# Besu Network Setup - Complete ## Overview This document summarizes the completed setup and configuration of the Besu blockchain network on Proxmox containers (VMID 1000-2502). ## Completed Tasks ### 1. Besu Allowlist Configuration ✅ - Generated corrected allowlist files with 128-character node IDs - Fixed enode URL padding issues - Deployed to all containers (1000-2502) - Validated all enode formats **Files Generated:** - `static-nodes.json` - Validator enodes (5 entries) - `permissions-nodes.toml` - All node enodes (5 entries) **Location:** `besu-enodes-20251219-141230/` ### 2. Balance Query Script ✅ - Created Node.js script using ethers v6 - Queries native ETH and ERC-20 token balances - Supports WETH9 and WETH10 tokens - Health checks and error handling included **Script:** `scripts/besu_balances_106_117.js` ### 3. Management Scripts ✅ All scripts available in `scripts/`: - `besu-extract-enode-nodekey.sh` - Extract enode from nodekey file - `besu-extract-enode-rpc.sh` - Extract enode via JSON-RPC - `besu-collect-all-enodes.sh` - Collect enodes from all nodes - `besu-generate-allowlist.sh` - Generate allowlist files - `besu-validate-allowlist.sh` - Validate enode formats - `besu-deploy-allowlist.sh` - Deploy to containers - `besu-verify-peers.sh` - Verify peer connections ### 4. Documentation ✅ - `docs/BESU_ALLOWLIST_RUNBOOK.md` - Comprehensive runbook - `docs/BESU_ALLOWLIST_QUICK_START.md` - Quick reference - `scripts/BESU_BALANCES_README.md` - Balance script docs ## Container Status ### Validators (1000-1004) - 5 containers - Status: All running, services active ### Sentries (1500-1503) - 4 containers - Status: All running, services active ### RPC Nodes (2500-2502) - 3 containers - Status: All running, services active - RPC endpoints: http://192.168.11.{23,24,25}:8545 ## Network Configuration - Network ID: 138 - Consensus: QBFT - All containers use DHCP for IP assignment - VLAN tagging removed for unprivileged containers ## IP Address Mapping | VMID | Hostname | IP Address | |------|--------------------|---------------| | 1000 | besu-validator-1 | 192.168.11.13 | | 1001 | besu-validator-2 | 192.168.11.14 | | 1002 | besu-validator-3 | 192.168.11.15 | | 1003 | besu-validator-4 | 192.168.11.16 | | 1004 | besu-validator-5 | 192.168.11.18 | | 1500 | besu-sentry-2 | 192.168.11.19 | | 1501 | besu-sentry-3 | 192.168.11.20 | | 1502 | besu-sentry-4 | 192.168.11.21 | | 1503 | besu-sentry-5 | 192.168.11.22 | | 2500 | besu-rpc-1 | 192.168.11.23 | | 2501 | besu-rpc-2 | 192.168.11.24 | | 2502 | besu-rpc-3 | 192.168.11.25 | ## Usage Examples ### Query Balances ```bash node scripts/besu_balances_106_117.js ``` ### Verify Peers ```bash bash scripts/besu-verify-peers.sh http://192.168.11.23:8545 ``` ### Check Service Status ```bash pct exec -- systemctl status besu-validator # or pct exec -- systemctl status besu-sentry # or pct exec -- systemctl status besu-rpc ``` ## Next Steps (Optional) 1. Monitor peer connections as network stabilizes 2. Add sentry/RPC node enodes to allowlist when available 3. Set up monitoring and alerting 4. Deploy additional services (120-122, 150-153) ## Notes - Validators don't expose RPC (security best practice) - Only RPC nodes (2500-2502) have RPC endpoints enabled - Allowlist currently includes validators only (correct for QBFT) - All node IDs are validated to be exactly 128 hex characters