141 lines
6.2 KiB
Markdown
141 lines
6.2 KiB
Markdown
# Key Rotation Complete
|
|
|
|
**Date**: 2025-12-20
|
|
**Status**: ✅ COMPLETE
|
|
|
|
## Summary
|
|
|
|
Successfully rotated all validator and node identities for the QBFT network using Quorum-Genesis-Tool. All keys have been regenerated, genesis.json has been updated with new extraData, and all configuration files have been regenerated with new enode URLs.
|
|
|
|
## 1. Detected Consensus: QBFT
|
|
|
|
**Evidence**: `genesis.json` contains:
|
|
```json
|
|
"config": {
|
|
"qbft": {
|
|
"blockperiodseconds": 2,
|
|
"epochlength": 30000,
|
|
"requesttimeoutseconds": 10
|
|
}
|
|
}
|
|
```
|
|
|
|
## 2. Node Count: 5 Validators, 4 Sentries, 3 RPC Nodes
|
|
|
|
- **Validators**: 5 (VMIDs 1000-1004)
|
|
- **Sentries**: 4 (VMIDs 1500-1503)
|
|
- **RPC Nodes**: 3 (VMIDs 2500-2502) - *Using member4-member6 from output/2025-12-20-19-54-21*
|
|
|
|
## 3. Commands Executed
|
|
|
|
```bash
|
|
npx --yes quorum-genesis-tool \
|
|
--consensus qbft \
|
|
--chainID 138 \
|
|
--validators 5 \
|
|
--members 4 \
|
|
--bootnodes 0 \
|
|
--blockperiod 2 \
|
|
--epochLength 30000 \
|
|
--requestTimeout 10 \
|
|
--difficulty 1 \
|
|
--gasLimit 0x1c9c380
|
|
```
|
|
|
|
**Output Location**: `output/2025-12-20-19-54-02/`
|
|
|
|
## 4. Files Changed/Created
|
|
|
|
### Updated Files
|
|
- ✅ `smom-dbis-138-proxmox/config/genesis.json` - Updated `extraData` with new QBFT validator addresses
|
|
|
|
### Created Files
|
|
- ✅ `smom-dbis-138-proxmox/config/static-nodes.json` - New validator enode URLs
|
|
- ✅ `smom-dbis-138-proxmox/config/permissioned-nodes.json` - All node enode URLs (JSON format)
|
|
- ✅ `smom-dbis-138-proxmox/config/permissions-nodes.toml` - All node enode URLs (TOML format)
|
|
|
|
### Copied Keys
|
|
- ✅ `smom-dbis-138-proxmox/keys/validators/validator-*/key.priv` - Validator private keys
|
|
- ✅ `smom-dbis-138-proxmox/keys/validators/validator-*/address.txt` - Validator addresses
|
|
- ✅ `smom-dbis-138-proxmox/config/nodes/validator-*/nodekey` - Validator nodekeys (P2P identity)
|
|
- ✅ `smom-dbis-138-proxmox/config/nodes/sentry-*/nodekey` - Sentry nodekeys (P2P identity)
|
|
- ✅ `smom-dbis-138-proxmox/config/nodes/rpc-*/nodekey` - RPC nodekeys (P2P identity)
|
|
|
|
## 5. New Validator Addresses (Ordered)
|
|
|
|
```
|
|
validator0: 0x1c25c54bf177ecf9365445706d8b9209e8f1c39b
|
|
validator1: 0xc4c1aeeb5ab86c6179fc98220b51844b74935446
|
|
validator2: 0x22f37f6faaa353e652a0840f485e71a7e5a89373
|
|
validator3: 0x573ff6d00d2bdc0d9c0c08615dc052db75f82574
|
|
validator4: 0x11563e26a70ed3605b80a03081be52aca9e0f141
|
|
```
|
|
|
|
## 6. New Enode List (Ordered)
|
|
|
|
### Validators
|
|
```
|
|
enode://2221dd9fc65c9082d4a937832cba9f6759981888df6798407c390bd153f4332c152ea5d03dd9d9cda74d7990fb3479a5c4ba7166269322be9790eed9ebdcfe24@192.168.11.100:30303
|
|
enode://4e358db339804914d53bec6de23a269aef7be54c2812001025e6a545398ac64b2513a418cd3e2ca06dc57daf5c0aa2fb97c9948b6d7893e2bd51bf67dae97923@192.168.11.101:30303
|
|
enode://0daef7e3041ab3a5d73646ec882410302d63ece279b781be5cfed94c1970aacb438aeafc46d63a630b4ea5f7a0572a3a7edff028b16abc4c76ee84358af8c31f@192.168.11.102:30303
|
|
enode://107e59cb6c5ddf000082ddfd925aa670cba0c6f600c8e3dc5cdd6eb4ca818e0c22e4b33ef605eb4efd76ef29177ca00fd84a79935eccdddd2addbbb26d37a4a4@192.168.11.103:30303
|
|
enode://59844ade9912cee3a609fae1719694c607b30ac60a08532e6b15592524cb5f563f32c30d63e45075e7b9c76170a604f01fc6de02e3102f0f8d1648bf23425c16@192.168.11.104:30303
|
|
```
|
|
|
|
### Sentries (Members)
|
|
```
|
|
enode://2d4eeff2d5710427cf5f11319b48a883d5eb39e18e3a42052ccc6ea613d1f0ac72a17fc560b84e270ce0320b518bee7632071f20f64a69b6634496a66adafb71@192.168.11.150:30303
|
|
enode://88e407e879af2e5a6a9cfd16385390a7e6fce91fae462418fc858047d61f932f1e0114e99a8ff84c8f261c733cbb5bd7a76a7fbb5e5eac9920a41b11f6e5a07b@192.168.11.151:30303
|
|
enode://7a98f86ced272d3f61046b08bb617d157516fd21e3cf6edb0f8090ca87ea5f920bc05dac489c82cf7b8d32bd64c51f904d868ed0ce8f9c83bf1e9c2022b33baa@192.168.11.152:30303
|
|
enode://0cbd315d8f80f8ba46f0229297a493a71d37287cbfb0fc991dd3680fa4db21e2891d4dd2f1577c5020d93224a2f0f690b331551490796ddee3bbb56ecfa6b6f5@192.168.11.153:30303
|
|
```
|
|
|
|
### RPC Nodes (from member4-member6 in output/2025-12-20-19-54-21)
|
|
```
|
|
enode://6cdc892fa09afa2b05c21cc9a1193a86cf0d195ce81b02a270d8bb987f78ca98ad90d907670796c90fc6e4eaf3b4cae6c0c15871e2564de063beceb4bbfc6532@192.168.11.250:30303
|
|
enode://07daf3d64079faa3982bc8be7aa86c24ef21eca4565aae4a7fd963c55c728de0639d80663834634edf113b9f047d690232ae23423c64979961db4b6449aa6dfd@192.168.11.251:30303
|
|
enode://83eb8c172034afd72846740921f748c77780c3cc0cea45604348ba859bc3a47187e24e5fad7f74e5fe353e86fd35ab7c37f02cfbb8299a850a190b40968bd8e2@192.168.11.252:30303
|
|
```
|
|
|
|
## 7. Verification Checklist
|
|
|
|
✅ All validator keys generated using quorum-genesis-tool
|
|
✅ genesis.json updated with new extraData (QBFT format, RLP-encoded)
|
|
✅ static-nodes.json created with new validator enodes
|
|
✅ permissioned-nodes.json created with all node enodes
|
|
✅ permissions-nodes.toml created with all node enodes
|
|
✅ Keys copied to repository structure
|
|
✅ Validator addresses in extraData match new validator keys
|
|
|
|
✅ **RPC nodes (VMIDs 2500-2502) included**
|
|
|
|
**Note**: RPC nodekeys were sourced from `member4-member6` in `output/2025-12-20-19-54-21` directory, which were generated in a separate quorum-genesis-tool run.
|
|
|
|
## 8. Updated extraData
|
|
|
|
The `extraData` field in `genesis.json` has been updated with the new QBFT validator addresses:
|
|
|
|
```
|
|
0xf88fa00000000000000000000000000000000000000000000000000000000000000000f869941c25c54bf177ecf9365445706d8b9209e8f1c39b94c4c1aeeb5ab86c6179fc98220b51844b749354469422f37f6faaa353e652a0840f485e71a7e5a8937394573ff6d00d2bdc0d9c0c08615dc052db75f825749411563e26a70ed3605b80a03081be52aca9e0f141c080c0
|
|
```
|
|
|
|
This contains:
|
|
- 32-byte vanity (zeros)
|
|
- RLP-encoded list of 5 validator addresses (20 bytes each)
|
|
- Empty seals section for genesis
|
|
|
|
## Next Steps
|
|
|
|
1. **Deploy new keys to nodes**: Copy the new keys from the repository to the deployed nodes
|
|
2. **Update node configurations**: Ensure all nodes reference the new keys
|
|
3. **Restart nodes**: Restart all nodes to apply the new keys
|
|
4. **Verify block production**: Confirm the network starts producing blocks with the new validators
|
|
|
|
## Important Notes
|
|
|
|
- **All old keys have been replaced** - Old validator addresses are no longer in use
|
|
- **genesis.json updated in-place** - All other settings (chainId, gasLimit, alloc, etc.) preserved
|
|
- **Deterministic generation** - All keys generated using quorum-genesis-tool for consistency
|
|
- **No manual edits required** - All configuration files auto-generated from the tool output
|
|
|