d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
f0f0a4bb844eefe6c19e9568c3af9b2d387e5a2e
proxmox/docs/archive/historical/CHAIN138_NEXT_STEPS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

11 KiB
Raw Blame History

ChainID 138 - Complete Next Steps

Date: December 26, 2024
Status: Ready for deployment

📋 Overview

This document lists all remaining steps to complete the ChainID 138 deployment, including container creation, configuration, JWT authentication setup, and verification.

Current Status:

  • Configuration files created
  • Scripts prepared
  • Documentation complete
  • 13 containers need to be created
  • Configuration deployment pending
  • JWT authentication setup pending

🔴 Priority 1: Container Creation (13 containers)

1. Besu Nodes (7 containers)

Sentry Node

  • 1504 - besu-sentry-5 (Ali)
    • IP: 192.168.11.154
    • Memory: 4GB, CPU: 2 cores, Disk: 100GB
    • Discovery: Enabled
    • Access: Ali (Full)

RPC Nodes (6 containers)

  • 2503 - besu-rpc-4 (Ali - 0x8a identity)

    • IP: 192.168.11.253
    • Memory: 16GB, CPU: 4 cores, Disk: 200GB
    • Discovery: Disabled (MetaMask compatibility)
    • JWT Auth: Required

  • 2504 - besu-rpc-4 (Ali - 0x1 identity)

    • IP: 192.168.11.254
    • Memory: 16GB, CPU: 4 cores, Disk: 200GB
    • Discovery: Disabled (MetaMask compatibility)
    • JWT Auth: Required

  • 2505 - besu-rpc-luis (Luis - 0x8a identity)

    • IP: 192.168.11.255
    • Memory: 16GB, CPU: 4 cores, Disk: 200GB
    • Discovery: Disabled (MetaMask compatibility)
    • JWT Auth: Required
    • Access: Luis (RPC-only)

  • 2506 - besu-rpc-luis (Luis - 0x1 identity)

    • IP: 192.168.11.256
    • Memory: 16GB, CPU: 4 cores, Disk: 200GB
    • Discovery: Disabled (MetaMask compatibility)
    • JWT Auth: Required
    • Access: Luis (RPC-only)

  • 2507 - besu-rpc-putu (Putu - 0x8a identity)

    • IP: 192.168.11.257
    • Memory: 16GB, CPU: 4 cores, Disk: 200GB
    • Discovery: Disabled (MetaMask compatibility)
    • JWT Auth: Required
    • Access: Putu (RPC-only)

  • 2508 - besu-rpc-putu (Putu - 0x1 identity)

    • IP: 192.168.11.258
    • Memory: 16GB, CPU: 4 cores, Disk: 200GB
    • Discovery: Disabled (MetaMask compatibility)
    • JWT Auth: Required
    • Access: Putu (RPC-only)

2. Hyperledger Services (5 containers)

  • 6200 - firefly-1 (Core)

    • IP: 192.168.11.66
    • Memory: 4GB, CPU: 2 cores, Disk: 50GB

  • 6201 - firefly-2 (Ali's host, ChainID 138)

    • IP: 192.168.11.67
    • Memory: 4GB, CPU: 2 cores, Disk: 50GB
    • JWT Auth: Required
    • Access: Ali (Full)

  • 5200 - cacti-1

    • IP: 192.168.11.64
    • Memory: 4GB, CPU: 2 cores, Disk: 50GB

  • 6000 - fabric-1

    • IP: 192.168.11.65
    • Memory: 4GB, CPU: 2 cores, Disk: 50GB

  • 6400 - indy-1

    • IP: 192.168.11.68
    • Memory: 4GB, CPU: 2 cores, Disk: 50GB

3. Explorer (1 container)

  • 5000 - blockscout-1
    • IP: TBD
    • Memory: 8GB, CPU: 4 cores, Disk: 200GB

🔧 Priority 2: Besu Configuration Deployment

Step 1: Run Main Configuration Script

cd /home/intlc/projects/proxmox
./scripts/configure-besu-chain138-nodes.sh

This script will:

  1. Collect enodes from all Besu nodes (including existing ones)
  2. Generate static-nodes.json with all enodes
  3. Generate permissioned-nodes.json with all enodes
  4. Deploy configurations to all Besu containers (including new ones)
  5. Configure discovery settings (disabled for 2503-2508)
  6. Restart Besu services

Step 2: Deploy Configuration Files to New Containers

For each new Besu container (1504, 2503-2508):

# Copy configuration template
pct push <VMID> /path/to/config.toml /etc/besu/config.toml

# Ensure directories exist
pct exec <VMID> -- mkdir -p /var/lib/besu/permissions /genesis

# Copy static-nodes.json and permissioned-nodes.json
pct push <VMID> /path/to/static-nodes.json /var/lib/besu/static-nodes.json
pct push <VMID> /path/to/permissioned-nodes.json /var/lib/besu/permissions/permissioned-nodes.json

# Set ownership
pct exec <VMID> -- chown -R besu:besu /var/lib/besu

Configuration Templates:

  • 1504: Use sentry configuration template
  • 2503: smom-dbis-138/config/config-rpc-4.toml
  • 2504: Use config-rpc-4.toml template (0x1 identity)
  • 2505: smom-dbis-138/config/config-rpc-luis-8a.toml
  • 2506: smom-dbis-138/config/config-rpc-luis-1.toml
  • 2507: smom-dbis-138/config/config-rpc-putu-8a.toml
  • 2508: smom-dbis-138/config/config-rpc-putu-1.toml

Step 3: Verify Configuration

./scripts/verify-chain138-config.sh

This will check:

  • File existence (static-nodes.json, permissioned-nodes.json)
  • Discovery settings (should be disabled for 2503-2508)
  • Peer connections
  • Service status

🔐 Priority 3: JWT Authentication Setup

For All RPC Containers (2503-2508)

Each RPC container requires JWT authentication via nginx reverse proxy.

Step 1: Install Nginx and Dependencies

# For each RPC container (2503-2508)
pct exec <VMID> -- bash -c '
  export DEBIAN_FRONTEND=noninteractive
  apt-get update -qq
  apt-get install -y -qq nginx openssl python3 python3-pip
  pip3 install PyJWT cryptography 2>/dev/null || true
'

Step 2: Configure JWT Authentication

Use the existing JWT auth configuration script as a template:

# Review existing script
cat scripts/configure-nginx-jwt-auth-simple.sh

# Adapt for each RPC container
# - Generate JWT secret key
# - Configure nginx with JWT validation
# - Set up reverse proxy to Besu RPC (127.0.0.1:8545)

Step 3: Generate JWT Tokens

For each operator:

# Generate token for Ali (full access)
./scripts/generate-jwt-token.sh ali-full-access 365

# Generate token for Luis (RPC-only, 0x8a identity)
./scripts/generate-jwt-token.sh luis-rpc-8a 365

# Generate token for Luis (RPC-only, 0x1 identity)
./scripts/generate-jwt-token.sh luis-rpc-1 365

# Generate token for Putu (RPC-only, 0x8a identity)
./scripts/generate-jwt-token.sh putu-rpc-8a 365

# Generate token for Putu (RPC-only, 0x1 identity)
./scripts/generate-jwt-token.sh putu-rpc-1 365

Step 4: Test JWT Authentication

# Test with valid token
curl -X POST https://<RPC_IP>/ \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer <JWT_TOKEN>' \
  -d '{"jsonrpc":"2.0","method":"net_peerCount","params":[],"id":1}'

# Test without token (should fail)
curl -X POST https://<RPC_IP>/ \
  -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"net_peerCount","params":[],"id":1}'

🔥 Priority 4: Firewall Configuration

For RPC Containers (2503-2508)

Configure firewall rules to restrict access:

# Allow RPC access only from specific IPs/networks
# Block direct access to Besu RPC (8545) - only via nginx (443)

# For each RPC container
pct exec <VMID> -- bash -c '
  # Allow nginx HTTPS (443)
  ufw allow 443/tcp
  
  # Block direct Besu RPC access (8545) from external
  ufw deny 8545/tcp
  
  # Allow P2P (30303) from ChainID 138 network only
  ufw allow from 192.168.11.0/24 to any port 30303
  
  # Enable firewall
  ufw --force enable
'

Priority 5: Verification and Testing

1. Verify Container Status

# Check all containers are running
for vmid in 1504 2503 2504 2505 2506 2507 2508 6201; do
  echo "VMID $vmid:"
  pct status $vmid
done

2. Verify Besu Services

# Check Besu services on all nodes
for vmid in 1504 2503 2504 2505 2506 2507 2508; do
  echo "VMID $vmid:"
  pct exec $vmid -- systemctl status besu*.service --no-pager | head -5
done

3. Verify Peer Connections

# Check peer count on each node
for vmid in 1504 2503 2504 2505 2506 2507 2508; do
  echo "VMID $vmid peer count:"
  pct exec $vmid -- curl -s -X POST http://localhost:8545 \
    -H 'Content-Type: application/json' \
    -d '{"jsonrpc":"2.0","method":"net_peerCount","params":[],"id":1}' | jq -r '.result'
done

4. Verify ChainID

# Verify nodes are on ChainID 138 (even though they report 0x1 to MetaMask)
for vmid in 2503 2504 2505 2506 2507 2508; do
  echo "VMID $vmid chainID:"
  pct exec $vmid -- curl -s -X POST http://localhost:8545 \
    -H 'Content-Type: application/json' \
    -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' | jq -r '.result'
done

5. Verify Discovery Settings

# Verify discovery is disabled for RPC nodes
for vmid in 2503 2504 2505 2506 2507 2508; do
  echo "VMID $vmid discovery:"
  pct exec $vmid -- grep discovery-enabled /etc/besu/*.toml
done

6. Test JWT Authentication

# Test each RPC endpoint with JWT token
for vmid in 2503 2504 2505 2506 2507 2508; do
  echo "Testing VMID $vmid:"
  curl -X POST https://192.168.11.XXX/ \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer <JWT_TOKEN>' \
    -d '{"jsonrpc":"2.0","method":"net_peerCount","params":[],"id":1}'
done

📝 Priority 6: Firefly Configuration (6201)

Step 1: Deploy Firefly Container

  • Create container 6201
  • Configure network (192.168.11.67)
  • Install Firefly

Step 2: Configure ChainID 138 Connection

# Configure Firefly to connect to ChainID 138 RPC nodes
# Update Firefly configuration with RPC endpoint
# Use JWT token for authentication

Step 3: Test Firefly API

# Test Firefly API endpoints
curl https://192.168.11.67:8080/api/v1/status

🎯 Quick Start Commands

Complete Setup (After Containers Created)

# 1. Configure all Besu nodes
cd /home/intlc/projects/proxmox
./scripts/configure-besu-chain138-nodes.sh

# 2. Verify configuration
./scripts/verify-chain138-config.sh

# 3. Set up new containers
./scripts/setup-new-chain138-containers.sh

# 4. Set up JWT authentication (for each RPC container)
# (Manual step - adapt configure-nginx-jwt-auth-simple.sh for each container)

# 5. Test everything
./scripts/verify-chain138-config.sh

📊 Progress Tracking

Container Creation

  • 1504 - besu-sentry-5
  • 2503 - besu-rpc-4 (Ali - 0x8a)
  • 2504 - besu-rpc-4 (Ali - 0x1)
  • 2505 - besu-rpc-luis (Luis - 0x8a)
  • 2506 - besu-rpc-luis (Luis - 0x1)
  • 2507 - besu-rpc-putu (Putu - 0x8a)
  • 2508 - besu-rpc-putu (Putu - 0x1)
  • 6200 - firefly-1
  • 6201 - firefly-2
  • 5200 - cacti-1
  • 6000 - fabric-1
  • 6400 - indy-1
  • 5000 - blockscout-1

Configuration

  • Run configure-besu-chain138-nodes.sh
  • Deploy config files to all new containers
  • Verify discovery settings
  • Verify static-nodes.json and permissioned-nodes.json

JWT Authentication

  • Set up nginx on 2503
  • Set up nginx on 2504
  • Set up nginx on 2505
  • Set up nginx on 2506
  • Set up nginx on 2507
  • Set up nginx on 2508
  • Generate JWT tokens for all operators
  • Test JWT authentication

Firewall

  • Configure firewall on 2503
  • Configure firewall on 2504
  • Configure firewall on 2505
  • Configure firewall on 2506
  • Configure firewall on 2507
  • Configure firewall on 2508

Verification

  • Verify all containers running
  • Verify Besu services
  • Verify peer connections
  • Verify ChainID
  • Verify discovery settings
  • Test JWT authentication
  • Test Firefly connection

📚 Related Documentation

Last Updated: December 26, 2024
Status: Ready for deployment

Reference in New Issue View Git Blame Copy Permalink