Ethereum Merge Upgrade Checklist for Home Stakers and Validators
Quick to-do list before the merge arrives.
The following steps align with our mainnet guide. You may need to adjust file names and directory locations where appropriate. The core concepts remain the same.
[2022/09/06 11:34:47am UTC]– Bellatrix Mainnet upgrade[Estimated: 2022/9/15]– Paris Mainnet Merge transition
- Paris Mainnet merge transition is estimated to arrive on Sept 15 2022 with TTD 58750000000000000000000.
All stakers must upgrade to EL+CL Merge-ready nodes before September 6th!
Enough said
Prerequisite: Before beginning, there is a mandatory requirement to run your own Execution Layer (EL) client (i.e. besu, geth, nethermind, erigon).
Outsourcing EL/eth1 to Infura is no longer possible post merge. Run your own.
1) Update to latest EL / CL node software
2) Create a jwtsecret file
3) Update startup commands with the following:
- Set your suggested fee recipient address
- Enable the authenticated port to the new Engine API
First start by updating your system.
sudo apt -y update && sudo apt -y upgrade
Next, follow the instructions for updating EL or updating CL, or your node's official documentation.
Here are the Merge-Ready versions you require:
Consensus Layer
Execution Layer
This new jwtsecret file contains a hexadecimal string that is passed to both Execution Layer client and Consensus Layer clients, and is used to ensure authenticated communications between both clients.
#store the jwtsecret file at /secrets
sudo mkdir -p /secrets
#create the jwtsecret file
openssl rand -hex 32 | tr -d "\n" | sudo tee /secrets/jwtsecret
#enable read access
sudo chmod 644 /secrets/jwtsecret
Updates to your systemd file for the consensus layer, execution layer, or validator will be required to support the following new merge options:
- Set your suggested fee recipient address
- Enable the authenticated port to the new Engine API
Ensure you add/append the changes to the END of the
ExecStart line.To exit and save from the
nano editor, press Ctrl + X, then Y, thenEnter.The fee recipient address receives block proposal priority fees (aka mining tips) and is an ETH address you designate as your rewards address. These rewards are immediately spendable, unlike the validator's attestation and block proposal rewards.
Change 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS, your fee recipient address to an ETH address you control.
For advanced fee recipient configurations, i.e. you want a unique ETH address per validator for privacy reasons, refer to the official documents at: Teku | Lighthouse | Nimbus | Prysm | Lodestar
CoinCashew
SomerEsat
# Consensus Client:
sudo nano /etc/systemd/system/beacon-chain.service
# Validator Client:
sudo nano /etc/systemd/system/validator.service
# Execution Client:
sudo nano /etc/systemd/system/eth1.service
For reference purposes only. Recommend refer to the official SomerEsat Merge Updates when available.
# Nimbus
sudo nano /etc/systemd/system/nimbus.service
# Prysm
sudo nano /etc/systemd/system/prysmvalidator.service
sudo nano /etc/systemd/system/prysmbeacon.service
# Lighthouse
sudo nano /etc/systemd/system/lighthousevalidator.service
sudo nano /etc/systemd/system/lighthousebeacon.service
# Teku
sudo nano /etc/systemd/system/teku.service
# Geth EL
sudo nano /etc/systemd/system/geth.service
Consensus Client Layer Changes (beacon chain)
Lighthouse
Teku
Lodestar
Nimbus
Prysm
--execution-endpoint http://127.0.0.1:8551 --execution-jwt /secrets/jwtsecret
If your Teku client is configured by passing in a TOML file (i.e. teku.yaml), edit
teku.yaml with nano.sudo nano /etc/teku/teku.yaml
Add the following lines to the yaml file:
# execution engine
ee-endpoint: http://localhost:8551
ee-jwt-secret-file: "/secrets/jwtsecret"
# fee recipient
validators-proposer-default-fee-recipient: "<0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS>"
Alternatively, if your Teku client is configured by --parameters in the systemd service file, add the following changes.
--ee-endpoint http://localhost:8551 --ee-jwt-secret-file "/secrets/jwtsecret" --validators-proposer-default-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
Use one configuration or the other but not both!
--jwt-secret /secrets/jwtsecret --execution.urls http://127.0.0.1:8551 --suggestedFeeRecipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
--web3-url=ws://127.0.0.1:8551 --jwt-secret="/secrets/jwtsecret" --suggested-fee-recipient=0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
--execution-endpoint=http://localhost:8551 --jwt-secret=/secrets/jwtsecret --suggested-fee-recipient=0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
Validator Client Changes
Lighthouse
Teku
Lodestar
Nimbus
Prysm
--suggested-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
Only if running in validator in a separate client
--validators-proposer-default-fee-recipient=0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
--suggestedFeeRecipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
Runs in consensus client, not needed.
--suggested-fee-recipient 0x_CHANGE_THIS_TO_MY_ETH_FEE_RECIPIENT_ADDRESS
Execution Client Layer Changes (eth1)
Besu
Geth
Erigon
Nethermind
If your Besu client is configured by --parameters in the systemd service file, add the following changes.
--engine-jwt-secret=/secrets/jwtsecret
Alternatively, if your Besu client is configured by passing a TOML file (i.e. besu.yaml), edit
besu.yaml with nano.sudo nano /etc/besu/besu.yaml
Add the following line:
engine-jwt-secret="/secrets/jwtsecret"
Use one configuration or the other, but not both!
--authrpc.jwtsecret=/secrets/jwtsecret
--authrpc.jwtsecret=/secrets/jwtsecret
--JsonRpc.Host=127.0.0.1 --JsonRpc.JwtSecretFile=/secrets/jwtsecret
After adding the above startup commands, reload and restart your services.
sudo systemctl daemon-reload
sudo systemctl restart eth1 beacon-chain validator
Verify your logs look error-free and show use of the new configurations.
journalctl -fu eth1
journalctl -fu beacon-chain
journalctl -fu validator
Verify your validator is still attesting properly by checking an public block explorer such as beaconcha.in
Congrats! Your node should be merge ready now. Stay tuned to the latest news.
We've made it to a post-merge era! Consider the following changes to your startup commands.
- Remove
--eth1-endpoints, as the execution engine endpoint is now in use. Not removing this may cause extra chatter in logs. - Remove any Infura or backup beacon-chain CL references.
- If your EL and CL are on separate machines, update your firewall. Port 8551 is now used instead of 8545.
Can't get your mind off the merge? Here's some additional ideas and nice to haves.
[] Test your merge configurations on Goerli testnet
✅
- Switch to a minority EL - suggestion: Use besu as "minority client". Besu features auto pruning.
- Switch to a minority CL
[] Configure MetaMask to use your own node. Bye Infura outages.
✅
[] Upgrade node storage to 2TB+
✅
[] Prune your EL node
✅
[] Test / dev / deploy code on the testnets
✅