d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d5540bf1d7ffbe8f48ded1aa38cc18713f65fbe
proxmox/docs/archive/completion/CHAIN138_COMPLETE_IMPLEMENTATION.md
defiQUG bea1903ac9
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
Sync all local changes: docs, config, scripts, submodule refs, verification evidence 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-21 15:46:06 -08:00

327 lines
9.2 KiB
Markdown
Raw Blame History

# ChainID 138 Complete Implementation Summary
**Date:** December 26, 2024
**Status:** ✅ Complete - All documentation and scripts updated
---
## Overview
This document provides a complete summary of the ChainID 138 Besu node configuration implementation, including all containers, access control, JWT authentication requirements, and deployment scripts.
---
## Container Allocation
### Total Containers: 25
- **Besu Nodes**: 19 (5 validators + 5 sentries + 9 RPC)
- **Hyperledger Services**: 5
- **Explorer**: 1
### Currently Deployed: 12
- **Besu Nodes**: 12 (5 validators + 4 sentries + 3 RPC)
- **Hyperledger Services**: 0
- **Explorer**: 0
### Missing: 13
- **Besu Nodes**: 7 (1 sentry + 6 RPC)
- **Hyperledger Services**: 5
- **Explorer**: 1
---
## Ali's Containers (Full Access) - 4 Containers
| VMID | Hostname | Role | IP Address | Identity | JWT Auth | Discovery |
|------|----------|------|------------|----------|----------|-----------|
| 1504 | `besu-sentry-5` | Besu Sentry | 192.168.11.154 | N/A | ✅ Required | Enabled |
| 2503 | `besu-rpc-4` | Besu RPC | 192.168.11.253 | 0x8a | ✅ Required | **Disabled** |
| 2504 | `besu-rpc-4` | Besu RPC | 192.168.11.254 | 0x1 | ✅ Required | **Disabled** |
| 6201 | `firefly-2` | Firefly | 192.168.11.67 | N/A | ✅ Required | N/A |
**Access Level:** Full root access to all containers and Proxmox host
---
## Luis's Containers (RPC-Only Access) - 2 Containers
| VMID | Hostname | Role | IP Address | Identity | JWT Auth | Discovery |
|------|----------|------|------------|----------|----------|-----------|
| 2505 | `besu-rpc-luis` | Besu RPC | 192.168.11.255 | 0x8a | ✅ Required | **Disabled** |
| 2506 | `besu-rpc-luis` | Besu RPC | 192.168.11.256 | 0x1 | ✅ Required | **Disabled** |
**Access Level:** RPC-only access via JWT authentication
- No Proxmox console access
- No SSH access
- No key material access
- Access via reverse proxy / firewall-restricted RPC ports
---
## Putu's Containers (RPC-Only Access) - 2 Containers
| VMID | Hostname | Role | IP Address | Identity | JWT Auth | Discovery |
|------|----------|------|------------|----------|----------|-----------|
| 2507 | `besu-rpc-putu` | Besu RPC | 192.168.11.257 | 0x8a | ✅ Required | **Disabled** |
| 2508 | `besu-rpc-putu` | Besu RPC | 192.168.11.258 | 0x1 | ✅ Required | **Disabled** |
**Access Level:** RPC-only access via JWT authentication
- No Proxmox console access
- No SSH access
- No key material access
- Access via reverse proxy / firewall-restricted RPC ports
---
## Configuration Files Created
### Besu Configuration Templates
1. **`smom-dbis-138/config/config-rpc-4.toml`** - Ali's RPC node (2503)
2. **`smom-dbis-138/config/config-rpc-luis-8a.toml`** - Luis's RPC node (2505)
3. **`smom-dbis-138/config/config-rpc-luis-1.toml`** - Luis's RPC node (2506)
4. **`smom-dbis-138/config/config-rpc-putu-8a.toml`** - Putu's RPC node (2507)
5. **`smom-dbis-138/config/config-rpc-putu-1.toml`** - Putu's RPC node (2508)
**Key Features:**
- Discovery disabled (prevents connection to Ethereum mainnet while reporting chainID 0x1 to MetaMask for wallet compatibility)
- Standardized paths: `/var/lib/besu/static-nodes.json` and `/var/lib/besu/permissions/permissioned-nodes.json`
- Permissioned access configuration
- JWT authentication ready
---
## Scripts Created/Updated
### 1. Main Configuration Script
**File:** `scripts/configure-besu-chain138-nodes.sh`
**Purpose:** Comprehensive script that:
- Collects enodes from all Besu nodes (validators, sentries, RPC)
- Generates `static-nodes.json` and `permissioned-nodes.json`
- Deploys configurations to all Besu containers (including 2503-2508)
- Configures discovery settings (disabled for RPC nodes 2503-2508)
- Restarts Besu services
**Updated VMIDs:** Now includes 2503-2508 in processing loops
### 2. Verification Script
**File:** `scripts/verify-chain138-config.sh`
**Purpose:** Verifies configuration deployment:
- Checks file existence
- Validates discovery settings
- Verifies peer connections
**Updated VMIDs:** Now includes 2503-2508 in verification
### 3. Quick Setup Script
**File:** `scripts/setup-new-chain138-containers.sh`
**Purpose:** Quick setup for new containers:
- Runs main configuration script
- Verifies new containers
- Checks discovery settings
**Updated VMIDs:** Now includes 2503-2508 in setup
---
## Documentation Created/Updated
### 1. Main Configuration Guide
**File:** `docs/../../06-besu/CHAIN138_BESU_CONFIGURATION.md`
**Status:** ✅ Updated with new container allocation
### 2. Configuration Summary
**File:** `docs/../configuration/CHAIN138_CONFIGURATION_SUMMARY.md`
**Status:** ✅ Updated with new container allocation
### 3. Access Control Model
**File:** `docs/../fixes/CHAIN138_ACCESS_CONTROL_CORRECTED.md`
**Status:** ✅ Updated with separate containers for each identity
### 4. JWT Authentication Requirements
**File:** `docs/CHAIN138_JWT_AUTH_REQUIREMENTS.md`
**Status:** ✅ Created - Documents JWT auth requirements for all containers
### 5. Missing Containers List
**File:** `docs/03-deployment/MISSING_CONTAINERS_LIST.md`
**Status:** ✅ Updated with all 13 missing containers
### 6. Complete Implementation Summary
**File:** `docs/CHAIN138_COMPLETE_IMPLEMENTATION.md`
**Status:** ✅ This document
---
## Key Features
### 1. Complete Isolation
- Each operator has separate containers
- Each identity has its own dedicated container
- No shared infrastructure between operators
- Complete access separation
### 2. JWT Authentication
- **All RPC containers require JWT authentication**
- Nginx reverse proxy configuration
- Token-based access control
- Identity-level permissioning
### 3. Discovery Control
- **Discovery disabled** for all new RPC nodes (2503-2508)
- Prevents connection to Ethereum mainnet while reporting chainID 0x1 to MetaMask (wallet compatibility feature)
- Ensures nodes only connect via static/permissioned lists
### 4. Standardized Configuration
- Consistent file paths across all nodes
- Standardized configuration templates
- Automated deployment scripts
---
## Deployment Checklist
### For Each New RPC Container (2503-2508)
- [ ] Create LXC container
- [ ] Deploy Besu configuration template
- [ ] Configure static-nodes.json
- [ ] Configure permissioned-nodes.json
- [ ] **Disable discovery** (critical!)
- [ ] Configure permissioned identity
- [ ] Set up JWT authentication
- [ ] Configure nginx reverse proxy
- [ ] Set up firewall rules
- [ ] Test RPC access
- [ ] Verify peer connections
### For Sentry Node (1504)
- [ ] Create LXC container
- [ ] Deploy Besu configuration template
- [ ] Configure static-nodes.json
- [ ] Configure permissioned-nodes.json
- [ ] Enable discovery
- [ ] Set up JWT authentication
- [ ] Verify peer connections
### For Firefly Node (6201)
- [ ] Create LXC container
- [ ] Deploy Firefly configuration
- [ ] Configure ChainID 138 connection
- [ ] Set up JWT authentication
- [ ] Test Firefly API
---
## Quick Start
### 1. Run Main Configuration
```bash
cd /home/intlc/projects/proxmox
./scripts/configure-besu-chain138-nodes.sh
```
This will:
1. Collect enodes from all nodes
2. Generate configuration files
3. Deploy to all containers (including new ones)
4. Configure discovery settings
5. Restart services
### 2. Verify Configuration
```bash
./scripts/verify-chain138-config.sh
```
### 3. Set Up New Containers
```bash
./scripts/setup-new-chain138-containers.sh
```
---
## Network Configuration
### IP Address Allocation
- **1504** (besu-sentry-5): 192.168.11.154
- **2503** (besu-rpc-4): 192.168.11.253
- **2504** (besu-rpc-4): 192.168.11.254
- **2505** (besu-rpc-luis): 192.168.11.255
- **2506** (besu-rpc-luis): 192.168.11.256
- **2507** (besu-rpc-putu): 192.168.11.257
- **2508** (besu-rpc-putu): 192.168.11.258
- **6201** (firefly-2): 192.168.11.67
### Port Configuration
- **P2P**: 30303 (all Besu nodes)
- **RPC HTTP**: 8545 (all RPC nodes)
- **RPC WebSocket**: 8546 (all RPC nodes)
- **Metrics**: 9545 (all Besu nodes)
---
## Security Considerations
1. **JWT Authentication**: All RPC containers require JWT tokens
2. **Access Isolation**: Complete separation between operators
3. **Network Isolation**: Firewall rules restrict access
4. **Identity Separation**: Each identity has dedicated container
5. **Discovery Control**: Disabled for RPC nodes to prevent network issues
---
## Related Documentation
- [Missing Containers List](../../03-deployment/MISSING_CONTAINERS_LIST.md)
- [ChainID 138 Configuration Guide](../../06-besu/CHAIN138_BESU_CONFIGURATION.md)
- [Configuration Summary](../configuration/CHAIN138_CONFIGURATION_SUMMARY.md)
- [Access Control Model](../fixes/CHAIN138_ACCESS_CONTROL_CORRECTED.md)
- [JWT Authentication Requirements](/docs/04-configuration/CHAIN138_JWT_AUTH_REQUIREMENTS.md)
---
## Support
For detailed information on:
- **Configuration**: See [../../06-besu/CHAIN138_BESU_CONFIGURATION.md](../../06-besu/CHAIN138_BESU_CONFIGURATION.md)
- **Access Control**: See [CHAIN138_JWT_AUTH_REQUIREMENTS.md](../../04-configuration/CHAIN138_JWT_AUTH_REQUIREMENTS.md)
- **JWT Setup**: See [CHAIN138_JWT_AUTH_REQUIREMENTS.md](/docs/04-configuration/CHAIN138_JWT_AUTH_REQUIREMENTS.md)
- **Deployment**: See [../configuration/CHAIN138_CONFIGURATION_SUMMARY.md](../configuration/../configuration/CHAIN138_CONFIGURATION_SUMMARY.md)
---
**Last Updated:** December 26, 2024
**Status:** ✅ Complete - Ready for Deployment
Reference in New Issue View Git Blame Copy Permalink