Guide to Staking on Ethereum 2.0 (Ubuntu/Teku)

Somer Esat
27 min readNov 26, 2020

Last updated: 2022–04–16

NOTE: Do not use this guide. New version is here: https://someresat.medium.com/guide-to-staking-on-ethereum-ubuntu-teku-f09ecd9ef2ee

This is a step-by-step guide to staking on the Ethereum 2.0 mainnet using the ConsenSys Teku client. It is based on the following technologies:

WARNING: Staking requires at least 32 ETH + gas fees. DO NOT send ETH anywhere without knowing what you are doing. This guide includes instructions to safely deposit your ETH for staking on the Ethereum 2.0 mainnet using official methods. Never send your ETH to anyone.

Acknowledgements

This guide is based on information gathered from various on-line resources and wouldn’t exist without them. Thank you, all!

Thanks to the EthStaker Admins and Educators, the Eth2 client teams, and the staking community for their help and review.

Special thanks to the Eth2 client teams and the Ethereum Foundation researchers. Their tireless efforts over the past few years have brought us to the cusp of an incredible moment in history — the launch of Ethereum 2.0.

Disclaimer

This article (the guide) is for informational purposes only and does not constitute professional advice. The author does not guarantee accuracy of the information in this article and the author is not responsible for any damages or losses incurred by following this article. A full disclaimer can be found at the bottom of this page — please read before continuing.

Support

For technical support please reach out to:

  • The EthStaker community on Reddit or Discord. Knowledgeable and friendly community passionate about staking on Ethereum 2.0.
  • The Teku client team Discord.

Prerequisites

This guide assumes knowledge of Ethereum, ETH, staking, Linux, and MetaMask (or Portis or Fortmatic).

This guide also requires the following before getting started:

  • Ubuntu server v20.04 (LTS) amd64 or newer, installed and running on a local computer or in the cloud. A locally running computer is encouraged for greater decentralization — if the cloud provider goes down then all nodes hosted with that provider go down.
  • MetaMask crypto wallet browser extension (or Portis or Fortmatic), installed and configured. A computer with a desktop (Mac, Windows, Linux, etc.) and a browser (Brave, Safari, FireFox, etc.) is required.

Testnet to Mainnet

If moving from a testnet setup to a mainnet setup it is strongly recommended that you start on fresh (newly installed) server instance. This guide has not been tested for migration scenarios and does not guarantee success if you are using an existing instance with previously installed testnet software.

Requirements

  • Hardware requirements are a broad topic. In general a relatively modern CPU, 8GB RAM (16GB is better), a SSD of at least 500GB (1TB is better), and a stable internet connection with sufficient download speed and monthly data allowance are likely required for good staking performance.

NOTE: Check your available disk space. Even you have a large SSD there are cases where Ubuntu is reporting only 200GB free. If this applies to you then take a look at Appendix F — Expanding the Logical Volume.

Activation

Before we get started, a note on validator Activation.

As demand grows for staking, the queue to register new validators increases. Based on various factors, the Ethereum PoS network allows a fixed number validators to join per day. Depending on demand it might be hours, days, weeks, or months until your deposit becomes active and starts validating.

A handy app showing the current activation queue length and estimated activation time can be found here: https://eth2-validator-queue.web.app/

The screenshot above was taken on 04/16/2022, indicating a deposit into the ETH 2.0 staking contract on that day will incur a wait time to activation of roughly 16 days. This means once you queue your validator to join the network (by depositing your 32 ETH) it won’t be eligible to participate in staking or to earn staking rewards until it is activated.

NOTE: As stated at the beginning of this guide, DO NOT deposit your ETH without understanding what you are doing. DO NOT send your ETH to the ETH 2.0 deposit contract without following the detailed instructions in this guide.

Overview

The simplified diagram below indicates the scope of this guide. The yellow boxes are the areas this guide mostly covers.

The conceptual flow through the guide is:

  • Generate the staking Validator Keys and Deposit Data
  • Prepare the Ubuntu Server (firewall, security, etc.)
  • Set up an Eth1 Node and sync it with the Eth1 Blockchain
  • Configure the Teku client and sync it with the Eth1 Node
  • Deposit ETH to Activate Validator Keys

Let’s get started!

Step 1 — Generate Staking Data

In order to participate in staking it is necessary to generate some data files based on the number of validators you’d like to fund and operate.

NOTE: If you have already generated your deposit data and validator key(s) you can skip this step.

Each validator requires a deposit of 32 ETH. You should have sufficient ETH in your MetaMask wallet to fund each validator. For example if you plan to run 5 validators you will need to have (32 x 5) = 160 ETH plus some extra to cover the gas fees. The ETH deposit will happen later in the guide after everything else is up and running.

Download the Deposit Tool (Deposit CLI)

Go here to get the “Latest release” of the deposit command line interface (CLI) app.

In the Assets section download the version matching the platform you are currently on (e.g. Windows, Mac, Linux Desktop, etc.).

Run the Deposit Tool (Eth2 Deposit CLI)

Decompress the archive. There should be a binary file (executable) inside. The deposit tool generates files for staking as well as a mnemonic key. This key must be handled securely. There are two options to proceed from here.

Recommended — Copy the binary file to a USB drive. Connect to a fully air-gapped machine (never previously connected to the internet), copy the file over and run from there.

Not recommended — Run from the current machine. An internet connection may be an opportunity to leak your mnemonic key. If a fully air-gapped machine isn’t available disconnect the internet on the current machine before proceeding.

When ready, run the file in a terminal window (or CMD in windows) to continue using the commands below. Replace <NumberOfValidators> with the number of validators you want to fund. E.g. --num_validators 2.

On Linux/Mac:

./deposit new-mnemonic --num_validators <NumberOfValidators> --chain mainnet

On Windows:

deposit.exe new-mnemonic --num_validators <NumberOfValidators> --chain mainnet

Once you execute the above steps on your platform of choice you will be asked to create a validator keystore password. Back it up somewhere safe. You will need this later to load the validator keys into the Teku validator wallet.

A seed phrase (mnemonic) will be generated. Back it up somewhere safe. This is CRITICAL. You will eventually use this to generate your withdrawal keys for your ETH or add additional validators. If you lose this key you will not be able to withdraw your funds.

Once you have confirmed your mnemonic your validator keys will be created.

The newly created validator keys and deposit data file are created at the specified location. The contents of the folder are shown below.

Notes about the files:

  • The deposit_data-[timestamp].json file contains the public keys for the validators and information about the staking deposit. This file will be used to complete the ETH deposit process later on.
  • The keystore-m...json files contain the encrypted validator signing key. There is one keystore-m per validator that you are funding. These will be imported into the Teku validator wallet for use while staking. You will copy these files over to the Ubuntu server (if not already there) later.

Final Steps

Now that you have the deposit data and the keystore files move on to set up the Ubuntu server.

DO NOT DEPOSIT any ETH at this moment.

It is important to complete and verify your staking setup first. If the ETH deposits become active and your staking setup is not ready you will start receiving penalties for non-activity.

Step 2 — Connect to the Server

Using a SSH client, connect to your Ubuntu server. If you are logged in as root then create a user-level account with admin privileges instead, since logging in as the root user is risky.

NOTE: If you are not logged in as root then skip this and go to Step 3.

Create a new user. Replace <yourusername> with a username of your choice. You will asked to create a strong password and provide some other optional information.

# adduser <yourusername>

Grant admin rights to the new user by adding it to the sudo group. This will allow the user to perform actions with superuser privileges by typing sudo before commands.

# usermod -aG sudo <yourusername>

Optional: If you used SSH keys to connect to your Ubuntu instance via the root user you will need to associate the new user with the root user’s SSH key data.

# rsync --archive --chown=<yourusername>:<yourusername> ~/.ssh /home/<yourusername>

Finally, log out of root and log in as <yourusername>.

Step 3 — Update the Server

Make sure the system is up to date with the latest software and security updates.

$ sudo apt update && sudo apt upgrade
$ sudo apt dist-upgrade && sudo apt autoremove
$ sudo reboot

Step 4 — Secure the Server

Security is important. This is not a comprehensive security guide, just some basic settings.

Modify the Default SSH Port

Port 22 is the default SSH port and a common attack vector. Change the SSH port to avoid this.

Choose a port number between 1024–49151 and run the following command to check is not already in use. A blank response indicates not in use, a red text response indicates it is in use: try a different port. E.g. sudo ss -tulpn | grep ':6673'

$ sudo ss -tulpn | grep ':<YourSSHPortNumber>'

If confirmed available, modify the default port by updating SSH config.

$ sudo nano /etc/ssh/sshd_config

Find or add (if not present) the line Port 22 in the file. Remove the # (if present) and change the value as below.

Port <YourSSHPortNumber>

Check the screen shot below for reference. Press CTRL+x then ‘y’ then <enter> to save and exit.

Restart the SSH service to reflect the above changes.

$ sudo systemctl restart ssh

Log out and log back in via SSH using <YourSSHPortNumber> for the port.

Configure the Firewall

Ubuntu 20.04 servers can use the default UFW firewall to restrict inbound traffic to the server. Before you enable it allow inbound traffic for SSH, Go Ethereum, and Teku.

Install UFW
UFW should be installed by default. The following command will ensure it is.

$ sudo apt install ufw

Apply UFW Defaults
Explicitly apply the defaults. Inbound traffic denied, outbound traffic allowed.

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing

Allow SSH
Allow inbound traffic on <YourSSHPortNumber>as set above. SSH requires the TCP protocol. E.g. sudo ufw allow 6673/tcp

$ sudo ufw allow <yourSSHportnumber>/tcp

Deny SSH Port 22
Deny inbound traffic on port 22/TCP.

NOTE: Only do this after you SSH in using <YourSSHPortNumber>.

$ sudo ufw deny 22/tcp

Allow Go Ethereum
Allow P2P connections with Go Ethereum peers (port 30303). If using an Eth1 node hosted by a 3rd party then skip this step.

NOTE: If you are hosting your Ubuntu instance locally your internet router may need to be configured to allow incoming traffic on port 30303 as well.

$ sudo ufw allow 30303

Allow Teku
Allows P2P connections with Teku peers for actions on the beacon node (port 9000).

NOTE: If you are hosting your Ubuntu instance locally your internet router may need to be configured to allow incoming traffic on port 9000 as well.

$ sudo ufw allow 9000

Enable the firewall and verify the rules have been correctly configured.

$ sudo ufw enable
$ sudo ufw status numbered

Check the screen shot below for reference.

Step 5 — Configure Timekeeping

Ubuntu has time synchronization built in and activated by default using systemd’s timesyncd service. Verify it’s running correctly.

$ timedatectl

The NTP service should be active. If not then run:

$ sudo timedatectl set-ntp on

Check the screen shot below for reference.

You should only be using a single keeping service. If you were using NTPD from a previous installation you can check if it exists and remove it using the following commands.

$ ntpq -p
$ sudo apt-get remove ntp

Step 6 — Set up an Ethereum (Eth1) Node

An Ethereum node is required for staking. You can either run a local Eth1 node or use a third party node. This guide will provide instructions for running Go Ethereum. If you would rather use a third party option then skip this step.

NOTE: Check your available disk space. An Eth1 node requires roughly 400GB of space. Even you have a large SSD there are cases where Ubuntu is reporting only 200GB free. If this applies to you then take a look at Appendix F — Expanding the Logical Volume.

Install Go Ethereum

Install the Go Ethereum client using PPA’s (Personal Package Archives).

$ sudo add-apt-repository -y ppa:ethereum/ethereum
$ sudo apt update
$ sudo apt install geth

Go Ethereum will be configured to run as a background service. Create an account for the service to run under. This type of account can’t log into the server.

$ sudo useradd --no-create-home --shell /bin/false goeth

Create the data directory for the Eth1 chain. This is required for storing the Eth1 node data.

$ sudo mkdir -p /var/lib/goethereum

Set directory permissions. The goeth account needs permission to modify the data directory.

$ sudo chown -R goeth:goeth /var/lib/goethereum

Create a systemd service config file to configure the service.

$ sudo nano /etc/systemd/system/geth.service

Paste the following service configuration into the file.

[Unit]
Description=Go Ethereum Client
After=network.target
Wants=network.target
[Service]
User=goeth
Group=goeth
Type=simple
Restart=always
RestartSec=5
ExecStart=geth --http --datadir /var/lib/goethereum --cache 2048 --maxpeers 30
[Install]
WantedBy=default.target

Notable flags:

--http Expose an HTTP endpoint (http://localhost:8545) that the Teku beacon chain will connect to.

--cache Size of the internal cache in GB. Reduce or increase depending on your available system memory. A setting of 2048 results in roughly 4–5GB of memory usage.

--maxpeers Maximum number of peers to connect with. More peers equals more internet data usage. Do not set this too low or your Eth1 node will struggle to stay in sync.

Check the screen shot below for reference. Press CTRL+x then ‘y’ then <enter> to save and exit.

Reload systemd to reflect the changes and start the service. Check status to make sure it’s running correctly.

$ sudo systemctl daemon-reload
$ sudo systemctl start geth
$ sudo systemctl status geth

Check the screen shot below for reference.

It should say active (running) in green text. If not then go back and repeat the steps to fix the problem. Press Q to quit (will not affect the geth service).

Enable the geth service to automatically start on reboot.

$ sudo systemctl enable geth

The Go Ethereum node will begin to sync. You can follow the progress or check for errors by running the following command. Press CTRL+c to exit (will not affect the geth service).

$ sudo journalctl -fu geth.service

Check the screen shot below for reference.

Check Sync Status

To check your Eth1 node sync status use the following command to access the console.

geth attach http://127.0.0.1:8545
> eth.syncing

If false is returned then your sync is complete. If syncing data is returned then you are still syncing. For reference there are roughly 700–800 million knownStates.

Check the screen shot below for reference.

Press CTRL+d to exit when done.

Check Connected Peers

To check your Eth1 node connected peers use the following command to access the console.

geth attach http://127.0.0.1:8545
> net.peerCount

The peerCount will not exceed your setting for --maxpeers. If you are having trouble finding peers to sync see the next section.

Press CTRL+d to exit when done.

Add Bootnodes (Optional)

Sometimes it can take a while to find peers to sync. If so, you can add some bootnodes to help things along. Go here for the latest list and modify the geth service as follows:

$ sudo systemctl stop geth
$ sudo nano /etc/systemd/system/geth.service

Modify the ExecStart line and add the --bootnodes flag with a few of the latest peers, comma separated.

ExecStart=geth --http --datadir /var/lib/goethereum --cache 2048 --maxpeers 30 --bootnodes "enode://d0b4a09d072b3f021e233fe55d43dc404a77eeaed32da9860cc72a5523c90d31ef9fab7f3da87967bc52c1118ca3241c0eced50290a87e0a91a271b5fac8d0a6@157.230.142.236:30303,enode://5070366042daaf15752fea340e7ffce3fd8fc576ac846034bd551c3eebac76db122a73fe8418804c5070a5e6d690fae133d9953f85d7aa00375d9a4a06741dbc@116.202.231.71:30303"

Save the file and exit. Restart the service and observe.

$ sudo systemctl daemon-reload
$ sudo systemctl start geth
$ sudo journalctl -fu geth.service

NOTE: It is necessary to follow a specific series of steps to update Geth. See Appendix A — Updating Geth for further information.

NOTE: From time-to-time it is necessary to “prune” Geth’s database to keep its size on disk as small as possible. See Appendix D — Pruning Geth for further information.

Step 7 — Download Teku

The Teku client is a single binary which encapsulates the functionality of the beacon chain and validator. This step will download and prepare the Teku binary.

First, go here and identify the latest release. It is at the top of the page. For example:

In the “Downloads” section copy the download link to the tar.gz file. Be sure to copy the correct link.

Download the archive using the commands below. Modify the URL in the instructions below to match the download link for the latest version.

Note the syntax is curl -LO <url>.

$ cd ~
$ sudo apt install curl
$ curl -LO https://artifacts.consensys.net/public/teku/raw/names/teku.tar.gz/versions/22.5.1/teku-22.5.1.tar.gz

Extract the files from the archive and copy to the /usr/local/bin directory. The Teku service will run it from there. Modify the URL name as necessary.

$ tar xvf teku-22.5.1.tar.gz
$ sudo cp -a teku-22.5.1 /usr/local/bin/teku

Install the required Java runtime prerequisite.

$ sudo apt install default-jre

Clean up the extracted files. Modify the file name as necessary.

$ cd ~
$ sudo rm teku-22.5.1.tar.gz
$ sudo rm -r teku-22.5.1

NOTE: It is necessary to follow a specific series of steps to update Teku. See Appendix B — Updating Teku for further information.

Step 8 — Import the Validator Keys

Configure the Teku validator by importing the validator keys.

Copy the Validator Keystore Files

If you generated the validator keystore-m…json file(s) on a machine other than your Ubuntu server you will need to copy the file(s) over to your home directory. You can do this using a USB drive (if your server is local), or via secure FTP (SFTP).

Place the files here: $HOME/eth2deposit-cli/validator_keys. Create the directories if necessary.

Import Keystore Files into the Validator

Create a directory to store the validator keys and copy the validator_keys directory containing the keystore-m…json file(s) over to it.

$ sudo mkdir -p /var/lib/teku
$ sudo cp -a /$HOME/eth2deposit-cli/validator_keys /var/lib/teku

Do not copy over the deposit_data…json file. If you do, simply delete it.

$ cd /var/lib/teku/validator_keys
$ ls
$ sudo rm <depositdatafilename>

Check the screen shot below for reference.

Create the Validator Password File(s)

Teku requires a password file in order to access each validator account when running and automatically restarting the service.

For each keystore-m...json file a corresponding password file is required. This is true even if the password is the same for each validator. The password file will need to be named to match the corresponding keystore-m...json file.

Get a listing of the keystore file(s).

$ ls /var/lib/teku/validator_keys

For each keystore_m*.json file, create an equivalently named password file.

Before you execute the next command replace <jsonfilename> with the name of the json file. Don’t forget to add the .txt at the end. E.g. sudo nano /var/lib/teku/validator_keys/keystore-m_12381_3600_0_0_0–1606351647.txt

$ sudo nano /var/lib/teku/validator_keys/<jsonfilename>.txt

Within the txt file, replace YourKeystorePasswordForThisValidator with the keystore password (the one you provided when creating the validator files in Step 1).

Check the screen shot below for reference. Press CTRL+x then ‘y’ then <enter> to save and exit.

Repeat this sequence for each *.json file until there is a matching txt file containing the keystore password for each json file.

Check the screen shot below for reference.

NOTE: There should not be a deposit_data-*.json file present. If there is, delete it. It will cause an error as Teku will expect a corresponding password file for it.

Step 9 — Configure the Teku Service

In this step you will configure and run Teku as a service so if the system restarts the process will automatically start back up again.

Set up the Account and Directory

Create an account for the beacon node to run under. This type of account can’t log into the server.

$ sudo useradd --no-create-home --shell /bin/false teku

Set Permissions

Set directory permissions. The teku account needs permission to modify the data directory (/var/lib/teku) created in the previous step.

$ sudo chown -R teku:teku /var/lib/teku
$ ls -dl /var/lib/teku

Check the screen shot below for reference.

Apply file permissions to the validator keys to provide an extra layer of security and to prevent accidental deletion. Grants read/write/execute to the user (teku).

$ sudo chmod -R 700 /var/lib/teku/validator_keys
$ sudo ls -lh /var/lib/teku/validator_keys

Check the screen shot below for reference.

Create and Configure the Service

Create a systemd service config file to configure the service.

$ sudo nano /etc/systemd/system/teku.service

Paste the following into the file.

[Unit]
Description=Teku Eth2 Client
Wants=network-online.target
After=network-online.target
[Service]
User=teku
Group=teku
Type=simple
Restart=always
RestartSec=5
Environment="JAVA_OPTS=-Xmx4g"
ExecStart=/usr/local/bin/teku/bin/teku --data-base-path=/var/lib/teku --eth1-endpoint=http://localhost:8545 --validator-keys=/var/lib/teku/validator_keys:/var/lib/teku/validator_keys --rest-api-enabled=true --rest-api-docs-enabled=true --metrics-enabled --validators-graffiti="<yourgraffiti>"
[Install]
WantedBy=multi-user.target

Notable flags:

Environment=”JAVA_OPTS=-Xmx4g” is the current recommended setting which limits the available heap size to 4GB and results in a total memory size of around 4–4.5GB for the Teku process. If memory is tight you can use -Xmx3g but no less than that. Conversely, if you have additional memory consider increasing to -Xmx5g. There is currently no benefit to increasing beyond 5g.

--eth1-endpoint Change the value if you are using a remote or third party Eth1 node. If you created the Eth1 node locally no change is required. If you would like to use a 3rd party fallback Eth1 node then add it to the end separated by a comma. More information here and a list of 3rd party options here. For example:

--eth1-endpoint=http://localhost:8545,https://3rdPartyProviderURL

--validators-graffiti="<yourgraffiti>" Replace with your own graffiti string. For security and privacy reasons avoid information that can uniquely identify you. E.g. --validators-graffiti="Hello Eth2! From Dominator".

Check the screen shot below for reference. Press CTRL+x then ‘y’ then <enter> to save and exit.

Reload systemd to reflect the changes.

$ sudo systemctl daemon-reload

Note: If you are running a local Eth1 node (see Step 6) you should wait until it fully syncs before starting the Teku service. Check progress here: sudo journalctl -fu geth.service

Start the service and check to make sure it’s running correctly.

$ sudo systemctl start teku
$ sudo systemctl status teku

Check the screen shot below for reference.

If you did everything right, it should say active (running) in green text. If not then go back and repeat the steps to fix the problem. Press Q to quit (will not affect the teku service).

Enable the service to automatically start on reboot.

$ sudo systemctl enable teku

If the Eth2 chain is post-genesis the Teku beacon chain will begin to sync. It may take several hours to fully sync. You can follow the progress or check for errors by running the journalctl command. Press CTRL+c to exit (will not affect the teku service).

$ sudo journalctl -fu teku.service

A truncated view of the log shows the following status information.

Nov 26 21:00:50 ETH-STAKER-001 teku[41629]: 21:00:50.573 INFO  - Eth1 tracker successfully caught up to chain head
Nov 26 21:10:49 ETH-STAKER-001 teku[41629]: 21:10:49.010 INFO - 4 days 14 hours 49 minutes 34 seconds until genesis time is reached. Peers: 74

Once the Eth2 mainnet starts up the beacon chain and validator will automatically start processing.

You can check the status of your validator(s) via beaconcha.in. Simply search for your validator public key(s) or search using your MetaMask (or other) wallet address. It may be a while before the data appears on the site.

Step 10 — Fund the Validator Keys

Now that your set up is up and running you will need to deposit ETH to fund your validators.

NOTE: If you have already submitted your staking deposits you can skip this step.

This step involves depositing the required amount of ETH to the Eth2.0 deposit contract. DO NOT SEND ETH TO THE DEPOSIT CONTRACT. This is done in a web browser running your MetaMask (or other) wallet via the Eth2.0 Launchpad website.

NOTE: Post-genesis, wait until your Eth1 node and beacon chain have fully synced before proceeding with the deposit. If you don’t Teku will be inactive while the Eth1 node or beacon chain sync and you may be subject to inactivity penalties.

Go here: https://launchpad.ethereum.org/

Click through the warning steps and continue through the screens until you get to the Generate Key Pairs section. Select the number of validators you are going to run. Choose a value that matches the number of validator files you generated in Step 1.

Scroll down, check the box if you agree, and click Continue.

You will be asked to upload the deposit_data-[timestamp].json file. You generated this file in Step 1. Browse/select or drag the file and click Continue.

Connect your wallet. Choose MetaMask (or one of the other supported wallets), log in, select the account where you have your ETH and click Continue.

Your MetaMask balance will be displayed. The site will allow you to continue if you have selected Mainnet and you have sufficient ETH balance.

A summary shows the number of validators and total amount of ETH required. Tick the boxes if you agree and click continue.

If you are ready to deposit click on Initiate All Transactions.

This will pop open MetaMask (or other wallet) where you can confirm each transaction.

Once all the transactions have successfully completed you are done!

Congratulations you have deposited your stake!

Check the Status of Your Validator Deposits

Newly added validators can take a while (hours to days) to activate. You can check the status of your keys with these steps:

  1. Copy your MetaMask (or other) wallet address.
  2. Go here: https://beaconscan.com/
  3. Search for your key(s) using your wallet address.

Diving into a specific validator you see a Status and an estimate until activation (Activation Epoch) for the validator.

You now have a functioning beacon chain and validator and your mainnet deposit is in. Once your deposit is active and the Ethereum 2.0 mainnet is running you will begin staking and earning rewards.

Congratulations: You are officially an Ethereum Staker!

Probably a good time to get a fresh beverage and hydrate.

Step 11 — Monitoring

Due to a few unresolved security concerns monitoring will be a near-future addition to this guide.

Final Remarks and Recommended Next Steps

Thanks for the opportunity. Hopefully this guide was helpful for you.

Next steps:

  • Triple check all key and password backups.
  • Reboot your machine and make sure the services come back up.
  • Understand how to update the client and server software.
  • Consider setting a max size for systemd journal logs. See Appendix F.
  • Use htop to monitor resources on the local machine.
  • Get familiar with beaconcha.in so you can monitor your validators. They offer alerting (via email — sign up required) and up to 3 POAPs.
  • Join the Ethstaker and Teku Discord for important notifications.
  • Share any feedback for this guide on Discord, Twitter, or Reddit.
  • Help others with their setup on the Ethstaker discord.
  • Share this guide using the friend link!
  • Tips: somer.eth

Further Reading

It is strongly recommended that you evaluate information from as many sources as possible. These are additional resources to help familiarize yourself with staking on Eth2.

The author has not tested or verified these resources. Use at your own risk.

Appendix A — Updating Geth

If you need to update to the latest version of Geth follow these steps.

$ sudo systemctl stop teku
$ sudo systemctl stop geth
$ sudo apt update && sudo apt upgrade
$ sudo systemctl start geth
$ sudo systemctl status geth # <-- Check for errors
$ sudo journalctl -fu geth # <-- Monitor
$ sudo systemctl start teku
$ sudo systemctl status teku # <-- Check for errors
$ sudo journalctl -fu teku.service # <-- Monitor

Appendix B — Updating Teku

If you need to update to the latest version of Teku follow these steps.

First, go here and identify the latest Linux release. In the “Downloads” section copy the download link to the tar.gz file. Be sure to copy the correct link.

Modify the URL in the instructions below to match the download link for the latest version.

$ cd ~
$ sudo apt install curl
$ curl -LO https://artifacts.consensys.net/public/teku/raw/names/teku.tar.gz/versions/22.5.1/teku-22.5.1.tar.gz

Stop the Teku client service.

$ sudo systemctl stop teku

Extract the files from the archive and copy to the /usr/local/bin directory. Modify the URL name as necessary.

$ tar xvf teku-22.5.1.tar.gz
$ sudo rm -r /usr/local/bin/teku # <-- Remove the old files
$ sudo cp -a teku-22.5.1 /usr/local/bin/teku

Restart the service and check for errors.

$ sudo systemctl start teku
$ sudo systemctl status teku # <-- Check for errors
$ sudo journalctl -fu teku.service # <-- Monitor

Clean up the extracted files. Modify the file name as necessary.

$ cd ~
$ sudo rm teku-22.5.1.tar.gz
$ sudo rm -r teku-22.5.1

Appendix C — Adding a Validator

Coming soon.

Appendix D — Pruning Geth

To avoid running out of disk space on your server, it may be useful to periodically run a prune operation on the Geth database. This operation will attempt to reduce the size of (prune) the Geth database. Thanks to Yorick Downe and his excellent guide for help with this section.

Some important prerequisites:

  • Geth v1.10.3 or above must be installed. See Appendix A — Updating Geth for instructions to update if necessary.
  • Geth must be fully synced. See Step 6 — Set up an Ethereum (Eth1) Node for instructions to check if it is fully synced.
  • Geth logs are not showing “state snapshot generation” messages. You can see the service log output using $ sudo journalctl -fu geth.service. If it is, it should show an “eta” with a time interval. Allow that to elapse + 128 blocks (~35 mins) before starting the prune operation.
  • Geth will not be operating normally during the prune operation. The prune operation takes around 4–6 hours.
  • To avoid disruption to your validator(s) during the prune operation, make sure a fallback Eth1 provider is set via the --eth1-endpoint in the teku.service config. See Step 9 — Configure the Teku Service.
  • There must be more than 25GB free space on your server for the prune to run without risk of failure. Check available space using the df -h command. For example, the output below shows the main partition is /dev/hda1 and there is 82GB free:
ethstaker@ETH-STAKER-002:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.9G 0 3.9G 0% /dev
tmpfs 796M 996K 795M 1% /run
/dev/hda1 155G 74G 82G 48% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/vda15 105M 5.2M 100M 5% /boot/efi
tmpfs 796M 0 796M 0% /run/user/1000
ethstaker@ETH-STAKER-002:~$

If you meet the pre-requisites above then continue on. If not, check for advice on how to proceed with the EthStaker community on Reddit or Discord.

Start the Prune Operation

To run the prune it is necessary to update the service configuration for Geth to add the required prune command.

Stop the geth service.

$ sudo systemctl stop geth

Observe the behavior of the Teku service. It should fall back to the supplied --eth1-endpoint and the validator should continue its validation duties. Use the following command to inspect the service logs.

$ sudo journalctl -fu teku.service

Open the geth service systemd configuration file.

$ sudo nano /etc/systemd/system/geth.service

Add the snapshot prune-state instruction at the end of the ExecStart line.

[Unit]
Description=Go Ethereum Client
After=network.target
Wants=network.target
[Service]
User=goeth
Group=goeth
Type=simple
Restart=always
RestartSec=5
ExecStart=geth --http --datadir /var/lib/goethereum --cache 2048 --maxpeers 30 snapshot prune-state
[Install]
WantedBy=default.target

Press CTRL+x then ‘y’ then <enter> to save and exit.

Reload systemd to reflect the changes and start the geth service. Check status to make sure it’s running correctly.

$ sudo systemctl daemon-reload
$ sudo systemctl start geth
$ sudo systemctl status geth

From Yorick’s guide:

Geth will prune in 3 stages: “Iterating state snapshot”, “Pruning state data”, and “Compacting database”. During the “Compacting database” stage, it may not output any log entries for an hour or so (mainstream SSD IOPS). Don’t restart it when this happens, let it run!

If you see messages about “generating snapshot” and an ETA during the prune, you don’t actually have a snapshot yet! Either the --datadir and/or USER aren't right, or Geth just didn't have enough time to complete the snapshot. In that case, do stop the process, run Geth normally again, and observe its logs until snapshot has completed and is 128 blocks old.

Once the prune has completed open the geth service systemd configuration file.

$ sudo systemctl stop geth
$ sudo nano /etc/systemd/system/geth.service

Remove the snapshot prune-state instruction at the end of the ExecStart line.

[Unit]
Description=Go Ethereum Client
After=network.target
Wants=network.target
[Service]
User=goeth
Group=goeth
Type=simple
Restart=always
RestartSec=5
ExecStart=geth --http --datadir /var/lib/goethereum --cache 2048 --maxpeers 30
[Install]
WantedBy=default.target

Press CTRL+x then ‘y’ then <enter> to save and exit.

Reload systemd to reflect the changes and start the geth service. Check status to make sure it’s running correctly.

$ sudo systemctl daemon-reload
$ sudo systemctl start geth
$ sudo systemctl status geth # <-- Check for errors
$ sudo journalctl -fu geth.service # <-- Monitor

The Teku service will automatically detect that Geth is back up and running and will swap back to using that as the primary Eth1 source. Again, you can check the Teku service log to observe the behavior.

$ sudo journalctl -fu teku.service

The prune operation is now complete. You can check how much disk space was freed up using df -h.

Appendix E— Clear Systemd Journal Logs

The systemd services create logs that grow over time. It is possible to clear the logs to free up disk space on your server.

NOTE: The following steps will delete existing log data. Be careful if you require this data for debugging purposes.

Check the amount of disk space the logs are using.

$ sudo journalctl --disk-usage

To clear the logs use the following command.

$ sudo journalctl --flush --rotate 
$ sudo journalctl --vacuum-time=3days

The --flush flag flushes the logs currently in memory onto the disk.

The --rotate flag archives the existing logs so they can’t be written to any more and starts new logs for each service.

The --vacuum-time flag deletes log data that is older than 3 days.

Output should be similar to the screenshot below.

It is recommended to check the logs are in a good state after the vacuum operation.

$ sudo journalctl --verify

Each log should have a status of PASS.

Automatically Limit Log Size

If you would prefer to have the system automatically keep log data to a specified max size complete the following additional steps.

Open the systemd journal service configuration file.

$ sudo nano /etc/systemd/journald.conf

Carefully edit the file to set the maximum disk space that can be used by the journal in persistent storage. Remove the # from the line SystemMaxUse and add a value in megabytes, say 200M.

Check the screen shot below for reference. Press CTRL+x then ‘y’ then <enter> to save and exit.

Restart the journald after updating the file.

$ sudo systemctl restart systemd-journald

Journal logs will now be limited to 200MB in size.

Appendix F — Expanding the Logical Volume

There are cases where Ubuntu is provisioning only 200GB of a larger SSD causing users to run out of disk space when syncing their Eth1 node. The error message is similar to:

Fatal: Failed to register the Ethereum service: write /var/lib/goethereum/geth/chaindata/383234.ldb: no space left on device

To address this issue, assuming you have a SSD that is larger than 200GB, expand the space allocation for the LVM by following these steps:

$ sudo lvdisplay # <-- Check your logical volume size
$ sudo lvm
> lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv
> exit
$ sudo resize2fs /dev/ubuntu-vg/ubuntu-lv
$ df -h # <-- Check results

That should resize your disk to the maximum available space.

If you need support on this please check with the EthStaker Discord.

Full Disclaimer

This article (the guide) is for informational purposes only and does not constitute professional advice. The author does not warrant or guarantee the accuracy, integrity, quality, completeness, currency, or validity of any information in this article. All information herein is provided “as is” without warranty of any kind and is subject to change at any time without notice. The author disclaims all express, implied, and statutory warranties of any kind, including warranties as to accuracy, timeliness, completeness, or fitness of the information in this article for any particular purpose. The author is not responsible for any direct, indirect, incidental, consequential or any other damages arising out of or in connection with the use of this article or in reliance on the information available on this article. This includes any personal injury, business interruption, loss of use, lost data, lost profits, or any other pecuniary loss, whether in an action of contract, negligence, or other misuse, even if the author has been informed of the possibility.

--

--

Somer Esat

Passionate about Ethereum and decentralized technology.