SafeStake: Running an Operator Node (on going)
Updates happen frequently! Our Github always has the latest operator node resources and setup instructions.
Deploy the Operator node
Dependencies
Server Host
Public Static Network IP of IPv4 (need to disable IPv6)
Hardware
(Standalone Mode Recommend)
CPU: 16
Memory: 32G
Disk: 600GB
(Light Mode Recommend)
CPU: 2
Memory: 4G
Disk: 200GB
OS
Unix
Software
Docker
Docker Compose
Running Mode Of Operator Node
Standalone Mode
Standalone mode contains the following list of programs/soft on a single host:
Geth/Nethermind/Besu/Erigon Service
Lighthouse Service
OperatorNode Service
Light Mode
Light mode contains only the OperatorNode service, the following list of programs/soft on a host:
OperatorNode Service
Geth/Nethermind/Besu/Erigon service and Lighthouse service can run on other hosts. Users should configure the
beacon node endpoint
(discussed later) in order to connect to Lighthouse's beacon node instance. The purpose of this is to make the architecture clearer and easier to scale operator nodes. And the cost efficiency ratio of infrastructure will be higher.
Deployment
1. Set firewall rule
Log in to your host cloud service provider, open the following firewall inbound rules:
Type | IpProtocol | Port | IpRanges | Usage |
---|---|---|---|---|
Inbound/Ingress | TCP & UDP | 30303 | 0.0.0.0/0 | Geth/Nethermind/Besu/Erigon p2p |
Inbound/Ingress | TCP & UDP | 9000 | 0.0.0.0/0 | Lighthouse p2p |
Inbound/Ingress | TCP | 5052 | Internal | Operator - Lighthouse |
Inbound/Ingress | TCP | 8546 | Internal | Operator - Geth/Nethermind/Besu websocket (port 8545 for Erigon) |
Inbound/Ingress | TCP | 8551 | Internal | Lighthouse - Geth/Nethermind/Besu/Erigon |
Inbound/Ingress | TCP | 26000 | 0.0.0.0/0 | hotstuff consensus |
Inbound/Ingress | TCP | 26001 | 0.0.0.0/0 | hotstuff consensus |
Inbound/Ingress | TCP | 26002 | 0.0.0.0/0 | hotstuff consensus |
Inbound/Ingress | TCP | 26003 | 0.0.0.0/0 | When aggregating signatures, operator nodes use this port to request signature from each other |
Inbound/Ingress | UDP | 26004 | 0.0.0.0/0 | Node discovery |
Inbound/Ingress | TCP | 26005 | 0.0.0.0/0 | DKG port, which will listen only when DKG is triggered. By default, the port won't listen. |
2. SSH Login to your server (jumpserver recommand)
3. Install Docker and Docker compose
4. Enable docker service and start it immediately.
5. Create local volume directory
6. Generate your jwt secret to jwt dirctory
7. Clone operator code from Github
8. Running Geth/Nethermind/Besu/Erigon & Lighthouse Service
NOTE: This step is to provide a quick way to setup and run the execution client and consensus client. If you already have a node running execution client and consensus client, you can skip this step.
NOTE: Remember to open the 5052
firewall port for this host
Syncing data may take several hours. You can use the command to see the latest logs of lighthouse to check if the data is synced:
Once the data is synced, you will see output like below:
or you can use this command to check if lighthouse is synced:
if the output shows {"data":"Synced"}
, it means it is already synced.
9. Edit local environment variables
Now that we have open the .env
file, we will update the values based on our own configuration.
Leave these variables unchanged now:
Update these variables with yours
For BEACON_NODE_ENDPOINT
, if you follow the previous step to run Geth/Nethermind/Besu/Erigon and Lighthouse and you want operator runs on the same machine, then you can use a local IP:
Otherwise, suppose the host where you run the Lighthouse & Geth/Nethermind/Besu/Erigon service has an IP 12.102.103.1
, then you can set:
10. Generate a registration public and private key
Output:
Save the public key, which will be used later. Or you can find the public key in the "name" field of the file /data/operator/v1/holesky/node_key.json
11. Go to SafeStake website:
Click "Join As Operator".
Select a wallet where you have enough holesky testnet token to pay minimum fee to sign a transaction.
After you connect your wallet, click "Register Operator"
Your wallet address is auto filled. You need to enter the "Display Name" for your node and the "Operator Public Key" got from the previous step. Then click "Next".
Click "Register Operator"
Wallet extension page will pop out. You need to click "Confirm" to sign the transaction.
After we register an Operator on the Safestake website, we will be shown our OPERATOR ID
, which is the unique identifier we need to start with. We will need to update the OPERATOR ID to the .env
file before running the operator service.
12. Edit local environment variables for OPERATOR_ID
13. Start operator service
Congratulations, now the Operator program has been installed and deployed.
Some final notes about Operator's private/public keys
You can always view your public key in case you forget it with the command:
output
dvf-operator-1 | [2022-08-13T16:01:33.814Z INFO dvf::node::node] node public key Al0wMNz3JpkYDH7HVp93dZfLMt1GJHypLfhwOWS0NwC/
It is a good practice to back up your operator private key file
Keep it safe and put it in a safe place!
Your SafeStake Operator Node is now configured
then you may go to SafeStake website to register a validator and then choose your operator.
Backup and Migration
If you are using our default settings, all data other than configration files is stored in the folder /data
. It is possible for Geth/Nethermind/Besu/Erigon and lighthouse to resync data in a new machine. For operator, it is important to always backup and copy the folder /data/operator/
to the new machine before you start operator in the new machine.
Some description of the folders and files under /data/operator/v1/holesky/
:
Common issues troubleshooting
Last updated