d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
proxmox/docs/archive/PERMISSIONING_FIX_APPLIED.md

2.7 KiB
Raw Permalink Blame History

Permissioning Fix - Added RPC Nodes to Allowlist

Date: $(date)
Status: FIX APPLIED - All nodes now in permissions allowlist

Issue Identified

With permissions-nodes-config-file-enabled=true, ALL nodes that need to connect to each other must be in the permissions-nodes.toml allowlist.

Previous State

  • 5 validators (1000-1004) in allowlist
  • 4 sentries (1500-1503) in allowlist
  • 3 RPC nodes (2500-2502) MISSING from allowlist

Problem

If permissioning is enabled, nodes can only connect to nodes listed in the allowlist. Missing RPC nodes could prevent:

  • Validators from connecting to RPC nodes
  • Sentries from connecting to RPC nodes
  • RPC nodes from connecting to validators/sentries
  • Overall network connectivity issues

Fix Applied

Updated permissions-nodes.toml

Now includes all 12 nodes:

  1. 5 Validators (1000-1004)
  2. 4 Sentries (1500-1503)
  3. 3 RPC Nodes (2500-2502)

RPC Node Enodes Added

  • 2500 (Core RPC): enode://e54c6e601ebfcba3ed6ff3fd4bc6a692cf6627c6f6851d5aa303a129fc90556fa446d11bff5388d1b25c9149fe4d172449133bda51b5bb85581d70b3d1ba0f74@192.168.11.250:30303
  • 2501 (Permissioned RPC): enode://71d58fab2d98f45d8b1ee431067f3cbf7fa1b44526d3b8f5c8547a0a184fbcb6f9560300d491e29137d5b998ea2d7d82cbdc706026c23fffb6b12fa6c6975153@192.168.11.251:30303
  • 2502 (Public RPC): enode://d885b020efe8602e680b4e348c3066e4ce9355c27a5a501f5455d48de6a56a42f33e581abd788f9e3373e4f3c0f8c83061139d73cbeaa9da35c17eb0565bfe06@192.168.11.252:30303

Deployment

Files Updated

  • /etc/besu/permissions-nodes.toml on all 12 nodes
  • Ownership set to besu:besu

Services Restarted

  • All 5 validator services
  • All 4 sentry services
  • All 3 RPC node services

Expected Impact

With all nodes in the allowlist:

  1. Full network connectivity - All nodes can connect to each other
  2. No permissioning blocks - All valid connections are allowed
  3. Better peer discovery - Nodes can discover all peers
  4. Improved consensus - Validators can reach all nodes

Verification

After restart, verify:

  1. All nodes can see peers (via admin_peers)
  2. No permissioning errors in logs
  3. Network connectivity improves
  4. Block production may improve (if connectivity was the issue)

Important Note

With permissioning enabled, the allowlist must include ALL nodes that need to communicate. Any missing nodes will be blocked from connecting, which can cause:

  • Network partitions
  • Sync issues
  • Consensus problems
  • Block production failures

This fix ensures the allowlist is complete.

Last Updated: $(date)
Status: All nodes added to permissions allowlist

Reference in New Issue View Git Blame Copy Permalink