d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/docs/configuration/CONFIGURATION_FIXES_APPLIED.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

6.8 KiB
Raw Permalink Blame History

Configuration Fixes Applied

Date: $(date)

This document summarizes all configuration fixes that were automatically applied to resolve deployment configuration issues.

Fixes Applied

1. Terraform Node Counts FIXED

Issue: Sentries and RPC nodes were set to 0, preventing RPC endpoints from being available.

Fix Applied:

  • Updated terraform/terraform.tfvars:
    • system = 3 (was 1)
    • validators = 4 (was 1)
    • sentries = 3 (was 0)
    • rpc = 3 (was 0)

File: terraform/terraform.tfvars

Impact: RPC endpoints will now be deployed, making the network accessible externally.

2. Kubernetes Version FIXED

Issue: Kubernetes version was set to 1.33 which may not be stable.

Fix Applied:

  • Updated terraform/terraform.tfvars:
    • Changed kubernetes_version = "1.33" to kubernetes_version = "1.28"

File: terraform/terraform.tfvars

Note: Version 1.28 is a stable LTS version. Verify with:

az aks get-versions --location westeurope --output table

3. RPC Storage Size Inconsistency FIXED

Issue: Storage size mismatch between k8s and Helm configurations.

Fix Applied:

  • Updated k8s/base/rpc/statefulset.yaml:
    • Changed storage from 256Gi to 500Gi to match Helm values

File: k8s/base/rpc/statefulset.yaml

Impact: Storage sizes are now consistent across all configurations.

4. Terraform Backend Configuration CREATED

Issue: backend.tf was missing, using only commented configuration in main.tf.

Fix Applied:

  • Created terraform/backend.tf from terraform/backend.tf.example

File: terraform/backend.tf

Next Step: Configure backend storage account details:

# Edit terraform/backend.tf and set:
# - resource_group_name
# - storage_account_name
# - container_name
# - key

Or use environment variables:

export ARM_STORAGE_ACCOUNT_NAME="your-storage-account"
export ARM_CONTAINER_NAME="tfstate"
export ARM_RESOURCE_GROUP_NAME="your-rg"
export ARM_ACCESS_KEY="your-access-key"

5. RPC Security Configuration ⚠️ ANNOTATED

Issue: RPC CORS and host allowlist set to wildcard (["*"]), which is a security risk.

Fix Applied:

  • Added TODO comments in:
    • config/rpc/besu-config.toml
    • k8s/base/rpc/statefulset.yaml
    • helm/besu-network/values-rpc.yaml

Files Updated:

  • config/rpc/besu-config.toml
  • k8s/base/rpc/statefulset.yaml
  • helm/besu-network/values-rpc.yaml

Status: ⚠️ REQUIRES MANUAL UPDATE AFTER DNS DEPLOYMENT

Action Required: After DNS is configured, update CORS and host allowlist to:

rpc-http-cors-origins=["https://rpc.d-bis.org", "https://explorer.d-bis.org"]
rpc-http-host-allowlist=["rpc.d-bis.org", "rpc2.d-bis.org"]

6. Genesis Validator Configuration ⚠️ PARTIALLY FIXED

Issue: Genesis file has extraData: "0x" (no validators configured).

Fix Applied:

  • Created script: scripts/deployment/generate-genesis-with-validators.sh
  • Script generates validator keys if they don't exist
  • Script attempts to use Besu to generate proper genesis with extraData

File: scripts/deployment/generate-genesis-with-validators.sh

Status: ⚠️ REQUIRES BESU CLI FOR COMPLETE FIX

Action Required:

  1. Install Besu CLI (if not installed):

    # See: https://besu.hyperledger.org/en/stable/HowTo/Get-Started/Installation-Options/

  2. Generate proper genesis:

    ./scripts/deployment/generate-genesis-with-validators.sh

  3. If Besu is not available, manually generate extraData:

    # Extract validator addresses from keys
# Use Besu's operator generate-blockchain-config
besu operator generate-blockchain-config \
  --config-file=config/genesis-template.json \
  --to=keys/validators \
  --private-key-file-name=key.priv

📋 Summary of Changes

Issue Status File(s) Modified
Terraform node counts Fixed terraform/terraform.tfvars
Kubernetes version Fixed terraform/terraform.tfvars
RPC storage size Fixed k8s/base/rpc/statefulset.yaml
Terraform backend Created terraform/backend.tf
RPC security (CORS/host) ⚠️ Annotated config/rpc/besu-config.toml, k8s/base/rpc/statefulset.yaml, helm/besu-network/values-rpc.yaml
Genesis validators ⚠️ Script created scripts/deployment/generate-genesis-with-validators.sh

⚠️ Manual Actions Required

1. Configure Terraform Backend

Edit terraform/backend.tf and configure:

  • Storage account name
  • Container name
  • Resource group
  • Access key (or use Managed Identity)

2. Generate Genesis with Validators

Run the genesis generation script:

./scripts/deployment/generate-genesis-with-validators.sh

If Besu is not installed, install it first:

# Ubuntu/Debian
wget https://hyperledger.jfrog.io/hyperledger/besu-binaries/besu/23.10.0/besu-23.10.0.tar.gz
tar -xzf besu-23.10.0.tar.gz
export PATH=$PATH:$(pwd)/besu-23.10.0/bin

3. Update RPC Security After DNS Deployment

After DNS records are configured, update:

  • config/rpc/besu-config.toml
  • k8s/base/rpc/statefulset.yaml
  • helm/besu-network/values-rpc.yaml

Replace wildcard CORS/host allowlist with specific domains.

4. Update All ConfigMaps with New Genesis

After generating proper genesis, update:

  • k8s/base/validators/statefulset.yaml (ConfigMap)
  • k8s/base/sentries/statefulset.yaml (ConfigMap)
  • k8s/base/rpc/statefulset.yaml (ConfigMap)

Or regenerate Helm ConfigMaps if using Helm deployment.

Verification

Run validation script to verify all fixes:

./scripts/deployment/validate-deployment-config.sh

📝 Notes

  1. Quota Constraints: If Azure quota is limited, consider staged deployment:

    • Phase 1: Deploy validators only (4 nodes)
    • Phase 2: Deploy sentries (3 nodes)
    • Phase 3: Deploy RPC nodes (3 nodes)

  2. Genesis Generation: Proper IBFT 2.0 extraData encoding requires Besu CLI. The script will attempt automatic generation, but manual steps may be needed.

  3. Security: RPC security settings are currently permissive for initial deployment. MUST be restricted before production use.

  4. Backend Configuration: Terraform backend is created but needs configuration. Use environment variables or edit backend.tf directly.

🚀 Next Steps

  1. Review all changes
  2. ⚠️ Configure Terraform backend
  3. ⚠️ Generate genesis with validators (requires Besu)
  4. ⚠️ Update ConfigMaps with new genesis
  5. ⚠️ Deploy infrastructure
  6. ⚠️ Update RPC security settings after DNS deployment

Support

For issues or questions:

  • Review: docs/DEPLOYMENT_CONFIGURATION_AUDIT.md
  • Run: ./scripts/deployment/validate-deployment-config.sh
  • Check: docs/DEPLOYMENT_COMPLETE_GUIDE.md
Reference in New Issue View Git Blame Copy Permalink