d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add MEV CT2421 cutover helper

Browse Source
This commit is contained in:
defiQUG
2026-04-13 16:06:34 -07:00
parent 0c58ccaf6c
commit 309843df95
2 changed files with 252 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/04-configuration/MEV_CONTROL_LAN_BRINGUP_CHECKLIST.md
View File

@@ -15,7 +15,7 @@ It is based on the repo's current assumptions:
Because of that localhost assumption, the cleanest contained split topology for this deployment is:
- **Backend Proxmox host:** `r630-04` at **`192.168.11.14`**
- **Backend CT:** **VMID `2421`** at **`192.168.11.219`**
- **Backend CT:** **VMID `2421`** at **`192.168.11.223`**
- **Public web host:** `info-defi-oracle-web` CT **2410** at **`192.168.11.218`**
## 1. Host choice
@@ -30,7 +30,7 @@ Use the dedicated backend CT for:
Use **CT 2410** only for:
- static GUI files
- nginx reverse proxy `/api` to `192.168.11.219:9090`
- nginx reverse proxy `/api` to `192.168.11.223:9090`
Why this is the recommended topology:
@@ -55,7 +55,7 @@ Default CT identity:
- Proxmox host: `192.168.11.14`
- VMID: `2421`
- CT IP: `192.168.11.219`
- CT IP: `192.168.11.223`
- Hostname: `mev-control-backend`
The provisioner creates an unprivileged Debian 12 CT with:
@@ -313,7 +313,7 @@ Before testing the public site, re-render the MEV nginx vhost so CT `2410` point
```bash
cd /home/intlc/projects/proxmox
MEV_ADMIN_API_HOST=192.168.11.219 bash scripts/deployment/sync-mev-control-gui-defi-oracle.sh
MEV_ADMIN_API_HOST=192.168.11.223 bash scripts/deployment/sync-mev-control-gui-defi-oracle.sh
```
Once the control plane is up inside the backend CT, confirm CT 2410 can reach it through nginx:
@@ -341,7 +341,8 @@ Overview:
- needs `mev-admin-api`
- needs service health ports 8080-8087 on the same host
- infra only reports real Postgres status today; Redis and NATS are still backend TODOs
- infra reports live Postgres, Redis, and NATS status
- backend CT includes `mev-start-all.service` so the worker stack auto-starts after `mev-supervisor` and `mev-admin-api`
Pipeline:
@@ -395,3 +396,32 @@ Even after the stack is running, the following are still known implementation ga
- bundle signing
- inclusion detection
- Uniswap V3 / Curve / multicall / block-subscription gaps tracked in `MEV_Bot/mev-platform/docs/REMAINING_GAPS_IMPLEMENTATION.md`
## 15. Post-deploy cutover for CT 2421
Once the hardened executor and flash-loan provider wrapper are actually broadcast, use the dedicated cutover helper from the repo root:
```bash
bash scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh \
--artifact reports/status/mev_execution_deploy_YYYYMMDD_HHMMSS.json \
--uniswap-v2-router 0x... \
--sushiswap-router 0x... \
--api-key "$MEV_API_KEY"
```
That runs in dry-run mode by default and prints:
- the exact config patch diff for `config.dev.toml`
- the exact `pct exec 2421` copy command
- the exact restart chain for `mev-supervisor`, `mev-admin-api`, and `mev-start-all`
- the exact local CT verification commands
- the exact public verification commands
When the diff and commands look correct, run the same command with `--apply`.
This helper assumes:
- Proxmox host for the backend CT is `192.168.11.14`
- backend CT VMID is `2421`
- target config inside the CT is `/opt/proxmox/MEV_Bot/mev-platform/config.dev.toml`
- backend env file inside the CT is `/etc/mev-platform/backend.env`

217
scripts/deployment/run-mev-post-deploy-cutover-ct2421.sh Executable file
View File

@@ -0,0 +1,217 @@
#!/usr/bin/env bash
set -euo pipefail
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
PVE_HOST="${MEV_BACKEND_PVE_HOST:-192.168.11.14}"
CT_VMID="${MEV_BACKEND_CT_VMID:-2421}"
CT_CONFIG_PATH="${MEV_BACKEND_CT_CONFIG_PATH:-/opt/proxmox/MEV_Bot/mev-platform/config.dev.toml}"
SOURCE_CONFIG="${MEV_SOURCE_CONFIG:-$ROOT/MEV_Bot/mev-platform/config.dev.toml}"
ARTIFACT_PATH="${MEV_EXECUTION_DEPLOY_ARTIFACT:-}"
UNISWAP_V2_ROUTER="${MEV_UNISWAP_V2_ROUTER:-}"
SUSHISWAP_ROUTER="${MEV_SUSHISWAP_ROUTER:-}"
RELAY_URL="${MEV_RELAY_URL:-}"
API_KEY="${MEV_API_KEY:-}"
RPC_URL="${MEV_RPC_URL:-https://eth.llamarpc.com}"
APPLY=0
usage() {
cat <<'EOF'
Usage: run-mev-post-deploy-cutover-ct2421.sh [options]
Prepares the exact post-deploy cutover for the MEV backend CT (default VMID 2421):
1. patch config.dev.toml from a deployment artifact
2. copy the patched config into CT 2421
3. restart mev-supervisor / mev-admin-api / mev-start-all
4. run local and public verification probes
Defaults to dry-run and prints the exact commands that would be executed.
Options:
--artifact PATH Deployment artifact JSON from deploy-mev-execution-contracts.sh
--uniswap-v2-router ADR Router address for uniswap_v2
--sushiswap-router ADR Router address for sushiswap
--relay-url URL Optional relay_url override
--api-key KEY API key used for protected verification routes
--pve-host HOST Proxmox host running CT 2421 (default: 192.168.11.14)
--ct-vmid VMID CT VMID (default: 2421)
--source-config PATH Local source config to patch (default: MEV_Bot/mev-platform/config.dev.toml)
--ct-config PATH Target config path inside CT (default: /opt/proxmox/MEV_Bot/mev-platform/config.dev.toml)
--rpc-url URL RPC URL for readiness checks (default: https://eth.llamarpc.com)
--apply Execute the cutover
-h, --help Show this help
EOF
}
while [[ $# -gt 0 ]]; do
case "$1" in
--artifact)
ARTIFACT_PATH="$2"
shift 2
;;
--uniswap-v2-router)
UNISWAP_V2_ROUTER="$2"
shift 2
;;
--sushiswap-router)
SUSHISWAP_ROUTER="$2"
shift 2
;;
--relay-url)
RELAY_URL="$2"
shift 2
;;
--api-key)
API_KEY="$2"
shift 2
;;
--pve-host)
PVE_HOST="$2"
shift 2
;;
--ct-vmid)
CT_VMID="$2"
shift 2
;;
--source-config)
SOURCE_CONFIG="$2"
shift 2
;;
--ct-config)
CT_CONFIG_PATH="$2"
shift 2
;;
--rpc-url)
RPC_URL="$2"
shift 2
;;
--apply)
APPLY=1
shift
;;
-h|--help)
usage
exit 0
;;
*)
echo "Unknown argument: $1" >&2
usage >&2
exit 2
;;
esac
done
require_cmd() {
command -v "$1" >/dev/null 2>&1 || {
echo "Required command missing: $1" >&2
exit 2
}
}
require_cmd ssh
require_cmd mktemp
require_cmd bash
require_cmd sed
if [[ -z "$ARTIFACT_PATH" ]]; then
echo "--artifact is required" >&2
exit 2
fi
if [[ -z "$UNISWAP_V2_ROUTER" || -z "$SUSHISWAP_ROUTER" ]]; then
echo "--uniswap-v2-router and --sushiswap-router are required" >&2
exit 2
fi
if [[ ! -f "$SOURCE_CONFIG" ]]; then
echo "Source config not found: $SOURCE_CONFIG" >&2
exit 2
fi
if [[ ! -f "$ARTIFACT_PATH" ]]; then
echo "Artifact not found: $ARTIFACT_PATH" >&2
exit 2
fi
TMP_CONFIG="$(mktemp)"
cleanup() {
rm -f "$TMP_CONFIG"
}
trap cleanup EXIT
cp "$SOURCE_CONFIG" "$TMP_CONFIG"
PATCH_CMD=(
bash "$ROOT/scripts/deployment/apply-mev-execution-config-from-artifact.sh"
--artifact "$ARTIFACT_PATH"
--config "$TMP_CONFIG"
--uniswap-v2-router "$UNISWAP_V2_ROUTER"
--sushiswap-router "$SUSHISWAP_ROUTER"
)
if [[ -n "$RELAY_URL" ]]; then
PATCH_CMD+=(--relay-url "$RELAY_URL")
fi
PATCH_CMD+=(--apply)
"${PATCH_CMD[@]}" >/tmp/mev-cutover-patch.log
CT_VERIFY_CMD=$(cat <<EOF
set -euo pipefail
printf '== env ==\n'
grep -E '^(MEV_CONFIG|MEV_ADMIN_PORT|MEV_SUPERVISOR_PORT|MEV_SUBMIT_DISABLED|MEV_ADMIN_API_KEY|MEV_EXECUTOR_PRIVATE_KEY)=' /etc/mev-platform/backend.env || true
printf '\n== services ==\n'
systemctl restart mev-supervisor.service
systemctl restart mev-admin-api.service
systemctl restart mev-start-all.service || systemctl start mev-start-all.service || true
systemctl --no-pager --full status mev-supervisor.service mev-admin-api.service --lines=0 || true
printf '\n== local api ==\n'
curl -fsS http://127.0.0.1:9090/api/health | jq .
curl -fsS http://127.0.0.1:9090/api/auth/check | jq .
if [ -n "${API_KEY:-}" ]; then
curl -fsS -H "X-API-Key: ${API_KEY}" http://127.0.0.1:9090/api/infra | jq .
curl -fsS -H "X-API-Key: ${API_KEY}" http://127.0.0.1:9090/api/safety/signer | jq .
cd /opt/proxmox/MEV_Bot/mev-platform
MEV_ADMIN_API_KEY="${API_KEY}" BASE=http://127.0.0.1:9090 ./scripts/e2e_admin_api.sh
fi
printf '\n== readiness ==\n'
bash /opt/proxmox/scripts/verify/check-mev-execution-readiness.sh --config "$CT_CONFIG_PATH" --env-file /etc/mev-platform/backend.env --rpc-url "$RPC_URL"
EOF
)
echo "MEV post-deploy cutover for CT $CT_VMID"
echo "PVE host: $PVE_HOST"
echo "CT config path: $CT_CONFIG_PATH"
echo "Source config: $SOURCE_CONFIG"
echo "Artifact: $ARTIFACT_PATH"
echo ""
echo "Prepared patched config diff:"
sed -n '1,160p' /tmp/mev-cutover-patch.log
echo ""
echo "Planned remote copy command:"
echo "ssh root@$PVE_HOST \"pct exec $CT_VMID -- bash -lc 'cat > $CT_CONFIG_PATH'\" < $TMP_CONFIG"
echo ""
echo "Planned remote restart/verify command:"
echo "ssh root@$PVE_HOST \"pct exec $CT_VMID -- bash -lc $(printf '%q' "$CT_VERIFY_CMD")\""
echo ""
echo "Planned public verification:"
echo "curl -fsS https://mev.defi-oracle.io/api/auth/check | jq ."
if [[ -n "$API_KEY" ]]; then
echo "curl -fsS -H \"X-API-Key: $API_KEY\" https://mev.defi-oracle.io/api/infra | jq ."
echo "curl -fsS -H \"X-API-Key: $API_KEY\" https://mev.defi-oracle.io/api/safety/signer | jq ."
fi
if [[ "$APPLY" -ne 1 ]]; then
echo ""
echo "Dry-run only. Re-run with --apply to execute."
exit 0
fi
cat "$TMP_CONFIG" | ssh "root@$PVE_HOST" "pct exec $CT_VMID -- bash -lc 'cat > \"$CT_CONFIG_PATH\"'"
ssh "root@$PVE_HOST" "pct exec $CT_VMID -- bash -lc $(printf '%q' "$CT_VERIFY_CMD")"
echo ""
echo "== public verification =="
curl -fsS https://mev.defi-oracle.io/api/auth/check | jq .
if [[ -n "$API_KEY" ]]; then
curl -fsS -H "X-API-Key: $API_KEY" https://mev.defi-oracle.io/api/infra | jq .
curl -fsS -H "X-API-Key: $API_KEY" https://mev.defi-oracle.io/api/safety/signer | jq .
fi