Running an Eth 2 Validator
Hi.
Today, I want to introduce you to —The Crusher—.
It’s a little gadget that we use to crush things around here.
We don’t really crush furbies tho, that would be unethical (not to mention the legal complications). What we do crush here is myths. We demystify things.
After demystifying something, we don’t necessarily become experts in the topic, but we do become entitled to talk about it at cocktail parties.
So, without further ado, are you ready to crush Eth 2 validators? Let’s do et.
The plan
There’s plenty of excellent material out there. It’s pretty endless. However, we’re missing a practical guide that is not 100% theoretical and not 100% practical about a single use case either. This is what I attempted in this article; A guide that mixes a few practical examples with theory.
The plan is to go over the simplest possible case, and append explanations about the Eth 2 mechanics as we go. After that, we look into more realistic alternatives, and finally consider some questions I had along the way.
We’ll cover these setups:
Running Prysm in your computer
Running Prysm in Dappnode, in a droplet
Running Prysm in a droplet, without Dappnode
Running Prysm with either method, but in a dedicated physical machine
Disclaimer time!
Please, take all I say with a grain of salt. I am by no means an Eth 2 expert. I simply experimented with this stuff for a couple of weeks. In fact, I’ve written >50% of this article while rocking my baby’s car with my left leg. Talk about post apocalyptic pandemic multitasking…
If something is slightly wrong, please consider letting it pass as a simplification. If you notice that something is awfully wrong, however, please let me know and I’ll update the article.
Running Prysm in your computer
So, to start, we’re going to follow Prysm’s 6 easy steps, and decompose them, one by one.
Step 1 — Get Prysm
Go ahead and complete the instructions for this step.
Many clients are being built as implementations of the Eth 2 specification.
Artemis PegaSys Java Apache 2.0
Firefly* Ethereum Foundation Go BSD-3-Clause
Harmony EtherCamp Java GPLv3
Lighthouse Sigma Prime Rust GPLv2
Lodestar ChainSafe JavaScript (TypeScript) GPLv3
Nimbus Status Nim Apache 2.0 / MIT
Prysm Prysmatic Labs Go GPLv3 <========== We’ll be playing with this guy!
Shasper Parity Rust/Substrate GPLv3
Trinity Ethereum Foundation Python MIT
Yeeth Yeeth Swift GPLv3
The idea is to have multiple alternatives tailored for specific things, like hardware specs or programming languages, and at the same time have redundancy in the network. If the implementations are completely separate, a bug in one is less likely to exist in another. The ultimate goal is to have these critters running pretty much everywhere, being the backbone of an unstoppable Ethereum infinite machine. This has been the philosophy behind Eth 1, and is even more so with Eth 2.
Some clients focus on running a validator on mobile devices, others focus on enterprise, and others are even looking into trustless ways of sharing a validator between multiple users.
Now, Prysm itself is composed of two different “internal” clients: A “Beacon Chain” client and a “Validator” client. I haven’t looked at other clients, but I suspect it must be a similar scenario.
The first sub-client, the beacon chain client, would be the equivalent of our current Eth 1 nodes, like Geth or Parity. The beacon chain will be the mainnet of Eth 2, and is currently a testnet called Altona. There’s been previous beacon chain testnets like Witti and Onyx, and Altona will probably not be the last. If a new one comes along, just replace “Altona” with the new name in this article, and everything should work identically. In fact, I wouldn’t be surprised if a new one comes out this very week.
The second client, the validator, is like a wallet. It creates validator accounts and then keeps them running to attest the validity of incoming blocks. You can handle multiple validators with a single validator client. The only limit is the cpu and memory of the machine the software is running on. You can probably run a client in a Raspi4, but not 10, and you’d need some serious hardware to run 400 validators.
Back to the instructions!
When you run the instructions from this 1st step, you download a “prysm.sh” script that conveniently wraps the beacon chain and validator sub-clients together.
Note: There’s a link to alternative documentation, which shows you how to clone the Github repository and build the clients from source. You end up with the same “prysm.sh” script.
Step 2. Get GöETH — Test ether
Goerli is a second testnet that acts as our current mainnet.
Wait, another testnet?
So, yeah, the idea is that Eth 2’s mainnet observes Eth 1’s mainnet and tracks 32 ETH deposits to a particular contract. Whenever it detects one of these deposits, it activates a new validator. That’s the gist of it.
The current testnets simulate this relationship: Altona for Eth 2 mainnet, and Goerly for Eth 1 mainnet. And we wouldn’t want to burn 32 Eth 🥩 steaks for testing, right? So that’s Goerli, and there’s just one. No iterations, that’s all we need.
Eth 2 “mainnet”, the Beacon Chain
👉 Altona (previously Onyx, Witti, etc)
Eth 1 “mainnet”
👉 GoerliAnd so, we’re not depositing real ETH, but Goerli ETH or GoETH in some special contract deployed in Goerli, that Altona is observing.
Alright? Ok, now go get some GoETH.
Step 3. Generate a validator public / private key
The next step in the instructions shows you how to use Prysm’s validator client to create a new validator account. A validator account is like an Eth address, and running that command stores this address’ private key, together with some additional data, in an encrypted text file in “~/.eth2validators”. This is why you’re asked to enter a path and a password. Don’t lose these files or forget your passwords because its what holds your private keys.
The command also spits out some text, which you’re supposed to copy and paste into a field in Prysm’s instructions page. This text is just a message, signed using the private key of the account you just created, saying “Hey desposit contract, if you get 32 ETH with this txn, assign me as a validator, k?”. When you paste that message into the field, you are basically handing over to the Prysm guide dapp to hold it for you. It’ll send this message in a bit.
Also, take note of your newly created validator account’s public key, just below the signed message part of the command’s output. This is your validator address. If you do miss it, you can always go look in “~/.eth2validators” or wherever you saved the backups.
Step 4. Start your beacon chain & validator clients
Next, you start the two Prysm clients.
The Beacon chain client is gonna start downloading all of Altona’s blocks until its in sync. Given that Altona is super young, it shouldn’t take long, like 30 mins. If you look at the logs, you should be able to see the progress and the estimated time left. The validator client’s logs should say that its waiting on the beacon chain client or something.
Having these two processes running, and keeping them running, is important at this point, because once the beacon chain approves your validators, the network is going to expect that they’re up and running and ready for action. Once they’re activated, they are going to be asked to attest for the validity of incoming blocks, and more rarely to create a block, and if your validator is offline, or not in sync when this happens, and thus not able to perform its duties, its going to be penalized. It’s like volunterring to be a in a jury and not showing up in court on the day of the trial.
More on penalties later. Spoiler: they’re not too bad, but it depends.
Also, you don’t need to wait for a full sync before continuing to the next step, because there’s a wait time of a few hours in the next step. But you do need to keep both of these processes running. If for any reason any of them shuts down, you can restart them and you’re fine. Just try to keep them running for now.
Step 5. Send a validator deposit
Alright. The time has come. When Eth 2 launches and you do this step, you will be literally burning 32 Eth. Puff. Gone 🔥🥩🔥. To be honest, I don’t know if I’ll have the courage to do this when the time comes. But anyways, I’ll prepare myself to be able to do it if I want to.
When you burn the steak, in a way, you’re paying the official deposit contract 32 Eth so that it emits an event saying that you’ve paid the tribute to enter the promised land, and want to get in the queue for becoming an Eth 2 validator. We’ll be burning 32 Goerli Eth here tho. So, no sweat.
When you press the red button, Prysm’s 6 step dapp will grab the signed message you submitted in step 3, which has your validator public key in it, stamp it with the 32 Eth, and send a transaction to the deposit contract in Goerli. Bye bye little 🥩. May your mystical journey among the multi-chain-verse be legendary!
Step 6. Wait for your validator assignment
At this point, if the transaction to the deposit contract succeeded, all you need to, and can do, is wait. If this was the real thing, you may want to do something relaxing at this point. This may come handy when the time comes:
On the meantime, your client should at some point complete syncing and report something like “All good, waiting for activation”. This activation is the beacon chain having confirmed your deposit contract transaction, accepted it, put you in the queue for a few hours, and then giving you a green light to start validating.
Once this happens, you should see the logs reporting that you’ve started to validate. Wohoo!! This is certainly a happy moment for would be validators.
You can then use a sort of block explorer to see how your validator is doing. Go to https://beaconscan.com/altona/validator/<0x-your-public-key>. There’s a few of these going around: https://beaconcha.in, https://beacon.etherscan.io. You can use this to track if your validator is attesting, see your 32 Eth go up, etc. The Prysm guide also recommends that you to register your node in https://eth2stats.io for tracking network wide validator statistics. It might take a while for your validator to show up in one of these.
That’s it! You just ran an Eth 2 validator. Congrats.
But! It’s obviously not a good idea to run these clients in the background of your main computer. It’ll consume resources, and even more resources the more validators you have. You’d also have to keep monitoring the clients to see if they’re running OK, and remember to restart them whenever you reboot. Definetely not ideal.
Running Prysm in Dappnode, in a droplet
When it comes to running an Eth 2 validator node, I’ve found Dappnode to be the easiest solution by far. Dappnode has done an incredible job, and imho, the project is incredibly underrated considering the amazing product they’ve built. You’ll see once you take Dappnode for a spin.
What is Dappnode? It’s basically a Linux OS, specifically designed to run dockerized packages like Prysm or Geth, which you can control remotely from your computer or even a mobile phone, using a beautiful web app. The control dashboard allows you to install these packages with just a few clicks. These dudes also sell hardware specifically tuned to run Dappnode, and some of it is simply badass. And, if this wasn’t enough, it’s all stored in IPFS.
So yeah, that’s Dappnode, another project I’m totally a fan of. Let’s use it.
Step 1. Set up your virtualware
In my case, I set up a 4gb mem / 80gb disk droplet in Digital Ocean and kinda feel like the resources are a bit overkill for just 2 validators. If you’ve never set up a droplet before, don’t sweat it, its extremely easy. In fact, this was my first time, and all I did was follow the instructions on the website. Just make sure that you create the droplet with a Debian distro.
Once you can log into your droplet via ssh, you’re ready for the next step.
Step 2. Install Dappnode in your droplet
Follow Dappnode’s Installation via installer script instructions.
Note how there’s a big note saying that you shouldn’t install these things in a remote machine. The Dappnode crew strongly suggests that we run our nodes in our own machines, and I like this idea. Just imagine what would happen if 70% of us set up our Eth 2 nodes in Digital Ocean droplets, and suddenly Microsoft decided that Ethereum is ilegal, which would be stupid, yes, or that Digital Ocean simply went down. Boom, goodbye 70% of the Ethereum network. Not good.
Eth 2 is even designed against this. When your validator goes offline, you receive small penalties. I tried putting mine off line for a couple of days and I lost like, I think $5 bucks? However, this penalty is calculated with a series of variables, one of them being the amount of validators currently offline. So, if there’s a bunch of us offline, that penalty could start becoming a serious thing.
But, we’re just trying things out here, so a droplet will be fine for now. Just remember, the recommended way is to run Dappnode on a physical machine that you directly control.
Once the installation is complete, and you see a huge QR code, you’re ready to move on.
Step 3. Connect to Dappnode remotely
If you take a look at Dappnode’s recommended setup instructions, which show you how to install the Dappnode OS on a physical machine, you can skip to the “If the installation succeeded” section and follow those steps.
Dappnode is not intended to be controlled via ssh. In fact, its pretty hard to do so because it’s just a bunch of docker containers. I guess you’d need to be good with docker to do that? I’m certainly not! Instead, Dappnode gives us this QR code that is basically a URL for downloading an “.ovpn” file, which is just a file used to set up OpenVPN connections. It’s like SSH but with a UI.
You should be able to find mobile OpenVPN apps to open this file with, and your desktop OS should probably support it out of the box. If not, you might have to do a little research.
Once you’ve set up the connection and started it, you’ll be able to go to http://my.dappnode in your browser and, lo and behold, see Dappnode’s dashboard, which gives you full control over your node.
Tip: If you go to the side panel, in the “Devices” section, you’ll be able to add secondary devices to access the dashboard from.
Step 4. Install the Prysm client
In Dappnode-land your index finger becomes this instrument of divine creation, and as so, you just point at things to get stuff done.
In this case, we’re going to go to the DappStore section, click the ETH2.0 tag, and select the “Prysm Altona Validator” package. Once it downloads the package info from IPFS, go ahead and install it. This is actually going to install two packages, one for the beacon chain client and one for the validator client (Dappnode installs dependency packages automatically).
If you go to the “Packages” section now, you should see the newly installed Prysm packages, and if you go to the beacon chain one, and then to its logs, you should see logs similar to what we saw before when we ran Prysm locally, showing us how its syncing the Altona beacon chain.
Step 5. Create your validators
You’ll need some Goerli ETH for this. If you have less than 32 GoETH, you can try getting some more from the Prysm six step guide, or you can go over to Prysmatic Labs discord and ask for some. They give you pretty generous amounts, surprisingly fast.
To create your validators in Dappnode-land, just go to the Prysm validator package and click on the “prysm-altona-validator.dappnode” link. This takes you to a dedicated dashboard. You can follow its instructions to set up one or more validators.
Something kinda weird I found on this part is that you have to send the Eth to an intermediary address? If you happen to know the reason for this, please leave a comment below.
Once successful, you should see your validators pending to be activated by the beacon chain. All you need to do now is wait, again, for a few hours until they become active. On the meantime, the beacon chain should finish syncing.
In the "Validator accounts” table, under the “Pubkey” column, you should see your public keys and use the provided links to check out the status of your validators in the BeaconScan explorer.
Step 6. Check out the stats
Additionally, Dappnode comes with a funky stats dashboard. You get to it from the validator dashboard by clicking on the little stats icon in the sidebar.
This dashboard is awesome, and allows you to see the status of your validators in a lot of detail: how much you’ve earned per day, week, month and year, get alerts for good or bad things going on, etc. It’s all based on Grafana, which is just something cool nerds use.
Running Prysm in a droplet, without Dappnode
Of course, an alternative would be to just install Ubuntu, or whatever Linux distro you feel comfortable with, and install Prysm yourself like we did before. Sure, this works, but there’s a bit of extra things you can do to set things up the right way.
For example, you could set up services that monitor the beacon chain and validator client, and relaunches them if they ever crash or something. Smart eh?
You could, and you should, also make a couple of security check ups to make sure that your node is safe from outside attackers. If an attacker gets in, your private keys would not really be exposed since they’re in an encrypted file. Even if they were, an attacker wouldn’t be able to steal the client’s funds because those are withdrawn to an external “cold” wallet. But they would control the node.
An attacker could maliciously control your client to incur penalizations, and much much worse, could manipulate your clients in a way that causes your validators to perform an illegal action, and thus be slashed. Penalization is generally a light thing, but slashing is a hardcore thing; You could lose half of your stake, or even more. I don’t know what we call half a 🥩 yet, but its a lot of Eth nonetheless.
Finally, you could set up your droplet to also report stats for you using Grafana. So you get a funky stats dashboard too.
Anyways, if this is your cup of tea, the best guide I found so far is Somer Esat’s Guide to Staking in Ethereum 2.0. It’s just fantastic.
Running Prysm with either method, but in a dedicated physical machine
I encourage you to dig up or purchase an old computer and try one of the setups described above with them. You don’t need much in terms of hardware requirements, but you do need a reasonable, stable internet connection. I tried it in a 3mbps connection and wasn’t too successful. Works fine with > 10mbps tho.
According to the Prysm docs, the minimum requirements are:
Operating System: 64-bit Linux, Mac OS X 10.14+, Windows
Processor: Intel Core i5–760 or AMD FX-8100 or better
Memory: 4GB RAM
Storage: 20GB available space SSD
Internet: Broadband connection
The SSD disk part is crucial tho. This thing will need to read and write fast from disk.
In my case I spent like $200 and reached those specs but with a 250Gb SSD disc. Depending on where you are, you should be able to do the same thing with even a smaller budget. Just don’t stress it too much with the perfect hardware requirements. Try things out yourself, experiment, have fun.
In the future tho, if my tests continue to run smoothly, I’m going to consider buying something more reliable, like a physical Dappnode, or an Intel NUC, which is what the cool kids are using. Heck, you may even feel adventurous enough and try this in a Raspberry Pi 4? Why not.
To install Dappnode in a Physical machine, just follow their instructions on how to set up Dappnode using an usb stick.
So that’s it again. By this point, you should have a pretty good idea of how to run a validator client in a variety of ways. Pick your own! Mine is Dappnode + Prysm. Forevah.
Now, sit back and enjoy the crushin’. You've earnt it.
Questions I asked myself along the way
Here’s a list of questions that I was curious about and asked myself when I was fooling around with tihs stuff. I usually got my answers from the Prysmatic Labs discord.
How is the address you use to make the 32 Eth deposit associated with the validator address?
In no way whatsoever. You could use any address. The deposit is made in favor of the address that signed the message that you pass on to the deposit in the 32 Eth transaction to the deposit contract.
How do you migrate your validator accounts from one setup to another?
Using the encoded files stored in ~/.eth2validators. If it’s just Prysm that you’re running, you just replace these files and restart the client.
I don’t know how to do this in Dappnode yet, but its probably just a matter of using your divine god-like index finger, the Dappnode way. Again, if you know, please leave a comment!
Something to be extremely careful about, is not using the same validator accounts in two clients at the same time. You could get slashed if you do so. For example, you might have a physical machine running your validator client but also keep a dormant droplet standing by, in case your physical machine explodes, or is eaten from the inside out by an army of killer ants. When this happens, you have a backup of the keys, put them in the droplet and start it while you repair the physical node to avoid penalties. This might be a good idea, just make sure that you never ever run the physical machine and the droplet with the same accounts at the same time, because this could potentially cause the same validator account to attest to two different blocks at the same time, which is a capital offence in Eth 2.
How do you top up your validator?
If your validator is penalized, you lose a bit of stake. How much you are rewarded with depends on how much you’ve got staked. The relationship is not a continuous function, but rather jumps in steps discretely. This incentivizes validators to top up a 31.2 Eth validator balance to 32 Eth, because the rewards are signifficantly higher.
I believe that to top the validator up, you just send more Eth to the deposit contract, with the same signed message that you used before. Haven’t tried it tho.
How do you exit?
When I was trying all this out, the exit function wasn’t yet available in Prysm. I think that its still not available. In theory, you’re supposed to call a command in the client which tells the network that you want out. After a few hours you should be able to stop validating, and withdraw your stake + profit to an external account.
Even when this function becomes available, keep in mind that you wont be able to do this once the real Eth 2 beacon chain launches, for a year or so.
How will Eth 2 work with Eth 1?
To know more about this, I recommend that you read up on the Eth 2 roadmap. The whole thing is going to happen in phases, and will ultimately end up with a fully functional Eth 2, composed of multiple chains, processing transactions x1000 faster and with negligible fees, and Eth 1 will be just another of its multiple shards. This thing is going to be a titan.
What’s a slasher client?
This is a client that simply sniffs for bad behavior. There’s a Dappnode package for it, if I’m not mistaken. Haven’t tried it out tho. From what I’ve heard, rewards for slashing aren’t too great.
How big of a hard drive do you need?
This is something I’m not sure about. Prysm’s minimal setup says 20Gb, but I imagine the space required will go up as the beacon chain matures. You can monitor your Dappnode’s available disk space (and other metrics) in the dashboard, so you should be able to see when you’ll need a larger hard drive, freak out, and figure out what to do when that happens.
Can you run a validator staking less than 32 Eth?
Yes, and no. If you’re running your own node, you stake at multiples of 32, 32 Eth for each validator account. However, there's a few “staking-as-a-service” products being built that allow you to pool your Eth and have it managed by a 3rd party for a fee. Again, I haven’t tried this out, but some names come to mind, like Rocket Pool, and Attestant. This might be a good alternative if you don’t want to maintain a node, and/or stake so much Eth.
Conclusion
That’s all I have for you folks! Hope it helped. This is just the tip of the iceberg when it comes to Eth 2. If you need more, I encourage you to read the extensive material going around the topic in the web. Its a rabbit hole for sure!
If you have any further questions that you’d like to discuss, please, don’t hesitate to leave a comment below. I’m actually super curious to hear about your own experiences with this.
Peace!
> I don’t know how to do this in Dappnode yet, but its probably just a matter of using your divine god-like index finger, the Dappnode way.
You can back-up your validator's file and download a .tar that contains the same file structure used by Prysm in the ethdo wallet. Then you can point ethdo and Prysm to consume that directory and validate with that keys. But as you said, be extra careful to not get slashed!
> Something I kinda weird I found on this part is that [in DAppNode] you have to send the Eth to an intermediary address?
Integrating the deposit account lets you skip a few setup steps. This is there to make the whole process of setting up test validators as easy as possible so as many people as possible try it out. Of course, when we get closer to mainnet this will not be an allowed method, and we will encourage people to stick to physical devices or other more secure ways