From e573e98cc154e44854f0b418fadaeec7bec3e384 Mon Sep 17 00:00:00 2001 From: Saravana Achu Mac Date: Tue, 31 Mar 2026 02:32:01 -0700 Subject: [PATCH] docs(devops): add llmlab dns handoff --- .../vercel/GODADDY_DNS_SETUP_BYTELYST.md | 44 +++++++++++++------ scripts/godaddy-sync-bytelyst-dns.sh | 4 +- 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md index 781b591a..e7825dd4 100644 --- a/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md +++ b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md @@ -18,6 +18,7 @@ For the current internal-on-VM setup, these hostnames should point to the Azure | `gitea.bytelyst.com` | `A` | `` | Gitea and private npm registry through Caddy | | `admin.bytelyst.com` | `A` | `` | Internal admin dashboard | | `tracker.bytelyst.com` | `A` | `` | Internal tracker dashboard | +| `llmlab.bytelyst.com` | `A` | `` | LLM Lab Mission Control dashboard on the VM | Recommended temporary TTL during cutover: @@ -25,8 +26,8 @@ Recommended temporary TTL during cutover: Notes: -- `llmlab-dashboard` is internal VM tooling and does not need a public DNS record - `localmemgpt-web` is intended to be hosted on Vercel, so it is not part of this VM DNS runbook +- `llmlab-dashboard` runs on VM port `3075`; if you expose it publicly, route it through Caddy instead of exposing `3075` directly ## Automated Option @@ -54,6 +55,7 @@ The script manages these `A` records by default: - `gitea` - `admin` - `tracker` +- `llmlab` Root shortcut: @@ -65,10 +67,10 @@ pnpm dns:godaddy:bytelyst -- --ip --validate Status as of `2026-03-31 09:23:20 UTC`: -- GoDaddy `A` records were updated for `api`, `gitea`, `admin`, and `tracker` -- all four names now resolve to `187.124.159.82` -- authoritative GoDaddy nameservers returned the expected IP for all four names -- public `dig` checks also returned `187.124.159.82` +- GoDaddy `A` records were updated for `api`, `gitea`, `admin`, `tracker`, and `llmlab` +- `api`, `gitea`, `admin`, and `tracker` resolve publicly to `187.124.159.82` +- `llmlab` is present in the GoDaddy API and on the authoritative nameservers with `187.124.159.82` +- public resolver visibility for `llmlab` may lag briefly behind the authoritative update - public HTTP on port `80` responded, but returned `404 Not Found` - public HTTPS on port `443` timed out for all four hostnames @@ -98,6 +100,7 @@ Interpretation: | `gitea` | `A` | `` | `600` | | `admin` | `A` | `` | `600` | | `tracker` | `A` | `` | `600` | +| `llmlab` | `A` | `` | `600` | 6. Save each record. 7. Remove or correct any conflicting `A`, `CNAME`, or forwarding records for the same names. @@ -111,12 +114,13 @@ dig +short api.bytelyst.com dig +short gitea.bytelyst.com dig +short admin.bytelyst.com dig +short tracker.bytelyst.com +dig +short llmlab.bytelyst.com curl -sf https://api.ipify.org && echo ``` Expected result: -- all four hostnames resolve to the same Azure VM public IP +- all five hostnames resolve to the same Azure VM public IP - the resolved IP matches the output from `https://api.ipify.org` After DNS resolves correctly, validate HTTPS: @@ -126,6 +130,7 @@ curl -sI https://api.bytelyst.com/platform/health | head -5 curl -sI https://gitea.bytelyst.com | head -5 curl -sI https://admin.bytelyst.com | head -5 curl -sI https://tracker.bytelyst.com | head -5 +curl -sI https://llmlab.bytelyst.com | head -5 ``` Expected result: @@ -140,8 +145,8 @@ Delegate the remaining work to the Codex session running inside the Azure VM. Th Recommended handoff summary: -- DNS is already correct for `api.bytelyst.com`, `gitea.bytelyst.com`, `admin.bytelyst.com`, and `tracker.bytelyst.com` -- all four names point to `187.124.159.82` +- DNS is already correct for `api.bytelyst.com`, `gitea.bytelyst.com`, `admin.bytelyst.com`, `tracker.bytelyst.com`, and `llmlab.bytelyst.com` +- all five names point to `187.124.159.82` - do not spend time redoing GoDaddy changes unless records drift - focus on `/opt/bytelyst/Caddyfile`, the `caddy` container, and Azure NSG rules for `443` @@ -159,6 +164,7 @@ curl -sI http://localhost:3001 | head -5 curl -sI http://localhost:3003 | head -5 curl -sI http://localhost:3300 | head -5 curl -sI http://localhost:4003/health | head -5 +curl -sI http://localhost:3075 | head -5 ``` Check the live Caddy config: @@ -173,6 +179,7 @@ The live Caddy config should cover at least these hostnames: - `gitea.bytelyst.com` - `admin.bytelyst.com` - `tracker.bytelyst.com` +- `llmlab.bytelyst.com` Expected proxy targets: @@ -183,6 +190,7 @@ Expected proxy targets: - `gitea.bytelyst.com` -> host or container endpoint for Gitea on port `3300` - `admin.bytelyst.com` -> `admin-web:3001` - `tracker.bytelyst.com` -> `tracker-web:3003` +- `llmlab.bytelyst.com` -> `llmlab-dashboard:3075` If the file is missing host blocks, update it and reload Caddy: @@ -204,6 +212,7 @@ curl -vk https://api.bytelyst.com/platform/health curl -vk https://gitea.bytelyst.com curl -vk https://admin.bytelyst.com curl -vk https://tracker.bytelyst.com +curl -vk https://llmlab.bytelyst.com ``` Ready-to-paste prompt for the Codex session running inside the VM: @@ -216,6 +225,7 @@ Known-good DNS state as of 2026-03-31: - gitea.bytelyst.com -> 187.124.159.82 - admin.bytelyst.com -> 187.124.159.82 - tracker.bytelyst.com -> 187.124.159.82 +- llmlab.bytelyst.com -> 187.124.159.82 Known current failure: - HTTP on port 80 responds, but returns 404 @@ -231,6 +241,7 @@ Your task: - gitea.bytelyst.com - admin.bytelyst.com - tracker.bytelyst.com + - llmlab.bytelyst.com 6. Ensure proxy targets are correct: - api.bytelyst.com: - /platform/* -> platform-service:4003 @@ -239,12 +250,14 @@ Your task: - gitea.bytelyst.com -> Gitea on port 3300 - admin.bytelyst.com -> admin-web:3001 - tracker.bytelyst.com -> tracker-web:3003 + - llmlab.bytelyst.com -> llmlab-dashboard:3075 7. Reload Caddy 8. Verify: - curl -vk https://api.bytelyst.com/platform/health - curl -vk https://gitea.bytelyst.com - curl -vk https://admin.bytelyst.com - curl -vk https://tracker.bytelyst.com + - curl -vk https://llmlab.bytelyst.com Run these first: @@ -258,6 +271,7 @@ curl -sI http://localhost:3001 | head -5 curl -sI http://localhost:3003 | head -5 curl -sI http://localhost:3300 | head -5 curl -sI http://localhost:4003/health | head -5 +curl -sI http://localhost:3075 | head -5 If /opt/bytelyst/Caddyfile is missing host blocks, fix it there and reload: @@ -273,6 +287,7 @@ When done, report: - what was wrong - what file(s) you changed - exact verification results for all four public hostnames +- exact verification results for all five public hostnames ``` ## Troubleshooting @@ -281,6 +296,7 @@ If records do not resolve as expected: - verify that GoDaddy is the authoritative DNS provider for `bytelyst.com` - check for duplicate records for `api`, `gitea`, `admin`, or `tracker` +- check for duplicate records for `api`, `gitea`, `admin`, `tracker`, or `llmlab` - wait for propagation and retry with low TTL still in place - confirm Azure NSG allows inbound `80` and `443` - confirm Caddy is running and reachable on the VM @@ -295,7 +311,7 @@ docker logs caddy --tail 100 Likely root causes for the current state: - the live `/opt/bytelyst/Caddyfile` only includes `api.bytelyst.com` -- `gitea`, `admin`, and `tracker` host blocks were never added on the VM +- `gitea`, `admin`, `tracker`, and `llmlab` host blocks were never added on the VM - Azure NSG is allowing `80` but not `443` - Caddy is not healthy or is failing certificate issuance / bind on `443` @@ -303,8 +319,8 @@ Likely root causes for the current state: Use this section to record real DNS cutovers: -| Date | Operator | Change | Result | -| ------------ | -------- | ------------------------------------------------------------------------------------------ | -------------------- | -| `2026-03-31` | Codex | Created GoDaddy-specific DNS runbook for `bytelyst.com` | Document added | -| `2026-03-31` | Codex | Updated GoDaddy `A` records for `api`, `gitea`, `admin`, and `tracker` to `187.124.159.82` | DNS cutover complete | -| `2026-03-31` | Codex | Verified DNS propagation and recorded VM-side HTTPS follow-up steps | VM action pending | +| Date | Operator | Change | Result | +| ------------ | -------- | ---------------------------------------------------------------------------------------------------- | -------------------- | +| `2026-03-31` | Codex | Created GoDaddy-specific DNS runbook for `bytelyst.com` | Document added | +| `2026-03-31` | Codex | Updated GoDaddy `A` records for `api`, `gitea`, `admin`, `tracker`, and `llmlab` to `187.124.159.82` | DNS cutover complete | +| `2026-03-31` | Codex | Verified DNS propagation and recorded VM-side HTTPS follow-up steps | VM action pending | diff --git a/scripts/godaddy-sync-bytelyst-dns.sh b/scripts/godaddy-sync-bytelyst-dns.sh index 75959af2..8fb7d225 100755 --- a/scripts/godaddy-sync-bytelyst-dns.sh +++ b/scripts/godaddy-sync-bytelyst-dns.sh @@ -7,7 +7,7 @@ TARGET_IP="${GODADDY_DNS_TARGET_IP:-}" AUTO_IP=false DRY_RUN=false VALIDATE=false -HOSTS=("api" "gitea" "admin" "tracker") +HOSTS=("api" "gitea" "admin" "tracker" "llmlab") CONFIG_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/godaddypy/credentials.yaml" @@ -23,7 +23,7 @@ Options: --auto-ip Detect the current public IP with api.ipify.org --domain GoDaddy zone to update (default: bytelyst.com) --ttl TTL for the managed A records (default: 600) - --hosts Hostnames to manage (default: api,gitea,admin,tracker) + --hosts Hostnames to manage (default: api,gitea,admin,tracker,llmlab) --validate Run dig validation after changes --dry-run Print the API operations without applying them -h, --help Show help