-genesis-json> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/tmp/genesis.json
  ```

- Command to run node:

  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start
  ```

- Check logs to ensure that node is running:

  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f
  ```

- Verify that validator and TMKMS pubkeys match:

  - Get validator pubkey on chain

    ```bash
    # Check consensus_pubkey in output
    laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators -o json | jq .validators'
    ```

  - Compare it with the pubkey noted from logs in TMKMS

- Check bonds list to confirm that testnet state was transferred properly:

  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query bond list'
  ```

- Check `alps` and `alnt` tokens total supply:

  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query bank total-supply'
  ```

- Query the `lps_lockup` account and view distribution:

  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query auth module-account lps_lockup'
  ```

- Query the `lps_lockup` and early supports accounts balances:

  ```bash
  lockup_account_address=$(laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query auth module-account lps_lockup -o json | jq -r .account.value.base_account.address')
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd query bank balances $lockup_account_address"

  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd query bank balances $EARLY_SUPPORTS_ACC_ADDR"
  ```

## Publish required artifacts

- Run the following steps in machine where the genesis file and staking amount files are generated (machine 3)

  - Copy the genesis file to [config](./config) folder:

    ```bash
    cp $DATA_DIRECTORY/output/genesis.json ~/cerc/laconicd-stack/config/mainnet-genesis.json
    ```

  - Copy the staking amount file to [config](./config) folder:

    ```bash
    cp $DATA_DIRECTORY/output/staking-amount.json ~/cerc/laconicd-stack/config/staking-amount.json
    ```

- Get your node's address by running following command in the machine where the mainnet node is running (machine 2):

  ```bash
  laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'echo $(laconicd cometbft show-node-id)@YOUR_PUBLIC_IP_ADDRESS:26656'
  ```

- Add your node's address to [node-addresses.yml](./node-addresses.yml)

- Submit a PR with this genesis file, staking amount file and node address so that it is available to other validators