Running a Terrad validator on GCP

A note on security

Security is *H*A*R*D* .

TL;DR Location of the scripts

All the scripts I use are located here. Pull Requests are always welcome.

Why a Cloud provider?

Some people like running on their own hardware, as it is ‘faster’ or more secure, or maybe like the blue flashing lights when they walk into their data center.

The Design

We are trying to build a Highly available, Secure, and Fault tolerant design. One of the nuances about terra is that if you send multiple oracle updates you run the risk of being penalized, and if you miss a couple of blocks, you lose your 100% uptime status, and also run the risk of being penalized.

  1. The terrad software itself. This is typically referred to as ‘the blockchain node’.
  2. The price feed server. This interacts with various FOREX currency providers to obtain exchange rates, and provides a REST api that the oracle reads from.
  3. The oracle that pushes the exchange rates onto terrad. This reads information from the price feed server, signs it with our private key, and then submits that as an action

Step 1: Create a GCP project

head over to the google’s GUI and create yourself a new project. pick a name you like, and set it as your default.

Step 2: Install gcloud

Step 3: create / setup your SSH key

There is an assumption here that you have ssh-agent running. This will create a SSH key for you and add it to your agent. This key will be used to connect to the machines. you can probably skip this step and just use the key google generates too.

Step 4: setup the firewall

as we are setting up things on different machines which need to communicate *AND* we need to set up things to talk externally, lets let google worry about it at the router level.

Step 5: create the VMs

I’m using VMs here. The initial thought was to dockerize them or stick them in kubernetes. For now I am choosing simple VMs as I plan on using a vTPM for the oracle. Instead of ‘secrets’.

Step 6: install terrad core onto the validator node

this setups an additional disk for the database, copies over the quicksync file, and configures terrad to run in ‘pruned’ mode. We reboot the machine to start up everything

  • 26656, which is open to the general public. This could/should be further locked down to a set of persistent peers
  • 1317 the ‘rest’ service which is how the oracle communicates to the node. This should only be open to the ‘oracle’ machines

Step 7: Install the price server

You will need to put your currencylayer API key into settings.private

Step 8: Register the validator on the network

It might take some time, but eventually your node will eventually sync up.

Step 9: Install the oracle

The final step is hooking up the price-feed to the terra node and pushing exchange information onto the blockchain.

  1. set your ORACLE_PASSWORD in your settings.private. This will be stored in plain text on your ‘feeder’ machine
  2. have your 24 words for your oracle key handy.

Step 10: Tell your friends

give it a day or so to make sure it’s all up, and then let your friends know about your validator.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PFC - Terra Validator

PFC - Terra Validator

5 Followers

We are a validator on the $Terra network. Dedicated to ones who recommended us to join $Luna. In our case Pete. #WhoWasYourPete?