The document is crafted to assist the operator setup the mainnet attestor nodes, i.e setup, configuration, and troubleshooting of the Capx Cloud Network. It is recommended that each section be reviewed carefully to ensure that the operator environment is configured correctly.

โ€‹
Setup Guidance

Complete each item in the checklist to ensure your node is properly configured. The checklist verifies all prerequisites are met before registration.

Access CapxCloud Operator Checklist โ†’

โ€‹
Wallet Configuration: Ledger/Safe vs. EOA

The appropriate environment file should be selected based on the wallet type being used.

Two key parameters should be configured:

  • PRIVATE_KEY_ATTESTER (Consensus Key):

    This parameter holds the private key that is used for consensus-related operations. It is designated as the Consensus Key and is responsible for signing messages and attestations that participate in the consensus process.

  • OPERATOR_ADDRESS (Controller Key Address):

    This parameter holds the wallet address associated with the controller key. It is used to manage administrative functions and operator configurations. The separation of these keys helps enhance security by ensuring that the key used for consensus operations is distinct from the one controlling operator privileges.

For further details on key roles and separation, please refer to the official documentation: Othentic CLI Private Key Management

##########################################################################################
# Fill in your attestor's private key, and the RPC endpoints
##########################################################################################
OPERATOR_ADDRESS=
PRIVATE_KEY_ATTESTER=
L1_RPC=https://eth-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD
L2_RPC=https://arb-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD

##########################################################################################
# Uncomment the below line to enable debug mode
##########################################################################################
# DEBUG=*

##########################################################################################
# Leave the following as they are
##########################################################################################
OTHENTIC_REGISTRY_ADDRESS=0x7e39183cDa5AF65E6A18aF8C3bf0c523127f83bF
AVS_GOVERNANCE_ADDRESS=0xad12e74847d6d1487a6a3a6b75d1f509f3f627e8
ATTESTATION_CENTER_ADDRESS=0x5103Aa9a96EB3FC4C3A700e14135E0ff3739b12c
IPFS_HOST=https://gateway.pinata.cloud/ipfs/
OTHENTIC_BOOTSTRAP_ID=12D3KooWEaL5pGLey8qcEmapuAFZPNbgnDSULnSbbmbcTfbVLMTN
OTHENTIC_BOOTSTRAP_SEED=49c6b501ba41f40d4bdbbe35cb0aaa7d304850ab199cca97dc9f7f016d47a9fb
OTHENTIC_BOOTSTRAP_HOST=mainnet.aggregator.services.capx.ai
L1_CHAIN=1
L2_CHAIN=42161
L1_CHAIN_CLI_CODE=mainnet
L2_CHAIN_CLI_CODE=arbitrum-one

โ€‹
Operator ( Attestor Node ) Setup

This is an early development release (v0.1.1) intended for testing and network growth. Operators should be aware that future updates may include breaking changes as the network evolves.

โ€‹
Key Features

  • Basic P2P attestation node implementation
  • Network discovery and peer connection
  • Integration with Symbiotic protocol security layer
  • Attestation service foundations
  • Minimal operator configuration requirements

โ€‹
Docker Images

โ€‹
Attester P2P Node (Mainnet)

Image: capxcloud/attester-p2p-node:0.1.1
SHA256: 1e97d06b37e985f8bdbeef02b215ce1ea6bb9b52f5ae5be6b322a6b6bb696a65

โ€‹
Validation Service (Mainnet)

Image: capxcloud/validation-service:0.1.1
SHA256: 693d4f1028ddb273ed127e40041511f25a2489bf623133aa60e9c8bb1a696c81

โ€‹
Docker Compose file

name: capxcloud-attestation-system

services:
  attester-p2p-node:
    image: capxcloud/attester-p2p-node:0.1.1
    container_name: capxcloud-attester-p2p-node
    restart: unless-stopped
    command: ["/usr/local/bin/start-attester.sh"]
    ports:
      - "7070:7070" # Attester metrics port
      - "9876:9876" # Attester P2P port - If you want map it to a different local port than 9876 (e.g. 9878:9876), uncomment the ANNOUNCED_ADDRESSES section and set the OPERATOR_MAPPED_PORT to the desired port
    env_file:
      - path: .env
        required: true
    environment:
      - OTHENTIC_BOOTSTRAP_HOST=${OTHENTIC_BOOTSTRAP_HOST}
      - PRIVATE_KEY=${PRIVATE_KEY_ATTESTER}
      - TASK_PERFORMER=0x0000000000000000000000000000000000000000
      - OTHENTIC_BOOTSTRAP_ID=${OTHENTIC_BOOTSTRAP_ID}
      - L1_CHAIN_CLI_CODE=${L1_CHAIN_CLI_CODE}
      - L2_CHAIN_CLI_CODE=${L2_CHAIN_CLI_CODE}
      - L1_RPC=${L1_RPC}
      - L2_RPC=${L2_RPC}
      - VALIDATION_SERVICE_IP=10.1.0.42
      # # ANNOUNCED_ADDRESSES section: Uncomment to enable announced addresses
      # - ENABLE_ANNOUNCED_ADDRESSES=true
      # - OPERATOR_PUBLIC_IP=127.0.0.1 # Replace with your public IP
      # - OPERATOR_MAPPED_PORT=9878 # Replace with the desired port
      # - OPERATOR_NODE_ID=your-node-id # Replace with your node ID (You can get it by running the command: othentic-cli node get-id --node-type attester)
    networks:
      p2p:
        ipv4_address: 10.1.0.2
    depends_on:
      validation-service:
        condition: service_healthy
    deploy:
      resources:
        limits:
          cpus: "1"
          memory: 1G
        reservations:
          cpus: "0.25"
          memory: 512M
    healthcheck:
      test: ["CMD", "/usr/local/bin/health-check.sh"]
      interval: 30s
      timeout: 10s
      retries: 1
      start_period: 60s
      start_interval: 30s
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "7"
        compress: "true"

  validation-service:
    image: capxcloud/validation-service:0.1.1
    container_name: capxcloud-validation-service
    env_file:
      - .env
    networks:
      p2p:
        ipv4_address: 10.1.0.42
    restart: unless-stopped
    deploy:
      resources:
        limits:
          cpus: "1"
          memory: 1G
        reservations:
          cpus: "0.25"
          memory: 512M
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:4002/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "7"
        compress: "true"

networks:
  p2p:
    driver: bridge
    ipam:
      config:
        - subnet: 10.1.0.0/16
          gateway: 10.1.0.1

โ€‹
Instructions for Running the Setup

  1. Prerequisites:
    • It is expected that Docker and Docker Compose are installed.
    • Ensure that the required environment variables are configured either in a .env file or in your shell environment.
    • Important: Configure network access for P2P communication
      • You must ensure ports 7070 (metrics) and 9876 (P2P communication) are open for inbound traffic in your firewall/router.
      • Without proper port forwarding, the attestation node will be unable to communicate with the network.
      • If youโ€™re behind NAT or want to use different port mappings, see the configuration note below.
  2. Port Configuration Note:
    • Default setup: The system expects ports 7070 and 9876 to be directly accessible from the internet.
    • Custom port mapping: If you need to map the P2P port to a different external port:
      • Uncomment the ANNOUNCED_ADDRESSES section in the docker-compose file
      • Set OPERATOR_PUBLIC_IP to your actual public IP address
      • Set OPERATOR_MAPPED_PORT to your desired external port (e.g., 9878)
      • Update OPERATOR_NODE_ID with your node ID
      • Update your router/firewall to forward the chosen external port to port 9876 on your host
  3. Deploying the Services:

    • Navigate to the directory containing the Docker Compose file.

    • Execute the following command to start the services in detached mode:

      docker-compose up -d

    • The services will be initiated in the background.

  4. Monitoring Logs:

    • To monitor the logs for all services in real time, it is advised to use:

      docker-compose logs -f

    • This command will stream the logs continuously, allowing for live troubleshooting.

  5. Managing the Deployment:

    • To stop the services, the following command can be used:

      docker-compose down

    • If an update of the images is needed, it is recommended to run:

      docker-compose pull && docker-compose up -d
  6. Verify Connectivity:
    • After deployment, verify your node is properly connected to the network by checking:

The document is crafted to assist the operator setup the mainnet attestor nodes, i.e setup, configuration, and troubleshooting of the Capx Cloud Network. It is recommended that each section be reviewed carefully to ensure that the operator environment is configured correctly.

โ€‹
Setup Guidance

Complete each item in the checklist to ensure your node is properly configured. The checklist verifies all prerequisites are met before registration.

Access CapxCloud Operator Checklist โ†’

โ€‹
Wallet Configuration: Ledger/Safe vs. EOA

The appropriate environment file should be selected based on the wallet type being used.

Two key parameters should be configured:

  • PRIVATE_KEY_ATTESTER (Consensus Key):

    This parameter holds the private key that is used for consensus-related operations. It is designated as the Consensus Key and is responsible for signing messages and attestations that participate in the consensus process.

  • OPERATOR_ADDRESS (Controller Key Address):

    This parameter holds the wallet address associated with the controller key. It is used to manage administrative functions and operator configurations. The separation of these keys helps enhance security by ensuring that the key used for consensus operations is distinct from the one controlling operator privileges.

For further details on key roles and separation, please refer to the official documentation: Othentic CLI Private Key Management

##########################################################################################
# Fill in your attestor's private key, and the RPC endpoints
##########################################################################################
OPERATOR_ADDRESS=
PRIVATE_KEY_ATTESTER=
L1_RPC=https://eth-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD
L2_RPC=https://arb-mainnet.g.alchemy.com/v2/cfbG2jJdddQ1A64OaB3C0uV60A9qM_KD

##########################################################################################
# Uncomment the below line to enable debug mode
##########################################################################################
# DEBUG=*

##########################################################################################
# Leave the following as they are
##########################################################################################
OTHENTIC_REGISTRY_ADDRESS=0x7e39183cDa5AF65E6A18aF8C3bf0c523127f83bF
AVS_GOVERNANCE_ADDRESS=0xad12e74847d6d1487a6a3a6b75d1f509f3f627e8
ATTESTATION_CENTER_ADDRESS=0x5103Aa9a96EB3FC4C3A700e14135E0ff3739b12c
IPFS_HOST=https://gateway.pinata.cloud/ipfs/
OTHENTIC_BOOTSTRAP_ID=12D3KooWEaL5pGLey8qcEmapuAFZPNbgnDSULnSbbmbcTfbVLMTN
OTHENTIC_BOOTSTRAP_SEED=49c6b501ba41f40d4bdbbe35cb0aaa7d304850ab199cca97dc9f7f016d47a9fb
OTHENTIC_BOOTSTRAP_HOST=mainnet.aggregator.services.capx.ai
L1_CHAIN=1
L2_CHAIN=42161
L1_CHAIN_CLI_CODE=mainnet
L2_CHAIN_CLI_CODE=arbitrum-one

โ€‹
Operator ( Attestor Node ) Setup

This is an early development release (v0.1.1) intended for testing and network growth. Operators should be aware that future updates may include breaking changes as the network evolves.

โ€‹
Key Features

  • Basic P2P attestation node implementation
  • Network discovery and peer connection
  • Integration with Symbiotic protocol security layer
  • Attestation service foundations
  • Minimal operator configuration requirements

โ€‹
Docker Images

โ€‹
Attester P2P Node (Mainnet)

Image: capxcloud/attester-p2p-node:0.1.1
SHA256: 1e97d06b37e985f8bdbeef02b215ce1ea6bb9b52f5ae5be6b322a6b6bb696a65

โ€‹
Validation Service (Mainnet)

Image: capxcloud/validation-service:0.1.1
SHA256: 693d4f1028ddb273ed127e40041511f25a2489bf623133aa60e9c8bb1a696c81

โ€‹
Docker Compose file

name: capxcloud-attestation-system

services:
  attester-p2p-node:
    image: capxcloud/attester-p2p-node:0.1.1
    container_name: capxcloud-attester-p2p-node
    restart: unless-stopped
    command: ["/usr/local/bin/start-attester.sh"]
    ports:
      - "7070:7070" # Attester metrics port
      - "9876:9876" # Attester P2P port - If you want map it to a different local port than 9876 (e.g. 9878:9876), uncomment the ANNOUNCED_ADDRESSES section and set the OPERATOR_MAPPED_PORT to the desired port
    env_file:
      - path: .env
        required: true
    environment:
      - OTHENTIC_BOOTSTRAP_HOST=${OTHENTIC_BOOTSTRAP_HOST}
      - PRIVATE_KEY=${PRIVATE_KEY_ATTESTER}
      - TASK_PERFORMER=0x0000000000000000000000000000000000000000
      - OTHENTIC_BOOTSTRAP_ID=${OTHENTIC_BOOTSTRAP_ID}
      - L1_CHAIN_CLI_CODE=${L1_CHAIN_CLI_CODE}
      - L2_CHAIN_CLI_CODE=${L2_CHAIN_CLI_CODE}
      - L1_RPC=${L1_RPC}
      - L2_RPC=${L2_RPC}
      - VALIDATION_SERVICE_IP=10.1.0.42
      # # ANNOUNCED_ADDRESSES section: Uncomment to enable announced addresses
      # - ENABLE_ANNOUNCED_ADDRESSES=true
      # - OPERATOR_PUBLIC_IP=127.0.0.1 # Replace with your public IP
      # - OPERATOR_MAPPED_PORT=9878 # Replace with the desired port
      # - OPERATOR_NODE_ID=your-node-id # Replace with your node ID (You can get it by running the command: othentic-cli node get-id --node-type attester)
    networks:
      p2p:
        ipv4_address: 10.1.0.2
    depends_on:
      validation-service:
        condition: service_healthy
    deploy:
      resources:
        limits:
          cpus: "1"
          memory: 1G
        reservations:
          cpus: "0.25"
          memory: 512M
    healthcheck:
      test: ["CMD", "/usr/local/bin/health-check.sh"]
      interval: 30s
      timeout: 10s
      retries: 1
      start_period: 60s
      start_interval: 30s
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "7"
        compress: "true"

  validation-service:
    image: capxcloud/validation-service:0.1.1
    container_name: capxcloud-validation-service
    env_file:
      - .env
    networks:
      p2p:
        ipv4_address: 10.1.0.42
    restart: unless-stopped
    deploy:
      resources:
        limits:
          cpus: "1"
          memory: 1G
        reservations:
          cpus: "0.25"
          memory: 512M
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:4002/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    logging:
      driver: "json-file"
      options:
        max-size: "50m"
        max-file: "7"
        compress: "true"

networks:
  p2p:
    driver: bridge
    ipam:
      config:
        - subnet: 10.1.0.0/16
          gateway: 10.1.0.1

โ€‹
Instructions for Running the Setup

  1. Prerequisites:
    • It is expected that Docker and Docker Compose are installed.
    • Ensure that the required environment variables are configured either in a .env file or in your shell environment.
    • Important: Configure network access for P2P communication
      • You must ensure ports 7070 (metrics) and 9876 (P2P communication) are open for inbound traffic in your firewall/router.
      • Without proper port forwarding, the attestation node will be unable to communicate with the network.
      • If youโ€™re behind NAT or want to use different port mappings, see the configuration note below.
  2. Port Configuration Note:
    • Default setup: The system expects ports 7070 and 9876 to be directly accessible from the internet.
    • Custom port mapping: If you need to map the P2P port to a different external port:
      • Uncomment the ANNOUNCED_ADDRESSES section in the docker-compose file
      • Set OPERATOR_PUBLIC_IP to your actual public IP address
      • Set OPERATOR_MAPPED_PORT to your desired external port (e.g., 9878)
      • Update OPERATOR_NODE_ID with your node ID
      • Update your router/firewall to forward the chosen external port to port 9876 on your host
  3. Deploying the Services:

    • Navigate to the directory containing the Docker Compose file.

    • Execute the following command to start the services in detached mode:

      docker-compose up -d

    • The services will be initiated in the background.

  4. Monitoring Logs:

    • To monitor the logs for all services in real time, it is advised to use:

      docker-compose logs -f

    • This command will stream the logs continuously, allowing for live troubleshooting.

  5. Managing the Deployment:

    • To stop the services, the following command can be used:

      docker-compose down

    • If an update of the images is needed, it is recommended to run:

      docker-compose pull && docker-compose up -d
  6. Verify Connectivity:
    • After deployment, verify your node is properly connected to the network by checking: