Deploy Besu Onchain Permissioning Network

• Prerequisites
• Steps to achieve Besu OnChain Permissioning

Prerequisites

• Metamask installed.
• Truffle installed.

Steps to achieve Besu OnChain Permissioning

Step 1: Configure Besu network configuration file.

1. Edit the Besu network configuration file. Refer to the guide for detailed instructions on editing the file.

2. To enable and use onchain permissioning, set the network.permissioning.enabled parameter to true in the Besu network configuration file. Below is a sample configuration for reference:

network:
  # Network level configuration specifies the attributes required for each organization
  # to join an existing network.
  type: besu
  version: 22.10.2        # Supported Besu versions are 21.1.1, 21.10.6, 22.10.2
  # onchain permissioning - ref https://besu.hyperledger.org/en/stable/private-networks/tutorials/permissioning/onchain
  permissioning:
    enabled: false

For reference, use sample configuration defined in the network-besu.yaml file.

Step 2: Deploy Besu network.

1. Utilize the site.yaml playbook to deploy the Besu network:

   ansible-playbook platforms/shared/configuration/site.yaml --extra-vars "@path-to-besu-network-configuration-file.yaml"
   

Step 3: Clone contracts and install dependencies.

1. Clone the permissioning-smart-contracts repository:

   git clone https://github.com/ConsenSys/permissioning-smart-contracts.git
   

2. Change the directory to permissioning-smart-contracts:

   cd permissioning-smart-contracts/
   

3. Create a .env file to store environment variables with values defined based on your network configuration:

# Address of the Node Ingress contract in the genesis (ibftPermissionGenesisFile) file.
NODE_INGRESS_CONTRACT_ADDRESS=0x0000000000000000000000000000000000009999

# Address of the Account Ingress contract in the genesis (ibftPermissionGenesisFile) file.
ACCOUNT_INGRESS_CONTRACT_ADDRESS=0x0000000000000000000000000000000000008888

# Account used to deploy the permissioning contracts and become the first admin account.
BESU_NODE_PERM_ACCOUNT=<Metamask-Account-Address>

# Private key of the same account defined above, required to deploy the permissioning contracts.
BESU_NODE_PERM_KEY=<Metamask-Account-Private-Key>

# Besu uses the specified node to deploy the contracts, which is the first node in the network.
BESU_NODE_PERM_ENDPOINT=http://<organization-name>.<external-url-suffix>:<rpc-ambassador-port-number>

# The chain ID from the genesis (ibftPermissionGenesisFile) file.
CHAIN_ID=2018

# Enode URLs of permitted nodes. Specify multiple nodes (Node-1, Node-2, Node-3) as a comma-separated list.
INITIAL_ALLOWLISTED_NODES=<Enode-Address-Node-1>,<Enode-Address-Node-2>

# Addresses of initially allowed accounts. Specify multiple accounts as a comma-separated list.
INITIAL_ALLOWLISTED_ACCOUNTS=<Metamask-Account-1-Address>,<Metamask-Account-2-Address>

Step 4: Deploy the contracts.

Use the following command to deploy the contracts:

truffle migrate --reset --network besu

By following these steps, we will be able to successfully deploy a Besu Onchain Permissioning Network. Post network bootstrap permissioing smartcontract can be installed. Smartcontract installation steps can be found here