From 309843df958bd121a09ef2102d3f47ddb7700143 Mon Sep 17 00:00:00 2001 From: defiQUG Date: Mon, 13 Apr 2026 16:06:34 -0700 Subject: [PATCH] Add MEV CT2421 cutover helper --- .../MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md | 40 +++- .../run-mev-post-deploy-cutover-ct2421.sh | 217 ++++++++++++++++++ 2 files changed, 252 insertions(+), 5 deletions(-) create mode 100755 scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh diff --git a/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md b/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md index 111ecb69..e4cc409e 100644 --- a/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md +++ b/docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md @@ -15,7 +15,7 @@ It is based on the repo's current assumptions: Because of that localhost assumption, the cleanest contained split topology for this deployment is: - **Backend Proxmox host:** `r630-04` at **`192.168.11.14`** -- **Backend CT:** **VMID `2421`** at **`192.168.11.219`** +- **Backend CT:** **VMID `2421`** at **`192.168.11.223`** - **Public web host:** `info-defi-oracle-web` CT **2410** at **`192.168.11.218`** ## 1. Host choice @@ -30,7 +30,7 @@ Use the dedicated backend CT for: Use **CT 2410** only for: - static GUI files -- nginx reverse proxy `/api` to `192.168.11.219:9090` +- nginx reverse proxy `/api` to `192.168.11.223:9090` Why this is the recommended topology: @@ -55,7 +55,7 @@ Default CT identity: - Proxmox host: `192.168.11.14` - VMID: `2421` -- CT IP: `192.168.11.219` +- CT IP: `192.168.11.223` - Hostname: `mev-control-backend` The provisioner creates an unprivileged Debian 12 CT with: @@ -313,7 +313,7 @@ Before testing the public site, re-render the MEV nginx vhost so CT `2410` point ```bash cd /home/intlc/projects/proxmox -MEV_ADMIN_API_HOST=192.168.11.219 bash scripts/deployment/sync-mev-control-gui-defi-oracle.sh +MEV_ADMIN_API_HOST=192.168.11.223 bash scripts/deployment/sync-mev-control-gui-defi-oracle.sh ``` Once the control plane is up inside the backend CT, confirm CT 2410 can reach it through nginx: @@ -341,7 +341,8 @@ Overview: - needs `mev-admin-api` - needs service health ports 8080-8087 on the same host -- infra only reports real Postgres status today; Redis and NATS are still backend TODOs +- infra reports live Postgres, Redis, and NATS status +- backend CT includes `mev-start-all.service` so the worker stack auto-starts after `mev-supervisor` and `mev-admin-api` Pipeline: @@ -395,3 +396,32 @@ Even after the stack is running, the following are still known implementation ga - bundle signing - inclusion detection - Uniswap V3 / Curve / multicall / block-subscription gaps tracked in `MEV_Bot/mev-platform/docs/REMAINING_GAPS_IMPLEMENTATION.md` + +## 15. Post-deploy cutover for CT 2421 + +Once the hardened executor and flash-loan provider wrapper are actually broadcast, use the dedicated cutover helper from the repo root: + +```bash +bash scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh \ + --artifact reports/status/mev_execution_deploy_YYYYMMDD_HHMMSS.json \ + --uniswap-v2-router 0x... \ + --sushiswap-router 0x... \ + --api-key "$MEV_API_KEY" +``` + +That runs in dry-run mode by default and prints: + +- the exact config patch diff for `config.dev.toml` +- the exact `pct exec 2421` copy command +- the exact restart chain for `mev-supervisor`, `mev-admin-api`, and `mev-start-all` +- the exact local CT verification commands +- the exact public verification commands + +When the diff and commands look correct, run the same command with `--apply`. + +This helper assumes: + +- Proxmox host for the backend CT is `192.168.11.14` +- backend CT VMID is `2421` +- target config inside the CT is `/opt/proxmox/MEV_Bot/mev-platform/config.dev.toml` +- backend env file inside the CT is `/etc/mev-platform/backend.env` diff --git a/scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh b/scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh new file mode 100755 index 00000000..2d89119e --- /dev/null +++ b/scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh @@ -0,0 +1,217 @@ +#!/usr/bin/env bash +set -euo pipefail + +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)" + +PVE_HOST="${MEV_BACKEND_PVE_HOST:-192.168.11.14}" +CT_VMID="${MEV_BACKEND_CT_VMID:-2421}" +CT_CONFIG_PATH="${MEV_BACKEND_CT_CONFIG_PATH:-/opt/proxmox/MEV_Bot/mev-platform/config.dev.toml}" +SOURCE_CONFIG="${MEV_SOURCE_CONFIG:-$ROOT/MEV_Bot/mev-platform/config.dev.toml}" +ARTIFACT_PATH="${MEV_EXECUTION_DEPLOY_ARTIFACT:-}" +UNISWAP_V2_ROUTER="${MEV_UNISWAP_V2_ROUTER:-}" +SUSHISWAP_ROUTER="${MEV_SUSHISWAP_ROUTER:-}" +RELAY_URL="${MEV_RELAY_URL:-}" +API_KEY="${MEV_API_KEY:-}" +RPC_URL="${MEV_RPC_URL:-https://eth.llamarpc.com}" +APPLY=0 + +usage() { + cat <<'EOF' +Usage: run-mev-post-deploy-cutover-ct2421.sh [options] + +Prepares the exact post-deploy cutover for the MEV backend CT (default VMID 2421): +1. patch config.dev.toml from a deployment artifact +2. copy the patched config into CT 2421 +3. restart mev-supervisor / mev-admin-api / mev-start-all +4. run local and public verification probes + +Defaults to dry-run and prints the exact commands that would be executed. + +Options: + --artifact PATH Deployment artifact JSON from deploy-mev-execution-contracts.sh + --uniswap-v2-router ADR Router address for uniswap_v2 + --sushiswap-router ADR Router address for sushiswap + --relay-url URL Optional relay_url override + --api-key KEY API key used for protected verification routes + --pve-host HOST Proxmox host running CT 2421 (default: 192.168.11.14) + --ct-vmid VMID CT VMID (default: 2421) + --source-config PATH Local source config to patch (default: MEV_Bot/mev-platform/config.dev.toml) + --ct-config PATH Target config path inside CT (default: /opt/proxmox/MEV_Bot/mev-platform/config.dev.toml) + --rpc-url URL RPC URL for readiness checks (default: https://eth.llamarpc.com) + --apply Execute the cutover + -h, --help Show this help +EOF +} + +while [[ $# -gt 0 ]]; do + case "$1" in + --artifact) + ARTIFACT_PATH="$2" + shift 2 + ;; + --uniswap-v2-router) + UNISWAP_V2_ROUTER="$2" + shift 2 + ;; + --sushiswap-router) + SUSHISWAP_ROUTER="$2" + shift 2 + ;; + --relay-url) + RELAY_URL="$2" + shift 2 + ;; + --api-key) + API_KEY="$2" + shift 2 + ;; + --pve-host) + PVE_HOST="$2" + shift 2 + ;; + --ct-vmid) + CT_VMID="$2" + shift 2 + ;; + --source-config) + SOURCE_CONFIG="$2" + shift 2 + ;; + --ct-config) + CT_CONFIG_PATH="$2" + shift 2 + ;; + --rpc-url) + RPC_URL="$2" + shift 2 + ;; + --apply) + APPLY=1 + shift + ;; + -h|--help) + usage + exit 0 + ;; + *) + echo "Unknown argument: $1" >&2 + usage >&2 + exit 2 + ;; + esac +done + +require_cmd() { + command -v "$1" >/dev/null 2>&1 || { + echo "Required command missing: $1" >&2 + exit 2 + } +} + +require_cmd ssh +require_cmd mktemp +require_cmd bash +require_cmd sed + +if [[ -z "$ARTIFACT_PATH" ]]; then + echo "--artifact is required" >&2 + exit 2 +fi + +if [[ -z "$UNISWAP_V2_ROUTER" || -z "$SUSHISWAP_ROUTER" ]]; then + echo "--uniswap-v2-router and --sushiswap-router are required" >&2 + exit 2 +fi + +if [[ ! -f "$SOURCE_CONFIG" ]]; then + echo "Source config not found: $SOURCE_CONFIG" >&2 + exit 2 +fi + +if [[ ! -f "$ARTIFACT_PATH" ]]; then + echo "Artifact not found: $ARTIFACT_PATH" >&2 + exit 2 +fi + +TMP_CONFIG="$(mktemp)" +cleanup() { + rm -f "$TMP_CONFIG" +} +trap cleanup EXIT + +cp "$SOURCE_CONFIG" "$TMP_CONFIG" + +PATCH_CMD=( + bash "$ROOT/scripts/deployment/apply-mev-execution-config-from-artifact.sh" + --artifact "$ARTIFACT_PATH" + --config "$TMP_CONFIG" + --uniswap-v2-router "$UNISWAP_V2_ROUTER" + --sushiswap-router "$SUSHISWAP_ROUTER" +) +if [[ -n "$RELAY_URL" ]]; then + PATCH_CMD+=(--relay-url "$RELAY_URL") +fi +PATCH_CMD+=(--apply) +"${PATCH_CMD[@]}" >/tmp/mev-cutover-patch.log + +CT_VERIFY_CMD=$(cat < $CT_CONFIG_PATH'\" < $TMP_CONFIG" +echo "" +echo "Planned remote restart/verify command:" +echo "ssh root@$PVE_HOST \"pct exec $CT_VMID -- bash -lc $(printf '%q' "$CT_VERIFY_CMD")\"" +echo "" +echo "Planned public verification:" +echo "curl -fsS https://mev.defi-oracle.io/api/auth/check | jq ." +if [[ -n "$API_KEY" ]]; then + echo "curl -fsS -H \"X-API-Key: $API_KEY\" https://mev.defi-oracle.io/api/infra | jq ." + echo "curl -fsS -H \"X-API-Key: $API_KEY\" https://mev.defi-oracle.io/api/safety/signer | jq ." +fi + +if [[ "$APPLY" -ne 1 ]]; then + echo "" + echo "Dry-run only. Re-run with --apply to execute." + exit 0 +fi + +cat "$TMP_CONFIG" | ssh "root@$PVE_HOST" "pct exec $CT_VMID -- bash -lc 'cat > \"$CT_CONFIG_PATH\"'" +ssh "root@$PVE_HOST" "pct exec $CT_VMID -- bash -lc $(printf '%q' "$CT_VERIFY_CMD")" + +echo "" +echo "== public verification ==" +curl -fsS https://mev.defi-oracle.io/api/auth/check | jq . +if [[ -n "$API_KEY" ]]; then + curl -fsS -H "X-API-Key: $API_KEY" https://mev.defi-oracle.io/api/infra | jq . + curl -fsS -H "X-API-Key: $API_KEY" https://mev.defi-oracle.io/api/safety/signer | jq . +fi