docs(devops): add llmlab dns handoff

2026-03-31 02:32:01 -07:00 · 2026-03-31 02:32:01 -07:00 · e573e98cc1
commit e573e98cc1
parent 356c96e1d9
2 changed files with 32 additions and 16 deletions
--- a/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md
+++ b/docs/devops/vercel/GODADDY_DNS_SETUP_BYTELYST.md
@ -18,6 +18,7 @@ For the current internal-on-VM setup, these hostnames should point to the Azure
 | `gitea.bytelyst.com`   | `A`  | `<Azure VM public IP>` | Gitea and private npm registry through Caddy |
 | `admin.bytelyst.com`   | `A`  | `<Azure VM public IP>` | Internal admin dashboard                     |
 | `tracker.bytelyst.com` | `A`  | `<Azure VM public IP>` | Internal tracker dashboard                   |
 | `llmlab.bytelyst.com`  | `A`  | `<Azure VM public IP>` | LLM Lab Mission Control dashboard on the VM  |
 Recommended temporary TTL during cutover:
@ -25,8 +26,8 @@ Recommended temporary TTL during cutover:
 Notes:
 - `llmlab-dashboard` is internal VM tooling and does not need a public DNS record
 - `localmemgpt-web` is intended to be hosted on Vercel, so it is not part of this VM DNS runbook
 - `llmlab-dashboard` runs on VM port `3075`; if you expose it publicly, route it through Caddy instead of exposing `3075` directly
 ## Automated Option
@ -54,6 +55,7 @@ The script manages these `A` records by default:
 - `gitea`
 - `admin`
 - `tracker`
 - `llmlab`
 Root shortcut:
@ -65,10 +67,10 @@ pnpm dns:godaddy:bytelyst -- --ip <Azure VM public IP> --validate
 Status as of `2026-03-31 09:23:20 UTC`:
- GoDaddy `A` records were updated for `api`, `gitea`, `admin`, and `tracker`
+- GoDaddy `A` records were updated for `api`, `gitea`, `admin`, `tracker`, and `llmlab`
- all four names now resolve to `187.124.159.82`
+- `api`, `gitea`, `admin`, and `tracker` resolve publicly to `187.124.159.82`
- authoritative GoDaddy nameservers returned the expected IP for all four names
+- `llmlab` is present in the GoDaddy API and on the authoritative nameservers with `187.124.159.82`
- public `dig` checks also returned `187.124.159.82`
+- public resolver visibility for `llmlab` may lag briefly behind the authoritative update
 - public HTTP on port `80` responded, but returned `404 Not Found`
 - public HTTPS on port `443` timed out for all four hostnames
@ -98,6 +100,7 @@ Interpretation:
 | `gitea`   | `A`  | `<Azure VM public IP>` | `600` |
 | `admin`   | `A`  | `<Azure VM public IP>` | `600` |
 | `tracker` | `A`  | `<Azure VM public IP>` | `600` |
 | `llmlab`  | `A`  | `<Azure VM public IP>` | `600` |
 6. Save each record.
 7. Remove or correct any conflicting `A`, `CNAME`, or forwarding records for the same names.
@ -111,12 +114,13 @@ dig +short api.bytelyst.com
 dig +short gitea.bytelyst.com
 dig +short admin.bytelyst.com
 dig +short tracker.bytelyst.com
 dig +short llmlab.bytelyst.com
 curl -sf https://api.ipify.org && echo
 ```
 Expected result:
- all four hostnames resolve to the same Azure VM public IP
+- all five hostnames resolve to the same Azure VM public IP
 - the resolved IP matches the output from `https://api.ipify.org`
 After DNS resolves correctly, validate HTTPS:
@ -126,6 +130,7 @@ curl -sI https://api.bytelyst.com/platform/health | head -5
 curl -sI https://gitea.bytelyst.com | head -5
 curl -sI https://admin.bytelyst.com | head -5
 curl -sI https://tracker.bytelyst.com | head -5
 curl -sI https://llmlab.bytelyst.com | head -5
 ```
 Expected result:
@ -140,8 +145,8 @@ Delegate the remaining work to the Codex session running inside the Azure VM. Th
 Recommended handoff summary:
- DNS is already correct for `api.bytelyst.com`, `gitea.bytelyst.com`, `admin.bytelyst.com`, and `tracker.bytelyst.com`
+- DNS is already correct for `api.bytelyst.com`, `gitea.bytelyst.com`, `admin.bytelyst.com`, `tracker.bytelyst.com`, and `llmlab.bytelyst.com`
- all four names point to `187.124.159.82`
+- all five names point to `187.124.159.82`
 - do not spend time redoing GoDaddy changes unless records drift
 - focus on `/opt/bytelyst/Caddyfile`, the `caddy` container, and Azure NSG rules for `443`
@ -159,6 +164,7 @@ curl -sI http://localhost:3001 | head -5
 curl -sI http://localhost:3003 | head -5
 curl -sI http://localhost:3300 | head -5
 curl -sI http://localhost:4003/health | head -5
 curl -sI http://localhost:3075 | head -5
 ```
 Check the live Caddy config:
@ -173,6 +179,7 @@ The live Caddy config should cover at least these hostnames:
 - `gitea.bytelyst.com`
 - `admin.bytelyst.com`
 - `tracker.bytelyst.com`
 - `llmlab.bytelyst.com`
 Expected proxy targets:
@ -183,6 +190,7 @@ Expected proxy targets:
 - `gitea.bytelyst.com` -> host or container endpoint for Gitea on port `3300`
 - `admin.bytelyst.com` -> `admin-web:3001`
 - `tracker.bytelyst.com` -> `tracker-web:3003`
 - `llmlab.bytelyst.com` -> `llmlab-dashboard:3075`
 If the file is missing host blocks, update it and reload Caddy:
@ -204,6 +212,7 @@ curl -vk https://api.bytelyst.com/platform/health
 curl -vk https://gitea.bytelyst.com
 curl -vk https://admin.bytelyst.com
 curl -vk https://tracker.bytelyst.com
 curl -vk https://llmlab.bytelyst.com
 ```
 Ready-to-paste prompt for the Codex session running inside the VM:
@ -216,6 +225,7 @@ Known-good DNS state as of 2026-03-31:
 - gitea.bytelyst.com -> 187.124.159.82
 - admin.bytelyst.com -> 187.124.159.82
 - tracker.bytelyst.com -> 187.124.159.82
 - llmlab.bytelyst.com -> 187.124.159.82
 Known current failure:
 - HTTP on port 80 responds, but returns 404
@ -231,6 +241,7 @@ Your task:
   - gitea.bytelyst.com
   - admin.bytelyst.com
   - tracker.bytelyst.com
   - llmlab.bytelyst.com
 6. Ensure proxy targets are correct:
   - api.bytelyst.com:
     - /platform/* -> platform-service:4003
@ -239,12 +250,14 @@ Your task:
   - gitea.bytelyst.com -> Gitea on port 3300
   - admin.bytelyst.com -> admin-web:3001
   - tracker.bytelyst.com -> tracker-web:3003
   - llmlab.bytelyst.com -> llmlab-dashboard:3075
 7. Reload Caddy
 8. Verify:
   - curl -vk https://api.bytelyst.com/platform/health
   - curl -vk https://gitea.bytelyst.com
   - curl -vk https://admin.bytelyst.com
   - curl -vk https://tracker.bytelyst.com
   - curl -vk https://llmlab.bytelyst.com
 Run these first:
@ -258,6 +271,7 @@ curl -sI http://localhost:3001 | head -5
 curl -sI http://localhost:3003 | head -5
 curl -sI http://localhost:3300 | head -5
 curl -sI http://localhost:4003/health | head -5
 curl -sI http://localhost:3075 | head -5
 If /opt/bytelyst/Caddyfile is missing host blocks, fix it there and reload:
@ -273,6 +287,7 @@ When done, report:
 - what was wrong
 - what file(s) you changed
 - exact verification results for all four public hostnames
 - exact verification results for all five public hostnames
 ```
 ## Troubleshooting
@ -281,6 +296,7 @@ If records do not resolve as expected:
 - verify that GoDaddy is the authoritative DNS provider for `bytelyst.com`
 - check for duplicate records for `api`, `gitea`, `admin`, or `tracker`
 - check for duplicate records for `api`, `gitea`, `admin`, `tracker`, or `llmlab`
 - wait for propagation and retry with low TTL still in place
 - confirm Azure NSG allows inbound `80` and `443`
 - confirm Caddy is running and reachable on the VM
@ -295,7 +311,7 @@ docker logs caddy --tail 100
 Likely root causes for the current state:
 - the live `/opt/bytelyst/Caddyfile` only includes `api.bytelyst.com`
- `gitea`, `admin`, and `tracker` host blocks were never added on the VM
+- `gitea`, `admin`, `tracker`, and `llmlab` host blocks were never added on the VM
 - Azure NSG is allowing `80` but not `443`
 - Caddy is not healthy or is failing certificate issuance / bind on `443`
@ -303,8 +319,8 @@ Likely root causes for the current state:
 Use this section to record real DNS cutovers:
-| Date         | Operator | Change                                                                                     | Result               |
+| Date         | Operator | Change                                                                                               | Result               |
-| ------------ | -------- | ------------------------------------------------------------------------------------------ | -------------------- |
+| ------------ | -------- | ---------------------------------------------------------------------------------------------------- | -------------------- |
-| `2026-03-31` | Codex    | Created GoDaddy-specific DNS runbook for `bytelyst.com`                                    | Document added       |
+| `2026-03-31` | Codex    | Created GoDaddy-specific DNS runbook for `bytelyst.com`                                              | Document added       |
-| `2026-03-31` | Codex    | Updated GoDaddy `A` records for `api`, `gitea`, `admin`, and `tracker` to `187.124.159.82` | DNS cutover complete |
+| `2026-03-31` | Codex    | Updated GoDaddy `A` records for `api`, `gitea`, `admin`, `tracker`, and `llmlab` to `187.124.159.82` | DNS cutover complete |
-| `2026-03-31` | Codex    | Verified DNS propagation and recorded VM-side HTTPS follow-up steps                        | VM action pending    |
+| `2026-03-31` | Codex    | Verified DNS propagation and recorded VM-side HTTPS follow-up steps                                  | VM action pending    |
--- a/scripts/godaddy-sync-bytelyst-dns.sh
+++ b/scripts/godaddy-sync-bytelyst-dns.sh
@ -7,7 +7,7 @@ TARGET_IP="${GODADDY_DNS_TARGET_IP:-}"
 AUTO_IP=false
 DRY_RUN=false
 VALIDATE=false
-HOSTS=("api" "gitea" "admin" "tracker")
+HOSTS=("api" "gitea" "admin" "tracker" "llmlab")
 CONFIG_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/godaddypy/credentials.yaml"
@ -23,7 +23,7 @@ Options:
  --auto-ip              Detect the current public IP with api.ipify.org
  --domain <domain>      GoDaddy zone to update (default: bytelyst.com)
  --ttl <seconds>        TTL for the managed A records (default: 600)
-  --hosts <csv>          Hostnames to manage (default: api,gitea,admin,tracker)
+  --hosts <csv>          Hostnames to manage (default: api,gitea,admin,tracker,llmlab)
  --validate             Run dig validation after changes
  --dry-run              Print the API operations without applying them
  -h, --help             Show help