SafeStake: Running an Operator Node (on going)
Updates happen frequently! Our Github always has the latest operator node resources and setup instructions.
- Public Static Network IP
- Hardware
- (Standalone Mode Recommend)
- CPU: 16
- Memory: 32G
- Disk: 600GB
- (Light Mode Recommend)
- CPU: 2
- Memory: 4G
- Disk: 200GB
- OS
- Unix
- Software
- Docker
- Docker Compose
Standalone Mode
Standalone mode contains the following list of programs/soft on a single host:
- Geth Service
- Lighthouse Service
- OperatorNode Service
Light Mode
Light mode contains only the OperatorNode service, the following list of programs/soft on a host:
- OperatorNode Service
Geth service and Lighthouse service can run on other hosts. Users should configure thebeacon node endpoint
(discussed later) in order to connect to Lighthouse's beacon node instance. The purpose of this is to make the architecture clearer and easier to scale operator nodes. And the cost efficiency ratio of infrastructure will be higher.
- Create new key

- Select 'WEBSOCKETS'

- Select 'Goerli' network under 'Ethereum'

- Copy your WS_URL

Log in to your host cloud service provider, open the following firewall inbound rules:
Type | IpProtocol | FromPort | ToPort | IpRanges |
---|---|---|---|---|
Inbound/Ingress | tcp | 80 | 80 | 0.0.0.0/0 |
Inbound/Ingress | udp | 8585 | 8585 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 25000 | 25003 | 0.0.0.0/0 |
Inbound/Ingress | udp | 5052 | 5052 | 0.0.0.0/0 |
Inbound/Ingress | udp | 1234 | 1234 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 5052 | 5052 | 0.0.0.0/0 |
Inbound/Ingress | udp | 9000 | 9000 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 30303 | 30303 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 8551 | 8551 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 443 | 443 | 0.0.0.0/0 |
Inbound/Ingress | udp | 30303 | 30303 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 9000 | 9000 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 8545 | 8547 | 0.0.0.0/0 |
Inbound/Ingress | udp | 9005 | 9005 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 8585 | 8585 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 22 | 22 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 26000 | 26005 | 0.0.0.0/0 |
Inbound/Ingress | udp | 25004 | 25004 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 26000 | 26003 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 25005 | 25005 | 0.0.0.0/0 |
Inbound/Ingress | udp | 26004 | 26004 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 3456 | 3456 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 3000 | 3001 | 0.0.0.0/0 |
Inbound/Ingress | tcp | 1234 | 1234 | 0.0.0.0/0 |
sudo systemctl enable docker
sudo mkdir -p /data/geth
sudo mkdir -p /data/lighthouse
sudo mkdir -p /data/jwt
sudo mkdir -p /data/operator
openssl rand -hex 32 | tr -d "\n" | sudo tee /data/jwt/jwtsecret
git clone --recurse-submodules https://github.com/ParaState/SafeStakeOperator.git dvf
cd dvf
sudo docker compose -f docker-compose-operator.yml up dvf_key_tool
Output:
...
dvf-dvf_key_tool-1 | INFO: node public key AtzozvDHiWUpO+oJph2ikv+EyBN5pdBXsfgZqLi0+Yqd
dvf-dvf_key_tool-1 exited with code 0
After we register an Operator on the Safestake website, we will be shown our
OPERATOR ID
, which is the unique identifier we need to start with. We will need to update the OPERATOR ID to the .env
file before running the operator service.You should acquire a beacon node endpoint for the operator to connect with. You can either run such a service by yourself, or potentially obtain it from some third-party service (we might open such a paid service later if necessary).
We will show later how to run such a service with
Lighthouse
by yourself. For now, let's continue with other steps.cd dvf
cp .env.example .env
vim .env
Now that we have open the
.env
file, we will update the values based on our own configuration.Goerli Testnet
Leave these variables unchanged:
ENR=enr:-IS4QKIF_55zNM3o29E91Rj2gwjTQJHvnGVW8e--2nvsixCXCKbS0vhuBILafB1qv3AyR2GhKt611zf_x5V6zwGEmEwBgmlkgnY0gmlwhBKIH16Jc2VjcDI1NmsxoQNsOWU-IpJ0fRj4WlVELfC5HLLhzhHZr9HMsN401NGJdYN1ZHCCIy0
GETH_NETWORK=goerli
LIGHTHOUSE_NETWORK=prater
OPERATOR_NETWORK=prater
IMAGE_TAG=staging
REGISTRY_CONTRACT_ADDRESS=CfA236D32fec8Af5bCeA57C9C07D8FAE7b504523
NETWORK_CONTRACT_ADDRESS=F0d08b8730F116d0D2371359Fa044DEDdF026556
API_SERVER=https://api-testnet.safestake.xyz/v1/
# different chain has different ttd
TTD=10790000
# separated by ',' for multiple relays, such as MEV_BOOST_RELAYS=xxx,xxx,xxx
MEV_BOOST_RELAYS=https://0xafa4c6985aa049fb79dd37010438cfebe[email protected]boost-relay-goerli.flashbots.net
#gas limit. [default: 30,000,000]
GAS_LIMIT_INTEGER=30000000
WS_URL=<infura_ws_url>
OPERATOR_ID=<YOUR_OPERATOR_ID>
# The beacon node endpoint, e.g., http://127.0.0.1:5052 for a local node
BEACON_NODE_ENDPOINT=<FILLED_WITH_YOUR_CHOICE>
Update these variables with yours
WS_URL= #YOUR WSS URL
OPERATOR_ID= #The Operator ID is the ID you receive after registering the operator on SafeStake website
BEACON_NODE_ENDPOINT= # Depending on whether you are running single-node mode or multi-node mode, fill in the correct Lighthouse beacon node service url
WS_URL
and OPERATOR_ID
should have been obtained by following previous steps. As for BEACON_NODE_ENDPOINT
, if you can't find an available third-party beacon node service, you can follow this section to setup one by yourself.sudo docker compose -f docker-compose-operator.yml up --force-recreate -d operator
Congratulations, now the Operator program has been installed and deployed.
You can continue to the next section if you need to run Lighthouse & Geth service by yourself, otherwise, the operator tutorial ends here.
sudo docker compose -f docker-compose-operator.yml up geth -d
sudo docker compose -f docker-compose-operator.yml up lighthouse -d
NOTE: Remember to open the
5052
firewall port for this hostNow that the service is running, you have your own
BEACON_NODE_ENDPOINT
to fill into the .env
file. For example, if the service is running on the same machine where the operator software is running, then you can use a local IP:BEACON_NODE_ENDPOINT=http://127.0.0.1:5052
Otherwise, suppose the host where you run the Lighthouse & Geth service has an IP
12.102.103.1
, then you can set:BEACON_NODE_ENDPOINT=http://12.102.103.1:5052
You can always view your public key in case you forget it with the command:
sudo docker compose -f docker-compose-operator.yml logs -f operator | grep "node public key"
output
dvf-operator-1 | [2022-08-13T16:01:33.814Z INFO dvf::node::node] node public key Al0wMNz3JpkYDH7HVp93dZfLMt1GJHypLfhwOWS0NwC/
It is a good practice to back up your operator private key file
Keep it safe and put it in a safe place!
/data/operator/v1/prater/node_key.json
Your SafeStake Operator Node is now configured
Last modified 2mo ago