d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
6817f53591c41cc9ee0fbf404fda7ebfe2a5bcb9
smom-dbis-138/terraform/phases/phase1/README.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

121 lines
3.4 KiB
Markdown
Raw Blame History

# Phase 1: Initial Deployment - 5 US Commercial Azure Regions
## Overview
Phase 1 is the initial deployment to get the DeFi Oracle Meta Mainnet (ChainID 138) operational. This phase uses a simpler VM-based architecture before expanding to the full 36-region global AKS deployment (Phase 3).
## Architecture
- **West Europe**: Admin/control-plane only (no workload)
- Key Vault for secrets management
- Nginx Proxy Server to route Cloudflare traffic to backend VMs
- **5 US Commercial Azure Regions**: Workload VMs
- `eastus` (East US)
- `westus` (West US)
- `centralus` (Central US)
- `eastus2` (East US 2)
- `westus2` (West US 2)
## VM Configuration
Each US region deploys:
- **1 VM** using `Standard_D8plsv6` (8 vCPUs, Dplsv6 Family)
- **Ubuntu 22.04 LTS Gen 2** image
- **Software Stack**:
- Docker Engine
- NVM (Node Version Manager)
- Node.js 22 LTS
- JDK 17 (OpenJDK)
- Besu blockchain client
## Networking
### NSG Rules for VMs
- **SSH (22)**: Allow from anywhere (restrict in production)
- **P2P TCP (30303)**: Allow Besu P2P communication
- **P2P UDP (30303)**: Allow Besu P2P discovery
- **RPC HTTP (8545)**: Allow from Nginx proxy only (TODO: restrict)
- **RPC WebSocket (8546)**: Allow from Nginx proxy only (TODO: restrict)
- **Metrics (9545)**: Allow Prometheus metrics (TODO: restrict to monitoring)
### NSG Rules for Nginx Proxy
- **HTTP (80)**: Allow from Cloudflare (TODO: restrict to Cloudflare IP ranges)
- **HTTPS (443)**: Allow from Cloudflare (TODO: restrict to Cloudflare IP ranges)
- **SSH (22)**: Allow for management (TODO: restrict to admin IPs)
## Deployment
### Prerequisites
1. Azure CLI installed and authenticated
2. Terraform >= 1.0
3. SSH public key for VM access
4. Cloudflare domain configured (for SSL certificates)
### Steps
1. **Navigate to Phase 1 directory**:
```bash
cd terraform/phases/phase1
```
2. **Copy and configure variables**:
```bash
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your values:
# - ssh_public_key: Your SSH public key
# - Other variables as needed
```
3. **Initialize Terraform**:
```bash
terraform init
```
4. **Plan deployment**:
```bash
terraform plan -out tfplan
```
5. **Apply deployment**:
```bash
terraform apply tfplan
```
6. **Configure SSL on Nginx Proxy**:
```bash
# SSH to the Nginx proxy VM
ssh besuadmin@<nginx-proxy-public-ip>
# Run certbot to configure SSL
sudo certbot --nginx -d your-domain.com --non-interactive --agree-tos --email admin@example.com
```
7. **Configure Cloudflare**:
- Point your domain's A record to the Nginx proxy public IP
- Enable Cloudflare proxy (orange cloud)
- Configure SSL/TLS mode to "Full" or "Full (strict)"
## Outputs
After deployment, Terraform will output:
- **phase1_us_regions**: Information about each US region deployment (VMs, IPs)
- **nginx_proxy**: Nginx proxy server information (FQDN, public IP, backend count)
- **key_vault_name**: Key Vault name in West Europe
## Next Steps
After Phase 1 is operational:
1. Monitor VM health and Besu node synchronization
2. Configure monitoring and alerting
3. Restrict NSG rules to specific IP ranges
4. Plan Phase 3 expansion to 36 global regions with AKS
## Phase 3 Archive
The full 36-region global AKS deployment plan is archived in `terraform/phases/phase3/` and will be deployed after Phase 1 is stable.
Reference in New Issue View Git Blame Copy Permalink