#!/usr/bin/env bash set -euo pipefail # Deploy the three selected DBIS RTGS first-slice sidecars to their LXC targets. # Usage: # ./scripts/deployment/deploy-dbis-rtgs-first-slice-sidecars.sh [--dry-run] SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" if [[ -f "$PROJECT_ROOT/omnl-fineract/.env" ]]; then set +u # shellcheck source=/dev/null source "$PROJECT_ROOT/omnl-fineract/.env" set -u fi HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}" SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new" SCSM_JAR="/home/intlc/projects/HYBX_Sidecars/mifos-fineract-sidecar/scsm-app/target/scsm-app-1.0.0-SNAPSHOT.jar" FUNDS_JAR="/home/intlc/projects/HYBX_Sidecars/server-funds-sidecar/funds-app/target/funds-app-1.0.0-SNAPSHOT.jar" XAU_JAR="/home/intlc/projects/HYBX_Sidecars/off-ledger-2-on-ledger-sidecar/target/off-ledger-2-on-ledger-sidecar-0.1.0-SNAPSHOT.jar" SCSM_FINERACT_BASE_URL="${SCSM_FINERACT_BASE_URL:-${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}}" SCSM_FINERACT_TENANT="${SCSM_FINERACT_TENANT:-${OMNL_FINERACT_TENANT:-omnl}}" SCSM_FINERACT_USERNAME="${SCSM_FINERACT_USERNAME:-${OMNL_FINERACT_USER:-}}" SCSM_FINERACT_PASSWORD="${SCSM_FINERACT_PASSWORD:-${OMNL_FINERACT_PASSWORD:-}}" FUNDS_FINERACT_BASE_URL="${FUNDS_FINERACT_BASE_URL:-${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}}" FUNDS_FINERACT_TENANT="${FUNDS_FINERACT_TENANT:-${OMNL_FINERACT_TENANT:-omnl}}" FUNDS_FINERACT_USERNAME="${FUNDS_FINERACT_USERNAME:-${OMNL_FINERACT_USER:-}}" FUNDS_FINERACT_PASSWORD="${FUNDS_FINERACT_PASSWORD:-${OMNL_FINERACT_PASSWORD:-}}" FUNDS_FINERACT_OFFICE_ID="${FUNDS_FINERACT_OFFICE_ID:-1}" FUNDS_DEFAULT_DEBIT_GL_ID="${FUNDS_DEFAULT_DEBIT_GL_ID:-24}" FUNDS_DEFAULT_CREDIT_GL_ID="${FUNDS_DEFAULT_CREDIT_GL_ID:-3}" XAU_FINERACT_BASE_URL="${XAU_FINERACT_BASE_URL:-${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}}" XAU_FINERACT_TENANT="${XAU_FINERACT_TENANT:-${OMNL_FINERACT_TENANT:-omnl}}" XAU_FINERACT_USERNAME="${XAU_FINERACT_USERNAME:-${OMNL_FINERACT_USER:-}}" XAU_FINERACT_PASSWORD="${XAU_FINERACT_PASSWORD:-${OMNL_FINERACT_PASSWORD:-}}" XAU_FINERACT_OFFICE_ID="${XAU_FINERACT_OFFICE_ID:-1}" XAU_FEED_URL="${XAU_FEED_URL:-}" XAU_STUB_PRICE="${XAU_STUB_PRICE:-2000}" XAU_GL_GOLD_COLLATERAL_ENCUMBERED="${XAU_GL_GOLD_COLLATERAL_ENCUMBERED:-7}" XAU_GL_GOLD_COLLATERAL_FREE="${XAU_GL_GOLD_COLLATERAL_FREE:-1}" XAU_GL_OFF_LEDGER_SETTLEMENT_CLEARING="${XAU_GL_OFF_LEDGER_SETTLEMENT_CLEARING:-14}" XAU_GL_BORROWER_RECEIVABLE="${XAU_GL_BORROWER_RECEIVABLE:-24}" XAU_GL_TEMPORARY_CREDIT_ISSUED="${XAU_GL_TEMPORARY_CREDIT_ISSUED:-3}" XAU_GL_TEMPORARY_DEBT_PAYABLE="${XAU_GL_TEMPORARY_DEBT_PAYABLE:-25}" XAU_GL_CONVERSION_CONTROL_SUSPENSE="${XAU_GL_CONVERSION_CONTROL_SUSPENSE:-5}" CHAIN138_SETTLEMENT_PRIVATE_KEY="${CHAIN138_SETTLEMENT_PRIVATE_KEY:-${PRIVATE_KEY:-}}" CHAIN138_SETTLEMENT_WAIT_FOR_RECEIPT="${CHAIN138_SETTLEMENT_WAIT_FOR_RECEIPT:-false}" CHAIN138_SETTLEMENT_MERCHANT_ADDRESS="${CHAIN138_SETTLEMENT_MERCHANT_ADDRESS:-}" if [[ -z "$CHAIN138_SETTLEMENT_MERCHANT_ADDRESS" && -n "$CHAIN138_SETTLEMENT_PRIVATE_KEY" ]] && command -v cast >/dev/null 2>&1; then CHAIN138_SETTLEMENT_MERCHANT_ADDRESS="$(cast wallet address "$CHAIN138_SETTLEMENT_PRIVATE_KEY" 2>/dev/null || true)" fi DRY_RUN=false if [[ "${1:-}" == "--dry-run" ]]; then DRY_RUN=true fi TARGETS="${TARGETS:-scsm,funds,xau}" require_file() { local path="$1" if [[ ! -f "$path" ]]; then echo "Missing required artifact: $path" >&2 exit 1 fi } require_file "$SCSM_JAR" require_file "$FUNDS_JAR" require_file "$XAU_JAR" run_remote() { local vmid="$1" local cmd="$2" if $DRY_RUN; then echo "[DRY-RUN][CT $vmid] $cmd" else ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc $(printf '%q' "$cmd")" fi } target_enabled() { local want="$1" [[ ",$TARGETS," == *",$want,"* ]] } wait_for_health() { local vmid="$1" local url="$2" local out_file="$3" local attempts="${4:-20}" local sleep_seconds="${5:-2}" local cmd="for i in \$(seq 1 $attempts); do if curl -sf \"$url\" > \"$out_file\"; then cat \"$out_file\"; exit 0; fi; sleep $sleep_seconds; done; exit 7" run_remote "$vmid" "$cmd" } push_file() { local vmid="$1" local src="$2" local dest="$3" if $DRY_RUN; then echo "[DRY-RUN][CT $vmid] copy $src -> $dest" else ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- mkdir -p $(dirname "$dest")" ssh $SSH_OPTS "root@$HOST" "cat > /tmp/$(basename "$dest")" < "$src" ssh $SSH_OPTS "root@$HOST" "pct push $vmid /tmp/$(basename "$dest") $dest >/dev/null && rm -f /tmp/$(basename "$dest")" fi } setup_base_runtime() { local vmid="$1" run_remote "$vmid" "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y openjdk-21-jre-headless redis-server curl ca-certificates" run_remote "$vmid" "systemctl enable redis-server --now" } deploy_scsm() { local vmid=5802 setup_base_runtime "$vmid" push_file "$vmid" "$SCSM_JAR" "/opt/dbis-rtgs/scsm/scsm-app.jar" local envfile unit envfile="$(mktemp)" cat > "$envfile" < "$unit" <<'EOF' [Unit] Description=DBIS RTGS SCSM sidecar After=network-online.target redis-server.service Wants=network-online.target [Service] User=root WorkingDirectory=/opt/dbis-rtgs/scsm EnvironmentFile=/etc/dbis-rtgs/scsm.env ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/scsm/scsm-app.jar Restart=always RestartSec=5 [Install] WantedBy=multi-user.target EOF push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-scsm.service" rm -f "$unit" run_remote "$vmid" "mkdir -p /var/lib/dbis-rtgs/scsm /opt/dbis-rtgs/scsm /etc/dbis-rtgs && systemctl daemon-reload && systemctl enable dbis-rtgs-scsm && systemctl restart dbis-rtgs-scsm" wait_for_health "$vmid" "http://127.0.0.1:8080/actuator/health" "/tmp/scsm-health.json" } deploy_funds() { local vmid=5803 setup_base_runtime "$vmid" push_file "$vmid" "$FUNDS_JAR" "/opt/dbis-rtgs/funds/funds-app.jar" local envfile unit envfile="$(mktemp)" cat > "$envfile" < "$unit" <<'EOF' [Unit] Description=DBIS RTGS server-funds sidecar After=network-online.target redis-server.service Wants=network-online.target [Service] User=root WorkingDirectory=/opt/dbis-rtgs/funds EnvironmentFile=/etc/dbis-rtgs/funds.env ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/funds/funds-app.jar Restart=always RestartSec=5 [Install] WantedBy=multi-user.target EOF push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-funds.service" rm -f "$unit" run_remote "$vmid" "mkdir -p /var/lib/dbis-rtgs/funds /opt/dbis-rtgs/funds /etc/dbis-rtgs && systemctl daemon-reload && systemctl enable dbis-rtgs-funds && systemctl restart dbis-rtgs-funds" wait_for_health "$vmid" "http://127.0.0.1:8080/actuator/health" "/tmp/funds-health.json" } deploy_xau() { local vmid=5804 setup_base_runtime "$vmid" push_file "$vmid" "$XAU_JAR" "/opt/dbis-rtgs/xau/off-ledger-2-on-ledger-sidecar.jar" local envfile unit envfile="$(mktemp)" cat > "$envfile" < "$unit" <<'EOF' [Unit] Description=DBIS RTGS XAU conversion sidecar After=network-online.target Wants=network-online.target [Service] User=root WorkingDirectory=/opt/dbis-rtgs/xau EnvironmentFile=/etc/dbis-rtgs/xau.env ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/xau/off-ledger-2-on-ledger-sidecar.jar Restart=always RestartSec=5 [Install] WantedBy=multi-user.target EOF push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-xau.service" rm -f "$unit" run_remote "$vmid" "mkdir -p /opt/dbis-rtgs/xau /etc/dbis-rtgs && systemctl daemon-reload && systemctl enable dbis-rtgs-xau && systemctl restart dbis-rtgs-xau" wait_for_health "$vmid" "http://127.0.0.1:8080/actuator/health" "/tmp/xau-health.json" } echo "=== Deploy DBIS RTGS first-slice sidecars ===" echo "Host: $HOST" echo if target_enabled scsm; then deploy_scsm fi if target_enabled funds; then deploy_funds fi if target_enabled xau; then deploy_xau fi echo echo "Done."