Ethereum Setup Script

# Ethereum Setup Script **ASSUMPTIONS:** * ubuntu 22.04 with up-to-date time * `/data` exists and can be written to * user is `ubuntu` with home at `/home/ubuntu` ## Prereqs ### Disk setup Find the storage device ```bash sudo parted -l ``` Assuming a device at `/dev/md126` formated as ext4 ``` sudo parted /dev/md126 ``` Once inside parted, use the following commands to add a partition table ``` mklabel gpt mkpart primary ext4 1 -1 quit ``` Back on the shell, format & mount ```bash sudo mkfs.ext4 /dev/md126 sudo mkdir /data sudo nano /etc/fstab sudo su && \ echo " /dev/md126 /data ext4 defaults 0 0" >> /etc/fstab && \ exit sudo systemctl daemon-reload sudo mount -a cd /data sudo chmod -R ubuntu:ubuntu . ``` OR with ZFS: ```bash sudo apt install zfs-utils-linux sudo zpool create data raidz nvme0n1 nvme1n1 nvme2n1 nvme3n1 ``` ## Environment ### Comforts Instruct bash to start/resume tmux on ssh connection ```bash echo 'if [[ -n "$PS1" ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_CONNECTION" ]]; then tmux attach-session -t ssh_tmux || tmux new-session -s ssh_tmux fi ' | tee -a ~/.bashrc > /dev/null source ~/.bashrc ``` ### Updates Install upgrades & packages. `do-release-upgrade` will require upgrade & reboot before another upgrade & reboot. Allow SSH through firewall ```bash sudo apt-get update && sudo apt-get upgrade -y sudo apt-get install ufw -y sudo ufw limit ssh && sudo ufw enable ``` ## Geth ### Install ```bash sudo add-apt-repository -y ppa:ethereum/ethereum sudo update && sudo apt-get install ethereum -y ``` ### Firewall ```bash sudo ufw allow 30303 sudo ufw allow 8551 sudo ufw allow 8545 ``` ### Configure Generate JWT for authenticated communication between clients (used later) ```bash mkdir -p /data/ethereum openssl rand -hex 32 | tee /data/ethereum/jwt.hex > /dev/null ``` Create startup script at `~/startgeth.sh` ```bash mkdir -p /data/scripts cat << EOF > /data/scripts/startgeth.sh geth \ --mainnet \ --metrics \ --metrics.addr "127.0.0.1" --maxpeers 25 --http --http.addr "192.168.1.101" --http.api eth,net,engine,admin \ --authrpc.addr "192.168.1.101" --authrpc.port 8551 --authrpc.vhosts "*" \ --authrpc.jwtsecret "/data/ethereum/jwt.hex" \ --datadir "/data/ethereum" \ --bootnodes "enode://13bd2c64d7ccd3000cc5c4158721a37731614ff7a5595dc8f08589ee86c8398ed3abccf90d567265331b75ea2663835e71951e0bad7fc4c848f2d1628e83e32f@192.168.2.101:30303" EOF chmod +x /data/scripts/startgeth.sh ``` Verify script starts without error ### Daemon ```bash sudo su && cat << EOF > /etc/systemd/system/geth.service [Unit] Description=Geth (Mainnet) Wants=network-online.target After=network-online.target [Service] User=ubuntu Group=ubuntu Type=simple Restart=always RestartSec=5 ExecStart=/bin/bash /data/scripts/startgeth.sh [Install] WantedBy=multi-user.target EOF exit ``` ```bash sudo systemctl daemon-reload sudo systemctl start geth sudo systemctl status geth sudo systemctl enable geth ``` ## Nimbus ### Install *Replace with binary install* ``` wget #### tar -xzf nimbus-eth2_Linux_amd64_22.8.2_3a8abd60.tar.gz --strip-components 1 -C /tmp sudo cp /tmp/build/nimbus_beacon_node /usr/local/bin/ ``` ### Firewall ```bash sudo ufw allow 9000 ``` ### Configure Create startup script `startnimbus.sh` ```bash mkdir -p /data/scripts cat << EOF > /data/scripts/startnimbus.sh nimbus_beachon_node \ --metrics \ --max-peers=160 \ --enr-auto-update \ --jwt-secret=$HOME/jwt.hex \ --web3-url=ws://192.168.1.101:8551 \ --rest-address=192.168.1.102 \ --suggested-fee-recipient=0x1B63142628311395CEaFeEa5667e7C9026c862Ca \ --non-interactive EOF chmod +x /data/scripts/startnimbus.sh ``` Verify script starts without errors ### Daemon ```bash sudo su && cat << EOF > /etc/systemd/system/nimbus.service [Unit] Description=Nimbus CL (Mainnet) Wants=network-online.target After=network-online.target [Service] User=ubuntu Group=ubuntu Type=simple Restart=always RestartSec=5 ExecStart=/bin/bash /data/scripts/startnimbus.sh [Install] WantedBy=multi-user.target EOF exit ``` ```bash sudo systemctl daemon-reload sudo systemctl start nimbus sudo systemctl status nimbus sudo systemctl enable nimbus ``` ## MEV Boost ### Install ```bash= sudo apt-get install golang git clone https://github.com/flashbots/mev-boost.git cd mev-boost make build ``` ### Configure ```bash cat << EOF > /data/scripts/startmev.sh mev-boost \ -mainnet \ -min-bid 0.05 \ -relay-check \ -relay https://0xa15b52576bcbf1072f4a011c0f99f9fb6c66f3e1ff321f11f461d15e31b1cb359caa092c71bbded0bae5b5ea401aab7e@aestus.live \ -relay https://0xa7ab7a996c8584251c8f925da3170bdfd6ebc75d50f5ddc4050a6fdc77f2a3b5fce2cc750d0865e05d7228af97d69561@agnostic-relay.net \ -relay https://0xa1559ace749633b997cb3fdacffb890aeebdb0f5a3b6aaa7eeeaf1a38af0a8fe88b9e4b1f61f236d2e64d95733327a62@relay.ultrasound.money EOF chmod +x startmev.sh ``` /etc/systemd/system/mev.service ```bash sudo su && cat << EOF > /etc/systemd/system/mev.service [Unit] Description=MEV Boost Wants=network-online.target After=network-online.target [Service] User=ubuntu Group=ubuntu Type=simple Restart=always RestartSec=5 ExecStart=/bin/bash /data/scripts/startmev.sh [Install] WantedBy=multi-user.target EOF ``` ## Monitoring *node_exporter is installed with prometheus by default* ### Install `sudo apt-get install prometheus -y` ### Firewall `sudo ufw allow 9090` ### Configure ```bash sudo mkdir -p /data/prometheus sudo chown -R prometheus:ubuntu /etc/prometheus sudo chown -R prometheus:ubuntu /data/prometheus ``` Create config file ```yaml sudo su cat << EOF > /etc/prometheus/prometheus.yml global: scrape_interval: 15s scrape_configs: - job_name: prometheus static_configs: - targets: - localhost:9090 - job_name: node_exporter static_configs: - targets: - localhost:9100 - job_name: nimbus metrics_path: /metrics static_configs: - targets: - localhost:8008 - job_name: geth metrics_path: /debug/metrics/prometheus static_configs: - targets: - localhost:6060 EOF exit ``` ### Deamon ```bash sudo su cat << EOF > /etc/systemd/system/prometheus.service [Unit] Description=Prometheus Wants=network-online.target After=network-online.target [Service] Type=simple User=prometheus Group=prometheus Restart=always RestartSec=5 ExecStart=/usr/bin/prometheus \ --config.file=/etc/prometheus/prometheus.yml \ --storage.tsdb.path=/data/prometheus \ --web.console.templates=/etc/prometheus/consoles \ --web.console.libraries=/etc/prometheus/console_libraries [Install] WantedBy=multi-user.target EOF exit ``` ```bash sudo systemctl daemon-reload sudo systemctl start prometheus sudo systemctl status prometheus sudo journalctl -fu prometheus sudo systemctl enable prometheus ``` ## Validation! `sudo apt-get install grafana` Connect Grafana to Prometheus Data Source  ``` $HOME/nimbus-eth2/build/nimbus_beacon_node deposits import \ --data-dir=$HOME/nimbus-eth2/build/data/shared_mainnet_0 \ $HOME/validator_keys ``` Log Management ```bash sudo nano /etc/systemd/journald.conf SystemMaxUse=500M sudo journalctl --vacuum-size=500M sudo systemctl restart systemd-journald ``` ## Migrating from one machine to another ```bash= sudo systemctl stop nimbus sudo systemctl disable nimbus /home/ubuntu/nimbus-eth2/run-mainnet-beacon-node.sh slashingdb export slashing-protection.json scp slashing-protection.json ubuntu@192.168.9.110:/home/ubuntu/slashing-protection.json ``` ```bash= sudo systemctl stop nimbus nimbus_beacon_node deposits import \ --data-dir=/data/nimbus \ /home/ubuntu/validator_keys nimbus_beacon_node slashingdb import \ --data-dir=/data/nimbus \ /home/ubuntu/slashing-protection.json sudo systemctl start nimbus ``` --doppelganger-detection=false ## System Upgrade & Maintenance ```bash # stop services sudo systemctl stop geth sudo systemctl stop nimbus ### alerts should fire ### # upgrades sudo apt-get upgrade -y sudo cp ~/nimbus-eth2/build/nimbus_beacon_node /usr/local/bin/ # cp /data/scripts/startnimbus.TESTING.sh /data/scripts/startnimbus.sh cp /data/scripts/startgeth.TESTING.sh /data/scripts/startgeth.sh sudo reboot sudo journalctl -fu geth sudo journalctl -fu nimbus sudo journalctl -fu mev ```