d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
f6bf0c635f65063c06a1914ac38dec71c8420ebe
proxmox/config/besu-node-lists/README.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

4.0 KiB
Raw Blame History

Besu Node Lists — Single Source of Truth

Purpose: One canonical static-nodes.json and permissions-nodes.toml used by all Chain 138 Besu nodes (validators, sentries, RPCs). Both are essential:

  • static-nodes.json — Bootstrap peers; Besu connects to these on startup (static-nodes-file).
  • permissions-nodes.toml — Allowlist; only nodes in this list can join the network (permissions-nodes-config-file). Besu expects TOML (do not use permissioned-nodes.json).

These files must be identical on every node for permissioning and discovery to work correctly.

Deploy: Run from repo root:

./scripts/deploy-besu-node-lists-to-all.sh

See docs/06-besu/MASTER_DOCS_AND_NODE_LISTS_REVIEW.md for context and BESU_NODES_FILE_REFERENCE.md for VMID↔IP mapping.

Contents

File Format Use
static-nodes.json JSON array of enode URLs Besu --static-nodes-file; bootstrap peers
permissions-nodes.toml TOML nodes-allowlist=[...] Besu --permissions-nodes-config-file; allowlist (Besu expects TOML—do not use permissioned-nodes.json)

When to update

  • New node (e.g. 1504, 2102): Get the nodes enode (e.g. from admin_nodeInfo or the nodes data dir), add it to both files here, then run the deploy script.
  • Node removed: Remove its enode from both files and redeploy.
  • Regenerate all (no duplicates): Run bash scripts/besu/collect-enodes-from-all-besu-nodes.sh to collect from every node (admin_nodeInfo or besu public-key export), merge with existing for unreachable nodes, and overwrite both files.
  • Fix failures only: Run bash scripts/besu/collect-enodes-from-all-besu-nodes.sh --missing-only to try only VMIDs whose IP is not yet in the list (no full 32-node sweep).
  • Generate missing node keys: Run bash scripts/besu/generate-node-keys-for-missing-vmids.sh [--force] [--collect] to create /data/besu/key (64-hex) only for VMIDs not yet in the list. Use --force to overwrite PEM/wrong-format keys; use --collect to run collect --missing-only after. Containers without Besu (15051508, 25012505) are supported via helper nodes (1504 on ml110, 2500 on r630-01).
  • Install Besu permanently on nodes missing it: Run bash scripts/besu/install-besu-permanent-on-missing-nodes.sh to install Besu (23.10.3) in 15051508 and 25012505, deploy config/genesis/node lists, and enable+start the service so RPC/sentry runs after reboot.

Sentry 1504 (.154)

1504 may not expose RPC (8545). Once the sentry has run and created /data/besu/nodekey, get the enode from the nodekey (run from Proxmox host ml110):

ssh root@192.168.11.10 "pct exec 1504 -- /opt/besu/bin/besu public-key export --node-private-key-file=/data/besu/nodekey --format=enode 2>/dev/null" | sed 's/@[0-9.]*:/@192.168.11.154:/'

If RPC is enabled on 1504:

ssh root@192.168.11.10 "pct exec 1504 -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545" | jq -r '.result.enode'

Add the enode to both static-nodes.json and permissions-nodes.toml, then run ./scripts/deploy-besu-node-lists-to-all.sh.

RPC Core-2 (2102 / .212)

When VMID 2102 is created and Besu RPC is running, add its enode to both files and redeploy. See RPC_CORE_2_NATHAN_SFVALLEY2_TUNNEL.md.

Verify enodes and IPs

Run from repo root to ensure enode addresses and IPs are correct and consistent:

bash scripts/verify/verify-besu-enodes-and-ips.sh

This checks: (1) static-nodes.json and permissions-nodes.toml match, (2) each IP matches the expected VMID, (3) no duplicate node keys (same key for two IPs). See ENODE_IP_VERIFICATION_20260208.md for a recent run and how to fix the VMID 2401 duplicate enode.

Reference in New Issue View Git Blame Copy Permalink