d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/04-configuration/verification-evidence/CHECKS_AND_FIXES_20260206.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

5.2 KiB
Raw Blame History

Checks and Fixes Run — 2026-02-06

Summary: All verification scripts and safe fixes were run from the project root.

Checks run

Check Result
check-dependencies.sh Pass — required deps present; optional (sqlite3, wscat, websocat, screen, htop, shellcheck, parallel) missing.
run-all-validation.sh --skip-genesis Pass — dependencies OK, config validation passed (optional PROXMOX_TOKEN_VALUE, PROXMOX_HOST not set).
run-full-verification.sh Pass (all 6 steps, ~116s) — see below.
secure-env-permissions.sh Applied — chmod 600 on .env, unifi-api/.env, smom-dbis-138/.env, dbis_core/.env where present.
run-shellcheck.sh --optional ⚠️ Skipped — shellcheck not installed (optional).

Full verification (6 steps)

  1. Config validation — Pass.
  2. Cloudflare DNS — Pass. Export and verification OK. Warnings: rpc-http-pub.d-bis.org, rpc.public-0138.defi-oracle.io, rpc-http-prv.d-bis.org not found in DNS export (may be CNAME or different type).
  3. UDM Pro port forwarding — Pass. Internal and public 80/443 reachable.
  4. NPMplus — Pass. 27 proxy hosts, 26 certificates. Warning: Cert ID 134 (cross-all.defi-oracle.io) — cert files missing on disk.
  5. Backend VMs — Pass. All 8 VMs verified (2101, 7810, 10150, 10151, 2201, 2400, 10130, 5000). Warnings: dbis-frontend (10130) nginx inactive; dbis-api (10150, 10151) health returned 000000 (may need specific health path).
  6. E2E routing — Pass. 25 domains tested; DNS 25/25, HTTPS 14/14 passed; 0 failed. WebSocket tests: partial support (Code 200, may need proper WS handshake).
  7. Source-of-truth JSON — Generated: docs/04-configuration/INGRESS_SOURCE_OF_TRUTH.json.

Fixes applied

  • Env permissions: chmod 600 on root .env, unifi-api/.env, smom-dbis-138/.env, dbis_core/.env (where present).

No destructive or remote fixes were run (e.g. no Blockscout/NPMplus restarts, no SSH auth/firewall --apply).

Optional follow-ups (completed 2026-02-07)

  • DNS: No change needed. The three names already have CNAME records in Cloudflare (cannot add A when CNAME exists). Export script updated to include CNAME in export so future verification lists them as "documented". Script scripts/verify/add-missing-cloudflare-a-records.sh added for reference (run only if you delete CNAME and want A).

Alltra/HYBX NPMplus setup (completed 2026-02-07)

  • Proxy hosts: Added to primary NPMplus (192.168.11.167): rpc-alltra*.d-bis.org, rpc-hybx*.d-bis.org, cacti-alltra.d-bis.org, cacti-hybx.d-bis.org.
  • Cloudflare Tunnel: Tunnel 892bd3fe configured with ingress for Alltra/HYBX hostnames → https://192.168.11.167:443 (primary NPMplus).
  • DNS CNAME: Created for all 8 hostnames → 892bd3fe-c6fa-4ddf-8b60-a8ed2b849c3d.cfargotunnel.com (Proxied).
  • SSL: First cert requested for cacti-alltra.d-bis.org. For remaining hosts, run: NPM_URL=https://192.168.11.167:81 bash scripts/request-npmplus-certificates.sh.
  • UDM Pro port forward: Manual — see UDM_PRO_NPMPLUS_ALLTRA_HYBX_PORT_FORWARD.md (76.53.10.38:80/81/443 → 192.168.11.169). Note: Tunnel + proxy hosts use primary NPMplus 192.168.11.167; port forward still targets 192.168.11.169 for direct/management access.
  • NPMplus cert 134: Certificate for cross-all.defi-oracle.io — "files missing" means NPMplus disk path for that cert; check in NPMplus UI (SSL Certificates), re-save or re-request if needed. No automated fix run.
  • dbis-frontend (10130): Done. Container serves port 80 with Python, not nginx. verify-backend-vms.sh now treats 10130 as service_type web (HTTP :80 only); verification passes without nginx warning. Re-run full verification to see "Port 80: Listening" and HTTP health pass.
  • dbis-api health: Done. verify-backend-vms.sh now tries http://$actual_ip:3000/health first for nodejs type (10150, 10151), then falls back to root. Re-run full verification to see updated API health.
  • WebSocket: Done. Installed wscat (npm install -g wscat). Ran scripts/verify/verify-websocket.sh wss://rpc-ws-pub.d-bis.orgOK.
  • shellcheck: Documented. Install with sudo apt install shellcheck or brew install shellcheck, then run scripts/verify/run-shellcheck.sh. No automated install in this session (sudo required).

Evidence: docs/04-configuration/verification-evidence/ (dns-verification-, udm-pro-, npmplus-, backend-vms-, e2e-verification-*).

Prepared fixes (required + optional)

For a single checklist of all fixes with copy-paste commands, see FIXES_PREPARED.md and the consolidated FULL_FIXES_PREPARED.md (validators, block production, stuck tx, Sentries, RPCs, UDM Pro, Alltra/HYBX 502, optional). They cover:

  • Required: Validators & block production, stuck tx, Sentry 1504, RPC 2301, UDM Pro port forward (76.53.10.38 → 192.168.11.169), Alltra/HYBX 502 diagnosis and fix steps.
  • Optional: Sentry 1503, RPC 2402/25032508, NPMplus certs (remaining Alltra/HYBX), Explorer SSL, NPMplus cert 134, shellcheck, env permissions, full verification re-run.
Reference in New Issue View Git Blame Copy Permalink