Prerequisites for this guide
- Installed and synced Execution and Consensus client
Run a validator
Stakers.space guide works with a concept of validator instances. You are used to have only one validator service from the other staking guides. However, this one service is just a single instance. This guide supports you to set multiple such validator instances on a single machine (if necessary), which has following benefits:
- You are able to keep validators separated - e.g. based on used deposit / withdrawal / fee recipient wallet address
- Keep logs in smaller size
- Remove a limitation of thread perofmance - with more instances you are able to you your CPU and threads in a more efficient way that results in option to run more validators on a single machine.
Under 1 validator instance you can run 1 as well as hundreds of validators. We did numerous tests of efficient number of validators per instances and number of instances on a single machine. We can share this experience under a paid serice.
To configurate an instance of validator service, you need at least one keystore. 1 keystore represents 1 validator. You can generate keystores on an offline PC with Validator Data generator tool, see the guide.
Get Keystores
The tool generates a directory deposit_keys
with keystore json files and 1 deposit json file.
Copy keystores to your machine
Before copying, create following directory for keystores on your staking machine
mkdir -p $HOME/keystores
Copy your keystores to $HOME/keystores
on your staking machine.
- Create a directory for your USB stick (if not created yet)
sudo mkdir /media/usb
- Mount USB stick to
/media/usb
directorysudo mount -t vfat /dev/sda1 /media/usb -o uid=1000
- Copy keystores from
/media/usb/deposit_keys
to$HOME/keystores
:cp -r /media/usb/deposit_keys ~/keystores
- Umount USB stick
sudo umount /media/usb
scp
can be only used if you have access to your staking machine over ssh
, see securing ssh chapter.
on MacOS / Linux Terminal, from the directory with deposit_keys
folder, run the following command:
:
scp -P SSHport
-i ~/.ssh/<SSHprivateKEY> -r deposit_keys myserveruser@<IP>:~/keystores
Configurate & Run Validator instance
-
Do you want to create a new validation instance or extend exisiting instance for more validators?
Create a directory for validator instance data
sudo mkdir -p /var/lib/ethereum/lighthouse/vi1
-
Load keystores to
:/var/lib/ethereum/lighthouse/vi1
sudo /usr/local/bin/lighthouse --network mainnet account validator import --reuse-password --directory $HOME/keystores/ddk_i1 --datadir /var/lib/ethereum/lighthouse/vi1
- Insert keystores encryption password (the one used during keystores generation) on request
- If there are keystores with different encryption password, repeat the process for each encryption password
Create a service user for the validator instance
sudo useradd --system --no-create-home --shell /bin/false eth-lighthouse-vi1
Set ownership of
/var/lib/ethereum/lighthouse/vi1
tovalidators-i1
usersudo chown -R eth-lighthouse-vi1:eth-lighthouse-vi1 /var/lib/ethereum/lighthouse/vi1
Create configuration service file for
eth-lighthouse-vi1
service-
Open the configuration file
sudo nano /etc/systemd/system/eth-lighthouse-vi1.service
-
Copy the configuration below into the file.
[Unit] Description=Lighthouse Validator Instance (Mainnet) Wants=network-online.target After=network-online.target [Service] User=eth-lighthouse-vi1 Group=eth-lighthouse-vi1 Type=simple Restart=always RestartSec=5 ExecStart=/usr/local/bin/lighthouse vc \ --network mainnet \ --datadir /var/lib/ethereum/lighthouse/vi1 \ --suggested-fee-recipient 0xXXXXXXXXXXXXXXXX \ --beacon-nodes http://localhost:5052 \ --graffiti "Nethermind+Lighthouse" [Install] WantedBy=multi-user.target
-
Press
CTRL
+X
thenY
thenENTER
to save and exit the config file.
-
Other configurations
Nothing to do. You are ok.Extend Staking manager clients.conf
Inserteth-lighthouse-vi1
into clients.conf file that is used by Staking Manager.sudo nano /usr/local/etc/staking/config/clients.conf
Stop running validator instance
eth-lighthouse-vi1
sudo systemctl stop eth-lighthouse-vi1
Extend
/var/lib/ethereum/lighthouse/vi1
for new keystoressudo /usr/local/bin/lighthouse --network mainnet account validator import --reuse-password --directory $HOME/keystores/ddk_i1 --datadir /var/lib/ethereum/lighthouse/vi1
- You will be requested to insert keystores encryption password (the one used during keystores generation)
- If there are keystores with different encryption password, repeat the process for each encryption password
- Already existing keystores in the directory will be skipped
-
Load processed changes to the system
sudo systemctl daemon-reload
-
Start the validator instance
sudo systemctl start eth-lighthouse-vi1
-
Check the running validator instance
systemctl status eth-lighthouse-vi1
journalctl -fu eth-lighthouse-vi1
-
Activate service to start automatically on OS startup
$ sudo systemctl enable eth-lighthouse-vi1
Guide to exit validator is available at https://stakers.space/lighthouse#exit-validator.
-
Do you want to create a new validation instance or extend exisiting instance for more validators?
Create a directory for validator instance data
sudo mkdir -p /var/lib/ethereum/lodestar/vi1
Enable accessing
/var/lib/ethereum/lodestar/vi1
for server usermyserveruser
sudo chown -R myserveruser:myserveruser /var/lib/ethereum/lodestar/vi1
Load keystores to
:/var/lib/ethereum/lodestar/vi1
Move to Lodestar client directory
cd /usr/local/bin/lodestar
./lodestar validator import --network mainnet --importKeystores $HOME/keystores/ddk_i1 --dataDir /var/lib/ethereum/lodestar/vi1
- Insert keystores encryption password (the one used during keystores generation) on request
- If there are keystores with different encryption password, repeat the process for each encryption password
Create a service user for the validator instance
sudo useradd --system --no-create-home --shell /bin/false eth-lodestar-vi1
Set ownership of
/var/lib/ethereum/lodestar/vi1
tolodestar-vi1
usersudo chown -R eth-lodestar-vi1:eth-lodestar-vi1 /var/lib/ethereum/lodestar/vi1
Enable access to
:NodeJs
for userlodestar-vi1
sudo usermod -aG myserveruser eth-lodestar-vi1
Create configuration service file for
eth-lodestar-vi1
service-
Open the configuration file
sudo nano /etc/systemd/system/eth-lodestar-vi1.service
-
Copy the configuration below into the file.
:
This can be get with command$ node version
[Unit] Description=Lodestar Validator Instance (Ethereum Mainnet) Wants=network-online.target After=network-online.target [Service] User=eth-lodestar-vi1 Group=eth-lodestar-vi1 Type=simple Restart=always RestartSec=5 WorkingDirectory=/usr/local/bin/lodestar Environment="PATH=/home/myserveruser/.nvm/versions/node/v20.11.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ExecStart=/usr/local/bin/lodestar/lodestar validator \ --network mainnet \ --dataDir /var/lib/ethereum/lodestar/validators/i1 \ --suggestedFeeRecipient 0xXXXXXXXXXXXXXXXX \ # ToDo: Add Beacon API URL --force \ --graffiti "Nethermind+Lodestar" [Install] WantedBy=multi-user.target
-
Press
CTRL
+X
thenY
thenENTER
to save and exit the config file.
-
Adding validator instance to staking services manager
If you use a staking manager client, add the new instance into it.
Stop running validator instance
eth-lodestar-vi1
sudo systemctl stop eth-lodestar-vi1
Extend
/var/lib/ethereum/lodestar/validators/i1
for new keystores./lodestar validator import --network mainnet --importKeystores $HOME/keystores/ddk_i1 --dataDir /var/lib/ethereum/lodestar/vi1
- You will be requested to insert keystores encryption password (the one used during keystores generation)
- If there are keystores with different encryption password, repeat the process for each encryption password
- Already existing keystores in the directory will be skipped
Load processed changes to the system
sudo systemctl daemon-reload
Start the validator instance
sudo systemctl start eth-lodestar-vi1
Check the running validator instance
systemctl status eth-lodestar-vi1
journalctl -fu eth-lodestar-vi1
Other configurations
Activate service to start automatically on OS startup
$ sudo systemctl enable eth-lodestar-vi1
Configurate Lodestar validator Log monitor service
Log monitor service monitors the service log and process defined action (fixes) in a case of any issue detected.
- Check, whether the logmonitor util is installed:
/usr/local/bin/logmonitor.sh version
If the util is not installed, install Lodestar validator Log monitor from GitHub.
- Check defined Errors list for lodestarvalidator service
sudo nano /usr/local/etc/lodestarvalidator_tracking_records.txt
If not available, download it from GitHub. You can also modifiy it, if needed.
- Configurate the validator log monitor for service
eth-lodestar-vi1
, see guide on Github.
- Check, whether the logmonitor util is installed:
Activate service to start automatically on OS startup
Our guide uses a custom util for launching services. It has following benefits:
- It allows set delay for starting services. It eliminates slashing risk in the following scenario:
- A database corruption occures
- Lodestar Log monitor detects it, stopping the validator instance and clearing broken database
- Very quick power failure happens while the staking node starts immediately automatically
- As the database with last attestation is removed now, we need to prevent start of the validator instance to avoid double attestation / block proposal within the same slot.
- It allows starting services through a shared script
Starting all services through the Staking Manager util and its command
/usr/local/bin/staking.sh start execution
prevents a human error when there is forgotten set ofsudo systemctl enable ...
for any staking-related service.
There's a
Start with delay
util to manage this.- Install Start with delay util from GitHub, if not installed yet.
- Open Start with delay util
sudo nano /usr/local/bin/delayed-start.sh
- Place new services (validator isntance and validator instance monitor) into the file
eth-lodestar-vi1
eth-lodestar-vi1_logmonitor
- Verify, that a service `delayed-start.service` exists and is automatically launched on system start. See GitHub for a guide to do that.
- It allows set delay for starting services. It eliminates slashing risk in the following scenario:
Extend Staking manager clients.conf
Inserteth-lodestar-vi1
into clients.conf file that is used by Staking Manager.sudo nano /usr/local/etc/staking/config/clients.conf
Guide to exit validator is available at https://stakers.space/lodestar#exit-validator.
-
Do you want to create a new validation instance or extend exisiting instance for more validators?
Create a directory for validator instance data
sudo mkdir -p /var/lib/ethereum/teku-vi1
If exists, remove
:deposit_data
file from keystores folder- Display files in the directory
cd $HOME/keystores/ddk_i1 && ls -lh
- If there is
deposit_data-XXX....json
file, remove itrm deposit_data-XXX....json
- Display files in the directory
Copy keystores dedicated for instance
into
/var/lib/ethereum/teku-vi1/keystores
foldersudo mkdir /var/lib/ethereum/teku-vi1/keystores
sudo cp -a $HOME/keystores/ddk_i1/* /var/lib/ethereum/teku-vi1/keystores && cd /var/lib/ethereum/teku-vi1/keystores
Teku requires a
.txt
file with encryption password for each.json
validator file.-
Display all keystores in the directory
ls -lh
-
.json
Vreate a new
.txt
file for thekeystore-m_12381_3600_X_0_0-XXXXXXXXXX
.json keystore filenano keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
Insert an encryption password for the validator key (the one used during keystores generation) into that file.
Press
ctrl
+x
, theny
to save and exit - Set readonly permission for that file
sudo chmod 400 keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
Now, you can either repeate the process for all other keystores in the folder, or use an automated solution to duplicate the created password file (with modified name) for all remaining keystores, see Shell Script to generate password files for Teku.
With automated process, to generate
.txt
file with a content of/var/lib/ethereum/teku-vi1/keystores/keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
for all remaining keystores in the/var/lib/ethereum/teku-vi1/keystores/
directory, use command$HOME/bashscripts/create-teku-pswfiles.sh /var/lib/ethereum/teku-vi1/keystores/keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
-
Display all keystores in the directory
Create a service user for the validator instance
sudo useradd --system --no-create-home --shell /bin/false eth-teku-vi1
- Set ownership of validator instance data directory to validator-instance user
sudo chown -R eth-teku-vi1:eth-teku-vi1 /var/lib/ethereum/teku-vi1
Create configuration service file for
eth-teku-vi1
service- Open the configuration file
sudo nano /etc/systemd/system/eth-teku-vi1.service
-
Copy the configuration below into the file.
[Unit] Description=Teku Validator Instance (Ethereum Mainnet) Wants=network-online.target After=network-online.target [Service] User=eth-teku-vi1 Group=eth-teku-vi1 Type=simple Restart=always RestartSec=5 Environment="JAVA_OPTS=-Xmx8g" Environment="TEKU_OPTS=-XX:-HeapDumpOnOutOfMemoryError" ExecStart=/usr/local/bin/teku/bin/teku validator-client \ --network mainnet \ --beacon-node-api-endpoint http://127.0.0.1:5052 \ #--beacon-node-api-endpoint http://127.0.0.1:5051,http://192.10.10.101:5051,http://192.140.110.44:5051 \ --data-path /var/lib/ethereum/teku-vi1 \ --validator-keys /var/lib/ethereum/teku-vi1/keystores:/var/lib/ethereum/teku-vi1/keystores \ --validators-proposer-default-fee-recipient 0xXXXXXXXXXXXXXXXX \ --validators-graffiti "Nethermind+Teku" [Install] WantedBy=multi-user.target
- Open the configuration file
-
Other configurations
Nothing to do. You are ok.Extend Staking manager clients.conf
Inserteth-teku-vi1
into clients.conf file that is used by Staking Manager.sudo nano /usr/local/etc/staking/config/clients.conf
Stop running validator instance
eth-teku-vi1
sudo systemctl stop eth-teku-vi1
If exists, remove
:deposit_data
file from keystores folder- Display files in the directory
cd $HOME/keystores/ddk_i1 && ls -lh
- If there is
deposit_data-XXX....json
file, remove itrm deposit_data-XXX....json
- Display files in the directory
-
Copy keystores dedicated for instance
into
/var/lib/ethereum/teku-vi1/keystores
foldersudo mkdir /var/lib/ethereum/teku-vi1/keystores
sudo cp -a $HOME/keystores/ddk_i1/* /var/lib/ethereum/teku-vi1/keystores/keystores && cd /var/lib/ethereum/teku-vi1/keystores
Teku requires a
.txt
file with encryption password for each.json
validator file.-
Display all keystores in the directory
ls -lh
-
.json
Vreate a new
.txt
file for thekeystore-m_12381_3600_X_0_0-XXXXXXXXXX
.json keystore filenano keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
Insert an encryption password for the validator key (the one used during keystores generation) into that file.
Press
ctrl
+x
, theny
to save and exit - Set readonly permission for that file
sudo chmod 400 keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
Now, you can either repeate the process for all other keystores in the folder, or use an automated solution to duplicate the created password file (with modified name) for all remaining keystores, see Shell Script to generate password files for Teku.
With automated process, to generate
.txt
file with a content of/var/lib/ethereum/teku-vi1/keystores/keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
for all remaining keystores in the/var/lib/ethereum/teku-vi1/keystores/
directory, use command$HOME/bashscripts/create-teku-pswfiles.sh /var/lib/ethereum/teku-vi1/keystores/keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt
-
Display all keystores in the directory
Load changes made in config files to the system
sudo systemctl daemon-reload
Start the validator instance
sudo systemctl start eth-teku-vi1
Check the running validator instance
systemctl status eth-teku-vi1
journalctl -fu eth-teku-vi1
Activate service to start automatically
sudo systemctl enable eth-teku-vi1
Guide to exit validator is available at https://stakers.space/teku#exit-validator.