4.2 KiB
4.2 KiB
DBIS Phase 2 — Proxmox sovereignization roadmap
Last updated: 2026-03-28
Purpose: Close the gap between today’s Proxmox footprint (2–3 active cluster nodes, ZFS/LVM-backed guests, VLAN 11 LAN) and the target in dbis_chain_138_technical_master_plan.md Sections 4–5 and 8 (multi-node HA, Ceph-backed storage, stronger segmentation, standardized templates).
Current ground truth: PROXMOX_VE_OPERATIONAL_DEPLOYMENT_TEMPLATE.md, config/proxmox-operational-template.json, STORAGE_GROWTH_AND_HEALTH.md.
Current state (summary)
| Area | As deployed (typical) | Master plan target |
|---|---|---|
| Cluster | Corosync cluster h on ml110 + r630-01 + r630-02 (ml110 may be repurposed — verify Phase 1) | 3+ control-oriented nodes, odd quorum, HA services |
| Storage | Local ZFS / LVM thin pools per host | Ceph OSD tier + pools for VM disks and/or RBD |
| Network | Primary 192.168.11.0/24, VLAN 11, UDM Pro edge, NPMplus ingress | Additional VLANs: storage replication, validator-only, identity, explicit DMZ mapping |
| Workloads | Chain 138 Besu validators/RPC, Hyperledger CTs, apps — see DBIS_NODE_ROLE_MATRIX.md | Same roles, template-standardized provisioning |
Milestone 1 — Cluster quorum and fleet expansion
- Bring r630-03+ online per R630_13_NODE_DOD_HA_MASTER_PLAN.md and 11-references/13_NODE_AND_ASSETS_BRING_ONLINE_CHECKLIST.md.
- Maintain odd node count for Corosync quorum; use qdevice if temporarily even-count during ml110 migration (UDM_PRO_PROXMOX_CLUSTER.md).
Milestone 2 — ML110 migration / WAN aggregator
- Before repurposing ml110 to OPNsense/pfSense (ML110_OPNSENSE_PFSENSE_WAN_AGGREGATOR.md): migrate all remaining CT/VM to R630s (NETWORK_CONFIGURATION_MASTER.md).
- Re-document physical inventory row for
.10after cutover (PHYSICAL_HARDWARE_INVENTORY.md).
Milestone 3 — Ceph introduction (decision + prerequisites)
- Decision record: whether Ceph replaces or complements ZFS/LVM for new workloads; minimum network (10G storage net, jumbo frames if used), disk layout, and JBOD attachment per HARDWARE_INVENTORY_MASTER.md.
- Pilot: non-production pool → migrate one test CT → expand OSD count.
Milestone 4 — Network segmentation (incremental)
Map master plan layers to implementable steps:
- Dedicated storage replication VLAN (Ceph backhaul or ZFS sync).
- Validator / P2P constraints (firewall rules between sentry and RPC tiers — align CHAIN138_CANONICAL_NETWORK_ROLES_VALIDATORS_SENTRY_AND_RPC.md).
- Identity / Indy tier isolation when multi-entity governance requires it.
Milestone 5 — VM / CT templates (Section 7 of master plan)
- Align PROXMOX_VM_CREATION_RUNBOOK.md with template types: Identity (Indy/Aries), Settlement (Besu), Institutional (Fabric), Workflow (FireFly), Observability (Explorer/monitoring).
- Encode preferred_node and sizing in DBIS_NODE_ROLE_MATRIX.md and sync proxmox-operational-template.json.
Milestone 6 — Backup and DR alignment (master plan Sections 8, 16)
- Hourly/daily snapshot policy per guest tier; cross-site replication targets (RPO/RTO) documented outside this file when available.
- Reference: existing backup scripts for NPMplus and operator checklist.