Guide: How to stake on ETH2 Mainnet with Lighthouse on Ubuntu
Nov 24 2020 Update: The new mainnet guide is located here.
Instructions below are now deprecated and for reference only.
Lighthouse is an Eth2.0 client with a heavy focus on speed and security. The team behind it, Sigma Prime, is an information security and software engineering firm who have funded Lighthouse along with the Ethereum Foundation, Consensys, and private individuals. Lighthouse is built in Rust and offered under an Apache 2.0 License.
As a validator for eth2, you will typically have the following abilities:
operational knowledge of how to set up, run and maintain a eth2 beacon node and validator continuously
a long term commitment to maintain your validator 24/7/365
basic operating system skills
have learned the essentials by watching 'Intro to Eth2 & Staking for Beginners' by Superphiz
have passed or is actively enrolled in the Eth2 Study Master course
and have read the 8 Things Every Eth2 validator should know.
Operating system: 64-bit Linux (i.e. Ubuntu 20.04 LTS)
Processor: Dual core CPU, Intel Core i5–760 or AMD FX-8100 or better
Memory: 8GB RAM
Storage: 20GB SSD
Internet: Broadband internet connection with speeds at least 1 Mbps.
Power: Reliable electrical power.
ETH balance: at least 32 ETH and some ETH for deposit transaction fees
Wallet: Metamask installed
Operating system: 64-bit Linux (i.e. Ubuntu 20.04 LTS)
Processor: Quad core CPU, Intel Core i7–4770 or AMD FX-8310 or better
Memory: 16GB RAM or more
Storage: 1TB SSD or more
Internet: Broadband internet connections with speeds at least 10 Mbps
Power: Reliable electrical power with uninterruptible power supply (UPS)
ETH balance: at least 32 ETH and some ETH for deposit transaction fees
Wallet: Metamask installed
✨ Pro Validator Tip: Highly recommend you begin with a brand new instance of an OS, VM, and/or machine. Avoid headaches by NOT reusing testnet keys, wallets, or databases for your mainnet validator.
If you need ideas or a reminder on how to secure your validator, refer to
If you need to install Ubuntu, refer to
If you need to install Metamask, refer to
Every 32 ETH you own allows you to make 1 validator. You can run thousands of validators with your beacon node.
Your ETH (or multiples of 32 ETH) should be consolidated into a single address accessible with Metamask.
If you need to buy/exchange or top up your ETH to a multiple of 32, check out:
Install dependencies, the ethereum foundation deposit tool and generate your two sets of key pairs.
Each validator will have two sets of key pairs. A signing key and a withdrawal key. These keys are derived from a single mnemonic phrase. Learn more about keys.
You have the choice of downloading the pre-built ethereum foundation deposit tool or building it from source.
Download eth2deposit-cli.
cd $HOMEwget https://github.com/ethereum/eth2.0-deposit-cli/releases/download/v1.0.0/eth2deposit-cli-9310de0-linux-amd64.tar.gz
Verify the SHA256 Checksum matches the checksum on the releases page.
sha256sum eth2deposit-cli-9310de0-linux-amd64.tar.gz# SHA256 should be# b09da136895a7f77a4b430924ea2ae5827fa47b2bf444c4ea6fcfac5b04b8c8a
Extract the archive.
tar -xvf eth2deposit-cli-9310de0-linux-amd64.tar.gzcd eth2deposit-cli-9310de0-linux-amd64
Make a new mnemonic.
./deposit new-mnemonic --chain mainnet
Install dependencies.
sudo apt updatesudo apt install python3-pip git -y
Download source code and install.
mkdir ~/gitcd ~/gitgit clone https://github.com/ethereum/eth2.0-deposit-cli.gitcd eth2.0-deposit-clisudo ./deposit.sh install
Make a new mnemonic.
./deposit.sh new-mnemonic --chain mainnet
🔥[ Optional ] Pro Security Tip: Run the eth2deposit-cli tool and generate your mnemonic seed for your validator keys on an air-gapped offline machine.
You can copy via USB key the pre-built eth2deposit-cli binaries from an online machine to an air-gapped offline machine.
Protects against key-logging attacks, malware/virus based attacks and other firewall or security exploits.
Physically isolated from the rest of your network.
Must not have a network connection, wired or wireless.
Is not a VM on a machine with a network connection.
Learn more about air-gapping at wikipedia.
2. Follow the prompts and pick a password. Write down your mnemonic and keep this safe and offline.
3. Follow the steps at https://launchpad.ethereum.org/ while skipping over the steps you already just completed. Study the eth2 phase 0 overview material. Understanding eth2 is the key to success!
4. Back on the launchpad website, upload yourdeposit_data-#########.json found in the validator_keys directory.
5. Connect to the launchpad with your Metamask wallet, review and accept terms.
6. Confirm the transaction(s). There's one deposit transaction of 32 ETH for each validator.
Your transaction is sending and depositing your ETH to the official ETH2 deposit contract address.
Check, double-check, triple-check that the official Eth2 deposit contract address is correct.0x00000000219ab540356cBB839Cbe05303d7705Fa
Be sure to write down or record your mnemonic seed offline. Not email. Not cloud.
Make offline backups, such as to a USB key, of your validator_keys directory.
Ethereum 2.0 requires a connection to Ethereum 1.0 in order to monitor for 32 ETH validator deposits. Hosting your own Ethereum 1.0 node is the best way to maximize decentralization and minimize dependency on third parties such as Infura.
The subsequent steps assume you have completed the best practices security guide.
Your choice of either OpenEthereum, Geth, Besu or Nethermind.
mkdir ~/openethereum && cd ~/openethereumwget https://github.com/openethereum/openethereum/releases/download/v3.0.1/openethereum-linux-v3.0.1.zipunzip openethereum*.zipchmod +x openethereumrm openethereum*.zip
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
cat > $HOME/eth1.service << EOF[Unit]Description = openethereum eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)WorkingDirectory= /home/$(whoami)/openethereumExecStart = /home/$(whoami)/openethereum/openethereum --chain foundationRestart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.servicesudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
sudo add-apt-repository -y ppa:ethereum/ethereumsudo apt-get update -ysudo apt-get install ethereum -y
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
cat > $HOME/eth1.service << EOF[Unit]Description = geth eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)ExecStart = /usr/bin/geth --httpRestart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.servicesudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
sudo apt install openjdk-11-jdk
cdwget -O besu.tar.gz https://bintray.com/hyperledger-org/besu-repo/download_file?file_path=besu-1.5.0.tar.gztar -xvf besu.tar.gzrm besu.tar.gzmv besu-1.5.0 besu
⚙ Setup and configure systemd
Run the following to create a unit file to define your eth1.service configuration.
cat > $HOME/eth1.service << EOF[Unit]Description = openethereum eth1 serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)WorkingDirectory= /home/$(whoami)/besu/binExecStart = /home/$(whoami)/besu/bin/besu --data-path="$HOME/.ethereum_besu"Restart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/eth1.service /etc/systemd/system/eth1.servicesudo chmod 644 /etc/systemd/system/eth1.service
Run the following to enable auto-start at boot time.
sudo systemctl daemon-reloadsudo systemctl enable eth1
sudo systemctl start eth1
sudo apt-get update && sudo apt-get install libsnappy-dev libc6-dev libc6 unzip -y
mkdir ~/nethermind && cd ~/nethermindwget -O nethermind.zip https://nethdev.blob.core.windows.net/builds/nethermind-linux-amd64-1.8.77-9d3a58a.zipunzip nethermind.ziprm nethermind.zip
./Nethermind.Launcher
Select
Ethereum NodeSelect
Ethereum (mainnet)then selectFast syncYes to enable web3 / JSON RPC
Accept default IP
Skip ethstats registration
🚧 Untested - TBD - Work in progress 🚧
Use a third party by signing up for an API access key at https://infura.io/
Syncing the eth1 node could take up to 24 hour.
Your eth1 node is fully sync'd when these events occur.
OpenEthereum:Imported #<block number>Geth:Imported new chain segmentBesu:Imported #<block number>Nethermind:No longer syncing Old Headers
🗒 To view and follow eth1 logs
journalctl -u eth1 -f
🗒 To stop eth1 service
sudo systemctl stop eth1
🛑 Before continuing the rest of this guide, we recommend you wait until closer to Dec 1st as the lighthouse code is rapidly preparing for mainnet. 🚧
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
In case of compilation errors, runrustup update
Enter '1' to proceed with the default install.
Update your environment variables.
echo export PATH="$HOME/.cargo/bin:$PATH" >> ~/.bashrcsource ~/.bashrc
Install rust dependencies.
sudo apt install -y git gcc g++ make cmake pkg-config libssl-dev
cd ~/gitgit clone https://github.com/sigp/lighthouse.gitcd lighthousemake
This build process may take up to an hour.
Verify lighthouse was installed properly by checking the version number.
lighthouse --version
Select the tab corresponding to how you installed eth2deposit-cli.
lighthouse account validator import --directory=$HOME/eth2deposit-cli-9310de0-linux-amd64/validator_keys
lighthouse account validator import --directory=$HOME/git/eth2.0-deposit-cli/validator_keys
Enter your keystore's password to import accounts.
WARNING: DO NOT USE THE ORIGINAL KEYSTORES TO VALIDATE WITH ANOTHER CLIENT, OR YOU WILL GET SLASHED.
Specific to your networking setup or cloud provider settings, ensure your validator's firewall ports are open and reachable.
Lighthouse beacon chain requires port 9000 for tcp and udp
eth1 node requires port 30303 for tcp and udp
✨ Port Forwarding Tip: You'll need to forward and open ports to your validator. Verify it's working with https://www.yougetsignal.com/tools/open-ports/ or https://canyouseeme.org/ .
If you participated in any of the prior test nets, you need to clear the database.
rm -rf $HOME/.lighthouse
Your choice of running a beacon chain manually from command line or automatically with systemd.
Auto-start your beacon chain when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed beacon chain processes.
Maximize your beacon chain up-time and performance.
Run the following to create a unit file to define yourbeacon-chain.service configuration.
cat > $HOME/beacon-chain.service << EOF# The eth2 beacon chain service (part of systemd)# file: /etc/systemd/system/beacon-chain.service[Unit]Description = eth2 beacon chain serviceWants = network-online.targetAfter = network-online.target[Service]User = $(whoami)WorkingDirectory= /home/$(whoami)/git/lighthouseExecStart = $(which lighthouse) bn --staking --metricsRestart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/beacon-chain.service /etc/systemd/system/beacon-chain.servicesudo chmod 644 /etc/systemd/system/beacon-chain.service
Run the following to enable auto-start at boot time and then start your beacon node service.
sudo systemctl daemon-reloadsudo systemctl enable beacon-chainsudo systemctl start beacon-chain
Nice work. Your beacon chain is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
sudo systemctl is-active beacon-chain
sudo systemctl status beacon-chain
sudo systemctl reload-or-restart beacon-chain
sudo systemctl stop beacon-chain
journalctl --unit=beacon-chain --since=yesterdayjournalctl --unit=beacon-chain --since=todayjournalctl --unit=beacon-chain --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
In a new terminal, start the beacon chain.
lighthouse bn --staking --metrics
The --metrics flag enables reporting on port 5054 and will be monitored with Prometheus.
Allow the beacon chain to fully sync with eth1 chain before continuing.
Continue when you see the "Beacon chain initialized" message.
Your choice of running a validator manually from command line or automatically with systemd.
Auto-start your validator when the computer reboots due to maintenance, power outage, etc.
Automatically restart crashed validator processes.
Maximize your validator up-time and performance.
Run the following to create a unit file to define yourvalidator.service configuration.
cat > $HOME/validator.service << EOF# The eth2 validator service (part of systemd)# file: /etc/systemd/system/validator.service[Unit]Description = eth2 validator serviceWants = network-online.target beacon-chain.serviceAfter = network-online.target[Service]User = $(whoami)WorkingDirectory= /home/$(whoami)/git/lighthouseExecStart = $(which lighthouse) vcRestart = on-failure[Install]WantedBy = multi-user.targetEOF
Move the unit file to /etc/systemd/system and give it permissions.
sudo mv $HOME/validator.service /etc/systemd/system/validator.servicesudo chmod 644 /etc/systemd/system/validator.service
Run the following to enable auto-start at boot time and then start your validator.
sudo systemctl daemon-reloadsudo systemctl enable validatorsudo systemctl start validator
Nice work. Your validator is now managed by the reliability and robustness of systemd. Below are some commands for using systemd.
sudo systemctl is-active validator
sudo systemctl status validator
sudo systemctl reload-or-restart validator
sudo systemctl stop validator
journalctl --unit=validator --since=yesterdayjournalctl --unit=validator --since=todayjournalctl --unit=validator --since='2020-12-01 00:00:00' --until='2020-12-02 12:00:00'
In a new terminal, start the validator.
lighthouse vc
Verify that your validator public key appears in the logs. Example below:
INFO Enabled validator voting_pubkey: 0x2374.....7121
Validator client - Responsible for producing new blocks and attestations in the beacon chain and shard chains.
Beacon chain client - Responsible for managing the state of the beacon chain, validator shuffling, and more.
Congratulations. Once your beacon chain is sync'd, validator up and running, you just wait for activation. This process can take 24+ hours. When you're assigned, your validator will begin creating and voting on blocks while earning staking rewards.
Use beaconcha.in and register an account to create alerts and track your validator's performance.
Because beacon chain relies on accurate times to perform attestations and produce blocks, your computer's time must be accurate to real NTP or NTS time within 0.5 seconds.
Setup Chrony with the following guide.
chrony is an implementation of the Network Time Protocol and helps to keep your computer's time synchronized with NTP.
Prometheus is a monitoring platform that collects metrics from monitored targets by scraping metrics HTTP endpoints on these targets. Official documentation is available here. Grafana is a dashboard used to visualize the collected data.
Install prometheus and prometheus node exporter.
sudo apt-get install -y prometheus prometheus-node-exporter
Install grafana.
wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -echo "deb https://packages.grafana.com/oss/deb stable main" > grafana.listsudo mv grafana.list /etc/apt/sources.list.d/grafana.listsudo apt-get update && sudo apt-get install -y grafana
Enable services so they start automatically.
sudo systemctl enable grafana-server.servicesudo systemctl enable prometheus.servicesudo systemctl enable prometheus-node-exporter.service
Update prometheus.yml located in /etc/prometheus/prometheus.yml
cat > $HOME/prometheus.yml << EOFglobal:scrape_interval: 15s # By default, scrape targets every 15 seconds.# Attach these labels to any time series or alerts when communicating with# external systems (federation, remote storage, Alertmanager).external_labels:monitor: 'codelab-monitor'# A scrape configuration containing exactly one endpoint to scrape:# Here it's Prometheus itself.scrape_configs:- job_name: 'node_exporter'static_configs:- targets: ['localhost:9100']- job_name: 'nodes'metrics_path: /metricsstatic_configs:- targets: ['localhost:5054']EOFsudo mv $HOME/prometheus.yml /etc/prometheus/prometheus.yml
Finally, restart the services.
sudo systemctl restart grafana-server.servicesudo systemctl restart prometheus.servicesudo systemctl restart prometheus-node-exporter.service
Verify that the services are running properly:
sudo systemctl status grafana-server.service prometheus.service prometheus-node-exporter.service
💡 Reminder: Ensure port 3000 is open on the firewall and/or port forwarded if you intend to view monitoring info from a different machine.
Open http://localhost:3000 or http://<your validator's ip address>:3000 in your local browser.
Login with admin / admin
Change password
Click the configuration gear icon, then Add data Source
Select Prometheus
Set Name to "Prometheus"
Set URL to http://localhost:9090
Click Save & Test
Download and save this json file.
Click Create + icon > Import
Add dashboard by Upload JSON file
Click the Import button.
Setup alerts to get notified if your validators go offline.
Get notified of problems with your validators. Choose between email, telegram, discord or slack.
Visit https://beaconcha.in/
Sign Up for an account
Verify your email
Search for your validator's public address
Add validators to your watchlist by clicking the bookmark symbol.
On the menu of Grafana, select Notification channels under the bell icon.
Click on Add channel.
Give the notification channel a name.
Select Telegram from the Type list.
To complete the Telegram API settings, a Telegram channel and bot are required. For instructions on setting up a bot with
@Botfather, see this section of the Telegram documentation.Once completed, invite the bot to the newly created channel.
On the menu of Grafana, select Notification channels under the bell icon.
Click on Add channel.
Add a name to the notification channel.
Select Discord from the Type list.
To complete the set up, a Discord server (and a text channel available) as well as a Webhook URL are required. For instructions on setting up a Discord's Webhooks, see this section of their documentation.
Enter the Webhook URL in the Discord notification settings panel.
Click Send Test, which will push a confirmation message to the Discord channel.
On the menu of Grafana, select Notification channels under the bell icon.
Click on Add channel.
Add a name to the notification channel.
Select Slack from the Type list.
For instructions on setting up a Slack's Incoming Webhooks, see this section of their documentation.
Enter the Slack Incoming Webhook URL in the URL field.
Click Send Test, which will push a confirmation message to the Slack channel.
🎉 Congrats on setting up your validator! You're good to go on eth2.0.
Did you find our guide useful? Let us know with a tip and we'll keep updating it.
Use cointr.ee to find our donation addresses. 🙏
Any feedback and all pull requests much appreciated. 😊
Hang out and chat with fellow stakers on telegram @ https://t.me/coincashew 🌛
cd ~/git/lighthousegit pullmake
Restart beacon chain and validator as per normal operating procedures.
sudo systemctl reload-or-restart beacon-chainsudo systemctl reload-or-restart validator
killall lighthouselighthouse vclighthouse bn --staking --metrics
Appreciate the hard work done by the fine folks at the following links which served as a foundation for creating this guide.
Use this command to signal your intentions to stop validating with your validator. This means you no longer want to stake with your validator and want to turn off your node.
Voluntary exiting takes a minimum of 2048 epochs (or ~9days). There is a queue to exit and a delay before your validator is finally exited.
Once a validator is exited in phase 0, this is non-reversible and you can no longer restart validating again.
Your funds will not be available for withdrawal until phase 1.5 or later.
After your validator leaves the exit queue and is truely exited, it is safe to turn off your beacon node and validator.
lighthouse account validator exit \--keystore $HOME/.lighthouse/mainnet/validators \--beacon-node http://localhost:5052
Using the eth2deposit-cli tool, ensure you can regenerate the same eth2 key pairs by restoring your validator_keys
./deposit existing-mnemonic --chain mainnet
When the pubkey is identical, this means your keystore file you correctly verified your mnemonic phrase. Other fields will be different because of salting.
Using the eth2deposit-cli tool, you can add more validators by creating a new deposit data file and validator_keys
For example, in case we originally created 3 validators but now wish to add 5 more validators, we could use the following command.
./deposit existing-mnemonic --validator_start_index 3 --num_validators 5 --chain mainnet
Complete the steps of uploading the deposit_data-#########.json to the launch pad site.
