# Easy Guide to Gnosischain Validator - with Lighthouse By [GLCstaked](https://paragraph.com/@glcstaked) · 2022-11-13 --- This guide is help you set up a [Gnosischain](https://www.gnosischain.com/) Validator, this will cover the full set up on a local device installed with [Ubuntu 20.04 LTS](https://releases.ubuntu.com/focal/). We will be using [**Lighthouse**](https://lighthouse.sigmaprime.io/) for consensus layer client and [**Nethermind**](https://nethermind.io/) for our Execution layer client. Gnosischain merge is on the horizon, this guide is intended to be merge ready the set up will cover steps and configuration needed to run post merge, and today. Gnosischain is using Ethereum Proof of Stake consensus with the Beacon chain to select validators, a GNO validator requires only 1 GNO to run and the hardware requirements are similar to Ethereum. This makes Gnosischain Highly decentralized as it can be run locally without needing a data centre. ![Structure: setup will look something like this](https://storage.googleapis.com/papyrus_images/b253b5545c5afaa7c1b1f3939fb47602c00b7193801d7637f491a04355bd951d.png) Structure: setup will look something like this **Hardware Requirements**: Wired connection to a local device with at least 8GB memory (I am using 16GB with no issues), I would recommend starting with 1TB and to use higher grade SSDs or NVMe, as a node operator you're providing a service, so best to start with good hardware that will last and perform up to standard. Assuming you have a fresh install of Ubuntu 20.04 LTS. Some experience with Linux will help, I’ve written this as best I can for those with minimal experience with the OS. Minimum install for security I would keep this as a dedicated device, some prefer a server but I find it easier to manage folders and files and mount USB’s with the UI. 1\. Install Prerequisite Software --------------------------------- **Update Ubuntu** sudo apt update && sudo apt upgrade -y **Install curl and git** sudo apt install curl git -y **Install Docker** Install Docker instructions from [here](https://docs.docker.com/engine/install/). curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh sudo rm -r get-docker.sh sudo usermod -aG docker $USER Check installed with (if correct will output version) docker --version **Install Docker Compose** Install Docker Compose instructions from [here](https://docs.docker.com/compose/install/). sudo curl -L "https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose Check installed with (if correct will output version) docker-compose --version 2\. Firewall Settings --------------------- ![](https://storage.googleapis.com/papyrus_images/2582fe7ae027989471a5e195b3d9ddc731b64edfbf84622a2b8a9e155de67e01.png) sudo ufw allow 30303 sudo ufw deny 8545 sudo ufw deny 8551 sudo ufw allow 12000/udp sudo ufw allow 13000/tcp sudo ufw enable Check your firewall rules with sudo ufw status **Port Forwarding (Recommended for Local Setup)** Login to your router and Port Forward the ports that should be Open, will be slightly different depending on your provider you should check your manual for the Router. 3\. Execution Layer Node- Nethermind ------------------------------------ Create a working directory for our nodes called `gnosis` cd mkdir /home/$USER/gnosis mkdir /home/$USER/gnosis/el-client mkdir /home/$USER/gnosis/cl-client **Create JWT secret** We need to enable two-way communication between the execution layer and consensus layer, this is done via JWT secret (json web token), which is a secret key that is shared only between the two clients to authenticate one another. mkdir /home/$USER/gnosis/jwtsecret openssl rand -hex 32 | tr -d "\n" > "/home/$USER/gnosis/jwtsecret/jwtsecret.hex" **Create docker-compose.yml for node configuration** cd gnosis nano docker-compose.yml This is our docker-compose.yml for configuration of our execution and consensus layer clients, right now we will just fill in for the Execution client. **Docker Image**: nethermind/nethermind: Find releases [Here](https://github.com/NethermindEth/nethermind): version: "3.9" services: execution: stop\_grace\_period: 30s container\_name: execution-client restart: always image: nethermind/nethermind:1.15.0 networks: - gnosischain volumes: - /home/$USER/gnosis/el-client:/el-client/data - /home/$USER/gnosis/jwtsecret:/jwtsecret - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro ports: - 30303:30303/tcp - 30303:30303/udp expose: - 8545 - 8551 command: - --config=xdai - --datadir=/el-client/data - --log=INFO - --Sync.SnapSync=false - --JsonRpc.Enabled=true - --JsonRpc.Host=0.0.0.0 - --JsonRpc.Port=8545 - --JsonRpc.EnabledModules=\[Web3,Eth,Subscribe,Net,\] - --JsonRpc.JwtSecretFile=/jwtsecret/jwtsecret.hex - --JsonRpc.EngineHost=0.0.0.0 - --JsonRpc.EnginePort=8551 - --Network.DiscoveryPort=30303 - --HealthChecks.Enabled=false - --Pruning.CacheMb=2048 logging: driver: json-file options: max-size: 10m max-file: "10" networks: gnosischain: name: gnosischain\_network **IMPORTANT: spacing is really important here, I’ve got this to be easily copy and pasted into a .txt file with the right syntax. If you have errors it may be due to this, and characters not being copied over correctly.** Write out and save, usually `ctrl + o` then `ctrl + x` **To Run the Node** go in to the correct directory and run with the following command cd gnosis sudo docker-compose up -d execution **Check the Logs** List running containers with the following command you should see your container for our execution client (with Nethermind) is live. sudo docker ps -a sudo docker-compose logs -f This starts the logs, service Name in this case should be ‘`execution`’ as specified in the `docker-compose.yml` file. The Container name is `execution-client` if we view logs with docker then `sudo docker logs -f execution-client` **Your Execution Node can take 1–3 Days to Sync depending on your Hardware, it took me just under 24Hrs, make sure this is running in the background to sync up. You can proceed to the next steps regardless.** You should see something like this after a while if started without error, currently syncing 4. Generate Keystores **Download the Key Generator** cd sudo docker pull ghcr.io/gnosischain/validator-data-generator:latest **Create Folder for Key Storage** In our working directory mkdir /home/$USER/gnosis/keystore **Run the Generator to Create Keystore/s**: _Note: good idea to disconnect from the Internet for extra security, just for this step._ This will create a new mnemonic seed phrase where your keystores are derived from, place the amount of Validators you wish to create for <# of val>, your ETH address in place of sudo docker run -it --rm -v /home/$USER/gnosis/keystore:/keystore \\ ghcr.io/gnosischain/validator-data-generator:latest new-mnemonic \\ --num\_validators=<# of Val> --mnemonic\_language=english --chain=gnosis \\ --folder=/keystore --eth1\_withdrawal\_address= You will be asked to enter a password of your choosing, this is our keystore decrypt key. Write this down as we need this later to create our `password.txt` You will then have the seed phrase generated, you must **WRITE THIS DOWN AND STORE SECURELY** this will now generate your keystore/s (validators keys) and place them in the directory `/gnosis/keystore/validator_keys`. along with `deposit_data.json` **Create File for your Decrypt Key** nano /home/$USER/gnosis/keystore/password.txt This is our decrypt key that we created earlier, the password for our keystores. **Optional: Adding New Validators to your Node.** if we wish to add more validators at a later stage, we must replace the command `new-mnemonic` with `existing-mnemonic` an additional flag must be added, `--validator_start_index=START_NUM` this number should be where you left, example if you made 10 validators keystores in 1st run, the `START_NUM`\=`10` **BACK UP YOUR SEED PHRASE & PASSWORD. The seed is displayed when Generated after inputting your password (decrypt key). Your validator node can run multiple keys (from the same seed) do not use the same keys in another validator as this can result in Slashing.** 5. Consensus Client - Lighthouse The consensus client is our Beacon Node and Validator Node. Lighthouse will run theses as two separate containers. **Docker Image**: sigp/lighthouse: Find releases [Here](https://github.com/sigp/lighthouse): **Create docker-compose.yml for consensus client** with the following services `consensus`: the beacon node, `validator-import`: to import our keystores, `validator`: the validator node these will be added to our `docker-compose.yml` in `/gnosis/` cd gnosis sudo nano docker-compose.yml paste the following into your terminal, after the execution services section, and before `networks:` consensus: stop\_grace\_period: 30s container\_name: consensus-client restart: always image: sigp/lighthouse:v3.3.0 networks: - gnosischain volumes: - ./cl-client:/cl-client/data - ./jwtsecret:/jwtsecret ports: - 9000:9000/tcp - 9000:9000/udp - 5054:5054/tcp expose: - 4000 command: - lighthouse - bn - --disable-upnp - --datadir=/cl-client/data - --port=9000 - --http - --http-address=0.0.0.0 - --http-port=4000 - --network=gnosis - --target-peers=50 - --execution-endpoints=http://execution:8551 - --execution-jwt=/jwtsecret/jwtsecret.hex - --debug-level=info - --suggested-fee-recipient= - --validator-monitor-auto - --subscribe-all-subnets - --import-all-attestations - --metrics - --metrics-port=5054 - --metrics-address=0.0.0.0 - --checkpoint-sync-url=https://checkpoint.gnosischain.com logging: driver: json-file options: max-size: 10m max-file: "10" validator: container\_name: validator-client image: sigp/lighthouse:v3.3.0 networks: - gnosischain ports: - 5056:5056 volumes: - ./validator-data:/data command: - lighthouse - vc - --network=gnosis - --beacon-nodes=http://consensus:4000 - --graffiti= - --debug-level=info - --validators-dir=/data/validators - --suggested-fee-recipient= - --metrics - --metrics-port=5056 - --metrics-address=0.0.0.0 logging: driver: json-file options: max-size: 10m max-file: "10" `--suggested-fee-recipient` should be an Ethereum format address that you fully control, this is where fees from proposing blocks will go. `--graffiti` can be whatever you want, this is text that will be written to blocks that you propose. `--checkpoint-sync-url` this is to sync from a recent finalized checkpoint by connecting to another synced beacon node. This is substantially faster than syncing from genesis, and will speed up the process, one is currently hosted at `https://checkpoint.gnosischain.com` but may change in future. _Recommended for post merge_ **Import the Keystores to your Validator** cd gnosis sudo docker run --volume $PWD/keystore:/var/lib/keystores --volume $PWD/validator-data:/data sigp/lighthouse lighthouse account validator import --datadir /data --directory /var/lib/keystores --password-file /var/lib/keystores/password.txt --reuse-password --network gnosis This is a one use container that will import our validator keys from `/keystore` to our validator node. You should see something similar for a successful import _If you have errors check if your decrypt key in the earlier steps is correct (will be case sensitive, unnecessary spaces will result in error)._ You should now have a folder `./validator-data/validators` with the imported keystores **Run the Beacon chain Node** Go to working directory and start the Lighthouse Beacon Chain Node/ Consensus client cd gnosis sudo docker-compose up -d consensus View Logs for Consensus Client sudo docker-compose logs -f consensus This should Start the lighthouse beacon node logs, we should see confirmed connection to our execution endpoint and our jwtsecret file. After a while this should begin Syncing Beacon Node Syncing logs will indicate time left **Run the Validator Node** sudo docker-compose up -d validator Check the Logs that everything is running okay. sudo docker-compose logs -f validator At the start of the logs, it should find your validators in the directory it was imported, and if still syncing, you will need to **wait until both the execution and consensus nodes have finished syncing.** Once the beacon node has finished syncing, the validator/s should be `connected to beacon node` and `awaiting activation`, if successful. Validator will be awaiting activation until the deposit is made, and processed At this point we are waiting for our Execution client and Consensus clients to finish syncing. This can take a while (12-24hrs or days depending on hardware) once both clients have finished syncing our validator/s awaiting deposit, we can proceed to the deposit. 6. Make Deposit Ensure your Consensus client (beacon node) is synced and running without errors and connected to the execution node. Your Validator node should say beacon node synced, awaiting deposits. When ready you can make the Deposit using your `deposit_data.json` file in `/keystore` Can now be done Via UI which is much easier: [https://deposit.gnosischain.com/](https://deposit.gnosischain.com/) there’s no need to convert to mGNO, as its done in the process. If you have GNO on Ethereum you will need to bridge to Gnosischain, you can [Use the OmniBridge](https://omni.xdaichain.com/bridge) to move GNO from Ethereum. --- *Originally published on [GLCstaked](https://paragraph.com/@glcstaked/easy-guide-to-gnosischain-validator-with-lighthouse)*