scripts/generate-node-keys.sh

#!/usr/bin/env bash
# Generate node keys for all new Besu nodes

set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "$PROJECT_ROOT/config/ip-addresses.conf"

get_host_for_vmid() {
    local vmid=$1
    if [[ "$vmid" =~ ^(1505|1506|1507|1508)$ ]]; then
        echo "${PROXMOX_HOST_ML110}"
    elif [[ "$vmid" =~ ^(2500|2501|2502|2503|2504|2505)$ ]]; then
        echo "${PROXMOX_HOST_R630_01}"
    else
        echo "${PROXMOX_HOST_R630_01}"
    fi
}

generate_node_key() {
    local vmid=$1
    local ip=$2
    local hostname=$3
    local host=$(get_host_for_vmid $vmid)
    
    echo "Generating node key for $vmid ($hostname)..."
    
    # Generate node key using Besu
    ssh -o StrictHostKeyChecking=no root@${host} "pct exec $vmid -- bash -c '
        mkdir -p /data/besu
        /opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key 2>&1 || \
        /opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key --to=/data/besu/key.pub 2>&1 || \
        echo \"Key generation needed\"
    '" 2>&1 | head -5
    
    # Generate key if it doesn't exist
    ssh -o StrictHostKeyChecking=no root@${host} "pct exec $vmid -- bash -c '
        if [ ! -f /data/besu/key ]; then
            openssl ecparam -name secp256k1 -genkey -noout -out /data/besu/key 2>/dev/null || \
            /opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key 2>&1 || true
        fi
        chown -R besu:besu /data/besu
    '" 2>&1
    
    # Extract public key and create enode
    local pubkey=$(ssh -o StrictHostKeyChecking=no root@${host} "pct exec $vmid -- bash -c '
        if [ -f /data/besu/key ]; then
            /opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key 2>&1 | head -1
        fi
    '" 2>/dev/null | tr -d '\n' | sed 's/^0x//')
    
    if [[ -n "$pubkey" && ${#pubkey} -ge 128 ]]; then
        echo "$vmid|$hostname|$ip|enode://${pubkey}@${ip}:30303"
    else
        echo "$vmid|$hostname|$ip|PENDING"
    fi
}

echo "Generating node keys for all new nodes..."
for vmid in 1505 1506 2500 2501 2502 1507 1508 2503 2504 2505; do
    case $vmid in
        1505) generate_node_key 1505 "${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-192.168.11.21}}}}}3" "besu-sentry-alltra-1" ;;
        1506) generate_node_key 1506 "${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-192.168.11.21}}}}}4" "besu-sentry-alltra-2" ;;
        2500) generate_node_key 2500 "${IP_SERVICE_172:-${IP_SERVICE_172:-192.168.11.172}}" "besu-rpc-alltra-1" ;;
        2501) generate_node_key 2501 "${IP_SERVICE_173:-${IP_SERVICE_173:-192.168.11.173}}" "besu-rpc-alltra-2" ;;
        2502) generate_node_key 2502 "${IP_SERVICE_174:-${IP_SERVICE_174:-192.168.11.174}}" "besu-rpc-alltra-3" ;;
        1507) generate_node_key 1507 "${IP_RPC_244:-${IP_RPC_244:-${IP_RPC_244:-192.168.11.244}}}" "besu-sentry-hybx-1" ;;
        1508) generate_node_key 1508 "${IP_RPC_245:-${IP_RPC_245:-${IP_RPC_245:-192.168.11.245}}}" "besu-sentry-hybx-2" ;;
        2503) generate_node_key 2503 "${IP_RPC_246:-${IP_RPC_246:-${IP_RPC_246:-192.168.11.246}}}" "besu-rpc-hybx-1" ;;
        2504) generate_node_key 2504 "${IP_RPC_247:-${IP_RPC_247:-${IP_RPC_247:-192.168.11.247}}}" "besu-rpc-hybx-2" ;;
        2505) generate_node_key 2505 "${IP_RPC_248:-${IP_RPC_248:-${IP_RPC_248:-192.168.11.248}}}" "besu-rpc-hybx-3" ;;
    esac
done
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-12 15:46:57 -08:00			`#!/usr/bin/env bash`
			`# Generate node keys for all new Besu nodes`

			`set -euo pipefail`
			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"`
			`source "$PROJECT_ROOT/config/ip-addresses.conf"`

			`get_host_for_vmid() {`
			`local vmid=$1`
			`if [[ "$vmid" =~ ^(1505\|1506\|1507\|1508)$ ]]; then`
			`echo "${PROXMOX_HOST_ML110}"`
			`elif [[ "$vmid" =~ ^(2500\|2501\|2502\|2503\|2504\|2505)$ ]]; then`
			`echo "${PROXMOX_HOST_R630_01}"`
			`else`
			`echo "${PROXMOX_HOST_R630_01}"`
			`fi`
			`}`

			`generate_node_key() {`
			`local vmid=$1`
			`local ip=$2`
			`local hostname=$3`
			`local host=$(get_host_for_vmid $vmid)`

			`echo "Generating node key for $vmid ($hostname)..."`

			`# Generate node key using Besu`
			`ssh -o StrictHostKeyChecking=no root@${host} "pct exec $vmid -- bash -c '`
			`mkdir -p /data/besu`
			`/opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key 2>&1 \|\| \`
			`/opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key --to=/data/besu/key.pub 2>&1 \|\| \`
			`echo \"Key generation needed\"`
			`'" 2>&1 \| head -5`

			`# Generate key if it doesn't exist`
			`ssh -o StrictHostKeyChecking=no root@${host} "pct exec $vmid -- bash -c '`
			`if [ ! -f /data/besu/key ]; then`
			`openssl ecparam -name secp256k1 -genkey -noout -out /data/besu/key 2>/dev/null \|\| \`
			`/opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key 2>&1 \|\| true`
			`fi`
			`chown -R besu:besu /data/besu`
			`'" 2>&1`

			`# Extract public key and create enode`
			`local pubkey=$(ssh -o StrictHostKeyChecking=no root@${host} "pct exec $vmid -- bash -c '`
			`if [ -f /data/besu/key ]; then`
			`/opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/key 2>&1 \| head -1`
			`fi`
			`'" 2>/dev/null \| tr -d '\n' \| sed 's/^0x//')`

			`if [[ -n "$pubkey" && ${#pubkey} -ge 128 ]]; then`
			`echo "$vmid\|$hostname\|$ip\|enode://${pubkey}@${ip}:30303"`
			`else`
			`echo "$vmid\|$hostname\|$ip\|PENDING"`
			`fi`
			`}`

			`echo "Generating node keys for all new nodes..."`
			`for vmid in 1505 1506 2500 2501 2502 1507 1508 2503 2504 2505; do`
			`case $vmid in`
			`1505) generate_node_key 1505 "${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-192.168.11.21}}}}}3" "besu-sentry-alltra-1" ;;`
			`1506) generate_node_key 1506 "${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-${IP_SERVICE_21:-192.168.11.21}}}}}4" "besu-sentry-alltra-2" ;;`
			`2500) generate_node_key 2500 "${IP_SERVICE_172:-${IP_SERVICE_172:-192.168.11.172}}" "besu-rpc-alltra-1" ;;`
			`2501) generate_node_key 2501 "${IP_SERVICE_173:-${IP_SERVICE_173:-192.168.11.173}}" "besu-rpc-alltra-2" ;;`
			`2502) generate_node_key 2502 "${IP_SERVICE_174:-${IP_SERVICE_174:-192.168.11.174}}" "besu-rpc-alltra-3" ;;`
			`1507) generate_node_key 1507 "${IP_RPC_244:-${IP_RPC_244:-${IP_RPC_244:-192.168.11.244}}}" "besu-sentry-hybx-1" ;;`
			`1508) generate_node_key 1508 "${IP_RPC_245:-${IP_RPC_245:-${IP_RPC_245:-192.168.11.245}}}" "besu-sentry-hybx-2" ;;`
			`2503) generate_node_key 2503 "${IP_RPC_246:-${IP_RPC_246:-${IP_RPC_246:-192.168.11.246}}}" "besu-rpc-hybx-1" ;;`
			`2504) generate_node_key 2504 "${IP_RPC_247:-${IP_RPC_247:-${IP_RPC_247:-192.168.11.247}}}" "besu-rpc-hybx-2" ;;`
			`2505) generate_node_key 2505 "${IP_RPC_248:-${IP_RPC_248:-${IP_RPC_248:-192.168.11.248}}}" "besu-rpc-hybx-3" ;;`
			`esac`
			`done`