# Deployment Master Procedure

**Date:** 2026-01-22  
**Status:** 🟢 Active Reference  
**Last Updated:** 2026-02-05  
**Purpose:** Comprehensive deployment procedure master document

---

## Overview

This document consolidates all deployment procedures into a single master reference, providing a complete deployment guide for all services.

---

## Deployment Prerequisites

### System Requirements
- **Proxmox VE:** 3 hosts — 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02)
- **Edge:** UDM Pro (76.53.10.34, replaced ER605). Port forward 76.53.10.36:80/443 → 192.168.11.167:80/443 (NPMplus). NPMplus LXC has 192.168.11.166 and 192.168.11.167; only **192.168.11.167** is used in UDM Pro.
- **Network:** VLAN 11 configured, gateway accessible
- **Storage:** LVM-thin storage pools available
- **Templates:** Ubuntu/Debian container templates

### Access Requirements
- SSH access to all Proxmox hosts
- Root access to containers
- Network access to services

---

## Deployment Phases

### Phase 1: Infrastructure Setup

#### 1.1 Proxmox Host Configuration
```bash
# Verify host connectivity
./scripts/check-vmid-conflicts.sh
./scripts/check-ip-conflicts.sh

# Configure network
# See: docs/04-configuration/NETWORK_CONFIGURATION_MASTER.md
```

#### 1.2 Network Configuration
- Configure VLAN 11
- Set up gateway routing
- Configure DNS
- Set up firewall rules

**Reference:** `docs/11-references/NETWORK_CONFIGURATION_MASTER.md`

---

### Phase 2: Database Services

#### 2.1 PostgreSQL Deployment
```bash
# Order PostgreSQL
./scripts/configure-service-dependencies.sh

# DBIS PostgreSQL
./scripts/run-dbis-database-migrations.sh

# Sankofa PostgreSQL
./scripts/run-migrations-r630-01.sh
```

#### 2.2 Redis Deployment
```bash
# Order Redis
# DBIS Redis
# See: scripts/configure-service-dependencies.sh
```

**VMIDs:**
- Order PostgreSQL: 10000 (primary), 10001 (replica)
- DBIS PostgreSQL: 10100 (primary), 10101 (replica)
- Order Redis: 10020
- DBIS Redis: 10120
- Sankofa PostgreSQL: 7803

---

### Phase 3: Authentication Services

#### 3.1 Keycloak Deployment
```bash
./scripts/setup-keycloak-r630-01.sh
```

**VMID:** 7802  
**Reference:** `docs/04-configuration/KEYCLOAK_SETUP.md`

#### 3.2 Vault Deployment
```bash
./scripts/deploy-phoenix-vault-cluster.sh
```

**VMIDs:** 8640, 8641, 8642  
**Reference:** `docs/04-configuration/PHOENIX_VAULT_CLUSTER_DEPLOYMENT.md`

---

### Phase 4: Application Services

#### 4.1 DBIS Services
```bash
# Deploy DBIS services
./scripts/deploy-api-r630-01.sh

# Run migrations
./scripts/run-dbis-database-migrations.sh
```

**VMIDs:** 10130 (frontend), 10150 (API primary), 10151 (API secondary)

#### 4.2 Order Services
```bash
# Deploy Order services
./scripts/deploy-portal-r630-01.sh
```

**VMIDs:** 10090 (portal), 10030-10092 (various services), 10202 (opensearch), 10210 (haproxy)

#### 4.3 Sankofa Services
```bash
# Deploy Sankofa services
./scripts/deploy-sankofa-r630-01.sh
```

**VMIDs:** 7800 (API), 7801 (Portal), 7802 (Keycloak), 7803 (PostgreSQL)

---

### Phase 5: Blockchain Services

#### 5.1 Besu Validators
```bash
# Deploy validators
# See: smom-dbis-138-proxmox/scripts/

# Update validator configs
./scripts/fix-validator-txpool.sh
```

**VMIDs:** 1000-1004  
**Reference:** `docs/06-besu/VALIDATOR_TXPOOL_CONFIGURATION_FIX.md`

#### 5.2 Besu Sentries
```bash
# Deploy sentries
# See: smom-dbis-138-proxmox/scripts/
```

**VMIDs:** 1500-1504

#### 5.3 RPC Nodes
```bash
# Deploy RPC nodes
./scripts/setup-thirdweb-rpc-nodes.sh
```

**VMIDs:** 2101 (core), 2201 (public), 2301 (private), 2400-2403 (thirdweb)

#### 5.4 Blockscout
```bash
# Deploy Blockscout
./scripts/start-blockscout-service.sh
```

**VMID:** 5000  
**Reference:** `docs/04-configuration/BLOCKSCOUT_ROUTING_CORRECT.md`

---

### Phase 6: Reverse Proxy & Networking

#### 6.1 NPMplus Deployment
```bash
# Deploy NPMplus
# See: docs/04-configuration/NPMPLUS_COMPLETE_SETUP_SUMMARY.md
```

**VMIDs:** 10233 (primary), 10234 (secondary)

#### 6.2 Cloudflare Tunnel
```bash
./scripts/install-shared-tunnel-token.sh
./scripts/update-cloudflare-tunnel-to-nginx.sh
```

**VMID:** 102

---

## Deployment Checklist

### Pre-Deployment
- [ ] Verify Proxmox host connectivity
- [ ] Check VMID conflicts
- [ ] Check IP conflicts
- [ ] Verify network configuration
- [ ] Verify storage availability

### Deployment
- [ ] Deploy infrastructure services
- [ ] Deploy database services
- [ ] Deploy authentication services
- [ ] Deploy application services
- [ ] Deploy blockchain services
- [ ] Deploy reverse proxy

### Post-Deployment
- [ ] Verify all services running
- [ ] Test service connectivity
- [ ] Verify database connections
- [ ] Test API endpoints
- [ ] Verify reverse proxy routing
- [ ] Run configuration validation

---

## Deployment Scripts Reference

### Infrastructure
- `scripts/setup-central-nginx-routing.sh` - Central nginx routing
- `scripts/configure-persistent-networks-v3.sh` - Network configuration

### Database
- `scripts/configure-service-dependencies.sh` - Service dependencies
- `scripts/run-dbis-database-migrations.sh` - DBIS migrations
- `scripts/run-migrations-r630-01.sh` - Sankofa migrations

### Application
- `scripts/deploy-api-r630-01.sh` - DBIS API
- `scripts/deploy-portal-r630-01.sh` - Order Portal
- `scripts/deploy-sankofa-r630-01.sh` - Sankofa services

### Blockchain
- `scripts/setup-thirdweb-rpc-nodes.sh` - ThirdWeb RPC
- `scripts/fix-validator-txpool.sh` - Validator configuration
- `scripts/start-blockscout-service.sh` - Blockscout

### Verification
- `scripts/check-vmid-conflicts.sh` - VMID conflict check
- `scripts/check-ip-conflicts.sh` - IP conflict check
- `scripts/validate-configuration.sh` - Configuration validation

---

## Rollback Procedures

### Service Rollback
1. Stop service container
2. Restore from backup if available
3. Revert configuration changes
4. Restart service

### Database Rollback
1. Stop database service
2. Restore database from backup
3. Restart database service
4. Verify data integrity

### Network Rollback
1. Revert network configuration
2. Restore firewall rules
3. Restore routing rules
4. Verify connectivity

---

## Related Documents

- **[PHOENIX_DEPLOYMENT_RUNBOOK.md](PHOENIX_DEPLOYMENT_RUNBOOK.md)** - Phoenix-specific deployment
- **[VMID_ALLOCATION_FINAL.md](../02-architecture/VMID_ALLOCATION_FINAL.md)** - VMID reference
- **[NETWORK_CONFIGURATION_MASTER.md](../11-references/NETWORK_CONFIGURATION_MASTER.md)** - IP and network reference
- **[NETWORK_ARCHITECTURE.md](../02-architecture/NETWORK_ARCHITECTURE.md)** - Service and network layout

---

**Last Updated:** 2026-01-22  
**Maintainer:** System Administrator  
**Update Frequency:** On deployment procedure changes