d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/scripts/configure-network-decision-tree.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

299 lines
9.1 KiB
Markdown
Raw Permalink Blame History

# Decision Logic Tree Documentation
## Overview
The configuration tool uses a comprehensive decision logic tree to prevent erroneous configurations and guide users through valid configuration paths.
## Decision Trees
### 1. Validator Count Decision Tree
```
Validator Count
├── 1 validator
│ └── ⚠ Warning: Centralized network, not suitable for production
│ └── User confirmation required
├── 2 validators
│ └── ⚠ Warning: Risk of consensus deadlock
│ └── User confirmation required
├── 3 validators
│ └── ⚠ Warning: Can tolerate 1 failure, recommend 4+
│ └── User confirmation required
├── Even number (4, 6, 8, ...)
│ └── ⚠ Warning: Can cause consensus issues
│ └── User confirmation required
└── Odd number (5, 7, 9, ...)
└── ✅ Recommended for production
```
### 2. Network Architecture Decision Tree
```
Network Architecture
├── Sentries = 0
│ └── ⚠ Warning: Validators exposed directly
│ └── User confirmation required
├── Sentries < Validators
│ └── ⚠ Warning: May cause connectivity issues
│ └── Recommend: Sentries >= Validators
└── Sentries >= Validators
└── ✅ Recommended configuration
```
### 3. RPC Configuration Decision Tree
```
RPC Configuration
├── RPC Nodes = 0
│ └── ⚠ Warning: No public RPC access
│ └── User confirmation required
├── RPC Enabled on Validators
│ └── ⚠ Security Risk: Validators exposed
│ └── User confirmation required (not recommended)
├── P2P Enabled on RPC Nodes
│ └── ⚠ Security Risk: RPC nodes exposed to network
│ └── User confirmation required (not recommended)
└── RPC Enabled on RPC Nodes, P2P Disabled
└── ✅ Recommended configuration
```
### 4. Security Configuration Decision Tree
```
Security Configuration
├── CORS = '*'
│ └── ⚠ Security Risk: Allows all origins
│ └── User confirmation required (not recommended)
├── Host Allowlist = '0.0.0.0' or '*'
│ └── ⚠ Security Risk: Allows all hosts
│ └── User confirmation required (not recommended)
├── RPC Enabled without CORS or Host Restrictions
│ └── ⚠ Security Risk: Unrestricted access
│ └── Recommend: Add restrictions
└── CORS and Host Restrictions Configured
└── ✅ Recommended configuration
```
### 5. Deployment Type Decision Tree
```
Deployment Type
├── VM Deployment
│ ├── Individual VMs
│ │ └── ✅ Full control, manual scaling
│ ├── VM Scale Sets
│ │ └── ✅ Auto-scaling, load balancing
│ └── Large Deployment (>50 nodes)
│ └── ⚠ Warning: Consider VM Scale Sets for cost optimization
├── AKS Deployment
│ └── ✅ Kubernetes orchestration, auto-scaling
└── Both AKS and VM
└── ✅ Maximum flexibility, higher cost
```
### 6. Resource Allocation Decision Tree
```
Resource Allocation
├── JVM Memory > VM Size Capacity
│ └── ⚠ Warning: Memory exceeds VM capacity
│ └── Recommend: Increase VM size or reduce JVM memory
├── RPC VM Size < Validator VM Size
│ └── ⚠ Warning: RPC nodes need more resources
│ └── Recommend: RPC VM Size >= Validator VM Size
└── Resources Appropriate
└── ✅ Recommended configuration
```
### 7. Dependencies Decision Tree
```
Dependencies
├── Blockscout Enabled, RPC Disabled
│ └── ✗ Error: Blockscout requires RPC
│ └── Fix: Enable RPC or disable Blockscout
├── Monitoring Enabled, No Components Selected
│ └── ⚠ Warning: Monitoring enabled but no components
│ └── Recommend: Enable monitoring components
├── Validator Count Mismatch
│ └── ⚠ Warning: Genesis validators != Node validators
│ └── Fix: Align validator counts
└── Dependencies Satisfied
└── ✅ Recommended configuration
```
## Validation Rules
### Genesis Validation
1. **Chain ID**: Must be between 1 and 2147483647
- Reserved chain IDs (1, 3, 4, 5, 42): Warning
- Chain ID 138: ✅ Recommended
2. **Block Period**: Must be between 1 and 60 seconds
- < 2 seconds: Warning (may cause instability)
- 2+ seconds: ✅ Recommended
3. **Epoch Length**: Must be between 1000 and 1000000
- < 10000: Warning (frequent validator set changes)
- 10000+: ✅ Recommended
4. **Request Timeout**: Must be between 1 and 60 seconds
- >= Block Period: Warning (should be less)
- < Block Period: ✅ Recommended
5. **Gas Limit**: Must be valid hex, between 5000 and max
- Invalid format: Error
- Too low/high: Error
- Valid range: ✅ Recommended
6. **Validators**: At least 1 required
- < 4: Warning (recommend 4+)
- Even number: Warning (recommend odd)
- Odd number, >= 4: ✅ Recommended
### Network Validation
1. **Cluster Name**: Must be valid Kubernetes name
- Invalid characters: Error
- Too long (>63 chars): Error
- Valid format: ✅ Recommended
2. **Resource Group**: Must be valid Azure name
- Invalid characters: Error
- Too long (>90 chars): Error
- Valid format: ✅ Recommended
3. **VNet Address Space**: Must be valid CIDR
- Invalid format: Error
- Valid CIDR: ✅ Recommended
4. **Subnets**: Must be within VNet, valid CIDR
- Not within VNet: Error
- Invalid CIDR: Error
- Valid configuration: ✅ Recommended
5. **Node Counts**: Must be >= 0
- Validators = 0: Error
- Sentries = 0: Warning
- RPC = 0: Warning
- All > 0: ✅ Recommended
### Besu Configuration Validation
1. **Ports**: Must be unique, valid range (1-65535)
- Port conflicts: Error
- Privileged ports (<1024): Warning
- Valid ports: ✅ Recommended
2. **RPC Configuration**:
- Validators with RPC: Warning (security risk)
- RPC nodes without RPC: Error
- RPC nodes with P2P: Warning (security risk)
- Valid configuration: ✅ Recommended
3. **CORS Configuration**:
- Wildcard '*': Warning (security risk)
- Missing protocol: Warning
- Valid origins: ✅ Recommended
### Deployment Validation
1. **Deployment Type**: Must be 'aks', 'vm', or 'both'
- Invalid type: Error
- Valid type: ✅ Recommended
2. **VM Deployment**:
- SSH key not found: Error
- Too many regions (>10): Warning
- Valid configuration: ✅ Recommended
3. **Large Deployments**:
- >50 nodes: Warning (consider VM Scale Sets)
- >100 nodes: Warning (verify necessity)
- Reasonable size: ✅ Recommended
## Error Handling
### Error Levels
1. **Errors**: Block configuration generation
- Invalid values
- Missing required fields
- Configuration conflicts
2. **Warnings**: Allow configuration but warn user
- Security risks
- Performance issues
- Best practice violations
3. **Info**: Informational messages
- Decision tree applied
- Configuration recommendations
### Error Resolution
1. **Automatic Fixes**: Tool attempts to fix common issues
- Missing SSH keys: Generate key
- Validator count mismatch: Align counts
- Port conflicts: Suggest alternative ports
2. **User Confirmation**: Tool asks user to confirm risky configurations
- Security risks: User must confirm
- Performance issues: User must confirm
- Best practice violations: User must confirm
3. **Manual Fixes**: User must fix errors manually
- Invalid values: User must correct
- Configuration conflicts: User must resolve
- Missing dependencies: User must provide
## Usage Examples
### Example 1: Single Validator (Error Prevention)
```
User: Number of validators: 1
Tool: ⚠ Warning: Single validator - network will be centralized
Tool: Continue with single validator? [y/N]: n
User: Number of validators: 4
Tool: ✅ Configuration accepted
```
### Example 2: RPC Security (Decision Tree)
```
User: Enable CORS? [y/N]: y
User: CORS origins: *
Tool: ⚠ Warning: CORS wildcard allows all origins
Tool: Continue with wildcard CORS? [y/N]: n
User: CORS origins: https://yourdomain.com
Tool: ✅ Configuration accepted
```
### Example 3: Deployment Type (Decision Tree)
```
User: Deployment type: vm
User: Number of nodes: 60
Tool: ⚠ Warning: Large VM deployment - consider VM Scale Sets
Tool: Switch to VM Scale Sets? [Y/n]: y
Tool: ✅ Configuration updated to use VM Scale Sets
```
## Best Practices
1. **Always Review Warnings**: Warnings indicate potential issues
2. **Confirm Security Risks**: Never ignore security warnings
3. **Validate Configuration**: Run validation before deploying
4. **Test Configuration**: Test in dev environment first
5. **Document Changes**: Document any manual configuration changes
## References
- [Besu Configuration](https://besu.hyperledger.org/stable/Reference/CLI/CLI-Syntax/)
- [Kubernetes Best Practices](https://kubernetes.io/docs/concepts/security/)
- [Azure VM Sizes](https://docs.microsoft.com/azure/virtual-machines/sizes)
- [IBFT2 Consensus](https://besu.hyperledger.org/stable/HowTo/Configure/Consensus-Protocols/IBFT/)
Reference in New Issue View Git Blame Copy Permalink