Skip to main content

Setup Validator

  1. Prepare for Validator Registration Before registering as a validator, complete the following preparations: Obtain Ethereum Software Wallet or Hardware wallet Get a Ledger, Hardware or Software wallet ready like Metamask/Portis/Bitski/Torus/myetherwallet. This wallet will be used for receiving delegation, bounties, and self delegating. Fund Validator Wallet with ETH Be ready to have some ETH to accept delegations and link your validator supernode. Remember these are transactions with SKALE Manager on Ethereum, and therefore require ETH. Minimum ETH: 1.0 Get SKALE Manager contract ABIs from SKALE: Github Fund SRW Wallet with ETH Be ready to fund ETH in your self-recharging wallet (SRW). See Self-recharging wallet documentation. Decide your commission fee Decide on your commission fee. This cannot be changed once it is set. To set a new commission fee, you’ll have to register a new validator. This new validator would have to link supernodes and accept delegations for it (old validator supernodes and delegations cannot be rolled into a new validator commission fee). Reference Documents
  2. Install SKALE Validator CLI SKALE Validator CLI is the validator client interface for registering a new validator into network or handling additional delegation services where validators can self delegate or token holders can delegate to a validator. These are the type of operations that can be done with the Validator CLI:
    • Register Validator (Set Commission Rate or Minimum delegation amount)
    • Accept pending delegations
    • Link all validator supernode addresses to a validator wallet address
    • Request or cancel a delegation
    See the SKALE Validator CLI documentation
    Validator CLI doesn’t have to be installed in the same server as the node-cli. This can be set up on Mac or Linux. This does not need to be included in every supernode. Setting up once per validator organization is sufficient.
    Download the SKALE Validator CLI binary: 
    VERSION_NUM=1.3.3 && sudo -E bash -c "curl -L https://github.com/skalenetwork/validator-cli/releases/download/$VERSION_NUM/sk-val-$VERSION_NUM-`uname -s`-`uname -m` >  /usr/local/bin/sk-val"
    Apply executable permissions to the binary: 
    chmod +x /usr/local/bin/sk-val
    Set SKALE Manager contracts info and set the endpoint: 
    sk-val init -e [ENDPOINT] -c [ABI] --wallet [software/ledger]
    Required arguments:
    • --endpoint/-e - RPC endpoint of the supernode in the network where SKALE manager is deployed (http or https). Example is https://my.geth.node.ip/..
    • --contracts-url/-c - URL to SKALE Manager contracts ABI and addresses
    • -w/--wallet - Type of the wallet that will be used for signing transactions (software or ledger)
  3. Setup Wallet For software wallet, save private key into a file (replace [YOUR PRIVATE KEY] with your wallet private key): 
    echo [YOUR PRIVATE KEY] > ./pk.txt
    For Ledger wallet, install ETH ledger application and initialize device with setup-ledger command: 
    sk-val wallet setup-ledger --address-index [ADDRESS_INDEX] --keys-type [KEYS_TYPE]
    Required arguments:
    • --address-index - Index of the address to use (starting from 0)
    • --keys-type - Type of the Ledger keys (live or legacy)
    Make sure you enabled blind signing on ETH application settings. Otherwise transactions won’t work
  4. Register as a new SKALE validator
    DON’T REGISTER A NEW VALIDATOR IF YOU ALREADY HAVE ONE! check : sk-val validator ls. For additional supernode set up, please go to Step 3.
    sk-val validator register -n [NAME] -d [DESCRIPTION] -c [COMMISSION_RATE] --min-delegation [MIN_DELEGATION]
    Required arguments:
    • --name/-n - Validator name
    • --description/-d - Validator description (preferably organization info)
    • --commission-rate/-c - Commission rate (percent %)
    • --min-delegation - Validator minimum delegation amount
    Optional arguments:
    • --pk-file - Path to file with private key (only for software wallet type)
    • --gas-price - Gas price value in Gwei for transaction (if not specified doubled average network value will be used)
    • --yes - Confirmation flag
  5. Ensure validator is added to the trusted list To ensure that your validator is added to trusted contact SKALE team.
    This is a temporary process, which will be removed as the community matures.

Setup SGX

  1. Understand SGX Overview
    Due date: 23rd of each month
    SGX is a secure storage for BLS private key shares, which are used in consensus to sign new blocks. SGX is also used for private key shares. SKALE DKG uses Intel® SGX server to store account and BLS keys and all the data related to DKG process and it also uses the random number generator provided by Intel® SGX. For more information, please check here. Clients connect to the server, authenticate to it using TLS 1.0 protocol with client certificates, and then issue requests to the server to generate crypto keys and perform cryptographic operations. The keys are generated inside the secure SGX enclave and never leave the enclave unencrypted.
  2. Prepare SGX Server To be able to set up an SGXWallet, validators are required to have SGX compatible servers. Before installing SGXWallet, validators must make sure that SGX is enabled in the server. Server Requirements:
    • Ubuntu 22.04 LTS (Jammy Jellyfish)
    • SGX-enabled Intel processor
    • Minimum 8 GB
    • Swap size equals to half (1/2) of RAM size
  3. Configure Network for SGX It’s required to setup VPN between supernodes and SGX server. Ports 1026-1031 should open only to SKALE supernodes, not public ports should be accessible by supernode.
    SGXWallet can support up to 5 SKALE supernodes. If you have more, you should setup additional server.
  4. Install and Configure Packages for SGX Before running SGXWallet install the following packages Install general tools: 
    sudo apt-get install -y build-essential make cmake gcc g++ yasm  python libprotobuf10 flex bison automake libtool texinfo libgcrypt20-dev libgnutls28-dev
    Install Docker: 
    sudo apt-get install -y docker
    Install docker.io: 
    sudo apt-get install -y docker.io
    Install docker compose: 
    sudo apt-get install -y docker-compose-plugin
    Install cpuid and libelf-dev packages: 
    sudo apt-get install -y libelf-dev cpuid
    Verify your processor supports Intel SGX with: 
    cpuid | grep SGX:
    After installing docker make sure that live-restore option is enabled in /etc/docker/daemon.json. See more info in the docker docs.
    Disable automatic updates It’s recommended to only update the SGXWallet server if there are critical security fixes. This is because SGXWallet is based on new low level technology, and kernel updates may break the system. Currently SGX is tested on 5.15* kernels. It’s best to avoid minor version updates too. To make sure apt update won’t update the kernel you should use apt-mark hold command: 
    sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
    Also if you configured unattended upgrades, you should make sure kernel won’t update automatically. To do this, add the following lines to /etc/apt/apt.conf.d/50unattended-upgrades file: 
    Unattended-Upgrade::Package-Blacklist {
        "linux-generic";
        "linux-image-generic";
        "linux-headers-generic";
};
    Output 
    SGX: Software Guard Extensions supported = true
  5. Download SGXWallet source code Clone SGX Wallet Repository to your SGX compatible Server: 
    git clone https://github.com/skalenetwork/sgxwallet/
cd sgxwallet
git checkout tags/1.9.1-stable.1
  6. Enable SGX SGX Wallet repository includes the sgx_enable utility. To enable SGX run: 
    sudo ./sgx_enable
    Install SGX Library: 
    cd scripts
sudo ./sgx_linux_x64_driver_2.5.0_2605efa.bin
cd ..
    System Reboot:
    Reboot your machine after driver install!
    Check driver installation: To check that isgx device is properly installed run this command: 
    ls /dev/isgx
    For newer machine device should be 
    ls /dev/sgx_enclave
    If you don’t see the neither of isgx and sgx_enclave device, you need to troubleshoot your driver installation from here. Another way to verify Intel SGX is enabled in BIOS:
    If you already executed the previous steps please move to STEP 3
    Enter BIOS by pressing the BIOS key during boot. The BIOS key varies by manufacturer and could be F10, F2, F12, F1, DEL, or ESC. Usually Intel SGX is disabled by default. To enable: find the Intel SGX feature in BIOS Menu (it’s usually under the “Advanced” or “Security” menu) Set SGX in BIOS as enabled (preferably) or software-controlled. save your BIOS settings and exit BIOS. Enable “software-controlled” SGX Software-controlled means that SGX needs to be enabled by running a utility.
  7. Update docker-compose.yaml Open run_sgx directory 
    cd sgxwallet/run_sgx;
    On some machines, the SGX device isn’t /dev/mei0 but a different device, such as /dev/bs0 or /dev/sg0. In this case please edit docker-compose.yml on your machine to specify the correct device to use: 
    vi docker-compose.yml
    make sure image is skalenetwork/sgxwallet:<1.9.1-stable.1> in docker-compose and it will look like: 
    version: '3'
services:
  sgxwallet:
    image: skalenetwork/sgxwallet:1.9.1-stable.1
    network_mode: host
    devices:
      - "/dev/isgx" # leave on of them
      - "/dev/sgx_enclave"
    volumes:
      - ./sgx_data:/usr/src/sdk/sgx_data
      -  /dev/urandom:/dev/random
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "4"
    restart: unless-stopped
    command: -y -V
    healthcheck:
      test: ["CMD", "ls", "/dev/isgx", "/dev/sgx_enclave"]
  8. Spin up SGXWallet Container Start SGX Wallet Containers To run the server as a daemon: 
    sudo docker compose up -d
  9. Securely save generated backup key The backup key is automatically stored in sgx_data directory. The filename of the key is sgx_wallet_backup_key.txt, and is generated the first time the SGX wallet is started.
    This key must be securely recorded and stored. Be sure to store this key in a safe place, then go into a docker container and securely remove it with the following command:
    docker exec -it <SGX_CONTAINER_NAME> bash && apt-get install secure-delete && srm -vz backup_key.txt
    You should enable SSL/TLS for your SGX supernode. Make sure you finalize this before you move on to your next step.
  10. Backup sgx data It’s strongly recommended to backup sgx data regularly. The guide can be found here.

Supernode Setup

  1. Prepare Supernode Server
    Due date: 23rd of each month
    After Setting up SGX Wallet and create certifications, validators can download the SKALE Node CLI executables register and maintain your SKALE supernode. This process downloads docker container images from docker hub and spins up SKALE supernode functionalities. Some base containers such as SKALE Admin, Bounty, TransactionManager will be created during installation for each supernode. This document contains instructions on how to setup supernode using SKALE Node CLI. Supernode server should follow compliance requirements which will be checked during installing SKALE supernode software. Please make sure: General requirements
    • A Linux x86_64 machine
    • Ubuntu 22.04 LTS (Jammy Jellyfish)
    • Separate not mounted block device - 2 Tb
    • 8 physical cores
    • 32GB RAM
    • 16GB Swap
    More information can be found here: Compliance requirements
  2. Install Packages for Supernode Before setting up supernode you should make sure that the following software is installed:
    • docker
    • docker-compose
    • nftables
    • lvm2
    After docker installation make sure that the live-restore option is enabled in /etc/docker/daemon.json. See more info in the docker docs.
    You can install iptables-persistent using the following commands:
    echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt install iptables-persistent -y
    You should carefully control any automatic updates. In general avoid updates to the Linux kernel, docker, docker-compose, btrfs-progs. And take care when updating lvm2, iptables, iptables-persistent, and python.
    If you have any concerns or questions, please don’t hesitate to reach out to SKALE Team leads on Discord.
  3. Install Node CLI Download the Node CLI binary: 
    curl -L https://github.com/skalenetwork/node-cli/releases/download/2.6.2/skale-2.6.2-Linux-x86_64 > /usr/local/bin/skale
    Verify the hashsum: 
    sha512sum /usr/local/bin/skale
# Expected output:
# e012e18b062015c234e364bc0cd49ee40e65243d725f2261a4a5a2d516ac2fd86d59f3b9104f15f4fbe4045ec3ead018cc7ec159d079001fe9293617602741e4
    Apply executable permissions and test the installation: 
    chmod +x /usr/local/bin/skale
sudo skale --help
    You should run node-cli commands using sudo
    More information can be found here.
  4. Configure .env Configuration parameters are passed to Node CLI through .env file. It should contain the following variables:
    • CONTAINERS_CONFIG_STREAM - git branch with containers versions config
    • DISK_MOUNTPOINT - Attached storage block device
    • DOCKER_LVMPY_STREAM - git branch of docker lvmpy volume driver for SKALE Chains
    • ENDPOINT - RPC endpoint of the supernode in the network where SKALE manager is deployed (http or https)
    • FILEBEAT_HOST - URL to the Filebeat log server
    • IMA_CONTRACTS_ABI_URL - URL to IMA contracts ABI and addresses
    • IMA_ENDPOINT - IMA endpoint to connect (should be the same as ENDPOINT).
    • MANAGER_CONTRACTS_ABI_URL - URL to SKALE Manager contracts ABI and addresses
    • SGX_SERVER_URL - URL to SGX server in the network (i.e. http(s)://host:port, do not add a trailing ”/” after the port number )
    • ENV_TYPE - network type (mainnet/testnet)
    ENDPOINT, IMA_ENDPOINT, SGX_SERVER_URL, DISK_MOUNTPOINT are server dependent. Other options depend on the network type. For the {ENV_TYPE} network .env will look like: 
    CONTAINER_CONFIGS_STREAM=4.0.1
DOCKER_LVMPY_STREAM=1.0.2-stable.0
FILEBEAT_HOST=filebeat.mainnet.skalenodes.com:5000
MANAGER_CONTRACTS_ABI_URL= https://raw.githubusercontent.com/skalenetwork/concepts/refs/heads/master/releases/mainnet/skale-manager/1.12.0/skale-manager-1.12.0-mainnet-abi.json
IMA_CONTRACT_ABI_URL=https://raw.githubusercontent.com/skalenetwork/concepts/refs/heads/master/releases/mainnet/IMA/2.2.0/mainnet/abi.json
ENV_TYPE=mainnet
DISK_MOUNTPOINT=[DISK_MOUNTPOINT]
IMA_ENDPOINT=[IMA_ENDPOINT]
ENDPOINT=[ENDPOINT]
SGX_SERVER_URL=[SGX_SERVER_URL] # Do not add a trailing "/" after the port number.
    It’s possible to configure Telegram based alert system by providing the following options:
    • TG_API_KEY - Telegram API key
    • TG_CHAT_ID - Telegram chat ID
  5. Enable SGX wallet autosign Switch back to sgx server and go to sgxwallet/run_sgx folder 
    cd sgxwallet/run_sgx
    Set -s option in docker-compose.yml 
    sed -i -E 's/(command: .*) *$/\1 -s/g' docker-compose.yml
    Restart the container 
    docker compose down && docker compose up -d
  6. Initialize Supernode To install supernode on your server you should run skale node init. It will create necessary configuration files and run base services and containers. 
    sudo skale node init .env
    Example Output: 
    48914619bcd3: Pull complete
db7a07cce60c: Pull complete
d285532a5ada: Pull complete
8646278c4014: Pull complete
3a12d6e582e7: Pull complete
0a3d98d81a07: Pull complete
43b3a182ba00: Pull complete
Creating monitor_filebeat          ... done
Creating skale_transaction-manager ... done
Creating skale_watchdog            ... done
Creating skale_admin               ... done
Creating skale_bounty              ... done
Creating skale_api                 ... done
    You can verify installation procedure by running: 
    sudo skale wallet info
    Output: 
    Address: <your-skale-node-wallet-address>
ETH balance: 1.0 ETH
SKALE balance: 0 SKALE
    The common problem is network misconfiguration between the supernode and SGXWallet. You can recheck connection status using skale health sgx: 
    sudo skale health sgx
    Output: 
    SGX server status:
┌────────────────┬──────────────────────────┐
 SGX server URL <sgx-url>
├────────────────┼──────────────────────────┤
 Status CONNECTED
└────────────────┴──────────────────────────┘
  7. Disable SGX wallet autosign Switch back to sgx server and go to sgxwallet/run_sgx folder 
    cd sgxwallet/run_sgx
    Remove -s option in docker-compose.yml 
    sed -i -E 's/(command: .*) -s( .*)?$/\1\2/g' docker-compose.yml
    Restart the container 
    docker compose down && docker compose up -d
  8. Setup SSL Certificates You will need to setup redirects from each supernode IP to the supernode domain, and issue SSL certs from a Trusted CA. You can issue a separate certificate for each subdomain (node-0.awesome-validator.com, node-1.awesome-validator.com) or issue a single Wildcard SSL for all supernodes (*.awesome-validator.com). As a result, you should have 2 main files saved and copied to the respective supernodes:
    • Certificate file (for example, fullchain.pem or cert.pem)
    • Private key file (for example, privkey.pem, pk.pem)
    Upload certificates to the SKALE Node: 
    sudo skale ssl upload -c $PATH_TO_CERT_FILE -k $PATH_TO_KEY_FILE
    Check SSL status: 
    sudo skale ssl status
    For more details, please see Node SSL docs.
  9. Fund Node wallet with ETH Some of the supernode operations send ETH mainnet transaction (e.g. chain creation). So the supernode wallet should have at least 1 ETH To get the address you should run skale wallet info command.
    Spent ETH is reimbursed after the transaction was completed.
  10. Sign Validator ID using SGXWallet Using validator-cli check your validator ID: 
    sk-val validator ls
    Get your SKALE supernode signature by running Node CLI command. 
    sudo skale node signature [VALIDATOR_ID]
    Output: 
    Signature: <your-signature>
  11. Link SKALE wallet address to your validator account using Validator CLI To successfully register new supernode you should bind supernode address and validator entity using validator-cli link-address: 
    sk-val validator link-address [NODE_ADDRESS] [SIGNATURE]
    You can find supernode address by executing skale wallet info command
    Optional arguments:
    • --pk-file - Path to file with private key (only for software wallet type)
    • --gas-price - Gas price value in Gwei for transaction (if not specified doubled average network value will be used)
    • --yes - Confirmation flag
  12. Backup Node We strongly recommend to regularly backup supernode data. The critical information stored ~/.skale directory. The skale node backup command archives the data which you can download and store somewhere else. To restore the supernode you should use skale node restore More information can be found here.
  13. Accept Delegations Every delegation need to be accepted. You can do it using sk-val validator accept-delegation command: 
    sk-val validator accept-delegation --delegation-id [DELEGATION-ID]
    Required arguments:
    • --delegation-id - Delegation id to accept
    Optional arguments:
    • --pk-file - Path to file with private key (only for software wallet type)
    • --gas-price - Gas price value in Gwei for transaction (if not specified doubled average network value will be used)
    • --yes - Confirmation flag
    You can get [DELEGATION-ID] by running sk-val validator delegations: 
    sk-val validator delegations [VALIDATOR_ID]
    You will see your pending delegation (PENDING status) as well as already accepted ones (DELEGATED status).
    To register the supernode validator must meet the Minimum Staking Requirement (MSR) of 20,000,000 SKL.

Register Node in SKALE Network

  1. Register Node with Node CLI
    Before proceeding, you will need to have at least 1 ETH. Also amount of delegated skale tokens need to be more or equal to minimum staking amount.
    To register with the network, you will need to provide the following:
    • Node name
    • Machine public IP
    • Domain name
    sudo skale node register --name [NODE_NAME] --ip [NODE_IP] --domain [DOMAIN_NAME]
    Optional arguments:
    • --port - beginning of the port range that will be used for skale SKALE Chains (10000 by default)
    Output: 
    Node registered in SKALE manager. For more info run: skale node info
  2. Check Node Status You can check the status of your supernode, and ensure that it’s properly registered with the SKALE Network. 
    sudo skale node info
    Output: 
    # Node info
Name: <Node name>
ID: <Node ID>
IP: <IP of Machine>
Public IP: <Public IP of Machine>
Port: <Node port>
Domain name: <Node domain name>
Status: Active

Post Registration Checks

  1. Post Registration Checks
    • Private and backup keys are secured in a safe place.
    • VPN is configured on all SGXWallet servers.
    • Ensure node wallets have sufficient ETH.
    • Accept delegations for the next month.
    • Check telegram notifications (if you enabled them).
    • Use watchdog to monitor node status.
    • Get support from the SKALE validator community.