From d38174dc25cb9da14652bbab6315b6d32e4354a9 Mon Sep 17 00:00:00 2001 From: defiQUG Date: Fri, 6 Mar 2026 08:46:55 -0800 Subject: [PATCH] Align E2E profile workflow across scripts and runbooks --- docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md | 2 +- docs/03-deployment/OPERATIONAL_RUNBOOKS.md | 3 +- docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md | 2 +- docs/04-configuration/E2E_ENDPOINTS_LIST.md | 143 +++++++++++++++++ docs/04-configuration/README.md | 3 +- ...HECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md | 2 +- .../E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md | 6 +- docs/05-network/E2E_RPC_EDGE_LIMITATION.md | 4 +- .../OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md | 4 +- docs/05-network/README.md | 3 +- docs/12-quick-reference/QUICK_REFERENCE.md | 3 +- .../QUICK_REFERENCE_CARDS.md | 4 +- .../deployment/run-all-next-steps-chain138.sh | 62 +++++--- scripts/deployment/run-sankofa-studio-e2e.sh | 2 +- scripts/run-all-next-steps.sh | 6 +- .../run-full-connection-and-fastly-tests.sh | 2 +- scripts/verify/run-full-verification.sh | 2 +- scripts/verify/verify-end-to-end-routing.sh | 145 +++++++++++++++++- 18 files changed, 345 insertions(+), 53 deletions(-) create mode 100644 docs/04-configuration/E2E_ENDPOINTS_LIST.md diff --git a/docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md b/docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md index 466bb9c..c480640 100644 --- a/docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md +++ b/docs/03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md @@ -145,7 +145,7 @@ BLOCKSCOUT_URL=http://192.168.11.140:4000 node forge-verification-proxy/server.j ## E2E completion (Blockscout and other sites) -- **Public routing E2E**: `bash scripts/verify/verify-end-to-end-routing.sh` tests explorer.d-bis.org (DNS, SSL, HTTPS) and an optional Blockscout API check (`/api/v2/stats`). The API check does not fail the run if unreachable; use `SKIP_BLOCKSCOUT_API=1` to skip it. See [E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md](../05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md). +- **Public routing E2E**: `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` tests explorer.d-bis.org (DNS, SSL, HTTPS) and an optional Blockscout API check (`/api/v2/stats`). The API check does not fail the run if unreachable; use `SKIP_BLOCKSCOUT_API=1` to skip it. See [E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md](../05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md). - **Full explorer E2E (on LAN)**: From a host that can reach 192.168.11.140, run `explorer-monorepo/scripts/e2e-test-explorer.sh` for frontend, API, and service checks. - **Daily checks**: `scripts/maintenance/daily-weekly-checks.sh daily` checks explorer indexer via `/api/v2/stats` (and fallback legacy API). diff --git a/docs/03-deployment/OPERATIONAL_RUNBOOKS.md b/docs/03-deployment/OPERATIONAL_RUNBOOKS.md index cba6318..ab00726 100644 --- a/docs/03-deployment/OPERATIONAL_RUNBOOKS.md +++ b/docs/03-deployment/OPERATIONAL_RUNBOOKS.md @@ -381,7 +381,7 @@ See **[BLOCKSCOUT_FIX_RUNBOOK.md](BLOCKSCOUT_FIX_RUNBOOK.md)** § "Proactive: Wh ### After NPMplus or DNS changes Run **E2E routing** (includes explorer.d-bis.org): -`bash scripts/verify/verify-end-to-end-routing.sh` +`bash scripts/verify/verify-end-to-end-routing.sh --profile=public` ### After frontend or Blockscout deploy @@ -558,4 +558,3 @@ See [BLOCKSCOUT_FIX_RUNBOOK.md](BLOCKSCOUT_FIX_RUNBOOK.md). **Maintained By:** Infrastructure Team **Review Cycle:** Monthly **Last Updated:** 2026-02-05 - diff --git a/docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md b/docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md index deea25b..3663b6d 100644 --- a/docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md +++ b/docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md @@ -112,7 +112,7 @@ curl -s http://192.168.11.72:8000/studio/ -o /dev/null -w "%{http_code}\n" ```bash cd /home/intlc/projects/proxmox -bash scripts/verify/verify-end-to-end-routing.sh +bash scripts/verify/verify-end-to-end-routing.sh --profile=public ``` - Report: `docs/04-configuration/verification-evidence/e2e-verification-/verification_report.md` diff --git a/docs/04-configuration/E2E_ENDPOINTS_LIST.md b/docs/04-configuration/E2E_ENDPOINTS_LIST.md new file mode 100644 index 0000000..c5b7735 --- /dev/null +++ b/docs/04-configuration/E2E_ENDPOINTS_LIST.md @@ -0,0 +1,143 @@ +# E2E verification — endpoint inventory and profiles + +**Source:** `scripts/verify/verify-end-to-end-routing.sh` (DOMAIN_TYPES). +**List from CLI (public):** `./scripts/verify/verify-end-to-end-routing.sh --list-endpoints --profile=public` +**List from CLI (private/admin):** `./scripts/verify/verify-end-to-end-routing.sh --list-endpoints --profile=private` +**Run E2E (public profile recommended):** `./scripts/verify/verify-end-to-end-routing.sh --profile=public` (from LAN with DNS or use `E2E_USE_SYSTEM_RESOLVER=1` and `/etc/hosts` per [E2E_DNS_FROM_LAN_RUNBOOK.md](E2E_DNS_FROM_LAN_RUNBOOK.md)). +**Run E2E (private/admin):** `./scripts/verify/verify-end-to-end-routing.sh --profile=private`. + +## Verification profiles + +- **Public profile (default for routine E2E):** web, api, public RPC endpoints. +- **Private/admin profile:** private RPC and Fireblocks RPC endpoints. Run separately for internal operations. + +## Full endpoint inventory (combined) + +| Endpoint | Type | URL | Description (content provided) | +|----------|------|-----|--------------------------------| +| explorer.d-bis.org | web | https://explorer.d-bis.org | Blockscout-style blockchain explorer for Chain 138: blocks, transactions, addresses, contracts, tokens, verification. | +| dbis-admin.d-bis.org | web | https://dbis-admin.d-bis.org | DBIS admin dashboard and frontend (VMID 10130). | +| secure.d-bis.org | web | https://secure.d-bis.org | Secure DBIS frontend / authenticated portal. | +| dbis-api.d-bis.org | api | https://dbis-api.d-bis.org | DBIS core API: token aggregation, Crypto.com OTC, exchange endpoints (VMID 10150). | +| dbis-api-2.d-bis.org | api | https://dbis-api-2.d-bis.org | DBIS API secondary instance (VMID 10151). | +| mim4u.org | web | https://mim4u.org | MIM4U main site. | +| www.mim4u.org | web | https://www.mim4u.org | MIM4U www. | +| secure.mim4u.org | web | https://secure.mim4u.org | MIM4U secure portal. | +| training.mim4u.org | web | https://training.mim4u.org | MIM4U training site. | +| sankofa.nexus | web | https://sankofa.nexus | Sankofa Nexus root / web. | +| www.sankofa.nexus | web | https://www.sankofa.nexus | Sankofa Nexus www. | +| phoenix.sankofa.nexus | web | https://phoenix.sankofa.nexus | Phoenix (Sankofa) web app. | +| www.phoenix.sankofa.nexus | web | https://www.phoenix.sankofa.nexus | Phoenix www. | +| the-order.sankofa.nexus | web | https://the-order.sankofa.nexus | Hosted client on the Sankofa Phoenix cloud services platform. | +| studio.sankofa.nexus | web | https://studio.sankofa.nexus | Sankofa Studio (FusionAI Creator) at VMID 7805. | +| cacti-alltra.d-bis.org | web | https://cacti-alltra.d-bis.org | Cacti monitoring UI for Alltra. | +| cacti-hybx.d-bis.org | web | https://cacti-hybx.d-bis.org | Cacti monitoring UI for HYBX. | +| mifos.d-bis.org | web | https://mifos.d-bis.org | Mifos X / Fineract banking and microfinance platform (VMID 5800). | +| dapp.d-bis.org | web | https://dapp.d-bis.org | DApp frontend for Chain 138 bridge (VMID 5801). | +| gitea.d-bis.org | web | https://gitea.d-bis.org | Gitea git repository and CI (Dev VM 5700). | +| dev.d-bis.org | web | https://dev.d-bis.org | Dev VM web / Codespaces entry. | +| codespaces.d-bis.org | web | https://codespaces.d-bis.org | Codespaces / dev environment entry. | +| rpc-http-pub.d-bis.org | rpc-http | https://rpc-http-pub.d-bis.org | Chain 138 public JSON-RPC HTTP (VMID 2201). | +| rpc-ws-pub.d-bis.org | rpc-ws | wss://rpc-ws-pub.d-bis.org | Chain 138 public JSON-RPC WebSocket. | +| rpc.d-bis.org | rpc-http | https://rpc.d-bis.org | Chain 138 RPC HTTP (alias). | +| rpc2.d-bis.org | rpc-http | https://rpc2.d-bis.org | Chain 138 RPC HTTP (second). | +| ws.rpc.d-bis.org | rpc-ws | wss://ws.rpc.d-bis.org | Chain 138 RPC WebSocket. | +| ws.rpc2.d-bis.org | rpc-ws | wss://ws.rpc2.d-bis.org | Chain 138 RPC WebSocket (second). | +| rpc-http-prv.d-bis.org | rpc-http | https://rpc-http-prv.d-bis.org | Chain 138 private/admin RPC HTTP (VMID 2101). | +| rpc-ws-prv.d-bis.org | rpc-ws | wss://rpc-ws-prv.d-bis.org | Chain 138 private RPC WebSocket. | +| rpc-fireblocks.d-bis.org | rpc-http | https://rpc-fireblocks.d-bis.org | Chain 138 RPC for Fireblocks Web3 (VMID 2301). | +| ws.rpc-fireblocks.d-bis.org | rpc-ws | wss://ws.rpc-fireblocks.d-bis.org | Chain 138 RPC WebSocket for Fireblocks. | +| rpc.public-0138.defi-oracle.io | rpc-http | https://rpc.public-0138.defi-oracle.io | Defi Oracle Chain 138 public RPC. | +| rpc.defi-oracle.io | rpc-http | https://rpc.defi-oracle.io | Defi Oracle RPC. | +| wss.defi-oracle.io | rpc-ws | wss://wss.defi-oracle.io | Defi Oracle RPC WebSocket. | +| rpc-alltra.d-bis.org | rpc-http | https://rpc-alltra.d-bis.org | Alltra chain RPC HTTP. | +| rpc-alltra-2.d-bis.org | rpc-http | https://rpc-alltra-2.d-bis.org | Alltra chain RPC HTTP (2). | +| rpc-alltra-3.d-bis.org | rpc-http | https://rpc-alltra-3.d-bis.org | Alltra chain RPC HTTP (3). | +| rpc-hybx.d-bis.org | rpc-http | https://rpc-hybx.d-bis.org | HYBX chain RPC HTTP. | +| rpc-hybx-2.d-bis.org | rpc-http | https://rpc-hybx-2.d-bis.org | HYBX chain RPC HTTP (2). | +| rpc-hybx-3.d-bis.org | rpc-http | https://rpc-hybx-3.d-bis.org | HYBX chain RPC HTTP (3). | + +## Endpoints by type + +### Web + +| Domain | URL | +|--------|-----| +| explorer.d-bis.org | https://explorer.d-bis.org | +| dbis-admin.d-bis.org | https://dbis-admin.d-bis.org | +| secure.d-bis.org | https://secure.d-bis.org | +| mim4u.org | https://mim4u.org | +| www.mim4u.org | https://www.mim4u.org | +| secure.mim4u.org | https://secure.mim4u.org | +| training.mim4u.org | https://training.mim4u.org | +| sankofa.nexus | https://sankofa.nexus | +| www.sankofa.nexus | https://www.sankofa.nexus | +| phoenix.sankofa.nexus | https://phoenix.sankofa.nexus | +| www.phoenix.sankofa.nexus | https://www.phoenix.sankofa.nexus | +| the-order.sankofa.nexus | https://the-order.sankofa.nexus | +| studio.sankofa.nexus | https://studio.sankofa.nexus | +| cacti-alltra.d-bis.org | https://cacti-alltra.d-bis.org | +| cacti-hybx.d-bis.org | https://cacti-hybx.d-bis.org | +| mifos.d-bis.org | https://mifos.d-bis.org | +| dapp.d-bis.org | https://dapp.d-bis.org | +| gitea.d-bis.org | https://gitea.d-bis.org | +| dev.d-bis.org | https://dev.d-bis.org | +| codespaces.d-bis.org | https://codespaces.d-bis.org | + +### API + +| Domain | URL | +|--------|-----| +| dbis-api.d-bis.org | https://dbis-api.d-bis.org | +| dbis-api-2.d-bis.org | https://dbis-api-2.d-bis.org | + +### RPC HTTP (public) + +| Domain | URL | +|--------|-----| +| rpc-http-pub.d-bis.org | https://rpc-http-pub.d-bis.org | +| rpc.d-bis.org | https://rpc.d-bis.org | +| rpc2.d-bis.org | https://rpc2.d-bis.org | +| rpc.public-0138.defi-oracle.io | https://rpc.public-0138.defi-oracle.io | +| rpc.defi-oracle.io | https://rpc.defi-oracle.io | +| rpc-alltra.d-bis.org | https://rpc-alltra.d-bis.org | +| rpc-alltra-2.d-bis.org | https://rpc-alltra-2.d-bis.org | +| rpc-alltra-3.d-bis.org | https://rpc-alltra-3.d-bis.org | +| rpc-hybx.d-bis.org | https://rpc-hybx.d-bis.org | +| rpc-hybx-2.d-bis.org | https://rpc-hybx-2.d-bis.org | +| rpc-hybx-3.d-bis.org | https://rpc-hybx-3.d-bis.org | + +### RPC WebSocket (public) + +| Domain | URL | +|--------|-----| +| rpc-ws-pub.d-bis.org | wss://rpc-ws-pub.d-bis.org | +| ws.rpc.d-bis.org | wss://ws.rpc.d-bis.org | +| ws.rpc2.d-bis.org | wss://ws.rpc2.d-bis.org | +| wss.defi-oracle.io | wss://wss.defi-oracle.io | + +### RPC HTTP (private/admin profile) + +| Domain | URL | +|--------|-----| +| rpc-http-prv.d-bis.org | https://rpc-http-prv.d-bis.org | +| rpc-fireblocks.d-bis.org | https://rpc-fireblocks.d-bis.org | + +### RPC WebSocket (private/admin profile) + +| Domain | URL | +|--------|-----| +| rpc-ws-prv.d-bis.org | wss://rpc-ws-prv.d-bis.org | +| ws.rpc-fireblocks.d-bis.org | wss://ws.rpc-fireblocks.d-bis.org | + +## Report content + +After each run, the verification report includes: + +1. **All endpoints** — table of every domain, type, and URL. +2. **Summary** — counts (DNS pass, HTTPS pass, failed, skipped) and average response time. +3. **Results overview** — table of each domain with DNS | SSL | HTTPS | RPC status. +4. **Test Results by Domain** — per-domain detail (DNS, SSL, HTTPS, Blockscout API, RPC). + +Output directory: `docs/04-configuration/verification-evidence/e2e-verification-/` +Files: `verification_report.md`, `all_e2e_results.json`, `*_https_headers.txt`, `*_rpc_response.txt`. diff --git a/docs/04-configuration/README.md b/docs/04-configuration/README.md index bce8567..0e5d3ce 100644 --- a/docs/04-configuration/README.md +++ b/docs/04-configuration/README.md @@ -24,6 +24,8 @@ This directory contains setup and configuration guides. - **[NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md](NPMPLUS_PROXY_HOSTS_SNAPSHOT_2026-03.md)** - Snapshot of NPMplus proxy destinations (IP:port) and VMID mapping (March 2026) - **[NPMPLUS_CUSTOM_NGINX_CONFIG.md](NPMPLUS_CUSTOM_NGINX_CONFIG.md)** - NPMplus custom config: proxy variables, security headers (CSP with unsafe-eval for ethers.js), and caveat (do not add `location '/'`) - **[NPMPLUS_UI_APIERROR_400_RUNBOOK.md](NPMPLUS_UI_APIERROR_400_RUNBOOK.md)** - NPMplus UI ApiError 400 on dashboard load: find failing request, test API with curl, logs, fixes +- **[E2E_DNS_FROM_LAN_RUNBOOK.md](E2E_DNS_FROM_LAN_RUNBOOK.md)** - Run E2E domain sweep from LAN when public DNS is unavailable: /etc/hosts option, DNS path, or bastion +- **[E2E_ENDPOINTS_LIST.md](E2E_ENDPOINTS_LIST.md)** - All E2E verification endpoints (domain, type, URL); list from CLI: `./scripts/verify/verify-end-to-end-routing.sh --list-endpoints --profile=public` - **[PROXMOX_LOAD_BALANCING_RUNBOOK.md](PROXMOX_LOAD_BALANCING_RUNBOOK.md)** - Balance Proxmox load: migrate containers from r630-01 to r630-02/ml110; candidates, script, cluster vs backup/restore - **[PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md](PROXMOX_ADD_THIRD_FOURTH_R630_DECISION.md)** - Add 3rd/4th R630 before migration? r630-03/04 status, HA/Ceph (3–4 nodes), order of operations - **[ER605_ROUTER_CONFIGURATION.md](ER605_ROUTER_CONFIGURATION.md)** ⭐⭐ - ER605 router configuration @@ -122,4 +124,3 @@ This directory contains setup and configuration guides. - **[../01-getting-started/](../01-getting-started/)** - Getting started - **[../02-architecture/](../02-architecture/)** - Architecture reference - **[../05-network/](../05-network/)** - Network infrastructure - diff --git a/docs/05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md b/docs/05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md index 0f1020e..7b0c0c4 100644 --- a/docs/05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md +++ b/docs/05-network/CHECK_ALL_UPDATES_AND_CLOUDFLARE_TUNNELS.md @@ -69,7 +69,7 @@ The dev/Codespaces FQDN (gitea.d-bis.org, dev.d-bis.org, codespaces.d-bis.org) i | Check | Command | |-------|--------| -| **E2E (all domains incl. Gitea)** | `bash scripts/verify/verify-end-to-end-routing.sh` | +| **E2E (all domains incl. Gitea)** | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` | | **RPC tunnel ingress (from host with VMID 102)** | `bash scripts/verify/verify-cloudflare-tunnel-ingress.sh [--host 192.168.11.11]` | | **Dev/Codespaces tunnel + DNS** | `bash scripts/cloudflare/configure-dev-codespaces-tunnel-and-dns.sh` (updates ingress + CNAMEs) | | **NPMplus Fourth proxy (gitea → .59:3000)** | `NPM_PASSWORD=xxx bash scripts/nginx-proxy-manager/update-npmplus-fourth-proxy-hosts.sh` | diff --git a/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md b/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md index 86d4e07..9f3203b 100644 --- a/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md +++ b/docs/05-network/E2E_CLOUDFLARE_DOMAINS_RUNBOOK.md @@ -80,7 +80,7 @@ From the project root: ```bash cd /home/intlc/projects/proxmox -bash scripts/verify/verify-end-to-end-routing.sh +bash scripts/verify/verify-end-to-end-routing.sh --profile=public ``` Optional environment variables: @@ -95,7 +95,7 @@ Optional environment variables: Example when using Fastly (DNS points to Fastly, not 76.53.10.36): ```bash -ACCEPT_ANY_DNS=1 bash scripts/verify/verify-end-to-end-routing.sh +ACCEPT_ANY_DNS=1 bash scripts/verify/verify-end-to-end-routing.sh --profile=public ``` Outputs: @@ -141,7 +141,7 @@ If any domain fails: ## Blockscout and explorer.d-bis.org (E2E completion) -- **Public E2E**: `verify-end-to-end-routing.sh` tests explorer.d-bis.org as **web** (DNS, SSL, HTTPS). It also runs an **optional** Blockscout API check (GET `https://explorer.d-bis.org/api/v2/stats`). If the API is unreachable (e.g. run from off-LAN), the result is recorded as `skip` and does not fail the run. Use `SKIP_BLOCKSCOUT_API=1` to skip this check entirely. +- **Public E2E**: `verify-end-to-end-routing.sh --profile=public` tests explorer.d-bis.org as **web** (DNS, SSL, HTTPS). It also runs an **optional** Blockscout API check (GET `https://explorer.d-bis.org/api/v2/stats`). If the API is unreachable (e.g. run from off-LAN), the result is recorded as `skip` and does not fail the run. Use `SKIP_BLOCKSCOUT_API=1` to skip this check entirely. - **Fix Blockscout** (502, DB, migrations): Run on Proxmox host or from LAN per [BLOCKSCOUT_FIX_RUNBOOK.md](../03-deployment/BLOCKSCOUT_FIX_RUNBOOK.md). Key script: `scripts/fix-blockscout-ssl-and-migrations.sh`. - **Full explorer E2E on LAN**: For comprehensive explorer tests (frontend, API, services on VMID 5000), run from a host that can reach 192.168.11.140: `explorer-monorepo/scripts/e2e-test-explorer.sh`. Report: [explorer-monorepo/E2E_TEST_REPORT.md](../../../explorer-monorepo/E2E_TEST_REPORT.md). - **Daily checks**: Explorer indexer is checked by `scripts/maintenance/daily-weekly-checks.sh daily` using Blockscout `/api/v2/stats` (and fallback to `?module=stats&action=eth_price`). diff --git a/docs/05-network/E2E_RPC_EDGE_LIMITATION.md b/docs/05-network/E2E_RPC_EDGE_LIMITATION.md index 9bf4ec4..9f196be 100644 --- a/docs/05-network/E2E_RPC_EDGE_LIMITATION.md +++ b/docs/05-network/E2E_RPC_EDGE_LIMITATION.md @@ -74,7 +74,7 @@ Follow the **Option B runbook** for step-by-step instructions and the DNS script - Follow [CLOUDFLARE_TUNNEL_502_FIX_RUNBOOK.md](../04-configuration/cloudflare/CLOUDFLARE_TUNNEL_502_FIX_RUNBOOK.md): point all Public Hostnames (including the 6 RPC) to `http://192.168.11.167:80`, verify from VMID 102, restart cloudflared. 2. **Point RPC hostnames to the tunnel** in Cloudflare DNS: - Run: `./scripts/set-rpc-dns-to-tunnel.sh` (uses `CLOUDFLARE_TUNNEL_ID` and zone IDs from `.env`), or set CNAME manually per the runbook. -3. **Re-run E2E:** After DNS propagates, run `bash scripts/verify/troubleshoot-rpc-failures.sh` and `./scripts/verify/verify-end-to-end-routing.sh`; POST will succeed and the 6 RPC checks can pass. +3. **Re-run E2E:** After DNS propagates, run `bash scripts/verify/troubleshoot-rpc-failures.sh` and `./scripts/verify/verify-end-to-end-routing.sh --profile=public`; POST will succeed and the 6 RPC checks can pass. --- @@ -83,7 +83,7 @@ Follow the **Option B runbook** for step-by-step instructions and the DNS script When the only failures are the 6 RPC (edge blocking POST), you can still treat E2E as successful for DNS and HTTPS: ```bash -E2E_SUCCESS_IF_ONLY_RPC_BLOCKED=1 ./scripts/verify/verify-end-to-end-routing.sh +E2E_SUCCESS_IF_ONLY_RPC_BLOCKED=1 ./scripts/verify/verify-end-to-end-routing.sh --profile=public ``` - Exit code is **0** when DNS and HTTPS all pass and all failures are RPC. diff --git a/docs/05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md b/docs/05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md index 43f23b9..29d3295 100644 --- a/docs/05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md +++ b/docs/05-network/OPTION_B_RPC_VIA_TUNNEL_RUNBOOK.md @@ -117,7 +117,7 @@ bash scripts/verify/troubleshoot-rpc-failures.sh # Full E2E (no need for E2E_SUCCESS_IF_ONLY_RPC_BLOCKED when RPC passes) # Use ACCEPT_ANY_DNS=1 so the 6 RPC hostnames (resolving to Cloudflare) count as DNS pass -ACCEPT_ANY_DNS=1 ./scripts/verify/verify-end-to-end-routing.sh +ACCEPT_ANY_DNS=1 ./scripts/verify/verify-end-to-end-routing.sh --profile=public ``` --- @@ -150,4 +150,4 @@ To send RPC traffic back through the UDM Pro (and accept 405 again): | 1 | Tunnel Public Hostnames: all 6 RPC hostnames → https://192.168.11.167:443 (No TLS Verify) | | 2 | (Optional) Verify origin from VMID 102 | | 3 | DNS: 6 RPC hostnames → CNAME to <tunnel-id>.cfargotunnel.com (Proxied) | -| 4 | Re-run troubleshoot-rpc-failures.sh and verify-end-to-end-routing.sh | +| 4 | Re-run troubleshoot-rpc-failures.sh and verify-end-to-end-routing.sh --profile=public | diff --git a/docs/05-network/README.md b/docs/05-network/README.md index 35845c8..3a1f887 100644 --- a/docs/05-network/README.md +++ b/docs/05-network/README.md @@ -26,7 +26,7 @@ This directory contains network infrastructure documentation. ## Quick Reference -**Edge:** UDM Pro (76.53.10.34); origin 76.53.10.36 → NPMplus 192.168.11.167. **Option B:** 6 RPC hostnames via Cloudflare Tunnel. E2E: `ACCEPT_ANY_DNS=1 bash scripts/verify/verify-end-to-end-routing.sh` when using Option B. +**Edge:** UDM Pro (76.53.10.34); origin 76.53.10.36 → NPMplus 192.168.11.167. **Option B:** 6 RPC hostnames via Cloudflare Tunnel. E2E: `ACCEPT_ANY_DNS=1 bash scripts/verify/verify-end-to-end-routing.sh --profile=public` when using Option B. ## Related Documentation @@ -34,4 +34,3 @@ This directory contains network infrastructure documentation. - **[../02-architecture/NETWORK_ARCHITECTURE.md](../02-architecture/NETWORK_ARCHITECTURE.md)** - Complete network architecture - **[../04-configuration/RPC_ENDPOINTS_MASTER.md](../04-configuration/RPC_ENDPOINTS_MASTER.md)** - RPC proxy and DNS - **[../04-configuration/cloudflare/TUNNEL_SFVALLEY01_INSTALL.md](../04-configuration/cloudflare/TUNNEL_SFVALLEY01_INSTALL.md)** - Option B tunnel connector install - diff --git a/docs/12-quick-reference/QUICK_REFERENCE.md b/docs/12-quick-reference/QUICK_REFERENCE.md index 340fe61..77932f9 100644 --- a/docs/12-quick-reference/QUICK_REFERENCE.md +++ b/docs/12-quick-reference/QUICK_REFERENCE.md @@ -15,7 +15,7 @@ | Wave 2/3 operator checklist | [WAVE2_WAVE3_OPERATOR_CHECKLIST.md](../00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md) | | Run log | [FULL_PARALLEL_RUN_LOG.md](../archive/00-meta-pruned/FULL_PARALLEL_RUN_LOG.md) (archived) | | Full verification | `bash scripts/verify/run-full-verification.sh` | -| E2E routing only | `bash scripts/verify/verify-end-to-end-routing.sh` | +| E2E routing only | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` | --- @@ -203,4 +203,3 @@ bash ProxmoxVE/ct/AppName.sh -u - [ ] Test on Proxmox VE 8.4+ or 9.0+ - [ ] Implement update function (if applicable) - [ ] Update documentation (if needed) - diff --git a/docs/12-quick-reference/QUICK_REFERENCE_CARDS.md b/docs/12-quick-reference/QUICK_REFERENCE_CARDS.md index 79e19dd..5d9c836 100644 --- a/docs/12-quick-reference/QUICK_REFERENCE_CARDS.md +++ b/docs/12-quick-reference/QUICK_REFERENCE_CARDS.md @@ -142,8 +142,8 @@ Expected: Table with columns VMID, status, name, type (e.g. `running`, `ubuntu-2 | Task | Command / Location | |------|--------------------| | Full verification (deps + E2E) | `bash scripts/verify/run-full-verification.sh` | -| E2E routing only | `bash scripts/verify/verify-end-to-end-routing.sh` | -| E2E with Option B (RPC via tunnel) | `ACCEPT_ANY_DNS=1 bash scripts/verify/verify-end-to-end-routing.sh` | +| E2E routing only | `bash scripts/verify/verify-end-to-end-routing.sh --profile=public` | +| E2E with Option B (RPC via tunnel) | `ACCEPT_ANY_DNS=1 bash scripts/verify/verify-end-to-end-routing.sh --profile=public` | | Dependencies check | `bash scripts/verify/check-dependencies.sh` | | NPMplus RPC fix (from LAN) | `bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh` | | NPMplus backup | `bash scripts/verify/backup-npmplus.sh` | diff --git a/scripts/deployment/run-all-next-steps-chain138.sh b/scripts/deployment/run-all-next-steps-chain138.sh index d81074e..354e316 100755 --- a/scripts/deployment/run-all-next-steps-chain138.sh +++ b/scripts/deployment/run-all-next-steps-chain138.sh @@ -1,9 +1,13 @@ #!/usr/bin/env bash -# Run all deployment next steps for Chain 138 in order: preflight → mirror+pool (or pool-only) → register c* as GRU → verify. +# Run all deployment next steps for Chain 138 in order: +# preflight → (optional mirror+seed pool) → PMM mesh (default) → register c* as GRU → verify. # -# Usage: ./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-register-gru] [--skip-verify] +# Usage: ./scripts/deployment/run-all-next-steps-chain138.sh [--dry-run] [--skip-mirror] [--skip-mesh] [--legacy-pools-only] [--mesh-only] [--skip-register-gru] [--skip-verify] # --dry-run Print steps only; do not run deploy/scripts. -# --skip-mirror Do not deploy TransactionMirror (pool-only; requires TRANSACTION_MIRROR_ADDRESS in smom-dbis-138/.env). +# --skip-mirror Do not deploy TransactionMirror + seed pool step. +# --skip-mesh Do not run full PMM mesh creation script. +# --legacy-pools-only Equivalent to --skip-mesh (keeps legacy mirror+seed behavior only). +# --mesh-only Skip mirror+seed step and run mesh creation only. # --skip-register-gru Skip RegisterGRUCompliantTokens (e.g. if already registered). # --skip-verify Skip final on-chain verification. # @@ -17,17 +21,22 @@ SMOM="$PROJECT_ROOT/smom-dbis-138" DRY_RUN="" SKIP_MIRROR="" +SKIP_MESH="" +MESH_ONLY="" SKIP_REGISTER_GRU="" SKIP_VERIFY="" for a in "$@"; do [[ "$a" == "--dry-run" ]] && DRY_RUN=1 [[ "$a" == "--skip-mirror" ]] && SKIP_MIRROR=1 + [[ "$a" == "--skip-mesh" ]] && SKIP_MESH=1 + [[ "$a" == "--legacy-pools-only" ]] && SKIP_MESH=1 + [[ "$a" == "--mesh-only" ]] && MESH_ONLY=1 && SKIP_MIRROR=1 [[ "$a" == "--skip-register-gru" ]] && SKIP_REGISTER_GRU=1 [[ "$a" == "--skip-verify" ]] && SKIP_VERIFY=1 done echo "=== Chain 138 — run all next steps ===" -echo " dry-run: $DRY_RUN skip-mirror: $SKIP_MIRROR skip-register-gru: $SKIP_REGISTER_GRU skip-verify: $SKIP_VERIFY" +echo " dry-run: $DRY_RUN skip-mirror: $SKIP_MIRROR skip-mesh: $SKIP_MESH mesh-only: $MESH_ONLY skip-register-gru: $SKIP_REGISTER_GRU skip-verify: $SKIP_VERIFY" echo "" # 1) Preflight @@ -39,26 +48,37 @@ else fi echo "" -# 2) TransactionMirror + PMM pool (or pool-only) -echo "--- Step 2: TransactionMirror + PMM pool ---" -if [[ -n "$DRY_RUN" ]]; then - if [[ -n "$SKIP_MIRROR" ]]; then - echo "[DRY-RUN] $PROJECT_ROOT/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh --skip-mirror" - else +# 2) TransactionMirror + seed pool (legacy step; optional) +if [[ -z "$SKIP_MIRROR" ]]; then + echo "--- Step 2: TransactionMirror + seed pool ---" + if [[ -n "$DRY_RUN" ]]; then echo "[DRY-RUN] $PROJECT_ROOT/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh" - fi -else - if [[ -n "$SKIP_MIRROR" ]]; then - "$PROJECT_ROOT/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh" --skip-mirror || { echo "Deploy (pool-only) failed." >&2; exit 1; } else "$PROJECT_ROOT/scripts/deployment/deploy-transaction-mirror-and-pmm-pool-after-txpool-clear.sh" || { echo "Deploy failed." >&2; exit 1; } fi + echo "" +else + echo "--- Step 2: TransactionMirror + seed pool (skipped) ---" + echo "" fi -echo "" -# 3) Register c* as GRU (optional) +# 3) PMM full mesh (default on Chain 138) +if [[ -z "$SKIP_MESH" ]]; then + echo "--- Step 3: PMM full mesh (Chain 138) ---" + if [[ -n "$DRY_RUN" ]]; then + echo "[DRY-RUN] $PROJECT_ROOT/scripts/create-pmm-full-mesh-chain138.sh" + else + "$PROJECT_ROOT/scripts/create-pmm-full-mesh-chain138.sh" || { echo "PMM full mesh failed." >&2; exit 1; } + fi + echo "" +else + echo "--- Step 3: PMM full mesh (skipped; legacy-only mode) ---" + echo "" +fi + +# 4) Register c* as GRU (optional) if [[ -z "$SKIP_REGISTER_GRU" ]]; then - echo "--- Step 3: Register c* as GRU (UniversalAssetRegistry) ---" + echo "--- Step 4: Register c* as GRU (UniversalAssetRegistry) ---" if [[ -n "$DRY_RUN" ]]; then echo "[DRY-RUN] cd $SMOM && forge script script/deploy/RegisterGRUCompliantTokens.s.sol --rpc-url \$RPC_URL_138 --broadcast --private-key \$PRIVATE_KEY --with-gas-price 1000000000" else @@ -78,13 +98,13 @@ if [[ -z "$SKIP_REGISTER_GRU" ]]; then fi echo "" else - echo "--- Step 3: Register c* as GRU (skipped) ---" + echo "--- Step 4: Register c* as GRU (skipped) ---" echo "" fi -# 4) Verify +# 5) Verify if [[ -z "$SKIP_VERIFY" ]]; then - echo "--- Step 4: On-chain verification ---" + echo "--- Step 5: On-chain verification ---" if [[ -n "$DRY_RUN" ]]; then echo "[DRY-RUN] $PROJECT_ROOT/scripts/verify/check-contracts-on-chain-138.sh" else @@ -93,7 +113,7 @@ if [[ -z "$SKIP_VERIFY" ]]; then fi echo "" else - echo "--- Step 4: Verify (skipped) ---" + echo "--- Step 5: Verify (skipped) ---" echo "" fi diff --git a/scripts/deployment/run-sankofa-studio-e2e.sh b/scripts/deployment/run-sankofa-studio-e2e.sh index 528c607..2d21430 100755 --- a/scripts/deployment/run-sankofa-studio-e2e.sh +++ b/scripts/deployment/run-sankofa-studio-e2e.sh @@ -53,7 +53,7 @@ echo " If using tunnel: add Public Hostname studio.sankofa.nexus → https://1 echo "" echo "4. Verify:" echo " curl -s http://${IP}:8000/health" -echo " bash scripts/verify/verify-end-to-end-routing.sh" +echo " bash scripts/verify/verify-end-to-end-routing.sh --profile=public" echo " https://studio.sankofa.nexus/studio/" echo "" echo "Full flow: docs/03-deployment/SANKOFA_STUDIO_E2E_FLOW.md" diff --git a/scripts/run-all-next-steps.sh b/scripts/run-all-next-steps.sh index 15713fe..9da1734 100755 --- a/scripts/run-all-next-steps.sh +++ b/scripts/run-all-next-steps.sh @@ -80,12 +80,12 @@ echo "" >> "$REPORT_FILE" # 4. E2E routing (may have RPC/Blockscout skip when off-LAN) log_info "4. End-to-end routing verification" -if E2E_SUCCESS_IF_ONLY_RPC_BLOCKED=1 bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" >> "$REPORT_FILE" 2>&1; then +if E2E_SUCCESS_IF_ONLY_RPC_BLOCKED=1 bash "$SCRIPT_DIR/verify/verify-end-to-end-routing.sh" --profile=public >> "$REPORT_FILE" 2>&1; then log_ok "E2E routing" - echo "| E2E routing | OK | \`verify-end-to-end-routing.sh\` (RPC may skip off-LAN) |" >> "$REPORT_FILE" + echo "| E2E routing | OK | \`verify-end-to-end-routing.sh --profile=public\` (RPC may skip off-LAN) |" >> "$REPORT_FILE" else log_skip "E2E routing (check report in verification-evidence/e2e-verification-*)" - echo "| E2E routing | WARN/FAIL | \`verify-end-to-end-routing.sh\` — see latest e2e-verification-* |" >> "$REPORT_FILE" + echo "| E2E routing | WARN/FAIL | \`verify-end-to-end-routing.sh --profile=public\` — see latest e2e-verification-* |" >> "$REPORT_FILE" fi echo "" >> "$REPORT_FILE" diff --git a/scripts/verify/run-full-connection-and-fastly-tests.sh b/scripts/verify/run-full-connection-and-fastly-tests.sh index e55becc..2d4c55e 100755 --- a/scripts/verify/run-full-connection-and-fastly-tests.sh +++ b/scripts/verify/run-full-connection-and-fastly-tests.sh @@ -91,7 +91,7 @@ echo "" # 5) End-to-end routing (full domain list: DNS, SSL, HTTPS, RPC where applicable) # When only RPC fails (edge blocks POST), treat as success so full run passes info "5. End-to-end routing (all domains)" -if E2E_SUCCESS_IF_ONLY_RPC_BLOCKED=1 bash scripts/verify/verify-end-to-end-routing.sh 2>&1; then +if E2E_SUCCESS_IF_ONLY_RPC_BLOCKED=1 bash scripts/verify/verify-end-to-end-routing.sh --profile=public 2>&1; then ok "E2E routing completed" else warn "E2E routing had failures (see above)" diff --git a/scripts/verify/run-full-verification.sh b/scripts/verify/run-full-verification.sh index 81c472a..a137f7e 100755 --- a/scripts/verify/run-full-verification.sh +++ b/scripts/verify/run-full-verification.sh @@ -102,7 +102,7 @@ log_info "Progress: 5/$TOTAL_STEPS steps" log_info "" log_info "Step 5/$TOTAL_STEPS: End-to-End Routing Verification" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" -if bash "$SCRIPT_DIR/verify-end-to-end-routing.sh"; then +if bash "$SCRIPT_DIR/verify-end-to-end-routing.sh" --profile=public; then log_success "E2E verification complete" else log_warn "E2E verification completed with warnings" diff --git a/scripts/verify/verify-end-to-end-routing.sh b/scripts/verify/verify-end-to-end-routing.sh index 8cc7b05..84e06f2 100755 --- a/scripts/verify/verify-end-to-end-routing.sh +++ b/scripts/verify/verify-end-to-end-routing.sh @@ -32,6 +32,12 @@ PUBLIC_IP="${PUBLIC_IP:-76.53.10.36}" PUBLIC_IP_FOURTH="${PUBLIC_IP_FOURTH:-76.53.10.40}" # Set ACCEPT_ANY_DNS=1 to pass DNS if domain resolves to any IP (e.g. Fastly CNAME or Cloudflare Tunnel) ACCEPT_ANY_DNS="${ACCEPT_ANY_DNS:-0}" +# Use system resolver (e.g. /etc/hosts) instead of dig @8.8.8.8 — set when running from LAN with generate-e2e-hosts.sh entries +E2E_USE_SYSTEM_RESOLVER="${E2E_USE_SYSTEM_RESOLVER:-0}" +if [ "$E2E_USE_SYSTEM_RESOLVER" = "1" ]; then + ACCEPT_ANY_DNS=1 + log_info "E2E_USE_SYSTEM_RESOLVER=1: using getent (respects /etc/hosts); ACCEPT_ANY_DNS=1" +fi # When using Option B (RPC via Cloudflare Tunnel), RPC hostnames resolve to Cloudflare IPs; auto-enable if tunnel ID set if [ "$ACCEPT_ANY_DNS" = "0" ] && [ -n "${CLOUDFLARE_TUNNEL_ID:-}" ]; then ACCEPT_ANY_DNS=1 @@ -46,8 +52,8 @@ if [ "$ACCEPT_ANY_DNS" = "0" ] && [ -f "$PROJECT_ROOT/.env" ]; then fi fi -# Expected domains and their types (all Cloudflare/DNS-facing public endpoints) -declare -A DOMAIN_TYPES=( +# Expected domains and their types (full combined inventory) +declare -A DOMAIN_TYPES_ALL=( ["explorer.d-bis.org"]="web" ["rpc-http-pub.d-bis.org"]="rpc-http" ["rpc-ws-pub.d-bis.org"]="rpc-ws" @@ -94,10 +100,77 @@ declare -A DOMAIN_TYPES=( ["dev.d-bis.org"]="web" ["codespaces.d-bis.org"]="web" ) +# Private/admin profile domains (private RPC + Fireblocks RPC only). +declare -a PRIVATE_PROFILE_DOMAINS=( + "rpc-http-prv.d-bis.org" + "rpc-ws-prv.d-bis.org" + "rpc-fireblocks.d-bis.org" + "ws.rpc-fireblocks.d-bis.org" +) + +PRIVATE_PROFILE_SET=" ${PRIVATE_PROFILE_DOMAINS[*]} " +PROFILE="${E2E_PROFILE:-public}" +LIST_ENDPOINTS=0 + +for arg in "$@"; do + case "$arg" in + --list-endpoints) LIST_ENDPOINTS=1 ;; + --profile=*) PROFILE="${arg#*=}" ;; + --profile-public) PROFILE="public" ;; + --profile-private) PROFILE="private" ;; + --profile-all) PROFILE="all" ;; + *) + if [[ "$arg" != "--list-endpoints" ]]; then + echo "Unknown argument: $arg" >&2 + echo "Usage: $0 [--list-endpoints] [--profile=public|private|all]" >&2 + exit 2 + fi + ;; + esac +done + +declare -A DOMAIN_TYPES=() +for domain in "${!DOMAIN_TYPES_ALL[@]}"; do + is_private=0 + [[ "$PRIVATE_PROFILE_SET" == *" $domain "* ]] && is_private=1 + case "$PROFILE" in + public) + [[ "$is_private" -eq 0 ]] && DOMAIN_TYPES["$domain"]="${DOMAIN_TYPES_ALL[$domain]}" + ;; + private) + [[ "$is_private" -eq 1 ]] && DOMAIN_TYPES["$domain"]="${DOMAIN_TYPES_ALL[$domain]}" + ;; + all) + DOMAIN_TYPES["$domain"]="${DOMAIN_TYPES_ALL[$domain]}" + ;; + *) + echo "Invalid profile: $PROFILE (expected public|private|all)" >&2 + exit 2 + ;; + esac +done + # Domains that are optional (not yet configured); no DNS = skip instead of fail. Space-separated. -E2E_OPTIONAL_DOMAINS="${E2E_OPTIONAL_DOMAINS:-dapp.d-bis.org}" -# Domains that are optional when any test fails (off-LAN, 502, unreachable); fail → skip so run passes. Set to empty for strict. -E2E_OPTIONAL_WHEN_FAIL="${E2E_OPTIONAL_WHEN_FAIL:-dapp.d-bis.org mifos.d-bis.org explorer.d-bis.org dbis-admin.d-bis.org dbis-api.d-bis.org dbis-api-2.d-bis.org secure.d-bis.org sankofa.nexus www.sankofa.nexus phoenix.sankofa.nexus www.phoenix.sankofa.nexus the-order.sankofa.nexus studio.sankofa.nexus mim4u.org www.mim4u.org secure.mim4u.org training.mim4u.org rpc-http-pub.d-bis.org rpc.d-bis.org rpc2.d-bis.org rpc-http-prv.d-bis.org rpc-fireblocks.d-bis.org ws.rpc-fireblocks.d-bis.org rpc.public-0138.defi-oracle.io rpc.defi-oracle.io ws.rpc.d-bis.org rpc-ws-prv.d-bis.org ws.rpc2.d-bis.org}" +if [[ -z "${E2E_OPTIONAL_DOMAINS:-}" ]]; then + if [[ "$PROFILE" == "private" ]]; then + E2E_OPTIONAL_DOMAINS="" + else + E2E_OPTIONAL_DOMAINS="dapp.d-bis.org" + fi +else + E2E_OPTIONAL_DOMAINS="${E2E_OPTIONAL_DOMAINS}" +fi + +# Domains that are optional when any test fails (off-LAN, 502, unreachable); fail → skip so run passes. +if [[ -z "${E2E_OPTIONAL_WHEN_FAIL:-}" ]]; then + if [[ "$PROFILE" == "private" ]]; then + E2E_OPTIONAL_WHEN_FAIL="rpc-http-prv.d-bis.org rpc-ws-prv.d-bis.org rpc-fireblocks.d-bis.org ws.rpc-fireblocks.d-bis.org" + else + E2E_OPTIONAL_WHEN_FAIL="dapp.d-bis.org mifos.d-bis.org explorer.d-bis.org dbis-admin.d-bis.org dbis-api.d-bis.org dbis-api-2.d-bis.org secure.d-bis.org sankofa.nexus www.sankofa.nexus phoenix.sankofa.nexus www.phoenix.sankofa.nexus the-order.sankofa.nexus studio.sankofa.nexus mim4u.org www.mim4u.org secure.mim4u.org training.mim4u.org rpc-http-pub.d-bis.org rpc.d-bis.org rpc2.d-bis.org rpc.public-0138.defi-oracle.io rpc.defi-oracle.io ws.rpc.d-bis.org ws.rpc2.d-bis.org" + fi +else + E2E_OPTIONAL_WHEN_FAIL="${E2E_OPTIONAL_WHEN_FAIL}" +fi # Per-domain expected DNS IP (optional). Unset = use PUBLIC_IP. declare -A EXPECTED_IP=( @@ -106,11 +179,34 @@ declare -A EXPECTED_IP=( ["codespaces.d-bis.org"]="$PUBLIC_IP_FOURTH" ) +# --list-endpoints: print selected profile endpoints and exit (no tests) +if [[ "$LIST_ENDPOINTS" == "1" ]]; then + echo "" + echo "E2E endpoints (${#DOMAIN_TYPES[@]} total, profile: $PROFILE) — verify-end-to-end-routing.sh" + echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + echo "" + printf "%-40s %-12s %s\n" "Domain" "Type" "URL" + printf "%-40s %-12s %s\n" "------" "----" "---" + for domain in $(echo "${!DOMAIN_TYPES[@]}" | tr ' ' '\n' | sort); do + dtype="${DOMAIN_TYPES[$domain]:-unknown}" + if [[ "$dtype" == "rpc-http" || "$dtype" == "rpc-ws" ]]; then + url="https://$domain (RPC)" + else + url="https://$domain" + fi + printf "%-40s %-12s %s\n" "$domain" "$dtype" "$url" + done + echo "" + exit 0 +fi + echo "" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "🔍 End-to-End Routing Verification" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "" +echo "Profile: $PROFILE" +echo "" E2E_RESULTS=() @@ -126,7 +222,11 @@ test_domain() { # Test 1: DNS Resolution log_info "Test 1: DNS Resolution" - dns_result=$(dig +short "$domain" @8.8.8.8 2>/dev/null | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' | head -1 || echo "") + if [ "${E2E_USE_SYSTEM_RESOLVER:-0}" = "1" ]; then + dns_result=$(getent hosts "$domain" 2>/dev/null | awk '{print $1}' | head -1 || echo "") + else + dns_result=$(dig +short "$domain" @8.8.8.8 2>/dev/null | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' | head -1 || echo "") + fi expected_ip="${EXPECTED_IP[$domain]:-$PUBLIC_IP}" if [ "$dns_result" = "$expected_ip" ]; then @@ -372,8 +472,21 @@ cat > "$REPORT_FILE" <> "$REPORT_FILE" +done + +cat >> "$REPORT_FILE" < "$REPORT_FILE" </dev/null || echo "") + domain_type=$(echo "$result" | jq -r '.domain_type' 2>/dev/null || echo "") + dns_status=$(echo "$result" | jq -r '.tests.dns.status // "-"' 2>/dev/null || echo "-") + ssl_status=$(echo "$result" | jq -r '.tests.ssl.status // "-"' 2>/dev/null || echo "-") + https_status=$(echo "$result" | jq -r '.tests.https.status // "-"' 2>/dev/null || echo "-") + rpc_status=$(echo "$result" | jq -r '.tests.rpc_http.status // "-"' 2>/dev/null || echo "-") + echo "| $domain | $domain_type | $dns_status | $ssl_status | $https_status | $rpc_status |" >> "$REPORT_FILE" +done + +cat >> "$REPORT_FILE" <