Guide to participating in Ethereum 2.0 Pyrmont testnet staking

Source | someresat.medium.com

Reminder: Do not follow this guide to connect to the Eth2 mainnet. For the mainnet guide, please refer to "Ethereum 2.0 Mainnet Staking Tutorial (Ubuntu/Teku)".

This article explains how to stake on the Ethereum 2.0 mainnet through the multi-client testnet Pyrmont. It is mainly based on the following technologies:

• Ubuntu v20.04 (LTS) x64 Server

• Go Ethereum Node (code branch)

• ConsenSys' Ethereum 2.0 client, Teku (code fork)

• Official multi-client test network public network, Pyrmont

• Browser plug-in crypto wallet MetaMask

• Prometheus parameters

• Grafana Dashboard

This guide includes the following instructions:

• Connect and securely configure a newly running Ubuntu server use case

• Configure an Ethereum 1.0 node and run it as a service

• Generate Pyrmont validator account key and deposit assets

• Import the Pyrmont validator account key into the Teku client

• Compile and configure Teku client software for Ethereum 2.0 and Pyrmont testnet phase 0, and run them as services

• Install and configure Prometheus parameters and set up a Grafana dashboard

remind

This guide is for the Pyrmont testnet. Do not send mainnet ETH to the testnet under any circumstances. If you send it, you lose it.

Do not follow this guide to connect to the Eth2 mainnet. For a guide specifically for the mainnet, please refer to the Ethereum 2.0 Mainnet Staking Tutorial (Ubuntu/Teku).

Acknowledgements and Disclaimer

This tutorial refers to various materials on the Internet. Thanks to the contributors who provided the materials!

Thanks to the #teku channel in the ConsenSys Discord and the EthStaker team for their help and review on discord.

Special thanks to the Eth2 client team and the researchers at the Ethereum Foundation. After years of unremitting efforts, they have brought us to this incredible moment - the successful creation of Eth2.0.

This tutorial is for educational purposes only. I am not an expert in any of the technologies covered in this article. I do not guarantee the accuracy of the content of this tutorial and I am not responsible for any losses caused by following this tutorial.

support

This process can be a little tricky. In addition to me, here are two great resources you can turn to for help:

• The EthStaker community is an Ethereum 2.0 Staking community that is rich in resources and very friendly.

• Reddit: https://www.reddit.com/r/ethstaker/

• Discord: https://discord.gg/7z8wzehjrJ

• Teku Client Team Discord: https://discord.gg/trQ378WCp4, they are the engineering team of the client software and are experts in using Teku.

condition

This tutorial requires some background knowledge of Ethereum, ETH, Staking, testnet, Linux, and MetaMask.

This tutorial also requires that you install and run:

• Ubuntu Server v20.04 (LTS) amd64 or a newer Ubuntu Server installed and running on a local computer, your network, or in the cloud (AWS, Digital Ocean, Microsoft Azure, etc.). Using a local computer is recommended to increase the decentralization of the network - if the cloud provider goes down, then all nodes hosted on that provider will go offline.

• An installed or configured browser plug-in crypto wallet MetaMask. A computer with an operating system (Mac, Windows, Linux, etc.) and a browser (Brave, Safari, FireFox, etc.).

Attention Raspberry Pi users

I have not tested this tutorial on a Raspberry Pi. If you want to try it, just replace the software listed below with the ARM version. There is no guarantee that it will work.

Require

• Ubuntu Server use case. I used v20.04 (LTS) amd64 server VM

• Browser plug-in encryption wallet MetaMask, installed and configured

• Hardware requirements are a big topic. In general: a relatively new CPU, 8GB of RAM (16GB is better), an SSD with at least 1TB of storage, and a stable network (fast enough download speed and monthly data quota) will make the staking process safer and smoother.

Overview

This tutorial is quite long, so the following diagram briefly explains the steps of staking. The yellow parts are what we will cover in this article:

The whole process can be conceptualized as follows:

• Set up an Eth1 node and sync the data of the Eth1 Göerli testnet;

• Generate validator keys and deposit data;

• Configure Teku client and synchronize Eth1 node data

• Deposit 32 Göerli testnet ETH to activate the validator key

So let’s get started now!

Step 0: Connect to the server

Connect to your Ubuntu server using an SSH port. By default, the root account on Ubuntu is usually disabled, however some cloud providers can enable the root account. If you log in as root, it is best to recreate a user account with administrative privileges, as logging in as the root user is very risky.

Note: If you are not logged in as root you can skip to step 1.

# adduser <yourusername>

Set a password and fill in the other information.

Grant the new user administrative privileges by adding him to the sudo group.

# usermod -aG sudo <yourusername>

When you are logged in as <yourusername>, you can run commands with superuser privileges by typing sudo before the command line.

Optional: If you used SSH keys to connect to your Ubuntu instance through the root account, you will need to connect to the new account using the root account's SSH key data.

# rsync --archive --chown=<yourusername>:<yourusername> ~/.ssh /home/<yourusername>

Finally, log out of your root account and log into your Ubuntu server using your newly created username <yourusername>.

Step 1: Upgrade the server

Make sure your system is updated with the latest software and security settings.

$ sudo apt update && sudo apt upgrade$ sudo apt dist-upgrade && sudo apt autoremove

$ sudo reboot

Step 2: Secure your server

Security is very important. However, since this article is not a guide to security, only some basic settings are listed.

Configure Firewall

The Ubuntu 20.04 server can use the default UFW firewall to limit traffic accessing the server, but first set it up to allow inbound traffic from SSH, Go Ethereum, Grafana, and Teku.

Allow SSH

Allow connections to the server via SSH. Next we will change the default port 22 for security reasons (as this is a common attack vector).

Note: If you choose not to change the default SSH port (not recommended), you will need to add an additional step to allow the default SSH port *$ sudo ufw allow 22/tcp* and then skip to the step to allow "Go Ethereum".

Choose a port number between 1024 — 49151 and run the following command to retrieve the port number that is not in use. If it is in red (in use), choose another port. For example: sudo ss -tulpn | grep ':6673'

$ sudo ss -tulpn | grep ':<yourSSHportnumber>'

Update the firewall to allow inbound traffic to <yourSSHportnumber>. SSH requires TCP protocol. For example: sudo ufw allow 6673/tcp

$ sudo ufw allow <yourSSHportnumber>/tcp

Next, change the default SSH port.

$ sudo nano /etc/ssh/sshd_config

Find the default port # Port 22 or Port 22 and change your port number to Port <yourSSHportnumber>. Delete the # (if any). Refer to the screenshot below, your document should look similar to the one shown below (except the port number is different). Save and exit.

Restart SSH service

$ sudo systemctl restart ssh

Next time you log in via SSH you will use your port number <yourSSHportnumber> .

Optional: If you are already using UFW for port 22/TCP, update the firewall to deny inbound traffic to that port. Be sure to do this after you have logged in using the new SSH port.

$ sudo ufw deny 22/tcp

Allow Go Ethereum

Allow inbound requests from Go Ethereum peers (ports 30303/TPC and 30303/UDP). If you use a third-party hosted Eth1 node like Infura, you can skip this step.

Note: If you are hosting your Ubuntu server locally, you will need to configure your network routing to allow inbound traffic from port 30303.

$ sudo ufw allow 30303

Allow Teku

Allows peer-to-peer connections with Teku's peers to operate on the Beacon Chain node (default ports 9000/TCP and 9000/UDP provided by Consensys). .

Note: If you host your Ubuntu server locally, you will need to configure your network routing and firewall to allow inbound traffic from port 9000.

$ sudo ufw allow 9000

Allow Grafana

Allows inbound requests to the Grafana web server (port 3000/TCP).

$ sudo ufw allow 3000/tcp

Enable Prometheus (optional)

If you want to access the Prometheus data service directly, you can also open port 9090/TCP. If you only use Grafana to view the data, this is not necessary. I did not open this port.

$ sudo ufw allow 9090/tcp

Start the firewall and check whether it is configured correctly.

$ sudo ufw enable$ sudo ufw status numbered

The display should be like this

Step 3: Install and run the Go Ethereum node

Install and configure an Eth1.0 node to which the beacon chain will connect. If you choose a third-party service (such as Infura), you can skip this step.

Install Go Ethereum

It is recommended to use PPA (Personal Package Archives) to install the Go Ethereum client.

$ sudo add-apt-repository -y ppa:ethereum/ethereum

Update packages and install the latest stable version.

$ sudo apt update$ sudo apt install geth

Running Go Ethereum as a background service

An account needs to be created to run this service. This type of account cannot log in to the server.

$ sudo useradd --no-create-home --shell /bin/false goeth

Create a data directory for the Eth1 blockchain to store Eth1 node data.

$ sudo mkdir -p /var/lib/goethereum

Set permissions for the directory. The goeth account needs permissions to modify the data directory.

$ sudo chown -R goeth:goeth /var/lib/goethereum

Create a systemd service file to store the service configuration. We will use this configuration file to instruct systemd to run the geth process.

$ sudo nano /etc/systemd/system/geth.service

Copy and paste the following service configuration into the document.

[Unit]Description=Ethereum go client
After=network.target
Wants=network.target[Service]
User=goeth
Group=goeth
Type=simple
Restart=always
RestartSec=5
ExecStart=geth --goerli --http --datadir /var/lib/goethereum[Install]
WantedBy=default.target

The flag --goerli is used to target the Göerli testnet, while the flag --http is used to expose an HTTP port (http://localhost:8545) for connecting to the beacon chain node.

Refer to the screenshot below. Save and exit.

Reload systemd to show the above changes

$ sudo systemctl daemon-reload

Start the service and check to make sure it is running properly.

$ sudo systemctl start geth$ sudo systemctl status geth

The display should look like the screenshot below.

If you did everything right, it will say "active (running)" in green. If not, you will need to go back and repeat the steps above to fix the problem. Press Q to quit.

Enable the geth service to automatically start on system reboot.

$ sudo systemctl enable geth

The Go Ethereum node will begin syncing. You can run the journal command to follow the progress. Press “CTRL+c” to exit.

NOTE: Issuing Ctrl+C to quit out of journal doesn't impact the service. Journal is simply a real-time view of the service logs.

Note: Using Ctrl+C to exit the journal will not affect the service. The Journal is just a real-time view of the service log.

$ sudo journalctl -fu geth.service

When it takes you a long time (>10 minutes) to find peers to sync with, you can add some peers. Visit here to get the latest list and run the following command to modify the geth service:

$ sudo systemctl stop geth$ sudo nano /etc/systemd/system/geth.service

Modify the ExecStart line and add the --bootnodes flag: List the latest peers below, separated by commas.

ExecStart=geth --goerli --http --datadir /var/lib/goethereum --bootnodes "enode://46add44b9f13965f7b9875ac6b85f016f341012d84f975377573800a863526f4da19a e2c620ec73d11591fa9510e992ecc03ad0751f53cc02f7c7ed6d55c7291@94.237.54.114:30313 ,enode://119f66b04772e8d2e9d352b81a15aa49d565590bfc9a80fe732706919f8ccd00a471cf 8433e398c55c4862aadb4aadf3a010201483b87e8358951698aa0b6f07@13.250.50.139:30303"

Save the file and exit. Then restart the service and observe.

$ sudo systemctl daemon-reload$ sudo systemctl start geth
$ sudo journalctl -fu geth.service

After startup, the display should look similar to the screenshot below:

Before running the beacon chain, you need to wait for the node to sync. Click here to access the latest block.

For example, the screenshot above shows that the node is processing block number=43756, and the screenshot below shows that the latest block is 3196411. In other words, we still have some time to complete the synchronization.

Next, we will prepare the validator deposit data. If you want to check the sync status, you can run the command sudo journalctl -fu geth.service at any time to view it.

Step 4: Generate validator key and deposit data

In order to run a validator node on the Eth2.0 Pyrmont testnet, we will need to register one or more validator accounts.

NOTE: If you have already generated your deposit data and submitted your stake deposit, you can skip this step. If you generated it elsewhere, you will need to copy your validator key to this server.

The registration steps are as follows:

• Get Göerli ETH

• Generate a validator key. One key represents one validator account.

• Deposit 32 Göerli ETH to each validator account

• Waiting for your validator account to be activated

So let’s get started now!

Get Goerli ETH

• Use a computer that has the MetaMask browser plugin installed.

• Click MetaMask and log in

• Click the drop-down menu at the top and select Göerli Test Network

• Click on the account name and copy your Göerli testnet wallet address

• Get Göerli ETH from the authenticated faucet using your address, or by using the bot command: !goerliEth <yourwalletaddress> in the #request-goerli-eth channel on the ethstaker Discord.

Note: A validator requires a deposit of 32 ETH. Your MetaMask wallet needs to have enough Göerli ETH to deposit into each validator client. For example, if you want to run 10 validators, you will need 320 Göerli ETH and some extra money (such as 1 Göerli ETH) to pay gas fees.

Generate validator keys

Next we need to generate deposit data and validator keys. Teku validator client supports multiple validator keys. On the Pyrmont testnet, basically one validator key represents one "validator account". The deposit data contains your staking information (such as validator key list, etc.)

Go here to get the Latest Release of the Deposit Command Line Interface App.

Copy the link to the Linux version in the "asset" column. We will use this link to download it as shown below. Change the URL in the instructions to the download link of the latest version.

$ cd ~$ sudo apt install curl
$ curl -LO https://github.com/ethereum/eth2.0-deposit-cli/releases/download/v1.1.0/eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz

Open the tar archive and go to the directory it created.

$ sudo tar xvf eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz$ cd eth2deposit-cli-ed5a6d3-linux-amd64

Run the application to generate deposit data and validator keys.

Change <numberofvalidators> to the number of validator keys you want to create. For example: --num_validators 5

$ sudo ./deposit new-mnemonic --num_validators <numberofvalidators> --mnemonic_language=english --chain pyrmont

It will ask you to create a wallet password. We will use this to load the validator keys into the Teku client's validator wallet. Back it up somewhere safe.

It will generate a seed phrase (mnemonic). Back it up somewhere else. This is important, you will need it to generate withdrawal keys or add validators.

Once you have confirmed your mnemonic, your validator key will be created.

The newly created validator key and deposit data files will be created in a specific location. For example: eth2deposit-cli-ed5a6d3-linux-amd64/validator_keys . Mark it, we will use it later.

The contents of the folder are as follows:

The deposit_data-[timestamp].json document contains the validator's public key and information about the deposit. This document will be used in the next step to complete the deposit process. Since we are on a server and don't have a web browser, we will use secure FTP (SFTP) to transfer the document to a computer running MetaMask. Remember to complete this step before continuing.

The keystore-m...json document contains the encrypted signing keys. Each validator account has a keystore-m. These will be used to create the Teku client validator wallet.

Clean up by removing the downloaded tar archive.

$ cd ~$ rm -rf eth2deposit-cli-ed5a6d3-linux-amd64.tar.gz

Now that you have your deposit data and keystore files, you can set up Teku. We need to deposit assets into the key (deposit Göerli ETH to activate the validator) before setting up Teku, so that we can verify the setup first. If the validator deposit is activated but the system is not ready, we will be penalized for inactivity.

Step 5: Installation Conditions

Teku is built on the Java language, so it requires a Java Runtime Environment (JRE) to run and a Java Development Kit (JDK) to compile.

.Install both tools.

$ sudo apt install default-jre default-jdk$ java --version
$ javac --version

The display should be similar to

ethstaker@ETH-STAKER-001:~$ java --versionopenjdk 11.0.9.1 2020-11-04

OpenJDK Runtime Environment (build 11.0.9.1+1-Ubuntu-0ubuntu1.20.04)
OpenJDK 64-Bit Server VM (build 11.0.9.1+1-Ubuntu-0ubuntu1.20.04, mixed mode, sharing)
ethstaker@ETH-STAKER-001:~$ javac --version
javac 11.0.9.1

Step 6: Clone and Build Teku

Now we are ready to build Teku. Teku generates a teku binary. This binary provides the functionality of the beacon chain as well as the validator client.

Visit here to get the latest version of Teku. Be careful not to clone the master branch as it may be unstable.

Use a tag (in this case 20.11.0-RC2)

$ cd ~$ git clone --b 20.11.0-RC2 https://github.com/Consensys/teku.git
$ cd teku

Compiling code using Gradle

$ sudo ./gradlew installDist

The build time should take about 3-6 minutes. Time to have a drink and rehydrate. You can also read my other articles.

If all went well, continue. If not, ask for help in the #teku channel on the ConsenSys Discord: https://discord.gg/trQ378WCp4

Step 7: Copy Teku Binary

Next copy and paste the compiled Teku file into the directory /usr/local/bin where we will later create a systemd service and run the file.

$ cd ~$ sudo cp -a teku/build/install/teku/. /usr/local/bin/teku

NOTE: You need to do this every time you pull or build a new version of the *teku* binary. See the Addendum - Teku Updates at the end of this tutorial.

Step 8: Configure the beacon node and validator client

We will run the Teku client as a service, so if the system reboots the process will automatically restart.

Setting up accounts and directories

Create an account for running beacon nodes and validator nodes. This type of account cannot be used to log into the server.

$ sudo useradd --no-create-home --shell /bin/false teku

Create a data directory for Teku client data documents and a config directory for Teku configuration documents.

$ sudo mkdir -p /var/lib/teku $ sudo mkdir -p /etc/teku

This way we can centralize the documents in one location and copy the keystore-m...json documents to the data directory we created earlier.

$ sudo cp -a /$HOME/<ValidatorKeysPath> /var/lib/teku

Fill in the path of the validator key you generated into <ValidatorKeysPath>, for example: eth2deposit-cli-ed5a6d3-linux-amd64/validator_keys. It is worth noting that we only copy the keystore-m file. Do not copy the deposit_data file. If you copied it, just delete it with the following code.

$ cd /var/lib/teku/validator_keys$ ls
$ sudo rm <DepositDataFileName>

You should get something like this (depending on how many validator documents you have):

Creating a certifier password document

The Teku client requires validators to have a password document to access each validator account when running and automatically restarts the service.

Each validator keystore-m...json key file needs a corresponding password txt file. This step is required even if the password is the same for all validators. The password file needs to be named the same as the corresponding keystore-m file.

$ ls /var/lib/teku/validator_keys

For each keystore_m*.json file, create a password file with the same name.

$ sudo nano /var/lib/teku/validator_keys/<jsonfilename>.txt

Fill in the name of the json file in <jsonfilename>. Don't forget to add .txt at the end. In the txt file, fill in the password for the keystore (the password you provided when creating the validator file in step 4) in YourKeystorePasswordForThisValidator. Save and exit. Repeat the above steps for each *.json file.

You should get the following result and this step is complete.

NOTE: There should not be a *deposit_data-\*.json* file. If there is, delete it. It will cause incorrect pairing because the Teku client will expect it to have a corresponding password file.

Set permissions

Set directory permissions. The teku account needs permission to modify a number of directories. Confirm that directory permissions are set correctly.

$ sudo chown -R teku:teku /var/lib/teku $ sudo chown -R teku:teku /etc/teku
$ ls -dl /var/lib/teku; ls -dl /etc/teku

It should look like this:

Apply document permissions to the certifier key to provide an extra layer of security and prevent accidental deletion. Give the (teku) user read/write/execute permissions. Make sure the document permissions are set correctly.

$ sudo chmod -R 700 /var/lib/teku/validator_keys$ sudo ls -lh /var/lib/teku/validator_keys

The result should be like this

Now that we have our validator key and password set, we can start configuring the service.

Create a Teku configuration document

The Teku client can read command line options via a configuration document. Create it now.

$ sudo nano /etc/teku/teku.yaml

Paste the following code into the document.

data-base-path: "/var/lib/teku"network: "pyrmont"eth1-endpoint: "http://127.0.0.1:8545/"validator-keys: "/var/lib/teku/validator_keys:/var/lib/teku/validator_keys"validators-graffiti: "<yourPOAPstring>"p2p-port: 9000log-destination: CONSOLEmetrics-enabled: truemetrics-port: 8008rest-api-enabled: true
rest-api-docs-enabled: true

flagdata-base-path defines where the service stores data.

flageth1-endpoint defines the endpoint of the ETH1 node. If you install it locally, this value is http://127.0.0.1:8545. If you are using a third-party node (such as Infura, etc.), you need to change this value to point to the address of the external terminal.

The flag validators-keys indicates the location of the key file and the password file. This way, they are both in the same directory.

Enter the text you want in <yourPOAPstring>. For example: validators-graffiti: "abcdefg12345".

Recommended log-destination: CONSOLE setting when using systemd

Refer to the screenshot below. Your document should look similar to this. Exit and save.

Creating and configuring the Teku service

Create a systemd service document to store the configuration service.

$ sudo nano /etc/systemd/system/teku.service

Copy and paste the following code into the document

[Unit]Description=Teku Client
Wants=network-online.target
After=network-online.target[Service]
Type=simple
User=teku
Group=teku
Restart=always
RestartSec=5
Environment="JAVA_OPTS=-Xmx2g"
ExecStart=/usr/local/bin/teku/bin/teku --config-file=/etc/teku/teku.yaml[Install]
WantedBy=multi-user.target

Java (the programming language used by Teku) is designed to use a lot of RAM when executing the runtime. The flagEnvironment="JAVA_OPTS=-Xmx2g" limits the heap size to 2GB, so the total memory available for Teku to run is about 3–3.5GB.

Refer to the screenshot below. Your document should look similar to this. Exit and save.

Reload systemd to show the changes.

$ sudo systemctl daemon-reload

NOTE: If you are running a local Eth1 node (see step 3), you should wait until it is fully synced before starting the Teku service. Check the progress here: *sudo journalctl -fu geth.service*

Start the service and check to make sure it is running correctly.

$ sudo systemctl start teku$ sudo systemctl status teku

The displayed result should be like this:

If you did everything right, it will say "active (running)" in green. If not, you will need to go back and repeat the steps above to fix the problem. Press Q to quit.

Allows the service to automatically restart when the system reboots.

$ sudo systemctl enable teku

The beacon node will begin syncing data. It may take several hours to fully sync. You can follow the progress by running the journal command. Press CTRL+c to exit.

Note: Pressing Ctrl+C to exit the journal will not affect the service. journal indicates a real-time view of the service log.

$ sudo journalctl -fu teku.service

It will start processing the validator key and then synchronize the data to the head of the Eth1 chain. When the Head slot is synchronized to the Current slot, the synchronization of the beacon node is complete.

Started Teku Client....
INFO - Loading 2 validator keys...
INFO - BLS: loaded BLST library
INFO - Loaded 2 Validators: 96a349b, b7f51b6
...
INFO - Sync Event *** Current slot: 30174, Head slot: 54, Connected peers: 1
INFO - Sync Event *** Current slot: 30175, Head slot: 92, Connected peers: 6
INFO - Sync Event *** Current slot: 30176, Head slot: 128, Connected peers: 8
INFO - Sync Event *** Current slot: 30177, Head slot: 160, Connected peers: 10

This concludes this step. We now have a running beacon chain and a validator node. Congratulations! You're awesome!

Step 9: Make a validator deposit

Now that your setup is up and running, you need to deposit 32 Göerli ETH into the Pyrmont testnet.

NOTE: If you have already submitted your stake deposit, you can skip this step.

This step is all about depositing the required Göerli ETH into the Pyrmont testnet deposit contract. This requires launching your MetaMask (or other) wallet via Pyrmont's Launchpad website on your browser.

NOTE: If this tutorial was for mainnet (it is not), you would need to wait until your Eth1 node and beacon node are fully synced before making your deposit. If you don’t do this, you may incur a work-in-progress penalty while your Eth1 node or beacon chain is syncing.

Pyrmont testnet Launchpad: https://pyrmont.launchpad.ethereum.org/

Keep clicking through the warning steps until you get to the key pair generation section. Select the number of validators you plan to run. Choose a value that matches the number of validator files you generated in step 4.

Scroll down to see if you agree with the content and click "Continue".

You will be asked to upload the deposit_data-[timestamp].json file. This file is what you created in the repository, copy it to a computer with a browser. Browse/select or drag and drop the file, then click Continue.

Connect your wallet. Select MetaMask (or other supported wallet), log in, select the Göerli test network where your Göerli ETH is stored, and click Continue.

Note: Please make 100% sure that you are selecting the Göerli test network on MetaMask. Do not send real ETH to the Pyrmont test network.

Your MetaMask balance will be displayed. If you selected the Göerli test network and you have sufficient Göerli ETH balance, the website will allow you to proceed to the next step.

A Summary will then appear showing the number of validators and the amount of Göerli ETH required. Check the boxes if you agree and click Continue.

Click "Initiate All Transactions".

Multiple MetaMask instances will pop up, each making a transaction request for 32 Göerli ETH to the Pyrmont testnet. Confirm each transaction.

When all transactions are completed successfully, your pledge is complete!

Congratulations!

There is a list at the end. There is a lot of useful information in it. You can take a look at

Check your validator deposit status

New validators need to wait a while (several hours to several days) before they can be activated. You can check your key status by following these steps:

• Copy your Göerli testnet wallet address

• Go to: https://pyrmont.beaconcha.in/

• Search for your wallet address. Your keys will be displayed.

Click on a validator's details. After each validator is activated, you will see an estimated time in the Status column.

You now have a working beacon chain, a validator node, and your testnet deposit. Once your deposit is activated, you will start working and earning yield. Congratulations!

Step 10: Install Prometheus

Prometheus is an open source system that provides monitoring and alerting toolkits. It runs as a service on your Ubuntu server, and its job is to scrape data. More information here.

We will use Prometheus to expose runtime data of the beacon chain, validators, and specific instance data.

Create a User Account

These services are run under accounts. These accounts cannot log in to the server.

$ sudo useradd --no-create-home --shell /bin/false prometheus$ sudo useradd --no-create-home --shell /bin/false node_exporter

Create a Directory

Program and data directories.

$ sudo mkdir /etc/prometheus$ sudo mkdir /var/lib/prometheus

Set ownership of the directory. The prometheus account will manage this.

$ sudo chown -R prometheus:prometheus /etc/prometheus$ sudo chown -R prometheus:prometheus /var/lib/prometheus

Download Prometheus software

Update the version number of the latest version from the Prometheus download page. RPi users should be sure to get the ARM binary.

$ cd ~$ curl -LO https://github.com/prometheus/prometheus/releases/download/v2.22.2/prometheus-2.22.2.linux-amd64.tar.gz

Unpack the tar archive. It contains two binary files and some content files.

$ tar xvf prometheus-2.22.2.linux-amd64.tar.gz

Copy the binary files to the following location.

$ sudo cp prometheus-2.22.2.linux-amd64/prometheus /usr/local/bin/$ sudo cp prometheus-2.22.2.linux-amd64/promtool /usr/local/bin/

Set ownership of the directory. The prometheus account will manage this.

$ sudo chown -R prometheus:prometheus /usr/local/bin/prometheus$ sudo chown -R prometheus:prometheus /usr/local/bin/promtool

Copy these content documents to the following location.

$ sudo cp -r prometheus-2.22.2.linux-amd64/consoles /etc/prometheus$ sudo cp -r prometheus-2.22.2.linux-amd64/console_libraries /etc/prometheus

Set ownership of directories and files (-R). The prometheus account manages these.

$ sudo chown -R prometheus:prometheus /etc/prometheus/consoles$ sudo chown -R prometheus:prometheus /etc/prometheus/console_libraries

Remove download archive.

$ rm -rf prometheus-2.22.2.linux-amd64.tar.gz prometheus-2.22.2.linux-amd64

Editing a Configuration Document

Prometheus uses a configuration document so that it knows where to get data.

Open the YAML configuration document for editing.

$ sudo nano /etc/prometheus/prometheus.yml

Copy the following code into the document, be careful not to make any other edits, and exit to save the file.

global: scrape_interval: 15s
scrape_configs:
- job_name: "prometheus"
static_configs:
- targets: ["localhost:9090"]
- job_name: "teku"
scrape_timeout: 10s
metrics_path: /metrics
scheme: http
static_configs:
- targets: ["localhost:8008"]

Set ownership on the config file. The prometheus account will have this ownership.

$ sudo chown -R prometheus:prometheus /etc/prometheus/prometheus.yml

Finally, test that the server is running correctly.

$ sudo -u prometheus /usr/local/bin/prometheus \ --config.file /etc/prometheus/prometheus.yml \
--storage.tsdb.path /var/lib/prometheus/ \
--web.console.templates=/etc/prometheus/consoles \
--web.console.libraries=/etc/prometheus/console_libraries

The output should be as follows. Press Ctrl+C to exit.

level=info ts=2020-11-22T17:24:35.396Z caller=main.go:684 msg="Server is ready to receive web requests."

Set Prometheus as an automatically started service

Create a systemd service document to store the service config document, which tells systemd to run Prometheus as the prometheus user, put the configuration document in the directory /etc/prometheus/prometheus.yml, and save it in the directory /var/lib/prometheus.

$ sudo nano /etc/systemd/system/prometheus.service

Copy the following code into the document. Exit and save.

[Unit]Description=Prometheus
Wants=network-online.target
After=network-online.target[Service]
Type=simple
User=prometheus
Group=prometheus
Restart=always
RestartSec=5
ExecStart=/usr/local/bin/prometheus \
--config.file /etc/prometheus/prometheus.yml \
--storage.tsdb.path /var/lib/prometheus/ \
--web.console.templates=/etc/prometheus/consoles \
--web.console.libraries=/etc/prometheus/console_libraries[Install]
WantedBy=multi-user.target

Reload systemd to show the changes.

$ sudo systemctl daemon-reload

Then start the service by running the following command and check the status to ensure it is running correctly.

$ sudo systemctl start prometheus$ sudo systemctl status prometheus

The output should look like the following image.

If you did everything right, it will say "active (running)" in green. If not, you will need to go back and repeat the steps above to fix the problem. Press Q to quit.

Finally, enable Prometheus to start at system boot.

$ sudo systemctl enable prometheus

Step 11: Install Node Exporter

Prometheus provides data about beacon chains and validators. If we want data for our Ubuntu instance, we need an extension called Node_Exporter. If you specify other versions below, you can find the latest stable version here. Rpi users remember to get the ARM binary documentation.

$ cd ~$ curl -LO https://github.com/prometheus/node_exporter/releases/download/v1.0.1/node_exporter-1.0.1.linux-amd64.tar.gz

Open the downloaded software.

$ tar xvf node_exporter-1.0.1.linux-amd64.tar.gz

Copy the binary document to the directory /usr/local/bin and set the ownership of the user and group to the node_exporter user we created earlier.

$ sudo cp node_exporter-1.0.1.linux-amd64/node_exporter /usr/local/bin$ sudo chown -R node_exporter:node_exporter /usr/local/bin/node_exporter

Removed the downloaded archive.

$ rm -rf node_exporter-1.0.1.linux-amd64.tar.gz node_exporter-1.0.1.linux-amd64

Set Node Exporter to automatically start service

Create a systemd service document to store the service config document, which will tell systemd to run Node_Exporter as the node_exporter user.

$ sudo nano /etc/systemd/system/node_exporter.service

Copy the following code to the document. Exit and save.

[Unit]Description=Node Exporter
Wants=network-online.target
After=network-online.target[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter[Install]
WantedBy=multi-user.target

Reload systemd to display changes.

$ sudo systemctl daemon-reload

Then press the command below to start the service and check the status to make sure it runs correctly.

$ sudo systemctl start node_exporter$ sudo systemctl status node_exporter

The output should be shown below.

If you do every step right, it will display "active (running)" in green font. If it is not displayed, you need to rewind and repeat the above steps to fix the problem. Press Q to exit.

Finally, the Node Exporter is allowed to start as the system starts.

$ sudo systemctl enable node_exporter

Test Prometheus and Node Exporter (optional)

Everything is ready. You can selectively test its functionality by opening a port in the firewall (see step 1) and browsing http://<yourserverip>:9090. There you can run a query to view different data. For example, you can try this query to see how much memory is available:

http://<yourserverip>:9090/new/graph?g0.expr=node_memory_MemFree_bytes&g0.tab=1&g0.stacked=0&g0.range_input=1h

Step 12: Install Grafana

Prometheus is our data source, and Grafana provides us with the ability to report dashboard data. Next, install Grafana and configure the dashboard.

We will use an APT repository to install because this will make installation and update easier. Grafana can be found in the official Ubuntu package repository, but that version may not be the latest, so we will use Grafana's official repository.

Use wget to download the Grafana GPG's key and then transfer the output to apt-key. This will add the key to the list of trust keys for your APT installation.

$ wget -q -O - https://packages.grafana.com/gpg.key | sudo apt-key add -

Add Grafana repository to the source of APT.

$ sudo add-apt-repository "deb https://packages.grafana.com/oss/deb stable main"

Refresh apt cache.

$ sudo apt update

Confirm that Grafana is installed from the warehouse.

$ apt-cache policy grafana

The output should be as follows:

grafana: Installed: (none)
Candidate: 7.3.3
Version table:
7.3.3 500
500 https://packages.grafana.com/oss/deb stable/main amd64 Packages
7.3.2 500
500 https://packages.grafana.com/oss/deb stable/main amd64 Packages
7.3.1 500
500 https://packages.grafana.com/oss/deb stable/main amd64
...

Check that the version displayed at the top is consistent with the latest version displayed here. Then continue to install.

$ sudo apt install grafana

Start the Grafana server and check the status to make sure it runs correctly.

$ sudo systemctl start grafana-server$ sudo systemctl status grafana-server

The output should be as follows:

If you do every step right, it will display "active (running)" in green font. If it is not displayed, you need to rewind and repeat the above steps to fix the problem. Press Q to exit.

Allows Grafana to start as the system starts.

$ sudo systemctl enable grafana-server

Configure Grafana login

It's great to do this! Now that everything is set up and running, you can go to http://<yourserverip>:3000/ in your browser and the Grafana login window will appear.

Enter your username and password in admin. The system will let you change your password, please be sure to modify it.

Configure Grafana's data source

Let's configure the data source. Move your mouse to the gear icon in the menu bar on the left and a menu will pop up - select Data Sources.

Click Add Data Source and select Prometheus. Enter http://localhost:9090 at the URL, and then click Save and Test.

Import Grafana dashboard

Move your mouse to the + icon on the left menu bar, and a menu will pop up, select Import.

Use code 13457 to import the official Teku single verifier dashboard or use code 12522 to import the Ben Edgington dashboard

You may also need to select the data source (Prometheus).

You should be able to see the dashboard at this point. At the beginning, you may see less data, but as everything runs, the data will become richer.

Final Thoughts

It's done here! I hope this tutorial can help you.

• If you have any feedback, you can contact me on Twitter or Reddit

• If you like this tutorial and hope others can learn this tutorial, please use friends link to share the tutorial!

• Support: somer.eth

• Appendix—Teku Update

If the Teku client team updates the code in the Teku code base, you can update the service by using the following commands.

Find the version you want here and enter it in <release>. For example: $ git fetch --tags && git checkout 20.11.0-RC2.

$ cd ~$ cd teku
$ sudo git fetch --tags && git checkout <release>
$ sudo ./gradlew installDist
$ sudo systemctl stop teku
$ sudo rm -r /usr/local/bin/teku # <-- Delete old build
$ sudo cp -a ~/teku/build/install/teku/. /usr/local/bin/teku
$ sudo systemctl start teku
$ sudo systemctl status teku # <-- Check status
$ sudo journalctl -fu teku # <-- Check status

Statement: ECN's translation work aims to convey high-quality information and learning resources to the China Ethereum community. The copyright of the article belongs to the original author. The source of the original text and ethereum.cn must be indicated. If you need to reprint for a long time, please contact [email protected] for authorization.

Official account: ETH Chinese website

Website: ethereum.cn