d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update documentation structure and enhance .gitignore

Browse Source 
- Added generated index files and report directories to .gitignore to prevent unnecessary tracking of transient files.
- Updated README links to reflect new documentation paths for better navigation.
- Improved documentation organization by ensuring all links point to the correct locations, enhancing user experience and accessibility.
This commit is contained in:
defiQUG
2025-12-12 21:18:55 -08:00
parent 664707d912
commit fe0365757a
106 changed files with 4666 additions and 2294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/vm/README.md Normal file
View File

@@ -0,0 +1,14 @@
# VM Documentation
This directory contains Virtual Machine (VM) related documentation.
## Contents
- **[VM Creation Procedure](VM_CREATION_PROCEDURE.md)** - Complete guide for VM creation
- **[VM Deployment Checklist](VM_DEPLOYMENT_CHECKLIST.md)** - Checklist for VM deployment
- **[VM Specifications](VM_SPECIFICATIONS.md)** - Detailed VM specifications
---
**Last Updated**: 2025-01-09

385
docs/vm/VM_CREATION_PROCEDURE.md Normal file
View File

@@ -0,0 +1,385 @@
# VM Creation Procedure - Complete Guide
**Last Updated**: 2025-12-11
**Status**: ✅ Complete with Guest Agent Configuration
---
## Overview
This document provides step-by-step procedures for creating VMs in the Sankofa Phoenix infrastructure using Crossplane and Proxmox. All procedures ensure proper QEMU Guest Agent configuration.
---
## Prerequisites
1. **Crossplane Provider Installed**
- Provider configured and connected to Proxmox
- Provider config secret created
2. **Proxmox Access**
- Valid credentials in `.env` file
- Network access to Proxmox nodes
3. **Kubernetes Access**
- `kubectl` configured
- Access to target namespace
---
## Method 1: Using Production Templates (Recommended)
### Step 1: Choose Template
Available templates in `examples/production/`:
- `basic-vm.yaml` - 2 CPU, 4Gi RAM, 50Gi disk
- `medium-vm.yaml` - 4 CPU, 8Gi RAM, 100Gi disk
- `large-vm.yaml` - 8 CPU, 16Gi RAM, 200Gi disk
### Step 2: Customize Template
**Required changes:**
- `metadata.name` - Unique VM name
- `spec.forProvider.name` - VM name in Proxmox
- `spec.forProvider.node` - Proxmox node (ml110-01 or r630-01)
- `spec.forProvider.site` - Site identifier
- `userData.users[0].ssh_authorized_keys` - Your SSH public key
**Example:**
```yaml
apiVersion: proxmox.sankofa.nexus/v1alpha1
kind: ProxmoxVM
metadata:
name: my-vm-001
namespace: default
spec:
forProvider:
node: "ml110-01"
name: "my-vm-001"
cpu: 2
memory: "4Gi"
disk: "50Gi"
# ... rest of config
userData: |
#cloud-config
users:
- name: admin
ssh_authorized_keys:
- ssh-rsa YOUR_PUBLIC_KEY_HERE
# ... rest of cloud-init
```
### Step 3: Apply Template
```bash
kubectl apply -f examples/production/basic-vm.yaml
```
### Step 4: Monitor Creation
```bash
# Watch VM status
kubectl get proxmoxvm -w
# Check events
kubectl describe proxmoxvm <vm-name>
# Check logs (if provider logs available)
kubectl logs -n crossplane-system -l app=crossplane-provider-proxmox
```
### Step 5: Verify Guest Agent
**Wait for cloud-init (1-2 minutes), then:**
```bash
# On Proxmox node
ssh root@<proxmox-node>
# Get VMID
VMID=$(qm list | grep <vm-name> | awk '{print $1}')
# Check guest agent
qm config $VMID | grep agent
qm guest exec $VMID -- systemctl status qemu-guest-agent
```
---
## Method 2: Using Crossplane Examples
### Step 1: Use Example Template
```bash
# Copy example
cp crossplane-provider-proxmox/examples/vm-example.yaml my-vm.yaml
# Edit and customize
vim my-vm.yaml
```
### Step 2: Apply
```bash
kubectl apply -f my-vm.yaml
```
### Step 3: Verify
Same as Method 1, Step 5.
---
## Method 3: Using GitOps Templates
### Step 1: Use Template
Templates in `gitops/templates/vm/`:
- `ubuntu-22.04.yaml`
- `ubuntu-20.04.yaml`
- `debian-12.yaml`
### Step 2: Render with Values
**Create values file:**
```yaml
name: my-vm
namespace: default
node: ml110-01
cpu: 2
memory: 4Gi
disk: 50Gi
site: us-sfvalley
```
**Render template:**
```bash
# Using helm or similar tool
helm template my-vm gitops/templates/vm/ubuntu-22.04.yaml -f values.yaml
```
### Step 3: Apply
```bash
kubectl apply -f rendered-template.yaml
```
---
## Guest Agent Configuration
### Automatic Configuration
**All templates include:**
- `qemu-guest-agent` package in cloud-init
- Service enablement and startup
- Verification with retry logic
- Error handling and automatic installation
**Crossplane provider automatically:**
- Sets `agent: 1` in Proxmox VM config
- Enables guest agent communication channel
### Manual Verification
**After VM creation (wait 1-2 minutes for cloud-init):**
```bash
# On Proxmox node
VMID=<vm-id>
# Check Proxmox config
qm config $VMID | grep agent
# Expected: agent: 1
# Check package
qm guest exec $VMID -- dpkg -l | grep qemu-guest-agent
# Expected: Package listed as installed
# Check service
qm guest exec $VMID -- systemctl status qemu-guest-agent
# Expected: active (running)
```
### Manual Fix (if needed)
**If guest agent not working:**
```bash
# 1. Enable in Proxmox
qm set $VMID --agent 1
# 2. Install in guest (via console/SSH)
apt-get update
apt-get install -y qemu-guest-agent
systemctl enable qemu-guest-agent
systemctl start qemu-guest-agent
# 3. Restart VM
qm shutdown $VMID # Graceful
# OR
qm stop $VMID && qm start $VMID # Force
```
---
## Post-Creation Checklist
- [ ] VM created successfully
- [ ] VM is running (`qm status <VMID>`)
- [ ] Guest agent enabled in Proxmox (`agent: 1`)
- [ ] Guest agent package installed
- [ ] Guest agent service running
- [ ] Cloud-init completed (check `/var/log/cloud-init-output.log`)
- [ ] SSH access working
- [ ] Network connectivity verified
- [ ] Time synchronization working (NTP)
- [ ] Security updates configured
---
## Troubleshooting
### VM Not Created
**Check:**
```bash
# Provider status
kubectl get providerconfig
# VM resource status
kubectl describe proxmoxvm <vm-name>
# Provider logs
kubectl logs -n crossplane-system -l app=crossplane-provider-proxmox
```
**Common issues:**
- Provider not connected
- Invalid credentials
- Resource quota exceeded
- Network connectivity issues
### VM Created But Not Starting
**Check:**
```bash
# VM status
qm status <VMID>
# VM config
qm config <VMID>
# Boot order
qm config <VMID> | grep boot
# Disk
qm config <VMID> | grep disk
```
**Common issues:**
- Missing boot disk
- Incorrect boot order
- Disk not imported
- Network configuration issues
### Guest Agent Not Working
**See:** `docs/GUEST_AGENT_COMPLETE_PROCEDURE.md`
**Quick fix:**
```bash
# Enable in Proxmox
qm set <VMID> --agent 1
# Install in guest
qm guest exec <VMID> -- apt-get install -y qemu-guest-agent
qm guest exec <VMID> -- systemctl start qemu-guest-agent
# Restart VM
qm shutdown <VMID>
```
---
## Best Practices
### 1. Always Use Templates
- Use production templates from `examples/production/`
- Templates include all required configurations
- Ensures consistency across VMs
### 2. Include Guest Agent
- All templates include guest agent configuration
- Verify after creation
- Monitor service status
### 3. Use Proper Naming
- Follow naming conventions
- Include environment/tenant identifiers
- Use descriptive names
### 4. Configure SSH Keys
- Always include SSH public keys in cloud-init
- Use `ssh_authorized_keys` in userData
- Disable password authentication
### 5. Monitor Resources
- Check resource quotas before creation
- Monitor disk usage
- Set appropriate resource limits
### 6. Document Exceptions
- Document any custom configurations
- Note any deviations from templates
- Record troubleshooting steps
---
## Related Documents
- `docs/GUEST_AGENT_COMPLETE_PROCEDURE.md` - Guest agent setup
- `docs/VM_100_GUEST_AGENT_FIXED.md` - Specific VM troubleshooting
- `examples/production/` - Production templates
- `crossplane-provider-proxmox/examples/` - Provider examples
---
## Quick Reference
**Create VM:**
```bash
kubectl apply -f examples/production/basic-vm.yaml
```
**Check status:**
```bash
kubectl get proxmoxvm
qm list
```
**Verify guest agent:**
```bash
qm config <VMID> | grep agent
qm guest exec <VMID> -- systemctl status qemu-guest-agent
```
**Access VM:**
```bash
# Get IP
qm guest exec <VMID> -- hostname -I
# SSH
ssh admin@<vm-ip>
```
---
**Last Updated**: 2025-12-11

146
docs/vm/VM_DEPLOYMENT_CHECKLIST.md Normal file
View File

@@ -0,0 +1,146 @@
# VM Deployment Checklist
## Pre-Deployment Checklist
### 1. Configuration Validation
- [ ] Run validation script
```bash
./scripts/validate-and-optimize-vms.sh
```
- [ ] Fix any errors reported
- [ ] Review warnings (may be acceptable)
### 2. Quota Verification
- [ ] Check tenant quota (if applicable)
```bash
./scripts/pre-deployment-quota-check.sh <vm-file>
```
- [ ] Verify Proxmox resources
```bash
./scripts/check-proxmox-quota-ssh.sh
```
- [ ] Ensure sufficient resources available
### 3. Image Verification
- [ ] Verify image exists on Proxmox storage
- [ ] Confirm image name matches specification
- [ ] Check image is accessible on target node
### 4. Network Configuration
- [ ] Verify network bridge exists
- [ ] Check IP address availability
- [ ] Confirm DNS configuration
### 5. Storage Verification
- [ ] Verify storage pool exists
- [ ] Check storage pool has sufficient space
- [ ] Confirm storage pool supports VM disks
## Deployment Steps
### Step 1: Validate
```bash
./scripts/validate-and-optimize-vms.sh examples/production/phoenix/dns-primary.yaml
```
### Step 2: Check Quota
```bash
./scripts/pre-deployment-quota-check.sh examples/production/phoenix/dns-primary.yaml
```
### Step 3: Deploy
```bash
kubectl apply -f examples/production/phoenix/dns-primary.yaml
```
### Step 4: Monitor
```bash
kubectl get proxmoxvm -w
kubectl describe proxmoxvm phoenix-dns-primary
```
### Step 5: Verify
```bash
# Check VM status
kubectl get proxmoxvm phoenix-dns-primary
# Check VM details
kubectl describe proxmoxvm phoenix-dns-primary
# Check controller logs
kubectl logs -n crossplane-system -l app=crossplane-provider-proxmox --tail=50
```
## Post-Deployment Verification
### VM Status
- [ ] VM is in "running" state
- [ ] VM has assigned IP address
- [ ] QEMU guest agent is active
### Service Verification
- [ ] Required services are running
- [ ] Packages are installed
- [ ] Configuration is correct
### Connectivity
- [ ] SSH access works
- [ ] Network connectivity verified
- [ ] DNS resolution works (if applicable)
## Troubleshooting
### Quota Check Fails
1. Check current quota usage
2. Reduce resource requirements
3. Request quota increase
4. Use different tenant
### VM Creation Fails
1. Check controller logs
2. Verify Proxmox connectivity
3. Check resource availability
4. Verify image exists
### Guest Agent Not Starting
1. Check VM logs
2. Verify package installation
3. Check systemd status
4. Review cloud-init logs
## Quick Reference
### Validation
```bash
./scripts/validate-and-optimize-vms.sh
```
### Quota Check
```bash
./scripts/pre-deployment-quota-check.sh
```
### Proxmox Resources
```bash
./scripts/check-proxmox-quota-ssh.sh
```
### Deploy VM
```bash
kubectl apply -f <vm-file>
```
### Check Status
```bash
kubectl get proxmoxvm -A
```
---
**Last Updated**: 2025-12-08

991
docs/vm/VM_SPECIFICATIONS.md Normal file
View File

@@ -0,0 +1,991 @@
# VM Specifications - Complete List
## Overview
This document lists all VMs that need to be created for the Sankofa infrastructure, including DevOps services, application services, and infrastructure components.
**Total VMs**: 18 (16 application VMs + 2 infrastructure VMs)
**Total Resources**: 72 CPU cores, 140 GiB RAM, 278 GiB disk
---
## Infrastructure VMs (2 VMs)
### 1. Nginx Proxy VM
- **Purpose**: DNS/SSL termination and routing between Cloudflare and publicly accessible VMs
- **Key Functions**:
- SSL/TLS termination
- Reverse proxy for backend services
- Load balancing
- DNS resolution
- Request routing
- **VM Specs**:
- **CPU**: 2 cores
- **RAM**: 4 GiB
- **Disk**: 20 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- nginx
- certbot
- python3-certbot-nginx
- ufw
- qemu-guest-agent
- curl, wget, net-tools
- **File**: `examples/production/nginx-proxy-vm.yaml`
### 2. Cloudflare Tunnel VM
- **Purpose**: Secure tunnel connection to Cloudflare for public access
- **Key Functions**:
- Cloudflare Tunnel daemon (cloudflared)
- Secure outbound connections to Cloudflare
- Tunnel configuration management
- Health monitoring
- **VM Specs**:
- **CPU**: 2 cores
- **RAM**: 4 GiB
- **Disk**: 10 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- cloudflared (installed via script)
- ufw
- qemu-guest-agent
- curl, wget, net-tools
- **File**: `examples/production/cloudflare-tunnel-vm.yaml`
---
## SMOM-DBIS-138 Application VMs (16 VMs)
### Blockchain Infrastructure (12 VMs)
#### Besu Validators (4 VMs)
- **Purpose**: Hyperledger Besu blockchain validator nodes
- **VM Specs** (per VM):
- **CPU**: 6 cores
- **RAM**: 12 GiB
- **Disk**: 20 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: smom-dbis-138
- **Instances**:
- `smom-validator-01` (validator-01.yaml)
- `smom-validator-02` (validator-02.yaml)
- `smom-validator-03` (validator-03.yaml)
- `smom-validator-04` (validator-04.yaml)
- **Total Resources**: 24 CPU cores, 48 GiB RAM, 80 GiB disk
#### Besu Sentries (4 VMs)
- **Purpose**: Hyperledger Besu sentry nodes (protect validators from direct internet exposure)
- **VM Specs** (per VM):
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 15 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: smom-dbis-138
- **Instances**:
- `smom-sentry-01` (sentry-01.yaml)
- `smom-sentry-02` (sentry-02.yaml)
- `smom-sentry-03` (sentry-03.yaml)
- `smom-sentry-04` (sentry-04.yaml)
- **Total Resources**: 16 CPU cores, 32 GiB RAM, 60 GiB disk
#### Besu RPC Nodes (4 VMs)
- **Purpose**: Hyperledger Besu RPC nodes (provide JSON-RPC API access)
- **VM Specs** (per VM):
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 10 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: smom-dbis-138
- **Instances**:
- `smom-rpc-node-01` (rpc-node-01.yaml)
- `smom-rpc-node-02` (rpc-node-02.yaml)
- `smom-rpc-node-03` (rpc-node-03.yaml)
- `smom-rpc-node-04` (rpc-node-04.yaml)
- **Total Resources**: 16 CPU cores, 32 GiB RAM, 40 GiB disk
### Application Services (4 VMs)
#### Services VM (1 VM)
- **Purpose**: Firefly and Cacti services
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 35 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: smom-dbis-138
- **Instance**: `smom-services` (services.yaml)
- **Services**:
- Firefly (blockchain application framework)
- Cacti (network monitoring)
#### Blockscout VM (1 VM)
- **Purpose**: Blockchain explorer for viewing transactions and blocks
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 12 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: smom-dbis-138
- **Instance**: `smom-blockscout` (blockscout.yaml)
#### Monitoring VM (1 VM)
- **Purpose**: Monitoring and observability stack
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 9 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: smom-dbis-138
- **Instance**: `smom-monitoring` (monitoring.yaml)
#### Management VM (1 VM) - Optional
- **Purpose**: Management and administrative tasks
- **VM Specs**:
- **CPU**: 2 cores
- **RAM**: 4 GiB
- **Disk**: 2 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: smom-dbis-138
- **Instance**: `smom-management` (management.yaml)
- **Note**: Marked as optional in deployment documentation
---
## Resource Summary by Category
### Infrastructure VMs
| Component | Count | CPU | RAM | Disk |
|-----------|-------|-----|-----|------|
| Nginx Proxy | 1 | 2 | 4 GiB | 20 GiB |
| Cloudflare Tunnel | 1 | 2 | 4 GiB | 10 GiB |
| **Subtotal** | **2** | **4** | **8 GiB** | **30 GiB** |
### SMOM-DBIS-138 Application VMs
| Component | Count | CPU | RAM | Disk |
|-----------|-------|-----|-----|------|
| Validators | 4 | 24 | 48 GiB | 80 GiB |
| Sentries | 4 | 16 | 32 GiB | 60 GiB |
| RPC Nodes | 4 | 16 | 32 GiB | 40 GiB |
| Services (Firefly/Cacti) | 1 | 4 | 8 GiB | 35 GiB |
| Blockscout | 1 | 4 | 8 GiB | 12 GiB |
| Monitoring | 1 | 4 | 8 GiB | 9 GiB |
| Management (Optional) | 1 | 2 | 4 GiB | 2 GiB |
| **Subtotal** | **16** | **68** | **132 GiB** | **238 GiB** |
### Grand Total
| Category | Count | CPU | RAM | Disk |
|----------|-------|-----|-----|------|
| Infrastructure | 2 | 4 | 8 GiB | 30 GiB |
| Application | 16 | 68 | 132 GiB | 238 GiB |
| **TOTAL** | **18** | **72** | **140 GiB** | **278 GiB** |
---
## Common Configuration
All VMs share the following common configuration:
### Base Image
- **Image**: `ubuntu-22.04-cloud`
- **OS**: Ubuntu 22.04 LTS
- **Image Size**: 691MB
- **Available on**: Both sites (ml110-01 and r630-01)
### Standard Packages
All VMs include:
- `qemu-guest-agent` - For Proxmox integration
- `curl` - HTTP client
- `wget` - File download utility
- `net-tools` - Network utilities
- `apt-transport-https` - HTTPS support for apt
- `ca-certificates` - SSL certificates
- `gnupg` - GPG for package verification
- `lsb-release` - OS release information
### User Configuration
- **User**: `admin`
- **Groups**: `sudo`
- **Shell**: `/bin/bash`
- **Sudo**: NOPASSWD access
- **SSH Key**: Pre-configured with authorized key
### Guest Agent
- QEMU Guest Agent enabled and started on boot
- 30-second verification loop with status output
- Provider sets `agent: 1` in VM config
### Network
- **Bridge**: vmbr0
- **Network**: 192.168.11.0/24
- **Sites**:
- Site 1: ml110-01 (192.168.11.10)
- Site 2: r630-01 (192.168.11.11)
### Storage
- **Storage Pool**: local-lvm (default)
- **Alternative Pools**: local, ceph-fs, ceph-rbd
---
## Deployment Order
### Phase 1: Infrastructure (Deploy First)
1. Nginx Proxy VM
2. Cloudflare Tunnel VM
### Phase 2: Blockchain Core
3. Besu Validators (4 VMs)
4. Besu Sentries (4 VMs)
5. Besu RPC Nodes (4 VMs)
### Phase 3: Application Services
6. Services VM (Firefly/Cacti)
7. Blockscout VM
8. Monitoring VM
9. Management VM (Optional)
---
## File Locations
All VM YAML files are located in:
- **Infrastructure VMs**: `examples/production/`
- `nginx-proxy-vm.yaml`
- `cloudflare-tunnel-vm.yaml`
- **SMOM-DBIS-138 VMs**: `examples/production/smom-dbis-138/`
- `validator-01.yaml` through `validator-04.yaml`
- `sentry-01.yaml` through `sentry-04.yaml`
- `rpc-node-01.yaml` through `rpc-node-04.yaml`
- `services.yaml`
- `blockscout.yaml`
- `monitoring.yaml`
- `management.yaml`
---
---
## Additional Infrastructure VMs (Recommended)
### Sankofa Phoenix Core Infrastructure VMs
#### 3. DNS Server VM (Primary)
- **Purpose**: Internal DNS resolution for sankofa.nexus and internal services
- **Key Functions**:
- Authoritative DNS for sankofa.nexus domains
- Internal service discovery
- Split DNS for internal/external resolution
- DNS caching and forwarding
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 50 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- bind9 (DNS server)
- bind9utils
- dnsutils
- ufw
- qemu-guest-agent
- curl, wget, net-tools
- **DNS Zones**:
- sankofa.nexus (authoritative)
- *.sankofa.nexus (wildcard)
- Internal service discovery
- **File**: `examples/production/phoenix/dns-primary.yaml`
#### 4. DNS Server VM (Secondary)
- **Purpose**: Secondary DNS server for redundancy and high availability
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 50 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: infrastructure
- **Pre-installed Packages**: Same as DNS Primary
- **File**: `examples/production/phoenix/dns-secondary.yaml`
#### 5. Email Server VM (Sankofa Mail)
- **Purpose**: Sankofa-branded email server for organizational email
- **Key Functions**:
- SMTP/IMAP/POP3 services
- Email authentication (SPF, DKIM, DMARC)
- Webmail interface
- Email filtering and antivirus
- Calendar and contacts (CalDAV/CardDAV)
- Business email routing
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 16 GiB
- **Disk**: 200 GiB (for mail storage)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- postfix (SMTP server)
- dovecot-core dovecot-imapd dovecot-pop3d (IMAP/POP3)
- opendkim (DKIM signing)
- opendmarc (DMARC validation)
- spamassassin (spam filtering)
- clamav (antivirus)
- roundcube or rainloop (webmail)
- ufw
- qemu-guest-agent
- **Email Domains**:
- @sankofa.nexus
- @phoenix.sankofa.nexus
- **File**: `examples/production/phoenix/email-server.yaml`
#### 5a. AS4 Gateway VM (Business Document Exchange)
- **Purpose**: AS4 (Application Server 4) gateway for secure B2B document exchange
- **Key Functions**:
- AS4 protocol implementation (ebMS 3.0)
- Secure message exchange (SOAP/WS-Security)
- Digital signatures and encryption
- Message reliability (receipts, acknowledgments)
- Trading partner management
- Message routing and transformation
- Compliance with EU eDelivery AS4 profile
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 16 GiB
- **Disk**: 500 GiB (for message storage and archives)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- docker.io
- docker-compose
- java-11-openjdk (for AS4 implementations)
- openssl
- xmlsec1 (XML security)
- ufw
- qemu-guest-agent
- **Recommended Software**:
- **Option 1**: Holodeck B2B (open source AS4 implementation)
- **Option 2**: AS4 Gateway (commercial)
- **Option 3**: Hermes4AS4 (Java-based)
- **Standards Support**:
- AS4 (OASIS ebMS 3.0)
- WS-Security
- X.509 certificates
- S/MIME
- EU eDelivery AS4 profile
- **File**: `examples/production/phoenix/as4-gateway.yaml`
#### 5b. Business Integration Gateway VM (Phoenix Logic Apps)
- **Purpose**: Workflow automation and integration platform (Azure Logic Apps equivalent)
- **Key Functions**:
- Visual workflow designer
- API integration and orchestration
- Business process automation
- Data transformation (JSON, XML, EDI)
- Event-driven workflows
- Scheduled tasks and triggers
- Connector library (REST, SOAP, databases, etc.)
- Message queuing and routing
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 16 GiB
- **Disk**: 200 GiB (for workflow definitions and logs)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- docker.io
- docker-compose
- nodejs npm
- python3 python3-pip
- postgresql (workflow state)
- redis-server (message queuing)
- nginx (reverse proxy)
- ufw
- qemu-guest-agent
- **Recommended Software**:
- **Option 1**: n8n (open source workflow automation)
- **Option 2**: Apache Airflow (workflow orchestration)
- **Option 3**: Camunda (BPMN workflow engine)
- **Option 4**: Temporal (workflow orchestration)
- **Integration Capabilities**:
- REST APIs
- SOAP services
- Database connectors
- File system operations
- Email/SMS integration
- Blockchain integration
- AS4 gateway integration
- Financial messaging integration
- **File**: `examples/production/phoenix/business-integration-gateway.yaml`
#### 5c. Financial Messaging Gateway VM
- **Purpose**: Financial message handling and envelope processing
- **Key Functions**:
- SWIFT message processing
- ISO 20022 message format support
- Financial envelope handling (MT/MX messages)
- Payment message processing
- Securities message processing
- Trade finance messages
- Message validation and routing
- Compliance and audit logging
- Integration with banking systems
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 16 GiB
- **Disk**: 500 GiB (for message archives and audit logs)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- docker.io
- docker-compose
- java-11-openjdk (for financial message processing)
- python3 python3-pip
- postgresql (message database)
- redis-server (message queuing)
- openssl (encryption)
- xmlsec1 (XML security)
- ufw
- qemu-guest-agent
- **Standards Support**:
- ISO 20022 (MX messages)
- SWIFT MT messages
- FIX protocol
- EDI X12 (financial transactions)
- EDIFACT (international trade)
- SEPA (Single Euro Payments Area)
- **Security**:
- Message encryption
- Digital signatures
- PKI integration
- Audit trails
- Compliance reporting
- **File**: `examples/production/phoenix/financial-messaging-gateway.yaml`
#### 6. Git Server VM (Sankofa Git)
- **Purpose**: Self-hosted Git repository server (GitLab/Gitea/Forgejo)
- **Key Functions**:
- Git repository hosting
- Issue tracking
- CI/CD integration
- Code review and pull requests
- Wiki and documentation
- Container registry (optional)
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 16 GiB
- **Disk**: 500 GiB (for repositories and artifacts)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- git
- docker.io (for GitLab/Gitea containers)
- docker-compose
- nginx (reverse proxy)
- postgresql (database for GitLab)
- redis-server (caching)
- ufw
- qemu-guest-agent
- **Recommended Software**:
- **Option 1**: GitLab CE (full-featured, resource-intensive)
- **Option 2**: Gitea (lightweight, Go-based)
- **Option 3**: Forgejo (Gitea fork, community-driven)
- **File**: `examples/production/phoenix/git-server.yaml`
#### 6a. Phoenix Codespaces IDE VM
- **Purpose**: Branded cloud-based IDE with Copilot-like AI and Agents
- **Key Functions**:
- VS Code in browser (code-server)
- AI-powered code completion (Copilot-like)
- AI agents for automation and assistance
- Git integration with Phoenix Git server
- Multi-language support
- Terminal access
- Extension marketplace
- Phoenix branding and customization
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 32 GiB (higher RAM for AI processing)
- **Disk**: 200 GiB (for workspace storage and AI models)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- code-server (VS Code in browser)
- docker.io (for containerized workspaces)
- docker-compose
- nginx (reverse proxy with SSL)
- certbot (SSL certificates)
- python3 python3-pip (for AI tools)
- nodejs npm (for extensions)
- git (Git integration)
- build-essential (compilation tools)
- ufw (firewall)
- qemu-guest-agent
- **AI Integration**:
- **Code Completion**: GitHub Copilot API or alternative (Tabby, Codeium, Cursor)
- **AI Agents**: LangChain, AutoGPT, or custom Phoenix AI agents
- **LLM Support**: Integration with OpenAI-compatible APIs or local models
- **Code Analysis**: AI-powered code review and suggestions
- **Features**:
- Phoenix-branded interface
- Integration with Phoenix Git server
- Workspace templates for common stacks
- Pre-configured development environments
- AI-powered code generation
- Automated testing and debugging assistance
- Multi-user support with isolation
- **File**: `examples/production/phoenix/codespaces-ide.yaml`
#### 7. Phoenix DevOps VM (CI/CD Runner)
- **Purpose**: Continuous Integration and Continuous Deployment infrastructure
- **Key Functions**:
- CI/CD pipeline execution
- Build artifact storage
- Docker image building
- Automated testing
- Deployment automation
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 16 GiB
- **Disk**: 200 GiB (for build artifacts and cache)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- docker.io
- docker-compose
- git
- build-essential
- nodejs npm (for Node.js builds)
- python3 python3-pip (for Python builds)
- golang-go (for Go builds)
- jq (JSON processing)
- kubectl (Kubernetes CLI)
- helm (Kubernetes package manager)
- ufw
- qemu-guest-agent
- **CI/CD Tools**:
- **Option 1**: GitLab Runner (if using GitLab)
- **Option 2**: Jenkins
- **Option 3**: GitHub Actions Runner (self-hosted)
- **Option 4**: Tekton (Kubernetes-native)
- **File**: `examples/production/phoenix/devops-runner.yaml`
#### 8. Phoenix DevOps Controller VM
- **Purpose**: CI/CD orchestration and coordination
- **Key Functions**:
- Pipeline scheduling
- Job queue management
- Artifact repository
- Secret management integration
- Notification services
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 100 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- docker.io
- docker-compose
- kubectl
- helm
- vault (for secret management)
- ufw
- qemu-guest-agent
- **File**: `examples/production/phoenix/devops-controller.yaml`
### Sankofa Phoenix Platform VMs
#### 9. Phoenix Control Plane VM (Primary)
- **Purpose**: Primary control plane for Phoenix cloud platform
- **Key Functions**:
- Kubernetes control plane (if not using managed K8s)
- Crossplane provider management
- Resource orchestration
- API gateway
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 16 GiB
- **Disk**: 100 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: phoenix
- **Pre-installed Packages**:
- kubernetes (kubeadm/kubelet/kubectl)
- docker.io
- containerd
- ufw
- qemu-guest-agent
- **File**: `examples/production/phoenix/control-plane-primary.yaml`
#### 10. Phoenix Control Plane VM (Secondary)
- **Purpose**: Secondary control plane for high availability
- **VM Specs**: Same as Primary
- **Site**: site-2
- **Node**: r630-01
- **File**: `examples/production/phoenix/control-plane-secondary.yaml`
#### 11. Phoenix Database VM (Primary)
- **Purpose**: Primary database for Phoenix platform services
- **VM Specs**:
- **CPU**: 8 cores
- **RAM**: 32 GiB
- **Disk**: 500 GiB (for database storage)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: phoenix
- **Pre-installed Packages**:
- postgresql-14 (or latest)
- postgresql-contrib
- pgbackrest (backup tool)
- ufw
- qemu-guest-agent
- **File**: `examples/production/phoenix/database-primary.yaml`
#### 12. Phoenix Database VM (Replica)
- **Purpose**: Database replica for high availability and read scaling
- **VM Specs**: Same as Primary
- **Site**: site-2
- **Node**: r630-01
- **File**: `examples/production/phoenix/database-replica.yaml`
### Additional Infrastructure Recommendations
#### 13. Backup Server VM
- **Purpose**: Centralized backup storage and management
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 2 TiB (large storage for backups)
- **Storage**: local-lvm or dedicated storage pool
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- borgbackup (deduplicating backup tool)
- restic (backup tool)
- rsync
- samba (SMB shares for Windows backups)
- ufw
- qemu-guest-agent
- **File**: `examples/production/phoenix/backup-server.yaml`
#### 14. Log Aggregation VM
- **Purpose**: Centralized log collection and analysis
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 16 GiB
- **Disk**: 500 GiB (for log storage)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- docker.io
- docker-compose
- ufw
- qemu-guest-agent
- **Software Stack**:
- **Option 1**: ELK Stack (Elasticsearch, Logstash, Kibana)
- **Option 2**: Loki + Grafana (lightweight)
- **Option 3**: Graylog
- **File**: `examples/production/phoenix/log-aggregation.yaml`
#### 15. Certificate Authority VM
- **Purpose**: Internal Certificate Authority for SSL/TLS certificates
- **VM Specs**:
- **CPU**: 2 cores
- **RAM**: 4 GiB
- **Disk**: 20 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- easy-rsa (PKI management)
- openssl
- cfssl (Cloudflare's PKI toolkit)
- ufw
- qemu-guest-agent
- **File**: `examples/production/phoenix/certificate-authority.yaml`
#### 16. Monitoring VM (Phoenix)
- **Purpose**: Dedicated monitoring for Phoenix infrastructure
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 200 GiB (for metrics storage)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-2
- **Node**: r630-01
- **Tenant**: phoenix
- **Pre-installed Packages**:
- docker.io
- docker-compose
- ufw
- qemu-guest-agent
- **Software Stack**:
- Prometheus (metrics collection)
- Grafana (visualization)
- Alertmanager (alerting)
- Node Exporter (system metrics)
- **File**: `examples/production/phoenix/monitoring.yaml`
#### 17. VPN Gateway VM
- **Purpose**: VPN server for secure remote access
- **VM Specs**:
- **CPU**: 2 cores
- **RAM**: 4 GiB
- **Disk**: 20 GiB
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- wireguard (modern VPN)
- openvpn (alternative)
- ufw
- qemu-guest-agent
- **File**: `examples/production/phoenix/vpn-gateway.yaml`
#### 18. Container Registry VM
- **Purpose**: Private Docker/OCI container registry
- **VM Specs**:
- **CPU**: 4 cores
- **RAM**: 8 GiB
- **Disk**: 500 GiB (for container images)
- **Storage**: local-lvm
- **Network**: vmbr0
- **Image**: ubuntu-22.04-cloud
- **Site**: site-1
- **Node**: ml110-01
- **Tenant**: infrastructure
- **Pre-installed Packages**:
- docker.io
- docker-compose
- nginx (reverse proxy)
- ufw
- qemu-guest-agent
- **Software**:
- **Option 1**: Harbor (enterprise registry)
- **Option 2**: Docker Registry (simple)
- **Option 3**: GitLab Container Registry (if using GitLab)
- **File**: `examples/production/phoenix/container-registry.yaml`
---
## Updated Resource Summary
### Additional Infrastructure VMs
| Component | Count | CPU | RAM | Disk |
|-----------|-------|-----|-----|------|
| DNS Servers (Primary/Secondary) | 2 | 8 | 16 GiB | 100 GiB |
| Email Server | 1 | 8 | 16 GiB | 200 GiB |
| AS4 Gateway | 1 | 8 | 16 GiB | 500 GiB |
| Business Integration Gateway | 1 | 8 | 16 GiB | 200 GiB |
| Financial Messaging Gateway | 1 | 8 | 16 GiB | 500 GiB |
| Git Server | 1 | 8 | 16 GiB | 500 GiB |
| Phoenix Codespaces IDE | 1 | 8 | 32 GiB | 200 GiB |
| DevOps Runner | 1 | 8 | 16 GiB | 200 GiB |
| DevOps Controller | 1 | 4 | 8 GiB | 100 GiB |
| Phoenix Control Plane (Primary/Secondary) | 2 | 16 | 32 GiB | 200 GiB |
| Phoenix Database (Primary/Replica) | 2 | 16 | 64 GiB | 1000 GiB |
| Backup Server | 1 | 4 | 8 GiB | 2 TiB |
| Log Aggregation | 1 | 4 | 16 GiB | 500 GiB |
| Certificate Authority | 1 | 2 | 4 GiB | 20 GiB |
| Monitoring (Phoenix) | 1 | 4 | 8 GiB | 200 GiB |
| VPN Gateway | 1 | 2 | 4 GiB | 20 GiB |
| Container Registry | 1 | 4 | 8 GiB | 500 GiB |
| **Subtotal** | **20** | **122** | **300 GiB** | **7.24 TiB** |
### Complete Infrastructure Total
| Category | Count | CPU | RAM | Disk |
|----------|-------|-----|-----|------|
| Original Infrastructure | 2 | 4 | 8 GiB | 30 GiB |
| SMOM-DBIS-138 Application | 16 | 68 | 132 GiB | 238 GiB |
| Additional Infrastructure | 20 | 122 | 300 GiB | 7.24 TiB |
| **GRAND TOTAL** | **38** | **194** | **440 GiB** | **7.51 TiB** |
---
## Deployment Priority
### Phase 1: Critical Infrastructure (Deploy First)
1. DNS Servers (Primary/Secondary) - Required for all services
2. Nginx Proxy VM
3. Cloudflare Tunnel VM
4. Certificate Authority VM
### Phase 2: Core Services
5. Email Server
6. AS4 Gateway (Business Document Exchange)
7. Business Integration Gateway (Phoenix Logic Apps)
8. Financial Messaging Gateway
9. Git Server
10. Phoenix Codespaces IDE
11. Container Registry
12. VPN Gateway
### Phase 3: DevOps Infrastructure
9. DevOps Controller
10. DevOps Runner
11. Log Aggregation
### Phase 4: Phoenix Platform
12. Phoenix Control Plane (Primary/Secondary)
13. Phoenix Database (Primary/Replica)
14. Monitoring (Phoenix)
### Phase 5: Supporting Services
15. Backup Server
16. SMOM-DBIS-138 Blockchain Infrastructure
17. SMOM-DBIS-138 Application Services
---
## Deployment Optimization
### Quota Checking
**Automatic**: The Crossplane controller automatically checks quota for all VMs with tenant labels before deployment.
**Manual**: Run pre-deployment quota check:
```bash
./scripts/pre-deployment-quota-check.sh
```
**Validation**: Validate VM configurations:
```bash
./scripts/validate-and-optimize-vms.sh
```
### Command Optimization
All VM configurations use non-compounded commands for better error handling:
- Commands are separated into individual list items
- Critical operations have explicit error checking
- Non-critical operations may use `|| true` for graceful degradation
See `docs/VM_DEPLOYMENT_OPTIMIZATION.md` for detailed guidelines.
### Image Standardization
- **Standard Image**: `ubuntu-22.04-cloud` (691MB)
- **Format**: QCOW2
- **Availability**: Both sites (ml110-01 and r630-01)
- **Handling**: Controller automatically searches and imports if needed
## Notes
1. **Management VM**: Marked as optional in deployment documentation
2. **Cacti**: Combined with Firefly in the services.yaml VM
3. **Sankofa Phoenix VMs**: Now included in this comprehensive list
4. **Image Handling**: Provider automatically searches and imports images
5. **Multi-tenancy**: VMs are labeled with tenant IDs for resource isolation
6. **High Availability**: Critical services should be distributed across both sites
7. **Storage Considerations**: Large storage VMs (Git, Database, Backup) may need dedicated storage pools
8. **DNS**: Primary and secondary DNS servers provide redundancy
9. **Email**: Consider email deliverability and SPF/DKIM/DMARC configuration
10. **Git Server**: Choose GitLab for full features or Gitea/Forgejo for lightweight deployment
11. **Backup Strategy**: Implement automated backups for all critical VMs
12. **Monitoring**: Deploy monitoring before other services to track deployment health
13. **Quota Enforcement**: All tenant VMs automatically check quota before deployment
14. **Command Optimization**: All commands are non-compounded for better error handling
15. **Validation**: Use validation scripts before deployment
---
**Last Updated**: 2025-12-08
**Status**: Production Ready - Comprehensive Infrastructure Plan