d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bef37db4d42fcb45c34cda5e2dc2e78dba44c14c
proxmox/config/besu-node-lists/README.md
defiQUG dbd517b279 Sync workspace: config, docs, scripts, CI, operator rules, and submodule pointers. 
- Update dbis_core, cross-chain-pmm-lps, explorer-monorepo, metamask-integration, pr-workspace/chains
- Omit embedded publish git dirs and empty placeholders from index

Made-with: Cursor
2026-04-12 06:12:20 -07:00

63 lines
4.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Besu Node Lists — Single Source of Truth
**Purpose:** One canonical `static-nodes.json` and `permissions-nodes.toml` used by **all** Chain 138 Besu nodes (validators, sentries, RPCs). **Both are essential:**
- **static-nodes.json** — Bootstrap peers; Besu connects to these on startup (`static-nodes-file`).
- **permissions-nodes.toml** — Allowlist; only nodes in this list can join the network (`permissions-nodes-config-file`). Besu expects TOML (do not use `permissioned-nodes.json`).
These files must be **identical on every node** for permissioning and discovery to work correctly.
**Deploy:** Run from repo root:
```bash
./scripts/deploy-besu-node-lists-to-all.sh
```
See [docs/06-besu/MASTER_DOCS_AND_NODE_LISTS_REVIEW.md](../../docs/06-besu/MASTER_DOCS_AND_NODE_LISTS_REVIEW.md) for context and [BESU_NODES_FILE_REFERENCE.md](../../docs/06-besu/BESU_NODES_FILE_REFERENCE.md) for VMID↔IP mapping.
## Contents
| File | Format | Use |
|------|--------|-----|
| `static-nodes.json` | JSON array of enode URLs | Besu `--static-nodes-file`; bootstrap peers |
| `permissions-nodes.toml` | TOML `nodes-allowlist=[...]` | Besu `--permissions-nodes-config-file`; allowlist (Besu expects TOML—do not use `permissioned-nodes.json`) |
## When to update
- **New node (e.g. 1504, 2102):** Get the nodes enode (e.g. from `admin_nodeInfo` or the nodes data dir), add it to both files here, then run the deploy script.
- **Node removed:** Remove its enode from both files and redeploy.
- **Regenerate all (no duplicates):** Run `bash scripts/besu/collect-enodes-from-all-besu-nodes.sh` to collect from every node (admin_nodeInfo or `besu public-key export`), merge with existing for unreachable nodes, and overwrite both files.
- **Fix failures only:** Run `bash scripts/besu/collect-enodes-from-all-besu-nodes.sh --missing-only` to try only VMIDs whose IP is not yet in the list (no full 37-node sweep).
- **Generate missing node keys:** Run `bash scripts/besu/generate-node-keys-for-missing-vmids.sh [--force] [--collect]` to create `/data/besu/key` (64-hex) only for VMIDs not yet in the list. Use `--force` to overwrite PEM/wrong-format keys; use `--collect` to run collect --missing-only after. Current auxiliary / edge nodes include sentries `15051510` and RPCs `2420/2430/2440/2460/2470/2480`.
- **Install Besu permanently on nodes missing it:** Run `bash scripts/besu/install-besu-permanent-on-missing-nodes.sh` to install the current Besu line used by the fleet, deploy config/genesis/node lists, and enable+start the service so RPC/sentry runs after reboot.
## Sentry 1504 (.154)
1504 may not expose RPC (8545). Once the sentry has run and created `/data/besu/nodekey`, get the enode from the nodekey (run from Proxmox host ml110):
```bash
ssh root@192.168.11.10 "pct exec 1504 -- /opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/nodekey --format=enode 2>/dev/null" | sed 's/@[0-9.]*:/@192.168.11.154:/'
```
If RPC is enabled on 1504:
```bash
ssh root@192.168.11.10 "pct exec 1504 -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545" | jq -r '.result.enode'
```
Add the enode to both `static-nodes.json` and `permissions-nodes.toml`, then run `./scripts/deploy-besu-node-lists-to-all.sh`.
## RPC Core-2 (2102 / .212)
When VMID 2102 is created and Besu RPC is running, add its enode to both files and redeploy. See [RPC_CORE_2_NATHAN_SFVALLEY2_TUNNEL.md](../../docs/04-configuration/cloudflare/RPC_CORE_2_NATHAN_SFVALLEY2_TUNNEL.md).
## Verify enodes and IPs
Run from repo root to ensure enode addresses and IPs are correct and consistent:
```bash
bash scripts/verify/verify-besu-enodes-and-ips.sh
```
This checks: (1) static-nodes.json and permissions-nodes.toml match, (2) each IP matches the expected VMID, (3) no duplicate node keys (same key for two IPs). See [ENODE_IP_VERIFICATION_20260208.md](../../docs/04-configuration/verification-evidence/ENODE_IP_VERIFICATION_20260208.md) for a recent run and how to fix the VMID 2401 duplicate enode.
Reference in New Issue View Git Blame Copy Permalink