Add RTGS later-phase sidecar deployment scaffolding

scripts/deployment/create-dbis-rtgs-later-phase-sidecar-lxcs.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Create placeholder LXCs for later-phase DBIS RTGS sidecars.
+# Usage:
+#   ./scripts/deployment/create-dbis-rtgs-later-phase-sidecar-lxcs.sh [--dry-run]
+
+HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
+SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
+TEMPLATE="${PVE_LXC_TEMPLATE:-local:vztmpl/debian-12-standard_12.7-1_amd64.tar.zst}"
+STORAGE="${PVE_STORAGE:-local-lvm}"
+BRIDGE="${PVE_BRIDGE:-vmbr0}"
+GATEWAY="${PVE_GATEWAY:-192.168.11.1}"
+
+DRY_RUN=false
+if [[ "${1:-}" == "--dry-run" ]]; then
+  DRY_RUN=true
+fi
+
+LXCS=(
+  "${RTGS_SECURITIES_VMID:-5808} ${RTGS_SECURITIES_HOSTNAME:-rtgs-securities-1} ${RTGS_SECURITIES_IP:-192.168.11.96} 4096 2 24"
+  "${RTGS_CARDNET_VMID:-5809} ${RTGS_CARDNET_HOSTNAME:-rtgs-cardnet-1} ${RTGS_CARDNET_IP:-192.168.11.97} 4096 2 24"
+  "${RTGS_MT103_VMID:-5810} ${RTGS_MT103_HOSTNAME:-rtgs-mt103-1} ${RTGS_MT103_IP:-192.168.11.98} 4096 2 24"
+)
+
+run_remote() {
+  local cmd="$1"
+  if $DRY_RUN; then
+    echo "[DRY-RUN] $cmd"
+  else
+    ssh $SSH_OPTS "root@$HOST" "$cmd"
+  fi
+}
+
+echo "=== DBIS RTGS later-phase sidecar LXCs ==="
+echo "Host: $HOST"
+echo "Template: $TEMPLATE"
+echo
+
+for spec in "${LXCS[@]}"; do
+  read -r vmid hostname ip memory cores disk <<<"$spec"
+  cmd="pct create $vmid $TEMPLATE \
+    --hostname $hostname \
+    --cores $cores \
+    --memory $memory \
+    --rootfs ${STORAGE}:${disk} \
+    --net0 name=eth0,bridge=${BRIDGE},gw=${GATEWAY},ip=${ip}/24 \
+    --onboot 1 \
+    --unprivileged 1 \
+    --features nesting=1 \
+    --password \$(openssl rand -base64 18) \
+    --description 'DBIS RTGS later-phase sidecar LXC ($hostname)'"
+  run_remote "$cmd"
+done

scripts/deployment/deploy-dbis-rtgs-later-phase-sidecars.sh

@@ -0,0 +1,178 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Deploy later-phase DBIS RTGS sidecars when artifacts are available.
+# Usage:
+#   ./scripts/deployment/deploy-dbis-rtgs-later-phase-sidecars.sh [--dry-run]
+
+HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
+SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
+
+SECT_VMID="${RTGS_SECURITIES_VMID:-5808}"
+CARD_VMID="${RTGS_CARDNET_VMID:-5809}"
+MT103_VMID="${RTGS_MT103_VMID:-5810}"
+
+SECT_JAR="${RTGS_SECURITIES_JAR:-/home/intlc/projects/HYBX_Sidecars/securities-sidecar/securities-app/target/securities-app-1.0.0-SNAPSHOT.jar}"
+CARD_JAR="${RTGS_CARDNET_JAR:-/home/intlc/projects/HYBX_Sidecars/card-networks-sidecar/cardnet-app/target/cardnet-app-1.0.0-SNAPSHOT.jar}"
+MT103_BIN="${RTGS_MT103_BIN:-/home/intlc/projects/HYBX_Sidecars/mt103-hardcopy-sidecar/server}"
+
+OMNL_BASE_URL="${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}"
+OMNL_TENANT="${OMNL_FINERACT_TENANT:-omnl}"
+OMNL_USER="${OMNL_FINERACT_USER:-}"
+OMNL_PASSWORD="${OMNL_FINERACT_PASSWORD:-}"
+MT103_DATABASE_URL="${MT103_DATABASE_URL:-postgres://localhost/mt103_sidecar?sslmode=disable}"
+
+DRY_RUN=false
+if [[ "${1:-}" == "--dry-run" ]]; then
+  DRY_RUN=true
+fi
+
+run_remote() {
+  local vmid="$1"
+  local cmd="$2"
+  if $DRY_RUN; then
+    echo "[DRY-RUN][CT $vmid] $cmd"
+  else
+    ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc $(printf '%q' "$cmd")"
+  fi
+}
+
+push_file() {
+  local vmid="$1"
+  local src="$2"
+  local dest="$3"
+  if $DRY_RUN; then
+    echo "[DRY-RUN][CT $vmid] copy $src -> $dest"
+  else
+    ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- mkdir -p $(dirname "$dest")"
+    ssh $SSH_OPTS "root@$HOST" "cat > /tmp/$(basename "$dest")" < "$src"
+    ssh $SSH_OPTS "root@$HOST" "pct push $vmid /tmp/$(basename "$dest") $dest >/dev/null && rm -f /tmp/$(basename "$dest")"
+  fi
+}
+
+require_file() {
+  local path="$1"
+  if [[ ! -f "$path" ]]; then
+    echo "Missing required artifact: $path" >&2
+    exit 1
+  fi
+}
+
+setup_java_runtime() {
+  local vmid="$1"
+  run_remote "$vmid" "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y openjdk-21-jre-headless redis-server curl ca-certificates"
+  run_remote "$vmid" "systemctl enable redis-server --now"
+}
+
+setup_go_runtime() {
+  local vmid="$1"
+  run_remote "$vmid" "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y curl ca-certificates"
+}
+
+deploy_java_sidecar() {
+  local vmid="$1"
+  local svc="$2"
+  local jar="$3"
+  local env_content="$4"
+  require_file "$jar"
+  setup_java_runtime "$vmid"
+  push_file "$vmid" "$jar" "/opt/dbis-rtgs/${svc}/${svc}.jar"
+
+  local envfile unit
+  envfile="$(mktemp)"
+  cat > "$envfile" <<<"$env_content"
+  push_file "$vmid" "$envfile" "/etc/dbis-rtgs/${svc}.env"
+  rm -f "$envfile"
+
+  unit="$(mktemp)"
+  cat > "$unit" <<EOF
+[Unit]
+Description=DBIS RTGS ${svc}
+After=network-online.target redis-server.service
+Wants=network-online.target
+
+[Service]
+User=root
+WorkingDirectory=/opt/dbis-rtgs/${svc}
+EnvironmentFile=/etc/dbis-rtgs/${svc}.env
+ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/${svc}/${svc}.jar
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+  push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-${svc}.service"
+  rm -f "$unit"
+  run_remote "$vmid" "mkdir -p /opt/dbis-rtgs/${svc} /etc/dbis-rtgs /var/lib/dbis-rtgs/${svc} && systemctl daemon-reload && systemctl enable dbis-rtgs-${svc} && systemctl restart dbis-rtgs-${svc}"
+}
+
+deploy_mt103() {
+  require_file "$MT103_BIN"
+  setup_go_runtime "$MT103_VMID"
+  push_file "$MT103_VMID" "$MT103_BIN" "/opt/dbis-rtgs/mt103/server"
+  run_remote "$MT103_VMID" "chmod +x /opt/dbis-rtgs/mt103/server"
+
+  local envfile unit
+  envfile="$(mktemp)"
+  cat > "$envfile" <<EOF
+HTTP_PORT=8080
+DATABASE_URL=${MT103_DATABASE_URL}
+STORAGE_BASE_PATH=/var/lib/dbis-rtgs/mt103/storage
+AUTH_MODE=none
+EOF
+  push_file "$MT103_VMID" "$envfile" "/etc/dbis-rtgs/mt103.env"
+  rm -f "$envfile"
+
+  unit="$(mktemp)"
+  cat > "$unit" <<'EOF'
+[Unit]
+Description=DBIS RTGS mt103-hardcopy-sidecar
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+User=root
+WorkingDirectory=/opt/dbis-rtgs/mt103
+EnvironmentFile=/etc/dbis-rtgs/mt103.env
+ExecStart=/opt/dbis-rtgs/mt103/server
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+  push_file "$MT103_VMID" "$unit" "/etc/systemd/system/dbis-rtgs-mt103.service"
+  rm -f "$unit"
+  run_remote "$MT103_VMID" "mkdir -p /opt/dbis-rtgs/mt103 /etc/dbis-rtgs /var/lib/dbis-rtgs/mt103/storage && systemctl daemon-reload && systemctl enable dbis-rtgs-mt103 && systemctl restart dbis-rtgs-mt103"
+}
+
+deploy_java_sidecar "$SECT_VMID" "securities" "$SECT_JAR" "$(cat <<EOF
+SERVER_PORT=8080
+DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/securities/securities;DB_CLOSE_ON_EXIT=FALSE
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+KAFKA_BOOTSTRAP_SERVERS=
+FINERACT_BASE_URL=${OMNL_BASE_URL}
+FINERACT_TENANT=${OMNL_TENANT}
+FINERACT_USERNAME=${OMNL_USER}
+FINERACT_PASSWORD=${OMNL_PASSWORD}
+EOF
+)"
+
+deploy_java_sidecar "$CARD_VMID" "cardnet" "$CARD_JAR" "$(cat <<EOF
+SERVER_PORT=8080
+DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/cardnet/cardnet;DB_CLOSE_ON_EXIT=FALSE
+REDIS_HOST=127.0.0.1
+REDIS_PORT=6379
+KAFKA_BOOTSTRAP_SERVERS=
+FINERACT_BASE_URL=${OMNL_BASE_URL}
+FINERACT_TENANT=${OMNL_TENANT}
+FINERACT_USERNAME=${OMNL_USER}
+FINERACT_PASSWORD=${OMNL_PASSWORD}
+EOF
+)"
+
+deploy_mt103
+
+echo "DBIS RTGS later-phase sidecar deployment complete."

scripts/verify/check-dbis-rtgs-later-phase-sidecars.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Verify the later-phase DBIS RTGS sidecars once deployed.
+
+HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
+SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
+
+check_java_ct() {
+  local vmid="$1"
+  local hostname="$2"
+  local service="$3"
+  echo "=== CT $vmid ($hostname) ==="
+  ssh $SSH_OPTS "root@$HOST" "pct status $vmid"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'systemctl is-active redis-server'"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'systemctl is-active $service'"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'curl -sf http://127.0.0.1:8080/actuator/health'"
+  echo
+}
+
+check_go_ct() {
+  local vmid="$1"
+  local hostname="$2"
+  local service="$3"
+  echo "=== CT $vmid ($hostname) ==="
+  ssh $SSH_OPTS "root@$HOST" "pct status $vmid"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'systemctl is-active $service'"
+  ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc 'curl -sf http://127.0.0.1:8080/health'"
+  echo
+}
+
+echo "=== DBIS RTGS later-phase sidecar runtime check ==="
+echo "Host: $HOST"
+echo
+
+check_java_ct "${RTGS_SECURITIES_VMID:-5808}" "${RTGS_SECURITIES_HOSTNAME:-rtgs-securities-1}" dbis-rtgs-securities
+check_java_ct "${RTGS_CARDNET_VMID:-5809}" "${RTGS_CARDNET_HOSTNAME:-rtgs-cardnet-1}" dbis-rtgs-cardnet
+check_go_ct "${RTGS_MT103_VMID:-5810}" "${RTGS_MT103_HOSTNAME:-rtgs-mt103-1}" dbis-rtgs-mt103