d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4f85e0bf0e59e78511998aefc5d2076ed13b0a14
proxmox/rpc-translator-138/DEPLOYMENT_CHECKLIST.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

7.4 KiB
Raw Blame History

Deployment Checklist - RPC Translator Service

Use this checklist to deploy the RPC Translator service to VMIDs 2400-2402.

Pre-Deployment Requirements

  • Redis VMID 106 (192.168.11.110) deployed and accessible
  • Web3Signer VMID 107 (192.168.11.111) deployed and accessible
  • Vault VMID 108 (192.168.11.112) deployed and accessible (optional)
  • SSH access to VMIDs 2400-2402, 106, 107, 108
  • Node.js 20 LTS installed on target VMIDs
  • Besu nodes running on VMIDs 2400-2402

Phase 1: Supporting Services

Redis Setup (VMID 106, IP: 192.168.11.110)

  • Deploy Redis VMID 106
  • Configure Redis IP: 192.168.11.110
  • Configure Redis with appropriate IP binding (allow translator VMIPs: 240-242)
  • Set Redis password (if required, recommended for production)
  • Test Redis connectivity from translator VMIDs (2400-2402)
  • Verify Redis is accessible on port 6379

Web3Signer Setup (VMID 107, IP: 192.168.11.111)

  • Deploy Web3Signer VMID 107
  • Configure Web3Signer IP: 192.168.11.111
  • Configure Web3Signer with wallet keys
  • Restrict access to translator VMIPs only (240-242)
  • Verify Web3Signer is accessible on port 9000
  • Test Web3Signer health endpoint: curl http://192.168.11.111:9000/upcheck

Vault Setup (VMID 108, IP: 192.168.11.112) (Optional)

  • Deploy Vault VMID 108
  • Configure Vault IP: 192.168.11.112
  • Initialize Vault (if not already done)
  • Configure Vault to listen on 192.168.11.112:8200
  • Create AppRole for translator service
  • Create translator policy in Vault
  • Store translator configuration in Vault
  • Get AppRole credentials (role_id, secret_id)
  • Document Vault credentials securely

Phase 2: Translator Deployment

For Each VMID (2400, 2401, 2402)

1. Initial Setup

  • SSH to VMID: ssh root@192.168.11.24X
  • Verify Node.js 20 is installed: node --version
  • Install pnpm (if needed): npm install -g pnpm
  • Create deployment directory: mkdir -p /opt/rpc-translator-138

2. Deploy Application

Option A: Using deployment script (recommended)

  • Run from project root: ./scripts/deploy-to-vmid.sh 24XX 192.168.11.24X

Option B: Manual deployment

  • Copy project files to VMID
  • Copy to: /opt/rpc-translator-138/
  • Install dependencies: cd /opt/rpc-translator-138 && pnpm install --prod
  • Build TypeScript: pnpm run build

3. Configuration

  • Copy env template: cp env.template .env
  • Edit .env file with actual values:
    • BESU_HTTP_URLS=http://127.0.0.1:8545
    • BESU_WS_URLS=ws://127.0.0.1:8546
    • WEB3SIGNER_URL=http://192.168.11.111:9000 (VMID 107)
    • REDIS_HOST=192.168.11.110 (VMID 106)
    • REDIS_PORT=6379
    • REDIS_PASSWORD=<password-if-set>
    • VAULT_ADDR=http://192.168.11.112:8200 (VMID 108, if using Vault)
    • VAULT_ROLE_ID=<role-id> (if using Vault)
    • VAULT_SECRET_ID=<secret-id> (if using Vault)
    • WALLET_ALLOWLIST=<comma-separated-addresses>
  • Validate configuration: node scripts/validate-config.js

4. Systemd Service

  • Copy systemd service file: 
    cp systemd/rpc-translator-138.service /etc/systemd/system/
  • Reload systemd: systemctl daemon-reload
  • Enable service: systemctl enable rpc-translator-138.service
  • Start service: systemctl start rpc-translator-138.service
  • Check status: systemctl status rpc-translator-138.service
  • Check logs: journalctl -u rpc-translator-138.service -f

5. Verification

  • Test health endpoint: curl http://localhost:9545/health
  • Test RPC endpoint: curl -X POST http://localhost:9545 -H 'Content-Type: application/json' -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
  • Verify service is listening on port 9545: netstat -tulpn | grep 9545
  • Verify service is listening on port 9546: netstat -tulpn | grep 9546

Phase 3: Edge Routing Configuration

Update Cloudflare Tunnel or Nginx

  • Identify current edge routing configuration
  • Update routing to forward:
    • External :85452400:9545, 2401:9545, 2402:9545
    • External :85462400:9546, 2401:9546, 2402:9546
  • Test external endpoint connectivity
  • Verify load balancing is working

Phase 4: Integration Testing

Basic Functionality

  • Test eth_chainId returns 138 (0x8a)
  • Test eth_blockNumber returns current block
  • Test eth_gasPrice returns gas price
  • Test eth_getTransactionCount returns nonce
  • Test eth_estimateGas works

WebSocket Testing

  • Connect to WebSocket endpoint
  • Test eth_subscribe to newHeads
  • Verify subscription messages are received
  • Test eth_unsubscribe works

Transaction Testing

  • Prepare test transaction with allowlisted address
  • Test eth_sendTransaction (should be intercepted)
  • Verify transaction is signed via Web3Signer
  • Verify transaction is submitted as eth_sendRawTransaction
  • Verify transaction hash is returned
  • Verify transaction appears in Besu

Nonce Management Testing

  • Send 5-10 concurrent transactions from same address
  • Verify nonces are sequential (no collisions)
  • Verify Redis locks are working
  • Test nonce cache behavior

High Availability Testing

  • Stop service on one VMID (2400)
  • Verify traffic routes to remaining VMIDs (2401, 2402)
  • Restart service on VMID 2400
  • Verify load balancing resumes
  • Test failover behavior

Phase 5: Monitoring and Maintenance

Monitoring Setup

  • Set up log aggregation (if applicable)
  • Configure health check monitoring
  • Set up alerts for service failures
  • Monitor Redis connection status
  • Monitor Web3Signer connection status
  • Monitor Vault connection status (if used)

Documentation

  • Document all IP addresses and credentials (securely)
  • Document service start/stop procedures
  • Document troubleshooting steps
  • Document rollback procedures
  • Document key rotation procedures (if applicable)

Post-Deployment

  • All three VMIDs (2400-2402) are running translator service
  • Edge routing is configured and working
  • All integration tests pass
  • Monitoring is in place
  • Documentation is complete
  • Team is trained on operations

Troubleshooting Checklist

If issues occur:

  • Check service status: systemctl status rpc-translator-138.service
  • Check logs: journalctl -u rpc-translator-138.service -n 100
  • Verify Besu is running: systemctl status besu-rpc.service
  • Test Besu connectivity: curl http://127.0.0.1:8545 -X POST -H 'Content-Type: application/json' -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
  • Test Redis connectivity: redis-cli -h 192.168.11.110 ping (VMID 106)
  • Test Web3Signer: curl http://192.168.11.111:9000/upcheck (VMID 107)
  • Test Vault (if used): vault status -address=http://192.168.11.112:8200 (VMID 108)
  • Check firewall rules
  • Verify .env configuration: node scripts/validate-config.js
  • Check network connectivity between services

Rollback Procedure

If deployment fails:

  • Stop translator service: systemctl stop rpc-translator-138.service
  • Disable service: systemctl disable rpc-translator-138.service
  • Revert edge routing to point to Besu directly
  • Verify Besu is accessible
  • Document issues for next deployment attempt
Reference in New Issue View Git Blame Copy Permalink