Saltearse al contenido
Documentación de Aptos

Generate a PFN Identity

Esta página aún no está disponible en tu idioma.

Ephemeral vs. Static Identities

Section titled “Ephemeral vs. Static Identities”

Public fullnodes (PFNs) will automatically start up with a randomly generated (ephemeral) network identity unless a static identity is provided. This works well for regular PFNs. However, there are cases where you may want to generate and assign a static network identity to your PFN (e.g., for monitoring purposes).

Ephemeral Identity

Section titled “Ephemeral Identity”
  • Automatically generated on node startup. The same ephemeral identity is used across restarts if the identity key file already exists.
  • By default, the identity file is stored at /opt/aptos/data/db/ephemeral_identity_key.

Static Identity

Section titled “Static Identity”

This is useful when:

  • You wish to advertise your PFN as a seed (i.e., for other Aptos PFNs to connect to).
  • You wish to add your PFN to an allowlist of known identities on an upstream PFN or VFN.
  • You wish to fix the identity of your PFN across restarts and releases so that telemetry and other monitoring tools can track your PFN over time.

Generate a static identity

Section titled “Generate a static identity”

To create a static identity for your PFN, you will first need to generate a private and public key pair. You will then need to derive the peer_id from the public key, and use the peer_id in your configuration file (e.g., fullnode.yaml) to configure the static network identity for your PFN.

The steps below will guide you through the process of generating a static identity for your PFN. The exact steps depend on whether you are using the aptos-core source code to run your PFN, or Docker.

Using the aptos-core source code

Section titled “Using the aptos-core source code”

If you use the aptos-core source code to run your PFN, follow these steps:

  1. Generate the private key

First, use the Aptos CLI (aptos) to produce a hex encoded static x25519 private key. This will be the private key for your network identity. Run the following aptos CLI command:

Terminal window
aptos key generate --key-type x25519 --output-file /path/to/private-key.txt

This command will create a file private-key.txt with the private key in it, and a corresponding private-key.txt.pub file with the public key in it. An example private-key.txt file and private-key.txt.pub file are shown below:

Terminal window
cat ~/private-key.txt
C83110913CBE4583F820FABEB7514293624E46862FAE1FD339B923F0CACC647D%


cat ~/private-key.txt.pub
B881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813%
  1. Retrieve the peer identity

Next, retrieve the peer identity from the public key using the aptos CLI. The --host flag in the command will provide the host information to output a network address for your PFN. Run the following command (be sure to update the --host flag with your actual host information):

Terminal window
aptos key extract-peer --host example.com:6180 \
    --public-network-key-file private-key.txt.pub \
    --output-file peer-info.yaml

This command will output the public identity information for your PFN to a file peer-info.yaml. For example:

{
  "Result": {
    "B881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813": {
      "addresses": [
        "/dns/example.com/tcp/6180/noise-ik/0xB881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813/handshake/0"
      ],
      "keys": [
        "0xB881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813"
      ],
      "role": "Upstream"
    }
  }
}

In this example, B881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813 is the peer_id.

  1. Start a PFN with the identity

After extracting the peer identity from the public key, you can start your PFN with the identity using the public key in the peer_id field of the configuration file (e.g., fullnode.yaml). For example:

full_node_networks:
  - network_id: "public"
discovery_method: "onchain"
identity:
  type: "from_config"
  key: "<PRIVATE_KEY>"
  peer_id: "<PEER_ID>"

In our example (from above), the configuration file (fullnode.yaml) should now have the following information:

full_node_networks:
  - network_id: "public"
    discovery_method: "onchain"
    identity:
      type: "from_config"
      key: "C83110913CBE4583F820FABEB7514293624E46862FAE1FD339B923F0CACC647D"
      peer_id: "B881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813"

Starting your PFN with this configuration will assign your PFN with the static network identity you generated.

Using Docker

Section titled “Using Docker”

If you use Docker to run your PFN, follow these steps:

  1. Prepare your tools

First, cd into the directory for your local PFN and start a Docker container with the latest tools, for example:

Terminal window
cd ~/my-full-node
docker run -it aptoslabs/tools:devnet /bin/bash
  1. Generate the private key

Next, follow the remaining steps from inside the aptoslabs/tools Docker container.

Open a new terminal and cd into the directory where you started the Docker container for your PFN. Making sure to provide the full path to where you want the private key file to be stored, run the command:

Terminal window
aptos key generate \
    --key-type x25519 \
    --output-file /path/to/private-key.txt
  1. Retrieve the peer identity

Next, retrieve the peer identity from the public key using the aptos CLI. The --host flag in the command will provide the host information to output a network address for your PFN. Run the following command (be sure to update the --host flag with your actual host information):

Terminal window
aptos key extract-peer --host example.com:6180 \
    --public-network-key-file private-key.txt.pub \
    --output-file peer-info.yaml

This command will output the public identity information for your PFN to a file peer-info.yaml. For example:

{
  "Result": {
    "B881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813": {
      "addresses": [
        "/dns/example.com/tcp/6180/noise-ik/0xB881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813/handshake/0"
      ],
      "keys": [
        "0xB881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813"
      ],
      "role": "Upstream"
    }
  }
}

In this example, B881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813 is the peer_id.

  1. Start a PFN with the identity

After extracting the peer identity from the public key, you can start your PFN with the identity using the public key in the peer_id field of the configuration file (e.g., fullnode.yaml). For example:

full_node_networks:
  - network_id: "public"
discovery_method: "onchain"
identity:
  type: "from_config"
  key: "<PRIVATE_KEY>"
  peer_id: "<PEER_ID>"

In our example (from above), the configuration file (fullnode.yaml) should now have the following information:

full_node_networks:
  - network_id: "public"
    discovery_method: "onchain"
    identity:
      type: "from_config"
      key: "C83110913CBE4583F820FABEB7514293624E46862FAE1FD339B923F0CACC647D"
      peer_id: "B881EA2C174D8211C123E5A91D86227DB116A44BB345A6E66874F83D8993F813"

Starting your PFN with this configuration will assign your PFN with the static network identity you generated.

Check your node identity

Section titled “Check your node identity”

If you want to check the identity of your node at runtime, there are several ways to do so. Two of the simplest methods are:

  • Using the REST API: You can query the /v1/info endpoint of your node’s REST API to retrieve the identity information.
  • Using the Node Inspection Service: You can query the /identity_information endpoint on your node’s inspection service to retrieve the identity information of your node. You can read more here.