Easy Guide to Running a Gnosis Validator

0xf3bF
January 27th, 2022

This guide is help you set up a Gnosis Validator, Gnosis chain recently merged with xDai network, xDai was a Layer 2/Sidechain for Ethereum Live since 2018. The New Gnosis chain is using ETH2.0 consensus with the Beacon chain to select validators, a GNO validator requires only 1 GNO to run and the hardware requirements are similar to Ethereum. Highly decentralised as it can be run locally without needing a data centre.

Gnosis chain will be important in Ethereum’s development it plans to be a “canary network” for Ethereum, similar to Kusama for Polkadot, As it plans to implement the merge 1-week prior. The Network is much more than just a Testnet, it is behind MEV resistant DEX Cowswap and Gnosis safe, an Ethereum infrastructure piece integrated with many DeFi applications across the ecosystem.

Structure: set-up will look something like this
Structure: set-up will look something like this

Hardware Requirements: Wired connection to a local device with at least 8GB memory (I am using 16GB with no issues), For Storage currently a synced Nethermind node is taking up 125GB and the Lighthouse Synced is 4.3GB, So 250 GB is sufficient but 500GB would last for a while. Update (3/3/22) I recently ran out of space using 250GB I would recommend starting with 500GB, as a node operator you're providing a service, so best to start with good hardware that will last and perform up to standard.

Assuming you have a fresh install of Ubuntu 20.04 LTS. Some experience with Linux will help, I’ve written this as best I can for those with minimal experience with the OS. Minimum install for security I would keep this as a dedicated device, some prefer a server but I find it easier to manage folders and files and mount USBs with the UI.

We are using Nethermind for the Gnosis (xDai) chain and Lighthouse for the Gnosis Beacon Chain & Validator. If you wish to run alternative clients, you should be able to use the same instructions, so where I have nethermind or lighthouse with another client.

Notes: Where we have < user > this means your username for your device. Anything here will be a variable that you replace with your own info.

1. Install Prerequisite Software

Update Ubuntu

sudo apt update

Update/install Docker

sudo apt-get update
sudo apt-get remove docker docker-engine docker.io
sudo apt install docker.io curl -y
sudo systemctl start docker
sudo systemctl enable docker

sudo docker --version

you can check this has been done correctly and is running in the background as a service always with sudo systemctl status docker

use ctrl + c to exit this
use ctrl + c to exit this

Install Docker Compose

docker-compose is a way of saving the docker run command in a file, so that you can just start/stop/modify it easily. Going to be using this for this guide.

sudo apt install docker-compose

Install GIT

sudo apt install git
git --version

2. Set up Firewall Rules

Firewall Settings from Docs

Gnosis (xDai) Node peer-to-peer (p2p) ports: (keep these exposed and port-forwarded)
30303/tcp
30303/udp
Gnosis Beacon Chain Node p2p ports: (keep these exposed and port-forwarded)
12000/udp
13000/tcp
Gnosis Beacon Chain Node RPC ports: (keep private, don’t expose)
8545

sudo ufw allow 30303
sudo ufw deny 8545
sudo ufw allow 12000/udp
sudo ufw allow 13000/tcp
sudo ufw enable

Check your firewall rules with

sudo ufw status

Port Forwarding (if running Locally)

Login to your router and update the firewall rules, will be slightly different depending on your provider you should check your manual.

3. Gnosis Chain (xDai) Node - with Nethermind

Create Directories in your local device (for your Nethermind data)

remember where we have this is your username on your device.

cd
mkdir /home/<user>/nethermind
mkdir /home/<user>/nethermind/nethermind_db
mkdir /home/<user>/nethermind/keystore
mkdir /home/<user>/nethermind/logs

can also be done from the UI, confirm the folders are there after this is done.

Create a run file (config) for Docker compose

nano /home/<user>/nethermind/docker-compose.yml

Paste this into the terminal window:

version: “3.7”
services:

  nethermind:
    hostname: nethermind
    container_name: nethermind
    image: nethermind/nethermind:latest
    restart: always
    stop_grace_period: 1m
    networks:
      net:
        ipv4_address: 192.168.32.100
    ports:
      — “30303:30303/tcp” # p2p
      — “30303:30303/udp” # p2p
    volumes:
-/home/<user>/nethermind/nethermind_db:/nethermind/nethermind_db
      — /home/<user>/nethermind/keystore:/nethermind/keystore
      — /home/<user>/nethermind/logs:/nethermind/logs
      — /etc/timezone:/etc/timezone:ro
      — /etc/localtime:/etc/localtime:ro
    environment:
      — NETHERMIND_CONFIG=xdai
    logging:
      driver: “local”
 
networks:
  net:
    ipam:
      driver: default
      config:
        — subnet: “192.168.32.0/24”

IMPORTANT: spacing is really important here, I’ve got this to be easily copy and pasted into a txt file with the right syntax. with the exception of line 17: -/home//nethermind/nethermind_db:/nethermind/nethermind_db this needs to be at the same spacing to line 18.

Write out and save, you will see buttons to key in usually hold ctrl for ^

To Run the Node

go in to the correct directory and run with the following command

cd nethermind
sudo docker-compose up

Check the Logs

List running containers with the following command you should see your nethermind container is live.

sudo docker ps -a 
sudo docker-compose logs <container name> -f

This starts the logs, Container Name in this case should be ‘nethermind’ as specified in the docker-compose.yml file.

Your Nethermind Node can take 1–3 Days to Sync depending on your Hardware, it took me just under 24Hrs, make sure this is running in the background to sync up. You can proceed to the next steps regardless.

You should see something like this after a while if started without error, currently syncing
You should see something like this after a while if started without error, currently syncing

4. Generate your Keystores

Download the Key Generator

cd
sudo docker pull ghcr.io/gnosischain/validator-data-generator:latest

Create Folder for Key Storage

mkdir home/<user>/vkeys

Run the Generator to Create Keystores:

Note: good idea to disconnect from the Internet for extra security

This will create a new mnemonic seed phrase where your keystores are derived from, place the amount of Validators you wish to create for <# of val>, your ETH address in

sudo docker run -it --rm -v /home/<user>/vkeys/validator_keys:/app/validator_keys \
ghcr.io/gnosischain/validator-data-generator:latest new-mnemonic \
--num_validators=<# of Val> — mnemonic_language=english — chain=gnosis \
--folder=/app/validator_keys — eth1_withdrawal_address=<your withdrawal address here>

Important: if run for 2nd time its a different command, check docs and see the end of this guide for Adding New Validators to your Node.

BACK UP YOUR SEED PHRASE & PASSWORD. The seed is displayed when Generated after inputting your password (decrypt key). Your validator node can run multiple keys (from the same seed) do not use the same keys in another validator as this can result in Slashing.

5. Gnosis Beacon Chain & Validator Node (Using Lighthouse)

Change Directory

No need for creating folders, use the home folder cd ~ and go from there. It will clone the repo into ~/gbc

Download the GBC client

git clone https://github.com/gnosischain/lighthouse-launch.git gbc
you should see this if successfully downloaded
you should see this if successfully downloaded

Move Keystores

Copy your Keystores generated in step 4. to your gbc folder. Good Idea to also backup your keystores somewhere else.

sudo cp -r /home/<user>/vkeys/validator_keys/validator_keys /home/<user>/gbc/keys/

You may have issues moving files if the user is under root, To make it easier to copy your deposit.json file/s so you can deposit on another device using the UI (The final step/ Step 6)

To change permissions for files (can do the same for the keystores, so you can back up externally)

sudo chown <user>:<user> /home/<user>/<path/to/file>

Create File for your Decrypt Key (your password for keystore/s)

sudo nano /home/<user>/gbc/keys/keystore_password.txt

Write your password here, double check it is correct. To display

cat /home/<user>/gbc/keys/keystore_password.txt

Create Environment File & Edit some Variables

ls -la /home/<user>/gbc

this lists all files, you should find the .env.example file. Copy this example file to edit your own variables into it.

sudo cp /home/<user>/gbc/.env.example /home/<user>/gbc/.env

Open the env example

sudo nano /home/<user>/gbc/.env

Edit your RPC URL: you can use the following (confirm the address with the community/docs if it’s still up to date) if you are still waiting for your Gnosis Chain (xDai) Node to sync.

XDAI_RPC_URL=https://rpc.gnosischain.com/

Once your nethermind node is synced you should use this, see the section near the end Changing RPC to your Local Node. There are a number of changes to make to get working with your own node.

Edit your IP: you can use the following to check

curl ifconfig.me ; echo ``

will output your IP to the terminal, copy and paste this to your .env file

Import the Keystores to your Validator

You need to import your keystores from the folder you copied them to earlier /home/<user>/gbc/keys/ to your validator. From the right directory

cd /home/<user>/gbc 
sudo docker-compose up validator-import; sudo docker-compose down
You should see something like this for a successful import
You should see something like this for a successful import

If you have errors check if your decrypt key in the earlier steps is correct (will be case sensitive, unnecessary spaces will result in error). Another error you might get could be the result of the incompatible docker-compose version see the next part to clear this.

what this does is imports them from the folder /home/<user>/gbc/keys/validator_keys to the folder /home/<user>/gbc/validators

You should now Archive the keystores from the folder /home/<user>/gbc/keys/validator_keys to have a back-up

Now in the folder they were originally created /home/<user>/vkeys if you are to add more keystores later (additional Validators) you need to remove the older keystores that have already been imported, so delete these (only once backed up) to avoid confusion later.

Edit the docker-compose files, for Restart

we want all your nodes to restart (always run) should your device restart or shut down, you want to get back up and running quickly. You can simply open with the text editor using the UI after finding the file in the folder, add the following line

restart: always

placed under the services of any container you want to always running. Services you want running are node & validator. Like so

it may already be included if so leave as is
it may already be included if so leave as is

Another change you might need is the Version: ‘3.3’ I had an docker-compose compatibility error running mine, solved by changing the version to 3.3 (default was 3.7).

To run the Gnosis Beacon chain Node and Validator Node

Go to the right directory and run the Lighthouse Beacon Chain Node

cd gbc 
sudo docker-compose up -d node

run the Lighthouse Validator Node

sudo docker-compose up -d validator

Check the Logs that everything is running okay.

sudo docker-compose logs -f validator 
sudo docker-compose logs -f node 

if done correctly you shouldn’t getting error messages, allow your beacon node to Sync takes a number of hours and will display progress.

Validator Node, While waiting for the Beacon Node to Sync
Validator Node, While waiting for the Beacon Node to Sync

Validator node should look like this, once beacon node is Synced. At this point you are ready to make your Deposit.

Synced Gnosis Beacon Node
Synced Gnosis Beacon Node

6. Deposit GNO to your Validator/s

Ensure your Gnosis chain node is synced and running without errors, the same to your gbc node, synced and ready

Your Validator node should say beacon node synced, awaiting deposits. When ready you can make the Deposit using your deposit.json file

Can now be done Via UI which is much easier: https://deposit.gnosischain.com/ there’s no need to convert to mGNO now, as its done in the process. If you have GNO on Ethereum you will need to bridge to Gnosis chain, you can Use the OmniBridge to move GNO from Ethereum to GNO on GC.

This will take a few hours (about 5 for me) before the chain registers your deposit and your validator/s activates, make sure everything is running smoothly before then. It can be a good Idea to restart your nodes and system to see if it handles restarting automatically.

Go to https://beacon.gnosischain.com to track your deposit as it gets accepted on chain.

Big thanks to @CVJoint_eth who helped me set up this validator, without there’s no way I got this up and running. My hope is this guide helps to onboard more users to become part of the validator set, participate in securing the network and earn GNO.

Restart Procedure

here’s an extra guide for steps to restart your device safely, should you need to update software or make changes to the configuration.

Stop all running containers

sudo docker stop gbc_validator && sudo docker rm gbc_validator sudo docker stop gbc_node && sudo docker rm gbc_node 
sudo docker stop nethermind && sudo docker rm nethermind 
sudo docker ps -a

Check that no containers are running

Make Changes

Make changes here, or updates. for example adding new validators, changing ports or configuration settings.

Restart the containers

cd nethermind 
sudo docker-compose up
cd gbc 
sudo docker-compose up -d node 
sudo docker-compose up -d validator

Check the Logs

sudo docker ps -a
sudo docker-compose logs -f <container name> 

check containers intended to be running are doing so and open the logs to check for errors.

Changing RPC to your Local Node

Once our Nethermind node is fully synced, should we wish to use our own node for our gnosis beacon node, which there’s no reason why not if we are already running one. A number of changes need to be made in order to get this to work, see the Restart procedure before making these changes.

Network additions and edits to docker-compose.yml

we have to make some changes and add some things to our /home/<user>/gbc/docker-compose.yml

We need to comment out where we see network_mode: host simply place an # at the start of the line like so, do this everywhere this appears in the file

Check the network name for our nethermind container, with sudo docker network ls If Nethermind isn’t running start that container.

We can see our network is called nethermind_net

Now we want to add, the following to our services that we will run (validator & node) in the same docker-compose.yml. Under the commented out line.

Under node

Under validator

This is an arbitrary numbering scheme, the idea that our nethermind node is 100, gnosis beacon node is 101 and our validator node is 102.

we need to add this addition to the end of the file, this allows your container to talk to your nethermind container on the local docker network.

Be extra careful with spacing and accuracy here, as I had issues with getting it working due to simple errors such as a spelling mistake or extra/not enough spaces.

It goes at the end of the file like in the image above, net: has 2 spaces before it, external: has 4. networks: has none.

Edit the .env file to your own RPC

we see --eth1-endpoints $XDAI_RPC_URL in our .yml, this is referencing a variable that we set in our environment file. We now need to change this to our own RPC

cd gbc
sudo nano /home/<user>/gbc/.env

Add our ipv4 address that's stated in the .yml for nethermind with the port at the end.

Optional: you can include the public RPC as a backup, by placing ,https://rpc.gnosischain.com/ immediately after with no spaces, in theory this should work as a backup should your first local option stop working, but I’ve yet to test this out.

Troubleshooting

When making changes make sure to stop your running containers and remove them, make changes then restart those containers.

sudo docker stop <container_name>
sudo docker rm <container_name>

If you see an error such as this, while trying to run, you need to go back and check your .yml file for syntax errors

This is an error on the gbc_node unable to connect to the nethermind node, check the network name is correct, and the RPC address in your .env is the same as the ipv4 address in the nethermind/docker-compose.yml

Arweave TX
BRJM4po2G2Vq7aulQ8GId2-b1q1ajo0JmIfWsQcKJBI
Ethereum Address
0xf3bF9DDbA413825E5DdF92D15b09C2AbD8d190dd
Content Digest
wkE51RqApadbSW1GQartYJ5Jz71mnz2y60TNu3XNtNM