Although the guide is specific to testnet, it can be adapted to mainnet or devnet as well.
Prerequisites
Before starting, make sure you’ve reviewed the system requirements and have the necessary hardware and network setup.You will be running commands on your trusted computer, not on the remote machine that you plan to use for validator operations. Locate the terminal program on your trusted computer:
CTRL + Alt + TValidator operators are required to install the tools included in the Solana CLI using the installation instructions.
Some operators choose to make vanity keypairs for their identity and vote account using the
grind sub command.The
authorized-withdrawer-keypair.json should be considered very sensitive information. Many operators choose to use a multisig, hardware wallet, or paper wallet for the authorized withdrawer keypair. The withdrawer keypair should never be stored on the remote machine that the validator software runs on.The
airdrop sub command does not work on mainnet, so you will have to acquire SOL and transfer it into this keypair’s account if you are setting up a mainnet validator.solana create-vote-account -ut \
--fee-payer ./validator-keypair.json \
./vote-account-keypair.json \
./validator-keypair.json \
./authorized-withdrawer-keypair.json
The
-ut flag tells the CLI command that we would like to use the testnet cluster. --fee-payer specifies the keypair that will be used to pay the transaction fees.Make sure your
authorized-withdrawer-keypair.json is stored in a safe place. If you have chosen to create a keypair on disk, you should first backup the keypair and then delete it from your local machine.If you lose your withdrawer keypair, you will lose control of your vote account. You will not be able to withdraw tokens from the vote account or update the withdrawer. Make sure to store the
authorized-withdrawer-keypair.json securely before you move on.It is a best practice to always run your validator as a non-root user, like the
sol user we just created.You may see some devices in the list that have a name but do not have a UUID. Any device without a UUID is unformatted.
sudo bash -c "cat >/etc/sysctl.d/21-agave-validator.conf <<EOF
# Increase max UDP buffer sizes
net.core.rmem_max = 134217728
net.core.wmem_max = 134217728
# Increase memory mapped files limit
vm.max_map_count = 1000000
# Increase number of allowed open file descriptors
fs.nr_open = 1000000
EOF"
sudo sysctl -p /etc/sysctl.d/21-agave-validator.conf
sudo bash -c "cat >/etc/security/limits.d/90-solana-nofiles.conf <<EOF
# Increase process file descriptor count limit
* - nofile 1000000
# Increase memory locked limit (kB)
* - memlock 2000000
EOF"
scp validator-keypair.json sol@<server.hostname>:
scp vote-account-keypair.json sol@<server.hostname>:
The
vote-account-keypair.json does not have any function other than identifying the vote account to potential delegators. Only the public key of the vote account is important once the account is created.Your remote machine will need
agave-validator installed. For simplicity, install the application as the sol user. Refer to the build from source instructions.#!/bin/bash
exec agave-validator \
--identity /home/sol/validator-keypair.json \
--vote-account /home/sol/vote-account-keypair.json \
--known-validator 5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on \
--known-validator 7XSY3MrYnK8vq693Rju17bbPkCN3Z7KvvfvJx4kdrsSY \
--known-validator Ft5fbkqNa76vnsjYNwjDZUXoTWpP7VYm3mtsaQckQADN \
--known-validator 9QxCLckBiJc783jnMvXZubK4wH86Eqqvashtrwvcsgkv \
--only-known-rpc \
--log /home/sol/agave-validator.log \
--ledger /mnt/ledger \
--accounts /mnt/accounts \
--rpc-port 8899 \
--dynamic-port-range 8000-8020 \
--entrypoint entrypoint.testnet.solana.com:8001 \
--entrypoint entrypoint2.testnet.solana.com:8001 \
--entrypoint entrypoint3.testnet.solana.com:8001 \
--expected-genesis-hash 4uhcVJyU9pJkvQyS88uRDiswHXSCkY3zQawwpjk2NsNY \
--wal-recovery-mode skip_any_corrupted_record \
--limit-ledger-size
Refer to
agave-validator --help for more information on what each flag does. This startup script is specifically intended for testnet.Keep an eye out for any lines that say
ERROR. Assuming you do not see any error messages, exit out of the command.After you have staked some SOL to your validator and the stake has activated, verify your validator is ready:
Once you are happy that the validator can start up without errors, stop the validator by pressing
CTRL+C.[Unit]
Description=Solana Validator
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=1
User=sol
LimitNOFILE=1000000
LimitMEMLOCK=2000000000
LogRateLimitIntervalSec=0
Environment="PATH=/bin:/usr/bin:/home/sol/.local/share/solana/install/active_release/bin"
ExecStart=/home/sol/bin/validator.sh
[Install]
WantedBy=multi-user.target
cat > logrotate.sol <<EOF
/home/sol/agave-validator.log {
rotate 7
daily
missingok
postrotate
systemctl kill -s USR1 sol.service
endscript
}
EOF
sudo cp logrotate.sol /etc/logrotate.d/sol
systemctl restart logrotate.service
Next Steps
Now that your validator is running:- Set up monitoring with agave-watchtower
- Review security best practices
- Learn about day-to-day operations
- Understand troubleshooting common issues
Common Issues
Out of Disk Space
Make sure your ledger is on a drive with at least 2TB of space.Validator Not Catching Up
This could be a networking/hardware issue, or you may need to get the latest snapshot from another validator node.PoH Hashes/Second Rate is Slower Than Cluster Target
If you are usingagave-validator built from source, ensure that you are using a release build and not a debug build.
Ensure that your machine’s CPU base clock speed is 2.8GHz or faster. Use lscpu to check your clock speed.
Set performance governor: