Ethereum Merge Upgrade Checklist for Home Stakers and Validators

Quick to-do list before the merge arrives.

PreviousGuide | How to setup a validator for Ethereum staking on Pithos testnet in 10 minutes or less NextGuide | Operation Client Diversity: Migrate Prysm to Teku

Last updated 1 year ago

Ethereum Merge Upgrade Checklist for Home Stakers and Validators

Quick to-do list before the merge arrives.

Support us on Gitcoin Grants: 🙏

The following steps align with our . You may need to adjust file names and directory locations where appropriate. The core concepts remain the same.

Wen merge?

All testnets passed and the officially as of August 24, 2022!
- [2022/09/06 11:34:47am UTC] – Bellatrix Mainnet upgrade
- [Estimated: 2022/9/15] – Paris Mainnet Merge transition
Paris Mainnet merge transition is estimated to arrive on .

All stakers must upgrade to EL+CL Merge-ready nodes before September 6th!

What's merge?

How to merge?

Prerequisite: Before beginning, there is a mandatory requirement to run your own Execution Layer (EL) client (i.e. besu, geth, nethermind, erigon).

Outsourcing EL/eth1 to Infura is no longer possible post merge. Run your own.

In order to transition through the merge successfully, your validator node must:

1) Update to latest EL / CL node software

2) Create a jwtsecret file

3) Update startup commands with the following:

Set your suggested fee recipient address
Enable the authenticated port to the new Engine API

1) Update to latest EL / CL node software

First start by updating your system.

sudo apt -y update && sudo apt -y upgrade

Next, follow the instructions for updating EL or updating CL, or your node's official documentation.

Here are the Merge-Ready versions you require:

Consensus Layer

Name

Version

Link

Lighthouse

v3.1.0

Lodestar

v1.0.0

Nimbus

v22.9.0

Prysm

v3.1.0

Teku

22.9.0

Execution Layer

Name

Version

Link

Besu

22.7.2

Erigon

v2022.09.01-alpha

go-ethereum (geth)

v1.10.23

Nethermind

v1.14.1

2) Create a jwtsecret file

This new jwtsecret file contains a hexadecimal string that is passed to both Execution Layer client and Consensus Layer clients, and is used to ensure authenticated communications between both clients.

#store the jwtsecret file at /secrets
sudo mkdir -p /secrets

#create the jwtsecret file
openssl rand -hex 32 | tr -d "\n" | sudo tee /secrets/jwtsecret

#enable read access
sudo chmod 644 /secrets/jwtsecret

3) Update startup commands

Updates to your systemd file for the consensus layer, execution layer, or validator will be required to support the following new merge options:

Set your suggested fee recipient address
Enable the authenticated port to the new Engine API

Ensure you add/append the changes to the END of the ExecStart line.

To exit and save from the nano editor, press Ctrl + X, then Y, thenEnter.

The fee recipient address receives block proposal priority fees (aka mining tips) and is an ETH address you designate as your rewards address. These rewards are immediately spendable, unlike the validator's attestation and block proposal rewards.

Change 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS, your fee recipient address to an ETH address you control.

Location of system service files to update

# Consensus Client:
sudo nano /etc/systemd/system/beacon-chain.service

# Validator Client:
sudo nano /etc/systemd/system/validator.service

# Execution Client:
sudo nano /etc/systemd/system/eth1.service

For reference purposes only. Recommend refer to the official SomerEsat Merge Updates when available.

# Nimbus
sudo nano /etc/systemd/system/nimbus.service

# Prysm
sudo nano /etc/systemd/system/prysmvalidator.service
sudo nano /etc/systemd/system/prysmbeacon.service

# Lighthouse
sudo nano /etc/systemd/system/lighthousevalidator.service
sudo nano /etc/systemd/system/lighthousebeacon.service

# Teku
sudo nano /etc/systemd/system/teku.service

# Geth EL
sudo nano /etc/systemd/system/geth.service

Consensus Client Layer Changes (beacon chain)

--execution-endpoint http://127.0.0.1:8551 --execution-jwt /secrets/jwtsecret

If your Teku client is configured by passing in a TOML file (i.e. teku.yaml), edit teku.yaml with nano.

sudo nano /etc/teku/teku.yaml

Add the following lines to the yaml file:

# execution engine
ee-endpoint: http://localhost:8551
ee-jwt-secret-file: "/secrets/jwtsecret"

# fee recipient
validators-proposer-default-fee-recipient: "<0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS>"

Alternatively, if your Teku client is configured by --parameters in the systemd service file, add the following changes.

--ee-endpoint http://localhost:8551 --ee-jwt-secret-file "/secrets/jwtsecret" --validators-proposer-default-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

Use one configuration or the other but not both!

--jwt-secret /secrets/jwtsecret --execution.urls http://127.0.0.1:8551 --suggestedFeeRecipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

--web3-url=ws://127.0.0.1:8551 --jwt-secret="/secrets/jwtsecret" --suggested-fee-recipient=0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

--execution-endpoint=http://localhost:8551 --jwt-secret=/secrets/jwtsecret --suggested-fee-recipient=0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

Validator Client Changes

--suggested-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

Only if running in validator in a separate client

--validators-proposer-default-fee-recipient=0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

--suggestedFeeRecipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

--suggested-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS

Execution Client Layer Changes (eth1)

If your Besu client is configured by --parameters in the systemd service file, add the following changes.

--engine-jwt-secret=/secrets/jwtsecret

Alternatively, if your Besu client is configured by passing a TOML file (i.e. besu.yaml), edit besu.yaml with nano.

sudo nano /etc/besu/besu.yaml

Add the following line:

engine-jwt-secret="/secrets/jwtsecret"

Use one configuration or the other, but not both!

--authrpc.jwtsecret=/secrets/jwtsecret

--authrpc.jwtsecret=/secrets/jwtsecret

--JsonRpc.Host=127.0.0.1 --JsonRpc.JwtSecretFile=/secrets/jwtsecret

After adding the above startup commands, reload and restart your services.

sudo systemctl daemon-reload
sudo systemctl restart eth1 beacon-chain validator

Verify your logs look error-free and show use of the new configurations.

journalctl -fu eth1
journalctl -fu beacon-chain
journalctl -fu validator

Verify your validator is still attesting properly by checking an public block explorer such as beaconcha.in

Congrats! Your node should be merge ready now. Stay tuned to the latest news.

Post-Merge Cleanup and To-Dos

We've made it to a post-merge era! Consider the following changes to your startup commands.

Remove --eth1-endpoints , as the execution engine endpoint is now in use. Not removing this may cause extra chatter in logs.
Remove any Infura or backup beacon-chain CL references.
If your EL and CL are on separate machines, update your firewall. Port 8551 is now used instead of 8545.

Optional - Extra #TestingTheMerge

Can't get your mind off the merge? Here's some additional ideas and nice to haves.

Switch to a minority EL - suggestion: Use besu as "minority client". Besu features auto pruning.
Switch to a minority CL

PreviousGuide | How to setup a validator for Ethereum staking on Pithos testnet in 10 minutes or less NextGuide | Operation Client Diversity: Migrate Prysm to Teku

Last updated 1 year ago