4.1 KiB
4.1 KiB
Validator Key Fix Applied
Date: $(date)
Status: ✅ VALIDATOR KEYS REPLACED | ⏳ AWAITING BLOCK PRODUCTION
Critical Issue Found and Fixed
Problem
Besu was using node keys (for P2P communication) from /data/besu/key instead of validator keys (for block signing) from /keys/validators/validator-{N}/key.priv.
This meant:
- ✅ Nodes could connect to each other (P2P working)
- ❌ But nodes couldn't produce blocks (wrong key for block signing)
- ❌ Node key addresses were NOT in the validator set
- ❌ Validator key addresses WERE in the genesis extraData but not being used
Solution Applied
Replaced /data/besu/key on all validators with their validator keys:
- Backed up original node keys to
/data/besu/key.node.backup - Copied validator keys from
/keys/validators/validator-{N}/key.privto/data/besu/key - Set correct ownership:
chown besu:besu /data/besu/key - Restarted Besu services to use new keys
- Verified addresses match: All validator addresses now match between
/data/besu/keyand/keys/validators/validator-{N}/address.txt - Updated enode URLs: Collected new enode URLs and updated
static-nodes.jsonandpermissions-nodes.toml
Changes Made
Key Replacement
- ✅ VMID 1000: Validator 1 key copied to
/data/besu/key - ✅ VMID 1001: Validator 2 key copied to
/data/besu/key - ✅ VMID 1002: Validator 3 key copied to
/data/besu/key - ✅ VMID 1003: Validator 4 key copied to
/data/besu/key - ✅ VMID 1004: Validator 5 key copied to
/data/besu/key
Address Verification
All validators now have matching addresses:
- ✅ Validator 1:
0x43ea6615474ac886c78182af1acbbf84346f2e9c - ✅ Validator 2:
0x05db2d6b5584285cc03cd33017c0f8da32652583 - ✅ Validator 3:
0x23e1139cc8359872f8f4ef0d8f01c20355ac5f4b - ✅ Validator 4:
0x231a55a8ae9946b5dd2dc81c4c07522df42fd3ed - ✅ Validator 5:
0xc0af7f9251dc57cfb84c192c1bab20f5e312acb3
All addresses match genesis.json extraData ✅
New Enode URLs
Validators now have new enode URLs (since keys changed):
- VMID 1000:
enode://774723cbec02d8889114291d325cad544b7269fbfa0aa5ce4cd486d1806a90dff8767aa541cdea343c1911cc780992d5322c7c54bbfc55666128c4b8f7ee0702@192.168.11.100:30303 - VMID 1001:
enode://d29b70125da5d949e271e926ab0cbd5aa1f3f8aa9fe5fff2dd94f6a8509596f16c45be5c3a8aabdc525c778f00125349dbb82ddc66b0c769efc071e1a967c430@192.168.11.101:30303 - VMID 1002:
enode://ccf01ee56d1524568fb0f61f9d8d4b02f1707667c68da307dd639e479ab7ea6eb13f01682862c071329329f71b8d1479813e02bf3a1e59d97bf2becff89fce6d@192.168.11.102:30303 - VMID 1003:
enode://2582c3b991a49dec3aaa31ddfb80ada39309d1890d4e7566fd6b2921d48841e14ac519edb43b9434435c218160bfcbb61b27ec7c1bb10c67c7fcfa9da0ce8e8d@192.168.11.103:30303 - VMID 1004:
enode://fae5b339389a6d13e6b5417e4c753ce936523069c352a433ccfda1ddc773608c4d636b5a856a18ed76b8a750df512cb441d39c5a16aa3cc2814f412ba94454ef@192.168.11.104:30303
Configuration Files Updated
- ✅
static-nodes.jsonupdated on all validators with new validator enode URLs - ✅
permissions-nodes.tomlupdated on all nodes with new validator enode URLs
Expected Behavior
After this fix:
- ✅ Validators should use validator keys for block signing
- ✅ Validator addresses match genesis extraData
- ✅ Besu should recognize validators as part of the validator set
- ⏳ QBFT consensus should activate
- ⏳ Blocks should start being produced (every 2 seconds per genesis config)
Next Steps
- ✅ Validator keys in place (DONE)
- ✅ Enode URLs updated (DONE)
- ⏳ Monitor for block production
- ⏳ Verify QBFT consensus activates
- ⏳ Check that blocks are produced every ~2 seconds
Important Notes
- Node keys backed up: Original node keys saved to
/data/besu/key.node.backupon all validators - Enode URLs changed: Since validator keys replaced node keys, enode URLs changed
- Sentry nodes unchanged: Sentries still use their original node keys (not validator keys)
- Network should stabilize: Nodes need time to reconnect with new enode URLs
Last Updated: $(date)
Status: ✅ Fix applied, monitoring for block production