Add RTGS control-plane deployment scaffolding

scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Create placeholder LXCs for the DBIS RTGS control plane.
+# Usage:
+#   ./scripts/deployment/create-dbis-rtgs-control-plane-lxcs.sh [--dry-run]
+
+HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
+SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
+TEMPLATE="${PVE_LXC_TEMPLATE:-local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst}"
+STORAGE="${PVE_STORAGE:-local-lvm}"
+BRIDGE="${PVE_BRIDGE:-vmbr0}"
+GATEWAY="${PVE_GATEWAY:-192.168.11.1}"
+
+DRY_RUN=false
+if [[ "${1:-}" == "--dry-run" ]]; then
+  DRY_RUN=true
+fi
+
+LXCS=(
+  "${RTGS_ORCH_VMID:-5805} ${RTGS_ORCH_HOSTNAME:-rtgs-orchestrator-1} ${RTGS_ORCH_IP:-192.168.11.93} 4096 2 24"
+  "${RTGS_FX_VMID:-5806} ${RTGS_FX_HOSTNAME:-rtgs-fx-1} ${RTGS_FX_IP:-192.168.11.94} 4096 2 24"
+  "${RTGS_LIQ_VMID:-5807} ${RTGS_LIQ_HOSTNAME:-rtgs-liquidity-1} ${RTGS_LIQ_IP:-192.168.11.95} 4096 2 24"
+)
+
+run_remote() {
+  local cmd="$1"
+  if $DRY_RUN; then
+    echo "[DRY-RUN] $cmd"
+  else
+    ssh $SSH_OPTS "root@$HOST" "$cmd"
+  fi
+}
+
+echo "=== DBIS RTGS control-plane LXCs ==="
+echo "Host: $HOST"
+echo "Template: $TEMPLATE"
+echo
+
+for spec in "${LXCS[@]}"; do
+  read -r vmid hostname ip memory cores disk <<<"$spec"
+  cmd="pct create $vmid $TEMPLATE \
+    --hostname $hostname \
+    --cores $cores \
+    --memory $memory \
+    --rootfs ${STORAGE}:${disk} \
+    --net0 name=eth0,bridge=${BRIDGE},gw=${GATEWAY},ip=${ip}/24 \
+    --onboot 1 \
+    --unprivileged 1 \
+    --features nesting=1 \
+    --password \$(openssl rand -base64 18) \
+    --description 'DBIS RTGS control-plane LXC ($hostname)'"
+  run_remote "$cmd"
+done

scripts/deployment/deploy-dbis-rtgs-control-plane.sh

@@ -0,0 +1,153 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Deploy the DBIS RTGS control-plane services when artifacts are available.
+# Usage:
+#   ./scripts/deployment/deploy-dbis-rtgs-control-plane.sh [--dry-run]
+
+HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
+SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
+
+ORCH_VMID="${RTGS_ORCH_VMID:-5805}"
+FX_VMID="${RTGS_FX_VMID:-5806}"
+LIQ_VMID="${RTGS_LIQ_VMID:-5807}"
+
+ORCH_JAR="${RTGS_ORCH_JAR:-}"
+FX_JAR="${RTGS_FX_JAR:-}"
+LIQ_JAR="${RTGS_LIQ_JAR:-}"
+
+OMNL_BASE_URL="${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}"
+OMNL_TENANT="${OMNL_FINERACT_TENANT:-omnl}"
+OMNL_USER="${OMNL_FINERACT_USER:-}"
+OMNL_PASSWORD="${OMNL_FINERACT_PASSWORD:-}"
+
+DRY_RUN=false
+if [[ "${1:-}" == "--dry-run" ]]; then
+  DRY_RUN=true
+fi
+
+run_remote() {
+  local vmid="$1"
+  local cmd="$2"
+  if $DRY_RUN; then
+    echo "[DRY-RUN][CT $vmid] $cmd"
+  else
+    ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc $(printf '%q' "$cmd")"
+  fi
+}
+
+push_file() {
+  local vmid="$1"
+  local src="$2"
+  local dest="$3"
+  if $DRY_RUN; then
+    echo "[DRY-RUN][CT $vmid] copy $src -> $dest"
+  else
+    ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- mkdir -p $(dirname "$dest")"
+    ssh $SSH_OPTS "root@$HOST" "cat > /tmp/$(basename "$dest")" < "$src"
+    ssh $SSH_OPTS "root@$HOST" "pct push $vmid /tmp/$(basename "$dest") $dest >/dev/null && rm -f /tmp/$(basename "$dest")"
+  fi
+}
+
+setup_base_runtime() {
+  local vmid="$1"
+  run_remote "$vmid" "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y openjdk-21-jre-headless redis-server curl ca-certificates"
+  run_remote "$vmid" "systemctl enable redis-server --now"
+}
+
+require_artifact() {
+  local label="$1"
+  local path="$2"
+  if [[ -z "$path" ]]; then
+    echo "Missing ${label}: set the corresponding RTGS_*_JAR env var." >&2
+    exit 1
+  fi
+  if [[ ! -f "$path" ]]; then
+    echo "Missing ${label} artifact: $path" >&2
+    exit 1
+  fi
+}
+
+deploy_service() {
+  local vmid="$1"
+  local service_name="$2"
+  local jar_path="$3"
+  local env_path="$4"
+  local env_content="$5"
+  local workdir="/opt/dbis-rtgs/${service_name}"
+  local unitfile
+
+  setup_base_runtime "$vmid"
+  push_file "$vmid" "$jar_path" "${workdir}/${service_name}.jar"
+
+  local env_tmp
+  env_tmp="$(mktemp)"
+  cat > "$env_tmp" <<<"$env_content"
+  push_file "$vmid" "$env_tmp" "$env_path"
+  rm -f "$env_tmp"
+
+  unitfile="$(mktemp)"
+  cat > "$unitfile" <<EOF
+[Unit]
+Description=DBIS RTGS ${service_name}
+After=network-online.target redis-server.service
+Wants=network-online.target
+
+[Service]
+User=root
+WorkingDirectory=${workdir}
+EnvironmentFile=${env_path}
+ExecStart=/usr/bin/java -jar ${workdir}/${service_name}.jar
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+  push_file "$vmid" "$unitfile" "/etc/systemd/system/dbis-rtgs-${service_name}.service"
+  rm -f "$unitfile"
+  run_remote "$vmid" "mkdir -p ${workdir} /etc/dbis-rtgs /var/lib/dbis-rtgs/${service_name} && systemctl daemon-reload && systemctl enable dbis-rtgs-${service_name} && systemctl restart dbis-rtgs-${service_name}"
+}
+
+require_artifact "orchestrator JAR" "$ORCH_JAR"
+require_artifact "FX engine JAR" "$FX_JAR"
+require_artifact "liquidity engine JAR" "$LIQ_JAR"
+
+deploy_service "$ORCH_VMID" "orchestrator" "$ORCH_JAR" "/etc/dbis-rtgs/orchestrator.env" "$(cat <<EOF
+SERVER_PORT=8080
+DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/orchestrator/orchestrator;DB_CLOSE_ON_EXIT=FALSE
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+OMNL_BASE_URL=${OMNL_BASE_URL}
+OMNL_TENANT=${OMNL_TENANT}
+OMNL_USER=${OMNL_USER}
+OMNL_PASSWORD=${OMNL_PASSWORD}
+EOF
+)"
+
+deploy_service "$FX_VMID" "fx-engine" "$FX_JAR" "/etc/dbis-rtgs/fx-engine.env" "$(cat <<EOF
+SERVER_PORT=8080
+DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/fx-engine/fx-engine;DB_CLOSE_ON_EXIT=FALSE
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+OMNL_BASE_URL=${OMNL_BASE_URL}
+OMNL_TENANT=${OMNL_TENANT}
+OMNL_USER=${OMNL_USER}
+OMNL_PASSWORD=${OMNL_PASSWORD}
+EOF
+)"
+
+deploy_service "$LIQ_VMID" "liquidity-engine" "$LIQ_JAR" "/etc/dbis-rtgs/liquidity-engine.env" "$(cat <<EOF
+SERVER_PORT=8080
+DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/liquidity-engine/liquidity-engine;DB_CLOSE_ON_EXIT=FALSE
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+OMNL_BASE_URL=${OMNL_BASE_URL}
+OMNL_TENANT=${OMNL_TENANT}
+OMNL_USER=${OMNL_USER}
+OMNL_PASSWORD=${OMNL_PASSWORD}
+EOF
+)"
+
+echo "DBIS RTGS control-plane deployment complete."

scripts/verify/check-dbis-rtgs-control-plane.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Verify the DBIS RTGS control-plane services once deployed.
+
+HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
+SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
+
+check_ct() {
+  local vmid="$1"
+  local hostname="$2"
+  local service="$3"
+
+  echo "=== CT $vmid ($hostname) ==="
+  ssh $SSH_OPTS "root@$HOST" "pct status $vmid"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'systemctl is-active redis-server'"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'systemctl is-active $service'"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'curl -sf http://127.0.0.1:8080/actuator/health'"
+  echo
+}
+
+echo "=== DBIS RTGS control-plane runtime check ==="
+echo "Host: $HOST"
+echo
+
+check_ct "${RTGS_ORCH_VMID:-5805}" "${RTGS_ORCH_HOSTNAME:-rtgs-orchestrator-1}" dbis-rtgs-orchestrator
+check_ct "${RTGS_FX_VMID:-5806}" "${RTGS_FX_HOSTNAME:-rtgs-fx-1}" dbis-rtgs-fx-engine
+check_ct "${RTGS_LIQ_VMID:-5807}" "${RTGS_LIQ_HOSTNAME:-rtgs-liquidity-1}" dbis-rtgs-liquidity-engine
+
+echo "=== OMNL reachability from control plane ==="
+for vmid in "${RTGS_ORCH_VMID:-5805}" "${RTGS_FX_VMID:-5806}" "${RTGS_LIQ_VMID:-5807}"; do
+  printf 'CT %s -> ' "$vmid"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'curl -s -o /tmp/fineract.out -w \"%{http_code}\" http://192.168.11.85:8080/fineract-provider/api/v1/offices'"
+  echo
+done