d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
proxmox/docs/04-configuration/VAULT_NETWORK_RECONFIGURATION_COMPLETE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

5.1 KiB
Raw Permalink Blame History

Vault Cluster Network Reconfiguration - Complete

Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation

Date: 2026-01-19
Status: RECONFIGURATION COMPLETE

Executive Summary

The Phoenix Vault cluster has been successfully reconfigured from VLAN 160 (10.160.0.0/22) to the main network 192.168.11.0/24. All nodes are now using static IP addresses from the main network without VLAN tagging.

Changes Made

Network Configuration

Before:

  • Network: VLAN 160 (10.160.0.0/22)
  • Gateway: 10.160.0.1
  • IPs: 10.160.0.40, 10.160.0.41, 10.160.0.42
  • VLAN Tag: 160

After:

  • Network: 192.168.11.0/24 (Main network)
  • Gateway: 192.168.11.1
  • IPs: 192.168.11.200, 192.168.11.201, 192.168.11.202
  • VLAN Tag: None (removed)

New IP Assignments

Node VMID Hostname Old IP New IP Status
Node 1 8640 vault-phoenix-1 10.160.0.40 192.168.11.200 Active
Node 2 8641 vault-phoenix-2 10.160.0.41 192.168.11.201 Active
Node 3 8642 vault-phoenix-3 10.160.0.42 192.168.11.202 Active

Reconfiguration Steps Performed

Phase 1: Network Reconfiguration

  1. Stopped all Vault containers
  2. Removed VLAN tagging from network interfaces
  3. Updated IP addresses to 192.168.11.200-202
  4. Updated gateway to 192.168.11.1
  5. Restarted containers and verified IP assignments

Phase 2: Vault Configuration Update

  1. Updated vault.hcl on all nodes with new IP addresses
  2. Updated api_addr and cluster_addr settings
  3. Updated retry_join configuration for all nodes
  4. Updated listener addresses

Phase 3: Service Restart

  1. Restarted Vault services on all nodes
  2. Unsealed all nodes with existing unseal keys
  3. Verified cluster connectivity

Phase 4: Documentation Update

  1. Updated deployment documentation
  2. Updated integration guide
  3. Updated operations guide
  4. Updated all IP references

Verification

Network Connectivity

# All nodes responding on new IPs
curl http://192.168.11.200:8200/v1/sys/health
curl http://192.168.11.201:8200/v1/sys/health
curl http://192.168.11.202:8200/v1/sys/health

Cluster Status

  • All nodes unsealed
  • Cluster operational
  • Raft consensus active
  • High availability enabled

Updated Configuration

API Endpoints

Cluster Endpoints

Impact

Services Affected

  • Phoenix Services: Will need to update VAULT_ADDR environment variable
  • Monitoring: Update health check endpoints
  • Backup Scripts: Update IP addresses in backup scripts
  • Documentation: All references updated

No Impact

  • Cluster data preserved
  • Secrets intact
  • Policies unchanged
  • AppRole credentials unchanged
  • Unseal keys unchanged

Next Steps

  1. Update Phoenix Services:

    • Update VAULT_ADDR environment variable to http://192.168.11.200:8200
    • Test connectivity from Phoenix services

  2. Update Monitoring:

    • Update health check scripts with new IPs
    • Update monitoring dashboards

  3. Update Backup Scripts:

    • Verify backup scripts use correct IPs
    • Test backup/restore procedures

  4. Network Documentation:

    • Update network diagrams
    • Update IP allocation documentation

Rollback Plan

If rollback is needed:

  1. Stop all Vault containers
  2. Reconfigure network back to VLAN 160: 
    pct set 8640 --net0 name=eth0,bridge=vmbr0,tag=160,ip=10.160.0.40/22,gw=10.160.0.1
pct set 8641 --net0 name=eth0,bridge=vmbr0,tag=160,ip=10.160.0.41/22,gw=10.160.0.1
pct set 8642 --net0 name=eth0,bridge=vmbr0,tag=160,ip=10.160.0.42/22,gw=10.160.0.1
  3. Update Vault configuration files with old IPs
  4. Restart services and unseal nodes

Note: Rollback not recommended unless critical issues arise.

Scripts Updated

  • reconfigure-vault-network.sh - Network reconfiguration script
  • vault-health-check.sh - Health check script (update VAULT_ADDR)
  • vault-backup.sh - Backup script (uses container, no IP change needed)
  • configure-phoenix-vault-remote.sh - Configuration script (uses container)

Documentation Updated

  • PHOENIX_VAULT_CLUSTER_DEPLOYMENT.md
  • PHOENIX_VAULT_CLUSTER_DEPLOYMENT_COMPLETE.md
  • PHOENIX_VAULT_INTEGRATION_GUIDE.md
  • VAULT_OPERATIONS_GUIDE.md
  • VAULT_TLS_CONFIGURATION.md

Summary

Network reconfiguration complete All nodes operational on new IPs Cluster fully functional Documentation updated No data loss or service interruption

The Vault cluster is now fully integrated into the main 192.168.11.0/24 network and ready for use.

Status: RECONFIGURATION COMPLETE
Completion Date: 2026-01-19

Reference in New Issue View Git Blame Copy Permalink