diff --git a/.gitignore b/.gitignore index 992bf195..82d094ef 100644 --- a/.gitignore +++ b/.gitignore @@ -159,3 +159,6 @@ tmp/ token-aggregation-build/ transaction-composer/ vendor/ + +# Operator-local secrets (SSH keys, tokens — never commit) +.secrets/ diff --git a/config/ip-addresses.conf b/config/ip-addresses.conf index 5d820539..a985d814 100644 --- a/config/ip-addresses.conf +++ b/config/ip-addresses.conf @@ -83,6 +83,8 @@ IP_NGINX_LEGACY="192.168.11.26" IP_ORDER_OPENSEARCH="192.168.11.48" IP_ORDER_HAPROXY="192.168.11.39" IP_VAULT_PHOENIX_2="192.168.11.201" +# Order of Malta — DealFlow Command Center (LXC 10381, r630-03, Docker Compose prod) +IP_OM_TREASURY_DEALFLOW="${IP_OM_TREASURY_DEALFLOW:-192.168.11.94}" # Order Service IPs ORDER_POSTGRES_PRIMARY="192.168.11.44" diff --git a/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md b/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md index 60e6303a..933bc0e6 100644 --- a/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md +++ b/docs/04-configuration/ALL_VMIDS_ENDPOINTS.md @@ -1,6 +1,6 @@ # Complete VMID and Endpoints Reference -**Last Updated:** 2026-04-25 +**Last Updated:** 2026-05-09 **Document Version:** 1.3 **Status:** Active Documentation — **Master (source of truth)** for VMID, IP, port, and domain mapping. Use this with the live Besu fleet map in [../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md](../06-besu/BESU_NODE_CONFIGURATION_MAP_20260424.md) and the cluster audit in [`../../scripts/verify/check-cluster-besu-inventory.sh`](../../scripts/verify/check-cluster-besu-inventory.sh). @@ -8,21 +8,21 @@ --- -**Date**: 2026-04-25 +**Date**: 2026-05-09 **Status**: Current Active Configuration (Reconciled) -**Last Updated**: 2026-04-25 -**Verification Status**: ✅ Complete - Canonical Besu fleet reconciled across all 5 Proxmox nodes via direct host audit plus cluster-wide inventory +**Last Updated**: 2026-05-09 +**Verification Status**: ✅ Cluster-wide guest inventory — **136** running LXC/QEMU (**2026-05-09** `pvesh get /cluster/resources`); **ml110** **0** guests; primary counts on **r630-01** (57), **r630-02** (41), **r630-03** (19), **r630-04** (19). Besu fleet detail: host audit + [`../../scripts/verify/check-cluster-besu-inventory.sh`](../../scripts/verify/check-cluster-besu-inventory.sh). --- ## Quick Summary -- **Total VMIDs**: 50+ (excluding deprecated Cloudflared) -- **Running**: 45+ -- **Stopped**: 5 -- **Infrastructure Services**: 10 -- **Blockchain Nodes**: 37 canonical Besu nodes (Validators: 5, Sentries: 11, RPC: 21) -- **Application Services**: 22 +- **Cluster (all nodes, LXC+QEMU) — running:** **136** (**2026-05-09** `pvesh get /cluster/resources`); **all** were `running` in that pass. +- **Per Proxmox node (guests):** **r630-01** 57, **r630-02** 41, **r630-03** 19, **r630-04** 19, **ml110** 0. +- **Documented VMID rows** in this file: 50+ service entries (excl. deprecated); category rolls below are **Besu / app taxonomy** — reconcile exact Besu counts with `check-cluster-besu-inventory.sh` and the Besu map doc. +- **Infrastructure Services** (sample category): 10 +- **Blockchain Nodes**: 37 canonical Besu nodes (Validators: 5, Sentries: 11, RPC: 21) — verify against live map +- **Application Services**: 22 (category roll — verify) ## Canonical-use guardrails @@ -123,6 +123,19 @@ All RPC nodes have been migrated to a new VMID structure for better organization | **2201** | **192.168.11.221** | besu-rpc-public-1 | ✅ Running | 1,145,367 | 7 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Public RPC node **(FIXED PERMANENT)** | | 2301 | 192.168.11.232 | besu-rpc-private-1 | ✅ Running | Cluster CT confirmed on `r630-03` | - | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | Fireblocks-dedicated RPC on `r630-03` | +### Extra (non-canonical) Besu RPC — Justin / Jason variants + +These LXCs are **running** and appear in `scripts/verify/check-cluster-besu-inventory.sh` as **`extra/non-canonical`** (parallel RPC paths). They are **not** in the minimal canonical Besu map; do not decommission without ops coordination. + +| VMID | IP Address | Hostname | Node | Endpoints (typical) | +|------|------------|----------|------|---------------------| +| 2104 | 192.168.11.222 | besu-rpc-core-justin | r630-03 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | +| 2105 | 192.168.11.225 | besu-rpc-core-jason | r630-03 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | +| 2202 | 192.168.11.223 | besu-rpc-public-justin | r630-02 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | +| 2203 | 192.168.11.226 | besu-rpc-public-jason | r630-02 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | +| 2309 | 192.168.11.224 | besu-rpc-private-justin | r630-03 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | +| 2310 | 192.168.11.227 | besu-rpc-private-jason | r630-03 | Besu: 8545/8546, P2P: 30303, Metrics: 9545 | + ### Named RPC Nodes (Ali/Luis/Putu) | VMID | IP Address | Hostname | Status | Block | Peers | Endpoints | Purpose | @@ -204,6 +217,18 @@ The following VMIDs have been permanently removed: ## Application Services +### Order of Malta — DealFlow Command Center (prod Compose) + +| VMID | IP Address | Hostname | Node | Status | Endpoints | Purpose | +|------|------------|----------|------|--------|-----------|---------| +| **10381** | **192.168.11.94** | treasury-dealflow | **r630-03** | ✅ Running | **HTTPS:** 443 (nginx → frontend/backend), **HTTP:** 80→443; Grafana **3001**, Prometheus **9090**, MinIO **9000/9001** | [`treasury_management_monorepo`](https://gitea.d-bis.org/ORDER_OF_MALTA_TREASURY/treasury_management_monorepo) Docker Compose prod | + +**Allocated:** Sovereign Cloud band **10000–13999** (VMID **10381**). **Storage:** `thin2-r630-03` (~80 GiB root). **App dir:** `/opt/treasury_management_monorepo`, SSH user **`deploy`**. + +**CI/CD:** Gitea `.gitea/workflows/deploy.yml` — secrets `TREASURY_DEPLOY_HOST`, `TREASURY_DEPLOY_USER`, `TREASURY_DEPLOY_SSH_KEY`, `TREASURY_DEPLOY_PATH`; runner must reach **192.168.11.94** on LAN. + +--- + ### Blockchain Explorer | VMID | IP Address | Hostname | Status | Endpoints | Purpose |