d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/03-deployment/DEPLOYMENT_STATUS_MASTER.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

280 lines
9.0 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Deployment Status Master - Complete Overview
**Last Updated:** 2026-02-12
**Status:** 🚀 **ACTIVE DEPLOYMENT**
**Progress:** Foundation Complete → Service Migration In Progress
**Authoritative** for container inventory by host (reconciled with SSH). For a legacy consolidated table view, see [DEPLOYMENT_STATUS_CONSOLIDATED.md](DEPLOYMENT_STATUS_CONSOLIDATED.md).
---
## Executive Summary
### ✅ Completed (Foundation Phase)
1. **Network Infrastructure**
-**Edge:** UDM Pro (76.53.10.34, replaced ER605). Port forward **76.53.10.36:80/443****192.168.11.167:80/443** (NPMplus). NPMplus LXC has 192.168.11.166 and 192.168.11.167; only **192.168.11.167** is used in UDM Pro.
- ✅ All 19 VLANs configured on UDM Pro
- ✅ Inter-VLAN routing verified and working
- ✅ Network Isolation disabled, Zone Matrix configured
- ✅ Dual network access configured (Default + VLAN 11)
2. **Proxmox Infrastructure**
- ✅ ml110 operational (192.168.11.10)
- ✅ r630-01 operational (192.168.11.11)
- ✅ r630-02 operational (192.168.11.12) - Storage optimized
- ✅ r630-03, r630-04 available for deployment
3. **Storage**
- ✅ r630-02 storage issues resolved
- ✅ Container 7811 disk expanded
- ✅ Duplicate volumes removed (~300GB recovered)
- ✅ Storage pools optimized
### ⏳ In Progress (Migration Phase)
1. **VLAN Migration**
- ⏳ Besu validators (1000-1004) → VLAN 110
- ⏳ Besu sentries (1500-1503) → VLAN 111
- ⏳ Besu RPC (2500-2502) → VLAN 112
- ⏳ Blockscout (5000) → VLAN 120
- ⏳ FireFly (6200) → VLAN 141
- ⏳ MIM API (7811) → VLAN 160
2. **Service Deployment**
- ⏳ CCIP fleet (41 nodes)
- ⏳ DBIS services
- ⏳ Monitoring stack
- ⏳ Additional Hyperledger services
### 📋 Pending (Deployment Phase)
1. **Security & Access**
- ⏳ Firewall rules configuration
- ⏳ Cloudflare Zero Trust setup
- ⏳ NAT pool configuration
2. **Documentation**
- ⏳ Final IP assignments
- ⏳ Service connectivity matrix
- ⏳ Operational runbooks
---
## Current Container Inventory
### ml110 (192.168.11.10)
**Running Containers:**
- Besu Validators: 1000-1004 (5)
- Besu Sentries: 1500-1503, **1504** (besu-sentry-ali) (5)
- Besu RPC: 2500-2502, **2303-2308** (Ali/Luis/Putu RPC — not 2503-2508)
- Thirdweb RPC: 2400-2402 (3)
**Note:** 2503, 2504, 2505 are on **r630-01** (besu-rpc-hybx-1/2/3). **2506, 2507, 2508 were destroyed 2026-02-08** — see [MISSING_CONTAINERS_LIST.md](MISSING_CONTAINERS_LIST.md). Besu RPC range: 25002505 only.
**Status:** All on VLAN 11 (mgmt) - **Ready for VLAN migration**
### r630-01 (192.168.11.11)
**Running Containers:**
- Infrastructure: 100-108 (proxmox-mail-gateway, datacenter-manager, cloudflared, omada, gitea, nginxproxymanager, redis-rpc-translator, web3signer-rpc-translator, vault-rpc-translator)
- Monitoring: 130 (monitoring-1)
- **Besu RPC: 2503, 2504, 2505** (besu-rpc-hybx-1/2/3)
- **Hyperledger: 5200 (cacti-1), 6000 (fabric-1), 6400 (indy-1)**
**Host Services (not LXC):**
- **CCIP Relay Service** — `/opt/smom-dbis-138/services/relay` (Node.js); relays Chain 138 → Mainnet; uses VMID 2201 RPC. See [07-ccip/CCIP_RELAY_DEPLOYMENT.md](../07-ccip/CCIP_RELAY_DEPLOYMENT.md).
- **Chain 138 smart contracts** — 36-address on-chain check: `./scripts/verify/check-contracts-on-chain-138.sh`; AddressMapper, MirrorManager deployed 2026-02-12. Deploy with `--with-gas-price 1000000000`. See [CONTRACT_ADDRESSES_REFERENCE](../11-references/CONTRACT_ADDRESSES_REFERENCE.md), [CONTRACT_DEPLOYMENT_RUNBOOK](CONTRACT_DEPLOYMENT_RUNBOOK.md).
**Stopped Containers (30+):**
- DBIS services: 10100-10151
- Order services: 10000-10092
- CCIP services: 3500-3501
**Status:** Infrastructure and Hyperledger running; many application services stopped - **Ready for deployment**
### r630-02 (192.168.11.12)
**Running Containers (4):**
- Blockscout: 5000
- FireFly: 6200
- FireFly Ali: 6201 (stopped)
- MIM API: 7811
**Status:** Services running on VLAN 11 - **Ready for VLAN migration**
---
## VLAN Migration Plan
### Priority 1: Besu Network (High Priority)
| Service | Current | Target VLAN | Target Subnet | Containers |
|---------|---------|-------------|---------------|------------|
| Validators | VLAN 11 | VLAN 110 | 10.110.0.0/24 | 1000-1004 |
| Sentries | VLAN 11 | VLAN 111 | 10.111.0.0/24 | 1500-1503 |
| RPC | VLAN 11 | VLAN 112 | 10.112.0.0/24 | 2500-2502 |
### Priority 2: Service VLANs
| Service | Current | Target VLAN | Target Subnet | Containers |
|---------|---------|-------------|---------------|------------|
| Blockscout | VLAN 11 | VLAN 120 | 10.120.0.0/24 | 5000 |
| FireFly | VLAN 11 | VLAN 141 | 10.141.0.0/24 | 6200 |
| MIM API | VLAN 11 | VLAN 160 | 10.160.0.0/22 | 7811 |
### Priority 3: New Deployments
| Service | Target VLAN | Target Subnet | VMIDs |
|---------|------------|---------------|-------|
| CCIP Ops | VLAN 130 | 10.130.0.0/24 | 5400-5401 |
| CCIP Commit | VLAN 132 | 10.132.0.0/24 | 5410-5425 |
| CCIP Execute | VLAN 133 | 10.133.0.0/24 | 5440-5455 |
| CCIP RMN | VLAN 134 | 10.134.0.0/24 | 5470-5476 |
| DBIS Services | VLAN 202 | 10.202.0.0/24 | 10100-10151 |
---
## Deployment Tasks by Category
### Network Tasks (Can Run in Parallel)
1. ✅ Verify VLAN configuration
2. ✅ Verify inter-VLAN routing
3. ⏳ Migrate Besu validators to VLAN 110
4. ⏳ Migrate Besu sentries to VLAN 111
5. ⏳ Migrate Besu RPC to VLAN 112
6. ⏳ Migrate Blockscout to VLAN 120
7. ⏳ Migrate FireFly to VLAN 141
8. ⏳ Migrate MIM API to VLAN 160
9. ⏳ Configure firewall rules
10. ⏳ Configure DHCP reservations
### Service Deployment Tasks (Can Run in Parallel)
1. ⏳ Deploy CCIP Ops/Admin (2 nodes)
2. ⏳ Deploy CCIP Commit nodes (16 nodes)
3. ⏳ Deploy CCIP Execute nodes (16 nodes)
4. ⏳ Deploy CCIP RMN nodes (7 nodes)
5. ⏳ Deploy monitoring stack
6. ⏳ Deploy DBIS services
7. ⏳ Deploy Cacti
8. ⏳ Deploy Fabric
9. ⏳ Deploy Indy
### Security & Access Tasks (Can Run in Parallel)
1. ⏳ Configure inter-VLAN firewall rules
2. ⏳ Configure sovereign tenant isolation
3. ⏳ Set up Cloudflare Zero Trust tunnels
4. ⏳ Configure Cloudflare Access policies
5. ⏳ Configure NAT pools (when IP blocks assigned)
### Documentation Tasks
1. ⏳ Update IP assignments
2. ⏳ Create service connectivity matrix
3. ⏳ Update operational runbooks
4. ⏳ Document final configurations
---
## Parallel Execution Strategy
### Phase 1: Network Migration (Parallel Groups)
**Group A (Besu Network - Can run in parallel):**
- Migrate validators (1000-1004) → VLAN 110
- Migrate sentries (1500-1503) → VLAN 111
- Migrate RPC (2500-2502) → VLAN 112
**Group B (Service VLANs - Can run in parallel):**
- Migrate Blockscout (5000) → VLAN 120
- Migrate FireFly (6200) → VLAN 141
- Migrate MIM API (7811) → VLAN 160
### Phase 2: Service Deployment (Parallel Groups)
**Group A (CCIP Fleet - Can run in parallel):**
- Deploy CCIP Ops/Admin (5400-5401)
- Deploy CCIP Commit nodes (5410-5425)
- Deploy CCIP Execute nodes (5440-5455)
- Deploy CCIP RMN nodes (5470-5476)
**Group B (Application Services - Can run in parallel):**
- Deploy DBIS services (10100-10151)
- Deploy monitoring stack
- Deploy Hyperledger services (Cacti, Fabric, Indy)
### Phase 3: Security & Access (Parallel)
- Configure firewall rules
- Set up Cloudflare Zero Trust
- Configure NAT pools
---
## Resource Allocation
### Proxmox Hosts
| Host | Current Load | Available Capacity | Recommended Use |
|------|--------------|-------------------|------------------|
| ml110 | 20 containers | Moderate | Besu network, management |
| r630-01 | 10 containers | High | CCIP fleet, services |
| r630-02 | 4 containers | High | Application services |
| r630-03 | 0 containers | Full | New deployments |
| r630-04 | 0 containers | Full | New deployments |
### Storage
| Host | Storage Status | Available |
|------|----------------|-----------|
| ml110 | Operational | Adequate |
| r630-01 | Operational | High |
| r630-02 | Optimized | High (300GB recovered) |
| r630-03 | Available | Full |
| r630-04 | Available | Full |
---
## Next Steps (Immediate)
1. **Start VLAN Migration** (Priority 1)
- Begin with Besu validators (1000-1004)
- Test connectivity after each group
- Proceed to next group
2. **Deploy CCIP Fleet** (Priority 2)
- Start with Ops/Admin nodes
- Deploy Commit, Execute, RMN in parallel
- Configure and test
3. **Configure Security** (Priority 3)
- Set up firewall rules
- Configure Cloudflare Zero Trust
- Test access policies
---
## Risk Assessment
### Low Risk
- ✅ VLAN migration (tested, reversible)
- ✅ Service deployment (can rollback)
- ✅ Firewall configuration (tested)
### Medium Risk
- ⚠️ CCIP fleet deployment (requires coordination)
- ⚠️ NAT pool configuration (requires public IP blocks)
### High Risk
- ❌ None identified
---
**Last Updated:** 2026-02-05
**Container inventory:** Reconciled with SSH review; canonical missing VMIDs (2506, 2507, 2508 only): [MISSING_CONTAINERS_LIST.md](MISSING_CONTAINERS_LIST.md).
**Next Review:** After Phase 1 completion
Reference in New Issue View Git Blame Copy Permalink