d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/config/besu-node-lists/README.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

63 lines
4.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Besu Node Lists — Single Source of Truth
**Purpose:** One canonical `static-nodes.json` and `permissions-nodes.toml` used by **all** Chain 138 Besu nodes (validators, sentries, RPCs). **Both are essential:**
- **static-nodes.json** — Bootstrap peers; Besu connects to these on startup (`static-nodes-file`).
- **permissions-nodes.toml** — Allowlist; only nodes in this list can join the network (`permissions-nodes-config-file`). Besu expects TOML (do not use `permissioned-nodes.json`).
These files must be **identical on every node** for permissioning and discovery to work correctly.
**Deploy:** Run from repo root:
```bash
./scripts/deploy-besu-node-lists-to-all.sh
```
See [docs/06-besu/MASTER_DOCS_AND_NODE_LISTS_REVIEW.md](../../docs/06-besu/MASTER_DOCS_AND_NODE_LISTS_REVIEW.md) for context and [BESU_NODES_FILE_REFERENCE.md](../../docs/06-besu/BESU_NODES_FILE_REFERENCE.md) for VMID↔IP mapping.
## Contents
| File | Format | Use |
|------|--------|-----|
| `static-nodes.json` | JSON array of enode URLs | Besu `--static-nodes-file`; bootstrap peers |
| `permissions-nodes.toml` | TOML `nodes-allowlist=[...]` | Besu `--permissions-nodes-config-file`; allowlist (Besu expects TOML—do not use `permissioned-nodes.json`) |
## When to update
- **New node (e.g. 1504, 2102):** Get the nodes enode (e.g. from `admin_nodeInfo` or the nodes data dir), add it to both files here, then run the deploy script.
- **Node removed:** Remove its enode from both files and redeploy.
- **Regenerate all (no duplicates):** Run `bash scripts/besu/collect-enodes-from-all-besu-nodes.sh` to collect from every node (admin_nodeInfo or `besu public-key export`), merge with existing for unreachable nodes, and overwrite both files.
- **Fix failures only:** Run `bash scripts/besu/collect-enodes-from-all-besu-nodes.sh --missing-only` to try only VMIDs whose IP is not yet in the list (no full 32-node sweep).
- **Generate missing node keys:** Run `bash scripts/besu/generate-node-keys-for-missing-vmids.sh [--force] [--collect]` to create `/data/besu/key` (64-hex) only for VMIDs not yet in the list. Use `--force` to overwrite PEM/wrong-format keys; use `--collect` to run collect --missing-only after. Containers without Besu (15051508, 25012505) are supported via helper nodes (1504 on ml110, 2500 on r630-01).
- **Install Besu permanently on nodes missing it:** Run `bash scripts/besu/install-besu-permanent-on-missing-nodes.sh` to install Besu (23.10.3) in 15051508 and 25012505, deploy config/genesis/node lists, and enable+start the service so RPC/sentry runs after reboot.
## Sentry 1504 (.154)
1504 may not expose RPC (8545). Once the sentry has run and created `/data/besu/nodekey`, get the enode from the nodekey (run from Proxmox host ml110):
```bash
ssh root@192.168.11.10 "pct exec 1504 -- /opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/nodekey --format=enode 2>/dev/null" | sed 's/@[0-9.]*:/@192.168.11.154:/'
```
If RPC is enabled on 1504:
```bash
ssh root@192.168.11.10 "pct exec 1504 -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545" | jq -r '.result.enode'
```
Add the enode to both `static-nodes.json` and `permissions-nodes.toml`, then run `./scripts/deploy-besu-node-lists-to-all.sh`.
## RPC Core-2 (2102 / .212)
When VMID 2102 is created and Besu RPC is running, add its enode to both files and redeploy. See [RPC_CORE_2_NATHAN_SFVALLEY2_TUNNEL.md](../../docs/04-configuration/cloudflare/RPC_CORE_2_NATHAN_SFVALLEY2_TUNNEL.md).
## Verify enodes and IPs
Run from repo root to ensure enode addresses and IPs are correct and consistent:
```bash
bash scripts/verify/verify-besu-enodes-and-ips.sh
```
This checks: (1) static-nodes.json and permissions-nodes.toml match, (2) each IP matches the expected VMID, (3) no duplicate node keys (same key for two IPs). See [ENODE_IP_VERIFICATION_20260208.md](../../docs/04-configuration/verification-evidence/ENODE_IP_VERIFICATION_20260208.md) for a recent run and how to fix the VMID 2401 duplicate enode.
Reference in New Issue View Git Blame Copy Permalink