Techne Bronze Speedrun (Launchpad)
Requirements
Obol Techne Bronze Credentials require node operators to run 50 testnet validator keys as a distributed validator cluster for 3 weeks, where Obol will fund the testnet ETH required to activate the validator keys.
Hardware (Holesky)
CPU: 4 cores
RAM: 16GB
SSD: 350GB
OS: Ubuntu 24.04
Install dependencies
Install Docker.
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo groupadd docker
sudo usermod -aG docker $USERExit and re-login.
exitGenerate your Obol ENR
cd
# Use docker to create an ENR. Backup the file `.charon/charon-enr-private-key`.
docker run --rm -v "$(pwd):/opt/charon" -u $(id -u):$(id -g) obolnetwork/charon:v1.3.0 create enrYou should expect to see a console output like this:
Created ENR private key: .charon/charon-enr-private-key
enr:-JG4QGQpV4qYe32QFUAbY1UyGNtNcrVMip83cvJRhw1brMslPeyELIz3q6dsZ7GblVaCjL_8FKQhF6Syg-O_kIWztimGAYHY5EvPgmlkgnY0gmlwhH8AAAGJc2VjcDI1NmsxoQKzMe_GFPpSqtnYl-mJr8uZAUtmkqccsAx7ojGmFy-FY4N0Y3CCDhqDdWRwgg4uSave the ENR public key in a text file on your laptop. You will need to use this in the next section.
The ENR public key is denoted as enr:-JG4QGQpV4qYe32QFUAbY1UyGNtNcrVMip83cvJRhw1brMslPeyELIz3q6dsZ7GblVaCjL_8FKQhF6Syg-O_kIWztimGAYHY5EvPgmlkgnY0gmlwhH8AAAGJc2VjcDI1NmsxoQKzMe_GFPpSqtnYl-mJr8uZAUtmkqccsAx7ojGmFy-FY4N0Y3CCDhqDdWRwgg4u in the example output above.
Restarting from scratch
If you want to redo the whole process, remove the existing charon-distributed-validator-node folder before re-running the set of commands above.
cd
sudo rm -r .charonRegister your ENRs
Appoint a cluster leader among your cluster.
The cluster leader will collect the wallet addresses of all members and configure the parameters of your cluster on the Obol Launchpad.
Select Create a cluster with a group >> read, click through, & sign the disclaimers with your wallet
Choose your cluster name and size (4, 7, or 10)
Input the wallet address of each operator
Set validators field to 50 (i.e., generate 50 validator keys)
Select
SPLIT ONLY REWARDSunder Withdrawal Configuration.Set the
Principal Recipientto0x17E6F6270A101dc7687Cc9899889819EeAF8253fbecause we want Obol to fund our testnet validators.Input the wallet addresses and the percentage split of each operator
Deploy 'Split Rewards' Contract(1 transaction) >>Confirm and sign(3 transactions)
Copy the group invite link and share it with your other cluster members.
They will need to accept the cluster configuration, input their respective ENR Public Keys , and then sign a message (2 transactions) with their respective wallet addresses set during the cluster creation step.
DKG Ceremony
Once all members have accepted the cluster configuration, everyone can now proceed to the distributed key generation (DKG) phase.
Each cluster member copies the DKG command generated for them and runs it on their own machine.
Once the DKG ceremony is completed, back up the .charon folder containing the following important files:
charon-enr-private-key
cluster-lock.json
validator_keys/
deposit-data.json
Back up using one of the 2 methods below.
This is the most secure method but requires having SSH access to your server from your laptop's terminal (i.e., after manually adding SSH public keys to your server).
scp -i PATH_TO_SSH_PRIVATE_KEY -r USER@EXTERNAL_IP_ADDRESS:~/.charon $HOME/DocumentsYour .charon folder will now be found on your laptop's Documents folder. Note that .charon is a hidden folder so you will not see it being displayed in your file system.
Then, set the following permissions.
sudo chmod +x ~/.charon
sudo chmod 755 ~/.charon
sudo chmod 600 ~/.charon/charon-enr-private-keySet up ETH Docker
Each cluster member needs to spin up a "vanilla" validator node.
Changes to note:
Set the
Reward Addressto your cluster's Splitter contract.
Edit the configuration file
Edit the .env file in the eth-docker folder.
cd
nano ~/eth-docker/.envAppend
:lido-obol.ymlin theCOMPOSE_FILEline.
Example:
Change the
CL_NODEline to http://charon:3600 (from http://consensus:5052)
Example:
CTRL+O, ENTER, CTRL+X to save and exit.
Start your Obol-enabled validator node
Migrate .charon contents into ETHDocker.
cd
sudo cp -r .charon/* eth-docker/.eth
sudo chown -R $USER:$USER eth-docker/.eth/validator_keysStart ETH Docker.
ethd upAfter all your services running via Docker "warmed up" for ~5 minutes, import your validator key shards.
ethd keys importMonitoring Charon
Print Obol's Charon logs.
ethd logs charon -f --tail 20Other monitoring commands under "View Logs" section of the overall ETH Docker page.
Grafana Dashboards
Open up a browser webpage and enter the following URL.
http://<VM_external_IP>:3000Enter "admin" for both the username and password.
Navigate to
Dashboards. The 2 most common dashboards when running Obol DVTs areCharon Log DashboardandCharon Overview
Register your cluster for funding
Cluster leader to fill up the Obol Techne Credentials registration form here.
Copy and paste the cluster-lock.json and deposit-data.json files from your node to a text editor your laptop so that you can upload them easily onto the form.
sudo cat ~/.charon/cluster-lock.jsonsudo cat ~/.charon/deposit-data.jsonAdd Obol monitoring credentials
You will receive your monitoring credentials after registrering your cluster with Obol Techne Credentials Progamme and you will need to add it into your ETH Docker configuration.
Open up the obol-prom.yml file for editing.
nano ~/eth-docker/prometheus/obol-prom.ymlReplace the credentials field with your actual monitoring credentials.
CTRL+O, ENTER, CTRL+X to save and exit.
Copy the contents over into the custom-prom.yml file that is empty by default but already incorporated in the default ETH Docker configurations.
cp ~/eth-docker/prometheus/obol-prom.yml ~/eth-docker/prometheus/custom-prom.ymlThen, restart your ETH Docker services.
ethd down
ethd upSecuring your device
Firewall Rules
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # for SSH
sudo ufw allow 30303 # for the EL
sudo ufw allow 9000 # for the CL
sudo ufw allow 3000 # for the native Grafana
sudo ufw allow 3610 # for Obol P2P
sudo ufw enableMake sure to also configure port forwarding on the ports allowed above.
Other Security SOPs
Exiting your DV
I'm still working on the way to exit for each CL client. For now I only managed to test it successfully with Lodestar & Teku so we will switch to the those CLs before signing the exit messages.
Delete all the validator keyshards currently imported onto validator client and export their slashing protection databases.
ethd keys delete allBring down your ETH Docker services.
ethd downOpen the .env file for editing and switch your CL client to lodestar.yml or teku.yml in the COMPOSE_FILE line.
nano ~/eth-docker/.envBring your ETH Docker back up.
ethd upWait for 15 minutes before re-importing your validator keyshards into the new validator client (comes with the new CL). Note: Select "N" for "Do all keys have the same password.
ethd keys importThen run the following
docker exec -it eth-docker-validator-1 node /usr/app/packages/cli/bin/lodestar validator voluntary-exit \
--beaconNodes="http://charon:3600" \
--dataDir="/var/lib/lodestar/validators" \
--exitEpoch=256 \
--network=hoodi \
--yesSupport
Donations
If you found this helpful, consider supporting Stakesaurus in one of few ways here!
Last updated
