Method 2: Configure on separate validator client

As we will be using Docker to run the Lodestar VC, we only need to install Docker at this point, and the actual Lodestar binary files will be downloaded when spinning up the Docker container.

Installing dependencies - Docker

The script below performs the following:

1. Download and run the official Docker installation script

2. Creates a new user group called "docker"

3. Adds your current Linux user account to this new docker group

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

sudo groupadd docker
sudo usermod -aG docker $USER

Log out and then back in again for the new user group settings to take effect.

exit

ssh <user>@<IP_address> -p <port_no.> -i <SSH_key> -v

Prepare the CSM validator keystores

1) Create a new folders to store the validator client data, validator keystore, and the validator keystore password

sudo mkdir -p /var/lib/csm_nimbus_validator

2) Run the validator key import process.

sudo /usr/local/bin/nimbus_beacon_node deposits import --data-dir:/var/lib/csm_nimbus_validator/ ~/staking_deposit-cli*/validator_keys

3) Change the owner of this new folder to the csm_nimbus_validator user

4) Restrict permissions on this new folder such that only the owner is able to read, write, and execute files in this folder

sudo chown -R csm_nimbus_validator:csm_nimbus_validator /var/lib/csm_nimbus_validator
sudo chmod 700 /var/lib/csm_nimbus_validator

Prepare the validator data directory

1) Create 3 new folders to store the validator client data, validator keystore, and the validator keystore password

2) Copy the validator keystores and it's password file into their respective folders

3) Change the owner of these new folders to the csm_lodestar_validatoruser

4) Restrict permissions on this new folder such that only the owner is able to read, write, and execute files in this folder

5) Retrieve the UID and GID of the csm_lodestar_validator user account to be used in your docker-compose.yml file in the next step

sudo mkdir -p /var/lib/csm_lodestar_validator/validator_keystores /var/lib/csm_lodestar_validator/keystore_password
sudo cp ~/validator_keys/<validator_keystore.json> /var/lib/csm_lodestar_validator/validator_keystores
sudo cp ~/validator_keys/<validator_keystore_password.txt> /var/lib/csm_lodestar_validator/keystore_password
sudo chown -R csm_lodestar_validator:csm_lodestar_validator /var/lib/csm_lodestar_validator
sudo chmod 700 /var/lib/csm_lodestar_validator
id csm_lodestar_validator

Expected output:

uid=1004(csm_lodestar_validator) gid=1005(csm_lodestar_validator) groups=1005(csm_lodestar_validator)

New folders created:

/var/lib/csm_lodestar_validator/
/var/lib/csm_lodestar_validator/validator_keystores
/var/lib/csm_lodestar_validator/keystore_password

Prepare the validator data directory

1) Create a new folders to store the validator client data, validator keystore, and the validator keystore password

sudo mkdir -p /var/lib/csm_lighthouse_validator

2) Run the validator key import process.

sudo lighthouse account validator import --network holesky --datadir /var/lib/csm_lighthouse_validator --directory=$HOME/staking_deposit-cli*/validator_keys

Expected output:

3) Change the owner of this new folder to the csm_lighthouse_validator user

4) Restrict permissions on this new folder such that only the owner is able to read, write, and execute files in this folder

sudo chown -R csm_lighthouse_validator:csm_lighthouse_validator /var/lib/csm_lighthouse_validator
sudo chmod 700 /var/lib/csm_lighthouse_validator

1) Create a new folders to store the validator client data, validator keystore, and the validator keystore password

sudo mkdir -p /var/lib/csm_prysm_validator

2) Run the validator key import process.

sudo /usr/local/bin/prysmvalidator accounts import --keys-dir=$HOME/staking_deposit-cli*/validator_keys --wallet-dir=/var/lib/csm_prysm_validator --holesky

Note: You will be prompted to accept the terms of use, create a new password for the Prysm wallet, and enter the password of your validator keystore.

Expected output:

3) Create a plain text password file for the Prysm wallet

sudo nano /var/lib/csm_prysm_validator/password.txt

Enter the password you set during the validator keystore import process. Then, save + exit with CTRL+O, ENTER, CTRL+C.

4) Change the owner of this new folder to the csm_prysm_validator user

5) Restrict permissions on this new folder such that only the owner is able to read, write, and execute files in this folder

sudo chown -R csm_prysmvalidator:csm_prysmvalidator /var/lib/csm_prysm_validator
sudo chmod 700 /var/lib/csm_prysm_validator

Create a systemd configuration file for the Nimbus Validator Client service to run in the background.

sudo nano /etc/systemd/system/csm_nimbusvalidator.service

Paste the configuration parameters below into the file:

[Unit]
Description=CSM Nimbus Validator Client
Wants=network-online.target
After=network-online.target

[Service]
User=csm_nimbus_validator
Group=csm_nimbus_validator
Type=simple
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/nimbus_validator_client \
  --data-dir=/var/lib/csm_nimbus_validator \
  --payload-builder=true \
  --beacon-node=http://<Internal_IP_address>:5051 \
  --metrics \
  --metrics-port=8108 \
  --suggested-fee-recipient=<holesky_or_mainnet_fee_recipient_address> \
  --graffiti="<your_graffiti>" \
  --doppelganger-detection

[Install]
WantedBy=multi-user.target

Once you're done, save with Ctrl+O and Enter, then exit with Ctrl+X. Understand and review your configuration summary below, and amend if needed.

Refer to the native Nimbus validator client setup section for more information on the other flags used.

Create a new folder for the CSM Lodestar validator client.

cd
sudo mkdir csm_lodestar_validator

Create a docker-compose.yml file in the Lodestar folder.

cd ~/csm_lodestar_validator
sudo nano docker-compose.yml

Paste the following configuration into the docker-compose.yml file. Note: This is similar to the systemd configuration file used in the setup of other clients in this curriculum.

services:
  validator_client:
    image: chainsafe/lodestar:latest
    container_name: csm_lodestar_validator
    user: <UID>:<GID> #replace with the actual UID and GID of the csm_lodestar_validator user
    restart: unless-stopped
    volumes:
      - /var/lib/csm_lodestar_validator:/var/lib/csm_lodestar_validator
    command:
      - validator
      - --dataDir
      - /var/lib/csm_lodestar_validator
      - --importKeystores
      - /var/lib/csm_lodestar_validator/validator_keystores
      - --importKeystoresPassword
      - /var/lib/csm_lodestar_validator/keystore_password/<validator_signing_keystore_password_file_name>.txt
      - --network
      - <holesky_or_mainnet>
      - --beaconNodes
      - http://<Internal_IP_address>:5051
      - --builder
      - --builder.boostFactor
      - 100
      - --suggestedFeeRecipient
      - "<holesky_or_mainnet_fee_recipient_address>"
      - --doppelgangerProtection
      - --metrics
      - --metrics.port
      - "5064"
      - --graffiti
      - "your_graffiti"
    environment:
      NODE_OPTIONS: --max-old-space-size=2048
    ports:
      - "5064:5064"

Once you're done, save with Ctrl+O and Enter, then exit with Ctrl+X.

Refer to the native Lodestar validator client setup section for more information on the other flags used.

Create a systemd configuration file for the Lighthouse Validator Client service to run in the background.

sudo nano /etc/systemd/system/csm_lighthousevalidator.service

Paste the configuration parameters below into the file:

[Unit]
Description=CSM Lighthouse Validator Client (Holesky)
Wants=network-online.target
After=network-online.target

[Service]
User=csm_lighthouse_validator
Group=csm_lighthouse_validator
Type=simple
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/lighthouse vc \
  --network <holesky_or_mainnet> \
  --datadir /var/lib/csm_lighthouse_validator \
  --builder-proposals \
  --builder-boost-factor 100 \
  --beacon-nodes http://<Internal_IP_address>:5051 \
  --metrics \
  --metrics-port 8108 \
  --suggested-fee-recipient <holesky_or_mainnet_fee_recipient_address> \
  --graffiti="<your_graffiti>" \
  --enable-doppelganger-protection

[Install]
WantedBy=multi-user.target

Once you're done, save with Ctrl+O and Enter, then exit with Ctrl+X. Understand and review your configuration summary below, and amend if needed.

Refer to the native Lighthouse validator client setup section for more information on the other flags used.

Create a systemd configuration file for the Prysm Validator Client service to run in the background.

sudo nano /etc/systemd/system/csm_prysmvalidator.service

Paste the configuration parameters below into the file:

[Unit]
Description=CSM Prysm Validator Client (Holesky)
Wants=network-online.target
After=network-online.target

[Service]
User=csm_prysm_validator
Group=csm_prysm_validator
Type=simple
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/prysmvalidator \
  --accept-terms-of-use \
  --<holesky_or_mainnet> \
  --datadir=/var/lib/csm_prysm_validator \
  --enable-builder \
  --beacon-rpc-provider=<Internal_IP_address>:4000 \
  --beacon-rpc-gateway-provider=<Internal_IP_address>:5051 \
  --wallet-dir=/var/lib/csm_prysm_validator \
  --wallet-password-file=/var/lib/csm_prysm_validator/password.txt \
  --monitoring-port=8108 \
  --suggested-fee-recipient=<holesky_or_mainnet_fee_recipient_address> \
  --graffiti="<your_graffiti>" \
  --enable-doppelganger

[Install]
WantedBy=multi-user.target

Once you're done, save with Ctrl+O and Enter, then exit with Ctrl+X. Understand and review your configuration summary below, and amend if needed.

Refer to the native Lighthouse validator client setup section for more information on the other flags used.

Reload the systemd daemon to register the changes made, start the Nimbus Validator Client, and check its status to make sure its running.

sudo systemctl daemon-reload
sudo systemctl start csm_nimbusvalidator.service
sudo systemctl status csm_nimbusvalidator.service

The output should say the Nimbus Validator Client is “active (running)”. Press CTRL-C to exit and the Nimbus Validator Client will continue to run.

Use the following command to check the logs for any warnings or errors:

sudo journalctl -fu csm_nimbusvalidator -o cat | ccze -A

Expected output:

Press CTRL-C to exit.

If the Nimbus Validator Client service is running smoothly, we can now enable it to fire up automatically when rebooting the system.

sudo systemctl enable csm_nimbusvalidator

Expected output:

Created symlink /etc/systemd/system/multi-user.target.wants/csm_nimbusvalidator.service → /etc/systemd/system/csm_nimbusvalidator.service.

Remove duplicates of validator keystores

To prevent configuration mistakes leading to double signing in the future, remove duplicate copies of the validator signing keystores once everything is running smoothly.

sudo rm -r ~/staking_deposit-cli*/validator_keys

1) Make sure you are in the same folder as the docker-compose.yml file you created earlier.

cd ~/csm_lodestar_validator

2) Start the docker container.

docker compose up -d

Expected output:

3) Make sure there are no error messages by monitoring the logs for a few minutes.

docker logs csm_lodestar_validator -f

Remove duplicates of validator keystores

To prevent configuration mistakes leading to double signing in the future, remove duplicate copies of the validator signing keystores once everything is running smoothly.

sudo rm -r ~/staking_deposit-cli*/validator_keys

Reload the systemd daemon to register the changes made, start the Lighthouse Validator Client, and check its status to make sure its running.

sudo systemctl daemon-reload
sudo systemctl start csm_lighthousevalidator.service
sudo systemctl status csm_lighthousevalidator.service

The output should say the Lighthouse Validator Client is “active (running)”. Press CTRL-C to exit and the Lighthouse Validator Client will continue to run.

Use the following command to check the logs for any warnings or errors:

sudo journalctl -fu csm_lighthousevalidator -o cat | ccze -A

Expected output:

Press CTRL-C to exit.

If the Lighthouse Validator Client service is running smoothly, we can now enable it to fire up automatically when rebooting the system.

sudo systemctl enable csm_lighthousevalidator

Expected output:

Created symlink /etc/systemd/system/multi-user.target.wants/csm_lighthousevalidator.service → /etc/systemd/system/csm_lighthousevalidator.service.

Remove duplicates of validator keystores

To prevent configuration mistakes leading to double signing in the future, remove duplicate copies of the validator signing keystores once everything is running smoothly.

sudo rm -r ~/staking_deposit-cli*/validator_keys

Reload the systemd daemon to register the changes made, start the Prysm Validator Client, and check its status to make sure its running.

sudo systemctl daemon-reload
sudo systemctl start csm_prysmvalidator.service
sudo systemctl status csm_prysmvalidator.service

The output should say the Prysm Validator Client is “active (running)”. Press CTRL-C to exit and the Prysm Validator Client will continue to run.

Use the following command to check the logs for any warnings or errors:

sudo journalctl -fu csm_prysmvalidator -o cat | ccze -A

Expected output:

Press CTRL-C to exit.

If the Prysm Validator Client service is running smoothly, we can now enable it to fire up automatically when rebooting the system.

sudo systemctl enable csm_prysmvalidator

Expected output:

Created symlink /etc/systemd/system/multi-user.target.wants/csm_prysmvalidator.service → /etc/systemd/system/csm_prysmvalidator.service.

Remove duplicates of validator keystores

To prevent configuration mistakes leading to double signing in the future, remove duplicate copies of the validator signing keystores once everything is running smoothly.

sudo rm -r ~/staking_deposit-cli*/validator_keys

ETH Docker sets the fee_recipient address on the validator key level. Refer to the subpage below, under "Automation Tools".