d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/archive/VALIDATOR_KEY_FIX_APPLIED.md

97 lines
4.1 KiB
Markdown
Raw Permalink Blame History

# Validator Key Fix Applied
**Date**: $(date)
**Status**: ✅ **VALIDATOR KEYS REPLACED** | ⏳ **AWAITING BLOCK PRODUCTION**
---
## Critical Issue Found and Fixed
### Problem
Besu was using **node keys** (for P2P communication) from `/data/besu/key` instead of **validator keys** (for block signing) from `/keys/validators/validator-{N}/key.priv`.
This meant:
- ✅ Nodes could connect to each other (P2P working)
- ❌ But nodes couldn't produce blocks (wrong key for block signing)
- ❌ Node key addresses were NOT in the validator set
- ❌ Validator key addresses WERE in the genesis extraData but not being used
### Solution Applied
Replaced `/data/besu/key` on all validators with their validator keys:
1. **Backed up original node keys** to `/data/besu/key.node.backup`
2. **Copied validator keys** from `/keys/validators/validator-{N}/key.priv` to `/data/besu/key`
3. **Set correct ownership**: `chown besu:besu /data/besu/key`
4. **Restarted Besu services** to use new keys
5. **Verified addresses match**: All validator addresses now match between `/data/besu/key` and `/keys/validators/validator-{N}/address.txt`
6. **Updated enode URLs**: Collected new enode URLs and updated `static-nodes.json` and `permissions-nodes.toml`
---
## Changes Made
### Key Replacement
- ✅ VMID 1000: Validator 1 key copied to `/data/besu/key`
- ✅ VMID 1001: Validator 2 key copied to `/data/besu/key`
- ✅ VMID 1002: Validator 3 key copied to `/data/besu/key`
- ✅ VMID 1003: Validator 4 key copied to `/data/besu/key`
- ✅ VMID 1004: Validator 5 key copied to `/data/besu/key`
### Address Verification
All validators now have matching addresses:
- ✅ Validator 1: `0x43ea6615474ac886c78182af1acbbf84346f2e9c`
- ✅ Validator 2: `0x05db2d6b5584285cc03cd33017c0f8da32652583`
- ✅ Validator 3: `0x23e1139cc8359872f8f4ef0d8f01c20355ac5f4b`
- ✅ Validator 4: `0x231a55a8ae9946b5dd2dc81c4c07522df42fd3ed`
- ✅ Validator 5: `0xc0af7f9251dc57cfb84c192c1bab20f5e312acb3`
All addresses match genesis.json extraData ✅
### New Enode URLs
Validators now have new enode URLs (since keys changed):
- VMID 1000: `enode://774723cbec02d8889114291d325cad544b7269fbfa0aa5ce4cd486d1806a90dff8767aa541cdea343c1911cc780992d5322c7c54bbfc55666128c4b8f7ee0702@192.168.11.100:30303`
- VMID 1001: `enode://d29b70125da5d949e271e926ab0cbd5aa1f3f8aa9fe5fff2dd94f6a8509596f16c45be5c3a8aabdc525c778f00125349dbb82ddc66b0c769efc071e1a967c430@192.168.11.101:30303`
- VMID 1002: `enode://ccf01ee56d1524568fb0f61f9d8d4b02f1707667c68da307dd639e479ab7ea6eb13f01682862c071329329f71b8d1479813e02bf3a1e59d97bf2becff89fce6d@192.168.11.102:30303`
- VMID 1003: `enode://2582c3b991a49dec3aaa31ddfb80ada39309d1890d4e7566fd6b2921d48841e14ac519edb43b9434435c218160bfcbb61b27ec7c1bb10c67c7fcfa9da0ce8e8d@192.168.11.103:30303`
- VMID 1004: `enode://fae5b339389a6d13e6b5417e4c753ce936523069c352a433ccfda1ddc773608c4d636b5a856a18ed76b8a750df512cb441d39c5a16aa3cc2814f412ba94454ef@192.168.11.104:30303`
### Configuration Files Updated
-`static-nodes.json` updated on all validators with new validator enode URLs
-`permissions-nodes.toml` updated on all nodes with new validator enode URLs
---
## Expected Behavior
After this fix:
1. ✅ Validators should use validator keys for block signing
2. ✅ Validator addresses match genesis extraData
3. ✅ Besu should recognize validators as part of the validator set
4. ⏳ QBFT consensus should activate
5. ⏳ Blocks should start being produced (every 2 seconds per genesis config)
---
## Next Steps
1. ✅ Validator keys in place (DONE)
2. ✅ Enode URLs updated (DONE)
3. ⏳ Monitor for block production
4. ⏳ Verify QBFT consensus activates
5. ⏳ Check that blocks are produced every ~2 seconds
---
## Important Notes
- **Node keys backed up**: Original node keys saved to `/data/besu/key.node.backup` on all validators
- **Enode URLs changed**: Since validator keys replaced node keys, enode URLs changed
- **Sentry nodes unchanged**: Sentries still use their original node keys (not validator keys)
- **Network should stabilize**: Nodes need time to reconnect with new enode URLs
---
**Last Updated**: $(date)
**Status**: ✅ Fix applied, monitoring for block production
Reference in New Issue View Git Blame Copy Permalink