d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
409fb5e738d4d6033a09f4e607dd836edb0e4f0e
smom-dbis-138/docs/deployment/DEPLOYMENT_ORDER.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

403 lines
11 KiB
Markdown
Raw Blame History

# Deployment Order - Complete Task List
This document defines the proper order for deploying the DeFi Oracle Meta Mainnet (ChainID 138) infrastructure and services.
## 📋 Deployment Phases
The deployment is organized into 8 phases, each building on the previous:
1. **Prerequisites & Setup** - Environment and tooling
2. **Foundation** - Core Azure infrastructure
3. **Networking** - Network infrastructure and security
4. **Compute** - AKS cluster and node pools
5. **Storage & Secrets** - Storage accounts and Key Vault
6. **Application** - Kubernetes workloads
7. **External Services** - DNS, SSL, and monitoring
8. **Contracts & Integration** - Smart contracts and external integrations
---
## Phase 1: Prerequisites & Setup
### 1.1 Azure Authentication & Configuration
- [ ] Install Azure CLI
- [ ] Login to Azure (`az login`)
- [ ] Verify subscription access
- [ ] Set default subscription
- [ ] Verify Azure CLI version
### 1.2 Environment Configuration
- [ ] Create `.env` file
- [ ] Set `AZURE_SUBSCRIPTION_ID`
- [ ] Set `AZURE_TENANT_ID`
- [ ] Set `AZURE_LOCATION=westeurope`
- [ ] Set `AZURE_RESOURCE_GROUP` (or use default)
- [ ] Set `CLOUDFLARE_ZONE_ID`
- [ ] Set `CLOUDFLARE_API_TOKEN`
- [ ] Verify environment variables
### 1.3 Prerequisites Verification
- [ ] Run `./scripts/azure/check-azure-prerequisites.sh`
- [ ] Verify resource providers are registered
- [ ] Check quotas for westeurope region
- [ ] Verify Terraform backend storage account exists
- [ ] Verify all required tools are installed (terraform, kubectl, helm, forge)
### 1.4 Key Generation
- [ ] Generate validator keys (`./scripts/key-management/generate-validator-keys.sh 4`)
- [ ] Generate oracle keys (`./scripts/key-management/generate-oracle-keys.sh`)
- [ ] Generate genesis file (`./scripts/generate-genesis.sh`)
- [ ] Verify keys are generated correctly
---
## Phase 2: Foundation Infrastructure
### 2.1 Terraform Initialization
- [ ] Navigate to `terraform/` directory
- [ ] Initialize Terraform (`terraform init`)
- [ ] Verify backend configuration
- [ ] Verify Terraform version (>= 1.0)
### 2.2 Terraform Configuration
- [ ] Copy `terraform.tfvars.example` to `terraform.tfvars`
- [ ] Set `environment = "prod"`
- [ ] Set `location = "westeurope"`
- [ ] Set `cluster_name` (following naming convention)
- [ ] Configure node counts and VM sizes
- [ ] Review and adjust tags
### 2.3 Resource Groups
- [ ] Create network resource group (`az-p-we-rg-net-001`)
- [ ] Create compute resource group (`az-p-we-rg-comp-001`)
- [ ] Create storage resource group (`az-p-we-rg-stor-001`)
- [ ] Create security resource group (`az-p-we-rg-sec-001`)
- [ ] Verify resource groups created
### 2.4 Terraform Planning
- [ ] Run `terraform plan`
- [ ] Review planned resources
- [ ] Verify naming convention compliance
- [ ] Check for any errors or warnings
- [ ] Save plan output for review
---
## Phase 3: Networking Infrastructure
### 3.1 Virtual Network
- [ ] Deploy virtual network (`az-p-we-vnet-main`)
- [ ] Configure address space (10.0.0.0/16)
- [ ] Verify VNet created
### 3.2 Subnets
- [ ] Create AKS subnet (`az-p-we-snet-aks`)
- [ ] Create validator subnet (`az-p-we-snet-valid`)
- [ ] Create sentry subnet (`az-p-we-snet-sent`)
- [ ] Create RPC subnet (`az-p-we-snet-rpc`)
- [ ] Create Application Gateway subnet (`az-p-we-snet-agw`)
- [ ] Configure service endpoints where needed
- [ ] Verify all subnets created
### 3.3 Network Security Groups
- [ ] Create validator NSG (`az-p-we-nsg-valid`)
- [ ] Create sentry NSG (`az-p-we-nsg-sent`)
- [ ] Create RPC NSG (`az-p-we-nsg-rpc`)
- [ ] Configure NSG rules (allow/deny)
- [ ] Associate NSGs with subnets
- [ ] Verify NSG rules
### 3.4 Public IPs and Load Balancers
- [ ] Create Application Gateway public IP (`az-p-we-pip-agw`)
- [ ] Verify public IP created
- [ ] Note public IP address for DNS configuration
---
## Phase 4: Compute Infrastructure
### 4.1 Key Vault Setup
- [ ] Create Key Vault (`az-p-we-kv-secrets-001`)
- [ ] Configure Key Vault access policies or RBAC
- [ ] Enable soft delete and purge protection
- [ ] Store validator keys in Key Vault
- [ ] Store oracle keys in Key Vault
- [ ] Verify Key Vault access
### 4.2 Log Analytics Workspace
- [ ] Create Log Analytics workspace (`az-p-we-law-main`)
- [ ] Configure retention period (90 days for prod)
- [ ] Verify workspace created
### 4.3 AKS Cluster
- [ ] Deploy AKS cluster (`az-p-we-aks-main`)
- [ ] Configure network plugin (Azure CNI)
- [ ] Configure network policy (Azure)
- [ ] Enable Azure Monitor
- [ ] Enable Azure Policy
- [ ] Configure Key Vault secrets provider
- [ ] Verify cluster is running
### 4.4 Node Pools
- [ ] Verify system node pool is created
- [ ] Create validator node pool (`az-p-we-aks-node-valid`)
- [ ] Create sentry node pool (`az-p-we-aks-node-sent`)
- [ ] Create RPC node pool (`az-p-we-aks-node-rpc`)
- [ ] Configure node labels and taints
- [ ] Verify all node pools are running
### 4.5 kubectl Configuration
- [ ] Get AKS credentials (`az aks get-credentials`)
- [ ] Verify kubectl access
- [ ] Test kubectl connection
- [ ] Verify node access
---
## Phase 5: Storage & Secrets
### 5.1 Storage Accounts
- [ ] Create backup storage account (`az-p-we-st-backup-001`)
- [ ] Create shared storage account (`az-p-we-st-shared-001`)
- [ ] Configure storage account security
- [ ] Enable versioning and soft delete
- [ ] Verify storage accounts
### 5.2 Storage Containers
- [ ] Create chaindata container
- [ ] Create config container
- [ ] Configure container access policies
- [ ] Verify containers
### 5.3 Key Vault Secrets
- [ ] Store all validator private keys
- [ ] Store oracle private key
- [ ] Store database passwords
- [ ] Store API keys
- [ ] Verify secrets are accessible from AKS
---
## Phase 6: Application Deployment
### 6.1 Kubernetes Namespace
- [ ] Create `besu-network` namespace
- [ ] Create `monitoring` namespace
- [ ] Configure namespace labels
- [ ] Verify namespaces
### 6.2 ConfigMaps and Secrets
- [ ] Create genesis config map
- [ ] Create static-nodes config map
- [ ] Create application config maps
- [ ] Create Kubernetes secrets from Key Vault
- [ ] Verify ConfigMaps and secrets
### 6.3 Validator Deployment
- [ ] Deploy validator StatefulSet
- [ ] Configure validator pods
- [ ] Verify validators are running
- [ ] Check validator logs
- [ ] Verify validators are syncing
### 6.4 Sentry Deployment
- [ ] Deploy sentry StatefulSet
- [ ] Configure sentry pods
- [ ] Verify sentries are running
- [ ] Check sentry logs
- [ ] Verify P2P connectivity
### 6.5 RPC Node Deployment
- [ ] Deploy RPC StatefulSet
- [ ] Configure RPC pods
- [ ] Verify RPC nodes are running
- [ ] Check RPC node logs
- [ ] Test RPC endpoint locally
### 6.6 Application Gateway
- [ ] Deploy Application Gateway (`az-p-we-agw-main`)
- [ ] Configure backend pools
- [ ] Configure HTTP settings
- [ ] Configure listeners
- [ ] Configure routing rules
- [ ] Configure WAF rules
- [ ] Verify Application Gateway is running
---
## Phase 7: External Services
### 7.1 DNS Configuration
- [ ] Get Application Gateway public IP
- [ ] Configure Cloudflare DNS records:
- [ ] A record for root domain (`d-bis.org`)
- [ ] A record for `www.d-bis.org`
- [ ] A record for `rpc.d-bis.org`
- [ ] A record for `rpc2.d-bis.org`
- [ ] A record for `explorer.d-bis.org`
- [ ] Wait for DNS propagation (5-15 minutes)
- [ ] Verify DNS resolution
### 7.2 SSL/TLS Configuration
- [ ] Enable Cloudflare SSL/TLS (Full or Full Strict)
- [ ] Verify SSL certificates
- [ ] Test HTTPS access
- [ ] Configure certificate auto-renewal
### 7.3 Monitoring Setup
- [ ] Deploy Prometheus
- [ ] Deploy Grafana (optional)
- [ ] Configure alert rules
- [ ] Set up alert notifications
- [ ] Verify monitoring is collecting metrics
### 7.4 Blockscout Deployment
- [ ] Deploy PostgreSQL database for Blockscout
- [ ] Wait for database to be ready
- [ ] Deploy Blockscout application
- [ ] Run database migrations
- [ ] Configure Blockscout settings
- [ ] Verify Blockscout is accessible
- [ ] Configure CORS headers
---
## Phase 8: Contracts & Integration
### 8.1 Contract Deployment Preparation
- [ ] Set `RPC_URL` in `.env`
- [ ] Set `PRIVATE_KEY` in `.env` (deployment key)
- [ ] Verify RPC endpoint is accessible
- [ ] Test RPC connection
### 8.2 Smart Contract Deployment
- [ ] Deploy WETH contract
- [ ] Deploy Multicall contract
- [ ] Deploy Oracle Aggregator contract
- [ ] Deploy CCIP Router contract (optional)
- [ ] Verify all contracts deployed
- [ ] Save contract addresses
### 8.3 Token List Update
- [ ] Update token list with contract addresses
- [ ] Add token metadata
- [ ] Validate token list JSON
- [ ] Commit token list changes
### 8.4 Deployment Verification
- [ ] Run deployment verification script
- [ ] Test RPC endpoints (public)
- [ ] Test Blockscout explorer
- [ ] Test contract interactions
- [ ] Verify block production
- [ ] Check validator health
- [ ] Generate verification report
### 8.5 External Integration (Post-Deployment)
- [ ] Submit Ethereum-Lists PR
- [ ] Submit token list to CoinGecko
- [ ] Submit token list to Uniswap
- [ ] Verify MetaMask integration
- [ ] Test token auto-detection
---
## Quick Reference Commands
### Phase 1: Prerequisites
```bash
./scripts/deployment/azure-login.sh
./scripts/deployment/populate-env.sh
./scripts/azure/check-azure-prerequisites.sh
./scripts/key-management/generate-validator-keys.sh 4
```
### Phase 2-4: Infrastructure
```bash
cd terraform
terraform init
terraform plan
terraform apply
```
### Phase 5: Storage & Secrets
```bash
./scripts/key-management/azure-keyvault-setup.sh
```
### Phase 6: Kubernetes
```bash
az aks get-credentials --resource-group az-p-we-rg-comp-001 --name az-p-we-aks-main
kubectl apply -f k8s/base/namespace.yaml
helm install besu-validators ./helm/besu-network -f helm/besu-network/values-validators.yaml -n besu-network
```
### Phase 7: External Services
```bash
./scripts/deployment/get-app-gateway-ip.sh
./scripts/deployment/cloudflare-dns.sh --zone-id $CLOUDFLARE_ZONE_ID --api-token $CLOUDFLARE_API_TOKEN --ip <gateway-ip>
```
### Phase 8: Contracts
```bash
./scripts/deployment/deploy-weth.sh
./scripts/deployment/deploy-multicall.sh
./scripts/deployment/verify-deployment.sh
```
## Verification Checklist
After each phase, verify:
- [ ] All resources created successfully
- [ ] Naming convention followed
- [ ] Tags applied correctly
- [ ] No errors in logs
- [ ] Resources accessible
- [ ] Security configured properly
## Rollback Procedures
If deployment fails at any phase:
1. **Document the failure point**
2. **Review error logs**
3. **Fix the issue**
4. **Rollback if necessary** (terraform destroy for failed resources)
5. **Re-run from the failed phase**
## Estimated Timeline
- **Phase 1**: 30 minutes
- **Phase 2**: 1-2 hours
- **Phase 3**: 30 minutes
- **Phase 4**: 1-2 hours
- **Phase 5**: 30 minutes
- **Phase 6**: 2-3 hours
- **Phase 7**: 1 hour
- **Phase 8**: 1-2 hours
**Total**: ~8-12 hours for complete deployment
## Dependencies
```
Phase 1 (Prerequisites)
└─> Phase 2 (Foundation)
└─> Phase 3 (Networking)
└─> Phase 4 (Compute)
└─> Phase 5 (Storage)
└─> Phase 6 (Application)
└─> Phase 7 (External)
└─> Phase 8 (Contracts)
```
## Notes
- Each phase must be completed before moving to the next
- Some steps within a phase can be done in parallel
- Always verify each phase before proceeding
- Keep backups of configurations and keys
- Document any deviations from the standard process
Reference in New Issue View Git Blame Copy Permalink