Method 2: Configure on separate validator client
Pre-requisites
Make sure you have downloaded the necessary files according to your choice of validator client. Otherwise, revisit the following pages to download and move them into the /usr/local/bin
directory.
Create new CSM user
sudo useradd --no-create-home --shell /bin/false csm_teku_validator
By clearly segregating the users and permissions for separate services in your workflow, this will provide additional safeguards against operational mistakes that can lead to slashing via double signing.
Create new folders for CSM data & keys
Create separate folders, import the CSM validator keys, and set appropriate permissions.
Prepare the CSM validator keystores
1) Create 3 new folders to store the validator client data, validator keystore, and the validator keystore password
2) Copy the validator keystores and it's password file into their respective folders
3) Change the owner of this folder to the teku user
4) Restrict permissions on this new folder such that only the owner is able to read, write, and execute files in this folder
sudo mkdir -p /var/lib/csm_teku_validator/validator_keystores /var/lib/csm_teku_validator/keystore_password
sudo cp ~/validator_keys/<validator_keystore.json> /var/lib/csm_teku_validator/validator_keystores
sudo cp ~/validator_keys/<validator_keystore_password.txt> /var/lib/csm_teku_validator/keystore_password
sudo chown -R csm_teku_validator:csm_teku_validator /var/lib/csm_teku_validator
sudo chmod 700 /var/lib/csm_teku_validator
Configure the separate VC service
Create a new configuration file for your separate validator client.
Create a systemd configuration file for the Teku Validator Client service to run in the background.
sudo nano /etc/systemd/system/csm_tekuvalidator.service
Paste the configuration parameters below into the file:
[Unit]
Description=CSM Teku Validator Client
Wants=network-online.target
After=network-online.target
[Service]
User=csm_teku_validator
Group=csm_teku_validator
Type=simple
Restart=always
RestartSec=5
Environment="JAVA_OPTS=-Xmx8g"
Environment="TEKU_OPTS=-XX:-HeapDumpOnOutOfMemoryError"
ExecStart=/usr/local/bin/teku/bin/teku vc \
--network=<hoodi_or_mainnet> \
--data-path=/var/lib/csm_teku_validator \
--validator-keys=/var/lib/csm_teku_validator/validator_keystores:/var/lib/csm_teku_validator/keystore_password \
--beacon-node-api-endpoint=http://<Internal_IP_address>:5051 \
--validators-proposer-default-fee-recipient=<hoodi_or_mainnet_fee_recipient_address> \
--validators-builder-registration-default-enabled=true \
--validators-graffiti="<your_graffiti>" \
--metrics-enabled=true \
--metrics-port=8108 \
--doppelganger-detection-enabled=true
[Install]
WantedBy=multi-user.target
Once you're done, save with Ctrl+O
and Enter
, then exit with Ctrl+X
. Understand and review your configuration summary below, and amend if needed.
Refer to the native Teku validator client setup section for more information on the other flags used.
Teku VCStart the CSM Validator Client
Create a new configuration file for your separate validator client.
Reload the systemd daemon to register the changes made, start the Teku Validator Client, and check its status to make sure its running.
sudo systemctl daemon-reload
sudo systemctl start csm_tekuvalidator.service
sudo systemctl status csm_tekuvalidator.service
The output should say the Teku Validator Client is “active (running)”. Press CTRL-C to exit and the Teku Validator Client will continue to run.
Use the following command to check the logs for any warnings or errors:
sudo journalctl -fu csm_tekuvalidator -o cat | ccze -A
Expected output:

Press CTRL-C
to exit.
If the Teku Validator Client service is running smoothly, we can now enable it to fire up automatically when rebooting the system.
sudo systemctl enable csm_tekuvalidator
Expected output:
Created symlink /etc/systemd/system/multi-user.target.wants/csm_tekuvalidator.service → /etc/s
Remove duplicates of validator keystores
To prevent configuration mistakes leading to double signing in the future, remove duplicate copies of the validator signing keystores once everything is running smoothly.
sudo rm -r ~/staking_deposit-cli*/validator_keys
Automation Tools
Only 1 instance of ETH Pillar can be running per device. If you are already using ETH Pillar for your own validator node setup, then you will need to use any of the other methods (e.g., ETH Docker) listed in this subpage to import your CSM validator keystores.
Select 4 - Lido CSM Validator Client Only
.

Enter your consensus client (beacon node) address. Example: http://127.0.0.1:5052
Verify the fee_recipient
address is set to the Lido Execution Layer Rewards Vault
.
Generate and import CSM validator keys.
Resources
Documentation: https://docs.teku.consensys.io/introduction
Discord: https://discord.gg/consensys (Select the Teku channel)
Last updated