Lighthouse client can be used for staking on various supported chains. Client installation is always only one, used by services with an individual configuration (different service name, data path and ports in use).
Install Lighthouse client
One-page interactive guide to install Lighthouse client and configurate it for running on supported chain.
Disclaimer
This guide is for informational purposes only. The author nor website owner does not guarantee accuracy of the information in this guide and is not responsible for any damages or losses incurred by following the guide.
Install Lighthouse client
-
Find the latest stable version of Lighthouse on Github
- Find latest Lighthouse version at https://github.com/sigp/lighthouse/releases
-
Write latest stable lighthouse version:
This will update the url links in the guide below.
-
Download Lighthouse version
5.3.0
to your nodecd ~/downloads && curl -LO https://github.com/sigp/lighthouse/releases/download/v5.3.0/lighthouse-v5.3.0-x86_64-unknown-linux-gnu.tar.gz
Extract downloaded file
$ tar xvf lighthouse-v5.3.0-x86_64-unknown-linux-gnu.tar.gz
-
Replace old Lighthouse client for new
$ sudo cp ~/downloads/lighthouse /usr/local/bin
-
Remove downloaded files
$ cd ~/downloads && rm lighthouse-v5.3.0-x86_64-unknown-linux-gnu.tar.gz && rm -r lighthouse
Configurate the service
-
Create a user for lighthouse beacon
:
$ sudo useradd --system --no-create-home --shell /bin/false lighthousebeacon
-
Create a directory for data
:
$ sudo mkdir -p /var/lib/lighthouse/beacon
- Set permission for accessing the directory
$ sudo chown -R lighthousebeacon:lighthousebeacon /var/lib/lighthouse/beacon
Communication ports selection
Each service on the server needs a custom port for communication. Through ports, consensus client communicates with other peers in the network as well as other services running on the server, such as validator clients. There is an IPv4 and IPv6 variant, depending on the ISP support / preference. Each protocol version needs custom port. If you are not sure what to select, continue with default IPv4 port.
-
Configurate public IPv4 port for P2P communication with other peers
- :
- Verify availability of selected port
9000
ss -tuln | grep ':9000'
If it returns empty response, the port
9000
is free and can be used. - Enable traffic on the port through UFW
$ sudo ufw allow 9000
- Disable IPv6 traffic on the port
- List allowed ports
sudo ufw status numbered
- Find order number for V6, see
9000 (V6)
and remove it with the following linesudo ufw delete <Number>
- List allowed ports
QUIC IPv4 port
- :
- Verify availability of selected port
9001
ss -tuln | grep ':9001'
If it returns empty response, the port
9001
is free and can be used. -
Beacon API port for internal communication
- :
- Verify availability of selected port
5052
ss -tuln | grep ':5052'
If it returns empty response, the port
5052
is free and can be used.
-
Configurate public IPv6 port for P2P communication with other peers
- :
- Verify availability of selected port
9090
ss -tuln | grep ':9090'
If it returns empty response, the port
9090
is free and can be used. - Enable traffic on the port through UFW
$ sudo ufw allow 9090
- Disable IPv6 traffic on the port
- List allowed ports
sudo ufw status numbered
- Find order number for V6, see
9090
and remove it with the following linesudo ufw delete <Number>
- List allowed ports
QUIC IPv6 port
- :
- Verify availability of selected port
9091
ss -tuln | grep ':9091'
If it returns empty response, the port
9091
is free and can be used.
-
Create configuration file for Lighthouse Beacon service
Open Lighthouse Beacon configuration file
$ sudo nano /etc/systemd/system/lighthousebeacon.service
Copy the configuration below into the file. If needed, check flags documentation.
[Unit] Description=Lighthouse Consensus Client BN (Ethereum Mainnet) Wants=network-online.target After=network-online.target [Service] User=lighthousebeacon Group=lighthousebeacon Type=simple Restart=always RestartSec=5 ExecStart=/usr/local/bin/lighthouse bn \ --network mainnet \ --datadir /var/lib/lighthouse \ --http \ --execution-endpoint http://127.0.0.1:8551 \ --execution-jwt /var/lib/jwtsecret/ethereum.hex \ # --checkpoint-sync-url https://mainnet.checkpoint.sigp.io \ --checkpoint-sync-url=https://beaconstate.info \ --port 9000 \ --port6 9090 \ # --discovery-port 9000 \ --quic-port 9001 \ --quic-port6 9091 \ --http-port 5052 [Install] WantedBy=multi-user.target
[Unit] Description=Lighthouse Consensus Client BN (Gnosis Network) Wants=network-online.target After=network-online.target [Service] User=lighthousebeacon Group=lighthousebeacon Type=simple Restart=always RestartSec=5 ExecStart=/usr/local/bin/lighthouse bn \ --network gnosis \ --datadir /var/lib/lighthouse \ # --subscribe-all-subnets \ --execution-endpoint http://localhost:8551 \ --execution-jwt /var/lib/jwtsecret/gnosis.hex \ --target-peers 50 \ --checkpoint-sync-url https://checkpoint.gnosischain.com/ \ --http \ --port 9000 \ --port6 9090 \ # --discovery-port 9000 \ --quic-port 9001 \ --quic-port6 9091 \ --http-port 5052 [Install] WantedBy=multi-user.target
execution-jwt
, if you use differentPress
CTRL
+X
thenY
thenENTER
to save and exit the config file.Load changes made in config files to the system
$ sudo systemctl daemon-reload
- Start the service
$ sudo systemctl start lighthousebeacon
- Check the state
$ systemctl status lighthousebeacon $ journalctl -fu lighthousebeacon
-
Activate service to start automatically
$ sudo systemctl enable lighthousebeacon
Launch validator instance / validator(s)
-
Do you want to create a new validation instance or extend exisiting instance for more validators?
Create a directory for validator instance data
sudo mkdir -p /var/lib/lighthouse/vi1
-
Load keystores to
:/var/lib/lighthouse/vi1
sudo /usr/local/bin/lighthouse --network mainnet account validator import --reuse-password --directory $HOME/keystores/ddk_i1 --datadir /var/lib/lighthouse/vi1
sudo /usr/local/bin/lighthouse --network gnosis account validator import --reuse-password --directory $HOME/keystores/ddk_i1 --datadir /var/lib/lighthouse/vi1
- Insert keystores encryption password (the one used during keystores generation) on request
- If there are keystores with different encryption password, repeat the process for each encryption password
Create a service user for the validator instance
sudo useradd --system --no-create-home --shell /bin/false lighthouse-vi1
Set ownership of
/var/lib/lighthouse/vi1
tovalidators-i1
usersudo chown -R lighthouse-vi1:lighthouse-vi1 /var/lib/lighthouse/vi1
Create configuration service file for
lighthouse-vi1
service-
Open the configuration file
sudo nano /etc/systemd/system/lighthouse-vi1.service
-
Copy the configuration below into the file.
[Unit] Description=Lighthouse Validator Instance (Mainnet) Wants=network-online.target After=network-online.target [Service] User=lighthouse-vi1 Group=lighthouse-vi1 Type=simple Restart=always RestartSec=5 ExecStart=/usr/local/bin/lighthouse vc \ --network mainnet \ --datadir /var/lib/lighthouse/vi1 \ --suggested-fee-recipient 0xXXXXXXXXXXXXXXXX \ --beacon-nodes http://localhost:5052 \ --graffiti "Nethermind+Lighthouse" [Install] WantedBy=multi-user.target
[Unit] Description=Lighthouse Validator Instance (Gnosis Network) Wants=network-online.target After=network-online.target [Service] User=lighthouse-vi1 Group=lighthouse-vi1 Type=simple Restart=always RestartSec=5 ExecStart=/usr/local/bin/lighthouse vc \ --network gnosis \ --datadir /var/lib/lighthouse/vi1 \ --suggested-fee-recipient 0xXXXXXXXXXXXXXXXX \ --beacon-nodes http://localhost:5052 \ --graffiti "Nethermind+Lighthouse" [Install] WantedBy=multi-user.target
-
Press
CTRL
+X
thenY
thenENTER
to save and exit the config file.
-
Other configurations
Nothing to do. You are ok.Extend Staking manager clients.conf
Insertlighthouse-vi1
into clients.conf file that is used by Staking Manager.sudo nano /usr/local/etc/staking/config/clients.conf
Stop running validator instance
lighthouse-vi1
sudo systemctl stop lighthouse-vi1
Extend
/var/lib/lighthouse/vi1
for new keystoressudo /usr/local/bin/lighthouse --network mainnet account validator import --reuse-password --directory $HOME/keystores/ddk_i1 --datadir /var/lib/lighthouse/vi1
sudo /usr/local/bin/lighthouse --network gnosis account validator import --reuse-password --directory $HOME/keystores/ddk_i1 --datadir /var/lib/lighthouse/vi1
- You will be requested to insert keystores encryption password (the one used during keystores generation)
- If there are keystores with different encryption password, repeat the process for each encryption password
- Already existing keystores in the directory will be skipped
-
Load processed changes to the system
sudo systemctl daemon-reload
-
Start the validator instance
sudo systemctl start lighthouse-vi1
-
Check the running validator instance
systemctl status lighthouse-vi1
journalctl -fu lighthouse-vi1
-
Activate service to start automatically on OS startup
$ sudo systemctl enable lighthouse-vi1
Exit validator instance / validator(s)
lighthouse --network "$chain" account validator exit --keystore /path/to/keystore --password-file "$HOME/exit/keystore-password.txt" --beacon-node http://localhost:5052
Where:
--network
ismainnet
for Ethereum chain andgnosis
for Gnosis chain--keystore
is a path to the keystore file of specific validator--password-file
is a file with exit passowrd placed in--beacon-node
is a beaconnode url
Example request can look as below:
/usr/local/bin/lighthouse --network mainnet account validator exit --keystore /var/lib/lighthouse/vi1/validators/keystore... --beacon-node http://localhost:5052
/usr/local/bin/lighthouse --network gnosis account validator exit --keystore /var/lib/lighthouse/vi1/validators/keystore... --beacon-node http://localhost:5052
For confirmation, place exit phrase Exit my validator
- Install a script for bulk exit
- Create
~/exit/keystore-password.txt
file with keystores password. It's the passowrd selected during validator keys generation. The passowrd can be also found atvalidator_definitions.yml
file, seesudo nano /var/lib/lighthouse-validatorInstance/validator_definitions.yml
- Perform the exit all validators in selected instance request
/usr/local/bin/lighthouse_exit_validators.sh mainnet /var/lib/ethereum/lighthouse/vi1/validators http://localhost:5052
/usr/local/bin/lighthouse_exit_validators.sh gnosis /var/lib/gnosis/lighthouse/vi1/validators http://localhost:5052
- Replace
chain
forethereum
/gnosis
- Replace
/var/lib/gnosis/lighthouse/vi1/validators/
for a path to your instance keystores
- Replace
- Remove the password from
~/exit/keystore-password.txt
See more at official documentation, if needed.