# Deployment Status Master - Complete Overview

**Last Updated:** 2026-02-12  
**Status:** 🚀 **ACTIVE DEPLOYMENT**  
**Progress:** Foundation Complete → Service Migration In Progress

**Authoritative** for container inventory by host (reconciled with SSH). For a legacy consolidated table view, see [DEPLOYMENT_STATUS_CONSOLIDATED.md](DEPLOYMENT_STATUS_CONSOLIDATED.md).

---

## Executive Summary

### ✅ Completed (Foundation Phase)

1. **Network Infrastructure**
   - ✅ **Edge:** UDM Pro (76.53.10.34, replaced ER605). Port forward **76.53.10.36:80/443** → **192.168.11.167:80/443** (NPMplus). NPMplus LXC has 192.168.11.166 and 192.168.11.167; only **192.168.11.167** is used in UDM Pro.
   - ✅ All 19 VLANs configured on UDM Pro
   - ✅ Inter-VLAN routing verified and working
   - ✅ Network Isolation disabled, Zone Matrix configured
   - ✅ Dual network access configured (Default + VLAN 11)

2. **Proxmox Infrastructure**
   - ✅ ml110 operational (192.168.11.10)
   - ✅ r630-01 operational (192.168.11.11)
   - ✅ r630-02 operational (192.168.11.12) - Storage optimized
   - ✅ r630-03, r630-04 available for deployment

3. **Storage**
   - ✅ r630-02 storage issues resolved
   - ✅ Container 7811 disk expanded
   - ✅ Duplicate volumes removed (~300GB recovered)
   - ✅ Storage pools optimized

### ⏳ In Progress (Migration Phase)

1. **VLAN Migration**
   - ⏳ Besu validators (1000-1004) → VLAN 110
   - ⏳ Besu sentries (1500-1503) → VLAN 111
   - ⏳ Besu RPC (2500-2502) → VLAN 112
   - ⏳ Blockscout (5000) → VLAN 120
   - ⏳ FireFly (6200) → VLAN 141
   - ⏳ MIM API (7811) → VLAN 160

2. **Service Deployment**
   - ⏳ CCIP fleet (41 nodes)
   - ⏳ DBIS services
   - ⏳ Monitoring stack
   - ⏳ Additional Hyperledger services

### 📋 Pending (Deployment Phase)

1. **Security & Access**
   - ⏳ Firewall rules configuration
   - ⏳ Cloudflare Zero Trust setup
   - ⏳ NAT pool configuration

2. **Documentation**
   - ⏳ Final IP assignments
   - ⏳ Service connectivity matrix
   - ⏳ Operational runbooks

---

## Current Container Inventory

### ml110 (192.168.11.10)

**Running Containers:**
- Besu Validators: 1000-1004 (5)
- Besu Sentries: 1500-1503, **1504** (besu-sentry-ali) (5)
- Besu RPC: 2500-2502, **2303-2308** (Ali/Luis/Putu RPC — not 2503-2508)
- Thirdweb RPC: 2400-2402 (3)

**Note:** 2503, 2504, 2505 are on **r630-01** (besu-rpc-hybx-1/2/3). **2506, 2507, 2508 were destroyed 2026-02-08** — see [MISSING_CONTAINERS_LIST.md](MISSING_CONTAINERS_LIST.md). Besu RPC range: 2500–2505 only.

**Status:** All on VLAN 11 (mgmt) - **Ready for VLAN migration**

### r630-01 (192.168.11.11)

**Running Containers:**
- Infrastructure: 100-108 (proxmox-mail-gateway, datacenter-manager, cloudflared, omada, gitea, nginxproxymanager, redis-rpc-translator, web3signer-rpc-translator, vault-rpc-translator)
- Monitoring: 130 (monitoring-1)
- **Besu RPC: 2503, 2504, 2505** (besu-rpc-hybx-1/2/3)
- **Hyperledger: 5200 (cacti-1), 6000 (fabric-1), 6400 (indy-1)**

**Host Services (not LXC):**
- **CCIP Relay Service** — `/opt/smom-dbis-138/services/relay` (Node.js); relays Chain 138 → Mainnet; uses VMID 2201 RPC. See [07-ccip/CCIP_RELAY_DEPLOYMENT.md](../07-ccip/CCIP_RELAY_DEPLOYMENT.md).
- **Chain 138 smart contracts** — 36-address on-chain check: `./scripts/verify/check-contracts-on-chain-138.sh`; AddressMapper, MirrorManager deployed 2026-02-12. Deploy with `--with-gas-price 1000000000`. See [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [CONTRACT_DEPLOYMENT_RUNBOOK](CONTRACT_DEPLOYMENT_RUNBOOK.md).

**Stopped Containers (30+):**
- DBIS services: 10100-10151
- Order services: 10000-10092
- CCIP services: 3500-3501

**Status:** Infrastructure and Hyperledger running; many application services stopped - **Ready for deployment**

### r630-02 (192.168.11.12)

**Running Containers (4):**
- Blockscout: 5000
- FireFly: 6200
- FireFly Ali: 6201 (stopped)
- MIM API: 7811

**Status:** Services running on VLAN 11 - **Ready for VLAN migration**

---

## VLAN Migration Plan

### Priority 1: Besu Network (High Priority)

| Service | Current | Target VLAN | Target Subnet | Containers |
|---------|---------|-------------|---------------|------------|
| Validators | VLAN 11 | VLAN 110 | 10.110.0.0/24 | 1000-1004 |
| Sentries | VLAN 11 | VLAN 111 | 10.111.0.0/24 | 1500-1503 |
| RPC | VLAN 11 | VLAN 112 | 10.112.0.0/24 | 2500-2502 |

### Priority 2: Service VLANs

| Service | Current | Target VLAN | Target Subnet | Containers |
|---------|---------|-------------|---------------|------------|
| Blockscout | VLAN 11 | VLAN 120 | 10.120.0.0/24 | 5000 |
| FireFly | VLAN 11 | VLAN 141 | 10.141.0.0/24 | 6200 |
| MIM API | VLAN 11 | VLAN 160 | 10.160.0.0/22 | 7811 |

### Priority 3: New Deployments

| Service | Target VLAN | Target Subnet | VMIDs |
|---------|------------|---------------|-------|
| CCIP Ops | VLAN 130 | 10.130.0.0/24 | 5400-5401 |
| CCIP Commit | VLAN 132 | 10.132.0.0/24 | 5410-5425 |
| CCIP Execute | VLAN 133 | 10.133.0.0/24 | 5440-5455 |
| CCIP RMN | VLAN 134 | 10.134.0.0/24 | 5470-5476 |
| DBIS Services | VLAN 202 | 10.202.0.0/24 | 10100-10151 |

---

## Deployment Tasks by Category

### Network Tasks (Can Run in Parallel)

1. ✅ Verify VLAN configuration
2. ✅ Verify inter-VLAN routing
3. ⏳ Migrate Besu validators to VLAN 110
4. ⏳ Migrate Besu sentries to VLAN 111
5. ⏳ Migrate Besu RPC to VLAN 112
6. ⏳ Migrate Blockscout to VLAN 120
7. ⏳ Migrate FireFly to VLAN 141
8. ⏳ Migrate MIM API to VLAN 160
9. ⏳ Configure firewall rules
10. ⏳ Configure DHCP reservations

### Service Deployment Tasks (Can Run in Parallel)

1. ⏳ Deploy CCIP Ops/Admin (2 nodes)
2. ⏳ Deploy CCIP Commit nodes (16 nodes)
3. ⏳ Deploy CCIP Execute nodes (16 nodes)
4. ⏳ Deploy CCIP RMN nodes (7 nodes)
5. ⏳ Deploy monitoring stack
6. ⏳ Deploy DBIS services
7. ⏳ Deploy Cacti
8. ⏳ Deploy Fabric
9. ⏳ Deploy Indy

### Security & Access Tasks (Can Run in Parallel)

1. ⏳ Configure inter-VLAN firewall rules
2. ⏳ Configure sovereign tenant isolation
3. ⏳ Set up Cloudflare Zero Trust tunnels
4. ⏳ Configure Cloudflare Access policies
5. ⏳ Configure NAT pools (when IP blocks assigned)

### Documentation Tasks

1. ⏳ Update IP assignments
2. ⏳ Create service connectivity matrix
3. ⏳ Update operational runbooks
4. ⏳ Document final configurations

---

## Parallel Execution Strategy

### Phase 1: Network Migration (Parallel Groups)

**Group A (Besu Network - Can run in parallel):**
- Migrate validators (1000-1004) → VLAN 110
- Migrate sentries (1500-1503) → VLAN 111
- Migrate RPC (2500-2502) → VLAN 112

**Group B (Service VLANs - Can run in parallel):**
- Migrate Blockscout (5000) → VLAN 120
- Migrate FireFly (6200) → VLAN 141
- Migrate MIM API (7811) → VLAN 160

### Phase 2: Service Deployment (Parallel Groups)

**Group A (CCIP Fleet - Can run in parallel):**
- Deploy CCIP Ops/Admin (5400-5401)
- Deploy CCIP Commit nodes (5410-5425)
- Deploy CCIP Execute nodes (5440-5455)
- Deploy CCIP RMN nodes (5470-5476)

**Group B (Application Services - Can run in parallel):**
- Deploy DBIS services (10100-10151)
- Deploy monitoring stack
- Deploy Hyperledger services (Cacti, Fabric, Indy)

### Phase 3: Security & Access (Parallel)

- Configure firewall rules
- Set up Cloudflare Zero Trust
- Configure NAT pools

---

## Resource Allocation

### Proxmox Hosts

| Host | Current Load | Available Capacity | Recommended Use |
|------|--------------|-------------------|------------------|
| ml110 | 20 containers | Moderate | Besu network, management |
| r630-01 | 10 containers | High | CCIP fleet, services |
| r630-02 | 4 containers | High | Application services |
| r630-03 | 0 containers | Full | New deployments |
| r630-04 | 0 containers | Full | New deployments |

### Storage

| Host | Storage Status | Available |
|------|----------------|-----------|
| ml110 | Operational | Adequate |
| r630-01 | Operational | High |
| r630-02 | Optimized | High (300GB recovered) |
| r630-03 | Available | Full |
| r630-04 | Available | Full |

---

## Next Steps (Immediate)

1. **Start VLAN Migration** (Priority 1)
   - Begin with Besu validators (1000-1004)
   - Test connectivity after each group
   - Proceed to next group

2. **Deploy CCIP Fleet** (Priority 2)
   - Start with Ops/Admin nodes
   - Deploy Commit, Execute, RMN in parallel
   - Configure and test

3. **Configure Security** (Priority 3)
   - Set up firewall rules
   - Configure Cloudflare Zero Trust
   - Test access policies

---

## Risk Assessment

### Low Risk
- ✅ VLAN migration (tested, reversible)
- ✅ Service deployment (can rollback)
- ✅ Firewall configuration (tested)

### Medium Risk
- ⚠️ CCIP fleet deployment (requires coordination)
- ⚠️ NAT pool configuration (requires public IP blocks)

### High Risk
- ❌ None identified

---

**Last Updated:** 2026-02-05  
**Container inventory:** Reconciled with SSH review; canonical missing VMIDs (2506, 2507, 2508 only): [MISSING_CONTAINERS_LIST.md](MISSING_CONTAINERS_LIST.md).  
**Next Review:** After Phase 1 completion