d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/03-deployment/DEPLOYMENT_STATUS_MASTER.md

280 lines
9.0 KiB
Markdown
Raw Normal View History

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00
# Deployment Status Master - Complete Overview
**Last Updated:** 2026-02-12
**Status:** 🚀 **ACTIVE DEPLOYMENT**
**Progress:** Foundation Complete → Service Migration In Progress
**Authoritative** for container inventory by host (reconciled with SSH). For a legacy consolidated table view, see [DEPLOYMENT_STATUS_CONSOLIDATED.md](DEPLOYMENT_STATUS_CONSOLIDATED.md).
---
## Executive Summary
### ✅ Completed (Foundation Phase)
1. **Network Infrastructure**
-**Edge:** UDM Pro (76.53.10.34, replaced ER605). Port forward **76.53.10.36:80/443****192.168.11.167:80/443** (NPMplus). NPMplus LXC has 192.168.11.166 and 192.168.11.167; only **192.168.11.167** is used in UDM Pro.
- ✅ All 19 VLANs configured on UDM Pro
- ✅ Inter-VLAN routing verified and working
- ✅ Network Isolation disabled, Zone Matrix configured
- ✅ Dual network access configured (Default + VLAN 11)
2. **Proxmox Infrastructure**
- ✅ ml110 operational (192.168.11.10)
- ✅ r630-01 operational (192.168.11.11)
- ✅ r630-02 operational (192.168.11.12) - Storage optimized
- ✅ r630-03, r630-04 available for deployment
3. **Storage**
- ✅ r630-02 storage issues resolved
- ✅ Container 7811 disk expanded
- ✅ Duplicate volumes removed (~300GB recovered)
- ✅ Storage pools optimized
### ⏳ In Progress (Migration Phase)
1. **VLAN Migration**
- ⏳ Besu validators (1000-1004) → VLAN 110
- ⏳ Besu sentries (1500-1503) → VLAN 111
- ⏳ Besu RPC (2500-2502) → VLAN 112
- ⏳ Blockscout (5000) → VLAN 120
- ⏳ FireFly (6200) → VLAN 141
- ⏳ MIM API (7811) → VLAN 160
2. **Service Deployment**
- ⏳ CCIP fleet (41 nodes)
- ⏳ DBIS services
- ⏳ Monitoring stack
- ⏳ Additional Hyperledger services
### 📋 Pending (Deployment Phase)
1. **Security & Access**
- ⏳ Firewall rules configuration
- ⏳ Cloudflare Zero Trust setup
- ⏳ NAT pool configuration
2. **Documentation**
- ⏳ Final IP assignments
- ⏳ Service connectivity matrix
- ⏳ Operational runbooks
---
## Current Container Inventory
### ml110 (192.168.11.10)
**Running Containers:**
- Besu Validators: 1000-1004 (5)
- Besu Sentries: 1500-1503, **1504** (besu-sentry-ali) (5)
- Besu RPC: 2500-2502, **2303-2308** (Ali/Luis/Putu RPC — not 2503-2508)
- Thirdweb RPC: 2400-2402 (3)
**Note:** 2503, 2504, 2505 are on **r630-01** (besu-rpc-hybx-1/2/3). **2506, 2507, 2508 were destroyed 2026-02-08** — see [MISSING_CONTAINERS_LIST.md](MISSING_CONTAINERS_LIST.md). Besu RPC range: 25002505 only.
**Status:** All on VLAN 11 (mgmt) - **Ready for VLAN migration**
### r630-01 (192.168.11.11)
**Running Containers:**
- Infrastructure: 100-108 (proxmox-mail-gateway, datacenter-manager, cloudflared, omada, gitea, nginxproxymanager, redis-rpc-translator, web3signer-rpc-translator, vault-rpc-translator)
- Monitoring: 130 (monitoring-1)
- **Besu RPC: 2503, 2504, 2505** (besu-rpc-hybx-1/2/3)
- **Hyperledger: 5200 (cacti-1), 6000 (fabric-1), 6400 (indy-1)**
**Host Services (not LXC):**
- **CCIP Relay Service** — `/opt/smom-dbis-138/services/relay` (Node.js); relays Chain 138 → Mainnet; uses VMID 2201 RPC. See [07-ccip/CCIP_RELAY_DEPLOYMENT.md](../07-ccip/CCIP_RELAY_DEPLOYMENT.md).
- **Chain 138 smart contracts** — 36-address on-chain check: `./scripts/verify/check-contracts-on-chain-138.sh`; AddressMapper, MirrorManager deployed 2026-02-12. Deploy with `--with-gas-price 1000000000`. See [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [CONTRACT_DEPLOYMENT_RUNBOOK](CONTRACT_DEPLOYMENT_RUNBOOK.md).
**Stopped Containers (30+):**
- DBIS services: 10100-10151
- Order services: 10000-10092
- CCIP services: 3500-3501
**Status:** Infrastructure and Hyperledger running; many application services stopped - **Ready for deployment**
### r630-02 (192.168.11.12)
**Running Containers (4):**
- Blockscout: 5000
- FireFly: 6200
- FireFly Ali: 6201 (stopped)
- MIM API: 7811
**Status:** Services running on VLAN 11 - **Ready for VLAN migration**
---
## VLAN Migration Plan
### Priority 1: Besu Network (High Priority)
| Service | Current | Target VLAN | Target Subnet | Containers |
|---------|---------|-------------|---------------|------------|
| Validators | VLAN 11 | VLAN 110 | 10.110.0.0/24 | 1000-1004 |
| Sentries | VLAN 11 | VLAN 111 | 10.111.0.0/24 | 1500-1503 |
| RPC | VLAN 11 | VLAN 112 | 10.112.0.0/24 | 2500-2502 |
### Priority 2: Service VLANs
| Service | Current | Target VLAN | Target Subnet | Containers |
|---------|---------|-------------|---------------|------------|
| Blockscout | VLAN 11 | VLAN 120 | 10.120.0.0/24 | 5000 |
| FireFly | VLAN 11 | VLAN 141 | 10.141.0.0/24 | 6200 |
| MIM API | VLAN 11 | VLAN 160 | 10.160.0.0/22 | 7811 |
### Priority 3: New Deployments
| Service | Target VLAN | Target Subnet | VMIDs |
|---------|------------|---------------|-------|
| CCIP Ops | VLAN 130 | 10.130.0.0/24 | 5400-5401 |
| CCIP Commit | VLAN 132 | 10.132.0.0/24 | 5410-5425 |
| CCIP Execute | VLAN 133 | 10.133.0.0/24 | 5440-5455 |
| CCIP RMN | VLAN 134 | 10.134.0.0/24 | 5470-5476 |
| DBIS Services | VLAN 202 | 10.202.0.0/24 | 10100-10151 |
---
## Deployment Tasks by Category
### Network Tasks (Can Run in Parallel)
1. ✅ Verify VLAN configuration
2. ✅ Verify inter-VLAN routing
3. ⏳ Migrate Besu validators to VLAN 110
4. ⏳ Migrate Besu sentries to VLAN 111
5. ⏳ Migrate Besu RPC to VLAN 112
6. ⏳ Migrate Blockscout to VLAN 120
7. ⏳ Migrate FireFly to VLAN 141
8. ⏳ Migrate MIM API to VLAN 160
9. ⏳ Configure firewall rules
10. ⏳ Configure DHCP reservations
### Service Deployment Tasks (Can Run in Parallel)
1. ⏳ Deploy CCIP Ops/Admin (2 nodes)
2. ⏳ Deploy CCIP Commit nodes (16 nodes)
3. ⏳ Deploy CCIP Execute nodes (16 nodes)
4. ⏳ Deploy CCIP RMN nodes (7 nodes)
5. ⏳ Deploy monitoring stack
6. ⏳ Deploy DBIS services
7. ⏳ Deploy Cacti
8. ⏳ Deploy Fabric
9. ⏳ Deploy Indy
### Security & Access Tasks (Can Run in Parallel)
1. ⏳ Configure inter-VLAN firewall rules
2. ⏳ Configure sovereign tenant isolation
3. ⏳ Set up Cloudflare Zero Trust tunnels
4. ⏳ Configure Cloudflare Access policies
5. ⏳ Configure NAT pools (when IP blocks assigned)
### Documentation Tasks
1. ⏳ Update IP assignments
2. ⏳ Create service connectivity matrix
3. ⏳ Update operational runbooks
4. ⏳ Document final configurations
---
## Parallel Execution Strategy
### Phase 1: Network Migration (Parallel Groups)
**Group A (Besu Network - Can run in parallel):**
- Migrate validators (1000-1004) → VLAN 110
- Migrate sentries (1500-1503) → VLAN 111
- Migrate RPC (2500-2502) → VLAN 112
**Group B (Service VLANs - Can run in parallel):**
- Migrate Blockscout (5000) → VLAN 120
- Migrate FireFly (6200) → VLAN 141
- Migrate MIM API (7811) → VLAN 160
### Phase 2: Service Deployment (Parallel Groups)
**Group A (CCIP Fleet - Can run in parallel):**
- Deploy CCIP Ops/Admin (5400-5401)
- Deploy CCIP Commit nodes (5410-5425)
- Deploy CCIP Execute nodes (5440-5455)
- Deploy CCIP RMN nodes (5470-5476)
**Group B (Application Services - Can run in parallel):**
- Deploy DBIS services (10100-10151)
- Deploy monitoring stack
- Deploy Hyperledger services (Cacti, Fabric, Indy)
### Phase 3: Security & Access (Parallel)
- Configure firewall rules
- Set up Cloudflare Zero Trust
- Configure NAT pools
---
## Resource Allocation
### Proxmox Hosts
| Host | Current Load | Available Capacity | Recommended Use |
|------|--------------|-------------------|------------------|
| ml110 | 20 containers | Moderate | Besu network, management |
| r630-01 | 10 containers | High | CCIP fleet, services |
| r630-02 | 4 containers | High | Application services |
| r630-03 | 0 containers | Full | New deployments |
| r630-04 | 0 containers | Full | New deployments |
### Storage
| Host | Storage Status | Available |
|------|----------------|-----------|
| ml110 | Operational | Adequate |
| r630-01 | Operational | High |
| r630-02 | Optimized | High (300GB recovered) |
| r630-03 | Available | Full |
| r630-04 | Available | Full |
---
## Next Steps (Immediate)
1. **Start VLAN Migration** (Priority 1)
- Begin with Besu validators (1000-1004)
- Test connectivity after each group
- Proceed to next group
2. **Deploy CCIP Fleet** (Priority 2)
- Start with Ops/Admin nodes
- Deploy Commit, Execute, RMN in parallel
- Configure and test
3. **Configure Security** (Priority 3)
- Set up firewall rules
- Configure Cloudflare Zero Trust
- Test access policies
---
## Risk Assessment
### Low Risk
- ✅ VLAN migration (tested, reversible)
- ✅ Service deployment (can rollback)
- ✅ Firewall configuration (tested)
### Medium Risk
- ⚠️ CCIP fleet deployment (requires coordination)
- ⚠️ NAT pool configuration (requires public IP blocks)
### High Risk
- ❌ None identified
---
**Last Updated:** 2026-02-05
**Container inventory:** Reconciled with SSH review; canonical missing VMIDs (2506, 2507, 2508 only): [MISSING_CONTAINERS_LIST.md](MISSING_CONTAINERS_LIST.md).
**Next Review:** After Phase 1 completion
Reference in New Issue Copy Permalink