Initial restructure PoC (#1085)

* [WIP] initial restructure PoC

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* finish public networks restructure

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* private network restructure except tutorials

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* finish private networks restructure

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* add monitoring index page

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* fix link errors

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* more link fixes

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* mkdocs fixes

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* fix link and add nav tabs

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* more link fixes

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* update and move mining, onchain permissioning, and key mgmt content

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* Update home page and add network index pages

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* md fix

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* update and restructure tls, bootnode, and protocol upgrade content

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* initial add global variables

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* final variable files

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* mkdocs changes

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* Some link fixes and content updates

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* more link fixes

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* restructure #3 - no variables

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* update private network links

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* fix private network links + md

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* update headings

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* remove dead link

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* minor homepage fix

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* fix links and address feedback

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* add HA and plugins material

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* minor addition

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* fix typo

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* Integrate more feedback

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>

* minor edits

Signed-off-by: Alexandra Tran <alexandra.tran@consensys.net>
pull/1121/head
Alexandra Tran 2 years ago committed by GitHub
parent 6c3912c219
commit 4a96954293
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      DCO.md
  2. 12
      docs/Concepts/ArchitectureOverview.md
  3. 17
      docs/Concepts/Mining.md
  4. 16
      docs/Concepts/Network-vs-Node.md
  5. 30
      docs/Concepts/Protocol-Upgrades.md
  6. 22
      docs/Concepts/Pruning.md
  7. 22
      docs/Concepts/TLS.md
  8. 57
      docs/HowTo/Deploy/Bootnodes.md
  9. 38
      docs/HowTo/Deploy/Production.md
  10. 50
      docs/HowTo/Find-and-Connect/Bootnodes.md
  11. 61
      docs/HowTo/Find-and-Connect/Configuring-Ports.md
  12. 17
      docs/HowTo/Get-Started/Installation-Options/Options.md
  13. 17
      docs/HowTo/Get-Started/migrate-to-besu.md
  14. 20
      docs/HowTo/Limit-Access/Specify-Perm-Version.md
  15. 78
      docs/HowTo/Limit-Access/Updating-Permission-Lists.md
  16. 27
      docs/HowTo/Send-Transactions/Account-Management.md
  17. 48
      docs/HowTo/Troubleshoot/Trace-Transactions.md
  18. 25
      docs/HowTo/Upgrade/Upgrade-Protocol.md
  19. 47
      docs/Reference/Resources.md
  20. 16
      docs/global/concepts/Network-vs-Node.md
  21. 22
      docs/global/concepts/Pruning.md
  22. 50
      docs/global/how-to/troubleshoot/Troubleshooting.md
  23. 50
      docs/index.md
  24. 19
      docs/private-networks/concepts/index.md
  25. 16
      docs/private-networks/concepts/permissioning/index.md
  26. 22
      docs/private-networks/concepts/permissioning/onchain.md
  27. 4
      docs/private-networks/concepts/permissioning/plugin.md
  28. 6
      docs/private-networks/concepts/pki.md
  29. 4
      docs/private-networks/concepts/plugins.md
  30. 4
      docs/private-networks/concepts/poa.md
  31. 30
      docs/private-networks/concepts/privacy/flexible-privacy.md
  32. 17
      docs/private-networks/concepts/privacy/index.md
  33. 10
      docs/private-networks/concepts/privacy/multi-tenancy.md
  34. 18
      docs/private-networks/concepts/privacy/plugin.md
  35. 8
      docs/private-networks/concepts/privacy/privacy-groups.md
  36. 34
      docs/private-networks/concepts/privacy/private-transactions/index.md
  37. 27
      docs/private-networks/concepts/privacy/private-transactions/processing.md
  38. 0
      docs/private-networks/get-started/install/binary-distribution.md
  39. 29
      docs/private-networks/get-started/install/index.md
  40. 138
      docs/private-networks/get-started/install/run-docker-image.md
  41. 222
      docs/private-networks/get-started/start-node.md
  42. 21
      docs/private-networks/get-started/system-requirements.md
  43. 12
      docs/private-networks/how-to/backup.md
  44. 6
      docs/private-networks/how-to/configure/block-proposal-permissioning.md
  45. 89
      docs/private-networks/how-to/configure/bootnodes.md
  46. 14
      docs/private-networks/how-to/configure/consensus/add-validators-without-voting.md
  47. 46
      docs/private-networks/how-to/configure/consensus/clique.md
  48. 52
      docs/private-networks/how-to/configure/consensus/ibft.md
  49. 16
      docs/private-networks/how-to/configure/consensus/index.md
  50. 54
      docs/private-networks/how-to/configure/consensus/qbft.md
  51. 4
      docs/private-networks/how-to/configure/contracts.md
  52. 4
      docs/private-networks/how-to/configure/curves.md
  53. 14
      docs/private-networks/how-to/configure/free-gas.md
  54. 46
      docs/private-networks/how-to/configure/tls/client-and-server.md
  55. 4
      docs/private-networks/how-to/configure/tls/p2p.md
  56. 10
      docs/private-networks/how-to/configure/validators.md
  57. 4
      docs/private-networks/how-to/deploy/ansible.md
  58. 4
      docs/private-networks/how-to/deploy/cloud.md
  59. 14
      docs/private-networks/how-to/deploy/ethstats.md
  60. 4
      docs/private-networks/how-to/deploy/kubernetes.md
  61. 34
      docs/private-networks/how-to/index.md
  62. 8
      docs/private-networks/how-to/monitor/elastic-stack.md
  63. 19
      docs/private-networks/how-to/monitor/index.md
  64. 10
      docs/private-networks/how-to/monitor/opentelemetry.md
  65. 2
      docs/private-networks/how-to/monitor/quorum-hibernate.md
  66. 24
      docs/private-networks/how-to/monitor/splunk.md
  67. 28
      docs/private-networks/how-to/send-transactions/concurrent-private-transactions.md
  68. 14
      docs/private-networks/how-to/send-transactions/index.md
  69. 54
      docs/private-networks/how-to/send-transactions/private-transactions.md
  70. 30
      docs/private-networks/how-to/send-transactions/revert-reason.md
  71. 45
      docs/private-networks/how-to/upgrade.md
  72. 84
      docs/private-networks/how-to/use-permissioning/local.md
  73. 128
      docs/private-networks/how-to/use-permissioning/onchain.md
  74. 14
      docs/private-networks/how-to/use-privacy/access-private-transactions.md
  75. 18
      docs/private-networks/how-to/use-privacy/besu-extended.md
  76. 14
      docs/private-networks/how-to/use-privacy/eea-compliant.md
  77. 28
      docs/private-networks/how-to/use-privacy/flexible.md
  78. 8
      docs/private-networks/how-to/use-privacy/goquorum-compatible.md
  79. 4
      docs/private-networks/how-to/use-privacy/performance-best-practices.md
  80. 12
      docs/private-networks/how-to/use-privacy/privacy-groups.md
  81. 18
      docs/private-networks/how-to/use-privacy/sign-pmts.md
  82. 9
      docs/private-networks/how-to/use-privacy/tessera.md
  83. 8
      docs/private-networks/how-to/use-privacy/web3js-quorum.md
  84. 21
      docs/private-networks/index.md
  85. 4
      docs/private-networks/reference/accounts-for-testing.md
  86. 2159
      docs/private-networks/reference/api/index.md
  87. 55
      docs/private-networks/reference/api/objects.md
  88. 640
      docs/private-networks/reference/cli/options.md
  89. 139
      docs/private-networks/reference/cli/subcommands.md
  90. 22
      docs/private-networks/reference/index.md
  91. 4
      docs/private-networks/reference/plugin-api-interfaces.md
  92. 16
      docs/private-networks/tutorials/azure.md
  93. 60
      docs/private-networks/tutorials/clique.md
  94. 54
      docs/private-networks/tutorials/contracts/index.md
  95. 10
      docs/private-networks/tutorials/contracts/interact.md
  96. 14
      docs/private-networks/tutorials/contracts/transfer-funds.md
  97. 48
      docs/private-networks/tutorials/ethash.md
  98. 58
      docs/private-networks/tutorials/ibft/index.md
  99. 24
      docs/private-networks/tutorials/ibft/validators.md
  100. 42
      docs/private-networks/tutorials/kubernetes/charts.md
  101. Some files were not shown because too many files have changed in this diff Show More

@ -2,7 +2,7 @@ Developer Certificate of Origin
===============================
Per section 13.a of the
[Hyperledger Charter](https://www.hyperledger.org/about/charter), all code
[Hyperledger Charter](https://www.hyperledger.org/about/charter-2), all code
submitted to the Hyperledger Foundation needs to have a
[Developer Certificate of Origin](http://developercertificate.org/) (DCO)
sign-off.

@ -1,12 +0,0 @@
---
description: Hyperledger Besu architecture
---
# Hyperledger Besu architecture
The following diagram outlines the Hyperledger Besu high-level architecture.
![Architecture](../images/Architecture.png)
For more information about the Hyperledger Besu architecture, contact us on the
[Besu channel on Hyperledger Discord](https://discord.gg/hyperledger).

@ -1,17 +0,0 @@
---
description: Mining overview
---
# Mining
Hyperledger Besu supports CPU and GPU mining, which are
[configured using command line options](../HowTo/Configure/Configure-Mining.md).
GPU mining support testing used [Ethminer](https://github.com/ethereum-mining/ethminer) with the
`stratum+tcp` and `getwork` schemes.
Ethminer has been used with Hyperledger Besu to mine blocks on the [Ropsten testnet](https://ropsten.etherscan.io/address/0x2f14582947E292a2eCd20C430B46f2d27CFE213c#mine),
[ETC Mainnet (uncle block only)](https://etc.tokenview.com/en/uncleblock/10555173) and Mordor ETC testnet.
!!! note
Some mining software supports the `getwork` scheme as the `http` scheme.

@ -1,16 +0,0 @@
---
description: Configuring Besu at the network level compared to the node level
---
# Network vs node configuration
You can configure Besu at the network level and the node level.
Specify network-wide settings in the [genesis file](../Reference/Config-Items.md). For example,
include `evmStackSize` or specify the
[consensus mechanism](Consensus-Protocols/Overview-Consensus.md).
Specify node settings on the command line or in the
[node configuration file](../HowTo/Configure/Using-Configuration-File.md). For example, enable
[JSON-RPC API methods](../Reference/API-Methods.md) or specify the
[data directory](../Reference/CLI/CLI-Syntax.md#data-path) for the node.

@ -1,30 +0,0 @@
---
description: Protocol upgrades
---
# Network upgrades in private networks
Network upgrades are the mechanism for upgrading the Ethereum protocol. The time when the protocol
upgrade occurs is the network upgrade.
For the Ethereum Mainnet and public testnets (for example, Rinkeby), the milestone block
definitions are in Hyperledger Besu. Upgrading your Besu client applies the network upgrade.
For private networks, all network participants must agree on the protocol upgrades and then
coordinate the network upgrades. The genesis file specifies the
[milestone block](../Reference/Config-Items.md#milestone-blocks) at which to apply the
[protocol upgrade](../HowTo/Upgrade/Upgrade-Protocol.md).
## Backward compatibility
Some protocol upgrades include changes that might break existing contracts (for example, gas cost
changes). Before upgrading your protocol, review included EIPs for possible impact. A
[meta EIP](https://eips.ethereum.org/meta) for each protocol upgrade lists included EIPs. For
example, [Istanbul](https://eips.ethereum.org/EIPS/eip-1679).
!!! tip
For compatibility with future protocol upgrades, do not hardcode any gas price assumptions.
Implementing upgradeable contracts enables contracts to be upgraded if a protocol upgrade does
include breaking changes.

@ -1,22 +0,0 @@
---
description: Pruning concept information.
---
# Pruning
In Besu, pruning reduces the storage required by removing state trie nodes that are unreachable
from [recent blocks](../Reference/CLI/CLI-Syntax.md#pruning-blocks-retained).
Pruning is disabled by default, and can be enabled with the
[`--pruning-enabled`](../Reference/CLI/CLI-Syntax.md#pruning-enabled) command line option.
!!! Important
Using pruning with [private transactions](Privacy/Privacy-Overview.md) is not supported.
Pruning might increase block import times, but it does not affect the ability of nodes to stay in
sync.
!!! Important
Pruning is being deprecated for [Bonsai Tries](Data-Storage-Formats.md#bonsai-tries) and is currently not being updated.

@ -1,22 +0,0 @@
---
description: TLS overview
---
# TLS communication
Hyperledger Besu supports TLS to secure client and server communication, or [secure P2P communication] between nodes.
!!! important
To secure client and server communication, you also need to configure the client ([EthSigner](https://docs.ethsigner.consensys.net/en/latest/Concepts/TLS/))
or server ([Tessera](https://docs.tessera.consensys.net/HowTo/Configure/TLS/)) for TLS.
The following diagram displays an example client and server TLS configuration.
![Besu client and server TLS](../images/Besu_TLS.png)
You must store private keys and certificates in password-protected PKCS12 keystore files.
Use the command line options to [enable and configure](../HowTo/Configure/TLS/Configure-TLS.md) TLS.
[secure P2P communication]: ../HowTo/Configure/TLS/P2P-TLS.md

@ -1,57 +0,0 @@
---
description: Configuring bootnodes in production networks
---
# Configuring bootnodes in a production network
A network must have at least one operating bootnode. To allow for continuity in the event of
failure, configure two or more bootnodes.
We do not recommend putting bootnodes behind a load balancer because the
[enode](../../Concepts/Node-Keys.md#enode-url) relates to the node public key, IP address, and
discovery ports. Any changes to a bootnode enode prevents other nodes from being able to establish
a connection with the bootnode. This is why we recommend putting more bootnodes on the network
itself.
To ensure that a bootnode enode does not change when recovering from a complete bootnode failure:
1. Create the [node key pair](../../Concepts/Node-Keys.md) (that is, the private and public key)
before starting the bootnode.
1. When creating bootnodes in the cloud (for example, AWS and Azure), attempt to assign a static IP
address to them. If your network is:
* Publicly accessible, assign an elastic IP.
* Internal only, specify a private IP address when you create the instance and record this IP
address.
We recommend that you store the bootnode configuration under source control.
## Specifying bootnodes
To allow for failure, specify all bootnodes on the command line (even to the bootnodes themselves).
!!! example
If your network has two bootnodes, pass the following parameter to all nodes, including the
bootnodes.
```bash
--bootnodes=enode://<publicKeyBootnode1>@<ipBootnode1>:30303,<publicKeyBootnode2>@<ipBootnode2>:30303
```
!!! tip
Having each bootnode list the other bootnodes increases the speed of discovery. Nodes ignore
their own enode in the bootnodes list so it is not required to specify different bootnode lists
to the bootnodes themselves.
## Adding and removing bootnodes
Adding new bootnodes is a similar process to creating bootnodes. After creating the bootnodes and
adding them to the network,update the [`--bootnodes`](../../Reference/CLI/CLI-Syntax.md#bootnodes)
command line option for each node to include the new bootnodes.
When adding bootnodes, you do not need to restart running nodes. By updating the
[`--bootnodes`](../../Reference/CLI/CLI-Syntax.md#bootnodes) option, the next time you restart the
nodes (for example, when [upgrading](../Upgrade/Upgrade-Node.md)), the nodes connect to the new
bootnodes.

@ -1,38 +0,0 @@
---
description: Deploying Hyperledger Besu permissioning management dapp for production
---
# Deploying the Hyperledger Besu permissioning management dapp for production
To deploy the permissioning management dapp for production:
1. Retrieve the most recent release (tarball or zip) from the [projects release page].
1. Unpack the distribution into a directory available to your Web server.
1. In the root of the unpack directory, add a file called `config.json` replacing the placeholders
shown below.
!!!example "`config.json`"
```json
{
"accountIngressAddress": "<Address of the account ingress contract>",
"nodeIngressAddress": "<Address of the node ingress contract>",
"networkId": "<ID of your Ethereum network>"
}
```
1. On your Web server, host the contents of the directory as static files and direct root requests
to `index.html`.
## Starting a production permissioned network
Follow the procedure as for [Getting started with onchain permissioning], but do not perform the
steps using `yarn` to install, build, and start the development server. Instead, follow the
procedure above to deploy the permissioning management dapp to your Web server.
<!-- Links -->
[projects release page]: https://github.com/ConsenSys/permissioning-smart-contracts/releases/latest
[Getting started with onchain permissioning]: ../../Tutorials/Permissioning/Getting-Started-Onchain-Permissioning.md

@ -1,50 +0,0 @@
---
description: Configuring bootnodoes
---
# Bootnodes
You can use bootnodes to initially discover peers.
Bootnodes are regular nodes used to discover other nodes.
!!! tip
Bootnodes and static nodes are parallel methods for finding peers. Depending on your use case,
you can use only bootnodes, only static nodes, or both bootnodes and statics nodes. For
example, you run multiple nodes on Mainnet (discovery using bootnodes), but want to ensure your
nodes are always connected (using static nodes).
To find peers, configure one or more bootnodes as described below. To configure a specific set
of peer connections, use [static nodes](Static-Nodes.md).
## Mainnet and public testnets
For Mainnet and the Rinkeby, Ropsten, Sepolia, and Goerli testnets, Hyperledger Besu has an internal list of
enode URLs and uses this list automatically when you specify the
[`--network`](../../Reference/CLI/CLI-Syntax.md#network) option.
## Private networks
In private networks for development or testing purposes, specify at least one bootnode.
In production networks, [configure two or more nodes as bootnodes](../Deploy/Bootnodes.md).
### Specify a bootnode
To start a node, specifying a bootnode [enode](../../Concepts/Node-Keys.md) for P2P discovery,
using the [`--bootnodes`](../../Reference/CLI/CLI-Syntax.md#bootnodes) option.
!!! example
```bash
besu --genesis-file=privateNetworkGenesis.json --data-path=nodeDataPath --bootnodes=enode://c35c3ec90a8a51fd5703594c6303382f3ae6b2ecb99bab2c04b3794f2bc3fc2631dabb0c08af795787a6c004d8f532230ae6e9925cbbefb0b28b79295d615f@127.0.0.1:30303
```
The default host and port advertised to other peers for P2P discovery is `127.0.0.1:30303`. To
specify a different host or port, use the
[`--p2p-host`](../../Reference/CLI/CLI-Syntax.md#p2p-host) and
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) options.
By default, peer discovery listens on all available network interfaces. If the device Besu is
running on must bind to a specific network interface, specify the interface using the
[`--p2p-interface`](../../Reference/CLI/CLI-Syntax.md#p2p-interface) option.

@ -1,61 +0,0 @@
---
description: To enable communication you must expose Hyperledger Besu ports appropriately
---
# Configuring ports
To enable communication you must expose Hyperledger Besu ports appropriately. The following shows
an example port configuration for a Besu node on AWS.
![Port Configuration](../../images/PortConfiguration.png)
When running Besu from the [Docker image](../Get-Started/Installation-Options/Run-Docker-Image.md),
[expose ports](../Get-Started/Installation-Options/Run-Docker-Image.md#exposing-ports).
!!! tip
Besu supports [UPnP](Specifying-NAT.md) for home or small office environments where a wireless
router or modem provides NAT isolation.
## P2P networking
To enable peer discovery, the P2P UDP port must be open for inbound connections. Specify the P2P
port using the [`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option. The default is
`30303`.
We also recommend opening the P2P TCP port for inbound connections. This is not strictly required
because Besu attempts to open outbound TCP connections. But if no nodes on the network are
accepting inbound TCP connections, nodes cannot communicate.
Combine the P2P port with the values for the
[`--p2p-host`](../../Reference/CLI/CLI-Syntax.md#p2p-host) and
[`--p2p-interface`](../../Reference/CLI/CLI-Syntax.md#p2p-interface) options when specifying the
[P2P host](../../Reference/CLI/CLI-Syntax.md#p2p-host) and
[P2P network interface](../../Reference/CLI/CLI-Syntax.md#p2p-interface).
!!! info
By default, peer discovery listens on `0.0.0.0:30303` (all interfaces). If the device Besu is
running on must bind to a specific network interface, specify the interface using the
[`--p2p-interface`](../../Reference/CLI/CLI-Syntax.md#p2p-interface) option.
## JSON-RPC API
To enable access to the [JSON-RPC API](../Interact/APIs/Using-JSON-RPC-API.md), open the HTTP
JSON-RPC and WebSockets JSON-RPC ports to the intended users of the JSON-RPC API on TCP.
Specify the HTTP and WebSockets JSON-RPC ports using the
[`--rpc-http-port`](../../Reference/CLI/CLI-Syntax.md#rpc-http-port) and
[`--rpc-ws-port`](../../Reference/CLI/CLI-Syntax.md#rpc-ws-port) options. The defaults are `8545`
and `8546`.
## Metrics
To enable
[Prometheus to access Besu](../Monitor/Metrics.md#monitor-node-performance-using-prometheus), open
the metrics port or metrics push port to Prometheus or the Prometheus push gateway on TCP.
Specify the ports for Prometheus and Prometheus push gateway using the
[`--metrics-port`](../../Reference/CLI/CLI-Syntax.md#metrics-port) and
[`--metrics-push-port`](../../Reference/CLI/CLI-Syntax.md#metrics-push-port) options. The defaults
are `9545` and `9001`.

@ -1,17 +0,0 @@
---
title: Installation options
description: Options for getting started with Hyperledger Besu
---
# Options for getting started
## New to Hyperledger Besu?
Get started with the [Developer Quickstart](../../../Tutorials/Developer-Quickstart.md).
Use the quickstart to rapidly generate local blockchain networks.
## Installation options
* [Docker image](Run-Docker-Image.md)
* [Binaries](Install-Binaries.md)
* [Build from source](Build-from-source.md)

@ -1,17 +0,0 @@
---
description: Migrate to Besu guide
---
# Migrate to Besu
Migrate from a different Ethereum [execution client](../../Concepts/Merge.md#execution-and-consensus-clients)
to Besu to contribute to [client diversity](https://clientdiversity.org/).
When migrating from a different client, you are [configuring Besu as an execution client](../Upgrade/Prepare-for-The-Merge.md#configure-besu-as-an-execution-client)
and connecting your [consensus client](../../Concepts/Merge.md#consensus-clients) to Besu instead of your original execution client.
To minimize downtime while [Besu syncs](../../Concepts/Node-Types.md) and avoid downtime penalties,
you can sync Besu with a new consensus layer instance.
Once Besu has fully synced you can connect it to your existing consensus client.
Find guides to switch from specific clients on the [client diversity website](https://clientdiversity.org/#switch).

@ -1,20 +0,0 @@
---
description: Specify the permissioning interface version
---
# Specify the permissioning contract interface version
Use the [`--permissions-nodes-contract-version`](../../Reference/CLI/CLI-Syntax.md#permissions-nodes-contract-version)
command line option to specify the version of the [permissioning contract interface](../../Concepts/Permissioning/Onchain-Permissioning.md#permissioning-contracts).
The default is 1.
Specify the contract interface version that maps to the version of the [Enterprise Ethereum Alliance Client Specification](https://entethalliance.org/technical-specifications/)
the contract interface implements.
| | EEA Client Specification | Contract interface |
|:--------|:-------------------------|:-------------------|
| Version | 5 | 1 |
| Version | 6 | 2 |
The permissioning contracts in the [`ConsenSys/permissioning-smart-contracts`](https://github.com/ConsenSys/permissioning-smart-contracts)
repository implement the version 2 contract interface.

@ -1,78 +0,0 @@
---
description: Updating Hyperledger Besu onchain allowlists
---
# Updating nodes and accounts allowlists
When using [onchain permissioning](../../Concepts/Permissioning/Onchain-Permissioning.md), you can update
[nodes](#update-nodes-allowlist) and [accounts](#update-accounts-allowlist) allowlists.
## Update nodes allowlist
To add a node to the Hyperledger Besu nodes allowlist:
1. On the **Nodes** tab of the [permissioning management dapp](../../Tutorials/Permissioning/Getting-Started-Onchain-Permissioning.md),
select **Add Node**.
The **Add Node** window displays.
2. Enter the [enode URL](../../Concepts/Node-Keys.md#enode-url) of the node you are adding and select **Add Node**.
!!! tip
If your node has two different IP addresses for ingress and egress
(for example, if you use Kubernetes implementing a load balancer for ingress and a NAT gateway IP address for egress),
add both addresses to the allowlist, using the same public key for each IP address. This will allow the node to connect.
!!! important
Node allowlists [support domain names] in enode URLs as an experimental feature. Use the `--Xdns-enabled` option
to enable domain name support.
If using Kubernetes, enable domain name support and use the `--Xdns-update-enabled` option to ensure that Besu can
connect to a container after being restarted, even if the IP address of the container changes.
To remove a node from the nodes allowlist:
1. On the **Nodes** tab of the permissioning management dapp, hover over the row of the
node you are removing. A trash can displays.
1. Select the trash can.
!!! tip
If you add a running node, the node does not attempt to reconnect to the bootnode and
synchronize until peer discovery restarts. To add an allowlisted node as a peer without waiting
for peer discovery to restart, use
[`admin_addPeer`](../../Reference/API-Methods.md#admin_addpeer).
If you add the node to the allowlist before starting the node, using `admin_addPeer` is not
required because peer discovery is run on node startup.
!!! tip
If nodes are not connecting as expected, set the [log level to `TRACE`](../../Reference/CLI/CLI-Syntax.md#logging)
and search for messages containing `Node permissioning` to identify the issue.
Ensure the [`--p2p-host`](../../Reference/CLI/CLI-Syntax.md#p2p-host) command line option has been
correctly configured for all nodes with the
externally accessible address.
If you change your network configuration, you may need to update the node allowlist.
## Update accounts allowlist
To add an account to the accounts allowlist:
1. On the **Accounts** tab of the [permissioning management dapp](../../Tutorials/Permissioning/Getting-Started-Onchain-Permissioning.md),
select **Add Account**. The **Add Account** window displays.
1. Enter the account address in the **Account Address** field and select **Add Account**.
To remove an account from the accounts allowlist:
1. On the **Accounts** tab of the permissioning management dapp, hover over the row of
the account you are removing. A trash can displays.
1. Select the trash can.
## Update admins
You can add or remove admins in the same way as [accounts](#update-accounts-allowlist), except on the **Admins** tab.
[support domain names]: ../../Concepts/Node-Keys.md#domain-name-support

@ -1,27 +0,0 @@
---
description: Using third party wallets for account management with Hyperledger Besu
---
# Using wallets for key management
Hyperledger Besu does not support key management inside the client. Use:
* [EthSigner](http://docs.ethsigner.consensys.net/en/latest/) with Besu to provide access to your
key store and sign transactions.
* Third-party tools (for example, [MetaMask](https://metamask.io/) and [web3j](https://web3j.io/))
for creating accounts.
In Besu, you can use the JSON-RPC methods:
* [`eth_getBalance`](../../Reference/API-Methods.md#eth_getbalance) to retrieve the account balance.
* [`eth_sendRawTransaction`](../../Reference/API-Methods.md#eth_sendrawtransaction) to transfer
ether or create and interact with contracts. For more information, see
[Transactions](Transactions.md#transactions)).
* [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) to send
[private transactions](Creating-Sending-Private-Transactions.md).
!!! tip
[EthSigner](http://docs.ethsigner.consensys.net/en/latest/) implements
[`eth_sendTransaction`](http://docs.ethsigner.consensys.net/en/latest/Using-EthSigner/Using-EthSigner/#eth_sendtransaction)
and [`eea_sendTransaction`](http://docs.ethsigner.consensys.net/en/latest/Using-EthSigner/Using-EthSigner/#eea_sendtransaction).

@ -1,48 +0,0 @@
---
description: How to trace transactions
---
# Trace transactions
To get detailed information about transaction processing, use the
[`TRACE` API](../../Reference/API-Methods.md#trace-methods).
Enable the `TRACE` API using the
[`--rpc-http-api`](../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) command line options.
The `TRACE` API has two sets of trace calls, [ad-hoc tracing APIs](#ad-hoc-tracing-apis) and
[transaction-trace filtering APIs](#transaction-trace-filtering-apis).
## Ad-hoc tracing APIs
These APIs allow different diagnostic options when tracing calls or transactions.
The options are [`trace`, `vmTrace`, or `stateDiff`](../../Reference/Trace-Types.md).
To use the ad-hoc tracing APIs, the requested block or transaction must be within the
number of [blocks retained](../../Reference/CLI/CLI-Syntax.md#pruning-blocks-retained) with [pruning enabled](../../Reference/CLI/CLI-Syntax.md#pruning-enabled)
(by default, 1024).
The ad-hoc tracing APIs are:
* [trace_call](../../Reference/API-Methods.md#trace_call)
* [trace_callMany](../../Reference/API-Methods.md#trace_callmany)
* [trace_rawTransaction](../../Reference/API-Methods.md#trace_rawtransaction)
* [trace_replayBlockTransactions](../../Reference/API-Methods.md#trace_replayblocktransactions)
## Transaction-trace filtering APIs
These APIs allow you to filter and search by specific information such as the block, address, or transaction.
These APIs only use the [`trace` type](../../Reference/Trace-Types.md#trace).
To use the transaction-trace filtering APIs, your node must be an archive node
(that is, synchronized without pruning or fast sync) or the
requested block or transaction must be within the
number of [blocks retained](../../Reference/CLI/CLI-Syntax.md#pruning-blocks-retained) with [pruning enabled](../../Reference/CLI/CLI-Syntax.md#pruning-enabled)
(by default, 1024).
The transaction-trace filtering APIs are:
* [trace_block](../../Reference/API-Methods.md#trace_block)
* [trace_filter](../../Reference/API-Methods.md#trace_filter)
* [trace_get](../../Reference/API-Methods.md#trace_get)
* [trace_transaction](../../Reference/API-Methods.md#trace_transaction)

@ -1,25 +0,0 @@
---
description: Upgrading protocol versions
---
# Upgrading your protocol in a private network
To [upgrade the protocol](../../Concepts/Protocol-Upgrades.md) (also known as a hard fork) in a
private network:
1. Review included EIPs for breaking changes. A [meta EIP](https://eips.ethereum.org/meta) for each
protocol upgrade lists included EIPs. For example,
[Istanbul](https://eips.ethereum.org/EIPS/eip-1679).
1. Network participants agree on the block number at which to
[upgrade](../../Concepts/Protocol-Upgrades.md).
1. For each node in the network:
a. Add the
[milestone block number](../../Reference/Config-Items.md#milestone-blocks) to the genesis
file.
b. Restart the node before reaching milestone block.
!!! caution
To avoid a forked network, all network participants must update their genesis file to include
the agreed on milestone block and restart their node before reaching the milestone block.

@ -1,47 +0,0 @@
---
description: Hyperledger Besu resources including blog posts, webinars, and meetup recordings.
---
# Hyperledger Besu resources
## Blog posts
[ConsenSys Quorum Blog]
[Understanding Proof of Authority via Clique and IBFT 2.0 Private Networks]
[Security Challenges for Enterprise Blockchain Solutions]
[Why We Rebuilt Ethereum from Scratch]
[Why Java for Blockchain]
[Case Study: How Poste Italiane brings value to loyalty with Hyperledger Besu]
## Webinars
[Besu Plugin API: Learn How to Leverage Plugin APIs on Hyperledger Besu]
[Permissioning in Blockchain: A Technical Look at Benefits and Best Practices]
[Privacy in Besu: How PegaSys Redefined Blockchain for Enterprises]
[The Final Word: IBFT 2.0 and Enterprise Consensus]
[De-Mystifying Besu: Understanding an Ethereum Codebase]
[Getting Started with Besu]
<!-- Links -->
[Consensys Quorum Blog]: https://consensys.net/quorum/blog/
[Understanding Proof of Authority via Clique and IBFT 2.0 Private Networks]: https://consensys.net/blog/quorum/hyperledger-besu-understanding-proof-of-authority-via-clique-and-ibft-2-0-private-networks-part-1/
[Security Challenges for Enterprise Blockchain Solutions]: https://consensys.net/blog/enterprise-blockchain/how-pegasys-orchestrate-solves-4-key-security-challenges-for-enterprise-blockchain-solutions/
[Why We Rebuilt Ethereum from Scratch]: https://media.consensys.net/why-we-rebuilt-ethereum-from-scratch-9e38b6ebd4a2
[Why Java for Blockchain]: https://media.consensys.net/why-java-for-blockchain-73f1b444c2d
[Besu Plugin API: Learn How to Leverage Plugin APIs on Hyperledger Besu]: https://youtu.be/78sa2WuA1rg
[Permissioning in Blockchain: A Technical Look at Benefits and Best Practices]: https://www.youtube.com/watch?v=CD0pHtNDqZs
[Privacy in Besu: How PegaSys Redefined Blockchain for Enterprises]: https://www.youtube.com/watch?v=8l7SSZLyFL8
[The Final Word: IBFT 2.0 and Enterprise Consensus]: https://www.youtube.com/watch?v=YmTUP_dWfME
[De-Mystifying Besu: Understanding an Ethereum Codebase]: https://www.youtube.com/watch?v=OJfib9kTK7U&feature=youtu.be
[Getting Started with Besu]: https://www.youtube.com/watch?v=OKWBr94J9rY&t=1s
[Case Study: How Poste Italiane brings value to loyalty with Hyperledger Besu]: https://www.hyperledger.org/learn/publications/posteitaliane-case-study

@ -0,0 +1,16 @@
---
description: Configuring Besu at the network level compared to the node level
---
# Network vs node configuration
You can configure Besu at the network level and the node level.
Specify network-wide settings in the [genesis file](../../public-networks/reference/genesis-items.md). For example,
include `evmStackSize` or specify the
[consensus mechanism](../../private-networks/how-to/configure/consensus/index.md).
Specify node settings on the command line or in the
[node configuration file](../../public-networks/how-to/configuration-file.md). For example, enable
[JSON-RPC API methods](../../public-networks/reference/api/index.md) or specify the
[data directory](../../public-networks/reference/cli/options.md#data-path) for the node.

@ -0,0 +1,22 @@
---
description: Pruning concept information.
---
# Pruning
In Besu, pruning reduces the storage required by removing state trie nodes that are unreachable
from [recent blocks](../../public-networks/reference/cli/options.md#pruning-blocks-retained).
Pruning is disabled by default, and can be enabled with the
[`--pruning-enabled`](../../public-networks/reference/cli/options.md#pruning-enabled) command line option.
!!! Important
Using pruning with [private transactions] is not supported.
Pruning might increase block import times, but it does not affect the ability of nodes to stay in
sync.
!!! Important
Pruning is being deprecated for [Bonsai Tries] and is currently not being updated.

@ -10,18 +10,18 @@ If Hyperledger Besu is not working as expected, here are some things to check or
If a `Supplied genesis block does not match stored chain data` error occurs, use the genesis file
matching the genesis block of the data directory, or use the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option to specify a different data
[`--data-path`](../../../public-networks/reference/cli/options.md#data-path) option to specify a different data
directory.
## Invalid block header
If a `TimeStampMoreRecentThanParent | Invalid block header` error occurs, the [genesis file](../Configure/Genesis-File.md) of the new node is specifying a higher
[`blockperiodseconds`](../Configure/Consensus-Protocols/IBFT.md#block-time) than the imported chain.
If a `TimeStampMoreRecentThanParent | Invalid block header` error occurs, the [genesis file](../../../public-networks/concepts/genesis-file.md) of the new node is specifying a higher
[`blockperiodseconds`](../../../private-networks/how-to/configure/consensus/ibft.md#block-time) than the imported chain.
The imported chain makes new blocks faster than the genesis file allows and Besu rejects them with this error.
This error most often occurs when importing chains from older versions of Besu.
To correct this error, decrease the `blockperiodseconds` in the new [IBFT 2.0 genesis file](../Configure/Consensus-Protocols/IBFT.md#genesis-file)
or [QFBT genesis file](../Configure/Consensus-Protocols/QBFT.md#genesis-file) to a lower value that satisfies the block header validation.
To correct this error, decrease the `blockperiodseconds` in the new [IBFT 2.0 genesis file](../../../private-networks/how-to/configure/consensus/ibft.md#genesis-file)
or [QFBT genesis file](../../../private-networks/how-to/configure/consensus/qbft.md#genesis-file) to a lower value that satisfies the block header validation.
!!! example
@ -29,26 +29,26 @@ or [QFBT genesis file](../Configure/Consensus-Protocols/QBFT.md#genesis-file) to
decrease the `blockperiodseconds` from 4 seconds to 3 seconds to match the imported chain.
After you have updated the new genesis file, if the imported chain has a `blockperiodseconds` value set lower than you prefer, you can adjust it by configuring the block time on an
[existing IBFT 2.0](../Configure/Consensus-Protocols/IBFT.md#configure-block-time-on-an-existing-network-deployment)
or [existing QBFT](../Configure/Consensus-Protocols/QBFT.md#configure-block-time-on-an-existing-network) network.
[existing IBFT 2.0](../../../private-networks/how-to/configure/consensus/ibft.md#configure-block-time-on-an-existing-network-deployment)
or [existing QBFT](../../../private-networks/how-to/configure/consensus/qbft.md#configure-block-time-on-an-existing-network) network.
## Host not authorized
If a `Host not authorized` error occurs when attempting to access the JSON-RPC API, ensure
[`--host-allowlist`](../../Reference/CLI/CLI-Syntax.md#host-allowlist) includes the host you are
[`--host-allowlist`](../../../public-networks/reference/cli/options.md#host-allowlist) includes the host you are
sending the RPC from, or `*`.
## Peers fail to connect
If nodes are not communicating, ensure the
[required ports are open](../../HowTo/Find-and-Connect/Configuring-Ports.md).
[required ports are open](../../../public-networks/how-to/connect/configure-ports.md).
If your nodes are running in AWS, check you have appropriate `SecurityGroups` to allow access to
the required ports.
Check that the [enode URLs](../../Concepts/Node-Keys.md#enode-url) specified for
[bootnodes](../Find-and-Connect/Bootnodes.md) or
[static nodes](../Find-and-Connect/Static-Nodes.md) match the enode URLs displayed when starting the
Check that the [enode URLs](../../../public-networks/concepts/node-keys.md#enode-url) specified for
[bootnodes](../../../private-networks/how-to/configure/bootnodes.md) or
[static nodes](../../../public-networks/how-to/connect/static-nodes.md) match the enode URLs displayed when starting the
remote nodes.
## Mining
@ -68,23 +68,23 @@ On non-mining nodes, log messages indicate importing blocks.
```
To confirm the block number is increasing, use the
[`eth_blockNumber`](../../Reference/API-Methods.md#eth_blocknumber) JSON-RPC API method.
[`eth_blockNumber`](../../../public-networks/reference/api/index.md#eth_blocknumber) JSON-RPC API method.
If there is no block creating in [Clique](../Configure/Consensus-Protocols/Clique.md#extra-data)
or [IBFT 2.0](../Configure/Consensus-Protocols/IBFT.md#extra-data) networks, ensure the validator
If there is no block creating in [Clique](../../../private-networks/how-to/configure/consensus/clique.md#extra-data)
or [IBFT 2.0](../../../private-networks/how-to/configure/consensus/ibft.md#extra-data) networks, ensure the validator
addresses in the genesis file match running nodes.
## Transactions are not mined
If you add a transaction to the
[transaction pool](../../Concepts/Transactions/Transaction-Pool.md) and the transaction hash
[transaction pool](../../../public-networks/concepts/transactions/pool.md) and the transaction hash
returns, but the transaction is never mined, check the
[`--min-gas-price`](../../Reference/CLI/CLI-Syntax.md#min-gas-price) option on mining nodes. If the
`gasPrice` on a [transaction](../Send-Transactions/Transactions.md) is lower than the
[`--min-gas-price`](../../../public-networks/reference/cli/options.md#min-gas-price) option on mining nodes. If the
`gasPrice` on a [transaction](../../../public-networks/how-to/send-transactions.md) is lower than the
`min-gas-price` for the mining node, the transaction will never mine.
In [free gas networks](../Configure/FreeGas.md), you must set
[`--min-gas-price`](../../Reference/CLI/CLI-Syntax.md#min-gas-price) to zero.
In [free gas networks](../../../private-networks/how-to/configure/free-gas.md), you must set
[`--min-gas-price`](../../../public-networks/reference/cli/options.md#min-gas-price) to zero.
## Genesis milestone
@ -101,11 +101,11 @@ hyphens.
## Logging
Restart Besu with the command line option
[`--logging=TRACE`](../../Reference/CLI/CLI-Syntax.md#logging) and look at the log files.
[`--logging=TRACE`](../../../public-networks/reference/cli/options.md#logging) and look at the log files.
## Pending State Nodes not decreasing for a full node in Grafana
During [fast synchronization](../../Concepts/Node-Types.md#run-a-full-node) for a full node, the
During [fast synchronization](../../../public-networks/how-to/connect/sync-node.md#run-a-full-node) for a full node, the
Pending State Nodes count is the number of nodes yet to be downloaded, and it should change
constantly. Pending State Nodes trend to 0 during fast synchronization and then goes to 0.
@ -115,7 +115,7 @@ In the following example the Pivot Block is 0 (zero) and the Pending State Nodes
This means the node isn't syncing against any peers. The fact that state nodes have been downloaded
means at some stage it was syncing.
![Fast synchronization](../../images/fastsync.png)
![Fast synchronization](../../../images/fastsync.png)
The easiest solution in this scenario is to restart fast synchronization to obtain a new
pivot block.
@ -172,7 +172,7 @@ sudo mount /dev/urandom /dev/random -o bind
## Quorum Developer Quickstart not working on Apple M1 chip
The [Quorum Developer Quickstart](../../Tutorials/Developer-Quickstart.md) does not currently support
The [Quorum Developer Quickstart](../../../private-networks/tutorials/quickstart.md) does not currently support
the Apple M1 chip. The quickstart starts up on machines that use the chip, but may show the
following symptoms:
@ -188,7 +188,7 @@ following symptoms:
## Unsupported address exception while running from Docker
While [running Besu from a Docker image](../../HowTo/Get-Started/Installation-Options/Run-Docker-Image.md), you might get the following exception:
While [running Besu from a Docker image], you might get the following exception:
```bash
Unsupported address type exception when connecting to peer {}, this is likely due to ipv6 not being enabled at runtime.

@ -5,7 +5,10 @@ description: Besu is an open-source Ethereum client developed under the Apache 2
networks.
---
# Besu Ethereum client
# Hyperledger Besu Ethereum client
Hyperledger Besu is an open source Ethereum client developed under the Apache 2.0 license and written in Java.
It runs on public and private networks:
<div class="grid cards" markdown>
@ -13,51 +16,31 @@ description: Besu is an open-source Ethereum client developed under the Apache 2
---
You can run Besu as an execution client on Ethereum Mainnet and Ethereum public testnets, such as Goerli and Sepolia.
Run Besu as an execution client on Ethereum Mainnet and Ethereum public testnets, such as Goerli and Sepolia.
[:octicons-arrow-right-24: Getting started](HowTo/Get-Started/System-Requirements/System-Requirements-Public.md)
[:octicons-arrow-right-24: Get started](public-networks/index.md)
* :material-book-lock-outline: __Private networks__
---
You can create or join a network not connected to Mainnet or a public testnet. Use private networks to develop enterprise applications requiring secure, high-performance transaction processing.
Create or join a private, permissioned network. Use private networks to develop enterprise applications requiring secure, high-performance transaction processing.
[:octicons-arrow-right-24: Getting started](HowTo/Get-Started/System-Requirements/System-Requirements-Private.md)
[:octicons-arrow-right-24: Get started](private-networks/index.md)
</div>
## What is Hyperledger Besu?
Hyperledger Besu is an open-source Ethereum client developed under the Apache 2.0 license and written in Java.
It runs on Ethereum Mainnet, private networks, and test networks such as Rinkeby, Ropsten, Goerli, and the Merge testnet.
Besu serves as an [execution client](Concepts/Merge.md) on Ethereum Mainnet and the Merge testnet.
Besu implements proof of authority (QBFT, IBFT 2.0, and Clique) and proof of work (Ethash) consensus mechanisms.
You can use Besu to develop enterprise applications requiring secure, high-performance transaction
processing in a private network.
Besu supports enterprise features including privacy and permissioning.
## What can you do with Besu?
Besu includes a [command line interface](Reference/CLI/CLI-Syntax.md) and
[JSON-RPC API](HowTo/Interact/APIs/API.md) for running, maintaining, debugging, and monitoring
nodes in an Ethereum network. You can use the API via RPC over HTTP or via WebSockets. Besu also
Besu includes a [command line interface](public-networks/reference/cli/options.md) and
[JSON-RPC API](public-networks/how-to/use-besu-api/index.md) for running, maintaining, debugging, and monitoring
nodes in an Ethereum network. You can use the API via RPC over HTTP or via WebSocket. Besu also
supports Pub/Sub. The API supports typical Ethereum functionalities such as:
* Ether mining.
* Smart contract development.
* Decentralized application (dapp) development.
## New to Ethereum?
Get started with the [Developer Quickstart](Tutorials/Developer-Quickstart.md). Use the quickstart
to rapidly generate local blockchain networks.
Learn more about [use cases for Ethereum](https://consensys.net/blockchain-use-cases/case-studies/).
## What does Besu support?
The Besu client supports common smart contract and dapp development, deployment, and operational
@ -65,6 +48,15 @@ use cases, using tools such as [Truffle](http://truffleframework.com/),
[Remix](https://github.com/ethereum/remix), and [web3j](https://web3j.io/). The client supports
common JSON-RPC API methods such as `eth`, `net`, `web3`, `debug`, and `miner`.
Besu doesn't support [key management](HowTo/Send-Transactions/Account-Management.md) inside the
Besu doesn't support [key management](public-networks/how-to/send-transactions.md) inside the
client. You can use [EthSigner](http://docs.ethsigner.consensys.net/en/latest/) with Besu to access
your key store and sign transactions.
## Besu architecture
The following diagram outlines the Besu high-level architecture.
![Architecture](images/Architecture.png)
If you have any questions about Besu or its architecture, contact us on the
[Besu channel on Hyperledger Discord](https://discord.gg/hyperledger).

@ -0,0 +1,19 @@
---
description: private networks concepts overview
---
# Concepts
This section provides background information and context about private network features.
The following features are shared with [public networks](../../public-networks/index.md) and the
content can be found in the public networks section:
- Transactions:
- [Transaction types](../../public-networks/concepts/transactions/types.md)
- [Transaction pool](../../public-networks/concepts/transactions/pool.md)
- [Transaction validation](../../public-networks/concepts/transactions/validation.md)
- [Network ID and chain ID](../../public-networks/concepts/network-and-chain-id.md)
- [Events and logs](../../public-networks/concepts/events-and-logs.md)
- [Genesis file](../../public-networks/concepts/genesis-file.md)
- [Node keys](../../public-networks/concepts/node-keys.md)

@ -16,13 +16,13 @@ specified nodes and accounts to access the network.
action to prevent the bad actor adding to the chain but they cannot prevent the bad actor from
allowing access to the chain.
Besu also implements [privacy](../Privacy/Privacy-Overview.md).
Besu also implements [privacy](../privacy/index.md).
## Node permissioning
Use node permissioning to restrict access to known participants only.
![Node Permissioning](../../images/node-permissioning-bad-actor.png)
![Node Permissioning](../../../images/node-permissioning-bad-actor.png)
## Account permissioning
@ -33,15 +33,15 @@ Use account permissioning to:
* Exclude broken contracts using a denylist.
* Restrict the actions an account can perform.
![Account Permissioning](../../images/enterprise-ethereum-account-permissioning.png)
![Account Permissioning](../../../images/enterprise-ethereum-account-permissioning.png)
## Specifying permissioning
## Specify permissioning
You can specify permissioning [locally](#local) or [onchain](#onchain).
### Local
[Local permissioning](../../HowTo/Limit-Access/Local-Permissioning.md) works at the node level.
[Local permissioning](../../how-to/use-permissioning/local.md) works at the node level.
Each node in the network has a [permissions configuration file].
Local permissioning affects your node but not the rest of the network. Use local permissioning to
@ -53,7 +53,7 @@ immediately to protect your node. Your rules are not enforced in blocks produced
### Onchain
[Onchain permissioning](Onchain-Permissioning.md) works through a smart contract on the network.
[Onchain permissioning](onchain.md) works through a smart contract on the network.
Specifying permissioning onchain enables all nodes to read and update permissioning configuration
from one location.
@ -66,7 +66,7 @@ by the updated rules. For example, blocked accounts can no longer add transactio
The following diagram illustrates applying local and onchain permissioning rules.
![Permissioning Flow](../../images/PermissioningFlow.png)
![Permissioning Flow](../../../images/PermissioningFlow.png)
<!-- Links -->
[permissions configuration file]: ../../HowTo/Limit-Access/Local-Permissioning.md#permissions-configuration-file
[permissions configuration file]: ../../how-to/use-permissioning/local.md#permissions-configuration-file

@ -4,7 +4,7 @@ description: Onchain permissioning
# Onchain permissioning
Onchain [permissioning](Permissioning-Overview.md) uses smart contracts to store and administer the node, account, and admin
Onchain [permissioning](index.md) uses smart contracts to store and administer the node, account, and admin
allowlists. Using onchain permissioning enables all nodes to read the allowlists from a single
source, the blockchain.
@ -43,8 +43,7 @@ The permissioning smart contracts provided in the
The permissioning contract has multiple interfaces, and each interface maps to a specific
version of the [Enterprise Ethereum Alliance Client Specification](https://entethalliance.org/technical-specifications/).
Ensure that you specify the [permissioning contract interface](../../HowTo/Limit-Access/Specify-Perm-Version.md)
being used when starting Besu.
Ensure that you [specify the permissioning contract interface] being used when starting Besu.
## Permissioning management dapp
@ -61,20 +60,20 @@ Permissioning implements three allowlists:
!!! caution "Using account permissioning and privacy"
Account permissioning is incompatible with
[random key signing](../../HowTo/Use-Privacy/Sign-Privacy-Marker-Transactions.md) for
[privacy marker transactions](../Privacy/Private-Transaction-Processing.md).
[random key signing](../../how-to/use-privacy/sign-pmts.md) for
[privacy marker transactions](../privacy/private-transactions/processing.md).
If using account permissioning and privacy, a signing key must be specified using the
[`--privacy-marker-transaction-signing-key-file`](../../Reference/CLI/CLI-Syntax.md#privacy-marker-transaction-signing-key-file)
[`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file)
command line option and the corresponding public key
included in the accounts allowlist.
!!! tip
If nodes are not connecting as expected, set the [log level to `TRACE`](../../Reference/CLI/CLI-Syntax.md#logging)
If nodes are not connecting as expected, set the [log level to `TRACE`](../../../public-networks/reference/cli/options.md#logging)
and search for messages containing `Node permissioning` to identify the issue.
Ensure the [`--p2p-host`](../../Reference/CLI/CLI-Syntax.md#p2p-host) command line option has been
Ensure the [`--p2p-host`](../../../public-networks/reference/cli/options.md#p2p-host) command line option has been
correctly configured for all nodes with the
externally accessible address.
@ -82,7 +81,7 @@ Permissioning implements three allowlists:
## Bootnodes
When a node joins the network, the node connects to the [bootnodes](../../HowTo/Find-and-Connect/Bootnodes.md) until it
When a node joins the network, the node connects to the [bootnodes](../../how-to/configure/bootnodes.md) until it
synchronizes to the chain head, regardless of node permissions. After synchronization, the Account Rules and Node
Rules smart contracts apply the permissioning rules.
@ -94,5 +93,6 @@ bootnodes to rediscover peers.
All bootnodes must be on the nodes allowlist.
<!-- Links -->
[permissioning management dapp]: ../../Tutorials/Permissioning/Getting-Started-Onchain-Permissioning.md
[`--privacy-marker-transaction-signing-key-file`]: ../../Reference/CLI/CLI-Syntax.md#privacy-marker-transaction-signing-key-file
[permissioning management dapp]: ../../how-to/use-permissioning/onchain.md#deploy-the-permissioning-management-dapp
[`--privacy-marker-transaction-signing-key-file`]: ../../../public-networks/reference/cli/options.md#privacy-marker-transaction-signing-key-file
[specify the permissioning contract interface]: ../../how-to/use-permissioning/onchain.md#specify-the-permissioning-contract-interface-version

@ -4,7 +4,7 @@ description: Plugin based permissioning
# Permissioning plugin
You can define complex [permissioning](Permissioning-Overview.md) solutions by [building a plugin](../Plugins.md) that
You can define complex [permissioning](index.md) solutions by building a plugin that
extends Hyperledger Besu functionality.
The plugin API provides a `PermissioningService` interface that currently supports connection permissioning and
@ -19,7 +19,7 @@ Use connection permissioning when deciding whether to restrict node access to kn
Use message permissioning to propagate different types of devP2P messages to particular nodes. For example,
this can be used to prevent pending transactions from being forwarded to other nodes.
## Registering your plugin
## Register your plugin
To enable permissioning in your plugin, implement the `PermissioningService` interface and register your providers.

@ -26,7 +26,7 @@ authorized nodes in the network.
When receiving connection requests, the incoming connection must be from another authorized node. Similarly, when
connecting to a node the initiator ensures that the remote node is authorized to participate in the network.
[Configure TLS for the P2P communication using the Besu command line options](../HowTo/Configure/TLS/P2P-TLS.md).
[Configure TLS for the P2P communication using the Besu command line options](../how-to/configure/tls/p2p.md).
## Block proposal permissioning
@ -39,7 +39,7 @@ network. The block hash is signed by the validator private certificate and inclu
as a [CMS (Cryptographic Message Syntax)]. This is used by other validators to verify that the proposer is authorized
to create a block in the network.
[Configure block proposal permissioning using the Besu command line options](../HowTo/Configure/Block-Proposal-Permissioning.md).
[Configure block proposal permissioning using the Besu command line options](../how-to/configure/block-proposal-permissioning.md).
[QBFT consensus protocol]: ../HowTo/Configure/Consensus-Protocols/QBFT.md
[QBFT consensus protocol]: ../how-to/configure/consensus/qbft.md
[CMS (Cryptographic Message Syntax)]: https://en.wikipedia.org/wiki/Cryptographic_Message_Syntax

@ -18,9 +18,9 @@ third-party application. The API exposes data about the following components:
* Logs
* Syncing state.
![Besu plugin API](../images/Hyperledger-Besu-Plugin-API.png)
![Besu plugin API](../../images/Hyperledger-Besu-Plugin-API.png)
The plugin API provides access to [interfaces](../Reference/Plugin-API-Interfaces.md) allowing you
The plugin API provides access to [interfaces](../reference/plugin-api-interfaces.md) allowing you
to build the plugin.
!!! tip

@ -2,9 +2,9 @@
description: Besu proof of authority consensus protocols comparison
---
# Comparing proof of authority consensus protocols
# Proof of authority consensus
Besu implements the QBFT, IBFT 2.0, and Clique proof of authority (PoA) [consensus protocols](Overview-Consensus.md).
Besu implements the QBFT, IBFT 2.0, and Clique proof of authority (PoA) [consensus protocols](../how-to/configure/consensus/index.md).
PoA consensus protocols work when participants know each other and there is a level of trust
between them. For example, in a permissioned consortium network.

@ -10,8 +10,8 @@ description: Flexible privacy groups
Read our [Orion to Tessera migration guide](https://docs.orion.consensys.net/en/latest/Tutorials/Migrating-from-Orion-to-Tessera/)
and about all the [new Tessera features](https://consensys.net/blog/quorum/tessera-the-privacy-manager-of-choice-for-consensys-quorum-networks).
Flexible [privacy groups](Privacy-Groups.md) use smart contracts to store and maintain the group membership.
You can [add and remove members to and from flexible privacy groups](../../HowTo/Use-Privacy/Use-FlexiblePrivacy.md).
Flexible [privacy groups](privacy-groups.md) use smart contracts to store and maintain the group membership.
You can [add and remove members to and from flexible privacy groups](../../how-to/use-privacy/flexible.md).
!!! tip
@ -27,7 +27,7 @@ You can [add and remove members to and from flexible privacy groups](../../HowTo
group functionality in future versions.
We don't recommended creating flexible privacy groups in a chain with existing
[offchain privacy groups](Privacy-Groups.md).
[offchain privacy groups](privacy-groups.md).
## Group management contracts
@ -51,7 +51,7 @@ the management contract, must be signed by the same key that signed the group cr
When creating a flexible privacy group, generate the privacy group ID for the group outside of Besu
and pass the ID as a parameter.
The [web3js-quorum library](../../HowTo/Use-Privacy/Use-FlexiblePrivacy.md) generates a unique privacy
The [web3js-quorum library](../../how-to/use-privacy/flexible.md) generates a unique privacy
group ID and passes the ID to Besu when creating a privacy group.
!!! caution
@ -64,14 +64,14 @@ group ID and passes the ID to Besu when creating a privacy group.
## Multi-tenancy
When using [multi-tenancy](Multi-Tenancy.md) with flexible privacy groups, each user provides a JSON Web Token (JWT)
When using [multi-tenancy](multi-tenancy.md) with flexible privacy groups, each user provides a JSON Web Token (JWT)
which allows Besu to check that the user has access to functionality and data associated with a privacy group.
Using multi-tenancy with flexible privacy groups is more complex than with [offchain privacy groups](Privacy-Groups.md)
Using multi-tenancy with flexible privacy groups is more complex than with [offchain privacy groups](privacy-groups.md)
because users may be added and removed from flexible privacy groups.
When a user is added to a privacy group, they get access to all existing data in the privacy group.
After being removed from a privacy group, a user retains access to already existing data in the privacy group, up to the
block containing the [privacy marker transaction (PMT)](Private-Transaction-Processing.md) that removed them (the
block containing the [privacy marker transaction (PMT)](private-transactions/processing.md) that removed them (the
removal block).
A removed user doesn't have access to data in the privacy group that happens after they were removed.
@ -80,23 +80,23 @@ but later removed from, Besu allows the user access to the following functionali
group:
- Private transactions using `priv_getTransaction` and private transaction receipts using
[`priv_getTransactionReceipt`](../../Reference/API-Methods.md#priv_gettransactionreceipt) from blocks up to (and
[`priv_getTransactionReceipt`](../../../public-networks/reference/api/index.md#priv_gettransactionreceipt) from blocks up to (and
including) the removal block.
!!! note
A removed group member may have access to some private transactions after the removal PMT in the same block.
- Using [`priv_call`](../../Reference/API-Methods.md#priv_call) on blocks up to (and including) the removal block.
- Private logs using [`priv_getLogs`](../../Reference/API-Methods.md#priv_getlogs) for blocks up to (and including) the
- Using [`priv_call`](../../../public-networks/reference/api/index.md#priv_call) on blocks up to (and including) the removal block.
- Private logs using [`priv_getLogs`](../../../public-networks/reference/api/index.md#priv_getlogs) for blocks up to (and including) the
removal block.
When the `toBlock` is greater than the removal block, `priv_getLogs` still returns logs up to the removal block.
!!! note
When a user is removed from a privacy group, any [log filters](../../HowTo/Interact/Filters#filters-for-private-contracts)
they've created are also removed and can't be accessed.
A user can only create and access filters for a privacy group they are currently a member of.
All other [`PRIV` API methods](../../Reference/API-Methods.md#priv-methods) fail for the removed group member.
All other [`PRIV` API methods](../../../public-networks/reference/api/index.md#priv-methods) fail for the removed group member.

@ -18,27 +18,27 @@ participants. Other participants cannot access the transaction content or list o
For production environments requiring private transactions:
* We recommend using a network with a consensus mechanism supporting transaction finality. For
example, [IBFT 2.0](../../HowTo/Configure/Consensus-Protocols/IBFT.md).
example, [IBFT 2.0](../../how-to/configure/consensus/ibft.md).
* Tessera must be [highly available and run in a separate instance to Besu].
Using private transactions with [pruning](../Pruning.md) or
[fast sync](../../Reference/CLI/CLI-Syntax.md#sync-mode) is not supported.
Using private transactions with [pruning] or
[fast sync](../../../public-networks/reference/cli/options.md#sync-mode) is not supported.
## Private transaction manager
Besu uses a private transaction manager, [Tessera](https://docs.tessera.consensys.net/), to implement
privacy.
Each Besu node that sends or receives [private transactions](Private-Transactions.md) requires an
Each Besu node that sends or receives [private transactions](private-transactions/index.md) requires an
associated Tessera node.
![Tessera Nodes](../../images/TesseraNodes.png)
![Tessera Nodes](../../../images/TesseraNodes.png)
Private transactions pass from the Besu node to the associated Tessera node. The Tessera node
encrypts and directly distributes (that is, point-to-point) the private transaction to the Tessera
nodes participating in the transaction.
By default, each participant in a privacy-enabled network uses its own Besu and Tessera node.
[Multi-tenancy](Multi-Tenancy.md) allows more than one participant to use the same Besu and Tessera
[Multi-tenancy](multi-tenancy.md) allows more than one participant to use the same Besu and Tessera
node.
!!! tip
@ -47,7 +47,7 @@ node.
## Privacy-enabled networks
When enabling privacy in a [private network](../../HowTo/Get-Started/System-Requirements/System-Requirements-Private.md),
When enabling privacy in a [private network](../../get-started/system-requirements.md),
there's an assumed level of trust among the node operators, since all are members of the private
network.
@ -79,4 +79,5 @@ Do not use private transactions in production environments using consensus mecha
occur.
<!-- Links -->
[highly available and run in a separate instance to Besu]: ../../HowTo/Use-Privacy/Run-Tessera-With-Besu.md
[highly available and run in a separate instance to Besu]: ../../how-to/use-privacy/tessera.md
[pruning]: ../../../public-networks/concepts/data-storage-formats.md

@ -18,10 +18,10 @@ is a _tenant_, and the operator is the _owner_ of the Besu and Tessera node.
!!! important
The operator is responsible for
[configuring multi-tenancy](../../Tutorials/Privacy/Configuring-Multi-Tenancy.md), and has
[configuring multi-tenancy](../../tutorials/privacy/multi-tenancy.md), and has
access to all tenant data.
![Multi-tenancy](../../images/Multi-tenancy.png)
![Multi-tenancy](../../../images/Multi-tenancy.png)
!!! important
@ -31,8 +31,8 @@ is a _tenant_, and the operator is the _owner_ of the Besu and Tessera node.
If not configured to allow access only by the multi-tenant Besu node, other Tessera clients,
including other Besu nodes, might be able to access tenant data.
To secure access, you can [configure TLS between Besu and Tessera](../TLS.md) with the
[`WHITELIST`](https://docs.tessera.consensys.net/en/stable/HowTo/Configure/TLS/#whitelist)
To secure access, you can [configure TLS between Besu and Tessera](../../how-to/configure/tls/client-and-server.md)
with the [`WHITELIST`](https://docs.tessera.consensys.net/en/stable/HowTo/Configure/TLS/#whitelist)
trust mode.
Multi-tenancy validates that tenants have permission to use the specified HTTP or WebSocket
@ -40,4 +40,4 @@ JSON-RPC requests, and the tenant has access to the requested privacy data.
Private data is isolated and each tenant uses a JSON Web Token (JWT) for authentication.
You can
[create the JWT either externally or internally](../../HowTo/Interact/APIs/Authentication.md).
[create the JWT either externally or internally](../../../public-networks/how-to/use-besu-api/authenticate.md).

@ -4,7 +4,7 @@ description: Privacy plugin
# Privacy plugin
You can define your own strategy for private transactions by [building a plugin](../Plugins.md) that extends
You can define your own strategy for private transactions by building a plugin that extends
Hyperledger Besu functionality.
The plugin can take many forms, but it must provide Besu with a private transaction when required.
@ -18,7 +18,7 @@ The plugin can take many forms, but it must provide Besu with a private transact
Enable the privacy plugin by starting Besu and including the `--Xprivacy-plugin-enabled` command line option.
The registered plugin must implement the `PrivacyPluginPayloadProvider` interface.
## Using the payload provider interface
## Use the payload provider interface
The privacy plugin must define the [privacy marker transaction (PMT)] payload.
Use the payload to retrieve the contents of the private transaction which could be a link to a location in
@ -27,11 +27,11 @@ an enclave, or an encrypted form of the private payload itself.
Besu doesn't need to know how the private transaction is distributed, it just needs to know what the private transaction
for the PMT is.
### Sending transactions
### Send transactions
When submitting a private transaction using [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction),
When submitting a private transaction using [`eea_sendRawTransaction`](../../../public-networks/reference/api/index.md#eea_sendrawtransaction),
the signed transaction must be sent to `0x000000000000000000000000000000000000007a` to indicate which
[privacy precompiled contract](../Privacy/Private-Transaction-Processing.md) is being used.
[privacy precompiled contract](private-transactions/processing.md) is being used.
The transaction flow is as follows:
@ -43,12 +43,12 @@ The transaction flow is as follows:
5. The private transaction handler creates a PMT for the private transaction, and propagates the PMT using devP2P in
the same way as a public Ethereum transaction.
### Mining transactions
### Mine transactions
The process of mining transactions happens in reverse to sending transactions.
1. The Mainnet transaction processor processes the PMT in the same way as
any other public transaction. On nodes containing the [privacy precompile contract](../../Reference/API-Methods.md#priv_getprivacyprecompileaddress)
any other public transaction. On nodes containing the [privacy precompile contract](../../../public-networks/reference/api/index.md#priv_getprivacyprecompileaddress)
specified in the `to` attribute of the PMT, the Mainnet transaction processor passes the PMT to the privacy precompile contract.
!!! note
@ -72,9 +72,9 @@ The extension allows you to use a more dynamic approach, for example different k
Your plugin needs to register the `PrivateMarkerTransactionFactory` interface which is called before submitting a PMT
to the transaction pool. The responsibility then lies with the plugin to sign and serialize the PMT.
[privacy marker transaction (PMT)]: ../../HowTo/Use-Privacy/Access-Private-Transactions.md
[privacy marker transaction (PMT)]: ../../how-to/use-privacy/access-private-transactions.md
## Registering your plugin
## Register your plugin
To enable Besu to use your privacy plugin, you must implement the `PrivacyPluginService` interface and you must call `setPayloadProvider`.

@ -22,7 +22,7 @@ state.
The privacy group implementations described below are offchain privacy groups and cannot have
their group membership updated.
[Flexible privacy groups are an early access feature](Flexible-PrivacyGroups.md).
[Flexible privacy groups are an early access feature](flexible-privacy.md).
## Privacy types
@ -35,7 +35,7 @@ Besu implements two types of privacy:
Both privacy types create privacy groups and store private transactions with their privacy group in
Tessera.
![Privacy Groups](../../images/PrivacyGroups.png)
![Privacy Groups](../../../images/PrivacyGroups.png)
!!! note
@ -83,7 +83,7 @@ provided by Tessera.
### Besu-extended privacy
The Besu-extended privacy implementation creates a privacy group using
[`priv_createPrivacyGroup`](../../Reference/API-Methods.md#priv_createprivacygroup) with private
[`priv_createPrivacyGroup`](../../../public-networks/reference/api/index.md#priv_createprivacygroup) with private
transactions sent to the privacy group ID.
!!! example
@ -101,5 +101,5 @@ transactions sent to the privacy group ID.
## Multi-tenancy
When using [multi-tenancy](Multi-Tenancy.md) with privacy groups, each user provides a JSON Web Token (JWT) which
When using [multi-tenancy](multi-tenancy.md) with privacy groups, each user provides a JSON Web Token (JWT) which
allows Besu to check that the user has access to functionality and data associated with a privacy group.

@ -15,7 +15,7 @@ Private transactions have the same parameters as public Ethereum transactions, w
* `privateFrom` - The Tessera public key of the transaction sender.
* One of the following:
* `privateFor` - The Tessera public keys of the transaction recipients.
* `privacyGroupId` - [The privacy group to receive the transaction](Privacy-Groups.md).
* `privacyGroupId` - [The privacy group to receive the transaction](../privacy-groups.md).
* `restriction` - Whether the private transaction is `restricted` or `unrestricted`:
* `restricted` - Only the nodes participating in the transaction receive
and store the payload of the private transaction.
@ -26,23 +26,23 @@ Private transactions have the same parameters as public Ethereum transactions, w
Besu implements `restricted` private transactions only.
The `gas` and `gasPrice` are used by the [privacy marker transaction (PMT)](Private-Transaction-Processing.md),
The `gas` and `gasPrice` are used by the [privacy marker transaction (PMT)](processing.md),
not the private transaction itself.
!!! warning
Because gas isn't required in private transactions, inefficient contracts deployed accidentally
or deliberately can cause performance issues in privacy-enabled networks.
Ensure your network has a mechanism to [establish trust offchain](Privacy-Overview.md#privacy-enabled-networks).
Ensure your network has a mechanism to [establish trust offchain](../index.md#privacy-enabled-networks).
You can [create and send private transactions](../../HowTo/Send-Transactions/Creating-Sending-Private-Transactions.md).
You can [create and send private transactions](../../../how-to/send-transactions/private-transactions.md).
## Besu and Tessera keys
Besu and Tessera nodes both have public/private key pairs identifying them.
A Besu node sending a private transaction to a Tessera node signs the transaction with the Besu node private key.
The `privateFrom` and `privateFor` parameters specified in the RLP-encoded transaction string for
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) are the public keys of the Tessera
[`eea_sendRawTransaction`](../../../reference/api/index.md#eea_sendrawtransaction) are the public keys of the Tessera
nodes sending and receiving the transaction.
!!! important
@ -54,7 +54,7 @@ nodes sending and receiving the transaction.
A nonce is the number of previous transactions made by the sender.
[Private transaction processing](Private-Transaction-Processing.md) involves two transactions:
[Private transaction processing](processing.md) involves two transactions:
the private transaction distributed to involved participants, and the privacy marker transaction (PMT) included on the
public blockchain.
Each of these transactions has its own nonce.
@ -62,20 +62,20 @@ Since the PMT is a public transaction, the PMT nonce is the public nonce for the
### Private transaction nonce
Besu maintains separate private states for each [privacy group](../../Concepts/Privacy/Privacy-Groups.md).
Besu maintains separate private states for each [privacy group](../privacy-groups.md).
The private transaction nonce for an account is specific to the privacy group.
That is, the nonce for account A for privacy group ABC is different to the nonce for account A for privacy group AB.
### Private nonce validation
Unlike public transactions, private transactions are not submitted to the [transaction pool](../Transactions/Transaction-Pool.md).
Unlike public transactions, private transactions are not submitted to the [transaction pool](../../../../public-networks/concepts/transactions/pool.md).
The private transaction is distributed directly to the participants in the transaction, and the PMT is submitted to the
transaction pool.
Unlike [public transaction nonces](../Transactions/Transaction-Validation.md), private transaction nonces aren't
Unlike [public transaction nonces](../../../../public-networks/concepts/transactions/validation.md), private transaction nonces aren't
validated when the private transaction is submitted.
If a private transaction has an incorrect nonce, the PMT is still valid and is added to a block.
However, in this scenario, the private transaction execution fails when [processing the PMT](Private-Transaction-Processing.md)
However, in this scenario, the private transaction execution fails when [processing the PMT](processing.md)
for the private transaction with the incorrect nonce.
The following private transaction flow illustrates when nonce validation occurs:
@ -83,7 +83,7 @@ The following private transaction flow illustrates when nonce validation occurs:
1. Submit a private transaction with a [nonce value](#private-transaction-nonce).
1. The private transaction is distributed to all participants in the privacy group.
1. The PMT is created and submitted to the transaction pool with a nonce of `0` if using one-time accounts.
If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../Reference/CLI/CLI-Syntax.md#privacy-marker-transaction-signing-key-file),
If using a specific account with [`--privacy-marker-transaction-signing-key-file`](../../../reference/cli/options.md#privacy-marker-transaction-signing-key-file),
the public nonce for that account is obtained and used for the PMT.
1. The PMT is mined and included in the block.
1. After the block containing the PMT is imported, and the PMT is processed, the private transaction is retrieved from
@ -94,8 +94,8 @@ The following private transaction flow illustrates when nonce validation occurs:
### Private nonce management
In Besu, you call [`eth_getTransactionCount`](../../Reference/API-Methods.md#eth_gettransactioncount) to get a nonce,
then use that nonce with [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) to send a
In Besu, you call [`eth_getTransactionCount`](../../../../public-networks/reference/api/index.md#eth_gettransactioncount) to get a nonce,
then use that nonce with [`eea_sendRawTransaction`](../../../reference/api/index.md#eea_sendrawtransaction) to send a
private transaction.
However, when you send multiple transactions in row, if a subsequent call to `getTransactionCount` happens before a
@ -114,12 +114,12 @@ You can manage private nonces in multiple ways:
You must wait until the private transaction's corresponding PMT is included in a block.
* Manage the nonce yourself, by keeping track of and providing the nonce at each call.
We recommend this if you're [sending many transactions that are independent of each other](../../HowTo/Send-Transactions/Concurrent-Private-Transactions.md).
We recommend this if you're [sending many transactions that are independent of each other](../../../how-to/send-transactions/concurrent-private-transactions.md).
!!! note
You can use [`priv_getTransactionCount`](../../Reference/API-Methods.md#priv_gettransactioncount) or
[`priv_getEeaTransactionCount`](../../Reference/API-Methods.md#priv_geteeatransactioncount) to get the nonce for
You can use [`priv_getTransactionCount`](../../../reference/api/index.md#priv_gettransactioncount) or
[`priv_getEeaTransactionCount`](../../../reference/api/index.md#priv_geteeatransactioncount) to get the nonce for
an account for the specified privacy group or participants.
* Use [Orchestrate](https://docs.orchestrate.consensys.net/en/stable/) for nonce management.
@ -128,5 +128,5 @@ You can manage private nonces in multiple ways:
!!! tip
The [web3js-quorum library includes an example](https://github.com/ConsenSys/web3js-quorum/blob/9a0f9eb1b91a4a0d93801f77782b509ae2e7314c/example/concurrentPrivateTransactions/concurrentPrivateTransactions.js)
of nonce management when [sending concurrent private transactions](../../HowTo/Send-Transactions/Concurrent-Private-Transactions.md).
of nonce management when [sending concurrent private transactions](../../../how-to/send-transactions/concurrent-private-transactions.md).
The example calculates the correct nonces for the private transactions and PMTs outside of Besu.

@ -2,7 +2,7 @@
description: Private transaction processing
---
# Processing private transactions
# Private transaction processing
!!! warning
@ -10,22 +10,22 @@ description: Private transaction processing
Read our [Orion to Tessera migration guide](https://docs.orion.consensys.net/en/latest/Tutorials/Migrating-from-Orion-to-Tessera/)
and about all the [new Tessera features](https://consensys.net/blog/quorum/tessera-the-privacy-manager-of-choice-for-consensys-quorum-networks).
Processing [private transactions](Private-Transactions.md) involves the following:
Processing [private transactions](index.md) involves the following:
* **Precompiled contract**: A smart contract compiled from the source language to EVM bytecode and
stored by an Ethereum node for later execution.
* **Privacy marker transaction (PMT)**: A public Ethereum transaction with a payload of the enclave key.
The enclave key is a pointer to the private transaction in Tessera.
The `to` attribute of the PMT is the [address of the privacy precompiled contract](../../Reference/API-Methods.md#priv_getprivacyprecompileaddress).
The `to` attribute of the PMT is the [address of the privacy precompiled contract](../../../reference/api/index.md#priv_getprivacyprecompileaddress).
The PMT is [signed with a random key or the key specified on the command line].
Private transaction processing is illustrated and described in the following diagram.
![Processing Private Transactions](../../images/PrivateTransactionProcessing.png)
![Processing Private Transactions](../../../../images/PrivateTransactionProcessing.png)
1. Submit a private transaction using [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
1. Submit a private transaction using [`eea_sendRawTransaction`](../../../reference/api/index.md#eea_sendrawtransaction).
The signed transaction includes transaction parameters specific to private transactions, including:
* `privateFor` or `privacyGroupId`, which specifies the list of recipients.
@ -49,13 +49,13 @@ Private transaction processing is illustrated and described in the following dia
!!! tip
If you want to sign the PMT outside of Besu, use
[`priv_distributeRawTransaction`](../../HowTo/Send-Transactions/Creating-Sending-Private-Transactions.md#priv_distributerawtransaction)
instead of [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
[`priv_distributeRawTransaction`](../../../how-to/send-transactions/private-transactions.md#priv_distributerawtransaction)
instead of [`eea_sendRawTransaction`](../../../reference/api/index.md#eea_sendrawtransaction).
1. Besu mines the PMT into a block and the PMT is distributed to all Ethereum nodes in the network.
1. The Mainnet Transaction Processor processes the PMT in the same way as any other public transaction.
On nodes containing the [privacy precompile contract](../../Reference/API-Methods.md#priv_getprivacyprecompileaddress)
On nodes containing the [privacy precompile contract](../../../reference/api/index.md#priv_getprivacyprecompileaddress)
specified in the `to` attribute of the PMT, the Mainnet Transaction Processor passes the PMT to the privacy
precompile contract.
@ -75,12 +75,13 @@ Private transaction processing is illustrated and described in the following dia
!!! important
* We recommend using a network with a consensus mechanism supporting transaction finality. For example,
[IBFT 2.0](../../HowTo/Configure/Consensus-Protocols/IBFT.md).
* Tessera must be [highly available and run in a separate instance to Besu](../../HowTo/Use-Privacy/Run-Tessera-With-Besu.md).
[IBFT 2.0](../../../how-to/configure/consensus/ibft.md).
* Tessera must be [highly available and run in a separate instance to Besu](../../../how-to/use-privacy/tessera.md).
Using private transactions with [pruning](../Pruning.md) or [fast sync](../../Reference/CLI/CLI-Syntax.md#sync-mode)
Using private transactions with [pruning] or [fast sync](../../../../public-networks/reference/cli/options.md#sync-mode)
is not supported.
<!-- Links -->
[signed with a random key or the key specified on the command line]: ../../HowTo/Use-Privacy/Sign-Privacy-Marker-Transactions.md
[highly available and run in a separate instance to Besu]: ../../HowTo/Use-Privacy/Run-Tessera-With-Besu.md
[signed with a random key or the key specified on the command line]: ../../../how-to/use-privacy/sign-pmts.md
[highly available and run in a separate instance to Besu]: ../../../how-to/use-privacy/tessera.md
[pruning]: ../../../../public-networks/concepts/data-storage-formats.md

@ -0,0 +1,29 @@
---
title: Installation options
description: Options for getting started with Hyperledger Besu
---
# Options for getting started
## New to Hyperledger Besu?
Get started with the [Developer Quickstart](../../../private-networks/tutorials/quickstart.md).
Use the quickstart to rapidly generate local blockchain networks.
## Installation options
* [Docker image](run-docker-image.md)
* [Binaries](binary-distribution.md)
## Build from source
If you want to use the latest development version of Hyperledger Besu or a specific commit,
build from source. Otherwise, use the [binary] or [Docker image] for more stable
versions.
View the [Hyperledger Wiki] for instructions to install Hyperledger Besu from source.
<!-- link -->
[Hyperledger Wiki]: https://wiki.hyperledger.org/display/BESU/Building+from+source
[binary]: binary-distribution.md
[Docker image]: run-docker-image.md

@ -0,0 +1,138 @@
---
description: Run Hyperledger Besu using the official docker image
---
# Run Besu from a Docker image
Hyperledger Besu provides a Docker image to run a Besu node in a Docker container.
Use this Docker image to run a single Besu node without installing Besu.
## Prerequisites
* [Docker](https://docs.docker.com/install/)
* MacOS or Linux
!!! important
The Docker image does not run on Windows.
## Default node for Mainnet
To run a Besu node in a container connected to the Ethereum Mainnet:
```bash
docker run hyperledger/besu:latest
```
!!! note
https://hub.docker.com/r/hyperledger/besu/tags lists the available tags for the image.
If you previously pulled `latest`, Docker runs the cached version.
To ensure your image is up to date, pull the `latest` version again using `docker pull hyperledger/besu:latest`.
## Expose ports
Expose ports for P2P discovery, GraphQL, metrics, and HTTP and WebSocket JSON-RPC. You need
to expose the ports to use the default ports or the ports specified using
[`--rpc-http-port`](../../../public-networks/reference/cli/options.md#rpc-http-port),
[`--p2p-port`](../../../public-networks/reference/cli/options.md#p2p-port),
[`--rpc-ws-port`](../../../public-networks/reference/cli/options.md#rpc-ws-port),
[`--metrics-port`](../../../public-networks/reference/cli/options.md#metrics-port),
[`--graphql-http-port`](../../../public-networks/reference/cli/options.md#graphql-http-port), and
[`--metrics-push-port`](../../../public-networks/reference/cli/options.md#metrics-push-port) options.
To run Besu exposing local ports for access:
```bash
docker run -p <localportJSON-RPC>:8545 -p <localportWS>:8546 -p <localportP2P>:30303 hyperledger/besu:latest --rpc-http-enabled --rpc-ws-enabled
```
!!! note
The examples on this page expose TCP ports only.
To expose UDP ports, specify `/udp` at the end of the argument for the `-p` Docker subcommand option:
```bash
docker run -p <port>:<port>/udp
```
See the [`docker run -p` documentation](https://docs.docker.com/engine/reference/commandline/run/#publish-or-expose-port--p---expose).
!!! example
To enable JSON-RPC HTTP calls to `127.0.0.1:8545` and P2P discovery on `127.0.0.1:13001`:
```bash
docker run -p 8545:8545 -p 13001:30303 hyperledger/besu:latest --rpc-http-enabled
```
## Start Besu
!!! important
Don't mount a volume at the default data path (`/opt/besu`). Mounting a volume at the default
data path interferes with the operation of Besu and prevents Besu from safely launching.
To run a node that maintains the node state (key and database),
[`--data-path`](../../../public-networks/reference/cli/options.md#data-path) must be set to a location other
than `/opt/besu` and a storage volume mounted at that location.
When running in a Docker container, [`--nat-method`](../../../public-networks/how-to/connect/specify-nat.md)
must be set to `DOCKER` or `AUTO` (default). Don't set
[`--nat-method`](../../../public-networks/how-to/connect/specify-nat.md) to `NONE` or `UPNP`.
You can specify
[Besu environment variables](../../../public-networks/reference/cli/options.md#besu-environment-variables) with the
Docker image instead of the command line options.
!!! example
```bash
docker run -p 30303:30303 -p 8545:8545 -e BESU_RPC_HTTP_ENABLED=true -e BESU_NETWORK=goerli hyperledger/besu:latest
```
### Run a node for testing
To run a node that mines blocks at a rate suitable for testing purposes with WebSockets enabled:
```bash
docker run -p 8546:8546 --mount type=bind,source=/<myvolume/besu/testnode>,target=/var/lib/besu hyperledger/besu:latest --miner-enabled --miner-coinbase fe3b557e8fb62b89f4916b721be55ceb828dbd73 --rpc-ws-enabled --network=dev --data-path=/var/lib/besu
```
### Run a node on Rinkeby testnet
To run a node on Rinkeby:
```bash
docker run -p 30303:30303 --mount type=bind,source=/<myvolume/besu/rinkeby>,target=/var/lib/besu hyperledger/besu:latest --network=rinkeby --data-path=/var/lib/besu
```
### Run a node on Ethereum Mainnet
To run a node on Ethereum Mainnet with the HTTP JSON-RPC service enabled:
```bash
docker run -p 8545:8545 --mount type=bind,source=/<myvolume/besu/rinkeby>,target=/var/lib/besu -p 30303:30303 hyperledger/besu:latest --rpc-http-enabled --data-path=/var/lib/besu
```
## Stop Besu and clean up resources
When done running nodes, you can shut down the node container without deleting resources or you can
delete the container after stopping it. Run `docker container ls` and `docker volume ls` to get the
container and volume names.
To stop a container:
```bash
docker stop <container-name>
```
To delete a container:
```bash
docker rm <container-name>
```

@ -0,0 +1,222 @@
---
description: Starting Hyperledger Besu
---
# Start Besu
Use the [`besu`](../reference/cli/options.md) command with the required command line options
to start a node. Alternatively, use the [launcher](#besu-launcher) to start Besu interactively
with the most common options.
## Prerequisites
[Besu installed](install/binary-distribution.md)
## Local block data
When connecting to a network other than the network previously connected to, you must either delete
the local block data or use the [`--data-path`](../../public-networks/reference/cli/options.md#data-path) option
to specify a different data directory.
To delete the local block data, delete the `database` directory in the
`besu/build/distribution/besu-<version>` directory.
## Genesis configuration
Besu specifies the genesis configuration, and sets the network ID and bootnodes when connecting to
[Ropsten](#run-a-node-on-ropsten-testnet), [Rinkeby](#run-a-node-on-rinkeby-testnet),
[Goerli](#run-a-node-on-goerli-testnet), [Kiln](#run-a-node-on-kiln-testnet),
[Sepolia](#run-a-node-on-sepolia-testnet), and [Mainnet](#run-a-node-on-ethereum-mainnet).
When you specify [`--network=dev`](../../public-networks/reference/cli/options.md#network), Besu uses the
development mode genesis configuration with a fixed low difficulty. A node started with
[`--network=dev`](../../public-networks/reference/cli/options.md#network) has an empty bootnodes list by
default.
The genesis files defining the genesis configurations are in the
[Besu source files](https://github.com/hyperledger/besu/tree/master/config/src/main/resources).
To define a genesis configuration, create a genesis file (for example, `genesis.json`) and specify
the file using the [`--genesis-file`](../../public-networks/reference/cli/options.md#genesis-file) option.
## Syncing and storage
By default, Besu syncs to the current state of the blockchain using
[fast sync](../../public-networks/how-to/connect/sync-node.md#fast-synchronization) in:
- Networks specified using [`--network`](../../public-networks/reference/cli/options.md#network) except for the `dev`
development network.
- Ethereum Mainnet.
We recommend using [snap sync](../../public-networks/how-to/connect/sync-node.md#snap-synchronization) for a faster sync, by starting Besu
with [`--sync-mode=X_SNAP`](../../public-networks/reference/cli/options.md#sync-mode).
By default, Besu stores data in the [Forest of Tries](../../public-networks/concepts/data-storage-formats.md#forest-of-tries) format.
We recommend using [Bonsai Tries](../../public-networks/concepts/data-storage-formats.md#bonsai-tries) for lower storage requirements,
by starting Besu with [`--data-storage-format=BONSAI`](../../public-networks/reference/cli/options.md#data-storage-format).
## Confirm node is running
If you started Besu with the
[`--rpc-http-enabled`](../../public-networks/reference/cli/options.md#rpc-http-enabled) option, use
[cURL](https://curl.haxx.se/) to call [JSON-RPC API methods](../reference/api/index.md) to
confirm the node is running.
!!!example
* `eth_chainId` returns the chain ID of the network.
```bash
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' localhost:8545
```
* `eth_syncing` returns the starting, current, and highest block.
```bash
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_syncing","params":[],"id":1}' localhost:8545
```
For example, after connecting to Mainnet, `eth_syncing` will return something similar to:
```json
{
"jsonrpc" : "2.0",
"id" : 1,
"result" : {
"startingBlock" : "0x0",
"currentBlock" : "0x2d0",
"highestBlock" : "0x66c0"
}
}
```
## Run a node for testing
To run a node that mines blocks at a rate suitable for testing purposes:
```bash
besu --network=dev --miner-enabled --miner-coinbase=0xfe3b557e8fb62b89f4916b721be55ceb828dbd73 --rpc-http-cors-origins="all" --host-allowlist="*" --rpc-ws-enabled --rpc-http-enabled --data-path=/tmp/tmpDatdir
```
You can also use the following [configuration file](../../public-networks/how-to/configuration-file.md)
on the command line to start a node with the same options as above:
```toml
network="dev"
miner-enabled=true
miner-coinbase="0xfe3b557e8fb62b89f4916b721be55ceb828dbd73"
rpc-http-cors-origins=["all"]
host-allowlist=["*"]
rpc-ws-enabled=true
rpc-http-enabled=true
data-path="/tmp/tmpdata-path"
```
!!! caution
The following settings are a security risk in production environments:
* Enabling the HTTP JSON-RPC service
([`--rpc-http-enabled`](../../public-networks/reference/cli/options.md#rpc-http-enabled)) and setting
[`--rpc-http-host`](../../public-networks/reference/cli/options.md#rpc-http-host) to 0.0.0.0 exposes the
RPC connection on your node to any remote connection.
* Setting [`--host-allowlist`](../../public-networks/reference/cli/options.md#host-allowlist) to `"*"`
allows JSON-RPC API access from any host.
* Setting
[`--rpc-http-cors-origins`](../../public-networks/reference/cli/options.md#rpc-http-cors-origins) to
`"all"` or `"*"` allows cross-origin resource sharing (CORS) access from any domain.
## Run a node on Ropsten testnet
To run a node on Ropsten:
```bash
besu --network=ropsten
```
To run a node on Ropsten with the HTTP JSON-RPC service enabled and allow Remix to access the node:
```bash
besu --network=ropsten --rpc-http-enabled --rpc-http-cors-origins "http://remix.ethereum.org"
```
## Run a node on Rinkeby testnet
To run a node on Rinkeby specifying a data directory:
```bash
besu --network=rinkeby --data-path=<path>/<rinkebydata-path>
```
Where `<path>` and `<rinkebydata-path>` are the path and directory to save the Rinkeby chain data
to.
## Run a node on Goerli testnet
To run a node on [Goerli](https://github.com/goerli/testnet) specifying a data directory:
```bash
besu --network=goerli --data-path=<path>/<goerlidata-path>
```
Where `<path>` and `<goerlidata-path>` are the path and directory to save the Goerli chain data to.
## Run a node on Sepolia testnet
To run a node on [Sepolia](https://github.com/goerli/sepolia) specifying a data directory:
```bash
besu --network=sepolia --data-path=<path>/<sepoliadata-path>
```
Where `<path>` and `<sepoliadata-path>` are the path and directory to save the Sepolia chain data
to.
## Run a node on Ethereum Mainnet
To run a node on the Ethereum Mainnet:
```bash
besu
```
To run a node on Mainnet with the HTTP JSON-RPC service enabled and available for localhost only:
```bash
besu --rpc-http-enabled
```
## Besu launcher
Use the Besu launcher to interactively configure and start a node with the most common options. The
launcher asks a series of questions and generates a [configuration file](../../public-networks/how-to/configuration-file.md).
To run the Besu launcher:
```bash
besu --Xlauncher
```
Answer each question, or press ++Enter++ to accept the default value.
```bash
? Which Ethereum network would you like to use ? rinkeby
? Which synchronization mode? fast
? Do you want to enable pruning? no
? What is the data directory ? /Users/me/besu
? Do you want to enable the JSON-RPC HTTP service ? yes
? Do you want to configure the JSON-RPC options now ? yes
? What is the JSON RPC HTTP host address ? 127.0.0.1
? What is the JSON RPC HTTP port ? 8545
? Select the list of APIs to enable on JSON-RPC HTTP service [eth, net, web3]
? Do you want to enable the JSON-RPC Websocket service ? no
? Do you want to enable GraphQL functionality ? no
? Do you want to use Ethstats ? no
? Do you want to enable NAT ? no
? Do you want to enable mining ? no
```
If a configuration file is already present in the directory where the command is executed,
Besu will start and use the values in the configuration file. To force the launcher to interact
during a restart, use the `--Xlauncher-force` option, or delete the configuration
file.

@ -3,27 +3,24 @@ title: Hyperledger Besu system requirements
description: System requirements to sync and run Besu
---
# System requirements for private networks
A Hyperledger Besu private network is a network not connected to Ethereum Mainnet or an Ethereum testnet.
Private networks typically use a different [chain ID](../../../Concepts/NetworkID-And-ChainID.md) and
[consensus protocol](../../../Concepts/Consensus-Protocols/Overview-Consensus.md).
Participation in private networks is typically restricted in some way, so the volume of traffic is
much lower than Mainnet, resulting in lower system requirements.
# System requirements
Private network system requirements depend on many factors, including:
* Size of the world state for the network.
* Number of transactions submitted to the network.
* [Block gas limit](../../../Reference/Config-Items.md#genesis-block-parameters).
* Number and complexity of [JSON-RPC](../../Interact/APIs/Using-JSON-RPC-API.md),
[PubSub](../../Interact/APIs/RPC-PubSub.md), or [GraphQL](../../Interact/APIs/GraphQL.md) queries
* [Block gas limit](../../public-networks/reference/genesis-items.md#genesis-block-parameters).
* Number and complexity of [JSON-RPC](../../public-networks/how-to/use-besu-api/json-rpc.md),
[PubSub](../../public-networks/how-to/use-besu-api/rpc-pubsub.md), or [GraphQL](../../public-networks/how-to/use-besu-api/graphql.md) queries
handled by the node.
Participation in private networks is typically restricted in some way, so the volume of traffic is
much lower than on Mainnet, resulting in lower system requirements.
## Determining system requirements
To determine system requirements, check CPU and disk space requirements using
[Prometheus](../../Monitor/Metrics.md#monitor-node-performance-using-prometheus). Grafana provides a
[Prometheus](../../public-networks/how-to/monitor/metrics.md). Grafana provides a
[sample dashboard](https://grafana.com/grafana/dashboards/10273) for Besu.
## Java Virtual Machine size
@ -50,7 +47,7 @@ We recommend you create a VM with the following attributes:
* (Optional) You can create a shared directory to copy block files or genesis files from the host
computer to the VM. For details on how to create a shared directory, see "Share Folders" in the
[Oracle VirtualBox documentation].
## Disk type
Use [local SSD storage](https://cloud.google.com/compute/docs/disks) for high throughput nodes (validators and RPC nodes).

@ -2,7 +2,7 @@
description: Backing up and restoring Besu
---
# Backups
# Backup and restore Besu
In a decentralized blockchain, data replicates between nodes so it's not lost. But backing up
configuration and data ensures a smoother recovery from corrupted data or other failures.
@ -17,12 +17,12 @@ file under source control.
If installed locally, the default data location is the Besu installation directory.
We recommend mounting a
[separate volume to store data](../Get-Started/Installation-Options/Run-Docker-Image.md#starting-besu). Use the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) command line option to pass the path
[separate volume to store data](../get-started/install/run-docker-image.md). Use the
[`--data-path`](../../public-networks/reference/cli/options.md#data-path) command line option to pass the path
to Besu.
The default data location is the Besu installation directory, or `/opt/besu/database` if using the
[Besu Docker image](../Get-Started/Installation-Options/Run-Docker-Image.md).
[Besu Docker image](../get-started/install/run-docker-image.md).
Having some data reduces the time to synchronize a new node. You can perform periodic backups of
the data directory and send the data to your preferred backup mechanism. For example, `cron` job and
@ -46,10 +46,10 @@ If log messages signify a corrupt database, the cleanest way to recover is:
1. Restore the data from a [previous backup](#data-backups).
1. Restart the node.
## Finding peers after restarting
## Find peers after restarting
The process for finding peers after restarting is the same as for
[finding peers after upgrading and restarting].
<!-- Links -->
[finding peers after upgrading and restarting]: ../Upgrade/Upgrade-Node.md#finding-peers-on-restarting
[finding peers after upgrading and restarting]: ../../public-networks/how-to/upgrade-node.md#find-peers-on-restarting

@ -10,7 +10,7 @@ description: Block proposal permissioning
Block proposal permissioning is an early access feature, and functionality and options may be updated between releases.
You can configure [block proposal permissioning](../../Concepts/PKI.md#block-proposal-permissioning)
You can configure [block proposal permissioning](../../concepts/pki.md#block-proposal-permissioning)
to ensure only authorized validator nodes can propose blocks in the network.
Use certificates issued by a trusted authority to ensure validators are authorized to propose blocks.
@ -20,7 +20,7 @@ Use certificates issued by a trusted authority to ensure validators are authoriz
**Prerequisites**:
* A configured network. For example,
[see steps 1 to 5 in the QBFT tutorial](../../Tutorials/Private-Network/Create-QBFT-Network.md).
[see steps 1 to 5 in the QBFT tutorial](../../tutorials/qbft.md).
* A keystore containing the certificate and key for each network node.
* A truststore containing all the trusted certificates for the network.
@ -252,5 +252,5 @@ Text file containing the password to unlock the truststore file.
PKI truststore type. Valid options are `JKS` and `PKCS12`. The default is `JKS`.
[QBFT consensus protocol]: ../../HowTo/Configure/Consensus-Protocols/QBFT.md
[QBFT consensus protocol]: /Consensus-Protocols/QBFT.md
[certificate revocation list (CRL)]: https://www.securew2.com/blog/certificate-revocation-crl-explained

@ -0,0 +1,89 @@
---
description: Configuring bootnodoes
---
# Configure bootnodes
You can use bootnodes to initially discover peers.
Bootnodes are regular nodes used to discover other nodes.
In private networks for development or testing purposes, specify at least one bootnode.
In production networks, [configure two or more nodes as bootnodes](#configure-bootnodes-in-a-production-network).
!!! tip
Bootnodes and static nodes are parallel methods for finding peers. Depending on your use case,
you can use only bootnodes, only static nodes, or both bootnodes and statics nodes.
To find peers, configure one or more bootnodes. To configure a specific set
of peer connections, use [static nodes](../../../public-networks/how-to/connect/static-nodes.md).
!!! note "Mainnet and public testnets"
For Mainnet and the Rinkeby, Ropsten, Sepolia, and Goerli testnets, Hyperledger Besu has an
internal list of enode URLs and uses this list automatically when you specify the
[`--network`](../../../public-networks/reference/cli/options.md#network) option.
## Specify a bootnode
To start a node, specify a bootnode [enode](../../../public-networks/concepts/node-keys.md) for P2P discovery,
using the [`--bootnodes`](../../../public-networks/reference/cli/options.md#bootnodes) option.
!!! example
```bash
besu --genesis-file=privateNetworkGenesis.json --data-path=nodeDataPath --bootnodes=enode://c35c3ec90a8a51fd5703594c6303382f3ae6b2ecb99bab2c04b3794f2bc3fc2631dabb0c08af795787a6c004d8f532230ae6e9925cbbefb0b28b79295d615f@127.0.0.1:30303
```
The default host and port advertised to other peers for P2P discovery is `127.0.0.1:30303`. To
specify a different host or port, use the
[`--p2p-host`](../../../public-networks/reference/cli/options.md#p2p-host) and
[`--p2p-port`](../../../public-networks/reference/cli/options.md#p2p-port) options.
By default, peer discovery listens on all available network interfaces. If the device Besu is
running on must bind to a specific network interface, specify the interface using the
[`--p2p-interface`](../../../public-networks/reference/cli/options.md#p2p-interface) option.
## Configure bootnodes in a production network
A network must have at least one operating bootnode. To allow for continuity in the event of
failure, configure two or more bootnodes in a production network.
We don't recommend putting bootnodes behind a load balancer because the
[enode](../../../public-networks/concepts/node-keys.md#enode-url) relates to the node public key, IP address, and
discovery ports. Any changes to a bootnode enode prevents other nodes from being able to establish
a connection with the bootnode. This is why we recommend putting more bootnodes on the network
itself.
To ensure a bootnode enode doesn't change when recovering from a complete bootnode failure:
1. Create the [node key pair](../../../public-networks/concepts/node-keys.md) (that is, the private and public key)
before starting the bootnode.
1. When creating bootnodes in the cloud (for example, AWS and Azure), attempt to assign a static IP
address to them. If your network is:
* Publicly accessible, assign an elastic IP.
* Internal only, specify a private IP address when you create the instance and record this IP
address.
We recommend storing the bootnode configuration under source control.
To allow for failure, specify all bootnodes on the command line (even to the bootnodes themselves).
!!! tip
Having each bootnode list the other bootnodes increases the speed of discovery.
Nodes ignore their own enode in the bootnodes list so it isn't required to specify different
bootnode lists to the bootnodes themselves.
## Add and remove bootnodes
Adding new bootnodes is a similar process to creating bootnodes. After creating the bootnodes and
adding them to the network, update the [`--bootnodes`](../../../public-networks/reference/cli/options.md#bootnodes)
command line option for each node to include the new bootnodes.
When adding bootnodes, you don't need to restart running nodes. By updating the
[`--bootnodes`](../../../public-networks/reference/cli/options.md#bootnodes) option, the next time you restart the
nodes (for example, when [upgrading](../../../public-networks/how-to/upgrade-node.md)), the nodes
connect to the new bootnodes.

@ -4,7 +4,7 @@ description: How to add or remove validators without voting
# Add and remove validators without voting
[QBFT](../Configure/Consensus-Protocols/QBFT.md) or [IBFT 2.0](../Configure/Consensus-Protocols/IBFT.md) network
[QBFT](qbft.md) or [IBFT 2.0](ibft.md) network
conditions might not allow voting to change validators.
For example, if a majority of the current validators are no longer participating in the network, a vote to add or
remove validators won't be successful.
@ -13,8 +13,8 @@ You can bypass voting and specify new validators using a transition in the genes
!!! warning
- In most cases, add or remove validators
[by voting or smart contract for QBFT](../Configure/Consensus-Protocols/QBFT.md#add-and-remove-validators);
or [by voting for IBFT 2.0](../Configure/Consensus-Protocols/IBFT.md#add-and-remove-validators).
[by voting or smart contract for QBFT](qbft.md#add-and-remove-validators);
or [by voting for IBFT 2.0](ibft.md#add-and-remove-validators).
Use transitions only when voting isn't possible.
Using transitions requires coordinating a rolling update of all the nodes in order to pick up the configuration at
the correct block height.
@ -145,8 +145,8 @@ To add or remove validators without voting:
1. Restart all nodes in the network using the updated genesis file.
You can make a rolling update of the nodes, as long as they're all up before the transition block is processed.
1. To verify the changes after the transition block, call
[`qbft_getValidatorsByBlockNumber`](../../Reference/API-Methods.md#qbft_getvalidatorsbyblocknumber) or
[`ibft_getValidatorsByBlockNumber`](../../Reference/API-Methods.md#ibft_getvalidatorsbyblocknumber),
[`qbft_getValidatorsByBlockNumber`](../../../reference/api/index.md#qbft_getvalidatorsbyblocknumber) or
[`ibft_getValidatorsByBlockNumber`](../../../reference/api/index.md#ibft_getvalidatorsbyblocknumber),
specifying `latest`.
!!! caution
@ -157,13 +157,13 @@ To add or remove validators without voting:
## Override smart contract validators
When using
[QBFT contract validator selection](../Configure/Consensus-Protocols/QBFT.md#add-and-remove-validators-using-a-smart-contract),
[QBFT contract validator selection](qbft.md#add-and-remove-validators-using-a-smart-contract),
if network conditions require it, you can bypass the smart contract and specify new validators in the genesis file.
For example, you lose quorum for your current list of contract validators, and you can't perform a transaction to vote
more in.
This requires temporarily
[switching to block header validator selection mode](../Configure/Consensus-Protocols/QBFT.md#swap-validator-management-methods).
[switching to block header validator selection mode](qbft.md#swap-validator-management-methods).
To bypass the smart contract and specify new validators:

@ -4,9 +4,9 @@ path: blob/master/config/src/main/resources/
source: rinkeby.json
---
# Clique
# Configure Clique consensus
Besu implements the [Clique](https://eips.ethereum.org/EIPS/eip-225) proof of authority (PoA) [consensus protocol](../../../Concepts/Consensus-Protocols/Overview-Consensus.md).
Besu implements the [Clique](https://eips.ethereum.org/EIPS/eip-225) proof of authority (PoA) [consensus protocol](index.md).
The Rinkeby and Goerli testnets uses Clique and private networks can also use Clique.
!!! warning
@ -19,11 +19,11 @@ In Clique networks, approved accounts, known as signers, validate transactions a
take turns to create the next block.
Existing signers propose and vote to [add or remove signers](#add-and-remove-signers).
You can [create a private network using Clique](../../../Tutorials/Private-Network/Create-Private-Clique-Network.md).
You can [create a private network using Clique](../../../tutorials/clique.md).
## Genesis file
To use Clique in a private network, Besu requires a Clique [genesis file](../Genesis-File.md). When connecting to Rinkeby,
To use Clique in a private network, Besu requires a Clique [genesis file](../../../../public-networks/concepts/genesis-file.md). When connecting to Rinkeby,
Besu uses the
[`rinkeby.json`](https://github.com/hyperledger/besu/blob/750580dcca349d22d024cc14a8171b2fa74b505a/config/src/main/resources/rinkeby.json)
genesis file in the `/besu/config/src/main/resources` directory.
@ -75,15 +75,15 @@ The `extraData` property consists of:
!!! example "One initial signer"
![One Initial Signer](../../../images/CliqueOneIntialSigner.png)
![One Initial Signer](../../../../images/CliqueOneIntialSigner.png)
!!! example "Two initial signers"
![Two Initial Signers](../../../images/CliqueTwoIntialSigners.png)
![Two Initial Signers](../../../../images/CliqueTwoIntialSigners.png)
### Post-Merge configuration
After [The Merge](../../../Concepts/Merge.md), the following block fields are modified or deprecated.
After [The Merge](../../../../public-networks/concepts/the-merge.md), the following block fields are modified or deprecated.
Their fields **must** contain only the constant values from the following chart.
| Field | Constant value | Comment |
@ -99,34 +99,34 @@ Additionally, [`extraData`](#extra-data) is limited to 32 bytes of vanity data a
## Connect to a Clique network
To connect to the Rinkeby testnet, start Besu with the
[`--network=rinkeby`](../../../Reference/CLI/CLI-Syntax.md#network) command line option. To start a
[`--network=rinkeby`](../../../../public-networks/reference/cli/options.md#network) command line option. To start a
node on a Clique private network, use the
[`--genesis-file`](../../../Reference/CLI/CLI-Syntax.md#genesis-file) option to specify the custom
[`--genesis-file`](../../../../public-networks/reference/cli/options.md#genesis-file) option to specify the custom
genesis file.
## Add and remove signers
Existing signers propose and vote to add or remove validators using the Clique JSON-RPC API methods.
Enable the HTTP interface with [`--rpc-http-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-enabled) or the
WebSocket interface with [`--rpc-ws-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-ws-enabled).
Enable the HTTP interface with [`--rpc-http-enabled`](../../../../public-networks/reference/cli/options.md#rpc-http-enabled) or the
WebSocket interface with [`--rpc-ws-enabled`](../../../../public-networks/reference/cli/options.md#rpc-ws-enabled).
The Clique API methods are disabled by default.
To enable them, specify the [`--rpc-http-api`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) option and include `CLIQUE`.
To enable them, specify the [`--rpc-http-api`](../../../../public-networks/reference/cli/options.md#rpc-http-api) or
[`--rpc-ws-api`](../../../../public-networks/reference/cli/options.md#rpc-ws-api) option and include `CLIQUE`.
The methods to add or remove signers are:
* [`clique_propose`](../../../Reference/API-Methods.md#clique_propose).
* [`clique_getSigners`](../../../Reference/API-Methods.md#clique_getsigners).
* [`clique_discard`](../../../Reference/API-Methods.md#clique_discard).
* [`clique_propose`](../../../reference/api/index.md#clique_propose).
* [`clique_getSigners`](../../../reference/api/index.md#clique_getsigners).
* [`clique_discard`](../../../reference/api/index.md#clique_discard).
To view signer metrics for a specified block range, call
[`clique_getSignerMetrics`](../../../Reference/API-Methods.md#clique_getsignermetrics).
[`clique_getSignerMetrics`](../../../reference/api/index.md#clique_getsignermetrics).
### Add a signer
To propose adding a signer to a Clique network, call
[`clique_propose`](../../../Reference/API-Methods.md#clique_propose), specifying the address of the proposed signer and `true`.
[`clique_propose`](../../../reference/api/index.md#clique_propose), specifying the address of the proposed signer and `true`.
A majority of signers must execute the call.
!!! example "JSON-RPC `clique_propose` request example"
@ -141,7 +141,7 @@ When more than 50% of the existing signers propose adding the signer, with their
signer can begin signing blocks.
To return a list of signers and confirm the addition of a proposed signer, call
[`clique_getSigners`](../../../Reference/API-Methods.md#clique_getsigners).
[`clique_getSigners`](../../../reference/api/index.md#clique_getsigners).
!!! example "JSON-RPC `clique_getSigners` request example"
@ -150,7 +150,7 @@ To return a list of signers and confirm the addition of a proposed signer, call
```
To discard your proposal after confirming the addition of a signer, call
[`clique_discard`](../../../Reference/API-Methods.md#clique_discard) specifying the address of the proposed signer.
[`clique_discard`](../../../reference/api/index.md#clique_discard) specifying the address of the proposed signer.
!!! example "JSON-RPC `clique_discard` request example"
@ -161,7 +161,7 @@ To discard your proposal after confirming the addition of a signer, call
### Remove a signer
The process for removing a signer from a Clique network is the same as [adding a signer](#add-a-signer), except you
specify `false` as the second parameter of [`clique_propose`](../../../Reference/API-Methods.md#clique_propose).
specify `false` as the second parameter of [`clique_propose`](../../../reference/api/index.md#clique_propose).
### Epoch transition
@ -183,11 +183,11 @@ This may cause large, irresolvable forks in a network.
!!! important
We recommend using a more updated consensus protocol such as [IBFT 2.0](IBFT.md) or [QBFT](QBFT.md).
We recommend using a more updated consensus protocol such as [IBFT 2.0](ibft.md) or [QBFT](qbft.md).
## Migrate from Clique to another consensus protocol
To migrate a network using Clique to a consensus protocol suitable for production such as [QBFT](QBFT.md), do one of the
To migrate a network using Clique to a consensus protocol suitable for production such as [QBFT](qbft.md), do one of the
following:
* Stop the Clique network and start the new network with the state at the time of migration.

@ -2,10 +2,10 @@
description: Hyperledger Besu IBFT 2.0 proof of authority (PoA) consensus protocol implementation
---
# IBFT 2.0
# Configure IBFT 2.0 consensus
Besu implements the IBFT 2.0 proof of authority (PoA) [consensus protocol](../../../Concepts/Consensus-Protocols/Overview-Consensus.md).
IBFT 2.0 is supported for existing private networks, but [QBFT](QBFT.md) is the recommended enterprise-grade
Besu implements the IBFT 2.0 proof of authority (PoA) [consensus protocol](index.md).
IBFT 2.0 is supported for existing private networks, but [QBFT](qbft.md) is the recommended enterprise-grade
consensus protocol for private networks.
In IBFT 2.0 networks, approved accounts, known as validators, validate transactions and blocks.
@ -14,7 +14,7 @@ super-majority (greater than or equal to 2/3) of validators must first sign the
Existing validators propose and vote to [add or remove validators](#add-and-remove-validators).
You can [create a private network using IBFT](../../../Tutorials/Private-Network/Create-IBFT-Network.md).
You can [create a private network using IBFT](../../../tutorials/ibft/index.md).
!!! important
@ -25,11 +25,11 @@ You can [create a private network using IBFT](../../../Tutorials/Private-Network
!!! tip
You can use a plugin to securely store a validator's key using the
[`--security-module`](../../../Reference/CLI/CLI-Syntax.md#security-module) option.
[`--security-module`](../../../../public-networks/reference/cli/options.md#security-module) option.
## Genesis file
To use IBFT 2.0, Besu requires an IBFT 2.0 [genesis file](../Genesis-File.md). The genesis file defines properties
To use IBFT 2.0, Besu requires an IBFT 2.0 [genesis file](../../../../public-networks/concepts/genesis-file.md). The genesis file defines properties
specific to IBFT 2.0.
!!! example "Example IBFT 2.0 genesis file"
@ -82,7 +82,7 @@ The properties with specific values in the IBFT 2.0 genesis files are:
block identification.
To start a node on an IBFT 2.0 private network, use the
[`--genesis-file`](../../../Reference/CLI/CLI-Syntax.md#genesis-file) option to specify the custom
[`--genesis-file`](../../../../public-networks/reference/cli/options.md#genesis-file) option to specify the custom
genesis file.
### Extra data
@ -107,7 +107,7 @@ Formally, `extraData` in the genesis block contains
#### Generate extra data
To generate the `extraData` RLP string for inclusion in the genesis file, use the
[`rlp encode`](../../../Reference/CLI/CLI-Subcommands.md#rlp) Besu subcommand.
[`rlp encode`](../../../../public-networks/reference/cli/subcommands.md#rlp) Besu subcommand.
!!! example
@ -117,7 +117,7 @@ To generate the `extraData` RLP string for inclusion in the genesis file, use th
Where the `toEncode.json` file contains a list of the initial validators, in ascending order.
To write the validator address and copy it to the `toEncode.json` file, use the
[`public-key export-address`](../../../Reference/CLI/CLI-Subcommands.md#export-address) Besu subcommand.
[`public-key export-address`](../../../../public-networks/reference/cli/subcommands.md#export-address) Besu subcommand.
For example:
!!! example "One initial validator in `toEncode.json` file"
@ -171,7 +171,7 @@ To tune the block timeout for your network deployment:
!!! tip
View [`TRACE` logs](../../../Reference/API-Methods.md#admin_changeloglevel) to see round change
View [`TRACE` logs](../../../../public-networks/reference/api/index.md#trace-methods) to see round change
log messages.
Use a [transition](#transitions) to update the `blockperiodseconds` in an existing network.
@ -180,7 +180,7 @@ Use a [transition](#transitions) to update the `blockperiodseconds` in an existi
### Post-Merge configuration
After [The Merge](../../../Concepts/Merge.md), the following block fields are modified or deprecated.
After [The Merge](../../../../public-networks/concepts/the-merge.md), the following block fields are modified or deprecated.
Their fields **must** contain only the constant values from the following chart.
| Field | Constant value | Comment |
@ -196,31 +196,31 @@ Additionally, [`extraData`](#extra-data) is limited to 32 bytes of vanity data a
## Add and remove validators
Existing validators propose and vote to add or remove validators using the IBFT 2.0 JSON-RPC API methods.
Enable the HTTP interface with [`--rpc-http-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-enabled) or the
WebSocket interface with [`--rpc-ws-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-ws-enabled).
Enable the HTTP interface with [`--rpc-http-enabled`](../../../../public-networks/reference/cli/options.md#rpc-http-enabled) or the
WebSocket interface with [`--rpc-ws-enabled`](../../../../public-networks/reference/cli/options.md#rpc-ws-enabled).
The IBFT 2.0 API methods are disabled by default.
To enable them, specify the [`--rpc-http-api`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) option and include `IBFT`.
To enable them, specify the [`--rpc-http-api`](../../../../public-networks/reference/cli/options.md#rpc-http-api) or
[`--rpc-ws-api`](../../../../public-networks/reference/cli/options.md#rpc-ws-api) option and include `IBFT`.
The methods to add or remove validators are:
* [`ibft_getPendingVotes`](../../../Reference/API-Methods.md#ibft_getPendingVotes).
* [`ibft_proposeValidatorVote`](../../../Reference/API-Methods.md#ibft_proposeValidatorVote).
* [`ibft_discardValidatorVote`](../../../Reference/API-Methods.md#ibft_discardValidatorVote).
* [`ibft_getPendingVotes`](../../../reference/api/index.md#ibft_getpendingvotes).
* [`ibft_proposeValidatorVote`](../../../reference/api/index.md#ibft_proposevalidatorvote).
* [`ibft_discardValidatorVote`](../../../reference/api/index.md#ibft_discardvalidatorvote).
To view validator metrics for a specified block range, use
[`ibft_getSignerMetrics`](../../../Reference/API-Methods.md#ibft_getsignermetrics).
[`ibft_getSignerMetrics`](../../../../public-networks/reference/api/index.md#ibft_getsignermetrics).
!!! note
If network conditions render it impossible to add and remove validators by voting, you can
[add and remove validators without voting](../../Troubleshoot/Add-Validators-Without-Voting.md).
[add and remove validators without voting](add-validators-without-voting.md).
### Add a validator
To propose adding a validator to an IBFT 2.0 network, call
[`ibft_proposeValidatorVote`](../../../Reference/API-Methods.md#ibft_proposevalidatorvote), specifying the address of the
[`ibft_proposeValidatorVote`](../../../reference/api/index.md#ibft_proposevalidatorvote), specifying the address of the
proposed validator and `true`.
A majority of validators must execute the call.
@ -231,14 +231,14 @@ A majority of validators must execute the call.
```
When the validator proposes the next block, the protocol inserts one proposal received from
[`ibft_proposeValidatorVote`](../../../Reference/API-Methods.md#ibft_proposevalidatorvote) into the block.
[`ibft_proposeValidatorVote`](../../../reference/api/index.md#ibft_proposevalidatorvote) into the block.
If blocks include all proposals, subsequent blocks proposed by the validator will not contain a vote.
When more than 50% of the existing validators have published a matching proposal, the protocol adds the proposed
validator to the validator pool and the validator can begin validating blocks.
To return a list of validators and confirm the addition of a proposed validator, use
[`ibft_getValidatorsByBlockNumber`](../../../Reference/API-Methods.md#ibft_getvalidatorsbyblocknumber).
[`ibft_getValidatorsByBlockNumber`](../../../reference/api/index.md#ibft_getvalidatorsbyblocknumber).
!!! example "JSON-RPC `ibft_getValidatorsByBlockNumber` request example"
@ -247,7 +247,7 @@ To return a list of validators and confirm the addition of a proposed validator,
```
To discard your proposal after confirming the addition of a validator, call
[`ibft_discardValidatorVote`](../../../Reference/API-Methods.md#ibft_discardvalidatorvote),
[`ibft_discardValidatorVote`](../../../reference/api/index.md#ibft_discardvalidatorvote),
specifying the address of the proposed validator.
!!! example "JSON-RPC `ibft_discardValidatorVote` request example"
@ -260,7 +260,7 @@ specifying the address of the proposed validator.
The process for removing a validator from an IBFT 2.0 network is the same as [adding a validator](#add-a-validator)
except you specify `false` as the second parameter of
[`ibft_proposeValidatorVote`](../../../Reference/API-Methods.md#ibft_proposevalidatorvote).
[`ibft_proposeValidatorVote`](../../../reference/api/index.md#ibft_proposevalidatorvote).
### Epoch transition
@ -360,7 +360,7 @@ To update an existing network with a new `blockperiodseconds`:
3. Restart all nodes in the network using the updated genesis file.
4. To verify the changes after the transition block, call
[`ibft_getValidatorsByBlockNumber`](../../../Reference/API-Methods.md#ibft_getvalidatorsbyblocknumber), specifying `latest`.
[`ibft_getValidatorsByBlockNumber`](../../../../public-networks/reference/api/index.md#ibft_getvalidatorsbyblocknumber), specifying `latest`.
### Configure block rewards on an existing network deployment

@ -6,19 +6,19 @@ description: Besu consensus protocols
Besu supports the following consensus protocols:
* [QBFT](../../HowTo/Configure/Consensus-Protocols/QBFT.md) (proof of authority) - The recommended
* [QBFT](qbft.md) (proof of authority) - The recommended
enterprise-grade consensus protocol for private networks.
* [IBFT 2.0](../../HowTo/Configure/Consensus-Protocols/IBFT.md) (proof of authority) - Supported for existing private networks.
* [Clique](../../HowTo/Configure/Consensus-Protocols/Clique.md) (proof of authority) - Not recommended for
* [IBFT 2.0](ibft.md) (proof of authority) - Supported for existing private networks.
* [Clique](clique.md) (proof of authority) - Not recommended for
production use.
You can [migrate a network using Clique to another consensus protocol](../../HowTo/Configure/Consensus-Protocols/Clique.md#migrate-from-clique-to-another-consensus-protocol).
You can [migrate a network using Clique to another consensus protocol](clique.md#migrate-from-clique-to-another-consensus-protocol).
* [Proof of stake](https://docs.teku.consensys.net/en/latest/Concepts/Proof-of-Stake/) - Used on Ethereum Mainnet
post-[Merge](../../Concepts/Merge.md) and can also be used on the [Merge testnet](../../Tutorials/Merge-Testnet.md).
post-[Merge](../../../../public-networks/concepts/the-merge.md) and can also be used on the [Merge testnet](../../../../public-networks/tutorials/merge-testnet.md).
* [Ethash](https://ethereum.org/en/developers/docs/consensus-mechanisms/pow/) (proof of work) - Used on Ethereum Mainnet
pre-[Merge](../../Concepts/Merge.md) and can also be used in
[small development networks](../../Tutorials/Private-Network/Create-Private-Network.md).
pre-[Merge](../../../../public-networks/concepts/the-merge.md) and can also be used in
[small development networks](../../../tutorials/ethash.md).
See a [comparison of the proof of authority consensus protocols](Comparing-PoA.md).
See a [comparison of the proof of authority consensus protocols](../../../concepts/poa.md).
The `config` property in the genesis file specifies the consensus protocol for a chain.

@ -2,9 +2,9 @@
description: Hyperledger Besu QBFT proof of authority (PoA) consensus protocol implementation
---
# QBFT
# Configure QBFT consensus
Hyperledger Besu implements the QBFT proof of authority (PoA) [consensus protocol](../../../Concepts/Consensus-Protocols/Overview-Consensus.md).
Hyperledger Besu implements the QBFT proof of authority (PoA) [consensus protocol](index.md).
QBFT is the recommended enterprise-grade consensus protocol for private networks.
In QBFT networks, approved accounts, known as validators, validate transactions and blocks.
@ -13,7 +13,7 @@ super-majority (greater than or equal to 2/3) of validators must first sign the
Existing validators propose and vote to [add or remove validators](#add-and-remove-validators).
You can [create a private network using QBFT](../../../Tutorials/Private-Network/Create-QBFT-Network.md).
You can [create a private network using QBFT](../../../tutorials/qbft.md).
!!! important
@ -24,11 +24,11 @@ You can [create a private network using QBFT](../../../Tutorials/Private-Network
!!! tip
You can use a plugin to securely store a validator's key using the
[`--security-module`](../../../Reference/CLI/CLI-Syntax.md#security-module) option.
[`--security-module`](../../../../public-networks/reference/cli/options.md#security-module) option.
## Genesis file
To use QBFT, define a [genesis file](../Genesis-File.md) that contains the QBFT properties.
To use QBFT, define a [genesis file](../../../../public-networks/concepts/genesis-file.md) that contains the QBFT properties.
The genesis file differs depending on the [validator management method](#add-and-remove-validators) you intend to use.
@ -164,7 +164,7 @@ The properties with specific values in the QBFT genesis files are:
block identification.
To start a node on a QBFT private network, use the
[`--genesis-file`](../../../Reference/CLI/CLI-Syntax.md#genesis-file) option to specify the custom
[`--genesis-file`](../../../../public-networks/reference/cli/options.md#genesis-file) option to specify the custom
genesis file.
### Extra data
@ -200,7 +200,7 @@ Formally, `extraData` in the genesis block contains:
#### Generate extra data
To generate the `extraData` RLP string for inclusion in the genesis file,
use the [`rlp encode`](../../../Reference/CLI/CLI-Subcommands.md#rlp) Besu subcommand.
use the [`rlp encode`](../../../reference/cli/subcommands.md#rlp) Besu subcommand.
!!! example
@ -210,7 +210,7 @@ use the [`rlp encode`](../../../Reference/CLI/CLI-Subcommands.md#rlp) Besu subco
Where the `toEncode.json` file contains a list of the initial validators, in ascending order. To
write the validator address and copy it to the `toEncode.json` file, use the
[`public-key export-address`](../../../Reference/CLI/CLI-Subcommands.md#export-address) Besu
[`public-key export-address`](../../../../public-networks/reference/cli/subcommands.md#export-address) Besu
subcommand. For example:
!!! example "Initial validators in `toEncode.json` file"
@ -270,7 +270,7 @@ To tune the block timeout for your network deployment:
!!! tip
View [`TRACE` logs](../../../Reference/API-Methods.md#admin_changeloglevel) to see round change
View [`TRACE` logs](../../../../public-networks/reference/api/index.md#admin_changeloglevel) to see round change
log messages.
Use a [transition](#transitions) to update the `blockperiodseconds` in an existing network.
@ -279,7 +279,7 @@ Use a [transition](#transitions) to update the `blockperiodseconds` in an existi
### Post-Merge configuration
After [The Merge](../../../Concepts/Merge.md), the following block fields are modified or deprecated.
After [The Merge](../../../../public-networks/concepts/the-merge.md), the following block fields are modified or deprecated.
Their fields **must** contain only the constant values from the following chart.
| Field | Constant value | Comment |
@ -311,31 +311,31 @@ method are configured in the genesis file's `storage` section.
### Add and remove validators using block headers
Enable the HTTP interface with [`--rpc-http-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-enabled) or the
WebSockets interface with [`--rpc-ws-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-ws-enabled).
Enable the HTTP interface with [`--rpc-http-enabled`](../../../../public-networks/reference/cli/options.md#rpc-http-enabled) or the
WebSockets interface with [`--rpc-ws-enabled`](../../../../public-networks/reference/cli/options.md#rpc-ws-enabled).
The QBFT API methods are disabled by default.
To enable them, specify the [`--rpc-http-api`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) option and include `QBFT`.
To enable them, specify the [`--rpc-http-api`](../../../../public-networks/reference/cli/options.md#rpc-http-api) or
[`--rpc-ws-api`](../../../../public-networks/reference/cli/options.md#rpc-ws-api) option and include `QBFT`.
The methods to add or remove validators are:
* [`qbft_getPendingVotes`](../../../Reference/API-Methods.md#qbft_getpendingvotes).
* [`qbft_proposeValidatorVote`](../../../Reference/API-Methods.md#qbft_proposevalidatorvote).
* [`qbft_discardValidatorVote`](../../../Reference/API-Methods.md#qbft_discardvalidatorvote).
* [`qbft_getPendingVotes`](../../../reference/api/index.md#qbft_getpendingvotes).
* [`qbft_proposeValidatorVote`](../../../reference/api/index.md#qbft_proposevalidatorvote).
* [`qbft_discardValidatorVote`](../../../reference/api/index.md#qbft_discardvalidatorvote).
To view validator metrics for a specified block range, use
[`qbft_getSignerMetrics`](../../../Reference/API-Methods.md#qbft_getsignermetrics).
[`qbft_getSignerMetrics`](../../../reference/api/index.md#qbft_getsignermetrics).
!!! note
If network conditions render it impossible to add and remove validators by voting, you can
[add and remove validators without voting](../../Troubleshoot/Add-Validators-Without-Voting.md).
[add and remove validators without voting](add-validators-without-voting.md).
#### Add a validator
To propose adding a validator, call
[`qbft_proposeValidatorVote`](../../../Reference/API-Methods.md#qbft_proposevalidatorvote),
[`qbft_proposeValidatorVote`](../../../reference/api/index.md#qbft_proposevalidatorvote),
specifying the address of the proposed validator and `true`. A majority of validators must execute
the call.
@ -346,7 +346,7 @@ the call.
```
When the validator proposes the next block, the protocol inserts one proposal received from
[`qbft_proposeValidatorVote`](../../../Reference/API-Methods.md#qbft_proposevalidatorvote) into the
[`qbft_proposeValidatorVote`](../../../reference/api/index.md#qbft_proposevalidatorvote) into the
block. If blocks include all proposals, subsequent blocks proposed by the validator will not
contain a vote.
@ -354,7 +354,7 @@ When more than 50% of the existing validators have published a matching proposal
adds the proposed validator to the validator pool and the validator can begin validating blocks.
To return a list of validators and confirm the addition of a proposed validator, use
[`qbft_getValidatorsByBlockNumber`](../../../Reference/API-Methods.md#qbft_getvalidatorsbyblocknumber).
[`qbft_getValidatorsByBlockNumber`](../../../reference/api/index.md#qbft_getvalidatorsbyblocknumber).
!!! example "JSON-RPC `qbft_getValidatorsByBlockNumber` request example"
@ -363,7 +363,7 @@ To return a list of validators and confirm the addition of a proposed validator,
```
To discard your proposal after confirming the addition of a validator, call
[`qbft_discardValidatorVote`](../../../Reference/API-Methods.md#qbft_discardvalidatorvote),
[`qbft_discardValidatorVote`](../../../reference/api/index.md#qbft_discardvalidatorvote),
specifying the address of the proposed validator.
!!! example "JSON-RPC `qbft_discardValidatorVote` request example"
@ -376,7 +376,7 @@ specifying the address of the proposed validator.
The process for removing a validator is the same as adding a validator except you specify `false`
as the second parameter of
[`qbft_proposeValidatorVote`](../../../Reference/API-Methods.md#qbft_proposevalidatorvote).
[`qbft_proposeValidatorVote`](../../../reference/api/index.md#qbft_proposevalidatorvote).
#### Epoch transition
@ -394,7 +394,7 @@ View the [example smart contract](https://github.com/ConsenSys/validator-smart-c
create and deploy the smart contract.
You can pre-deploy the validator smart contract in a new QBFT network by specifying the contract details in the
[genesis file](QBFT.md#genesis-file). For existing QBFT networks you need to compile and deploy the contract
[genesis file](qbft.md#genesis-file). For existing QBFT networks you need to compile and deploy the contract
using a transaction, then obtain the contract address from the receipt and use that in a
[transition](#swap-validator-management-methods).
@ -406,7 +406,7 @@ using a transaction, then obtain the contract address from the receipt and use t
!!! note
If network conditions render it impossible to add and remove validators using a smart contract, you can
[override smart contract validators](../../Troubleshoot/Add-Validators-Without-Voting.md#override-smart-contract-validators).
[override smart contract validators](add-validators-without-voting.md#override-smart-contract-validators).
### Minimum number of validators
@ -491,7 +491,7 @@ To update an existing network with a new `blockperiodseconds`:
3. Restart all nodes in the network using the updated genesis file.
4. To verify the changes after the transition block, call
[`qbft_getValidatorsByBlockNumber`](../../../Reference/API-Methods.md#ibft_getvalidatorsbyblocknumber), specifying `latest`.
[`qbft_getValidatorsByBlockNumber`](../../../reference/api/index.md#ibft_getvalidatorsbyblocknumber), specifying `latest`.
### Configure block rewards on an existing network deployment

@ -2,9 +2,9 @@
description: Pre-deploying contracts in the genesis file
---
# Pre-deploying contracts in the genesis file
# Pre-deploy contracts in the genesis file
To pre-deploy contracts when starting Besu, specify the contract code in the [genesis file](Genesis-File.md).
To pre-deploy contracts when starting Besu, specify the contract code in the [genesis file](../../../public-networks/concepts/genesis-file.md).
!!! example "Contract code in the genesis file"

@ -2,7 +2,7 @@
description: Using alternative elliptic curves in Besu
---
# Using alternative elliptic curves
# Configure alternative elliptic curves
!!! caution
@ -12,7 +12,7 @@ By default, Besu uses the Ethereum standard `secp256k1` elliptic curve (EC).
However, when running nodes in a private network, it is possible to configure an alternative elliptic curve.
The configuration for what elliptic curve Besu will use is done in the network configuration section of genesis file,
using the [`ecCurve`](../../Reference/Config-Items.md#Configuration_Items) key:
using the [`ecCurve`](../../../public-networks/reference/genesis-items.md#Configuration_Items) key:
```bash
{

@ -2,7 +2,7 @@
description: Configuring free gas networks
---
# Free gas networks
# Configure free gas networks
Transactions use computational resources so have an associated cost. Gas is the cost unit and the
gas price is the price per gas unit. The transaction cost is the gas used * gas price.
@ -30,7 +30,7 @@ to limit resource use.
In a free gas network, transactions still use gas but the gas price is zero, meaning the
transaction cost is zero. Transaction cost = gas used * 0 (the gas price).
## Configuring free gas in Hyperledger Besu
## Configure free gas in Besu
When gas is free, limiting block and contract sizes is less important. In free gas networks, we
increase the block size limit and set the contract size limit to the maximum value.
@ -74,7 +74,7 @@ size (in bytes).
### 3. Start Besu with a minimum gas price of zero
When starting nodes, set the [minimum gas price](../../Reference/CLI/CLI-Syntax.md#min-gas-price)
When starting nodes, set the [minimum gas price](../../../public-networks/reference/cli/options.md#min-gas-price)
to zero.
=== "Command Line"
@ -90,12 +90,12 @@ to zero.
```
!!! important
In a free gas network, ensure the [minimum gas price](../../Reference/CLI/CLI-Syntax.md#min-gas-price)
In a free gas network, ensure the [minimum gas price](../../../public-networks/reference/cli/options.md#min-gas-price)
is set to zero for every node.
Any node with a minimum gas price set higher than zero will silently drop transactions with a zero gas price.
You can query a node's gas configuration using [`eth_gasPrice`](../../Reference/API-Methods.md#eth_gasprice).
You can query a node's gas configuration using [`eth_gasPrice`](../../../public-networks/reference/api/index.md#eth_gasprice).
## Configuring free gas in Truffle
## Configure free gas in Truffle
If using Truffle to develop on your free gas network, you also need to configure free gas in
Truffle.
@ -106,7 +106,7 @@ gas limit in Truffle to the maximum possible.
!!! important
Besu does not support private key management. To use Besu with Truffle, you must configure
a [Truffle wallet](../Develop-Dapps/Truffle.md).
a [Truffle wallet](../../../public-networks/how-to/develop/truffle.md).
### Update `truffle-config.js`

@ -2,28 +2,32 @@
description: Configure TLS
---
# Configure TLS
# Configure client and server TLS
Hyperledger Besu supports TLS for client and server communication. For example, you can
[configure TLS](../../../Concepts/TLS.md) for communication between
configure TLS for communication between
[EthSigner](https://docs.ethsigner.consensys.net/en/latest/Concepts/TLS/) and Besu, and Besu and
[Tessera](https://docs.tessera.consensys.net/HowTo/Configure/TLS/).
The following diagram displays an example client and server TLS configuration.
![Besu client and server TLS](../../../../images/Besu_TLS.png)
Configure TLS communication from the command line.
**Prerequisites**:
## Prerequisites
* Besu's password-protected PKCS12 keystore.
* Besu's password-protected PKCS12 keystore
* File containing the keystore password
## Configure client TLS
Allow clients (for example a dapp, curl, or EthSigner) to send and receive secure HTTP JSON-RPCs.
**Client Prerequisites**:
**Client prerequisites**:
* [Configure the client for TLS]
* Client's PKCS12 keystore information.
* Client's PKCS12 keystore information
### Create the known clients file
@ -62,36 +66,36 @@ besu --rpc-http-enabled --rpc-http-tls-enabled --rpc-http-tls-client-auth-enable
The command line:
* Enables the HTTP JSON-RPC service using the
[`--rpc-http-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-enabled) option.
[`--rpc-http-enabled`](../../../../public-networks/reference/cli/options.md#rpc-http-enabled) option.
* Enables TLS for the HTTP JSON-RPC service using the
[`--rpc-http-tls-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-enabled) option.
[`--rpc-http-tls-enabled`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-enabled) option.
* Enables TLS client authentication using the
[`--rpc-http-tls-client-auth-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-client-auth-enabled) option.
[`--rpc-http-tls-client-auth-enabled`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-client-auth-enabled) option.
* Specifies the keystore using the
[`--rpc-http-tls-keystore-file`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-keystore-file)
[`--rpc-http-tls-keystore-file`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-keystore-file)
option.
* Specifies the file that contains the password to decrypt the keystore using the
[`--rpc-http-tls-keystore-password-file`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-keystore-password-file) option.
[`--rpc-http-tls-keystore-password-file`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-keystore-password-file) option.
* [Specifies the clients](#create-the-known-clients-file) allowed to connect to Besu using the
[`--rpc-http-tls-known-clients-file`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-known-clients-file) option.
[`--rpc-http-tls-known-clients-file`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-known-clients-file) option.
* specifies the Java cipher suites using the
[`--rpc-http-tls-cipher-suite`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-cipher-suite) option.
[`--rpc-http-tls-cipher-suite`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-cipher-suite) option.
* specifies the TLS protocol version using the
[`--rpc-http-tls-protocol`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-protocol) option.
[`--rpc-http-tls-protocol`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-protocol) option.
!!! note
Set [`--rpc-http-tls-ca-clients-enabled`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-tls-ca-clients-enabled)
Set [`--rpc-http-tls-ca-clients-enabled`](../../../../public-networks/reference/cli/options.md#rpc-http-tls-ca-clients-enabled)
to `true` to allow access to clients with signed and trusted root CAs.
## Configure server TLS
Allow Besu to securely communicate with the server (Tessera).
**Server Prerequisites**:
**Server prerequisites**:
* [Configure the server to allow TLS communication]
* Server's certificate information.
* Server's certificate information
### Create the known servers file
@ -123,14 +127,14 @@ besu --privacy-tls-enabled --privacy-tls-keystore-file=/Users/me/my_node/keystor
The command line:
* Enables TLS with the server using the
[`--privacy-tls-enabled`](../../../Reference/CLI/CLI-Syntax.md#privacy-tls-enabled) option.
[`--privacy-tls-enabled`](../../../reference/cli/options.md#privacy-tls-enabled) option.
* Specifies the keystore using the
[`--privacy-tls-keystore-file`](../../../Reference/CLI/CLI-Syntax.md#privacy-tls-keystore-file)
[`--privacy-tls-keystore-file`](../../../reference/cli/options.md#privacy-tls-keystore-file)
option.
* Specifies the file that contains the password to decrypt the keystore using the
[`--privacy-tls-keystore-password-file`](../../../Reference/CLI/CLI-Syntax.md#privacy-tls-keystore-password-file) option.
[`--privacy-tls-keystore-password-file`](../../../reference/cli/options.md#privacy-tls-keystore-password-file) option.
* Specifies the trusted servers using the
[`--privacy-tls-known-enclave-file`](../../../Reference/CLI/CLI-Syntax.md#privacy-tls-known-enclave-file) option.
[`--privacy-tls-known-enclave-file`](../../../reference/cli/options.md#privacy-tls-known-enclave-file) option.
<!-- Links -->
[Configure the client for TLS]: https://docs.ethsigner.consensys.net/en/latest/HowTo/Configure-TLS/#server-tls-connection

@ -2,7 +2,7 @@
description: Configure P2P TLS communication
---
# P2P TLS
# Configure P2P TLS
You can configure TLS to secure the P2P communication between nodes by ensuring only authorized nodes can communicate
with each other. Use certificates issued by a trusted authority to connect authorized nodes in the network.
@ -19,7 +19,7 @@ Besu supports PKCS11, PKCS12, and JKS keystore and truststore types for P2P TLS.
**Prerequisites**:
* A configured network. For example,
[see steps 1 to 5 in the QBFT tutorial](../../../Tutorials/Private-Network/Create-QBFT-Network.md).
[see steps 1 to 5 in the QBFT tutorial](../../../tutorials/qbft.md).
* Each node requires a keystore that contains the node's certificate and key.
* A truststore containing all the trusted certificates for the network.

@ -2,11 +2,11 @@
description: Configuring validators in production networks
---
# Configuring validators in a production network
# Configure validators in a production network
As when [configuring bootnodes](Bootnodes.md):
As when [configuring bootnodes](bootnodes.md):
1. Create the [node key pair](../../Concepts/Node-Keys.md) (that is, the private and public key)
1. Create the [node key pair](../../../public-networks/concepts/node-keys.md) (that is, the private and public key)
before starting the validator.
1. When creating validators in the cloud (for example, AWS or Azure), attempt to assign static IP
addresses to them. If your network is:
@ -31,11 +31,11 @@ You can [vote validators in or out of the validator pool].
## Validators as bootnodes
Validators can also be bootnodes. Other than the [usual configuration for bootnodes](Bootnodes.md),
Validators can also be bootnodes. Other than the [usual configuration for bootnodes](bootnodes.md),
you do not need to specify any extra configuration when a validator is also a bootnode.
If you remove a validator that is also a bootnode, ensure there are enough remaining bootnodes on
the network.
<!-- Links -->
[vote validators in or out of the validator pool]: ../Configure/Consensus-Protocols/IBFT.md#adding-and-removing-validators
[vote validators in or out of the validator pool]: consensus/ibft.md#add-and-remove-validators

@ -3,9 +3,9 @@ title: Deploy Hyperledger Besu with Ansible
description: Deploying Hyperledger Besu with Ansible role on Galaxy
---
# Deploying Hyperledger Besu with Ansible
# Deploy Besu with Ansible
To deploy Hyperledger Besu using Ansible, use the
To deploy Besu using Ansible, use the
[Hyperledger Besu role](https://galaxy.ansible.com/consensys/hyperledger_besu) published on Galaxy.
For more information, see the "Read Me" button on the

@ -2,7 +2,7 @@
description: Deploying Besu to the cloud
---
# Deploying Hyperledger Besu to the cloud
# Deploy Besu to the cloud
When deploying Besu to the cloud:
@ -10,4 +10,4 @@ When deploying Besu to the cloud:
bootnodes and validators.
* If your network is a multi-region network, consider using VPC Peering to reduce latency.
* Where required, use VPNs to connect to your on premise systems, or single private chains.
* If deploying to Kubernetes, please refer to the [tutorial](../../Tutorials/Kubernetes/Overview.md).
* If deploying to Kubernetes, please refer to the [tutorial](../../tutorials/kubernetes/index.md).

@ -2,10 +2,10 @@
description: Ethstats network monitor
---
# Ethstats network monitor
# Connect to Ethstats network monitor
Connect to [Ethstats](https://ethstats.net) to display real time and historical [statistics](#statistics) about the network and nodes.
You can connect to the Ethstats dashboard by [connecting to a client and server](#connecting-through-a-client-and-server) or by [connecting through the command line](#connecting-through-the-command-line).
You can connect to the Ethstats dashboard by [connecting to a client and server](#connect-through-a-client-and-server) or by [connecting through the command line](#connect-through-the-command-line).
## Components
@ -27,17 +27,17 @@ Statistics displayed by Ethstats include:
- Node logs, which display the data sent by a node.
- Block history, which provides the ability to go back in time and playback the block propagation through the nodes.
## Connecting through a client and server
## Connect through a client and server
Refer to the external [Ethstats client](https://github.com/goerli/ethstats-client) and [Ethstats server](https://github.com/goerli/ethstats-server) documentation
for installing those components and connecting to a dashboard.
## Connecting through the command line
## Connect through the command line
You can use command line options to connect a node directly to a [dashboard](https://github.com/goerli/ethstats-client#available-dashboards), without using a client.
Start a node using the [`--ethstats`](../../Reference/CLI/CLI-Syntax.md#ethstats) option to specify the Ethstats server URL.
You can specify a contact email to send to the server using [`--ethstats-contact`](../../Reference/CLI/CLI-Syntax.md#ethstats-contact).
Start a node using the [`--ethstats`](../../../public-networks/reference/cli/options.md#ethstats) option to specify the Ethstats server URL.
You can specify a contact email to send to the server using [`--ethstats-contact`](../../../public-networks/reference/cli/options.md#ethstats-contact).
!!! example
@ -51,4 +51,4 @@ You can specify a contact email to send to the server using [`--ethstats-contact
Open the selected dashboard website. Find your node under the list of nodes to see the statistics for the node and the network.
![dashboard](../../images/dashboard.png)
![dashboard](../../../images/dashboard.png)

@ -3,12 +3,12 @@ title: Deploy a Hyperledger Besu private network with Kubernetes
description: Deploying Hyperledger Besu with Kubernetes
---
# Deploying Hyperledger Besu with Kubernetes
# Deploy Besu with Kubernetes
Use the [reference implementations](https://github.com/ConsenSys/quorum-kubernetes) to install
private networks using Kubernetes (K8s). The repository has full support for cloud providers like
AWS, Azure, GCP, and IBM, and has production setups that use of identities and cloud-native
secret storage services like Azure KeyVault and AWS Secrets Manager.
Refer to the [tutorial](../../Tutorials/Kubernetes/Overview.md) and familiarize yourself with
Refer to the [tutorial](../../tutorials/kubernetes/index.md) and familiarize yourself with
the reference implementations, and customize them to your requirements.

@ -0,0 +1,34 @@
---
description: private networks how to overview
---
# How to
This section provides instructional content for private network features.
The following features are shared with [public networks](../../public-networks/index.md) and the
content can be found in the public networks section:
- Configuration:
- [Use a configuration file](../../public-networks/how-to/configuration-file.md)
- [Pass JVM options](../../public-networks/how-to/pass-jvm-options.md)
- [Configure high availability](../../public-networks/how-to/configure-ha/index.md)
- [Configure mining](../../public-networks/how-to/use-pow/mining.md)
- [Use the Besu API](../../public-networks/how-to/use-besu-api/index.md):
- [Use JSON-RPC over HTTP, WS, and IPC](../../public-networks/how-to/use-besu-api/json-rpc.md)
- [Use RPC Pub/Sub over WS](../../public-networks/how-to/use-besu-api/rpc-pubsub.md)
- [Use GraphQL over HTTP](../../public-networks/how-to/use-besu-api/graphql.md)
- [Authenticate JSON-RPC requests](../../public-networks/how-to/use-besu-api/authenticate.md)
- [Access logs using JSON-RPC API](../../public-networks/how-to/use-besu-api/access-logs.md)
- Find and connect to peers:
- [Configure static nodes](../../public-networks/how-to/connect/static-nodes.md)
- [Configure ports](../../public-networks/how-to/connect/configure-ports.md)
- [Manage peers](../../public-networks/how-to/connect/manage-peers.md)
- [Specify NAT method](../../public-networks/how-to/connect/specify-nat.md)
- Develop dapps:
- [Use Truffle](../../public-networks/how-to/develop/truffle.md)
- [Use client libraries](../../public-networks/how-to/develop/client-libraries.md)
- Troubleshoot:
- [Use EVM tool](../../public-networks/how-to/troubleshoot/evm-tool.md)
- [Use Java Flight Recorder](../../public-networks/how-to/troubleshoot/java-flight-recorder.md)
- [Trace transactions](../../public-networks/how-to/troubleshoot/trace-transactions.md)

@ -2,10 +2,10 @@
description: Using Elastick Stack (ELK) with Hyperledger Besu
---
# Elastic Stack
# Use Elastic Stack
[Elastic Stack] (ELK) is an open-source log management platform that is available when using the
[Developer Quickstart](../../Tutorials/Developer-Quickstart.md).
[Developer Quickstart](../../tutorials/quickstart.md).
The [Filebeat] configuration ingests logs and the [Metricbeat] configuration collects metrics from the nodes at regular
defined intervals and outputs them to Redis for storage.
@ -21,11 +21,11 @@ The [pipeline configuration] defines the JSON format used for Besu logs and auto
To see the Besu Quickstart network logs in Kibana:
1. [Start the Developer Quickstart with Besu](../../Tutorials/Developer-Quickstart.md), selecting ELK monitoring.
1. [Start the Developer Quickstart with Besu](../../tutorials/quickstart.md), selecting ELK monitoring.
1. Open the [`Kibana logs address`](http://localhost:5601/app/kibana#/discover) listed by the sample networks `list.sh` script.
The logs display in Kibana.
![Kibana](../../images/KibanaQuickstart.png)
![Kibana](../../../images/KibanaQuickstart.png)
<!-- Links -->
[Filebeat]: https://github.com/ConsenSys/quorum-dev-quickstart/blob/b72a0f64d685c851bf8be399a8e33bbdf0e09982/files/common/filebeat/filebeat.yml

@ -0,0 +1,19 @@
---
description: Monitoring using metrics and logging
---
# Monitoring
Use monitoring to identify node and network issues. In private networks, you can
[configure metrics and logging](../../../public-networks/how-to/monitor/index.md) as in public
networks.
You can also use the following monitoring tools in private networks:
- [Elastic Stack](elastic-stack.md)
- [Quorum Hibernate](quorum-hibernate.md)
- [Splunk](splunk.md)
- [OpenTelemetry](opentelemetry.md)
For an overview of monitoring Hyperledger Besu, view
[this recording](https://www.youtube.com/watch?v=7BuutRe0I28&feature=youtu.be).

@ -2,11 +2,11 @@
description: Collect Besu information with the OpenTelemetry Collector
---
# OpenTelemetry
# Use OpenTelemetry
You can use the OpenTelemetry monitoring and tracing service to gather node metrics and traces.
To enable OpenTelemetry to access Hyperledger Besu, use the [`--metrics-enabled`](../../Reference/CLI/CLI-Syntax.md#metrics-enabled)
and [`--metrics-protocol=opentelemetry`](../../Reference/CLI/CLI-Syntax.md#metrics-protocol) options.
To enable OpenTelemetry to access Hyperledger Besu, use the [`--metrics-enabled`](../../../public-networks/reference/cli/options.md#metrics-enabled)
and [`--metrics-protocol=opentelemetry`](../../../public-networks/reference/cli/options.md#metrics-protocol) options.
Use [Splunk](https://splunk.com) to visualize the collected data.
A [Besu Sync example](https://github.com/splunk/splunk-connect-for-ethereum/tree/master/examples/besu-sync) is available.
@ -140,8 +140,8 @@ Download and install the [OpenTelemetry Collector](https://github.com/open-telem
You can also refer to this [Docker-compose example](https://github.com/splunk/splunk-connect-for-ethereum/blob/989dc2ccae7d8235bf3ce2a83a18cf0cd1713294/examples/besu-sync/full-sync/docker-compose.yaml).
1. Start Besu with the [`--metrics-enabled`](../../Reference/CLI/CLI-Syntax.md#metrics-enabled) and
[`--metrics-protocol=opentelemetry`](../../Reference/CLI/CLI-Syntax.md#metrics-protocol) options.
1. Start Besu with the [`--metrics-enabled`](../../../public-networks/reference/cli/options.md#metrics-enabled) and
[`--metrics-protocol=opentelemetry`](../../../public-networks/reference/cli/options.md#metrics-protocol) options.
For example, run the following command to start a single node:
=== "Syntax"

@ -2,7 +2,7 @@
description: Use Quorum Hibernate with Hyperledger Besu
---
# Quorum Hibernate
# Use Quorum Hibernate
[Quorum Hibernate] is a proxy that monitors a node's API traffic and hibernates the node when inactive.
This reduces infrastructure costs by ensuring only nodes receiving API requests or nodes required to establish consensus

@ -2,7 +2,7 @@
description: Send Hyperledger Besu logs to Splunk
---
# Splunk
# Use Splunk
[Splunk](https://splunkbase.splunk.com/app/4866/) is a third-party monitoring solution compatible with Besu.
A Splunk server can receive Besu logs and enable complex search, visualization, and analysis.
@ -21,7 +21,7 @@ Options for running Splunk and Besu are:
To view the Quickstart network logs in Splunk:
1. [Start the Developer Quickstart with Besu](../../Tutorials/Developer-Quickstart.md), selecting Splunk monitoring.
1. [Start the Developer Quickstart with Besu](../../tutorials/quickstart.md), selecting Splunk monitoring.
1. Open the [Splunk UI](http://localhost:8000).
## Splunk Connect for Ethereum Docker Compose
@ -53,9 +53,9 @@ Docker Compose environment provided by Splunk.
!!! note
Splunk enterprise takes some time to start.
Run `docker ps` and wait for the `STATUS` of the 3 containers to be `Up [number] seconds (healthy)`.
```
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
127600dd1173 splunkdlt/ethlogger:latest "ethlogger" 53 seconds ago Up 51 seconds (healthy) ethlogger
@ -65,10 +65,10 @@ Docker Compose environment provided by Splunk.
## Use Splunk Enterprise as a Docker container
### Requirements
### Prerequisites
- [Docker](https://docs.docker.com/compose/install/)
- [Besu 1.4.4](https://github.com/hyperledger/besu/blob/750580dcca349d22d024cc14a8171b2fa74b505a/CHANGELOG.md#144) or later [installed](../Get-Started/Installation-Options/Install-Binaries.md)
- [Besu 1.4.4](https://github.com/hyperledger/besu/blob/750580dcca349d22d024cc14a8171b2fa74b505a/CHANGELOG.md#144) or later [installed](../../get-started/install/binary-distribution.md)
!!! important
@ -77,9 +77,9 @@ Docker Compose environment provided by Splunk.
!!! note
If running [Besu as a Docker container](../Get-Started/Installation-Options/Run-Docker-Image.md), consider using
If running [Besu as a Docker container](../../get-started/install/run-docker-image.md), consider using
[Splunk Connect for Ethereum Docker Compose](#splunk-connect-for-ethereum-docker-compose) or
[Kubernetes](../Deploy/Kubernetes.md) instead of the Splunk Enterprise trial container.
[Kubernetes](../deploy/kubernetes.md) instead of the Splunk Enterprise trial container.
### Steps
@ -103,7 +103,7 @@ Docker Compose environment provided by Splunk.
!!! tip
To follow the logs of the Splunk container:
```bash
docker logs -f splunk-demo
```
@ -140,17 +140,17 @@ Docker Compose environment provided by Splunk.
Congratulations! You can now play with the search and other Splunk features to explore your Besu logs.
![Splunk search page](../../images/splunk-ui.png)
![Splunk search page](../../../images/splunk-ui.png)
1. Stop Besu with ++ctrl+c++.
Stop the Splunk container with `docker stop splunk-demo`.
## Run a Splunk Enterprise instance
### Requirements
### Prerequisites
- [Splunk Enterprise license](https://www.splunk.com/)
- [Besu 1.4.4](https://github.com/hyperledger/besu/blob/master/CHANGELOG.md#144) or later [installed](../Get-Started/Installation-Options/Install-Binaries.md)
- [Besu 1.4.4](https://github.com/hyperledger/besu/blob/master/CHANGELOG.md#144) or later [installed](../../get-started/install/binary-distribution.md)
### Steps

@ -2,30 +2,30 @@
description: Creating and sending concurrent private transactions with Hyperledger Besu
---
# Sending concurrent private transactions
# Send concurrent private transactions
Private transaction processing involves two transactions, the private transaction and the
[privacy marker transaction (PMT)](../../Concepts/Privacy/Private-Transaction-Processing.md).
The private transaction and the PMT each have their own [nonce](../../Concepts/Privacy/Private-Transactions.md#nonces).
[privacy marker transaction (PMT)](../../concepts/privacy/private-transactions/processing.md).
The private transaction and the PMT each have their own [nonce](../../concepts/privacy/private-transactions/index.md#nonces).
If your private transaction rate requires sending private transactions without waiting for the previous
private transaction to be mined, using [`eth_getTransactionCount`](../../Reference/API-Methods.md#eth_gettransactioncount)
and [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) may result in
[incorrect nonces](../../Concepts/Privacy/Private-Transactions.md#private-nonce-management).
private transaction to be mined, using [`eth_getTransactionCount`](../../../public-networks/reference/api/index.md#eth_gettransactioncount)
and [`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction) may result in
[incorrect nonces](../../concepts/privacy/private-transactions/index.md#private-nonce-management).
In this case, use [`priv_distributeRawTransaction`](Creating-Sending-Private-Transactions.md#priv_distributerawtransaction)
instead of [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
In this case, use [`priv_distributeRawTransaction`](private-transactions.md#priv_distributerawtransaction)
instead of [`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction).
!!! note
You can use [`priv_getTransactionCount`](../../Reference/API-Methods.md#priv_gettransactioncount) or
[`priv_getEeaTransactionCount`](../../Reference/API-Methods.md#priv_geteeatransactioncount) to get the nonce for
You can use [`priv_getTransactionCount`](../../reference/api/index.md#priv_gettransactioncount) or
[`priv_getEeaTransactionCount`](../../reference/api/index.md#priv_geteeatransactioncount) to get the nonce for
an account for the specified privacy group or participants.
Send the corresponding PMT using [`eth_sendRawTransaction`](../../Reference/API-Methods.md#eth_sendrawtransaction),
Send the corresponding PMT using [`eth_sendRawTransaction`](../../../public-networks/reference/api/index.md#eth_sendrawtransaction),
specifying the public PMT nonce.
This method allows you to create and send the PMT yourself rather than
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) handling the PMT.
[`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction) handling the PMT.
!!! important
@ -37,6 +37,6 @@ This method allows you to create and send the PMT yourself rather than
The [web3js-quorum library](https://github.com/ConsenSys/web3js-quorum/tree/master/example/concurrentPrivateTransactions)
includes an example of how to send concurrent private transactions.
The example uses [offchain privacy groups](../../Concepts/Privacy/Privacy-Groups.md).
Use [`priv_getPrivacyPrecompileAddress`](../../Reference/API-Methods.md#priv_getprivacyprecompileaddress) to get the
The example uses [offchain privacy groups](../../concepts/privacy/privacy-groups.md).
Use [`priv_getPrivacyPrecompileAddress`](../../reference/api/index.md#priv_getprivacyprecompileaddress) to get the
precompile address to specify in the `to` field when creating the PMT.

@ -0,0 +1,14 @@
---
description: private networks send transactions overview
---
# Create and send transactions
In private networks, you can create and [send regular transactions](../../../public-networks/how-to/send-transactions.md)
as in public networks.
You can also:
- [Send private transactions](private-transactions.md).
- [Send concurrent private transactions](concurrent-private-transactions.md).
- [Include revert reason in transactions](revert-reason.md).

@ -2,11 +2,11 @@
description: Creating and sending private transactions with Hyperledger Besu
---
# Creating and sending private transactions
# Create and send private transactions
Create and send [private transactions](../../Concepts/Privacy/Privacy-Overview.md) using:
Create and send [private transactions](../../concepts/privacy/index.md) using:
* [web3js-quorum client library](../Interact/Client-Libraries/web3js-quorum.md) or
* [web3js-quorum client library](../use-privacy/web3js-quorum.md) or
[web3j client library](https://github.com/web3j/web3j)
* [`eea_sendTransaction` with EthSigner](https://docs.ethsigner.consensys.net/en/latest/Using-EthSigner/Using-EthSigner/)
* [`eea_sendRawTransaction`](#eea_sendrawtransaction)
@ -17,7 +17,7 @@ distributed. If any participants are offline when submitting the private transac
transaction is not attempted and you must resubmit the transaction.
The `gas` and `gasPrice` specified when sending a private transaction are used by the
[privacy marker transaction (PMT)](../../Concepts/Privacy/Private-Transaction-Processing.md), not the private transaction itself.
[privacy marker transaction (PMT)](../../concepts/privacy/private-transactions/processing.md), not the private transaction itself.
!!! note
@ -26,40 +26,40 @@ The `gas` and `gasPrice` specified when sending a private transaction are used b
## `eea_sendRawTransaction`
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) distributes the
[`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction) distributes the
private transaction to the participating nodes, and signs and submits the PMT, as described in
[Private transaction processing](../../Concepts/Privacy/Private-Transaction-Processing.md).
[Private transaction processing](../../concepts/privacy/private-transactions/processing.md).
!!! note
If [sending concurrent transactions](Concurrent-Private-Transactions.md), you must use
If [sending concurrent transactions](concurrent-private-transactions.md), you must use
[`priv_distributeRawTransaction`](#priv_distributerawtransaction) instead of
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
[`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction).
## `priv_distributeRawTransaction`
Use [`priv_distributeRawTransaction`](../../Reference/API-Methods.md#priv_distributerawtransaction) instead of
[`eea_sendRawTransaction`](#eea_sendrawtransaction) when sending [concurrent private transactions](Concurrent-Private-Transactions.md).
Use [`priv_distributeRawTransaction`](../../reference/api/index.md#priv_distributerawtransaction) instead of
[`eea_sendRawTransaction`](#eea_sendrawtransaction) when sending [concurrent private transactions](concurrent-private-transactions.md).
[`priv_distributeRawTransaction`](../../Reference/API-Methods.md#priv_distributerawtransaction)
[`priv_distributeRawTransaction`](../../reference/api/index.md#priv_distributerawtransaction)
distributes the private transaction to the participating nodes but does not sign and submit the PMT.
That is, it performs steps 1 to 5 of [Private Transaction Processing](../../Concepts/Privacy/Private-Transaction-Processing.md).
That is, it performs steps 1 to 5 of [private transaction processing](../../concepts/privacy/private-transactions/processing.md).
If using
[`priv_distributeRawTransaction`](../../Reference/API-Methods.md#priv_distributerawtransaction)
instead of [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction), use
[`priv_distributeRawTransaction`](../../reference/api/index.md#priv_distributerawtransaction)
instead of [`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction), use
the value returned by
[`priv_distributeRawTransaction`](../../Reference/API-Methods.md#priv_distributerawtransaction),
[`priv_distributeRawTransaction`](../../reference/api/index.md#priv_distributerawtransaction),
which is the enclave key to the private transaction in [Tessera](https://docs.tessera.consensys.net/),
in the `data` field of a call to
[`eth_sendRawTransaction`](../../Reference/API-Methods.md#eth_sendrawtransaction).
[`eth_sendRawTransaction`](../../../public-networks/reference/api/index.md#eth_sendrawtransaction).
Use the value returned by
[`priv_getPrivacyPrecompileAddress`](../../Reference/API-Methods.md#priv_getprivacyprecompileaddress), which is the
address of the [privacy precompiled contract](../../Concepts/Privacy/Private-Transaction-Processing.md), in the `to`
[`priv_getPrivacyPrecompileAddress`](../../reference/api/index.md#priv_getprivacyprecompileaddress), which is the
address of the [privacy precompiled contract](../../concepts/privacy/private-transactions/processing.md), in the `to`
field of the call.
By using the [public Ethereum transaction](Transactions.md),
[`eth_sendRawTransaction`](../../Reference/API-Methods.md#eth_sendrawtransaction), you are signing
By using the [public Ethereum transaction](../../how-to/send-transactions/index.md),
[`eth_sendRawTransaction`](../../../public-networks/reference/api/index.md#eth_sendrawtransaction), you are signing
and submitting the PMT yourself instead of having it signed by the Besu node, giving you greater control over the PMT.
!!! warning
@ -90,7 +90,7 @@ and submitting the PMT yourself instead of having it signed by the Besu node, gi
}
```
Send the enclave key in the `data` field, and the [privacy precompile address](../../Reference/API-Methods.md#priv_getprivacyprecompileaddress) in the `to` field of `eth_sendRawTransaction`:
Send the enclave key in the `data` field, and the [privacy precompile address](../../reference/api/index.md#priv_getprivacyprecompileaddress) in the `to` field of `eth_sendRawTransaction`:
```json
{
@ -111,15 +111,15 @@ and submitting the PMT yourself instead of having it signed by the Besu node, gi
To create an [EEA-compliant private transaction], specify `privateFor` when creating the signed
transaction passed as an input parameter to
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
[`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction).
To create a [Besu-extended private transaction], specify a `privacyGroupId` when creating the
signed transaction passed as an input parameter to
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
[`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction).
## Unsigned and unencoded private transactions
The [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) parameter is
The [`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction) parameter is
a signed RLP-encoded private transaction. Shown below are examples of unsigned and unencoded
private transactions to create a contract.
@ -158,10 +158,10 @@ private transactions to create a contract.
!!! tip
The `example` directory in the
[web3js-quorum client library](../Interact/Client-Libraries/web3js-quorum.md) contains examples of
[web3js-quorum client library](../use-privacy/web3js-quorum.md) contains examples of
signing and encoding private transactions.
<!-- links ---->
[EEA-compliant private transaction]: ../../Concepts/Privacy/Privacy-Groups.md#enterprise-ethereum-alliance-privacy
[Besu-extended private transaction]: ../../Concepts/Privacy/Privacy-Groups.md#besu-extended-privacy
[EEA-compliant private transaction]: ../../concepts/privacy/privacy-groups.md#enterprise-ethereum-alliance-privacy
[Besu-extended private transaction]: ../../concepts/privacy/privacy-groups.md#besu-extended-privacy

@ -33,29 +33,29 @@ client an optional string message containing information about the error.
function withdraw() public {
if (msg.sender != owner)
revert Unauthorized();
payable(msg.sender).transfer(address(this).balance);
}
}
```
## Enabling revert reason
## Enable revert reason
Use the [`--revert-reason-enabled`](../../Reference/CLI/CLI-Syntax.md#revert-reason-enabled)
Use the [`--revert-reason-enabled`](../../../public-networks/reference/cli/options.md#revert-reason-enabled)
command line option to include the revert reason in the transaction receipt,
[`eth_estimateGas`](../../Reference/API-Methods.md#eth_estimategas) error,
[`eth_call`](../../Reference/API-Methods.md#eth_call) error, and
[`trace`](../../Reference/Trace-Types.md#trace) response in Hyperledger Besu.
[`eth_estimateGas`](../../../public-networks/reference/api/index.md#eth_estimategas) error,
[`eth_call`](../../../public-networks/reference/api/index.md#eth_call) error, and
[`trace`](../../../public-networks/reference/trace-types.md#trace) response in Hyperledger Besu.
!!! caution
Enabling revert reason may use a significant amount of memory. We do not recommend enabling
revert reason when connected to public Ethereum networks.
## Where is the revert reason included
## Where the revert reason is included
With revert reason enabled, the transaction receipt returned by
[`eth_getTransactionReceipt`](../../Reference/API-Methods.md#eth_gettransactionreceipt) includes
[`eth_getTransactionReceipt`](../../../public-networks/reference/api/index.md#eth_gettransactionreceipt) includes
the revert reason as an ABI-encoded string.
!!! important
@ -64,7 +64,7 @@ the revert reason as an ABI-encoded string.
revert reason in the transactions receipt's root hash means the revert reason is only available
to nodes that execute the transaction when importing the block. That is, the revert reason is
not available if using fast synchronization
([`--sync-mode=FAST`](../../Reference/CLI/CLI-Syntax.md#sync-mode)).
([`--sync-mode=FAST`](../../../public-networks/reference/cli/options.md#sync-mode)).
!!! example
@ -90,8 +90,8 @@ the revert reason as an ABI-encoded string.
}
```
The error returned by [`eth_estimateGas`](../../Reference/API-Methods.md#eth_estimategas) and
[`eth_call`](../../Reference/API-Methods.md#eth_call) includes the revert reason as an ABI-encoded string in the `data` field.
The error returned by [`eth_estimateGas`](../../../public-networks/reference/api/index.md#eth_estimategas) and
[`eth_call`](../../../public-networks/reference/api/index.md#eth_call) includes the revert reason as an ABI-encoded string in the `data` field.
!!! example "Example of `eth_estimateGas` and `eth_call` error"
@ -107,10 +107,10 @@ The error returned by [`eth_estimateGas`](../../Reference/API-Methods.md#eth_est
}
```
The list items in the [`trace`](../../Reference/Trace-Types.md#trace) response returned by
[`trace_replayBlockTransactions`](../../Reference/API-Methods.md#trace_replayblocktransactions),
[`trace_block`](../../Reference/API-Methods.md#trace_block), and
[`trace_transaction`](../../Reference/API-Methods.md#trace_transaction) include the revert reason as an ABI-encoded string.
The list items in the [`trace`](../../../public-networks/reference/trace-types.md#trace) response returned by
[`trace_replayBlockTransactions`](../../../public-networks/reference/api/index.md#trace_replayblocktransactions),
[`trace_block`](../../../public-networks/reference/api/index.md#trace_block), and
[`trace_transaction`](../../../public-networks/reference/api/index.md#trace_transaction) include the revert reason as an ABI-encoded string.
!!! example "Example of `trace` response list item"

@ -0,0 +1,45 @@
---
description: Upgrading protocol versions
---
# Network and protocol upgrades
!!! important
Node upgrades upgrade your Besu client to a later version.
In private networks, you can [upgrade your node](../../public-networks/how-to/upgrade-node.md)
as in public networks.
Network upgrades are the mechanism for upgrading the Ethereum protocol.
Protocol upgrades occur during the network upgrades.
For Ethereum Mainnet and public testnets, the milestone block definitions are included in Besu.
Upgrading your Besu client applies the network upgrade.
For private networks, all network participants must agree on the protocol upgrades and coordinate
the network upgrades.
The genesis file specifies the milestone block at which to apply the protocol upgrade.
## Upgrade the protocol
To upgrade the protocol in a private network:
1. Review included EIPs for breaking changes.
A [meta EIP](https://eips.ethereum.org/meta) for each protocol upgrade lists included EIPs.
For example, [Istanbul](https://eips.ethereum.org/EIPS/eip-1679).
1. Network participants agree on the block number at which to upgrade.
1. For each node in the network:
1. Add the [milestone block number](../../public-networks/reference/genesis-items.md#milestone-blocks) to
the genesis file.
1. Restart the node before reaching milestone block.
!!! caution
To avoid a forked network, all network participants must update their genesis file to include
the agreed on milestone block and restart their node before reaching the milestone block.
!!! tip "Tips"
- For compatibility with future protocol upgrades, don't hardcode any gas price assumptions.
- Implementing upgradeable contracts enables contracts to be upgraded if a protocol upgrade does
include breaking changes.

@ -2,9 +2,9 @@
description: Hyperledger Besu local permissioning
---
# Local permissioning
# Use local permissioning
[Local permissioning](../../Concepts/Permissioning/Permissioning-Overview.md#local) supports node and account allowlisting.
[Local permissioning](../../concepts/permissioning/index.md#local) supports node and account allowlisting.
## Node allowlisting
@ -26,15 +26,15 @@ enabled, communication is only between nodes in the allowlist.
Node allowlisting is at the node level. That is, each node in the network has a
[permissions configuration file](#permissions-configuration-file) file in the
[data directory](../../Reference/CLI/CLI-Syntax.md#data-path) for the node.
[data directory](../../../public-networks/reference/cli/options.md#data-path) for the node.
Local permissioning doesn't check that the node using the permissions configuration file is listed in the
allowlist, it only checks that the remote end of the connection is in the allowlist. Use [onchain permissioning] if you
need to check both ends of the connection.
### Specifying bootnodes in the allowlist
### Specify bootnodes in the allowlist
The nodes permissions list must include the [bootnodes](../Find-and-Connect/Bootnodes.md) or Hyperledger Besu doesn't
The nodes permissions list must include the [bootnodes](../configure/bootnodes.md) or Hyperledger Besu doesn't
start with node permissions enabled.
!!! example
@ -54,34 +54,34 @@ start with node permissions enabled.
(for example, if you use Kubernetes implementing a load balancer for ingress and a NAT gateway IP address for egress),
add both addresses to the allowlist, using the same public key for each IP address. This will allow the node to connect.
### Enabling node allowlisting
### Enable node allowlisting
To enable node allowlisting, specify the
[`--permissions-nodes-config-file-enabled`](../../Reference/CLI/CLI-Syntax.md#permissions-nodes-config-file-enabled)
[`--permissions-nodes-config-file-enabled`](../../reference/cli/options.md#permissions-nodes-config-file-enabled)
option when starting Besu.
The `PERM` API methods are not enabled by default. To enable the `PERM` API methods, use the
[`--rpc-http-api`](../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) options.
[`--rpc-http-api`](../../../public-networks/reference/cli/options.md#rpc-http-api) or
[`--rpc-ws-api`](../../../public-networks/reference/cli/options.md#rpc-ws-api) options.
### Updating the node allowlist
### Update the node allowlist
To update the nodes allowlist while the node is running, use the following JSON-RPC API methods:
* [perm_addNodesToAllowlist](../../Reference/API-Methods.md#perm_addnodestoallowlist)
* [perm_removeNodesFromAllowlist](../../Reference/API-Methods.md#perm_removenodesfromallowlist)
* [perm_addNodesToAllowlist](../../reference/api/index.md#perm_addnodestoallowlist)
* [perm_removeNodesFromAllowlist](../../reference/api/index.md#perm_removenodesfromallowlist)
You can also update the [`permissions_config.toml`](#permissions-configuration-file) file directly
and then update the allowlist using the
[`perm_reloadPermissionsFromFile`](../../Reference/API-Methods.md#perm_reloadpermissionsfromfile)
[`perm_reloadPermissionsFromFile`](../../reference/api/index.md#perm_reloadpermissionsfromfile)
method.
Updates to the permissions configuration file persist across node restarts.
### Viewing the node allowlist
### View the node allowlist
To view the nodes allowlist, use the
[perm_getNodesAllowlist](../../Reference/API-Methods.md#perm_getnodesallowlist) method.
[perm_getNodesAllowlist](../../reference/api/index.md#perm_getnodesallowlist) method.
!!! note
@ -111,22 +111,22 @@ permissioning accepts transactions only from accounts in the accounts allowlist.
Account allowlisting is at the node level. That is, each node in the network has a
[permissions configuration file](#permissions-configuration-file) in the
[data directory](../../Reference/CLI/CLI-Syntax.md#data-path) for the node.
[data directory](../../../public-networks/reference/cli/options.md#data-path) for the node.
!!! caution "Using account permissioning and privacy"
Account permissioning is incompatible with
[random key signing](../Use-Privacy/Sign-Privacy-Marker-Transactions.md) for
[privacy marker transactions](../../Concepts/Privacy/Private-Transaction-Processing.md).
[random key signing](../use-privacy/sign-pmts.md) for
[privacy marker transactions](../../concepts/privacy/private-transactions/processing.md).
If using account permissioning and privacy, a signing key must be specified using the
[`--privacy-marker-transaction-signing-key-file`](../../Reference/CLI/CLI-Syntax.md#privacy-marker-transaction-signing-key-file)
[`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file)
command line option and the corresponding public key included in the accounts allowlist.
Transaction validation against the accounts allowlist occurs at the following points:
* Submitted by JSON-RPC API method
[`eth_sendRawTransaction`](../../Reference/API-Methods.md#eth_sendrawtransaction)
[`eth_sendRawTransaction`](../../../public-networks/reference/api/index.md#eth_sendrawtransaction)
* Received via propagation from another node
* Added to a block by a mining node
@ -136,7 +136,7 @@ transactions from accounts that are not on the accounts allowlist of that node.
The following diagram illustrates applying local and onchain permissioning rules.
![Permissioning Flow](../../images/PermissioningFlow.png)
![Permissioning Flow](../../../images/PermissioningFlow.png)
!!! example "Example of different account allowlists"
@ -162,60 +162,60 @@ The following diagram illustrates applying local and onchain permissioning rules
by Node B to which it's propagated if the account is not in the Node B allowlist. We
recommend each node in the network has the same accounts allowlist.
### Enabling account allowlisting
### Enable account allowlisting
To enable account allowlisting, specify the
[`--permissions-accounts-config-file-enabled`](../../Reference/CLI/CLI-Syntax.md#permissions-accounts-config-file-enabled)
[`--permissions-accounts-config-file-enabled`](../../reference/cli/options.md#permissions-accounts-config-file-enabled)
option when starting Besu.
The `PERM` API methods are not enabled by default. To enable the `PERM` API methods, use the
[`--rpc-http-api`](../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) options.
[`--rpc-http-api`](../../../public-networks/reference/cli/options.md#rpc-http-api) or
[`--rpc-ws-api`](../../../public-networks/reference/cli/options.md#rpc-ws-api) options.
### Updating the account allowlist
### Update the account allowlist
To update the accounts allowlist when the node is running, use the JSON-RPC API methods:
* [`perm_addAccountsToAllowlist`](../../Reference/API-Methods.md#perm_addaccountstoallowlist)
* [`perm_removeAccountsFromAllowlist`](../../Reference/API-Methods.md#perm_removeaccountsfromallowlist).
* [`perm_addAccountsToAllowlist`](../../reference/api/index.md#perm_addaccountstoallowlist)
* [`perm_removeAccountsFromAllowlist`](../../reference/api/index.md#perm_removeaccountsfromallowlist).
You can also update the [`permissions_config.toml`](#permissions-configuration-file) file directly
and use the
[`perm_reloadPermissionsFromFile`](../../Reference/API-Methods.md#perm_reloadpermissionsfromfile)
[`perm_reloadPermissionsFromFile`](../../reference/api/index.md#perm_reloadpermissionsfromfile)
method to update the allowlists.
Updates to the permissions configuration file persist across node restarts.
### Viewing the account allowlist
### View the account allowlist
To view the accounts allowlist, use the
[`perm_getAccountsAllowlist`](../../Reference/API-Methods.md#perm_getaccountsallowlist) method.
[`perm_getAccountsAllowlist`](../../reference/api/index.md#perm_getaccountsallowlist) method.
## Permissions configuration file
The permissions configuration file contains the nodes and accounts allowlists. If the
[`--permissions-accounts-config-file`](../../Reference/CLI/CLI-Syntax.md#permissions-accounts-config-file)
and [`--permissions-nodes-config-file`](../../Reference/CLI/CLI-Syntax.md#permissions-nodes-config-file)
[`--permissions-accounts-config-file`](../../reference/cli/options.md#permissions-accounts-config-file)
and [`--permissions-nodes-config-file`](../../reference/cli/options.md#permissions-nodes-config-file)
options are not specified, the name of the permissions configuration file must be
[`permissions_config.toml`](#permissions-configuration-file) and must be in the
[data directory](../../Reference/CLI/CLI-Syntax.md#data-path) for the node.
[data directory](../../../public-networks/reference/cli/options.md#data-path) for the node.
You can specify the accounts and nodes allowlists in the same file or in separate files for
accounts and nodes.
To specify a permissions configuration file (or separate files for accounts and nodes) in any
location, use the
[`--permissions-accounts-config-file`](../../Reference/CLI/CLI-Syntax.md#permissions-accounts-config-file)
[`--permissions-accounts-config-file`](../../reference/cli/options.md#permissions-accounts-config-file)
and
[`--permissions-nodes-config-file`](../../Reference/CLI/CLI-Syntax.md#permissions-nodes-config-file)
[`--permissions-nodes-config-file`](../../reference/cli/options.md#permissions-nodes-config-file)
options.
!!!note
The [`--permissions-accounts-config-file`](../../Reference/CLI/CLI-Syntax.md#permissions-accounts-config-file)
and [`permissions-nodes-config-file`](../../Reference/CLI/CLI-Syntax.md#permissions-nodes-config-file)
The [`--permissions-accounts-config-file`](../../reference/cli/options.md#permissions-accounts-config-file)
and [`permissions-nodes-config-file`](../../reference/cli/options.md#permissions-nodes-config-file)
options are not used when running Besu from the
[Docker image](../Get-Started/Installation-Options/Run-Docker-Image.md). Use a bind mount to
[Docker image](../../get-started/install/run-docker-image.md). Use a bind mount to
[specify a permissions configuration file with Docker].
!!! example "Sample permissions configuration file"
@ -227,6 +227,6 @@ options.
```
<!-- Links -->
[specify a permissions configuration file with Docker]: ../Get-Started/Installation-Options/Run-Docker-Image.md#permissions-configuration-file
[support domain names]: ../../Concepts/Node-Keys.md#domain-name-support
[onchain permissioning]: ../../Concepts/Permissioning/Onchain-Permissioning.md
[specify a permissions configuration file with Docker]: ../../get-started/install/run-docker-image.md
[support domain names]: ../../../public-networks/concepts/node-keys.md#domain-name-support
[onchain permissioning]: ../../concepts/permissioning/onchain.md

@ -0,0 +1,128 @@
---
description: Updating Hyperledger Besu onchain allowlists
---
# Use onchain permissioning
When using [onchain permissioning](../../concepts/permissioning/onchain.md), you can update
[nodes](#update-nodes-allowlist) and [accounts](#update-accounts-allowlist) allowlists using the
Besu [permissioning management dapp](#deploy-the-permissioning-management-dapp).
## Deploy the permissioning management dapp
To deploy the permissioning management dapp for production:
1. Retrieve the most recent release (tarball or zip) from the [projects release page].
1. Unpack the distribution into a directory available to your Web server.
1. In the root of the unpack directory, add a file called `config.json` replacing the placeholders
shown below.
!!! example "`config.json`"
```json
{
"accountIngressAddress": "<Address of the account ingress contract>",
"nodeIngressAddress": "<Address of the node ingress contract>",
"networkId": "<ID of your Ethereum network>"
}
```
1. On your Web server, host the contents of the directory as static files and direct root requests
to `index.html`.
!!! note "Start a production permissioned network"
To start a production permissioned network, follow the [onchain permissioning tutorial], but don't
perform the steps using `yarn` to install, build, and start the development server.
Instead, follow the steps in this section to deploy the permissioning management dapp to your Web server.
## Update nodes allowlist
To add a node to the Hyperledger Besu nodes allowlist:
1. On the **Nodes** tab of the permissioning management dapp, select **Add Node**.
The **Add Node** window displays.
2. Enter the [enode URL](../../../public-networks/concepts/node-keys.md#enode-url) of the node you are adding and select **Add Node**.
!!! tip
If your node has two different IP addresses for ingress and egress
(for example, if you use Kubernetes implementing a load balancer for ingress and a NAT gateway IP address for egress),
add both addresses to the allowlist, using the same public key for each IP address. This will allow the node to connect.
!!! important
Node allowlists [support domain names] in enode URLs as an experimental feature. Use the `--Xdns-enabled` option
to enable domain name support.
If using Kubernetes, enable domain name support and use the `--Xdns-update-enabled` option to ensure that Besu can
connect to a container after being restarted, even if the IP address of the container changes.
To remove a node from the nodes allowlist:
1. On the **Nodes** tab of the permissioning management dapp, hover over the row of the
node you are removing. A trash can displays.
1. Select the trash can.
!!! tip
If you add a running node, the node does not attempt to reconnect to the bootnode and
synchronize until peer discovery restarts. To add an allowlisted node as a peer without waiting
for peer discovery to restart, use
[`admin_addPeer`](../../../public-networks/reference/api/index.md#admin_addpeer).
If you add the node to the allowlist before starting the node, using `admin_addPeer` is not
required because peer discovery is run on node startup.
!!! tip
If nodes are not connecting as expected, set the [log level to `TRACE`](../../../public-networks/reference/cli/options.md#logging)
and search for messages containing `Node permissioning` to identify the issue.
Ensure the [`--p2p-host`](../../../public-networks/reference/cli/options.md#p2p-host) command line option has been
correctly configured for all nodes with the
externally accessible address.
If you change your network configuration, you may need to update the node allowlist.
## Update accounts allowlist
To add an account to the accounts allowlist:
1. On the **Accounts** tab of the permissioning management dapp, select **Add Account**.
The **Add Account** window displays.
1. Enter the account address in the **Account Address** field and select **Add Account**.
To remove an account from the accounts allowlist:
1. On the **Accounts** tab of the permissioning management dapp, hover over the row of
the account you are removing. A trash can displays.
1. Select the trash can.
## Update admins
You can add or remove admins in the same way as [accounts](#update-accounts-allowlist), except on the **Admins** tab.
## Specify the permissioning contract interface version
Use the [`--permissions-nodes-contract-version`](../../reference/cli/options.md#permissions-nodes-contract-version)
command line option to specify the version of the [permissioning contract interface](../../concepts/permissioning/onchain.md#permissioning-contracts).
The default is 1.
Specify the contract interface version that maps to the version of the [Enterprise Ethereum Alliance Client Specification](https://entethalliance.org/technical-specifications/)
the contract interface implements.
| | EEA Client Specification | Contract interface |
|:--------|:-------------------------|:-------------------|
| Version | 5 | 1 |
| Version | 6 | 2 |
The permissioning contracts in the [`ConsenSys/permissioning-smart-contracts`](https://github.com/ConsenSys/permissioning-smart-contracts)
repository implement the version 2 contract interface.
[support domain names]: ../../../public-networks/concepts/node-keys.md#domain-name-support
[projects release page]: https://github.com/ConsenSys/permissioning-smart-contracts/releases/latest
[onchain permissioning tutorial]: ../../tutorials/permissioning/onchain.md

@ -3,7 +3,7 @@ description: Methods for accessing and managing private transactions and privacy
Hyperledger Besu
---
# Accessing private and privacy marker transactions
# Access private and privacy marker transactions
!!! warning
@ -12,7 +12,7 @@ description: Methods for accessing and managing private transactions and privacy
and about all the [new Tessera features](https://consensys.net/blog/quorum/tessera-the-privacy-manager-of-choice-for-consensys-quorum-networks).
A Hyperledger Besu private transaction creates a
[privacy marker transaction](../../Concepts/Privacy/Private-Transaction-Processing.md) and
[privacy marker transaction](../../concepts/privacy/private-transactions/processing.md) and
the private transaction itself.
## Transaction receipts
@ -21,9 +21,9 @@ With the transaction hash returned when submitting the private transaction, to g
receipt for the:
* Private transaction, use
[`priv_getTransactionReceipt`](../../Reference/API-Methods.md#priv_gettransactionreceipt).
[`priv_getTransactionReceipt`](../../reference/api/index.md#priv_gettransactionreceipt).
* Privacy marker transaction, use
[`eth_getTransactionReceipt`](../../Reference/API-Methods.md#eth_gettransactionreceipt).
[`eth_getTransactionReceipt`](../../../public-networks/reference/api/index.md#eth_gettransactionreceipt).
The transaction receipt includes a `status` indicating if the transaction failed (`0x0`), succeeded (`0x1`), or
was invalid (`0x2`).
@ -31,7 +31,7 @@ was invalid (`0x2`).
!!! example "Private transaction failure example"
To deploy a private contract, you submit a transaction using
[`eea_sendRawTransaction`](../Send-Transactions/Creating-Sending-Private-Transactions.md). If
[`eea_sendRawTransaction`](../send-transactions/private-transactions.md). If
contract deployment fails because of insufficient gas, the privacy marker transaction receipt
has a status of success and the private transaction receipt has a status of failure.
@ -40,6 +40,6 @@ was invalid (`0x2`).
With the transaction hash returned when submitting the private transaction, to get the:
* Private transaction, use
[`priv_getPrivateTransaction`](../../Reference/API-Methods.md#priv_getprivatetransaction).
[`priv_getPrivateTransaction`](../../reference/api/index.md#priv_getprivatetransaction).
* Privacy marker transaction, use
[`eth_getTransactionByHash`](../../Reference/API-Methods.md#eth_gettransactionbyhash).
[`eth_getTransactionByHash`](../../../public-networks/reference/api/index.md#eth_gettransactionbyhash).

@ -2,7 +2,7 @@
description: Hyperledger Besu-extended privacy
---
# Using Hyperledger Besu-extended privacy
# Use Besu-extended privacy
!!! warning
@ -11,26 +11,26 @@ description: Hyperledger Besu-extended privacy
and about all the [new Tessera features](https://consensys.net/blog/quorum/tessera-the-privacy-manager-of-choice-for-consensys-quorum-networks).
Hyperledger Besu provides an extended implementation of privacy allowing you to
[create a privacy group for a set of participants](../../Concepts/Privacy/Privacy-Groups.md). You
[create a privacy group for a set of participants](../../concepts/privacy/privacy-groups.md). You
must specify the privacy group ID when sending private transactions.
To enable the [`PRIV` API methods](../../Reference/API-Methods.md#priv-methods), use the
[`--rpc-http-api`](../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) command line options.
To enable the [`PRIV` API methods](../../reference/api/index.md#priv-methods), use the
[`--rpc-http-api`](../../../public-networks/reference/cli/options.md#rpc-http-api) or
[`--rpc-ws-api`](../../../public-networks/reference/cli/options.md#rpc-ws-api) command line options.
To create the privacy group containing the recipients of a private transaction, use
[`priv_createPrivacyGroup`](../../Reference/API-Methods.md#priv_createprivacygroup).
[`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup).
To create an EEA-compliant private transaction, specify `privacyGroupId` when creating the signed
transaction passed as an input parameter to
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
[`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction).
## Privacy group type
Privacy groups created using
[`priv_createPrivacyGroup`](../../Reference/API-Methods.md#priv_createprivacygroup)
[`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup)
have a `BESU` privacy group type when returned by
[`priv_findPrivacyGroup`](../../Reference/API-Methods.md#priv_findprivacygroup).
[`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup).
!!! example

@ -2,7 +2,7 @@
description: Hyperledger Besu JSON-RPC methods to use for EEA-compliant privacy
---
# Using EEA-compliant privacy
# Use EEA-compliant privacy
!!! warning
@ -10,23 +10,23 @@ description: Hyperledger Besu JSON-RPC methods to use for EEA-compliant privacy
Read our [Orion to Tessera migration guide](https://docs.orion.consensys.net/en/latest/Tutorials/Migrating-from-Orion-to-Tessera/)
and about all the [new Tessera features](https://consensys.net/blog/quorum/tessera-the-privacy-manager-of-choice-for-consensys-quorum-networks).
When using Hyperledger Besu [EEA-compliant privacy](../../Concepts/Privacy/Privacy-Groups.md), the
When using Hyperledger Besu [EEA-compliant privacy](../../concepts/privacy/privacy-groups.md), the
group of nodes specified by `privateFrom` and `privateFor` form a privacy group, to which Tessera
assigns a unique privacy group ID.
To enable the [`EEA` API methods](../../Reference/API-Methods.md#eea-methods), use the
[`--rpc-http-api`](../../Reference/CLI/CLI-Syntax.md#rpc-http-api) or
[`--rpc-ws-api`](../../Reference/CLI/CLI-Syntax.md#rpc-ws-api) command line options.
To enable the [`EEA` API methods](../../reference/api/index.md#eea-methods), use the
[`--rpc-http-api`](../../../public-networks/reference/cli/options.md#rpc-http-api) or
[`--rpc-ws-api`](../../../public-networks/reference/cli/options.md#rpc-ws-api) command line options.
To create an EEA-compliant private transaction, specify `privateFor` when creating the signed
transaction passed as an input parameter to
[`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction).
[`eea_sendRawTransaction`](../../reference/api/index.md#eea_sendrawtransaction).
## Privacy group type
Privacy groups created when specifying `privateFrom` and `privateFor` have a `LEGACY` privacy group
type when returned by
[`priv_findPrivacyGroup`](../../Reference/API-Methods.md#priv_findprivacygroup).
[`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup).
!!! example

@ -2,7 +2,7 @@
description: Use flexible privacy groups
---
# Using flexible privacy groups
# Use flexible privacy groups
!!! warning
@ -11,7 +11,7 @@ description: Use flexible privacy groups
and about all the [new Tessera features](https://consensys.net/blog/quorum/tessera-the-privacy-manager-of-choice-for-consensys-quorum-networks).
Use the [`web3js-quorum` library](https://github.com/ConsenSys/web3js-quorum) to create and update
membership of [flexible privacy groups](../../Concepts/Privacy/Flexible-PrivacyGroups.md).
membership of [flexible privacy groups](../../concepts/privacy/flexible-privacy.md).
!!! tip
@ -20,7 +20,7 @@ membership of [flexible privacy groups](../../Concepts/Privacy/Flexible-PrivacyG
!!! important
[Flexible privacy groups](../../Concepts/Privacy/Flexible-PrivacyGroups.md) are an early access
[Flexible privacy groups](../../concepts/privacy/flexible-privacy.md) are an early access
feature. Don't use in production networks.
The flexible privacy group interfaces may change between releases. There might not be an
@ -28,20 +28,20 @@ membership of [flexible privacy groups](../../Concepts/Privacy/Flexible-PrivacyG
group functionality in future versions.
We don't recommend creating flexible privacy groups in a chain with existing
[offchain privacy groups](../../Concepts/Privacy/Privacy-Groups.md).
[offchain privacy groups](../../concepts/privacy/privacy-groups.md).
## Enabling flexible privacy groups
## Enable flexible privacy groups
Use the [`--privacy-flexible-groups-enabled`](../../Reference/CLI/CLI-Syntax.md#privacy-flexible-groups-enabled)
command line option to enable [flexible privacy groups](../../Concepts/Privacy/Flexible-PrivacyGroups.md).
When flexible privacy groups are enabled, the [`priv_createPrivacyGroup`](../../Reference/API-Methods.md#priv_createprivacygroup),
[`priv_deletePrivacyGroup`](../../Reference/API-Methods.md#priv_deleteprivacygroup),
and [`priv_findPrivacyGroup`](../../Reference/API-Methods.md#priv_findprivacygroup) methods for
[offchain privacy groups](../../Concepts/Privacy/Privacy-Groups.md) are disabled.
Use the [`--privacy-flexible-groups-enabled`](../../reference/cli/options.md#privacy-flexible-groups-enabled)
command line option to enable [flexible privacy groups](../../concepts/privacy/flexible-privacy.md).
When flexible privacy groups are enabled, the [`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup),
[`priv_deletePrivacyGroup`](../../reference/api/index.md#priv_deleteprivacygroup),
and [`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup) methods for
[offchain privacy groups](../../concepts/privacy/privacy-groups.md) are disabled.
## Simple flexible privacy group example
To create and find a [flexible privacy group](../../Concepts/Privacy/Flexible-PrivacyGroups.md) using
To create and find a [flexible privacy group](../../concepts/privacy/flexible-privacy.md) using
the [`web3js-quorum` library](https://github.com/ConsenSys/web3js-quorum):
1. Update the `example/keys.js` file to match your network configuration.
@ -62,9 +62,9 @@ the [`web3js-quorum` library](https://github.com/ConsenSys/web3js-quorum):
expected behavior because private transactions check offchain and onchain to find the privacy
group for a private transaction.
## Adding and removing members
## Add and remove members
To add and remove members from a [flexible privacy group](../../Concepts/Privacy/Flexible-PrivacyGroups.md),
To add and remove members from a [flexible privacy group](../../concepts/privacy/flexible-privacy.md),
use the `addTo` and `removeFrom` methods in the [`web3js-quorum` library](https://github.com/ConsenSys/web3js-quorum)
client library.

@ -2,7 +2,7 @@
description: Use GoQuorum-compatible privacy
---
# Using GoQuorum-compatible privacy
# Use GoQuorum-compatible privacy
GoQuorum-compatible privacy mode enables interoperable private transactions between Hyperledger
Besu and [GoQuorum clients] using the Tessera private transaction manager.
@ -10,10 +10,10 @@ Besu and [GoQuorum clients] using the Tessera private transaction manager.
This mode requires both networks to run an interoperable consensus algorithm such as [QBFT] to work.
To run your Besu nodes in GoQuorum-compatible privacy mode, add the `isQuorum:true` flag to your
[genesis file](../Configure/Genesis-File.md).
[genesis file](../../../public-networks/concepts/genesis-file.md).
While in GoQuorum-compatible privacy mode and using Tessera, disable [`orion` mode](https://docs.tessera.consensys.net/en/stable/HowTo/Configure/Orion-Mode/)
by removing `"mode": "orion",` from the [Tessera configuration file](../../Tutorials/Privacy/Configuring-Multi-Tenancy.md#3-update-the-tessera-configuration-file).
by removing `"mode": "orion",` from the [Tessera configuration file](../../tutorials/privacy/multi-tenancy.md#3-update-the-tessera-configuration-file).
## GoQuorum-compatible private transactions
@ -26,5 +26,5 @@ The following documentation explains [the transaction lifecycle] in GoQuorum-com
<!--links-->
[GoQuorum clients]: https://consensys.net/docs/goquorum/en/stable/
[QBFT]: ../Configure/Consensus-Protocols/QBFT.md
[QBFT]: ../configure/consensus/qbft.md
[the transaction lifecycle]: https://consensys.net/docs/goquorum/en/stable/concepts/privacy/private-transaction-lifecycle/

@ -1,4 +1,4 @@
# Private transaction performance best practices
# Performance best practices
This document collects deployment and usage tips to help you achieve high performance for private transactions.
If transaction throughput or latency is not meeting your expectations, please consider the following before raising an issue.
@ -26,7 +26,7 @@ When submitting a private transaction using [web3js-quorum](https://github.com/C
This limits the throughput to at most one private transaction per block when submitting from a single thread.
To increase throughput, use web3js-quorum from multiple concurrent threads or processes.
### Colocate Besu and Tessera
### Co-locate Besu and Tessera
Besu has to talk to its local Tessera node frequently while handling a block.
While we do not recommend running them on the same node, minimizing the latency between Besu and Tessera will improve block processing times.

@ -13,13 +13,13 @@ description: Create and manage privacy groups with Hyperledger Besu
Hyperledger Besu-extended privacy provides JSON-RPC API methods for creating and managing privacy
groups:
* [`priv_createPrivacyGroup`](../../Reference/API-Methods.md#priv_createprivacygroup)
* [`priv_findPrivacyGroup`](../../Reference/API-Methods.md#priv_findprivacygroup)
* [`priv_deletePrivacyGroup`](../../Reference/API-Methods.md#priv_deleteprivacygroup).
* [`priv_createPrivacyGroup`](../../reference/api/index.md#priv_createprivacygroup)
* [`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup)
* [`priv_deletePrivacyGroup`](../../reference/api/index.md#priv_deleteprivacygroup).
!!! tip
You can find and delete
[EEA-compliant privacy groups](../../Concepts/Privacy/Privacy-Groups.md) using
[`priv_findPrivacyGroup`](../../Reference/API-Methods.md#priv_findprivacygroup) and
[`priv_deletePrivacyGroup`](../../Reference/API-Methods.md#priv_deleteprivacygroup).
[EEA-compliant privacy groups](../../concepts/privacy/privacy-groups.md) using
[`priv_findPrivacyGroup`](../../reference/api/index.md#priv_findprivacygroup) and
[`priv_deletePrivacyGroup`](../../reference/api/index.md#priv_deleteprivacygroup).

@ -2,11 +2,11 @@
description: How to sign a privacy marker transaction with Hyperledger Besu
---
# Signing privacy marker transactions
# Sign privacy marker transactions
You can sign privacy marker transactions with either a random key or a specified key. To sign
You can sign privacy marker transactions (PMTs) with either a random key or a specified key. To sign
privacy marker transactions with a specified private key, use
[`--privacy-marker-transaction-signing-key-file`](../../Reference/CLI/CLI-Syntax.md#privacy-marker-transaction-signing-key-file)
[`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file)
when starting Hyperledger Besu.
!!! note
@ -18,23 +18,23 @@ when starting Hyperledger Besu.
In networks where you pay gas, you must specify a key and the associated account must contain
adequate funds.
In [free gas networks](../../HowTo/Configure/FreeGas.md), to provide further anonymity by signing
In [free gas networks](../configure/free-gas.md), to provide further anonymity by signing
each privacy marker transaction with a different random key, exclude the
[`--privacy-marker-transaction-signing-key-file`](../../Reference/CLI/CLI-Syntax.md#privacy-marker-transaction-signing-key-file)
[`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file)
command line option when starting Besu.
!!! caution "Using account permissioning and privacy"
You cannot use [Account permissioning] with random key signing.
You can't use [account permissioning] with random key signing.
If using account permissioning and privacy, a signing key must be specified using the
[`--privacy-marker-transaction-signing-key-file`](../../Reference/CLI/CLI-Syntax.md#privacy-marker-transaction-signing-key-file)
[`--privacy-marker-transaction-signing-key-file`](../../reference/cli/options.md#privacy-marker-transaction-signing-key-file)
command line option and the corresponding public key included in the accounts allowlist.
!!! note
Besu signs privacy marker transactions during the
[private transaction process](../../Concepts/Privacy/Private-Transaction-Processing.md).
[private transaction process](../../concepts/privacy/private-transactions/processing.md).
<!-- Links -->
[Account permissioning]: ../../Concepts/Permissioning/Permissioning-Overview.md#account-permissioning
[account permissioning]: ../../concepts/permissioning/index.md#account-permissioning

@ -10,22 +10,21 @@ description: Running ConsenSys Quorum Tessera with Hyperledger Besu
Read our [Orion to Tessera migration guide](https://docs.orion.consensys.net/en/latest/Tutorials/Migrating-from-Orion-to-Tessera/)
and about all the [new Tessera features](https://consensys.net/blog/quorum/tessera-the-privacy-manager-of-choice-for-consensys-quorum-networks).
To enable [privacy functionality](../../Concepts/Privacy/Privacy-Overview.md) in production
To enable [privacy functionality](../../concepts/privacy/index.md) in production
systems, [Tessera](https://docs.tessera.consensys.net/) must be [highly available](#high-availability)
and [run in a separate instance](#separate-instances) to Hyperledger Besu.
![Besu-Tessera-High-Availability](../../images/Besu-Tessera-High-Availability.png)
![Besu-Tessera-High-Availability](../../../images/Besu-Tessera-High-Availability.png)
!!! note
You can also [configure Besu for high availability](../Configure/Configure-HA/High-Availability.md) using load
balancers.
You can also [configure Besu for high availability] using load balancers.
## High availability
Privacy requires you to [configure Tessera for high availability].
Tessera also requires [`orion` mode](https://docs.tessera.consensys.net/en/stable/HowTo/Configure/Orion-Mode/)
to be enabled if **not** running Besu in [GoQuorum compatible privacy mode](../../HowTo/Use-Privacy/Use-GoQuorum-compatible-privacy.md).
to be enabled if **not** running Besu in [GoQuorum compatible privacy mode](goquorum-compatible.md).
To successfully distribute a private transaction, all private transaction participants must be
online. If any participants are offline when submitting the private transaction, the transaction is

@ -2,7 +2,7 @@
description: web3js-quorum client library
---
# web3js-quorum client library
# Use the web3js-quorum client library
The [web3js-quorum library](https://github.com/ConsenSys/web3js-quorum) adds a property to your web3
instance by extending [web3](https://github.com/ethereum/web3.js/). Use the library to create and
@ -35,8 +35,8 @@ npm install web3js-quorum
Initialize your client where:
* `<JSON-RPC HTTP endpoint>` is the JSON-RPC HTTP endpoint of your Hyperledger Besu node. Specified
by the [`--rpc-http-host`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-host) and
[`--rpc-http-port`](../../../Reference/CLI/CLI-Syntax.md#rpc-http-port) command line options.
by the [`--rpc-http-host`](../../../public-networks/reference/cli/options.md#rpc-http-host) and
[`--rpc-http-port`](../../../public-networks/reference/cli/options.md#rpc-http-port) command line options.
!!! example
@ -60,7 +60,7 @@ Initialize your client where:
When migrating from web3js-eea to web3js-quorum, use `Web3Quorum`. The constructor doesn't require the chain ID anymore.
Chain ID is automatically retrieved from the chain using the specified JSON-RPC HTTP endpoint.
## Deploying a contract with `generateAndSendRawTransaction`
## Deploy a contract with `generateAndSendRawTransaction`
To deploy a private contract, you need the contract binary. You can use
[Solidity](https://solidity.readthedocs.io/en/develop/using-the-compiler.html) to get the

@ -0,0 +1,21 @@
---
description: Private networks overview
---
# Hyperledger Besu for private networks
You can use Besu to develop enterprise applications requiring secure, high-performance transaction
processing in a private network.
A private network is a network not connected to Ethereum Mainnet or an Ethereum testnet.
Private networks typically use a different [chain ID](../public-networks/concepts/network-and-chain-id.md) and
proof of authority consensus ([QBFT](how-to/configure/consensus/qbft.md),
[IBFT 2.0](how-to/configure/consensus/ibft.md), or [Clique](how-to/configure/consensus/clique.md)).
You can also [create a local development network](tutorials/ethash.md) using proof of work (Ethash).
Besu supports enterprise features including [privacy](concepts/privacy/index.md) and
[permissioning](concepts/permissioning/index.md).
Get started with the [Developer Quickstart](tutorials/quickstart.md) to rapidly generate local
blockchain networks.

@ -9,7 +9,7 @@ network. Hyperledger Besu also provides predefined accounts for use in developme
## Development mode
When you start Besu with the [`--network=dev`](CLI/CLI-Syntax.md#network) command line option, Besu
When you start Besu with the [`--network=dev`](../../public-networks/reference/cli/options.md#network) command line option, Besu
uses the `dev.json` genesis file by default.
The `dev.json` genesis file defines the following accounts used for testing.
@ -23,4 +23,4 @@ network. For an example of how to define accounts in the genesis file, see
[`dev.json`](https://github.com/hyperledger/besu/blob/750580dcca349d22d024cc14a8171b2fa74b505a/config/src/main/resources/dev.json).
To start Besu with the genesis file defining the existing accounts, use the
[`--genesis-file`](CLI/CLI-Syntax.md#genesis-file) command line option .
[`--genesis-file`](../../public-networks/reference/cli/options.md#genesis-file) command line option .

File diff suppressed because it is too large Load Diff

@ -0,0 +1,55 @@
---
description: Hyperledger Besu private network API objects reference
---
# Private network API objects
The following objects are parameters for or returned by Besu private network API methods.
!!! attention
This reference contains API objects that apply to only private networks.
For API objects that apply to both private and public networks, see the
[public network API objects reference](../../../public-networks/reference/api/objects.md).
## Private transaction object
Returned by [`priv_getPrivateTransaction`](index.md#priv_getprivatetransaction).
| Key | Type | Value |
|-----|:----:|-------|
| **from** | Data, 20&nbsp;bytes | Address of the sender. |
| **gas** | Quantity | Gas provided by the sender. |
| **gasPrice** | Quantity | Gas price, in Wei, provided by the sender. |
| **input** | Data | The data to create or invoke a contract. |
| **nonce** | Quantity | Number of transactions made by the sender to the privacy group before this one. |
| **to** | Data, 20&nbsp;bytes | `null` if a contract creation transaction, otherwise, the contract address. |
| **value** | Quantity | `null` because private transactions cannot transfer Ether. |
| **v** | Quantity | ECDSA Recovery ID. |
| **r** | Data, 32&nbsp;bytes | ECDSA signature r. |
| **s** | Data, 32&nbsp;bytes | ECDSA signature s. |
| **privateFrom** | Data, 32&nbsp;bytes | [Tessera](https://docs.tessera.consensys.net/) public key of the sender. |
| **privateFor** | Array of Data, 32&nbsp;bytes each | [Tessera](https://docs.tessera.consensys.net/) public keys of recipients. Not returned if using `privacyGroupId` to [send the transaction](../../../private-networks/concepts/privacy/privacy-groups.md#privacy-types). |
| **privacyGroupId** | Data, 32&nbsp;bytes | [Tessera](https://docs.tessera.consensys.net/) privacy group ID of recipients. Not returned if using `privateFor` to [send the transaction](../../../private-networks/concepts/privacy/privacy-groups.md#privacy-types). |
| **restriction** | String | Must be [`restricted`](../../../private-networks/concepts/privacy/private-transactions/index.md). |
## Private transaction receipt object
Returned by [`priv_getTransactionReceipt`](index.md#priv_gettransactionreceipt).
| Key | Type | Value |
|-----|:----:|-------|
| **blockHash** | Data, 32&nbsp;bytes | Hash of block containing this transaction. |
| **blockNumber** | Quantity | Block number of block containing this transaction. |
| **contractAddress** | Data, 20&nbsp;bytes | Contract address created if a contract creation transaction, otherwise, `null`. A failed contract creation transaction still produces a contract address value. |
| **from** | Data, 20&nbsp;bytes | Address of the sender. |
| **logs** | Array | Array of [log objects](#log-object) generated by this private transaction. |
| **to** | Data, 20&nbsp;bytes | Address of the receiver, if sending ether, otherwise, null. |
| **transactionIndex** | Quantity, Integer | Index position of transaction in the block. |
| **revertReason** | String | ABI-encoded string that displays the [reason for reverting the transaction](../../../private-networks/how-to/send-transactions/revert-reason.md). Only available if revert reason is [enabled](../cli/options.md#revert-reason-enabled). |
| **output** | Data | RLP-encoded return value of a contract call if a value returns, otherwise, `null`. |
| **commitmentHash** | Data, 32&nbsp;bytes | Hash of the privacy marker transaction. |
| **status** | Quantity | Either `0x1` (success) or `0x0` (failure). |
| **privateFrom** | Data, 32&nbsp;bytes | [Tessera](https://docs.tessera.consensys.net/) public key of the sender. |
| **privateFor** or **privacyGroupId** | Array or Data, 32&nbsp;bytes | [Tessera](https://docs.tessera.consensys.net/) public keys or privacy group ID of the recipients. |
| **logsBloom** | Data, 256&nbsp;bytes | Bloom filter for light clients to quickly retrieve related logs. |

@ -0,0 +1,640 @@
---
description: Hyperledger Besu private networks CLI reference
---
# Private network command line options
This reference describes the syntax of the Hyperledger Besu private network command line interface
(CLI) options.
!!! attention
This reference contains options that apply to only private networks.
For options that apply to both private and public networks, see the
[public network options reference](../../../public-networks/reference/cli/options.md).
## Specify options
You can specify Besu options:
* On the command line.
```bash
besu [OPTIONS] [SUBCOMMAND]
```
* As an environment variable.
For each command line option, the equivalent environment variable is:
* Uppercase.
* `_` replaces `-`.
* Has a `BESU_` prefix.
For example, set `--miner-coinbase` using the `BESU_MINER_COINBASE` environment variable.
* In a [configuration file](../../../public-networks/how-to/configuration-file.md).
If you specify an option in more than one place, the order of priority is command line, environment
variable, configuration file.
If using Bash or Z shell, you can view option suggestions by entering `--` and pressing the Tab key twice.
```bash
besu --Tab+Tab
```
## Options
### `permissions-accounts-config-file`
=== "Syntax"
```bash
--permissions-accounts-config-file=<FILE>
```
=== "Example"
```bash
--permissions-accounts-config-file=/home/me/me_configFiles/myPermissionsFile
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_ACCOUNTS_CONFIG_FILE=/home/me/me_configFiles/myPermissionsFile
```
=== "Configuration file"
```bash
permissions-accounts-config-file="/home/me/me_configFiles/myPermissionsFile"
```
The [accounts permissions configuration file]. The default is the `permissions_config.toml` file in
the [data directory](../../../public-networks/reference/cli/options.md#data-path).
!!! tip
`--permissions-accounts-config-file` and
[`--permissions-nodes-config-file`](#permissions-nodes-config-file) can use the same file.
### `permissions-accounts-config-file-enabled`
=== "Syntax"
```bash
--permissions-accounts-config-file-enabled[=<true|false>]
```
=== "Example"
```bash
--permissions-accounts-config-file-enabled=true
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_ACCOUNTS_CONFIG_FILE_ENABLED=true
```
=== "Configuration file"
```bash
permissions-accounts-config-file-enabled=true
```
Enables or disables file-based account level permissions. The default is `false`.
### `permissions-accounts-contract-address`
=== "Syntax"
```bash
--permissions-accounts-contract-address=<ContractAddress>
```
=== "Example"
```bash
--permissions-accounts-contract-address=xyz
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_ACCOUNTS_CONTRACT_ADDRESS=xyz
```
=== "Configuration file"
```bash
permissions-accounts-contract-address=xyz
```
The contract address for
[onchain account permissioning](../../concepts/permissioning/onchain.md).
### `permissions-accounts-contract-enabled`
=== "Syntax"
```bash
--permissions-accounts-contract-enabled[=<true|false>]
```
=== "Example"
```bash
--permissions-accounts-contract-enabled=true
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_ACCOUNTS_CONTRACT_ENABLED=true
```
=== "Configuration file"
```bash
permissions-accounts-contract-enabled=true
```
Enables or disables contract-based
[onchain account permissioning](../../concepts/permissioning/onchain.md). The default
is `false`.
### `permissions-nodes-config-file`
=== "Syntax"
```bash
--permissions-nodes-config-file=<FILE>
```
=== "Example"
```bash
--permissions-nodes-config-file=/home/me/me_configFiles/myPermissionsFile
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_NODES_CONFIG_FILE=/home/me/me_configFiles/myPermissionsFile
```
=== "Configuration file"
```bash
permissions-nodes-config-file="/home/me/me_configFiles/myPermissionsFile"
```
The [nodes permissions configuration file]. The default is the `permissions_config.toml` file in
the [data directory](../../../public-networks/reference/cli/options.md#data-path).
!!! tip
`--permissions-nodes-config-file` and
[`--permissions-accounts-config-file`](#permissions-accounts-config-file) can use the same
file.
### `permissions-nodes-config-file-enabled`
=== "Syntax"
```bash
--permissions-nodes-config-file-enabled[=<true|false>]
```
=== "Example"
```bash
--permissions-nodes-config-file-enabled=true
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_NODES_CONFIG_FILE_ENABLED=true
```
=== "Configuration file"
```bash
permissions-nodes-config-file-enabled=true
```
Enables or disables file-based node level permissions. The default is `false`.
### `permissions-nodes-contract-address`
=== "Syntax"
```bash
--permissions-nodes-contract-address=<ContractAddress>
```
=== "Example"
```bash
--permissions-nodes-contract-address=xyz
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_NODES_CONTRACT_ADDRESS=xyz
```
=== "Configuration file"
```bash
permissions-nodes-contract-address=xyz
```
The contract address for
[onchain node permissioning](../../concepts/permissioning/onchain.md).
### `permissions-nodes-contract-enabled`
=== "Syntax"
```bash
--permissions-nodes-contract-enabled[=<true|false>]
```
=== "Example"
```bash
--permissions-nodes-contract-enabled=true
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_NODES_CONTRACT_ENABLED=true
```
=== "Configuration file"
```bash
permissions-nodes-contract-enabled=true
```
Enables or disables contract-based
[onchain node permissioning](../../concepts/permissioning/onchain.md). The default is
`false`.
### `permissions-nodes-contract-version`
=== "Syntax"
```bash
--permissions-nodes-contract-version=<ContractVersion>
```
=== "Example"
```bash
--permissions-nodes-contract-version=2
```
=== "Environment variable"
```bash
BESU_PERMISSIONS_NODES_CONTRACT_VERSION=2
```
=== "Configuration file"
```bash
permissions-nodes-contract-version=2
```
Version of the EEA [node permissioning interface](../../how-to/use-permissioning/onchain.md#specify-the-permissioning-contract-interface-version).
The default is 1.
### `privacy-enabled`
=== "Syntax"
```bash
--privacy-enabled[=<true|false>]
```
=== "Example"
```bash
--privacy-enabled=false
```
=== "Environment variable"
```bash
BESU_PRIVACY_ENABLED=false
```
=== "Configuration file"
```bash
privacy-enabled=false
```
Enables or disables [private transactions](../../concepts/privacy/index.md). The default
is `false`.
!!! important
Using private transactions with [pruning](../../../public-networks/concepts/data-storage-formats.md)
or [fast sync](../../../public-networks/reference/cli/options.md#sync-mode) is not supported.
### `privacy-marker-transaction-signing-key-file`
=== "Syntax"
```bash
--privacy-marker-transaction-signing-key-file=<FILE>
```
=== "Example"
```bash
--privacy-marker-transaction-signing-key-file=/home/me/me_node/myPrivateKey
```
=== "Environment variable"
```bash
BESU_PRIVACY_MARKER_TRANSACTION_SIGNING_KEY_FILE=/home/me/me_node/myPrivateKey
```
=== "Configuration file"
```bash
privacy-marker-transaction-signing-key-file="/home/me/me_node/myPrivateKey"
```
`<FILE>` is the name of the private key file used to
[sign privacy marker transactions](../../how-to/use-privacy/sign-pmts.md).
!!! note
This can be the same file used by [`--node-private-key-file`](../../../public-networks/reference/cli/options.md#node-private-key-file),
or a different key file to identify who signed the privacy marker transaction.
You must specify this option if you're using:
* a privacy network where you pay gas. Also, the associated account must contain adequate funds.
* [account permissioning] and privacy. You must include the corresponding public key in the
accounts allowlist.
If you do not specify this option (for example, in a free gas network), Besu signs each transaction
with a different randomly generated key.
### `privacy-multi-tenancy-enabled`
=== "Syntax"
```bash
--privacy-multi-tenancy-enabled[=<true|false>]
```
=== "Example"
```bash
--privacy-multi-tenancy-enabled=false
```
=== "Environment variable"
```bash
BESU_PRIVACY_MULTI_TENANCY_ENABLED=false
```
=== "Configuration file"
```bash
privacy-multi-tenancy-enabled=false
```
Enables or disables [multi-tenancy](../../concepts/privacy/multi-tenancy.md) for private
transactions. The default is `false`.
### `privacy-flexible-groups-enabled`
=== "Syntax"
```bash
--privacy-flexible-groups-enabled[=<true|false>]
```
=== "Example"
```bash
--privacy-flexible-groups-enabled=true
```
=== "Environment variable"
```bash
BESU_PRIVACY_FLEXIBLE_GROUPS_ENABLED=true
```
=== "Configuration file"
```bash
privacy-flexible-groups-enabled=true
```
Enables or disables [flexible privacy groups](../../concepts/privacy/flexible-privacy.md). The default is `false`.
Deprecated syntax for this option is `--privacy-onchain-groups-enabled`.
### `privacy-public-key-file`
=== "Syntax"
```bash
--privacy-public-key-file=<privacyPublicKeyFile>
```
=== "Example"
```bash
--privacy-public-key-file=Tessera/nodeKey.pub
```
=== "Environment variable"
```bash
BESU_PRIVACY_PUBLIC_KEY_FILE=Tessera/nodeKey.pub
```
=== "Configuration file"
```bash
privacy-public-key-file="Tessera/nodeKey.pub"
```
The [public key of the Tessera node](https://docs.tessera.consensys.net/).
!!! important
You cannot specify `privacy-public-key-file` when
[`--privacy-multi-tenancy-enabled`](#privacy-multi-tenancy-enabled) is `true`
### `privacy-tls-enabled`
=== "Syntax"
```bash
--privacy-tls-enabled[=<true|false>]
```
=== "Example"
```bash
--privacy-tls-enabled=false
```
=== "Environment variable"
```bash
BESU_PRIVACY_TLS_ENABLED=false
```
=== "Configuration file"
```bash
privacy-tls-enabled=false
```
Enables or disables [TLS on communication with the private transaction manager]. The default is
false.
### `privacy-tls-keystore-file`
=== "Syntax"
```bash
--privacy-tls-keystore-file=<FILE>
```
=== "Example"
```bash
--privacy--keystore-file=/home/me/me_node/key
```
=== "Environment variable"
```bash
BESU_PRIVACY_TLS_KEYSTORE_FILE=/home/me/me_node/key
```
=== "Configuration file"
```bash
privacy-tls-keystore-file="/home/me/me_node/key"
```
The keystore file (in PKCS #12 format) containing the private key and the certificate presented
during authentication.
You must specify `privacy-tls-keystore-file` if [`--privacy-tls-enabled`](#privacy-tls-enabled) is
`true`.
### `privacy-tls-keystore-password-file`
=== "Syntax"
```bash
--privacy-tls-keystore-password-file=<FILE>
```
=== "Example"
```bash
--privacy-tls-keystore-password-file=/home/me/me_node/password
```
=== "Environment variable"
```bash
BESU_PRIVACY_TLS_KEYSTORE_PASSWORD_FILE=/home/me/me_node/password
```
=== "Configuration file"
```bash
privacy-tls-keystore-password-file="/home/me/me_node/password"
```
The path to the file containing the password to decrypt the keystore.
### `privacy-tls-known-enclave-file`
=== "Syntax"
```bash
--privacy-tls-known-enclave-file=<FILE>
```
=== "Example"
```bash
--privacy-tls-known-enclave-file=/home/me/me_node/knownEnclave
```
=== "Environment variable"
```bash
BESU_PRIVACY_TLS_KNOWN_ENCLAVE_FILE=/home/me/me_node/knownEnclave
```
=== "Configuration file"
```bash
privacy-tls-known-enclave-file="/home/me/me_node/knownEnclave"
```
The path to the file containing the hostnames, ports, and SHA256 certificate fingerprints of the
[authorized privacy enclave](../../how-to/configure/tls/client-and-server.md#create-the-known-servers-file).
### `privacy-url`
=== "Syntax"
```bash
--privacy-url=<privacyUrl>
```
=== "Example"
```bash
--privacy-url=http://127.0.0.1:8888
```
=== "Environment variable"
```bash
BESU_PRIVACY_URL=http://127.0.0.1:8888
```
=== "Configuration file"
```bash
privacy-url="http://127.0.0.1:8888"
```
The URL on which the
[Tessera node](../../tutorials/privacy/index.md#3-create-tessera-configuration-files) is
running.
<!-- Links -->
[accounts permissions configuration file]: ../../how-to/use-permissioning/local.md#permissions-configuration-file
[nodes permissions configuration file]: ../../how-to/use-permissioning/local.md#permissions-configuration-file
[account permissioning]: ../../concepts/permissioning/index.md#account-permissioning
[TLS on communication with the private transaction manager]: ../../concepts/privacy/index.md#private-transaction-manager

@ -0,0 +1,139 @@
---
description: Hyperledger Besu command line interface subcommands
---
# Private network subcommands
This reference describes the syntax of the Hyperledger Besu private network command line interface
(CLI) subcommands.
!!! attention
This reference contains subcommands that apply to only private networks.
For subcommands that apply to both private and public networks, see the
[public network subcommands reference](../../../public-networks/reference/cli/subcommands.md).
To start a Besu node using subcommands, run:
```bash
besu [OPTIONS] [SUBCOMMAND] [SUBCOMMAND OPTIONS]
```
If using Bash or Z shell, you can view subcommand suggestions by pressing the Tab key twice.
```bash
besu Tab+Tab
```
## `operator`
Provides operator actions.
### `generate-blockchain-config`
=== "Syntax"
```bash
besu operator generate-blockchain-config --config-file=<FILE> --to=<DIRECTORY> [--genesis-file-name=<FILE>] [--private-key-file-name=<FILE>] [--public-key-file-name=<FILE>]
```
=== "Example"
```bash
besu operator generate-blockchain-config --config-file=config.json --to=myNetworkFiles
```
Generates an
[IBFT 2.0](../../how-to/configure/consensus/ibft.md#genesis-file) or
[QBFT](../../how-to/configure/consensus/qbft.md#genesis-file) genesis file.
The configuration file has two nested JSON nodes.
The first is the `genesis` property defining the IBFT 2.0 or QBFT genesis file, except for the
`extraData` string.
The second is the `blockchain` property defining the number of key pairs to generate.
## `rlp`
Provides RLP related actions.
### `encode`
=== "Syntax"
```bash
besu rlp encode [--from=<FILE>] [--to=<FILE>] [--type=<type>]
```
=== "File example"
```bash
besu rlp encode --from=ibft_extra_data.json --to=extra_data_for_ibft_genesis.txt --type=IBFT_EXTRA_DATA
```
=== "Standard input/output example"
```bash
cat extra_data.json | besu rlp encode > rlp.txt
```
Encodes the RLP hexadecimal string for use in an [IBFT 2.0](../../how-to/configure/consensus/ibft.md#genesis-file)
or [QBFT](../../how-to/configure/consensus/qbft.md#genesis-file) genesis file.
The default type is `IBFT_EXTRA_DATA`.
Supported types are:
* `IBFT_EXTRA_DATA` - The IBFT 2.0 genesis file includes the `IBFT_EXTRA_DATA` type in the
[`extraData`](../../how-to/configure/consensus/ibft.md#extra-data) property.
* `QBFT_EXTRA_DATA` - The QBFT genesis file includes the `QBFT_EXTRA_DATA` type in the
[`extraData`](../../how-to/configure/consensus/qbft.md#extra-data) property.
???+ summary "IBFT 2.0 extra data"
To generate the RLP encoded `extraData` string, specify a JSON input that is an array of
validator addresses in ascending order.
??? tip "JSON Schema for IBFT_EXTRA_DATA"
Use the following JSON Schema to validate that your JSON data is well formed.
To validate your JSON content, use an online validation tool, such as
[JSON Schema Validator](https://www.jsonschemavalidator.net/).
```json
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "http://org.hyperledger.besu/cli_rlp_ibft_extra_data.json",
"type": "array",
"definitions": {},
"title": "IBFT extra data",
"description":"JSON format used as input to generate an IBFT extra data RLP string",
"items": {
"$id": "#/address",
"type": "string",
"title": "Validator address",
"description":"The validator node address",
"default": "",
"examples": [
"be068f726a13c8d46c44be6ce9d275600e1735a4",
"5ff6f4b66a46a2b2310a6f3a93aaddc0d9a1c193"
],
"pattern":"^([0-9a-f]{40})$"
}
}
```
!!! example "Example IBFT_EXTRA_DATA encoding"
=== "JSON input"
```json
[
"be068f726a13c8d46c44be6ce9d275600e1735a4",
"5ff6f4b66a46a2b2310a6f3a93aaddc0d9a1c193"
]
```
=== "RLP output"
```
0xf853a00000000000000000000000000000000000000000000000000000000000000000ea94be068f726a13c8d46c44be6ce9d275600e1735a4945ff6f4b66a46a2b2310a6f3a93aaddc0d9a1c193808400000000c0
```

@ -0,0 +1,22 @@
---
description: private networks reference overview
---
# Reference
This section provides reference material for private network features.
The following features and resources are shared with [public networks](../../public-networks/index.md)
and the content can be found in the public networks section:
- Besu command line:
- [Standard options](../../public-networks/reference/cli/options.md)
- [Standard subcommands](../../public-networks/reference/cli/subcommands.md)
- Besu API:
- [Standard Besu API methods](../../public-networks/reference/api/index.md)
- [Standard Besu API objects](../../public-networks/reference/api/objects.md)
- [Genesis file items](../../public-networks/reference/genesis-items.md)
- [EVM tool options](../../public-networks/reference/evm-tool.md)
- [Transaction trace types](../../public-networks/reference/trace-types.md)
- [Projects using Besu](../../public-networks/reference/projects-using-besu.md)
- [Security disclosure policy](../../public-networks/reference/disclosure.md)

@ -4,7 +4,7 @@ description: Plugin interfaces
# Plugin API interfaces
API interfaces in Hyperledger Besu allow users to [build plugins](../Concepts/Plugins.md) to
API interfaces in Hyperledger Besu allow users to [build plugins](../concepts/plugins.md) to
extend Besu functionality, such as the [Quorum Besu plugins](https://doc.quorumplugins.consensys.net/en/latest/Concepts/Besu-Plugins/Event-Streams/).
For more information about the available interfaces, see the
@ -59,4 +59,4 @@ the `https://hyperledger.jfrog.io/hyperledger/besu-maven` repository and the `pl
The `start` step can be ignored and your plugin module will be instantiated when
the command line interface is parsed and available.
[privacy marker transactions]: ../Concepts/Privacy/Private-Transaction-Processing.md
[privacy marker transactions]: ../concepts/privacy/private-transactions/processing.md

@ -21,9 +21,9 @@ endpoint `http://<VM_IP>/jsonrpc`.
The following is a high-level overview of the deployed network.
![Image landing](../images/sampleNetworks-poa.png)
![Image landing](../../images/sampleNetworks-poa.png)
## Deploying
## Deploy
To deploy the private network example on Azure:
@ -34,12 +34,12 @@ To deploy the private network example on Azure:
1. Click **Get It Now** and **Continue**.
The Quickstart landing page is displayed.
![Image landing](../images/mp_0_landing.png)
![Image landing](../../images/mp_0_landing.png)
1. Click **Create**.
The **Basics** page is displayed.
![Image basics](../images/mp_1_basics.png)
![Image basics](../../images/mp_1_basics.png)
1. Enter:
@ -68,7 +68,7 @@ To deploy the private network example on Azure:
To display the block explorer, open a new tab and enter either the IP of the VM or the DNS name.
![Image be](../images/mp_8_block_explorer.png)
![Image be](../../images/mp_8_block_explorer.png)
## Metrics
@ -80,12 +80,12 @@ To display the dashboard:
1. Click on home and select the Besu dashboard.
![Grafana screenshot](../images/mp_9_grafana.png)
![Grafana screenshot](../../images/mp_9_grafana.png)
The dashboard provides a visual way to monitor your network and nodes as the chain progresses.
Alerting can also be configured.
## Connecting to VM RPC endpoint
## Connect to VM RPC endpoint
You can connect dapps or develop directly from the IDE by using VSCode and connecting to the VM RPC endpoint.
The endpoint is the DNS name appended with `/jsonrpc`: `http://<DNS_NAME_OF_VM>/jsonrpc`.
@ -102,6 +102,6 @@ ssh username@<DNS_NAME_OF_VM>
To list all containers running, run `docker ps`.
Find the complete setup in `/home/<username>/besu-quickstart`.
![Image ssh](../images/mp_10_ssh.png)
![Image ssh](../../images/mp_10_ssh.png)
[Quorum Dev Quickstart on Azure Marketplace]: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/consensys.quorum-dev-quickstart

@ -2,7 +2,7 @@
description: Hyperledger Besu private network using the Clique (proof of authority) consensus protocol
---
# Create a private network using the Clique (proof of authority) consensus protocol
# Create a private network using Clique
A private network provides a configurable network for testing. This private network uses the
[Clique (proof of authority) consensus protocol].
@ -14,7 +14,7 @@ A private network provides a configurable network for testing. This private netw
## Prerequisites
* [Hyperledger Besu](../../HowTo/Get-Started/Installation-Options/Install-Binaries.md)
* [Hyperledger Besu](../get-started/install/binary-distribution.md)
* [Curl (or similar webservice client)](https://curl.haxx.se/download.html).
## Steps
@ -24,7 +24,7 @@ Listed on the right-hand side of the page are the steps to create a private netw
### 1. Create directories
Each node requires a data directory for the blockchain data. When the node starts, Besu saves the
[node key](../../Concepts/Node-Keys.md) in this directory.
[node key](../../public-networks/concepts/node-keys.md) in this directory.
Create directories for your private network, each of the three nodes, and a data directory for each
node:
@ -46,7 +46,7 @@ file. For this Clique network, we'll use Node-1 as the initial signer. This requ
address for Node-1.
To get the address for Node-1, in the `Node-1` directory, use the
[`public-key export-address`](../../Reference/CLI/CLI-Subcommands.md#export-address) subcommand to
[`public-key export-address`](../../public-networks/reference/cli/subcommands.md#export-address) subcommand to
write the node address to the specified file (`node1Address` in this example).
=== "MacOS"
@ -65,7 +65,7 @@ write the node address to the specified file (`node1Address` in this example).
The genesis file defines the genesis block of the blockchain (that is, the start of the
blockchain). The
[Clique genesis file](../../HowTo/Configure/Consensus-Protocols/Clique.md#genesis-file) includes
[Clique genesis file](../how-to/configure/consensus/clique.md#genesis-file) includes
the address of Node-1 as the initial signer in the `extraData` field.
All nodes in a network must use the same genesis file.
@ -113,11 +113,12 @@ Copy the following genesis definition to a file called `cliqueGenesis.json` and
!!! note
We recommend specifying the latest [milestone](../../Reference/Config-Items.md#milestone-blocks) when creating the configuration file for a private network.
We recommend specifying the latest [milestone](../../public-networks/reference/genesis-items.md#milestone-blocks) when creating
the genesis file for a private network.
This ensures you are using the most up-to-date protocol and have access to the most recent opcodes.
In `extraData`, replace `<Node 1 Address>` with the
[address for Node-1](#2-get-address-for-node-1), excluding the 0x prefix.
[address for Node-1](#2-get-the-address-for-node-1), excluding the 0x prefix.
!!! example
@ -153,15 +154,15 @@ Start Node-1:
The command line enables:
* The JSON-RPC API using the
[`--rpc-http-enabled`](../../Reference/CLI/CLI-Syntax.md#rpc-http-enabled) option
[`--rpc-http-enabled`](../../public-networks/reference/cli/options.md#rpc-http-enabled) option
* The ETH, NET, and CLIQUE APIs using the
[`--rpc-http-api`](../../Reference/CLI/CLI-Syntax.md#rpc-http-api) option
[`--rpc-http-api`](../../public-networks/reference/cli/options.md#rpc-http-api) option
* All-host access to the HTTP JSON-RPC API using the
[`--host-allowlist`](../../Reference/CLI/CLI-Syntax.md#host-allowlist) option
[`--host-allowlist`](../../public-networks/reference/cli/options.md#host-allowlist) option
* All-domain access to the node through the HTTP JSON-RPC API using the
[`--rpc-http-cors-origins`](../../Reference/CLI/CLI-Syntax.md#rpc-http-cors-origins) option
[`--rpc-http-cors-origins`](../../public-networks/reference/cli/options.md#rpc-http-cors-origins) option
When the node starts, the [enode URL](../../Concepts/Node-Keys.md#enode-url) displays.
When the node starts, the [enode URL](../../public-networks/concepts/node-keys.md#enode-url) displays.
Copy the enode URL to specify Node-1 as the bootnode in the following steps.
![Node 1 Enode URL](../../images/EnodeStartup.png)
@ -186,14 +187,14 @@ enode URL copied when starting Node-1 as the bootnode:
The command line specifies:
* A different port to Node-1 for P2P discovery using the
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option.
[`--p2p-port`](../../public-networks/reference/cli/options.md#p2p-port) option.
* A different port to Node-1 for HTTP JSON-RPC using the
[`--rpc-http-port`](../../Reference/CLI/CLI-Syntax.md#rpc-http-port) option.
[`--rpc-http-port`](../../public-networks/reference/cli/options.md#rpc-http-port) option.
* The enode URL of Node-1 using the
[`--bootnodes`](../../Reference/CLI/CLI-Syntax.md#bootnodes) option.
[`--bootnodes`](../../public-networks/reference/cli/options.md#bootnodes) option.
* The data directory for Node-2 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
* Other options as for [Node-1](#5-start-first-node-as-bootnode).
[`--data-path`](../../public-networks/reference/cli/options.md#data-path) option.
* Other options as for [Node-1](#4-start-the-first-node-as-the-bootnode).
### 6. Start Node-3
@ -215,18 +216,18 @@ enode URL copied when starting Node-1 as the bootnode:
The command line specifies:
* A different port to Node-1 and Node-2 for P2P discovery using the
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option.
[`--p2p-port`](../../public-networks/reference/cli/options.md#p2p-port) option.
* A different port to Node-1 and Node-2 for HTTP JSON-RPC using the
[`--rpc-http-port`](../../Reference/CLI/CLI-Syntax.md#rpc-http-port) option.
[`--rpc-http-port`](../../public-networks/reference/cli/options.md#rpc-http-port) option.
* The data directory for Node-3 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
* The bootnode as for [Node-2](#6-start-node-2)
* Other options as for [Node-1](#5-start-first-node-as-bootnode).
[`--data-path`](../../public-networks/reference/cli/options.md#data-path) option.
* The bootnode as for [Node-2](#5-start-node-2).
* Other options as for [Node-1](#4-start-the-first-node-as-the-bootnode).
### 7. Confirm the private network is working
Start another terminal, use curl to call the JSON-RPC API
[`net_peerCount`](../../Reference/API-Methods.md#net_peercount) method and confirm the nodes are
[`net_peerCount`](../../public-networks/reference/api/index.md#net_peercount) method and confirm the nodes are
functioning as peers:
```bash
@ -253,15 +254,14 @@ Use the [Clique API to add] Node-2 or Node-3 as a signer.
!!! note
To add Node-2 or Node-3 as a signer you need the
[node address as when specifying Node-1](#2-get-address-for-node-1) as the initial signer.
[node address as when specifying Node-1](#2-get-the-address-for-node-1) as the initial signer.
Import accounts to MetaMask and send transactions, as described in the
[Quickstart tutorial](../Developer-Quickstart.md#create-a-transaction-using-metamask).
[Quickstart tutorial](quickstart.md#create-a-transaction-using-metamask).
!!! info
Besu does not support
[private key management](../../HowTo/Send-Transactions/Account-Management.md).
Besu doesn't support [private key management](../../public-networks/how-to/send-transactions.md).
## Stop the nodes
@ -270,8 +270,8 @@ When finished using the private network, stop all nodes using ++ctrl+c++ in each
!!!tip
To restart the Clique network in the future, start from
[4. Start First Node as Bootnode](#4-start-first-node-as-bootnode).
[4. Start First Node as Bootnode](#4-start-the-first-node-as-the-bootnode).
<!-- Links -->
[Clique (proof of authority) consensus protocol]: ../../HowTo/Configure/Consensus-Protocols/Clique.md
[Clique API to add]: ../../HowTo/Configure/Consensus-Protocols/Clique.md#adding-and-removing-signers
[Clique (proof of authority) consensus protocol]: ../how-to/configure/consensus/clique.md
[Clique API to add]: ../how-to/configure/consensus/clique.md#add-and-remove-signers

@ -2,18 +2,18 @@
description: deploying smart contracts
---
# Deploying smart contracts to an Ethereum chain
# Deploy smart contracts to an Ethereum chain
This tutorial shows you how to deploy smart contracts as transactions to a network.
## Prerequisites
This tutorial requires a local blockchain network.
You can use the [Developer Quickstart](../Developer-Quickstart.md) to rapidly generate one.
You can use the [Developer Quickstart](../quickstart.md) to rapidly generate one.
If deploying a private contract, enable privacy on the network (public contracts can also be deployed on privacy-enabled
networks).
## Using `eth_sendSignedTransaction`
## Use `eth_sendSignedTransaction`
To deploy a smart contract using
[`eth_sendSignedTransaction`](https://web3js.readthedocs.io/en/v1.2.0/web3-eth.html#sendsignedtransaction), use an
@ -30,7 +30,7 @@ smart contract as an example, create a new file called `compile.js` with the fol
```js
const fs = require('fs').promises;
const solc = require('solc');
async function main() {
// Load the contract source code
const sourceCode = await fs.readFile('SimpleStorage.sol', 'utf8');
@ -40,7 +40,7 @@ smart contract as an example, create a new file called `compile.js` with the fol
const artifact = JSON.stringify({ abi, bytecode }, null, 2);
await fs.writeFile('SimpleStorage.json', artifact);
}
function compile(sourceCode, contractName) {
// Create the Solidity Compiler Standard Input and Output JSON
const input = {
@ -56,7 +56,7 @@ smart contract as an example, create a new file called `compile.js` with the fol
bytecode: artifact.evm.bytecode.object,
};
}
main().then(() => process.exit(0));
```
@ -85,7 +85,7 @@ The Developer Quickstart provides an [example of a public transaction script](ht
// use an existing account, or make an account
const privateKey = "0x8f2a55949038a9610f50fb23b5883af3b4ecb3c3bb792cbcefbd1542c692be63";
const account = web3.eth.accounts.privateKeyToAccount(privateKey);
// read in the contracts
const contractJsonPath = path.resolve(__dirname, 'SimpleStorage.json');
const contractJson = JSON.parse(fs.readFileSync(contractJsonPath));
@ -94,10 +94,10 @@ The Developer Quickstart provides an [example of a public transaction script](ht
const contractBin = fs.readFileSync(contractBinPath);
// initialize the default constructor with a value `47 = 0x2F`; this value is appended to the bytecode
const contractConstructorInit = "000000000000000000000000000000000000000000000000000000000000002F";
// get txnCount for the nonce value
const txnCount = await web3.eth.getTransactionCount(account.address);
const rawTxOptions = {
nonce: web3.utils.numberToHex(txnCount),
from: account.address,
@ -138,7 +138,7 @@ node public_tx.js
This example code creates the transaction `tx`, signs it with the private key of the account, serializes it, then calls
`eth_sendSignedTransaction` to deploy the contract.
## Using `eth_sendTransaction`
## Use `eth_sendTransaction`
You can use [`eth_sendTransaction`](https://ethereum.github.io/execution-apis/api-documentation) as an alternative to `eth_sendSignedTransaction`.
However, Hyperledger Besu does not support the `eth_sendTransaction` API call and keeps account management separate for
@ -146,13 +146,13 @@ stronger security.
Configure [EthSigner](https://docs.ethsigner.consensys.net/en/stable/) with your Besu node to make the
`eth_sendTransaction` API call.
An example can be found in the [Developer Quickstart](../Developer-Quickstart.md) where the RPC node is paired with EthSigner.
An example can be found in the [Developer Quickstart](../quickstart.md) where the RPC node is paired with EthSigner.
Refer to the [EthSigner documentation](https://docs.ethsigner.consensys.net/) for configuration details.
Pass the following parameters to the
[`eth_sendTransaction`](https://docs.ethsigner.consensys.net/Reference/API-Methods/#eth_sendtransaction) call
to EthSigner; EthSigner then converts the request to an
[`eth_sendRawTransaction`](../../Reference/API-Methods.md#eth_sendrawtransaction) call that Besu uses:
[`eth_sendRawTransaction`](../../../public-networks/reference/api/index.md#eth_sendrawtransaction) call that Besu uses:
* `to` - address of the receiver. To deploy a contract, set to `null`.
* `from` - address of the sender account. For example `0x9b790656b9ec0db1936ed84b3bea605873558198`.
@ -184,11 +184,11 @@ Make the request using `eth_sendTransaction`:
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_sendTransaction","params":[{"from":"0x9b790656b9ec0db1936ed84b3bea605873558198", "to":null, "gas":"0x7600","gasPrice":"0x9184e72a000", "data":"0x608060405234801561001057600080fd5b5060405161014d38038061014d8339818101604052602081101561003357600080fd5b8101908080519060200190929190505050806000819055505060f38061005a6000396000f3fe6080604052348015600f57600080fd5b5060043610603c5760003560e01c80632a1afcd914604157806360fe47b114605d5780636d4ce63c146088575b600080fd5b604760a4565b6040518082815260200191505060405180910390f35b608660048036036020811015607157600080fd5b810190808035906020019092919050505060aa565b005b608e60b4565b6040518082815260200191505060405180910390f35b60005481565b8060008190555050565b6000805490509056fea2646970667358221220e6966e446bd0af8e6af40eb0d8f323dd02f771ba1f11ae05c65d1624ffb3c58264736f6c63430007060033"}], "id":1}' <JSON-RPC-endpoint:port>
```
## Using `eea_sendRawTransaction` for private contracts with web3js-quorum
## Use `eea_sendRawTransaction` for private contracts with web3js-quorum
To deploy a private contract to another node or [privacy group](../../Concepts/Privacy/Privacy-Groups.md) member, use the
To deploy a private contract to another node or [privacy group](../../concepts/privacy/privacy-groups.md) member, use the
[web3js-quorum](https://www.npmjs.com/package/web3js-quorum) library and
the [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) API call.
the [`eea_sendRawTransaction`](../../../public-networks/reference/api/index.md#eea_sendrawtransaction) API call.
You must use this API call instead of [`eth_sendTransaction`](https://ethereum.github.io/execution-apis/api-documentation) because Hyperledger Besu
keeps account management separate for stronger security.
@ -206,15 +206,15 @@ by running the following commands in a JavaScript console, or by including them
```js
const Web3 = require('web3');
const Web3Quorum = require('web3js-quorum');
const bytecode="608060405234801561001057600080fd5b5060405161014d38038061014d8339818101604052602081101561003357600080fd5b8101908080519060200190929190505050806000819055505060f38061005a6000396000f3fe6080604052348015600f57600080fd5b5060043610603c5760003560e01c80632a1afcd914604157806360fe47b114605d5780636d4ce63c146088575b600080fd5b604760a4565b6040518082815260200191505060405180910390f35b608660048036036020811015607157600080fd5b810190808035906020019092919050505060aa565b005b608e60b4565b6040518082815260200191505060405180910390f35b60005481565b8060008190555050565b6000805490509056fea2646970667358221220e6966e446bd0af8e6af40eb0d8f323dd02f771ba1f11ae05c65d1624ffb3c58264736f6c63430007060033";
// initialize the default constructor with a value `47 = 0x2F`; this value is appended to the bytecode
const contractConstructorInit = "000000000000000000000000000000000000000000000000000000000000002F";
const chainId = 1337;
const web3 = new Web3(clientUrl);
const web3quorum = new Web3Quorum(web3, chainId);
const txOptions = {
data: '0x'+bytecode+contractConstructorInit,
privateKey: fromPrivateKey,
@ -224,7 +224,7 @@ by running the following commands in a JavaScript console, or by including them
console.log("Creating contract...");
const txHash = await web3quorum.priv.generateAndSendRawTransaction(txOptions);
console.log("Getting contractAddress from txHash: ", txHash);
const privateTxReceipt = await web3quorum.priv.waitForTransactionReceipt(txHash);
console.log("Private Transaction Receipt: ", privateTxReceipt);
return privateTxReceipt;
@ -244,23 +244,23 @@ the contract's address.
This example doesn't use a privacy group and makes a simple node-to-node transaction.
To use a privacy group:
* Create the privacy group using the public keys of the nodes in the group.
* Specify the `privacyGroupId` instead of the `privateFor` option in the txOptions above and then send the transaction.
The Developer Quickstart provides an
[example of a private transaction with a privacy group](https://github.com/ConsenSys/quorum-dev-quickstart/blob/b72a0f64d685c851bf8be399a8e33bbdf0e09982/files/besu/smart_contracts/privacy/scripts/private_tx_privacy_group.js).
## Using `eea_sendRawTransaction` for private contracts with web3js-eea
## Use `eea_sendRawTransaction` for private contracts with web3js-eea
!!! warning
This web3js-eea library will be deprecated on December 31, 2021.
Please use the [web3js-quorum](https://www.npmjs.com/package/web3js-quorum) library instead and refer to the previous section.
To deploy a private contract to another [privacy group](../../Concepts/Privacy/Privacy-Groups.md) member, use the
To deploy a private contract to another [privacy group](../../concepts/privacy/privacy-groups.md) member, use the
[web3js-quorum](https://consensys.github.io/web3js-quorum/latest/index.html) library and
the [`eea_sendRawTransaction`](../../Reference/API-Methods.md#eea_sendrawtransaction) API call.
the [`eea_sendRawTransaction`](../../../public-networks/reference/api/index.md#eea_sendrawtransaction) API call.
You must use this API call instead of [`eth_sendTransaction`](https://ethereum.github.io/execution-apis/api-documentation) because Hyperledger Besu
keeps account management separate for stronger security.
@ -277,11 +277,11 @@ Use `eea_sendRawTransaction` by running the following commands in a JavaScript c
```js
const Web3 = require('web3');
const EEAClient = require('web3-eea');
const bytecode="608060405234801561001057600080fd5b5060405161014d38038061014d8339818101604052602081101561003357600080fd5b8101908080519060200190929190505050806000819055505060f38061005a6000396000f3fe6080604052348015600f57600080fd5b5060043610603c5760003560e01c80632a1afcd914604157806360fe47b114605d5780636d4ce63c146088575b600080fd5b604760a4565b6040518082815260200191505060405180910390f35b608660048036036020811015607157600080fd5b810190808035906020019092919050505060aa565b005b608e60b4565b6040518082815260200191505060405180910390f35b60005481565b8060008190555050565b6000805490509056fea2646970667358221220e6966e446bd0af8e6af40eb0d8f323dd02f771ba1f11ae05c65d1624ffb3c58264736f6c63430007060033";
// initialize the default constructor with a value `47 = 0x2F`; this value is appended to the bytecode
const contractConstructorInit = "000000000000000000000000000000000000000000000000000000000000002F";
const web3 = new Web3(clientUrl);
const web3eea = new EEAClient(web3, 1337);
const txOptions = {
@ -293,7 +293,7 @@ Use `eea_sendRawTransaction` by running the following commands in a JavaScript c
console.log("Creating contract...");
const txHash = await web3eea.eea.sendRawTransaction(txOptions);
console.log("Getting contractAddress from txHash: ", txHash);
const privateTxReceipt = await web3.priv.getTransactionReceipt(txHash, fromPublicKey);
// console.log("Private Transaction Receipt: ", privateTxReceipt);
return privateTxReceipt;

@ -2,16 +2,16 @@
description: calling smart contracts functions
---
# Interacting with deployed smart contracts
# Interact with deployed smart contracts
You can get started with the [Developer Quickstart](../Developer-Quickstart.md) to rapidly generate
You can get started with the [Developer Quickstart](../quickstart.md) to rapidly generate
local blockchain networks.
This tutorial shows you how to interact with smart contracts that have been deployed to a network.
## Prerequisites
* A network with a deployed smart contract as in the [deploying smart contracts tutorial](Deploying-Contracts.md)
* A network with a deployed smart contract as in the [deploying smart contracts tutorial](index.md)
## Interact with public contracts
@ -49,7 +49,7 @@ of these calls can be found in the [Developer Quickstart].
To perform a read operation, you need the address that the contract was deployed to and the contract's ABI.
The contract's ABI can be obtained from compiling the contract; see the
[deploying smart contracts tutorial](Deploying-Contracts.md) for an example.
[deploying smart contracts tutorial](index.md) for an example.
Use the [`web3.eth.Contract`](https://web3js.readthedocs.io/en/v1.3.4/web3-eth-contract.html) object to create a new
instance of the smart contract, then make the `get` function call from the contract's list of methods, which will return the value stored:
@ -172,4 +172,4 @@ async function setValueAtAddress(clientUrl, address, value, contractAbi, fromPri
To verify that a value has been updated, perform a `get` call after a `set` update call.
[Developer Quickstart]: ../Developer-Quickstart.md
[Developer Quickstart]: ../quickstart.md

@ -2,22 +2,22 @@
description: funds transfer transactions
---
# Transferring funds between accounts in a transaction
# Transfer funds between accounts in a transaction
You can get started with the [Developer Quickstart](../Developer-Quickstart.md) to rapidly generate
You can get started with the [Developer Quickstart](../quickstart.md) to rapidly generate
local blockchain networks.
This tutorial shows you how to transfer funds (ETH) between accounts in a transaction.
## Prerequisites
* A [private network](../Developer-Quickstart.md)
* A [private network](../quickstart.md)
## Using `eth_sendSignedTransaction`
## Use `eth_sendSignedTransaction`
The simplest way to transfer funds between externally-owned accounts is using
[`eth_sendSignedTransaction`](https://web3js.readthedocs.io/en/v1.2.11/web3-eth.html#sendsignedtransaction).
This example uses `eth_sendSignedTransaction` and one of the [test accounts](../../Reference/Accounts-for-Testing.md)
This example uses `eth_sendSignedTransaction` and one of the [test accounts](../../reference/accounts-for-testing.md)
to transfer funds to a newly created account.
!!! critical "Do not use the test accounts on Ethereum Mainnet or any production network."
@ -80,7 +80,7 @@ console.log("Account B has an updatedbalance of: " + accountBBalance);
A [full example](https://github.com/ConsenSys/quorum-dev-quickstart/blob/1e8cc281098923802845cd829ec20c88513c2e1c/files/besu/smart_contracts/privacy/scripts/eth_tx.js)
can be found in the Developer Quickstart.
## Using `eth_sendTransaction`
## Use `eth_sendTransaction`
An alternative to using `eth_sendSignedTransaction` is
[`eth_sendTransaction`](https://web3js.readthedocs.io/en/v1.2.11/web3-eth.html#sendtransaction).
@ -88,7 +88,7 @@ However, Hyperledger Besu does not support the `eth_sendTransaction` API call an
management separate for stronger security. Instead, Besu uses
[EthSigner](https://docs.ethsigner.consensys.net/en/stable/) to make the `eth_sendTransaction` API call.
An example can be found in the [Developer Quickstart](../Developer-Quickstart.md) where the RPC
An example can be found in the [Developer Quickstart](../quickstart.md) where the RPC
node is paired with EthSigner. Refer to the
[EthSigner documentation](https://docs.ethsigner.consensys.net/en/stable/) configuration details.

@ -2,7 +2,7 @@
description: Hyperledger Besu private network using Ethash (proof of work) Consensus Protocol tutorial
---
# Create a private network using the Ethash (proof of work) consensus protocol
# Create a private network using Ethash
A private network provides a configurable network for testing. By configuring a low difficulty and
enabling mining, this allows for fast block creation.
@ -17,7 +17,7 @@ public testnets.
## Prerequisites
* [Hyperledger Besu](../../HowTo/Get-Started/Installation-Options/Install-Binaries.md)
* [Hyperledger Besu](../get-started/install/binary-distribution.md)
* [Curl (or similar webservice client)](https://curl.haxx.se/download.html).
## Steps
@ -27,7 +27,7 @@ Listed on the right-hand side of the page are the steps to create a private netw
### 1. Create directories
Each node requires a data directory for the blockchain data. When the node starts, Besu saves the
[node key](../../Concepts/Node-Keys.md) in this directory.
[node key](../../public-networks/concepts/node-keys.md) in this directory.
Create directories for your private network, each of the three nodes, and a data directory for each
node:
@ -49,7 +49,7 @@ blockchain). The genesis file includes entries for configuring the blockchain, s
difficulty and initial accounts and balances.
All nodes in a network must use the same genesis file. The
[network ID](../../Concepts/NetworkID-And-ChainID.md) defaults to the `chainID` in the genesis
[network ID](../../public-networks/concepts/network-and-chain-id.md) defaults to the `chainID` in the genesis
file. The `fixeddifficulty` enables fast block mining.
Copy the following genesis definition to a file called `privateNetworkGenesis.json` and save it in
@ -84,12 +84,13 @@ the `Private-Network` directory:
!!! note
We recommend specifying the latest [milestone](../../Reference/Config-Items.md#milestone-blocks) when creating the configuration file for a private network.
We recommend specifying the latest [milestone](../../public-networks/reference/genesis-items.md#milestone-blocks) when creating
the genesis file for a private network.
This ensures you are using the most up-to-date protocol and have access to the most recent opcodes.
!!! warning
Do not use the accounts in `alloc` in the genesis file on Mainnet or any public network except
Don't use the accounts in `alloc` in the genesis file on Mainnet or any public network except
for testing. The private keys display, which means the accounts are not secure.
### 3. Start the first node as a bootnode
@ -111,20 +112,20 @@ Start Node-1:
The command line enables:
* Mining and specifies the account to pay mining rewards to using the
[`--miner-enabled`](../../Reference/CLI/CLI-Syntax.md#miner-enabled) and
[`--miner-coinbase`](../../Reference/CLI/CLI-Syntax.md#miner-coinbase) options.
* JSON-RPC API using the [`--rpc-http-enabled`](../../Reference/CLI/CLI-Syntax.md#rpc-http-enabled)
[`--miner-enabled`](../../public-networks/reference/cli/options.md#miner-enabled) and
[`--miner-coinbase`](../../public-networks/reference/cli/options.md#miner-coinbase) options.
* JSON-RPC API using the [`--rpc-http-enabled`](../../public-networks/reference/cli/options.md#rpc-http-enabled)
option.
* All-host access to the HTTP JSON-RPC API using the
[`--host-allowlist`](../../Reference/CLI/CLI-Syntax.md#host-allowlist) option.
[`--host-allowlist`](../../public-networks/reference/cli/options.md#host-allowlist) option.
* All-domain access to the node through the HTTP JSON-RPC API using the
[`--rpc-http-cors-origins`](../../Reference/CLI/CLI-Syntax.md#rpc-http-cors-origins) option.
[`--rpc-http-cors-origins`](../../public-networks/reference/cli/options.md#rpc-http-cors-origins) option.
!!! info
The miner coinbase account is one of the accounts defined in the genesis file.
When the node starts, the [enode URL](../../Concepts/Node-Keys.md#enode-url) displays. Copy the
When the node starts, the [enode URL](../../public-networks/concepts/node-keys.md#enode-url) displays. Copy the
enode URL to specify Node-1 as the bootnode in the following steps.
![Node 1 Enode URL](../../images/EnodeStartup.png)
@ -149,11 +150,11 @@ enode URL copied when starting Node-1 as the bootnode:
The command line specifies:
* A different port to Node-1 for P2P discovery using the
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option.
[`--p2p-port`](../../public-networks/reference/cli/options.md#p2p-port) option.
* The enode URL of Node-1 using the
[`--bootnodes`](../../Reference/CLI/CLI-Syntax.md#bootnodes) option.
[`--bootnodes`](../../public-networks/reference/cli/options.md#bootnodes) option.
* A data directory for Node-2 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
[`--data-path`](../../public-networks/reference/cli/options.md#data-path) option.
* A genesis file as for Node-1.
### 5. Start Node-3
@ -177,13 +178,13 @@ The command line specifies:
* A different port to Node-1 and Node-2 for P2P discovery.
* A data directory for Node-3 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
[`--data-path`](../../public-networks/reference/cli/options.md#data-path) option.
* A bootnode and genesis file as for Node-2.
### 6. Confirm the private network is working
Start another terminal, use curl to call the JSON-RPC API
[`net_peerCount`](../../Reference/API-Methods.md#net_peercount) method and confirm the nodes are
[`net_peerCount`](../../public-networks/reference/api/index.md#net_peercount) method and confirm the nodes are
functioning as peers:
```bash
@ -204,20 +205,19 @@ Node-3):
## Next steps
Import accounts to MetaMask and send transactions as described in the
[Quickstart tutorial](../Developer-Quickstart.md#create-a-transaction-using-metamask).
[Quickstart tutorial](quickstart.md#create-a-transaction-using-metamask).
!!! info
Besu does not support
[private key management](../../HowTo/Send-Transactions/Account-Management.md).
Besu doesn't support [private key management](../../public-networks/how-to/send-transactions.md).
Send transactions using `eth_sendRawTransaction` to
[send ether or, deploy or invoke contracts](../../HowTo/Send-Transactions/Transactions.md).
[send ether or, deploy or invoke contracts](../how-to/send-transactions/index.md).
Use the [JSON-RPC API](../../HowTo/Interact/APIs/Using-JSON-RPC-API.md).
Use the [JSON-RPC API](../../public-networks/how-to/use-besu-api/json-rpc.md).
Start a node with the [`--rpc-ws-enabled`](../../Reference/CLI/CLI-Syntax.md#rpc-ws-enabled) option
and use the [RPC Pub/Sub API](../../HowTo/Interact/APIs/RPC-PubSub.md).
Start a node with the [`--rpc-ws-enabled`](../../public-networks/reference/cli/options.md#rpc-ws-enabled) option
and use the [RPC Pub/Sub API](../../public-networks/how-to/use-besu-api/rpc-pubsub.md).
## Stop the nodes

@ -2,10 +2,10 @@
description: Hyperledger Besu private network using the IBFT 2.0 (Proof of Authority) consensus protocol
---
# Create a private network using the IBFT 2.0 (proof of authority) consensus protocol
# Create a private network using IBFT 2.0
A private network provides a configurable network for testing. This private network uses the
[IBFT 2.0 (proof of authority) consensus protocol](../../HowTo/Configure/Consensus-Protocols/IBFT.md).
[IBFT 2.0 (proof of authority) consensus protocol](../../how-to/configure/consensus/ibft.md).
!!!important
@ -17,7 +17,7 @@ A private network provides a configurable network for testing. This private netw
## Prerequisites
* [Hyperledger Besu](../../HowTo/Get-Started/Installation-Options/Install-Binaries.md)
* [Hyperledger Besu](../../get-started/install/binary-distribution.md)
* [Curl (or similar webservice client)](https://curl.haxx.se/download.html).
## Steps
@ -47,7 +47,7 @@ IBFT-Network/
### 2. Create a configuration file
The configuration file defines the
[IBFT 2.0 genesis file](../../HowTo/Configure/Consensus-Protocols/IBFT.md#genesis-file) and the
[IBFT 2.0 genesis file](../../how-to/configure/consensus/ibft.md#genesis-file) and the
number of node key pairs to generate.
The configuration file has two nested JSON nodes. The first is the `genesis` property defining
@ -105,7 +105,8 @@ in the `IBFT-Network` directory:
!!! note
We recommend specifying the latest [milestone](../../Reference/Config-Items.md#milestone-blocks) when creating the configuration file for a private network.
We recommend specifying the latest [milestone](../../../public-networks/reference/genesis-items.md#milestone-blocks)
when creating the configuration file for a private network.
This ensures you are using the most up-to-date protocol and have access to the most recent opcodes.
!!! warning
@ -196,20 +197,20 @@ In the `Node-1` directory, start Node-1:
The command line:
* Specifies the data directory for Node-1 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
[`--data-path`](../../../public-networks/reference/cli/options.md#data-path) option.
* Enables the JSON-RPC API using the
[`--rpc-http-enabled`](../../Reference/CLI/CLI-Syntax.md#rpc-http-enabled) option.
[`--rpc-http-enabled`](../../../public-networks/reference/cli/options.md#rpc-http-enabled) option.
* Enables the ETH, NET, and IBFT APIs using the
[`--rpc-http-api`](../../Reference/CLI/CLI-Syntax.md#rpc-http-api) option.
[`--rpc-http-api`](../../../public-networks/reference/cli/options.md#rpc-http-api) option.
* Enables all-host access to the HTTP JSON-RPC API using the
[`--host-allowlist`](../../Reference/CLI/CLI-Syntax.md#host-allowlist) option.
[`--host-allowlist`](../../../public-networks/reference/cli/options.md#host-allowlist) option.
* Enables all-domain access to the node through the HTTP JSON-RPC API using the
[`--rpc-http-cors-origins`](../../Reference/CLI/CLI-Syntax.md#rpc-http-cors-origins) option.
[`--rpc-http-cors-origins`](../../../public-networks/reference/cli/options.md#rpc-http-cors-origins) option.
When the node starts, the [enode URL](../../Concepts/Node-Keys.md#enode-url) displays. Copy the
When the node starts, the [enode URL](../../../public-networks/concepts/node-keys.md#enode-url) displays. Copy the
enode URL to specify Node-1 as the bootnode in the following steps.
![Node 1 Enode URL](../../images/EnodeStartup.png)
![Node 1 Enode URL](../../../images/EnodeStartup.png)
### 7. Start Node-2
@ -231,13 +232,13 @@ enode URL copied when starting Node-1 as the bootnode:
The command line specifies:
* The data directory for Node-2 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
[`--data-path`](../../../public-networks/reference/cli/options.md#data-path) option.
* A different port to Node-1 for P2P discovery using the
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option.
[`--p2p-port`](../../../public-networks/reference/cli/options.md#p2p-port) option.
* A different port to Node-1 for HTTP JSON-RPC using the
[`--rpc-http-port`](../../Reference/CLI/CLI-Syntax.md#rpc-http-port) option.
[`--rpc-http-port`](../../../public-networks/reference/cli/options.md#rpc-http-port) option.
* The enode URL of Node-1 using the
[`--bootnodes`](../../Reference/CLI/CLI-Syntax.md#bootnodes) option.
[`--bootnodes`](../../../public-networks/reference/cli/options.md#bootnodes) option.
* Other options as for [Node-1](#6-start-the-first-node-as-the-bootnode).
### 8. Start Node-3
@ -260,11 +261,11 @@ enode URL copied when starting Node-1 as the bootnode:
The command line specifies:
* The data directory for Node-3 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
[`--data-path`](../../../public-networks/reference/cli/options.md#data-path) option.
* A different port to Node-1 and Node-2 for P2P discovery using the
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option.
[`--p2p-port`](../../../public-networks/reference/cli/options.md#p2p-port) option.
* A different port to Node-1 and Node-2 for HTTP JSON-RPC using the
[`--rpc-http-port`](../../Reference/CLI/CLI-Syntax.md#rpc-http-port) option.
[`--rpc-http-port`](../../../public-networks/reference/cli/options.md#rpc-http-port) option.
* The bootnode as for [Node-2](#7-start-node-2).
* Other options as for [Node-1](#6-start-the-first-node-as-the-bootnode).
@ -288,18 +289,18 @@ enode URL copied when starting Node-1 as the bootnode:
The command line specifies:
* The data directory for Node-4 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
[`--data-path`](../../../public-networks/reference/cli/options.md#data-path) option.
* A different port to Node-1, Node-2, and Node-3 for P2P discovery using the
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option.
[`--p2p-port`](../../../public-networks/reference/cli/options.md#p2p-port) option.
* A different port to Node-1, Node-2, and Node-3 for HTTP JSON-RPC using the
[`--rpc-http-port`](../../Reference/CLI/CLI-Syntax.md#rpc-http-port) option.
[`--rpc-http-port`](../../../public-networks/reference/cli/options.md#rpc-http-port) option.
* The bootnode as for [Node-2](#7-start-node-2).
* Other options as for [Node-1](#6-start-the-first-node-as-the-bootnode).
### 10. Confirm the private network is working
Start another terminal, use curl to call the JSON-RPC API
[`ibft_getvalidatorsbyblocknumber`](../../Reference/API-Methods.md#ibft_getvalidatorsbyblocknumber)
[`ibft_getvalidatorsbyblocknumber`](../../reference/api/index.md#ibft_getvalidatorsbyblocknumber)
method and confirm the network has four validators:
```bash
@ -338,7 +339,7 @@ Look at the logs to confirm Besu is producing blocks:
```
If the keys were not copied to the correct directory, Besu creates a key when starting up:
```bash
2020-12-21 07:33:11.458+10:00 | main | INFO | KeyPairUtil | Generated new public key 0x1a4a2ade5ebc0a85572e2492e0cdf3e96b8928c75fa55b4425de8849850cf9b3a8cad1e27d98a3d3afac326a5e8788dbe6cc40249715c92825aebb28abe3e346 and stored it to <path to network>/IBFT-Network/Node-1/data/key
```
@ -348,7 +349,7 @@ Look at the logs to confirm Besu is producing blocks:
## Next steps
Use the [IBFT API](../../Reference/API-Methods.md#ibft-20-methods) to remove or add validators.
Use the [IBFT API](../../reference/api/index.md#ibft-20-methods) to remove or add validators.
!!! note
@ -360,12 +361,11 @@ Use the [IBFT API](../../Reference/API-Methods.md#ibft-20-methods) to remove or
2.0 requires four validators to be Byzantine fault tolerant.
Import accounts to MetaMask and send transactions as described in the
[Quickstart tutorial](../Developer-Quickstart.md#create-a-transaction-using-metamask).
[Quickstart tutorial](../quickstart.md#create-a-transaction-using-metamask).
!!! info
Besu does not support
[private key management](../../HowTo/Send-Transactions/Account-Management.md).
Besu doesn't support [private key management](../../../public-networks/how-to/send-transactions.md).
## Stop the nodes
@ -377,7 +377,7 @@ When finished using the private network, stop all nodes using ++ctrl+c++ in each
[6. Start First Node as Bootnode](#6-start-the-first-node-as-the-bootnode).
<!-- Links -->
[IBFT 2.0 (proof of authority)consensus protocol]: ../../HowTo/Configure/Consensus-Protocols/IBFT.md
[IBFT 2.0 (proof of authority)consensus protocol]: ../../how-to/configure/consensus/ibft.md
<!-- Acronyms and Definitions -->
*[Byzantine fault tolerant]: Ability to function correctly and reach consensus despite nodes failing or propagating incorrect information to peers.

@ -5,11 +5,11 @@ description: Adding and removing IBFT 2.0 validators
# Add and remove IBFT 2.0 validators
This example walks through
[adding and removing an IBFT 2.0 validator](../../HowTo/Configure/Consensus-Protocols/IBFT.md#add-and-remove-validators).
[adding and removing an IBFT 2.0 validator](../../how-to/configure/consensus/ibft.md#add-and-remove-validators).
## Prerequisites
* [IBFT 2.0 network as configured in the IBFT 2.0 tutorial](Create-IBFT-Network.md)
* [IBFT 2.0 network as configured in the IBFT 2.0 tutorial](index.md)
## Add a validator
@ -24,7 +24,7 @@ mkdir -p Node-5/data
### 2. Start the node
Change into the working directory for the new Node-5 and start the node, specifying the
[Node-1 enode URL](Create-IBFT-Network.md#6-start-the-first-node-as-the-bootnode) as the bootnode:
[Node-1 enode URL](index.md#6-start-the-first-node-as-the-bootnode) as the bootnode:
```bash
besu --data-path=data --genesis-file=../genesis.json --bootnodes=<Node-1 Enode URL> --p2p-port=30307 --rpc-http-enabled --rpc-http-api=ETH,NET,IBFT --host-allowlist="*" --rpc-http-cors-origins="all" --rpc-http-port=8549
@ -33,14 +33,14 @@ besu --data-path=data --genesis-file=../genesis.json --bootnodes=<Node-1 Enode U
The command line specifies:
* The data directory for Node-5 using the
[`--data-path`](../../Reference/CLI/CLI-Syntax.md#data-path) option.
[`--data-path`](../../../public-networks/reference/cli/options.md#data-path) option.
* A different port to Node-1 for P2P discovery using the
[`--p2p-port`](../../Reference/CLI/CLI-Syntax.md#p2p-port) option.
[`--p2p-port`](../../../public-networks/reference/cli/options.md#p2p-port) option.
* A different port to Node-1 for HTTP JSON-RPC using the
[`--rpc-http-port`](../../Reference/CLI/CLI-Syntax.md#rpc-http-port) option.
[`--rpc-http-port`](../../../public-networks/reference/cli/options.md#rpc-http-port) option.
* The enode URL of Node-1 using the
[`--bootnodes`](../../Reference/CLI/CLI-Syntax.md#bootnodes) option.
* Other options as for [Node-1](Create-IBFT-Network.md#6-start-the-first-node-as-the-bootnode).
[`--bootnodes`](../../../public-networks/reference/cli/options.md#bootnodes) option.
* Other options as for [Node-1](index.md#6-start-the-first-node-as-the-bootnode).
### 3. Copy the address of the node
@ -53,7 +53,7 @@ You can find the address in the logs when starting the new node:
2021-05-28 09:49:00.881+10:00 | main | INFO | DefaultP2PNetwork | Node address 0x90626e6a67445aabf1c0615410d108d4733aa90b
```
Or use the [`public-key export-address`](../../Reference/CLI/CLI-Subcommands.md#export-address) subcommand:
Or use the [`public-key export-address`](../../../public-networks/reference/cli/subcommands.md#export-address) subcommand:
!!! example
@ -72,7 +72,7 @@ Or use the [`public-key export-address`](../../Reference/CLI/CLI-Subcommands.md#
### 4. Propose adding the new validator
Propose adding the new validator from more than half the number of current validators, using
[`ibft_proposeValidatorVote`](../../Reference/API-Methods.md#ibft_proposevalidatorvote), specifying the address of the
[`ibft_proposeValidatorVote`](../../../public-networks/reference/api/index.md#ibft_proposevalidatorvote), specifying the address of the
proposed validator and `true`:
!!! example
@ -98,7 +98,7 @@ Repeat the proposal process for this candidate node from at least two of the oth
### 5. Verify the addition of the new validator
Verify that the new validator is now in the list of validators using
[`ibft_getValidatorsByBlockNumber`](../../Reference/API-Methods.md#ibft_getvalidatorsbyblocknumber):
[`ibft_getValidatorsByBlockNumber`](../../../public-networks/reference/api/index.md#ibft_getvalidatorsbyblocknumber):
!!! example
@ -120,4 +120,4 @@ The list of validators contains 5 addresses now.
The process for removing a validator is similar to [adding a validator](#add-a-validator) starting from step 2,
except you specify `false` as the second parameter of
[`ibft_proposeValidatorVote`](../../Reference/API-Methods.md#ibft_proposevalidatorvote).
[`ibft_proposeValidatorVote`](../../../public-networks/reference/api/index.md#ibft_proposevalidatorvote).

@ -3,10 +3,14 @@ title: Besu Kubernetes - Deploying Charts
description: Deploying Besu Helm Charts for a Kubernetes cluster
---
# Deploy charts
You can deploy Besu Helm charts for a Kubernetes cluster.
## Prerequisites
* Clone the [Quorum-Kubernetes](https://github.com/ConsenSys/quorum-kubernetes) repository
* A [running Kubernetes cluster](./Create-Cluster.md)
* A [running Kubernetes cluster](cluster.md)
* Install [Kubectl](https://kubernetes.io/docs/tasks/tools/)
* Install [Helm3](https://helm.sh/docs/intro/install/)
@ -88,7 +92,7 @@ This tutorial isolates groups of resources (for example, StatefulSets and Servic
The rest of this tutorial uses `besu` as the namespace,
but you're free to pick any name when deploying, as long as it's consistent across the
[infrastructure scripts](./Create-Cluster.md) and charts.
[infrastructure scripts](cluster.md) and charts.
Run the following in a terminal window:
@ -128,7 +132,7 @@ port and path to use. For example:
For production use cases, configure Grafana with one of the supported [native auth mechanisms](https://grafana.com/docs/grafana/latest/auth/).
![k8s-metrics](../../images/kubernetes-grafana.png)
![k8s-metrics](../../../images/kubernetes-grafana.png)
Optionally you can also deploy the [Elastic Stack](https://www.elastic.co/elastic-stack/) to view logs (and metrics).
@ -147,7 +151,7 @@ If you install `filebeat`, please create a `filebeat-*` index pattern in `kibana
If you use The Elastic stack for logs and metrics, please deploy `metricbeat` in a similar manner to `filebeat` and create an index pattern in
Kibana.
![k8s-elastic](../../images/kubernetes-elastic.png)
![k8s-elastic](../../../images/kubernetes-elastic.png)
To connect to Kibana or Grafana, we also need to deploy an ingress so you can access your monitoring endpoints
publicly. We use Nginx as our ingress here, and you are free to configure any ingress per your requirements.
@ -174,9 +178,9 @@ or on the command line `kubectl -n quorum get services quorum-monitoring-ingress
!!! note
We refer to the ingress here as `external-nginx` because it deals with monitoring endpoints specifically. We
also deploy a second ingress called `network-ingress` which is for the blockchain nodes only in [step 8](#8-connecting-to-the-node-from-your-local-machine-via-an-ingress)
also deploy a second ingress called `network-ingress` which is for the blockchain nodes only in [step 8](#9-connect-to-the-node-from-your-local-machine-via-an-ingress)
![`k8s-ingress-external`](../../images/kubernetes-ingress-ip.png)
![`k8s-ingress-external`](../../../images/kubernetes-ingress-ip.png)
You can view the Besu dashboard by going to:
@ -260,7 +264,7 @@ parameters in there to match your requirements. To set the number of initial val
when setting the number of validators.
One more thing to note is that when `cluster.cloudNativeServices: true` is set, the genesis job will
not add the [Quickstart](../../Tutorials/Developer-Quickstart.md) test accounts into the genesis file.
not add the [Quickstart](../quickstart.md) test accounts into the genesis file.
When you are ready deploy the chart with :
@ -272,9 +276,9 @@ helm install genesis ./charts/besu-genesis --namespace besu --create-namespace -
Once completed, view the genesis and enodes (the list of static nodes) configuration maps that every Besu node uses,
and the validator and bootnode node keys as secrets.
![k8s-genesis-configmaps](../../images/kubernetes-genesis-configmaps.png)
![k8s-genesis-configmaps](../../../images/kubernetes-genesis-configmaps.png)
![k8s-genesis-secrets](../../images/kuberenetes-genesis-secrets.png)
![k8s-genesis-secrets](../../../images/kuberenetes-genesis-secrets.png)
### 5. Deploy the bootnodes
@ -344,7 +348,7 @@ helm install bootnode-2 ./charts/besu-node --namespace besu --values ./values/bo
Once complete, you see two StatefulSets, and the two bootnodes discover themselves and peer.
Because there are no validators present yet, there are no blocks created, as seen in the following logs.
![k8s-bootnode-logs](../../images/kubernetes-bootnode-logs.png)
![k8s-bootnode-logs](../../../images/kubernetes-bootnode-logs.png)
### 6. Deploy the validators
@ -395,15 +399,15 @@ helm install validator-4 ./charts/besu-node --namespace besu --values ./values/v
Once completed, you may need to give the validators a few minutes to peer and for round changes, depending on when the
first validator was spun up, before the logs display blocks being created.
![k8s-validator-logs](../../images/kubernetes-validator-logs.png)
![k8s-validator-logs](../../../images/kubernetes-validator-logs.png)
### 7. Add/Remove additional validators to the validator pool
To add (or remove) more validators to the initial validator pool, you need to deploy a node such as an RPC node (step 8)
and then [vote](../../HowTo/Configure/Consensus-Protocols/IBFT.md#add-and-remove-validators) that node in. The vote API
and then [vote](../../how-to/configure/consensus/ibft.md#add-and-remove-validators) that node in. The vote API
call must be made on a majority of the existing pool and the new node will then become a validator.
Please refer to the [Ingress Section](#8-connecting-to-the-node-from-your-local-machine-via-an-ingress) for details on
Please refer to the [Ingress Section](#9-connect-to-the-node-from-your-local-machine-via-an-ingress) for details on
making the API calls from your local machine or equivalent.
### 8. Deploy RPC or Transaction nodes
@ -437,15 +441,15 @@ helm install member-1 ./charts/besu-node --namespace besu --values ./values/txno
Logs for `member-1` resemble the following for Tessera:
![`k8s-tx-tessera-logs`](../../images/kubernetes-tx-tessera-logs.png)
![`k8s-tx-tessera-logs`](../../../images/kubernetes-tx-tessera-logs.png)
Logs for Besu resemble the following:
![`k8s-tx-Besu-logs`](../../images/kubernetes-tx-Besu-logs.png)
![`k8s-tx-Besu-logs`](../../../images/kubernetes-tx-Besu-logs.png)
!!! note
In the examples above we use `member-1` and `rpc-1` as release names for the deployments. You can pick any release
In these examples we use `member-1` and `rpc-1` as release names for the deployments. You can pick any release
name that you'd like to use in place of those as per your requirements.
### 9. Connect to the node from your local machine via an ingress
@ -482,7 +486,7 @@ kubectl apply -f ../ingress/ingress-rules-besu.yml
Once complete, view the IP address listed under the `Ingress` section if you're using the Kubernetes Dashboard
or on the command line `kubectl -n quorum get services quorum-network-ingress-ingress-nginx-controller`.
![`k8s-ingress`](../../images/kubernetes-ingress-ip.png)
![`k8s-ingress`](../../../images/kubernetes-ingress-ip.png)
The following is an example RPC call, which confirms that the node running the JSON-RPC service is syncing:
@ -524,7 +528,7 @@ blockchain explorer. The Quorum Explorer is not recommended for use in productio
demonstration or Development purposes only. The Explorer can give an overview over the whole network, such as
querying each node on the network for node or block information, voting (add/remove) validators from the
network, demonstrating a SimpleStorage smart contract with privacy enabled, and sending transactions between
wallets as you would do in MetaMask. Please see the [Explorer](./Quorum-Explorer.md) page for details on how
wallets as you would do in MetaMask. Please see the [Explorer](quorum-explorer.md) page for details on how
to use the application.
!!! warning
@ -542,4 +546,4 @@ helm install quorum-explorer ./charts/explorer --namespace besu --values ./value
You will also need deploy the ingress (if not already done in [Monitoring](#3-deploy-the-monitoring-chart) to
access the endpoint on `http://<INGRESS_IP>/explorer`
![`k8s-explorer`](../../images/kubernetes-explorer.png)
![`k8s-explorer`](../../../images/kubernetes-explorer.png)

Some files were not shown because too many files have changed in this diff Show More

Loading…
Cancel
Save