Skip to main content

Method 2: Configure CSM Fee Recipient on Separate Validator Client

This guide covers how to configure a Community Staking Module (CSM) fee recipient using a separate validator client setup for various Ethereum clients (Teku, Nimbus, Lodestar, Lighthouse, Prysm).


Set up a Separate CSM Validator Client Only​

Download Validator Client​

Install Java dependencies:

sudo apt-get update
sudo add-apt-repository ppa:openjdk-r/ppa
sudo apt-get -y install openjdk-21-jre libjemalloc-dev

Download and verify Teku:

cd
curl -LO https://artifacts.consensys.net/public/teku/raw/names/teku.tar.gz/versions/24.10.2/teku-24.10.2.tar.gz
echo "1cc76913f3b85987e2a60c9b94c6918d31773ebd3237c5fdf33de366fa259202 teku-24.10.2.tar.gz" | sha256sum --check

If verified:

tar xvf teku-24.10.2.tar.gz
sudo cp -a teku-24.10.2 /usr/local/bin/teku
rm -r teku*

Create CSM User​

# Replace <client> with teku/nimbus/lodestar/lighthouse/prysm
sudo useradd --no-create-home --shell /bin/false csm_<client>_validator

Generate and Transfer Validator Keys​

Generate your validator keys. Check the Generating Validator Keys section of the guide to learn how.

Now that we have our validator signing keystore, we will need to place it in our validator node itself so that the node can sign attestations and propose blocks.

Plug in the USB drive with your validator signing keystores into your node device. Once the USB drive is plugged in, we will need to identify it. On the terminal of your node, run:

lsblk

The command above will show a list of devices. Look for your USB drive in the output list.

After you got the name, proceed to mount the USB into the /media folder, access your USB and copy the keystores into the HOME directory of your node:

sudo mount /dev/sda1 /media # Replace sda1 with the actual name of your USB drive.
cd /media/ # Go into your USB drive
ls # find the actual file name of your validator keystore

Copy your validator keystore into the HOME directory of your node

sudo cp keystore-m_<timestamp>.json ~ # replace <timestamp> with what's in your actual file name

Then unmount and eject your USB drive:

cd
sudo umount /media

Now you need to create a plain text password file for your validator node to decrypt your validator signing keystores.

Use the following command to move to the keys folder, and get the validator_signing_keystore_file_name:

cd ~/validator_keys
ls

With the name of the keystore filename copied, create the password file:

sudo nano <validator_signing_keystore_file_name>.txt

Type in the password you used when generating your validator keys in the earlier step. Then save and exit the file with CTRL + O, enter, CTRL + X.


Import Validator Keys​

Prepare the CSM validator keystores​

  1. Create 3 new folders to store the validator client data, validator keystore, and the validator keystore password
  2. Copy the validator keystores and it's password file into their respective folders
  3. Change the owner of this folder to the teku user
  4. Restrict permissions on this new folder such that only the owner is able to read, write, and execute files in this folder
sudo mkdir -p /var/lib/csm_teku_validator/validator_keystores /var/lib/csm_teku_validator/keystore_password
sudo cp ~/keystore-m_<timestamp>.json /var/lib/csm_teku_validator/validator_keystores # replace <timestamp> with actual file name
sudo cp ~/keystore-m_<timestamp>.txt /var/lib/csm_teku_validator/keystore_password # replace <timestamp> with actual file name
sudo chown -R csm_teku_validator:csm_teku_validator /var/lib/csm_teku_validator
sudo chmod 700 /var/lib/csm_teku_validator
info

Aside from the file extension, the validator_keystore_password file will need to be named identically as the validator signing keystore file (e.g. keystore-m-123.json, keystore-m-123.txt)


Configure the separate Validator Client​

Create a new configuration file for your separate validator client.

Create a systemd configuration file for the Teku Validator Client service to run in the background.

sudo nano /etc/systemd/system/csm_tekuvalidator.service

Paste the configuration parameters below into the file:

[Unit]
Description=CSM Teku Validator Client
Wants=network-online.target
After=network-online.target
[Service]
User=csm_teku_validator
Group=csm_teku_validator
Type=simple
Restart=always
RestartSec=5
Environment="JAVA_OPTS=-Xmx8g"
Environment="TEKU_OPTS=-XX:-HeapDumpOnOutOfMemoryError"
ExecStart=/usr/local/bin/teku/bin/teku vc \
--network=<hoodi_or_mainnet> \
--data-path=/var/lib/csm_teku_validator \
--validator-keys=/var/lib/csm_teku_validator/validator_keystores:/var/lib/csm_teku_validator/keystore_password \
--beacon-node-api-endpoint=http://<Internal_IP_address>:5051 \
--validators-proposer-default-fee-recipient=<hoodi_or_mainnet_fee_recipient_address> \
--validators-builder-registration-default-enabled=true \
--validators-graffiti="<your_graffiti>" \
--metrics-enabled=true \
--metrics-port=8108 \
--doppelganger-detection-enabled=true

[Install]
WantedBy=multi-user.target

Once you're done, save with Ctrl+O and Enter, then exit with Ctrl+X. Understand and review your configuration summary below, and amend if needed.

important

Recall that you will have to use designated fee recipient addresses as a CSM operator. Mainnet: 0xB9D7934878B5FB9610B3fE8A5e441e8fad7E293f Hoodi: 0x4473dCDDbf77679A643BdB654dbd86D67F8d32f2


Start the CSM Validator Client​

Reload the systemd daemon to register the changes made, start the Teku Validator Client, and check its status to make sure its running.

sudo systemctl daemon-reload
sudo systemctl start csm_tekuvalidator.service
sudo systemctl status csm_tekuvalidator.service

The output should say the Teku Validator Client is β€œactive (running)”. Press CTRL-C to exit and the Teku Validator Client will continue to run.

Use the following command to check the logs for any warnings or errors:

sudo journalctl -fu csm_tekuvalidator -o cat | ccze -A

Press CTRL-C to exit.

If the Teku Validator Client service is running smoothly, we can now enable it to fire up automatically when rebooting the system.

sudo systemctl enable csm_tekuvalidator

Expected output:

Created symlink /etc/systemd/system/multi-user.target.wants/csm_tekuvalidator.service β†’ /etc/s

Remove duplicates of validator keystores To prevent configuration mistakes leading to double signing in the future, remove duplicate copies of the validator signing keystores once everything is running smoothly.

sudo rm -r ~/keystore-m_<timestamp>.json ~ # replace <timestamp> with what's in your actual file name

Resources​