ethereum-staking-guides icon indicating copy to clipboard operation
ethereum-staking-guides copied to clipboard
verified publisher icon SomerEsat

Adding new validator keys to an existing Prysm node.

Open TheRyanMiller opened this issue 5 years ago • 3 comments

Description

Adding new validator keys to a Prysm validator with existing keys may not be straight-forward for some, so wanted to share what I learned during my experience importing them. The items below apply to anyone who closely followed the Prysm staking guide by Somer Esat.

Issue Overview

  • In order to support a new deposit(s), the associated keys must be imported to the validator wallet directory which is located at /var/lib/prysm/validator.
  • Because the user prysmvalidator owns the wallet directory, only it or root is able to successfully run the command needed to import new keys (it will fail due to lack of write permissions for other users).
  • Because this user was created with /bin/false set, we cannot switch user to prysmvalidator to access the shell and run the import command.

Resolution

  • One resolution here is to recursively (temporarily) change ownership of the the /var/lib/prysm/validator directory to be owned by your current user with the command sudo chown -R ryan:ryan /var/lib/prysm/validator (replacing ryan:ryan with your username).
  • Next, run the import command cd /usr/local/bin then validator accounts import --keys-dir=/path/to/keystores where /path/to/keystores is the filepath to the directory containing all of (or just your new) keys.
  • Go through the prompts and make sure you use the EXACT SAME wallet password as you did before.
  • Import should succeed.
  • Change ownership of wallet directory back to prysmvalidator user with sudo chown -R prysmvalidator:prysmvalidator /var/lib/prysm/validator
  • Verify successful import with cd /usr/local/bin then sudo validator accounts list --wallet-dir=/var/lib/prysm/validator
  • Restart your validator process with sudo systemctl restart prysmvalidator.

Additional

  • If you experience the following error when running the import command, you will need to change the permissions on the keystore file using the command in the next step
    Fatal account: Could not import accounts: could not write accounts: file already exist without proper 0600
    • Command to change permissions sudo chmod 660 /var/lib/prysm/validator/direct/accounts/all-accounts.keystore.json
  • You can perform all of these steps without stopping your validator. But you must restart your validator in order for it to read the new values in your wallet file.
  • To confirm your new keys were picked up by the process, check the validator logs and ensure that you see a message along the lines of Waiting for deposit to be observed by beacon node.

TheRyanMiller avatar Dec 05 '20 22:12 TheRyanMiller

This is excellent, Ryan! Thank you very much for sharing this. I anticipated adding a validator being an issue due to the permission scheme so I had it on my list to address. Your saved me a lot of time! May I add an abridged version of your write up to my guide (and credit you)?

SomerEsat avatar Dec 06 '20 19:12 SomerEsat

Absolutely.

TheRyanMiller avatar Dec 09 '20 19:12 TheRyanMiller

You can always supply a shell as you su into a user's TTY session. Example: sudo su -s /bin/bash prysmvalidator

Then you can do anything you'd like as prysmvalidator

danielschonfeld avatar Jul 11 '21 22:07 danielschonfeld