d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/00-meta/STEPS_FROM_PROXMOX_OR_LAN_WITH_SECRETS.md
defiQUG e4c9dda0fd
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: update submodule references and documentation 
- Marked submodules ai-mcp-pmm-controller, explorer-monorepo, and smom-dbis-138 as dirty to reflect recent changes.
- Updated documentation to clarify operator script usage, including dotenv loading and task execution instructions.
- Enhanced the README and various index files to provide clearer navigation and task completion guidance.

Made-with: Cursor
2026-03-04 02:03:08 -08:00

7.9 KiB
Raw Permalink Blame History

Steps You Can Do From Proxmox / LAN With Secrets

Last Updated: 2026-02-14
Purpose: When you have SSH to the Proxmox host (or any host on the same LAN as 192.168.11.x) and access to .env files (PRIVATE_KEY, NPM_PASSWORD, RPC URLs, etc.), you can run many more tasks than the "from anywhere" set. This document lists all of them.

From anywhere (no LAN/creds): See run-completable-tasks-from-anywhere.sh — config validation, on-chain check (SKIP_EXIT=1 if RPC unreachable), run-all-validation --skip-genesis, reconcile-env.

Single script (LAN + secrets): run-all-operator-tasks-from-lan.shalways loads dotenv from repo .env and smom-dbis-138/.env (NPM_PASSWORD, PRIVATE_KEY, RPC, etc.). Optional phases: backup, contract verify, contract deploy, VM/container creation. Use --dry-run to print steps.

1. Contract deployment (Chain 138)

Requires: smom-dbis-138/.env with PRIVATE_KEY, RPC_URL_138 (Chain 138 Core, e.g. http://192.168.11.211:8545). All Forge deploys must use --with-gas-price 1000000000 (or GAS_PRICE=1000000000).

Step Command / action Notes
Deploy core (Multicall, Oracle, MultiSig) cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh If already deployed, script overwrites; check CONTRACT_ADDRESSES_REFERENCE.
Deploy CCIPReceiver + Voting Set CCIP_ROUTER_ADDRESS, ORACLE_AGGREGATOR_ADDRESS in .env; run deploy script or phased script See CONTRACT_DEPLOYMENT_RUNBOOK.
Deploy phased (0106) cd smom-dbis-138 && ./scripts/deployment/deploy-all-phases.sh Skips phases when env vars already set; use --all to run all.
Deploy TransactionMirror ./scripts/deployment/deploy-transaction-mirror-chain138.sh Use if forge script fails (constructor-args decode); add TRANSACTION_MIRROR_ADDRESS to .env after.
Update config After any deploy: update config/smart-contracts-master.json (and optionally config/contract-addresses.conf for verify scripts), CONTRACT_ADDRESSES_REFERENCE Then re-run on-chain check.

2. Contract verification (Blockscout)

Requires: Host that can reach Blockscout (explorer.d-bis.org or LAN IP). Load smom-dbis-138/.env for contract list. The forge-verification-proxy accepts both JSON and form-encoded bodies (fix applied 2026-02).

Step Command / action Notes
Verify all (proxy) source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh Submits source to Blockscout via proxy (starts proxy automatically).
Verify one contract ./scripts/verify/run-contract-verification-with-proxy.sh --only ContractName Retry single contract.
On-chain check ./scripts/verify/check-contracts-on-chain-138.sh (uses RPC_URL_138) or .../check-contracts-on-chain-138.sh $RPC_URL_138 Confirms 36 addresses exist; no Blockscout needed.

3. Fix E2E 502s (backends + NPMplus + RPC)

Requires: LAN (SSH to Proxmox, reach NPMplus). When public domains (dbis-admin, secure, dbis-api, rpc-http-prv, rpc-alltra*, rpc-hybx*) return 502, use this flow first.

Step Command / action Notes
Address all 502s ./scripts/maintenance/address-all-remaining-502s.sh Backends + NPMplus proxy update (if NPM_PASSWORD set) + RPC diagnostics.
With Besu fix + E2E ./scripts/maintenance/address-all-remaining-502s.sh --run-besu-fix --e2e Also runs fix-all-besu-nodes.sh and verify-end-to-end-routing.sh.
E2E only ./scripts/verify/verify-end-to-end-routing.sh Re-check after fixes. Use E2E_ACCEPT_502_INTERNAL=1 to allow exit 0 when only 502s remain.

Runbook: 502_DEEP_DIVE_ROOT_CAUSES_AND_FIXES.md — backend map, per-step fix, NPMplus refresh, RPC diagnostics.

4. Backups and NPMplus

Requires: LAN access to NPMplus (192.168.11.x) and NPM_PASSWORD in env (or script prompt).

Step Command / action Notes
NPMplus backup ./scripts/verify/backup-npmplus.sh Backs up NPMplus container config.
NPMplus RPC proxy fix ./scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh Updates proxy hosts via API.
Schedule backup cron ./scripts/maintenance/schedule-npmplus-backup-cron.sh --install Cron for periodic backup.

5. Proxmox VM/container creation (capacity and HA)

Requires: SSH to Proxmox host (e.g. root@192.168.11.10 or r630-01/r630-02). See PROXMOX_VM_CREATION_RUNBOOK for capacity and availability best practices.

Step Command / action Notes
DBIS Core containers (6) ./dbis_core/scripts/deployment/create-dbis-core-containers.sh Creates 10100, 10101, 10120, 10150, 10151, 10130 on PROXMOX_HOST.
Create missing RPC containers ./scripts/create-missing-containers-2506-2508.sh (if VMIDs 25062508 needed) Per VMID allocation.
Chain 138 containers ./scripts/create-chain138-containers.sh (if defined) Besu/RPC/explorer as per docs.
Spread VMs across nodes Prefer r630-01 / r630-02 for new VMs to balance load; ml110 already has 34 containers See PROXMOX_COMPLETE_RECOMMENDATIONS.

6. Bridge and cross-chain (LAN + PRIVATE_KEY + LINK)

Step Command / action Notes
sendCrossChain (real) ./scripts/bridge/run-send-cross-chain.sh <amount> [recipient] Omit --dry-run; requires LINK in deployer wallet.
Fund mainnet relay ./scripts/bridge/fund-mainnet-relay-bridge.sh When configuring mainnet bridge.
Grant relayer role ./scripts/bridge/grant-relayer-role-mainnet.sh When configuring roles.

7. Security and maintenance (from LAN)

Step Command / action Notes
SSH key auth `./scripts/security/setup-ssh-key-auth.sh [--dry-run --apply]`
Firewall 8006 `./scripts/security/firewall-proxmox-8006.sh [--dry-run --apply] [CIDR]`
Daily/weekly cron ./scripts/maintenance/schedule-daily-weekly-cron.sh --install Health and cleanup.

8. Tests (with RPC / env)

From repo root, with smom-dbis-138/.env and RPC reachable:

Step Command / action Notes
Forge tests (Chain 138) cd smom-dbis-138 && forge test Unit tests.
alltra-lifi-settlement cd alltra-lifi-settlement && forge test && npm run test:e2e -- --forceExit Settlement tests.

9. Config and docs (after deploys)

Step Action Notes
Reconcile .env ./scripts/verify/reconcile-env-canonical.sh --print Emit canonical lines; merge into smom-dbis-138/.env.
Update CONTRACT_ADDRESSES_REFERENCE and master JSON Add any new addresses to config/smart-contracts-master.json and CONTRACT_ADDRESSES_REFERENCE Keep CONTRACT_INVENTORY in sync.
Verify on explorer Open https://explorer.d-bis.org/address/ for new contracts Confirm bytecode and verification.

Quick reference: run-all-operator-tasks-from-lan.sh

# From repo root, on a host on LAN with secrets available
source smom-dbis-138/.env 2>/dev/null
./scripts/run-all-operator-tasks-from-lan.sh --dry-run   # print all steps
./scripts/run-all-operator-tasks-from-lan.sh            # run backup + verify (default)
./scripts/run-all-operator-tasks-from-lan.sh --deploy   # also run contract deploy (if not yet deployed)
./scripts/run-all-operator-tasks-from-lan.sh --create-vms  # also create DBIS Core / missing containers

See script help for --skip-backup, --skip-verify, and phase ordering.

Reference in New Issue View Git Blame Copy Permalink