proxmox/docs/03-deployment/DEPLOYMENT_MASTER_PROCEDURE.md

Deployment Master Procedure

Date: 2026-01-22
Status: 🟢 Active Reference
Last Updated: 2026-02-05
Purpose: Comprehensive deployment procedure master document

---

Overview

This document consolidates all deployment procedures into a single master reference, providing a complete deployment guide for all services.

---

Deployment Prerequisites

System Requirements

• Proxmox VE: 3 hosts — 192.168.11.10 (ml110), 192.168.11.11 (r630-01), 192.168.11.12 (r630-02)
• Edge: UDM Pro (76.53.10.34, replaced ER605). Port forward 76.53.10.36:80/443 → 192.168.11.167:80/443 (NPMplus). NPMplus LXC has 192.168.11.166 and 192.168.11.167; only 192.168.11.167 is used in UDM Pro.
• Network: VLAN 11 configured, gateway accessible
• Storage: LVM-thin storage pools available
• Templates: Ubuntu/Debian container templates

Access Requirements

• SSH access to all Proxmox hosts
• Root access to containers
• Network access to services

---

Deployment Phases

Phase 1: Infrastructure Setup

1.1 Proxmox Host Configuration

# Verify host connectivity
./scripts/check-vmid-conflicts.sh
./scripts/check-ip-conflicts.sh

# Configure network
# See: docs/04-configuration/NETWORK_CONFIGURATION_MASTER.md

1.2 Network Configuration

• Configure VLAN 11
• Set up gateway routing
• Configure DNS
• Set up firewall rules

Reference: docs/11-references/NETWORK_CONFIGURATION_MASTER.md

---

Phase 2: Database Services

2.1 PostgreSQL Deployment

# Order PostgreSQL
./scripts/configure-service-dependencies.sh

# DBIS PostgreSQL
./scripts/run-dbis-database-migrations.sh

# Sankofa PostgreSQL
./scripts/run-migrations-r630-01.sh

2.2 Redis Deployment

# Order Redis
# DBIS Redis
# See: scripts/configure-service-dependencies.sh

VMIDs:

• Order PostgreSQL: 10000 (primary), 10001 (replica)
• DBIS PostgreSQL: 10100 (primary), 10101 (replica)
• Order Redis: 10020
• DBIS Redis: 10120
• Sankofa PostgreSQL: 7803

---

Phase 3: Authentication Services

3.1 Keycloak Deployment

./scripts/setup-keycloak-r630-01.sh

VMID: 7802
Reference: docs/04-configuration/KEYCLOAK_SETUP.md

3.2 Vault Deployment

./scripts/deploy-phoenix-vault-cluster.sh

VMIDs: 8640, 8641, 8642
Reference: docs/04-configuration/PHOENIX_VAULT_CLUSTER_DEPLOYMENT.md

---

Phase 4: Application Services

4.1 DBIS Services

# Deploy DBIS services
./scripts/deploy-api-r630-01.sh

# Run migrations
./scripts/run-dbis-database-migrations.sh

VMIDs: 10130 (frontend), 10150 (API primary), 10151 (API secondary)

4.2 Order Services

# Deploy Order services
./scripts/deploy-portal-r630-01.sh

VMIDs: 10090 (portal), 10030-10092 (various services), 10202 (opensearch), 10210 (haproxy)

4.3 Sankofa Services

# Deploy Sankofa services
./scripts/deploy-sankofa-r630-01.sh

VMIDs: 7800 (API), 7801 (Portal), 7802 (Keycloak), 7803 (PostgreSQL)

---

Phase 5: Blockchain Services

5.1 Besu Validators

# Deploy validators
# See: smom-dbis-138-proxmox/scripts/

# Update validator configs
./scripts/fix-validator-txpool.sh

VMIDs: 1000-1004
Reference: docs/06-besu/VALIDATOR_TXPOOL_CONFIGURATION_FIX.md

5.2 Besu Sentries

# Deploy sentries
# See: smom-dbis-138-proxmox/scripts/

VMIDs: 1500-1504

5.3 RPC Nodes

# Deploy RPC nodes
./scripts/setup-thirdweb-rpc-nodes.sh

VMIDs: 2101 (core), 2201 (public), 2301 (private), 2400-2403 (thirdweb)

5.4 Blockscout

# Deploy Blockscout
./scripts/start-blockscout-service.sh

VMID: 5000
Reference: docs/04-configuration/BLOCKSCOUT_ROUTING_CORRECT.md

---

Phase 6: Reverse Proxy & Networking

6.1 NPMplus Deployment

# Deploy NPMplus
# See: docs/04-configuration/NPMPLUS_COMPLETE_SETUP_SUMMARY.md

VMIDs: 10233 (primary), 10234 (secondary)

6.2 Cloudflare Tunnel

./scripts/install-shared-tunnel-token.sh
./scripts/update-cloudflare-tunnel-to-nginx.sh

VMID: 102

---

Deployment Checklist

Pre-Deployment

• Verify Proxmox host connectivity
• Check VMID conflicts
• Check IP conflicts
• Verify network configuration
• Verify storage availability

Deployment

• Deploy infrastructure services
• Deploy database services
• Deploy authentication services
• Deploy application services
• Deploy blockchain services
• Deploy reverse proxy

Post-Deployment

• Verify all services running
• Test service connectivity
• Verify database connections
• Test API endpoints
• Verify reverse proxy routing
• Run configuration validation

---

Deployment Scripts Reference

Infrastructure

• scripts/setup-central-nginx-routing.sh - Central nginx routing
• scripts/configure-persistent-networks-v3.sh - Network configuration

Database

• scripts/configure-service-dependencies.sh - Service dependencies
• scripts/run-dbis-database-migrations.sh - DBIS migrations
• scripts/run-migrations-r630-01.sh - Sankofa migrations

Application

• scripts/deploy-api-r630-01.sh - DBIS API
• scripts/deploy-portal-r630-01.sh - Order Portal
• scripts/deploy-sankofa-r630-01.sh - Sankofa services

Blockchain

• scripts/setup-thirdweb-rpc-nodes.sh - ThirdWeb RPC
• scripts/fix-validator-txpool.sh - Validator configuration
• scripts/start-blockscout-service.sh - Blockscout

Verification

• scripts/check-vmid-conflicts.sh - VMID conflict check
• scripts/check-ip-conflicts.sh - IP conflict check
• scripts/validate-configuration.sh - Configuration validation

---

Rollback Procedures

Service Rollback

1. Stop service container
2. Restore from backup if available
3. Revert configuration changes
4. Restart service

Database Rollback

1. Stop database service
2. Restore database from backup
3. Restart database service
4. Verify data integrity

Network Rollback

1. Revert network configuration
2. Restore firewall rules
3. Restore routing rules
4. Verify connectivity

---

Related Documents

• PHOENIX_DEPLOYMENT_RUNBOOK.md - Phoenix-specific deployment
• VMID_ALLOCATION_FINAL.md - VMID reference
• NETWORK_CONFIGURATION_MASTER.md - IP and network reference
• NETWORK_ARCHITECTURE.md - Service and network layout

---

Last Updated: 2026-01-22
Maintainer: System Administrator
Update Frequency: On deployment procedure changes