#!/usr/bin/env bash # Fix validator node lists: deploy BOTH static-nodes.json and permissions-nodes.toml. # Besu expects TOML for permissions-nodes-config-file (not permissioned-nodes.json). # Static-nodes = bootstrap peers; permissions-nodes = allowlist. Both are essential. # # Run from repo root. Requires SSH to r630-01 (192.168.11.11) and ml110 (192.168.11.10). set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" cd "$PROJECT_ROOT" [ -f config/ip-addresses.conf ] && source config/ip-addresses.conf 2>/dev/null || true SOURCE_TOML="$PROJECT_ROOT/config/besu-node-lists/permissions-nodes.toml" SOURCE_STATIC="$PROJECT_ROOT/config/besu-node-lists/static-nodes.json" if [ ! -f "$SOURCE_TOML" ]; then echo "Missing $SOURCE_TOML" exit 1 fi if [ ! -f "$SOURCE_STATIC" ]; then echo "Missing $SOURCE_STATIC" exit 1 fi R630_01="${PROXMOX_R630_01:-192.168.11.11}" ML110="${PROXMOX_ML110:-192.168.11.10}" USER="${PROXMOX_USER:-root}" PERM_PATH="/var/lib/besu/permissions" CONFIG_GLOB="/etc/besu/config-validator.toml" VALIDATORS=( "1000:$R630_01" "1001:$R630_01" "1002:$R630_01" "1003:$ML110" "1004:$ML110" ) RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } log_ok() { echo -e "${GREEN}[✓]${NC} $1"; } log_err() { echo -e "${RED}[✗]${NC} $1"; } echo "" echo "=== Fix validator node lists (static-nodes + permissions-nodes) ===" echo " Both are essential: static-nodes = bootstrap peers, permissions-nodes = allowlist." echo "" # Copy both files to each host once for host in "$R630_01" "$ML110"; do log_info "Copying static-nodes.json and permissions-nodes.toml to $host" scp -o ConnectTimeout=5 -o StrictHostKeyChecking=no "$SOURCE_STATIC" "$SOURCE_TOML" "$USER@$host:/tmp/" 2>/dev/null || { log_err "scp to $host failed"; exit 1; } log_ok " Copied" done FAILED=0 for entry in "${VALIDATORS[@]}"; do IFS=: read -r vmid host <<< "$entry" log_info "VMID $vmid @ $host" status=$(ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no "$USER@$host" "pct status $vmid 2>/dev/null" | awk '{print $2}' || echo "unknown") if [ "$status" != "running" ]; then log_info " Skip (not running)" continue fi # Push static-nodes.json to /var/lib/besu/ and permissions-nodes.toml to permissions/ STATIC_PATH="/var/lib/besu/static-nodes.json" if ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no "$USER@$host" "pct push $vmid /tmp/static-nodes.json ${STATIC_PATH} && pct push $vmid /tmp/permissions-nodes.toml ${PERM_PATH}/permissions-nodes.toml" 2>/dev/null; then log_err " pct push failed" ((FAILED++)) || true continue fi # Point config to TOML (not JSON) and ensure static-nodes-file and permissions path are set if ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no "$USER@$host" "pct exec $vmid -- bash -c ' for f in /etc/besu/config-validator.toml /config/config-validator.toml; do [ -f \"\$f\" ] || continue sed -i \"s|permissioned-nodes\\.json|permissions-nodes.toml|g\" \"\$f\" sed -i \"s|\"/var/lib/besu/permissions/permissioned-nodes.json\"|\"/var/lib/besu/permissions/permissions-nodes.toml\"|g\" \"\$f\" sed -i \"s|^static-nodes-file=.*|static-nodes-file=\\\"/var/lib/besu/static-nodes.json\\\"|\" \"\$f\" sed -i \"s|^permissions-nodes-config-file=.*|permissions-nodes-config-file=\\\"/var/lib/besu/permissions/permissions-nodes.toml\\\"|\" \"\$f\" grep -q \"static-nodes-file\" \"\$f\" || echo \"static-nodes-file=\\\"/var/lib/besu/static-nodes.json\\\"\" >> \"\$f\" grep -q \"permissions-nodes-config-file\" \"\$f\" || echo \"permissions-nodes-config-file=\\\"/var/lib/besu/permissions/permissions-nodes.toml\\\"\" >> \"\$f\" break done '" 2>/dev/null; then log_err " sed config failed" ((FAILED++)) || true continue fi ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no "$USER@$host" "pct exec $vmid -- chown besu:besu ${STATIC_PATH} ${PERM_PATH}/permissions-nodes.toml 2>/dev/null || pct exec $vmid -- chown root:root ${STATIC_PATH} ${PERM_PATH}/permissions-nodes.toml" 2>/dev/null || true if ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no "$USER@$host" "pct exec $vmid -- systemctl restart besu-validator" 2>/dev/null; then log_err " restart failed" ((FAILED++)) || true continue fi log_ok " static-nodes + permissions-nodes deployed, config updated, restarted" echo "" done # Cleanup host /tmp for host in "$R630_01" "$ML110"; do ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no "$USER@$host" "rm -f /tmp/permissions-nodes.toml /tmp/static-nodes.json" 2>/dev/null || true done echo "=== Summary ===" if [ "$FAILED" -eq 0 ]; then log_ok "All validators updated. Wait 1–2 min then: bash scripts/monitoring/monitor-blockchain-health.sh" exit 0 else log_err "$FAILED validator(s) failed." exit 1 fi