d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
2a6d3cfc7f765252f92066b511c898e957ebc546
proxmox/docs/04-configuration/E2E_DNS_FROM_LAN_RUNBOOK.md
defiQUG 3f76bc9507
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: update master documentation and push to Gitea (2026-03-06) 
- MASTER_INDEX: Last Updated 2026-03-06; status 59/59 contracts; add NEXT_STEPS_LIST, CONTRACT_NEXT_STEPS_LIST
- docs/README, NEXT_STEPS_INDEX, 06-besu/MASTER_INDEX: Last Updated 2026-03-06
- Contract check script: 59 addresses (PMM, vault/reserve, CompliantFiatTokens); canonical CCIP/router
- New docs: EXECUTION_CHECKLIST, NEXT_STEPS_LIST, DOTENV_AUDIT, ADDITIONAL_PATHS, deployer gas runbook, WEMIX_ACQUISITION_TABLED, etc.
- Config: deployer-gas-routes, cro-wemix-swap-routes, routing-registry, token-mapping
- Scripts: check-contracts-on-chain-138, check-pmm-pool-balances-chain138, deployer-gas-auto-route, acquire-cro-and-wemix-gas
- Operator rule: operator-lan-access-check.mdc

Made-with: Cursor
2026-03-06 19:11:25 -08:00

65 lines
3.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# E2E DNS from LAN (no public DNS) runbook
When the E2E domain sweep runs from a machine where `*.sankofa.nexus`, `*.d-bis.org`, etc. do not resolve (e.g. no Cloudflare/split-horizon DNS, no VPN), all tests fail at DNS (`Could not resolve host`). This runbook gives three ways to unblock.
## Option 1: Temporary `/etc/hosts` (recommended for this machine)
Use the generated hosts file so this machine resolves all E2E hostnames to the LAN proxy (NPMplus).
1. **Append E2E hosts to `/etc/hosts`** (from repo root):
```bash
sudo cp /etc/hosts /etc/hosts.bak.$(date +%Y%m%d)
cat config/e2e-hosts-append.txt | sudo tee -a /etc/hosts
```
Or generate fresh:
```bash
./scripts/verify/generate-e2e-hosts.sh | sudo tee -a /etc/hosts
```
2. **Run E2E using the system resolver** (so `getent`/hosts are used instead of `dig @8.8.8.8`):
```bash
E2E_USE_SYSTEM_RESOLVER=1 ./scripts/verify/verify-end-to-end-routing.sh
```
3. **Revert when done** (optional): run the dedicated script to remove the E2E block:
```bash
sudo ./scripts/verify/remove-e2e-hosts-from-etc-hosts.sh
```
Or restore from backup: `sudo cp /etc/hosts.bak.YYYYMMDD /etc/hosts`
**Mappings used:** Most domains → NPMplus primary `192.168.11.167`. Gitea/dev/codespaces → NPMplus Fourth `192.168.11.170`. Proxmox UI → `pve.ml110` (`.10`), `pve.r630-01` (`.11`), `pve.r630-02` (`.12`). See `config/ip-addresses.conf` and `scripts/verify/generate-e2e-hosts.sh`.
## Option 2: Working DNS path to `*.sankofa.nexus` (and other zones)
- **Cloudflare:** Ensure the zones (e.g. `sankofa.nexus`, `d-bis.org`) have A/CNAME records pointing to the correct public IPs (e.g. `76.53.10.36` for main NPMplus, `76.53.10.40` for Fourth). Then from any machine with internet, DNS will resolve and E2E can use the default `dig @8.8.8.8` (no `/etc/hosts` or `E2E_USE_SYSTEM_RESOLVER`).
- **Split-horizon / internal DNS:** If you have an internal DNS server that serves these names (e.g. Pi-hole, dnsmasq) with the same mappings as `e2e-hosts-append.txt`, point this machines resolver to it and run E2E normally (or with `ACCEPT_ANY_DNS=1` if resolved IPs differ from `PUBLIC_IP`).
- **VPN:** If a VPN makes these hostnames resolve (e.g. via internal DNS), connect and run E2E; you may need `ACCEPT_ANY_DNS=1` if the VPN resolves to private IPs.
## Option 3: Bastion / jump host
Run the E2E sweep from a host where the domains already resolve and are reachable (e.g. a VM on the same LAN that has `/etc/hosts` or internal DNS, or a jump host that uses the right resolver). Copy the repo (or mount it), then:
```bash
# On bastion (with /etc/hosts or DNS already set)
cd /path/to/proxmox
E2E_USE_SYSTEM_RESOLVER=1 ./scripts/verify/verify-end-to-end-routing.sh
```
No need to change the script if the bastions resolver returns the correct IPs.
## Summary
| Goal | Action |
|-----------------------------|------------------------------------------------------------------------|
| Run E2E on this machine now | Use Option 1: append `config/e2e-hosts-append.txt` to `/etc/hosts`, then `E2E_USE_SYSTEM_RESOLVER=1 ./scripts/verify/verify-end-to-end-routing.sh` |
| Fix DNS for everyone | Option 2: Configure Cloudflare or internal DNS for the E2E hostnames |
| Run E2E from another host | Option 3: Use a bastion/jump host that already resolves the domains |
## References
- E2E script: `scripts/verify/verify-end-to-end-routing.sh`
- Hosts generator: `scripts/verify/generate-e2e-hosts.sh`
- Hosts append file: `config/e2e-hosts-append.txt`
- Revert script: `scripts/verify/remove-e2e-hosts-from-etc-hosts.sh`
- IP source of truth: `config/ip-addresses.conf`
Reference in New Issue View Git Blame Copy Permalink