Updating nodes and accounts allowlists
Update nodes allowlist
To add a node to the Hyperledger Besu nodes allowlist:
- On the Nodes tab of the permissioning management dapp, select Add Node. The Add Node window displays.
- Enter the enode URL of the node you are adding and select Add Node.
If your node has two different IP addresses for ingress and egress (for example, if you use Kubernetes implementing a load balancer for ingress and a NAT gateway IP address for egress), add both addresses to the allowlist, using the same public key for each IP address. This will allow the node to connect.
Node allowlists support domain names in enode URLs as an experimental feature. Use the
to enable domain name support.
If using Kubernetes, enable domain name support and use the
--Xdns-update-enabled option to ensure that Besu can
connect to a container after being restarted, even if the IP address of the container changes.
To remove a node from the nodes allowlist:
- On the Nodes tab of the permissioning management dapp, hover over the row of the node you are removing. A trash can displays.
- Select the trash can.
If you add a running node, the node does not attempt to reconnect to the bootnode and
synchronize until peer discovery restarts. To add an allowlisted node as a peer without waiting
for peer discovery to restart, use
If you add the node to the allowlist before starting the node, using
admin_addPeer is not
required because peer discovery is run on node startup.
If nodes are not connecting as expected, set the log level to
and search for messages containing
Node permissioning to identify the issue.
--p2p-host command line option has been
correctly configured for all nodes with the
externally accessible address.
If you change your network configuration, you may need to update the node allowlist.
Update accounts allowlist
To add an account to the accounts allowlist:
- On the Accounts tab of the permissioning management dapp, select Add Account. The Add Account window displays.
- Enter the account address in the Account Address field and select Add Account.
To remove an account from the accounts allowlist:
- On the Accounts tab of the permissioning management dapp, hover over the row of the account you are removing. A trash can displays.
- Select the trash can.
You can add or remove admins in the same way as accounts, except on the Admins tab.