d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
e4c9dda0fda271eb6a2c97873c07face9ed866a9
proxmox/docs/00-meta/OPERATOR_CREDENTIALS_CHECKLIST.md
defiQUG e4c9dda0fd
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: update submodule references and documentation 
- Marked submodules ai-mcp-pmm-controller, explorer-monorepo, and smom-dbis-138 as dirty to reflect recent changes.
- Updated documentation to clarify operator script usage, including dotenv loading and task execution instructions.
- Enhanced the README and various index files to provide clearer navigation and task completion guidance.

Made-with: Cursor
2026-03-04 02:03:08 -08:00

70 lines
4.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Operator Credentials and Secrets — Checklist
**Purpose:** Before running Operator/LAN tasks, confirm you have the required credentials and access. **Does Operator/LAN have all necessary creds?** Use this checklist; if any row is **No**, obtain or set that credential before running the task.
**Where to set:** Unless noted, use `smom-dbis-138/.env` (gitignored). Copy from `smom-dbis-138/.env.example` or see [REMAINING_WORK_DETAILED_STEPS](REMAINING_WORK_DETAILED_STEPS.md) for per-step blockers.
**Operator scripts load dotenv automatically:** [run-all-operator-tasks-from-lan.sh](../../scripts/run-all-operator-tasks-from-lan.sh) and [run-operator-tasks-from-lan.sh](../../scripts/run-operator-tasks-from-lan.sh) source `scripts/lib/load-project-env.sh`, which loads repo root `.env` and `smom-dbis-138/.env`. No need to `source .env` before running.
---
## Required credentials (summary)
| Credential / access | Used for | Where to set / get |
|--------------------|----------|---------------------|
| **LAN (192.168.11.x)** | NPMplus API, RPC, Blockscout, Proxmox | Be on same network or VPN |
| **PRIVATE_KEY** (64-char hex, no 0x) | Chain 138 deploy, bridge send, any `forge script --broadcast` | `smom-dbis-138/.env` |
| **RPC_URL_138** (Chain 138 Core) | Deploy, verify, on-chain check | e.g. `http://192.168.11.211:8545` in `.env` |
| **NPM_PASSWORD** | NPMplus backup, proxy host updates (502 fix) | `smom-dbis-138/.env` or root `.env`; from NPMplus UI |
| **SSH to Proxmox** (e.g. root@192.168.11.10) | run-all-maintenance-via-proxmox-ssh, VM/CT creation, token-aggregation fix | SSH key or password to Proxmox host |
| **LINK** (on Chain 138 for bridge) | sendCrossChain (real); CCIP fees | Deployer wallet must hold LINK and approve bridge |
| **Native gas (ETH/138)** | All Chain 138 deploys and txs | Deployer `0x4A66...` funded on 138 |
| **Per-chain RPC + gas (Celo, Wemix, Gnosis)** | CCIP bridges deploy | CELO ~0.1, WEMIX ~0.4; RPC URLs in .env |
| **ADD_LIQUIDITY_* amounts + token balance** | Add liquidity to PMM pools | Deployer holds cUSDT/cUSDC/USDT/USDC; set in .env or runbook |
---
## Per-task requirements (Operator/LAN)
| Task | LAN | PRIVATE_KEY | NPM_PASSWORD | RPC_URL_138 | SSH Proxmox | Other |
|------|-----|-------------|--------------|-------------|-------------|--------|
| Full deployment order (Phase 06) | Yes | Yes | — | Yes | Optional | Gas on 138; per-phase env (see runbook) |
| Add liquidity (PMM pools) | Yes | Yes | — | Yes | — | Token balance; ADD_LIQUIDITY_BASE_AMOUNT, ADD_LIQUIDITY_QUOTE_AMOUNT |
| run-all-operator-tasks-from-lan (backup + verify) | Yes | — | Yes (backup) | Yes (verify) | Optional | Blockscout reachable |
| run-all-operator-tasks-from-lan --deploy | Yes | Yes | Yes | Yes | Optional | Gas on 138 |
| E2E 502 fix (address-all-remaining-502s) | Yes | — | Yes (NPMplus proxy update) | — | Yes (Besu fix) | Proxmox reachable |
| Blockscout verification only | Yes | — | — | Yes | — | Host can reach explorer.d-bis.org |
| Gnosis / Celo / Wemix CCIP bridges | Yes | Yes | — | Yes + per-chain RPC | — | Per-chain gas (xDAI, CELO, WEMIX); CCIP router/LINK addresses in .env |
| LINK support on Mainnet relay | Yes | Yes (if deploy) | — | Yes | Yes (restart relay) | Mainnet RPC; LINK on mainnet if funding relay |
| sendCrossChain (real) | Yes | Yes | — | Yes | — | LINK approved for bridge; recipient address |
| NPMplus backup | Yes | — | Yes | — | — | NPMplus API reachable |
| NPMplus RPC proxy fix (405) | Yes | — | Yes | — | — | — |
| Token-aggregation DB + migrations | Yes | — | — | — | Yes | PostgreSQL on VMID 5000 or same host; DATABASE_URL |
| Explorer Wallet link (edit nav) | — | — | — | — | Yes (to explorer VM) | SSH to VMID 5000 or host serving explorer |
| E2E flow waves E1E7 | Yes | Yes (if deploy/fund) | Yes (if NPM) | Yes | Optional | Depends on wave; see TASKS_TO_INCREASE_ALL_E2E_FLOWS |
**—** = not required for that task.
---
## Quick verification (do you have them?)
```bash
# From repo root, with smom-dbis-138/.env present:
source smom-dbis-138/.env 2>/dev/null
echo "PRIVATE_KEY set: $( [ -n "$PRIVATE_KEY" ] && echo yes || echo no )"
echo "NPM_PASSWORD set: $( [ -n "$NPM_PASSWORD" ] && echo yes || echo no )"
echo "RPC_URL_138 set: $( [ -n "$RPC_URL_138" ] && echo yes || echo no )"
# LAN: ping or curl from your machine to 192.168.11.211:8545 (or your RPC host)
# SSH: ssh root@192.168.11.10 (or your Proxmox host) echo ok
```
---
## References
- **Operator commands:** [OPERATOR_READY_CHECKLIST.md](OPERATOR_READY_CHECKLIST.md)
- **LAN + secrets steps:** [STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md](STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md)
- **Wave 0 (sendCrossChain, backup):** [REMAINING_WORK_DETAILED_STEPS.md](REMAINING_WORK_DETAILED_STEPS.md) § W0-2, W0-3
- **Remaining summary:** [REMAINING_SUMMARY.md](REMAINING_SUMMARY.md)
Reference in New Issue View Git Blame Copy Permalink