# VMID 2400 RPC Translator - Dependency Services Investigation Report **Date**: 2026-01-09 **VMID**: 2400 (thirdweb-rpc-1) **IP**: 192.168.11.240 **Status**: ⚠️ **Degraded - Dependency Services Issues** --- ## Executive Summary The RPC Translator service on VMID 2400 is operational but reports **degraded health** due to issues with three supporting services: 1. **Redis (VMID 106)**: Service running but misconfigured - bound to localhost only 2. **Web3Signer (VMID 107)**: Service not running 3. **Vault (VMID 108)**: Service not running --- ## Issue Details ### 1. Redis (VMID 106) - Configuration Issue **Location**: r630-01 (192.168.11.11) **IP**: 192.168.11.110 **Port**: 6379 **Status**: - ✅ Container: Running - ✅ Service: Active (redis-server) - ❌ **Configuration**: Bound to `127.0.0.1:6379` instead of `192.168.11.110:6379` - ❌ **Protected Mode**: Enabled (blocks external connections) **Current Configuration**: ``` bind 127.0.0.1 ::1 protected-mode yes ``` **Problem**: - Redis is only listening on localhost (127.0.0.1) - Protected mode is enabled, preventing external connections - VMID 2400 cannot connect from 192.168.11.240 **Error from RPC Translator**: ``` Redis connection error: Error: connect ECONNREFUSED 192.168.11.110:6379 ``` **Fix Required**: 1. Update `/etc/redis/redis.conf` to bind to `192.168.11.110` 2. Disable protected mode OR configure password authentication 3. Restart redis-server service --- ### 2. Web3Signer (VMID 107) - Service Not Running **Location**: r630-01 (192.168.11.11) **IP**: 192.168.11.111 **Port**: 9000 **Status**: - ✅ Container: Running - ❌ **Service**: Inactive/Not Running - ❌ **Systemd Unit**: Not found or not enabled **Problem**: - Web3Signer service is not started - No systemd service entries found - Service may not be installed or configured **Error from RPC Translator**: ``` Web3Signer: connect ECONNREFUSED 192.168.11.111:9000 ``` **Fix Required**: 1. Verify Web3Signer installation 2. Create/configure systemd service 3. Start and enable web3signer service 4. Verify service is listening on 192.168.11.111:9000 --- ### 3. Vault (VMID 108) - Service Not Running **Location**: r630-01 (192.168.11.11) **IP**: 192.168.11.112 **Port**: 8200 **Status**: - ✅ Container: Running - ❌ **Service**: Inactive (disabled) - ❌ **Systemd Unit**: Disabled **Problem**: - Vault service exists but is disabled - Service has never been started - Vault may not be initialized **Error from RPC Translator**: ``` Vault: Vault not initialized ``` **Fix Required**: 1. Initialize Vault (if not already done) 2. Enable vault systemd service 3. Start vault service 4. Verify service is listening on 192.168.11.112:8200 5. Configure AppRole authentication (if needed) --- ## Impact Assessment ### Current Functionality **Working**: - ✅ Besu RPC service (direct access on port 8545) - ✅ RPC Translator HTTP endpoint (port 9545) - ✅ RPC Translator WebSocket endpoint (port 9546) - ✅ Basic RPC functionality (read operations) **Degraded**: - ⚠️ Nonce management (requires Redis) - ⚠️ Transaction signing (requires Web3Signer) - ⚠️ Configuration management (requires Vault) ### Service Dependencies | Service | Required For | Impact if Down | |---------|-------------|----------------| | Redis | Nonce locking, caching | Transaction conflicts possible | | Web3Signer | Transaction signing | `eth_sendTransaction` will fail | | Vault | Config management | Falls back to env vars (may be OK) | --- ## Recommended Fixes ### Priority 1: Redis (Critical for Transaction Handling) ```bash # On r630-01 (192.168.11.11) ssh root@192.168.11.11 # Edit Redis configuration pct exec 106 -- nano /etc/redis/redis.conf # Change: # bind 127.0.0.1 ::1 # To: # bind 192.168.11.110 # Change: # protected-mode yes # To: # protected-mode no # OR configure password authentication # Restart Redis pct exec 106 -- systemctl restart redis-server # Verify pct exec 106 -- redis-cli -h 192.168.11.110 ping # Should return: PONG # Test from VMID 2400 ssh root@192.168.11.10 "pct exec 2400 -- nc -zv 192.168.11.110 6379" ``` ### Priority 2: Web3Signer (Required for Transaction Signing) ```bash # On r630-01 (192.168.11.11) ssh root@192.168.11.11 # Check if Web3Signer is installed pct exec 107 -- ls -la /opt/web3signer* 2>/dev/null || echo "Not installed" # If installed, check configuration pct exec 107 -- cat /opt/web3signer-*/web3signer.yml 2>/dev/null # Check for systemd service file pct exec 107 -- ls -la /etc/systemd/system/web3signer.service 2>/dev/null # If service exists, enable and start pct exec 107 -- systemctl enable web3signer pct exec 107 -- systemctl start web3signer pct exec 107 -- systemctl status web3signer # Verify curl http://192.168.11.111:9000/upcheck # Should return: OK ``` ### Priority 3: Vault (Optional - Config Management) ```bash # On r630-01 (192.168.11.11) ssh root@192.168.11.11 # Check Vault installation pct exec 108 -- which vault # Check if Vault is initialized pct exec 108 -- vault status 2>/dev/null || echo "Not initialized" # Enable and start service pct exec 108 -- systemctl enable vault pct exec 108 -- systemctl start vault pct exec 108 -- systemctl status vault # Verify curl http://192.168.11.112:8200/v1/sys/health ``` --- ## Network Connectivity All services are on the same network (192.168.11.0/24), so network connectivity should work once services are properly configured and running. **Firewall Rules** (if applicable): - VMID 2400 → VMID 106 (Redis): TCP 6379 - VMID 2400 → VMID 107 (Web3Signer): TCP 9000 - VMID 2400 → VMID 108 (Vault): TCP 8200 --- ## Testing After Fixes 1. **Test Redis**: ```bash ssh root@192.168.11.10 "pct exec 2400 -- redis-cli -h 192.168.11.110 ping" ``` 2. **Test Web3Signer**: ```bash curl http://192.168.11.111:9000/upcheck ``` 3. **Test Vault**: ```bash curl http://192.168.11.112:8200/v1/sys/health ``` 4. **Test RPC Translator Health**: ```bash curl http://192.168.11.240:9545/health # Should show all components as healthy ``` --- ## Next Steps 1. ✅ **Investigation Complete** - All issues identified 2. ⏳ **Fix Redis Configuration** - Update bind address and protected mode 3. ⏳ **Start Web3Signer Service** - Verify installation and start service 4. ⏳ **Start Vault Service** - Enable and start service, verify initialization 5. ⏳ **Verify Connectivity** - Test all connections from VMID 2400 6. ⏳ **Monitor Health** - Check RPC Translator health endpoint --- ## References - Redis Configuration: `/etc/redis/redis.conf` on VMID 106 - Web3Signer Config: `/opt/web3signer-*/web3signer.yml` on VMID 107 - Vault Config: `/etc/vault.d/vault.hcl` on VMID 108 - RPC Translator Config: `/opt/rpc-translator-138/.env` on VMID 2400 - Deployment Docs: `rpc-translator-138/DEPLOYMENT.md` - Services Config: `rpc-translator-138/SERVICES_CONFIGURED.md`