d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/PERMISSIONING_FIX_COMPLETE.md

3.3 KiB
Raw Permalink Blame History

Permissioning Fix - Complete

Date: $(date)
Status: FIXED - Permissioning configuration is now correct

Issues Found and Fixed

1. Missing RPC Nodes in Allowlist FIXED

  • Issue: RPC nodes (2500-2502) were not in permissions-nodes.toml
  • Fix: Added all 3 RPC nodes to allowlist
  • Result: All 12 nodes now in allowlist (5 validators + 4 sentries + 3 RPC)

2. static-nodes.json Mismatch FIXED

  • Issue: static-nodes.json had OLD validator enode URLs (before key replacement)
  • Fix: Updated static-nodes.json on ALL nodes to match validator enodes in permissions-nodes.toml
  • Result: Validator enodes now match between both files

3. Configuration Synchronization VERIFIED

  • Issue: Files might not match across all nodes
  • Fix: Deployed consistent static-nodes.json and permissions-nodes.toml to all 12 nodes
  • Result: All nodes have matching configuration

Current Configuration

permissions-nodes.toml (All 12 Nodes)

  • 5 Validators (1000-1004) - NEW validator keys
  • 4 Sentries (1500-1503)
  • 3 RPC Nodes (2500-2502)

static-nodes.json (All 12 Nodes)

  • 5 Validator enode URLs - NEW validator keys
  • Matches validator enodes in permissions-nodes.toml

Verification Results

No Permissioning Errors

  • No new permissioning errors in logs (last 2+ minutes)
  • Services are starting successfully
  • Configuration files verified and match

Configuration Files Match

  • static-nodes.json validator enodes match permissions-nodes.toml validator enodes
  • All nodes have consistent configuration
  • Paths in config files are correct

Key Insights

With Permissioning Enabled:

  1. ALL nodes that need to connect must be in the allowlist

    • If sentries need to connect to validators → validators must be in sentry allowlist
    • If RPC nodes need to connect to validators → validators must be in RPC allowlist
    • Bidirectional: Each side must allow the other

  2. ALL nodes in static-nodes.json must be in permissions-nodes.toml

    • Besu validates this at startup
    • If mismatch → startup fails with ParameterException

  3. When validator keys change, BOTH files must be updated

    • static-nodes.json needs new validator enode URLs
    • permissions-nodes.toml needs new validator enode URLs
    • Both must match

Remaining Issues (If Blocks Not Producing)

The permissioning configuration is now correct. If blocks are still not being produced, potential remaining issues:

  1. QBFT Consensus Configuration

    • Validators may need additional QBFT-specific configuration
    • Network may need time to stabilize

  2. Validator Key Recognition

    • Besu may need time to recognize validators
    • Consensus may need additional time to activate

  3. Network Timing

    • Nodes may need more time to fully connect
    • Peer discovery may need additional time

  4. Other Configuration Issues

    • Genesis file configuration
    • Sync mode settings
    • Network connectivity

Next Steps

  1. Permissioning configuration fixed
  2. Monitor block production
  3. Verify QBFT consensus activates
  4. Check validator logs for consensus activity

Last Updated: $(date)
Status: Permissioning configuration correct - monitoring block production

Reference in New Issue View Git Blame Copy Permalink