# Permissioning Fix - Added RPC Nodes to Allowlist **Date**: $(date) **Status**: ✅ **FIX APPLIED** - All nodes now in permissions allowlist --- ## Issue Identified With `permissions-nodes-config-file-enabled=true`, **ALL nodes** that need to connect to each other must be in the `permissions-nodes.toml` allowlist. ### Previous State - ✅ 5 validators (1000-1004) in allowlist - ✅ 4 sentries (1500-1503) in allowlist - ❌ **3 RPC nodes (2500-2502) MISSING** from allowlist ### Problem If permissioning is enabled, nodes can only connect to nodes listed in the allowlist. Missing RPC nodes could prevent: - Validators from connecting to RPC nodes - Sentries from connecting to RPC nodes - RPC nodes from connecting to validators/sentries - Overall network connectivity issues --- ## Fix Applied ### Updated permissions-nodes.toml Now includes **all 12 nodes**: 1. **5 Validators** (1000-1004) 2. **4 Sentries** (1500-1503) 3. **3 RPC Nodes** (2500-2502) ### RPC Node Enodes Added - **2500** (Core RPC): `enode://e54c6e601ebfcba3ed6ff3fd4bc6a692cf6627c6f6851d5aa303a129fc90556fa446d11bff5388d1b25c9149fe4d172449133bda51b5bb85581d70b3d1ba0f74@192.168.11.250:30303` - **2501** (Permissioned RPC): `enode://71d58fab2d98f45d8b1ee431067f3cbf7fa1b44526d3b8f5c8547a0a184fbcb6f9560300d491e29137d5b998ea2d7d82cbdc706026c23fffb6b12fa6c6975153@192.168.11.251:30303` - **2502** (Public RPC): `enode://d885b020efe8602e680b4e348c3066e4ce9355c27a5a501f5455d48de6a56a42f33e581abd788f9e3373e4f3c0f8c83061139d73cbeaa9da35c17eb0565bfe06@192.168.11.252:30303` --- ## Deployment ### Files Updated - `/etc/besu/permissions-nodes.toml` on **all 12 nodes** - Ownership set to `besu:besu` ### Services Restarted - ✅ All 5 validator services - ✅ All 4 sentry services - ✅ All 3 RPC node services --- ## Expected Impact With all nodes in the allowlist: 1. ✅ **Full network connectivity** - All nodes can connect to each other 2. ✅ **No permissioning blocks** - All valid connections are allowed 3. ✅ **Better peer discovery** - Nodes can discover all peers 4. ✅ **Improved consensus** - Validators can reach all nodes --- ## Verification After restart, verify: 1. All nodes can see peers (via `admin_peers`) 2. No permissioning errors in logs 3. Network connectivity improves 4. Block production may improve (if connectivity was the issue) --- ## Important Note **With permissioning enabled, the allowlist must include ALL nodes that need to communicate.** Any missing nodes will be blocked from connecting, which can cause: - Network partitions - Sync issues - Consensus problems - Block production failures This fix ensures the allowlist is complete. --- **Last Updated**: $(date) **Status**: ✅ All nodes added to permissions allowlist