d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3e9645274a5f6e2cbc5bae1dff55d3aed0295cbf
proxmox/docs/00-meta/REMAINING_WORK_DETAILED_TASKS.md
defiQUG b3a8fe4496
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
chore: sync all changes to Gitea 
- Config, docs, scripts, and backup manifests
- Submodule refs unchanged (m = modified content in submodules)

Made-with: Cursor
2026-03-02 11:37:34 -08:00

13 KiB
Raw Blame History

Remaining Work — Detailed Tasks

Last Updated: 2026-02-05
Purpose: Single checklist of every remaining task with concrete steps. Use with FULL_PARALLEL_EXECUTION_ORDER.md and WAVE2_WAVE3_OPERATOR_CHECKLIST.md.

Wave 0 — Gates / credentials (do when creds allow)

ID Task Detailed steps
W0-1 NPMplus RPC fix (405) Done (2026-02-06 run). Re-run from host on LAN if needed: bash scripts/nginx-proxy-manager/update-npmplus-proxy-hosts-api.sh
W0-2 Execute sendCrossChain (real) 1) Ensure PRIVATE_KEY and LINK/fee token approved in .env. 2) Run ./scripts/bridge/run-send-cross-chain.sh <amount_eth> [recipient] without --dry-run. 3) Example: ./scripts/bridge/run-send-cross-chain.sh 0.01 or with recipient: ./scripts/bridge/run-send-cross-chain.sh 0.01 0xYourAddress. Bridge: 0x971cD9D156f193df8051E48043C476e53ECd4693.
W0-3 NPMplus backup 1) Set NPM_PASSWORD in .env. 2) When NPMplus container is up, run: bash scripts/verify/backup-npmplus.sh or ./scripts/backup/automated-backup.sh [--with-npmplus]. 3) Re-run if previous backup had API/auth warnings.

Post-create: Containers 2506, 2507, 2508 — Destroyed 2026-02-08

Containers 2506, 2507, 2508 were removed and destroyed on all Proxmox hosts (2026-02-08). Script: scripts/destroy-vmids-2506-2508.sh. RPC range is 25002505 only. No follow-up. See MISSING_CONTAINERS_LIST.md.

2506 — besu-rpc-luis (Luis, 0x1)

  • Apply permissioned RPC configuration (Besu config) — Done 2026-02-06: configure-besu-chain138-nodes.sh run on r630-01; static-nodes.json and permissioned-nodes.json deployed.
  • Configure static-nodes.json / permissioned-nodes.json — Deployed (6 enodes: validators + sentries; RPC enodes not in list).
  • Disable discovery — Script sets discovery disabled for 2506 (DISCOVERY_DISABLED_VMIDS); 2506 had no config file on host so manual check if Besu uses discovery=false.
  • Configure permissioned identity 0x1 (if not already in container).
  • Set up JWT authentication (e.g. nginx reverse proxy in front of Besu).
  • Verify access: Luis RPC-only, 0x1 identity.

Scripts: scripts/configure-besu-chain138-nodes.sh, scripts/setup-new-chain138-containers.sh; see CHAIN138_BESU_CONFIGURATION.md.

2507 — besu-rpc-putu (Putu, 0x8a)

  • Permissioned RPC configuration — Done 2026-02-06: static-nodes/permissioned-nodes deployed via configure script on r630-01.
  • Disable discovery — Script sets discovery disabled for 2507.
  • Configure permissioned identity 0x8a.
  • Set up JWT authentication (nginx reverse proxy).
  • Verify access: Putu RPC-only, 0x8a identity.

2508 — besu-rpc-putu (Putu, 0x1)

  • Permissioned RPC configuration — Done 2026-02-06: static-nodes/permissioned-nodes deployed.
  • Disable discovery — Script sets discovery disabled for 2508.
  • Configure permissioned identity 0x1.
  • Set up JWT authentication (nginx reverse proxy).
  • Verify access: Putu RPC-only, 0x1 identity.

Config cleanup (docs vs created containers) — Completed

Task Details
IP config Done. config/ip-addresses.conf: RPC_LUIS_2="192.168.11.202", RPC_PUTU_1="192.168.11.203", RPC_PUTU_2="192.168.11.204". (RPC_LUIS_1 remains .255; fix separately if needed.)
MISSING_CONTAINERS_LIST.md Done. Table updated to deployed IPs .202/.203/.204 and note that 25062508 created on r630-01.
Other docs/scripts Done. REMAINING_WORK_DETAILED_STEPS.md, CHAIN138_JWT_AUTH_REQUIREMENTS.md, create-all-chain138-containers-direct.sh, create-chain138-containers.sh, generate-jwt-token-for-container.sh, repair-corrupted-ip-replacements.sh, fix-remaining-hardcoded-ips.sh updated to .202/.203/.204.

Wave 1 — Remaining (parallel by owner/task)

Security (apply when ready)

ID Task Details
W1-1 SSH key-based auth Run ./scripts/security/setup-ssh-key-auth.sh --apply after testing; disable password auth only after key auth verified (coordinate to avoid lockout).
W1-2 Firewall Proxmox 8006 Run ./scripts/security/firewall-proxmox-8006.sh --apply [CIDR] to restrict Proxmox API to specific IPs.

smom / audits

ID Task
W1-3 smom: Security audits VLT-024, ISO-024
W1-4 smom: Bridge integrations BRG-VLT, BRG-ISO

Monitoring (deploy vs config)

ID Task Details
W1-5 Prometheus / alerts Config in config/monitoring/ (phase2-observability.sh --config-only done). Deploy and add Besu 9545 scrape targets; alert rules.
W1-6 Grafana / Alertmanager Deploy Grafana; publish via Cloudflare Access; configure Alertmanager routes.
W1-7 Loki Config present; deploy when stack is deployed (W2-1).

Backup

ID Task Details
W1-8 NPMplus backup cron Done. Cron installed (daily 03:00 → backup-npmplus.sh; logs to logs/npmplus-backup.log).

VLAN (optional)

ID Task
W1-9 VLAN enablement: UDM Pro VLAN config docs; Proxmox VLAN-aware bridge design
W1-10 VLAN migration plan (per-service table)

Documentation

ID Task
W1-11 Documentation consolidation (by folder 0112); archive old status
W1-12 Quick reference cards; decision trees; config templates (ALL_IMPROVEMENTS 6874)
W1-13 Final IP assignments; service connectivity matrix; operational runbooks

Codebase

ID Task
W1-14 dbis_core: TypeScript/Prisma fixes (parallelize by file; or defer)
W1-15 smom: EnhancedSwapRouter quoter; AlltraAdapter fee TODO
W1-16 smom: IRU remaining tasks
W1-17 Placeholders: canonical addresses env-only; AlltraAdapter fee; smart accounts kit; quote service Fabric chainId 999; .bak deprecation (8791)

Quick wins & checklist

ID Task
W1-18 Add progress indicators to scripts; config validation in CI/pre-deploy
W1-19 Secure validator key permissions: on Proxmox host as root ./scripts/secure-validator-keys.sh [--dry-run] (VMIDs 10001004); chmod 600, chown besu
W1-20 Secret management audit; input validation in scripts; security scanning (ALL_IMPROVEMENTS 4851)
W1-21 Config validation (JSON/YAML schema); config templates; env standardization (5254)

Optional: MetaMask / explorer

ID Task
W1-22 Token-aggregation hardening; CoinGecko submission
W1-23 Chain 138 Snap: market data UI; swap quotes; bridge routes; testing & distribution
W1-24 Explorer: dark mode, network selector, sync indicator
W1-25 Paymaster deploy (optional); Consensys outreach
W1-26 API keys: Li.Fi, Jumper, 1inch (when keys available; see API_KEYS_REQUIRED.md)

Improvements index (ALL_IMPROVEMENTS 1139)

ID Task
W1-27 ALL_IMPROVEMENTS 111 (Proxmox high)
W1-28 ALL_IMPROVEMENTS 1220 (Proxmox medium)
W1-29 ALL_IMPROVEMENTS 2130 (Proxmox low)
W1-30 ALL_IMPROVEMENTS 3135 (Quick wins)
W1-31 ALL_IMPROVEMENTS 3643 (script shebang, set -euo, shellcheck, consolidation)
W1-32 ALL_IMPROVEMENTS 4447 (doc consolidation, API doc)
W1-33 ALL_IMPROVEMENTS 4857 (security, validation, RBAC, tests, CI)
W1-34 ALL_IMPROVEMENTS 5867 (logging, metrics, health, DevContainer, backup)
W1-35 ALL_IMPROVEMENTS 6874 (docs: quick ref, decision trees, glossary)
W1-36 ALL_IMPROVEMENTS 7581 (Phase 14 design; missing containers list)
W1-37 ALL_IMPROVEMENTS 8286 (smom audits, BRG, CCIP AMB, dbis_core, IRU)
W1-38 ALL_IMPROVEMENTS 8791 (placeholders)
W1-39 ALL_IMPROVEMENTS 92105 (MetaMask/explorer)
W1-40 ALL_IMPROVEMENTS 106121 (Tezos/Etherlink/CCIP)
W1-41 ALL_IMPROVEMENTS 122126 (Besu/blockchain)
W1-42 ALL_IMPROVEMENTS 127130 (RPC translator)
W1-43 ALL_IMPROVEMENTS 131134 (Orchestration portal)
W1-44 ALL_IMPROVEMENTS 135139 (Maintenance — document/automate)

Detail: ALL_IMPROVEMENTS_AND_GAPS_INDEX.md

Wave 2 — Infra / deploy (parallel by host or component)

ID Task Detailed steps
W2-1 Deploy monitoring stack Deploy Prometheus, Grafana, Loki, Alertmanager using smom-dbis-138/monitoring/ and scripts/monitoring/ configs.
W2-2 Grafana + alerts After W2-1: publish Grafana via Cloudflare Access; configure Alertmanager routes.
W2-3 VLAN enablement Apply UDM Pro VLAN config; Proxmox VLAN-aware bridge; migrate services to VLANs (by VLAN/host). See NETWORK_ARCHITECTURE.md §35.
W2-4 Phase 3 CCIP 1) Deploy Ops/Admin (5400, 5401). 2) NAT pools. 3) Expand commit/execute/RMN scripts. Order: Ops first, then NAT, then scripts. See CCIP_DEPLOYMENT_SPEC.md.
W2-5 Phase 4 sovereign tenants Sovereign tenant VLANs; isolation; access control (by tenant/VLAN). After W2-3.
W2-6 25062508 🗑️ Destroyed 2026-02-08; RPC 25002505 only. No action. See MISSING_CONTAINERS_LIST.md.
W2-7 DBIS services / Hyperledger Start DBIS services (1010010151, etc.); additional Hyperledger per deployment runbooks (by host).
W2-8 NPMplus HA Optional: Keepalived, secondary 10234. See NPMPLUS_HA_SETUP_GUIDE.md.

Wave 3 — After Wave 2

ID Task Detailed steps
W3-1 CCIP Fleet full deploy After W2-4 (Ops/Admin, NAT): deploy 16 commit (54105425), 16 execute (54405455), 7 RMN (54705476).
W3-2 Phase 4 tenant isolation After W2-3/W2-5: enforce tenant isolation; access control.

Ongoing (schedule, not sequenced) — Completed

ID Task Frequency Status
O-1 Monitor explorer sync Daily 08:00 Cron installed via schedule-daily-weekly-cron.sh; daily-weekly-checks.sh daily
O-2 Monitor RPC 2201 Daily 08:00 Same cron/script
O-3 Config API uptime Weekly (Sun 09:00) Cron installed; daily-weekly-checks.sh weekly
O-4 Review explorer logs Weekly Runbook [138] in OPERATIONAL_RUNBOOKS; O-4 procedure and pct exec 5000 journalctl documented
O-5 Update token list As needed token-lists/lists/dbis-138.tokenlist.json; runbook [139]; TOKEN_LIST_AUTHORING_GUIDE linked

Optional one-off — Script and runbook added

Task Details
Start firefly-ali-1 (6201) Script: scripts/maintenance/start-firefly-6201.sh (--dry-run, --host). Default r630-02. In OPERATIONAL_RUNBOOKS Maintenance.

Automation complete — remaining is operator-only

All tasks that can run without LAN, SSH to Proxmox, or live credentials have been executed (config cleanup, validation, cron install, dry-runs, checklists). What remains requires you or a host with access:

  • Wave 0: W0-2 sendCrossChain real (run-send-cross-chain.sh without --dry-run), W0-3 run backup when NPMplus is up.
  • 25062508: Containers were destroyed 2026-02-08 on all hosts. RPC range is 25002505 only. No post-create steps. See MISSING_CONTAINERS_LIST.md.
  • Wave 1 apply: W1-1 setup-ssh-key-auth.sh --apply, W1-2 firewall-proxmox-8006.sh --apply (per host).
  • Wave 2 & 3: Deploy monitoring, VLAN, CCIP, Phase 4, DBIS, NPMplus HA; then CCIP Fleet and Phase 4 isolation.

Use WAVE2_WAVE3_OPERATOR_CHECKLIST.md and runbooks for execution order.

Validation commands (after changes)

Check Command
CI / config bash scripts/verify/run-all-validation.sh [--skip-genesis]
Full verification bash scripts/verify/run-full-verification.sh
E2E routing bash scripts/verify/verify-end-to-end-routing.sh
Backend VMs bash scripts/verify/verify-backend-vms.sh
Besu peers bash scripts/besu-verify-peers.sh http://192.168.11.211:8545

Summary counts

Category Count
Wave 0 3 (W0-2, W0-3 remaining; W0-1 done)
Post-create 25062508 3 containers × checklist items
Config cleanup 3 (ip-addresses.conf, MISSING_CONTAINERS_LIST, other docs)
Wave 1 44 items (W1-1 … W1-44)
Wave 2 8 (W2-1W2-8; W2-6 create done, post-create pending)
Wave 3 2 (W3-1, W3-2)
Ongoing 5 (scheduled)

References: FULL_PARALLEL_EXECUTION_ORDER.md · WAVE2_WAVE3_OPERATOR_CHECKLIST.md · REMAINING_ITEMS_FULL_PARALLEL_LIST.md · MISSING_CONTAINERS_LIST.md · FULL_PARALLEL_RUN_LOG.md (archived)

Reference in New Issue View Git Blame Copy Permalink