Eth2 Validator

Introduction

This tutorial will allow anyone to set up an Ethereum Validator node as long as you have the sufficient hardware requirements and familiarity with the command line. This guide will use installation instructions for Ubuntu 20.04 but instructions to other operating systems will be linked.

Using Testnets

We highly recommend you use one of the following test networks before you attempt running a validator on Ethereum Mainnet to get familiarized with the process:
  • Ropsten
  • Kiln
Coming Soon
  • Sepolia
  • Goerli
We will go through the most important steps in the checklist and a general overview of the responsibilities of a validator provided by the Ethereum foundation.

Hardware and Network Requirements

You will need to run two pieces of software on your machine to run a validator. The two software have several different implementations maintained by different teams. Each implementation has their own hardware requirements, but generally you would need for mainnet:
  • Memory: 16 GB RAM
  • Processor: Intel Core i5–760 or better (CPUs made later than 2010 are usually fine)
  • Storage: 1 TB SSD
  • Network: Broadband connection (preferably wired)
Please consult the docs / website of the specific client software you choose to run the Ethereum chain with. Note that the hardware requirements are lower if you intend to run on testnets only.

Setup

Installing Prerequisites

The two pieces of software to run a node for proof of stake Ethereum are called the consensus client and the execution client. The consensus client maintains the proof of stake consensus mechanism while the execution client stores and validates transactions for the proof of stake layer.
Install these prerequisites before proceeding:
1
sudo apt -y install software-properties-common wget curl ccze
Copied!
This guide will go through the Nethermind and Lighthouse client combination.

Installing Nethermind

Run the following command to install Nethermind:
1
sudo add-apt-repository ppa:nethermindeth/nethermind; sudo apt install nethermind
Copied!
See here for docs for other ways to install Nethermind.

Installing Lighthouse

Download the latest release from lighthouse. You can also install lighthouse through other methods by following their docs. To install v2.3.1 of lighthouse (latest release as of June 21 2022):
1
wget <https://github.com/sigp/lighthouse/releases/download/v2.3.1/lighthouse-v2.3.1-x86_64-unknown-linux-gnu.tar.gz>
2
tar xvf lighthouse-v2.3.1-x86_64-unknown-linux-gnu.tar.gz
3
rm lighthouse-v2.3.1-x86_64-unknown-linux-gnu.tar.gz
Copied!
Install globally:
1
sudo cp ~/lighthouse /usr/local/bin
2
rm ~/lighthouse
Copied!

Configuration

It is recommended to run the consensus and execution client as a systemd service, which will allow the two processes run in the background and start up again if your machine restarts, improving reliability and uptime of your validator. This is not as crucial for running testnet validators and you can follow this guide on how to connect to testnets with Nethermind and other consensus clients.
Create a dedicated user for Nethermind. This will set up the correct permissions and directory where the chain data is stored.
1
sudo useradd -m -s /bin/false nethermindeth
2
sudo mkdir -p /var/lib/nethermind
3
sudo chown -R nethermindeth:nethermindeth /var/lib/nethermind
4
sudo chown -R nethermindeth:nethermindeth /usr/share/nethermind
Copied!
Create a systemd config file. This will run Nethermind as a systemd service on your machine.
1
sudo nano /etc/systemd/system/nethermind.service
Copied!
Paste the following service configuration into the file
1
[Unit]
2
Description=Nethermind Ethereum Client
3
After=network.target
4
Wants=network.target
5
6
[Service]
7
User=nethermindeth
8
Group=nethermindeth
9
Type=simple
10
Restart=always
11
RestartSec=5
12
TimeoutStopSec=180
13
WorkingDirectory=/home/nethermindeth
14
ExecStart=/usr/share/nethermind/Nethermind.Runner \\
15
--config mainnet \\
16
--Init.BaseDbPath /var/lib/nethermind \\
17
--JsonRpc.Enabled true \\
18
--JsonRpc.EnabledModules "Engine,Eth,Web3,Net" \\
19
--JsonRpc.Host "0.0.0.0" \\
20
--JsonRpc.Port 8551 \\
21
--JsonRpc.JwtSecretFile /var/lib/nethermind/jwt-secret
22
23
[Install]
24
WantedBy=default.target
Copied!
To close and save the file, press Ctrl+ X, Y, Enter.
Reload systemd to reflect the changes and start the nethermind service. The status should say active in green text. If not, repeat the configuration steps and see if it resolves the problem
1
sudo systemctl daemon-reload
2
sudo systemctl start nethermind.service
3
sudo systemctl status nethermind.service
Copied!
Press Q to quit viewing the status. Enable the nethermind service to automatically start on reboot:
1
sudo systemctl enable nethermind.service
Copied!
To see the Nethermind logs:
1
sudo journalctl -f -u nethermind.service -o cat | ccze -A
Copied!
Press Ctrl + C to stop showing those messages.
Now repeat the process to run a lighthouse beacon chain:
1
sudo useradd --no-create-home --shell /bin/false lighthousebeacon
2
sudo mkdir -p /var/lib/lighthouse
3
sudo chown -R lighthousebeacon:lighthousebeacon /var/lib/lighthouse
Copied!
Add systemd file:
1
sudo nano /etc/systemd/system/lighthousebeacon.service
Copied!
Paste the following in:
1
[Unit]
2
Description=Lighthouse Ethereum Client Beacon Node
3
Wants=network-online.target
4
After=network-online.target
5
6
[Service]
7
Type=simple
8
User=lighthousebeacon
9
Group=lighthousebeacon
10
Restart=always
11
RestartSec=5
12
ExecStart=/usr/local/bin/lighthouse bn \\
13
--network mainnet \\
14
--datadir /var/lib/lighthouse \\
15
--staking \\
16
--http-allow-sync-stalled \\
17
--merge \\
18
--execution-endpoints <http://127.0.0.1:8551> \\
19
--metrics \\
20
--validator-monitor-auto \\
21
--jwt-secrets="/var/lib/nethermind/jwt-secret"
22
23
[Install]
24
WantedBy=multi-user.target
Copied!
The beacon node needs to share something called a JWT secret with Nethermind, so let the secret be accessible to all users:
1
sudo chmod +r /var/lib/nethermind/jwt-secret
Copied!
Reload and start the lighthouse node. The status should say active in green text if running correctly. If not, repeat the configuration steps and see if it resolves the problem.
1
sudo systemctl daemon-reload
2
sudo systemctl start lighthousebeacon.service
3
sudo systemctl status lighthousebeacon.service
Copied!
Enable the Lighthouse beacon node service to automatically start on reboot.
1
sudo systemctl enable lighthousebeacon.service
Copied!
You can watch the logs from your Lighthouse beacon node using this command. Lighthouse may show errors if Nethermind is not synced, so wait until Nethermind is synced to see if the errors persist.
1
sudo journalctl -f -u lighthousebeacon.service -o cat | ccze -A
Copied!
Press Ctrl + C to stop showing those messages.

Syncing your node

The execution client still stores the blockchain state from the old proof of work chain, so it can take days to weeks to fully sync with the network, depending on your sync mode, hardware and network. The consensus client will also typically take a few days to fully sync on mainnet.
Please ensure both processes are synced before running your validator. Without the latest state your validator will not be able to vote and earn rewards on the proof of stake chain.
A Nethermind node should be synced if the logs no longer say it is downloading blocks. Post merge, new payloads from the consensus client should display VALID instead of SYNCING in the logs.
Lighthouse logs should show something similar, saying that the node is synced.

Running a Validator

Generating Validator Keys

You will need to generate keys for your validator. These keys are the ONLY way to withdraw your funds after staking your ETH, so you have to ensure you have backed up your keys. There are two options:
  • staking-deposit-cli - recommended for those comfortable with the command line
  • Wagyu Key Gen - desktop app, choose the correct network (mainnet, kiln) to generate your validator keys

Staking deposit cli

Copy the following commands into your terminal to download the cli and generate your keys. Change num_validators and chain to the number of validators and / or testnet name you want to run.
1
wget <https://github.com/ethereum/staking-deposit-cli/releases/download/v2.2.0/staking_deposit-cli-9ab0b05-linux-amd64.tar.gz>
2
tar xvf staking_deposit-cli-9ab0b05-linux-amd64.tar.gz
3
cd staking_deposit-cli-9ab0b05-linux-amd64/
4
./deposit new-mnemonic --num_validators 1 --chain mainnet
Copied!

Wagyu Key Gen

Download wagyu from their website and select the download compatible with your operating system.
Clicking on the top right corner you can select the network you want to generate your keys for. If not connecting to a testnet, let the network default to mainnet.
Click on ‘Create New Secret Recovery Phrase’ and you will be taken through the process of generating a 24 word secret to generate your validator keys. The number of keys you generate should match the number of validators you intend to run.
When finished you should end up with a deposit file (starts with deposit_data-and ends with .json) and a keystore file (starts with keystore-and ends with .json) per validator from both methods.

Depositing ETH

Next you will need to deposit ETH into the deposit contract. One validator requires 32 ETH to run. Go to the mainnet launchpad to use your wallet and your deposit file to perform the deposit. The launchpad will go through similar instructions as this guide to ensure you have performed them.

Depositing on Testnets

You will need testnet ETH in order to run a validator.
Kiln
Go to the official Kiln website and click on the Add network to MetaMask button.
Get testnet ETH:
Go to the launchpad and follow the instructions:
Check the status of your validator on the beacon chain:
Ropsten
Get testnet ETH:
The ethstaker community discord can provide testnet ETH if you don’t have enough to deposit 32 ETH.
Go to the launchpad and follow the instructions:
Check the status of your validator on the beacon chain:

Configuring a Validator

DO NOT run two validators with the same keys. This can lead to your validator signing two different blocks and lead to slashing which will significantly reduce your staked ETH.
Like configuring your consensus and execution client, create a dedicated user for your validator:
1
sudo useradd --no-create-home --shell /bin/false lighthousevalidator
2
sudo mkdir -p /var/lib/lighthouse/validators
3
sudo chown -R lighthousevalidator:lighthousevalidator /var/lib/lighthouse/validators
4
sudo chmod 700 /var/lib/lighthouse/validators
Copied!
The keystore file (generated previously and starts with keystore- ) needs to be imported for the Lighthouse validator client. Replace /path/to/keystores with the absolute path you saved your keystore file.
1
sudo /usr/local/bin/lighthouse account validator import \\
2
--directory /path/to/keystores \\
3
--datadir /var/lib/lighthouse \\
4
--network mainnet
5
sudo chown -R lighthousevalidator:lighthousevalidator /var/lib/lighthouse/validators
Copied!
The command will prompt for your keystore password.
Create the systemd file:
1
sudo nano /etc/systemd/system/lighthousevalidator.service
Copied!
Paste the following configuration into the file. Make sure to replace the 0x0000000000000000000000000000000000000000 address with your own Ethereum address where you want to receive the proceeds from transaction fees (post merge).
1
[Unit]
2
Description=Lighthouse Ethereum Client Validator Client
3
Wants=network-online.target
4
After=network-online.target
5
6
[Service]
7
User=lighthousevalidator
8
Group=lighthousevalidator
9
Type=simple
10
Restart=always
11
RestartSec=5
12
ExecStart=/usr/local/bin/lighthouse vc \\
13
--network mainnet \\
14
--datadir /var/lib/lighthouse \\
15
--metrics \\
16
--suggested-fee-recipient 0x0000000000000000000000000000000000000000
17
18
[Install]
19
WantedBy=multi-user.target
Copied!
Reload systemd to reflect the changes and start the service. Check the status to make sure it’s running correctly.
1
sudo systemctl daemon-reload
2
sudo systemctl start lighthousevalidator.service
3
sudo systemctl status lighthousevalidator.service
Copied!
Enable the Lighthouse validator client service to automatically start on reboot.
1
sudo systemctl enable lighthousevalidator.service
Copied!
You can watch the live messages from your Lighthouse validator client logs using this command.
1
sudo journalctl -f -u lighthousevalidator.service -o cat | ccze -A
Copied!
Press Ctrl + C to stop showing those messages.

Validator Tips and Tricks

Go through the checklist by the Ethereum foundation for some ways to improve security and optimise your validator rewards. For example:
  • Setting up a firewall and forward ports 30303 (Nethermind P2P) and 9000 (Lighthouse P2P) to prevent malicious external actors accessing your node
  • Ensure the time on your node is synced
  • Adding monitoring dashboards for Nethermind and Lighthouse to view real time metrics of your consensus and execution client
  • Using a VPN to protect the privacy of your validator
  • Add an optional --graffiti flag that adds a message to the blocks your validator proposes, publicly viewable on the beacon chain

Monitoring

To maximise your validator rewards, ensure that your node is always running and online. Downloading the Beacon Chain mobile app will allow you to monitor and set up alerts when your validator is offline or not earning rewards. You can also make an account on the Beacon Chain explorer and set up email alerts.
If you receive an alert check your machine is connected to the internet and restart your services:
1
sudo systemctl restart nethermind.service
2
sudo systemctl restart lighthousebeacon.service
3
sudo systemctl restart lighthousevalidator.service
Copied!

Credits

Based on ethstaker’s guide to connecting to kiln testnet.