Interactive StakeWise Ethereum staking guide for Ubuntu OS
Interactive complete guide to stake one as well as thousands of StakeWise validators in a single staking node. Simply made, well explained, allowing running multiple chains on a single node. Focused on ethereum.
Disclaimer
This guide is for informational purposes only. The author nor website owner does not guarantee accuracy of the information in this guide and is not responsible for any damages or losses incurred by following the guide. See more.
Prerequisites
Prerequisites for Ethereum staking
Before you start, make sure you have these three things ready.
1
Installed and synced Execution and Consensus client
Prepare Execution and Consensus client for Ethereum staking. Check out the recommended options and instructions.
StakeWise Operator is a middleware that connects staked ETH in selected StakeWise Vault with actual validator keys connected to the same Vault. StakeWise operator doesn’t replace a validator client and as so, there's still required to to run standard validator client with the validator keystores simultaneously to perform validator duties.
You will need the vault address. Vault address can be found either in the URL bar or in the "Contract address" field in "Details" section at the bottom of the page. This Vault contract address will be used as the withdrawal address for validator keystores.
StakeWise Vault address: (lowercased)
Prepare validators keystores, deposit data file and wallet for StakeWise eth-stakewise-operator service
In order to run Operator Service, you must create keystores and deposit data file for your Vault's validators, and set up a hot wallet for Operator Service to handle validator registrations.
For security reasons, it is recommended to perform configuration and generation strictly offline.
Download latest StakeWise Operator client
On an online machine, download the latest stable version of StakeWise Operator client from StakeWise github page https://github.com/stakewise/v3-operator/releases. Choose a version of the client for operating system you use on the offline machine.
Unwrap the downloaded client and move it using USB stick to your offline machine.
Offline generation
On offline PC, unsing the StakeWise operator client, process the operations below:
Generate a config.json file
./stakewise-operator init --data-dir ./
Example process & output
Enter the network name (mainnet, holesky) [mainnet]:
Enter your vault address: 0xXXXX...
Choose your mnemonic language (chinese_simplified, chinese_traditional, czech, english, italian, korean, portuguese, spanish) [english]:
This is your seed phrase. Write it down and store it safely, it is the ONLY way to recover your validator keys.
pumpkin anxiety private salon inquiry ....
Press any key when you have written down your mnemonic.
Please type your mnemonic (separated by spaces) to confirm you have written it down
: pumpkin anxiety private salon inquiry ....
done.
Successfully initialized configuration for vault 0xXXXX...
The Output is config.json file that keeps mnemonic_next_index value that is used for generating next keystores above the same seed.
Generate validator keys
./stakewise-operator create-keys --data-dir ./
Example process & output
Enter the vault address: 0xXXXX...
Enter the number of the validator keys to generate: 10
Enter the mnemonic for generating the validator keys: pumpkin anxiety private salon inquiry ....
Creating validator keys: [####################################] 10/10
Generating deposit data JSON [####################################] 10/10
Exporting validator keystores [####################################] 10/10
Done. Generated 10 keys for 0xXXXX... vault.
Keystores saved to ./0xXXXX.../keystores file
Deposit data saved to ./0xXXXX.../keystores/deposit_data.json file
Encryption password for keys generation was generated and used automatically and can be found at ./0xXXXX.../keystores/password.txt file.
Create Hot wallet
Run the create-wallet command below to create hot wallet using your mnemonic (note, this mnemonic can be the same as the one used to generate the validator keys, or a new mnemonic if you desire).
./stakewise-operator create-wallet --data-dir ./
Example process & output
Enter the vault address: 0xXXXX...
Enter the mnemonic for generating the wallet: pumpkin anxiety private salon inquiry ...
Done. The wallet and password saved to ./0xXXXX.../wallet directory. The wallet address is: 0x239B...e3Cc
Within a ./0xXXXX.../wallet directory, there are 2 files now: wallet.json and password.txt.
Note, you must send some ETH to the wallet for gas expenses. You must keep an eye on your wallet balance, otherwise validators will stop registering if the balance falls too low.
Moving StakeWise configuration to staking node
Removing password.txt files for security reason
For security reason, you can write content of following password files on the paper and then remove the passwords from the file.
keystores/password.txt
wallet/password.txt
Copy 0xXXXX... directory from offline PC to your USB stick
Copy 0xXXXX... directory from your USB stick to staking node. You can use scp protocol for remote transfer
Use your preferred methods of generating keystores and deposit data file, such as via Wagyu Keygen, and your preferred tool for generating the hot wallet, such as MetaMask.
On offline PC, generate deposit keys with the Vault withdrawal's address. See a keystore guide.
Create Hot wallet...
Create a StakeWise operator service
Create a node operator system service for running StakeWise validators and register keystores into it.
sudo systemctl start eth-stakewise-operator && systemctl status eth-stakewise-operator
Check the service
systemctl status eth-stakewise-operator
Monitor the service
journalctl -f -u eth-stakewise-operator
Output:
2024-07-27 17:20:45 INFO Starting operator service, version v3.1.10
INFO Checking connection to database...
INFO Connected to database /var/lib/eth-stakewise/0xXXXX.../operator.db.
INFO Checking connection to consensus nodes...
INFO Connected to consensus node at http://127.0.0.1:9596. Finalized epoch: 1038841
INFO Checking connection to execution nodes...
INFO Connected to execution node at http://127.0.0.1:8545. Current block number: 35182233
INFO Checking vault address 0xXXXX...
INFO Vault withdrawable assets: 0.00 GNO
INFO Checking hot wallet balance 0xXXXX... ...
INFO Checking connection to ipfs nodes...
INFO Connected to ipfs nodes at https://eth-stakewise-v3.infura-ipfs.io, http://cloudflare-ipfs.com, https://gateway.pinata.cloud, https://ipfs.io.
INFO Checking connection to oracles set...
INFO Connected to oracles at https://gno-stakewise-v3-oracle.pn.prod.fcstech.de, https://gnosis-oracle.stakewise.io, https://stakewise-oracle-gnosis.chorus.one, https://stakewise-oracle-gno-mainnet-1.gateway.fm, https://sw-oracle-gno.axol.io, https://stakewise-oracle-gc.gnosischain.com, https://gnosis-oracle.stakewise.dsrvlabs.net, https://gnosis-oracle-b.stakewise.io, https://stakewise-oracle-v3-gnosis.bitfly.at, https://stakewise-oracle-gc-2.gnosischain.com, https://stakewise-oracle-gnosis.senseinode.com
INFO Checking deposit data file...
INFO Found deposit data file /srv/eth-stakewise/0xXXXX.../deposit_data.json
INFO Checking keystores dir...
INFO Found keystores dir
INFO Loading keys from /srv/eth-stakewise/0xXXXX.../keystores...
INFO Loaded 8 keys
INFO Loaded deposit data file /srv/eth-stakewise/0xXXXX.../deposit_data.json
INFO Syncing network validator events...
INFO Updating oracles cache...
INFO Started operator service
Enable auto launch on OS startup
sudo systemctl enable eth-stakewise-operator
Extend Staking manager clients.conf
Insert eth-stakewise-operator into clients.conf file, section stakewiseOperators, that is used by Staking Manager.
Configurate the validator log monitor for service eth-lodestar-vi1, see guide on Github.
Activate service to start automatically on OS startup
Our guide uses a custom util for launching services. It has following benefits:
It allows set delay for starting services. It eliminates slashing risk in the following scenario:
A database corruption occures
Lodestar Log monitor detects it, stopping the validator instance and clearing broken database
Very quick power failure happens while the staking node starts immediately automatically
As the database with last attestation is removed now, we need to prevent start of the validator instance to avoid double attestation / block proposal within the same slot.
It allows starting services through a shared script
Starting all services through the Staking Manager util and its command /usr/local/bin/staking.sh start validators prevents a human error when there is forgotten set of sudo systemctl enable ... for any staking-related service.
Extend Staking manager clients.conf
Insert eth-lodestar-vi1 into clients.conf file that is used by Staking Manager.
Now, you can either repeate the process for all other keystores in the folder, or use an automated solution to duplicate the created password file (with modified name) for all remaining keystores, see Shell Script to generate password files for Teku.
With automated process, to generate .txt file with a content of /var/lib/ethereum/teku/vi1/keystores/keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt for all remaining keystores in the /var/lib/ethereum/teku/vi1/keystores/ directory, use command
Now, you can either repeate the process for all other keystores in the folder, or use an automated solution to duplicate the created password file (with modified name) for all remaining keystores, see Shell Script to generate password files for Teku.
With automated process, to generate .txt file with a content of /var/lib/ethereum/teku/vi1/keystores/keystore-m_12381_3600_X_0_0-XXXXXXXXXX.txt for all remaining keystores in the /var/lib/ethereum/teku-vi1/keystores/ directory, use command
Attach command to remove lock files (to prevent start the validator in a case of existing lock fiels after a power failure). This must be processed before starting the validator service.
If the file is empty, generate it with command sudo /usr/local/bin/staking.sh init
Set link to proper service. It should be as follow:
validatorServices="eth-teku-vi1"
If you place more services to the category, separate them with a space, see validatorServices="service1 service2 service3 ..."
Activate service to start automatically on OS startup
Open Start with delay util
sudo nano /usr/local/bin/delayed-start.sh
Attach command to remove lock files (to prevent start the validator in a case of existing lock fiels after a power failure). This must be processed before starting the validator service.
NOTE: If you have used different passwords for each of your validators you will get an error. Run the process multiple times, providing each of the different passwords until they are all imported. Use the accounts list command to verify.
NOTE: If you have used different passwords for each of your validators you will get an error. Run the process multiple times, providing each of the different passwords until they are all imported. Use the accounts list command to verify.
Load processed changes to the system
sudo systemctl daemon-reload
Start the validator instance
sudo systemctl start eth-nimbus-vi1
Check the running validator instance
systemctl status eth-nimbus-vi1
journalctl -fu eth-nimbus-vi1
Activate service to start automatically
sudo systemctl enable eth-nimbus-vi1
Open Delayed Start shell
sudo nano /usr/local/bin/delayed-start.sh
Configurate service start inside it
systemctl start eth-nimbus-vi1.service
Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup
Set a wallet password. This is different to the validator password you set during keys generation. Prysm will use this to decrypt the validator wallet. Back it up somewhere safe. You will need this later in this section and when configuring the validator.
Provide the validator keys password. This is the password you set when you created the keys during keys generation
NOTE: If you have used different passwords for each of your validators you will get an error. Run the process multiple times, providing each of the different passwords until they are all imported. Use the accounts list command to verify.
Create a Wallet Password File
Create a file to store the wallet password so the Prysm validator service can access the wallet without you having to supply the password.
Set a wallet password. This is different to the validator password you set during keys generation. Prysm will use this to decrypt the validator wallet. Back it up somewhere safe. You will need this later in this section and when configuring the validator.
Provide the validator keys password. This is the password you set when you created the keys during keys generation
NOTE: If you have used different passwords for each of your validators you will get an error. Run the process multiple times, providing each of the different passwords until they are all imported. Use the accounts list command to verify.
Load processed changes to the system
sudo systemctl daemon-reload
Start the validator instance
sudo systemctl start eth-prysm-vi1
Check the running validator instance
systemctl status eth-prysm-vi1
journalctl -fu eth-prysm-vi1
Activate service to start automatically
sudo systemctl enable eth-prysm-vi1
Open Delayed Start shell
sudo nano /usr/local/bin/delayed-start.sh
Configurate service start inside it
systemctl start eth-prysm-vi1.service
Be sure, delayed-start.service service controlling delayed-start.sh is enabled for auto start with system startup
Once you have created your validator keys, deposit data file, and hot wallet, you need to upload the deposit data file to the Vault. This process connects your node to the Vault. Note, if there is more than one node operator in a Vault, you first need to merge all operator deposit data files into a single file (use the ./stakewise-operator merge-deposit-data command). Uploading the deposit data file can be achieved either through the StakeWise UI or via Operator Service and can only be done by the Vault Admin or Keys Manager.
Upload the deposit data file either over the web StakeWise vault web UI or StakeWise operator service
Select the Vault you want to upload the deposit data file to.
In the upper right corner, click on "Settings" and open the "Deposit Data" tab. The "Settings" button is only visible to the Vault Admin or Keys Manager.
Upload the deposit data file either by dragging and dropping the file, or clicking to choose the file via your file browser.
Click Save and a transaction will be created to sign using your wallet. The Vault's deposit data file will be uploaded when the transaction is confirmed on the network.
You can calculate deposit data Merkle tree root with the following command:
Enter the vault address: 0xXXXX...
The validator deposit data Merkle tree root: 0x504...26d7
For other steps, check StakeWise guide, section Upload deposit data file to Vault, tab Operate Service.
Extend validators set for other validators
If there is allocated more ETH in the Vault deposit contract than a number of generated validator keys for the Vault contract, the operator informs about that with following message:
stakewise-operator: YYYY-MM-DD HH:MM:SS WARNING There are no available validators in the current deposit data to proceed with registration. To register additional validators, you must upload new deposit data.
For option to register and launch other validators, you must do following:
On Offline PC, generate more validator keys for the Vault
On your staking node:
Register the new keystores into a standard validator instance - either extend existing or create a new.
Stop StakeWise Operator
Copy the new validator keys to stakewise operator keystores directory /srv/stakewise/ethereum/0xXXXX.../keystores
Replace the old depost-data.json file at /srv/eth-stakewise/0xXXXX.../deposit_data.json. take into notice, that the deposit_data.json file must contain only keystores that were not deposited yet.
Start StakeWise Operator again
As there is a different deposit_data.json file at your staking operator and on the Vault, you will see following log in the operator:
ERROR Deposit data tree root and vault's validators root don't match. Have you updated vault deposit data?
Upload a new deposit_data.json file (same as on the operator) to the Stakevise Vault through Web UI. After that, operator should work properly again and pending ETH should be immediatelly allocated into newly registered validators.
sudo systemctl start eth-stakewise-operator && systemctl status eth-stakewise-operator
Modify the service names to reflect your used names during StakeWise integration
/usr/local/bin/staking.sh start stakewise
Monitor
journalctl -f -u eth-stakewise-operator
Modify the service names to reflect your used names during StakeWise integration
/usr/local/bin/staking.sh monitor stakewise
Remove downloaded files
rm -r ~/downloads/operator-v3.1.10-linux-amd64
Regular maintenance
As a regular member securying the network and processing blockchain operations on it, you need to keep your software up to date to avoid penalties and earning rewards for the work.