proxmox/docs/03-deployment/CHAIN138_AUTOMATION_SCRIPTS.md

# ChainID 138 Automation Scripts

**Last Updated:** 2026-01-31  
**Document Version:** 1.0  
**Status:** Active Documentation

---

**Date:** December 26, 2024  
**Status:** ✅ All automation scripts created and ready

---

## Overview

This document describes the automation scripts created for ChainID 138 deployment. These scripts can be run once containers are created to automate the complete configuration process.

---

## Available Scripts

### 1. Main Deployment Script

**File:** `scripts/deploy-all-chain138-containers.sh`

**Purpose:** Master script that orchestrates the complete deployment process.

**What it does:**
1. Configures all Besu nodes (static-nodes.json, permissioned-nodes.json)
2. Verifies configuration
3. Sets up JWT authentication for RPC containers
4. Generates JWT tokens for operators

**Usage:**
```bash
cd /home/intlc/projects/proxmox
./scripts/deploy-all-chain138-containers.sh
```

**Note:** This script will prompt for confirmation before proceeding.

---

### 2. JWT Authentication Setup

**File:** `scripts/setup-jwt-auth-all-rpc-containers.sh`

**Purpose:** Configures JWT authentication for all RPC containers (2503-2508).

**What it does:**
- Installs nginx and dependencies on each container
- Generates JWT secret keys
- Creates JWT validation service
- Configures nginx with JWT authentication
- Sets up SSL certificates
- Starts JWT validation service and nginx

**Usage:**
```bash
./scripts/setup-jwt-auth-all-rpc-containers.sh
```

**Requirements:**
- Containers must be running
- SSH access to Proxmox host
- Root access on Proxmox host

---

### 3. JWT Token Generation

**File:** `scripts/generate-jwt-token-for-container.sh`

**Purpose:** Generates JWT tokens for specific containers and operators.

**Usage:**
```bash
# Generate token for a specific container
./scripts/generate-jwt-token-for-container.sh <VMID> <username> [expiry_days]

# Examples:
./scripts/generate-jwt-token-for-container.sh 2503 ali-full-access 365
./scripts/generate-jwt-token-for-container.sh 2505 luis-rpc-access 365
./scripts/generate-jwt-token-for-container.sh 2507 putu-rpc-access 365
```

**Parameters:**
- `VMID`: Container VMID (2503-2508)
- `username`: Username for the token (e.g., ali-full-access, luis-rpc-access)
- `expiry_days`: Token expiry in days (default: 365)

**Output:**
- JWT token
- Usage example with curl command

---

### 4. Besu Configuration

**File:** `scripts/configure-besu-chain138-nodes.sh`

**Purpose:** Configures all Besu nodes with static-nodes.json and permissioned-nodes.json.

**What it does:**
1. Collects enodes from all Besu nodes
2. Generates static-nodes.json
3. Generates permissioned-nodes.json
4. Deploys configurations to all containers
5. Configures discovery settings
6. Restarts Besu services

**Usage:**
```bash
./scripts/configure-besu-chain138-nodes.sh
```

---

### 5. Configuration Verification

**File:** `scripts/verify-chain138-config.sh`

**Purpose:** Verifies the configuration of all Besu nodes.

**What it checks:**
- File existence (static-nodes.json, permissioned-nodes.json)
- Discovery settings
- Peer connections
- Service status

**Usage:**
```bash
./scripts/verify-chain138-config.sh
```

---

## Deployment Workflow

### Step 1: Create Containers

Only **3 containers** are missing (canonical list): **2506, 2507, 2508**. See [MISSING_CONTAINERS_LIST.md](MISSING_CONTAINERS_LIST.md) for the checklist and IPs. All other VMIDs (1504, 2503-2505, 6201, etc.) already exist on hosts.

### Step 2: Run Main Deployment Script

Once containers are created and running:

```bash
cd /home/intlc/projects/proxmox
./scripts/deploy-all-chain138-containers.sh
```

This will:
1. Configure all Besu nodes
2. Verify configuration
3. Set up JWT authentication
4. Generate JWT tokens

### Step 3: Test and Verify

After deployment:

```bash
# Verify configuration
./scripts/verify-chain138-config.sh

# Test JWT authentication on each container
for vmid in 2503 2504 2505 2506 2507 2508; do
  echo "Testing VMID $vmid:"
  curl -k -H "Authorization: Bearer <TOKEN>" \
    -H "Content-Type: application/json" \
    -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' \
    https://192.168.11.XXX/
done
```

---

## Token Distribution

After generating tokens, distribute them to operators:

### Ali (Full Access)
- VMID 2503 (0x8a identity): Full access token
- VMID 2504 (0x1 identity): Full access token

### Luis (RPC-Only Access)
- VMID 2505 (0x8a identity): RPC-only token
- VMID 2506 (0x1 identity): RPC-only token

### Putu (RPC-Only Access)
- VMID 2507 (0x8a identity): RPC-only token
- VMID 2508 (0x1 identity): RPC-only token

---

## Troubleshooting

### Containers Not Running

If containers are not running, the scripts will skip them with a warning. Re-run the scripts after containers are started.

### JWT Secret Not Found

If JWT secret is not found:
1. Run `setup-jwt-auth-all-rpc-containers.sh` first
2. Check that container is running
3. Verify SSH access to Proxmox host

### Configuration Files Not Found

If configuration files are missing:
1. Run `configure-besu-chain138-nodes.sh` first
2. Check that all Besu containers are running
3. Verify network connectivity

---

## Related Documentation

- [Next Steps](../archive/historical/CHAIN138_NEXT_STEPS.md)
- [Missing Containers List](MISSING_CONTAINERS_LIST.md)
- [JWT Authentication Requirements](../04-configuration/CHAIN138_JWT_AUTH_REQUIREMENTS.md)
- [Complete Implementation](../archive/completion/CHAIN138_COMPLETE_IMPLEMENTATION.md)

---

**Last Updated:** December 26, 2024  
**Status:** ✅ Ready for use