89 lines
2.7 KiB
Markdown
89 lines
2.7 KiB
Markdown
# Permissioning Fix - Added RPC Nodes to Allowlist
|
|
|
|
**Date**: $(date)
|
|
**Status**: ✅ **FIX APPLIED** - All nodes now in permissions allowlist
|
|
|
|
---
|
|
|
|
## Issue Identified
|
|
|
|
With `permissions-nodes-config-file-enabled=true`, **ALL nodes** that need to connect to each other must be in the `permissions-nodes.toml` allowlist.
|
|
|
|
### Previous State
|
|
- ✅ 5 validators (1000-1004) in allowlist
|
|
- ✅ 4 sentries (1500-1503) in allowlist
|
|
- ❌ **3 RPC nodes (2500-2502) MISSING** from allowlist
|
|
|
|
### Problem
|
|
If permissioning is enabled, nodes can only connect to nodes listed in the allowlist. Missing RPC nodes could prevent:
|
|
- Validators from connecting to RPC nodes
|
|
- Sentries from connecting to RPC nodes
|
|
- RPC nodes from connecting to validators/sentries
|
|
- Overall network connectivity issues
|
|
|
|
---
|
|
|
|
## Fix Applied
|
|
|
|
### Updated permissions-nodes.toml
|
|
Now includes **all 12 nodes**:
|
|
1. **5 Validators** (1000-1004)
|
|
2. **4 Sentries** (1500-1503)
|
|
3. **3 RPC Nodes** (2500-2502)
|
|
|
|
### RPC Node Enodes Added
|
|
- **2500** (Core RPC): `enode://e54c6e601ebfcba3ed6ff3fd4bc6a692cf6627c6f6851d5aa303a129fc90556fa446d11bff5388d1b25c9149fe4d172449133bda51b5bb85581d70b3d1ba0f74@192.168.11.250:30303`
|
|
- **2501** (Permissioned RPC): `enode://71d58fab2d98f45d8b1ee431067f3cbf7fa1b44526d3b8f5c8547a0a184fbcb6f9560300d491e29137d5b998ea2d7d82cbdc706026c23fffb6b12fa6c6975153@192.168.11.251:30303`
|
|
- **2502** (Public RPC): `enode://d885b020efe8602e680b4e348c3066e4ce9355c27a5a501f5455d48de6a56a42f33e581abd788f9e3373e4f3c0f8c83061139d73cbeaa9da35c17eb0565bfe06@192.168.11.252:30303`
|
|
|
|
---
|
|
|
|
## Deployment
|
|
|
|
### Files Updated
|
|
- `/etc/besu/permissions-nodes.toml` on **all 12 nodes**
|
|
- Ownership set to `besu:besu`
|
|
|
|
### Services Restarted
|
|
- ✅ All 5 validator services
|
|
- ✅ All 4 sentry services
|
|
- ✅ All 3 RPC node services
|
|
|
|
---
|
|
|
|
## Expected Impact
|
|
|
|
With all nodes in the allowlist:
|
|
1. ✅ **Full network connectivity** - All nodes can connect to each other
|
|
2. ✅ **No permissioning blocks** - All valid connections are allowed
|
|
3. ✅ **Better peer discovery** - Nodes can discover all peers
|
|
4. ✅ **Improved consensus** - Validators can reach all nodes
|
|
|
|
---
|
|
|
|
## Verification
|
|
|
|
After restart, verify:
|
|
1. All nodes can see peers (via `admin_peers`)
|
|
2. No permissioning errors in logs
|
|
3. Network connectivity improves
|
|
4. Block production may improve (if connectivity was the issue)
|
|
|
|
---
|
|
|
|
## Important Note
|
|
|
|
**With permissioning enabled, the allowlist must include ALL nodes that need to communicate.** Any missing nodes will be blocked from connecting, which can cause:
|
|
- Network partitions
|
|
- Sync issues
|
|
- Consensus problems
|
|
- Block production failures
|
|
|
|
This fix ensures the allowlist is complete.
|
|
|
|
---
|
|
|
|
**Last Updated**: $(date)
|
|
**Status**: ✅ All nodes added to permissions allowlist
|
|
|