Repository to host setup files to run ethereum clients. This branch, setup/mainnet, is intended to have all the necessary preconfigurations to deploy all 5 CL clients in the mainnet network, plus some additional tools such as a fork of Vouch, a database and prometheus.
Clone this repository.
Create a .env file in the root of the repository.
You may copy the .env-example as .env and edit.
Create a vouch.yml file inside the .vouch folder.
Once again, you can copy the example and edit.
It is needed to setup the endpoints to track and the database where to persist the data.
You may refer to Vouch Repository for more information about configuration.
You must create a JWT secret in order to authenticate communications between the CL client and the EL client.
To do this:
openssl rand -hex 32 | tr -d "\n" > "./data/jwtsecret"
Keep in mind you must have installed openssl package. If not created, the Nethermind client will automatically create it.
Please bear in mind folder permissions are very important, specially with Nimbus and Teku. Regarding Nimbus it is important that the owner of the data folder is the same as the one executing the docker container. As for Teku, ownership is also important, but permissions must be ensured so the container user can access the volume.
Default sync method is to Checkpoint Sync from a trusted node.
In case of Nimbus, please first use service nimbus-trusted-sync. The service will stop automatically and you can now run nimbus service.
In case you have keys to be imported, please use the scripts in the import_keys/ folder. Plase all your keys under the same folder. Please remember to allow enough permissions to read the keystores. Permissions should be similar to the volumes mounted.
keys |__ prysm |__ lighthouse |__ teku |__ nimbus |__ lodestar
For Prysm Lighthouse and Lodestar, the folder above should contains something like this:
|__ prysm |__ secret.txt |__ keys |__ keystoreA.json |__ keystoreB.json
The password should be the same for all validators under keys/ folder.
For Teku, the folder above should contain something like this
|__ teku
|__ keys
| |__ keystoreA.json
| |__ keystoreB.json
|__ passwords
|__ keystoreA.txt
|__ keystoreB.txt
The files in the passwords/ folder should have the same name as the corresponing keystore file under the keys/ folder. The password file should contain the password to open the corresponding keystore.
|__ nimbus
|__ validators
| |__ keystoreA
| |__ keystoreA.json
| |__ keystoreB
| |__ keystoreB.json
|__ secrets
|__ keystoreA
|__ keystoreB
There should be one folder per keystore containing the keystore json, under the validators/ folder. Under the secrets/ folder, one file per keystore must be found (with no extension), with the corresponding password of the keystore. Nimbus import process might take some time to complete.
Yoy may only run this for a few minutes until the client has downloaded the latest checkpoint, after that you can stop with Ctrl+C.
You can now run your combo with:
sudo docker-compose --env-file .env up -d nethermind-lh lighthouse
See docker-compose to list services and run your desired EL+CL combo.
Nethermind will need to sync the whole chain, so this might take sometime depending on your machine.
You can also run several combos at the same time, docker-compose is adapted to not overlap ports.
Yu may also run Prometheus:
sudo docker-compose --env-file .env up -d prometheus
Prometheus configuration includes all 5 EL+CL combos monitoring.
You may run Caddy to expose all your endpoints with whitelisted IPs and authorized users.
Please move to the certs folder and execute the script to generate your self-signed certificate.
You will also need to uncomment the tls clause in the Caddyfile.
Prometheus may fail to boot as it may not have wnough permissions in the given folder. To fix it, simply stop the prometheus service and run the following command:
sudo chown -R nobody:nogroup apps-data/.prometheus
Then start the service again.