proxmox/scripts/deploy-besu-node-lists-to-all.sh

#!/usr/bin/env bash
# Deploy canonical static-nodes.json and permissions-nodes.toml to ALL Besu nodes.
# Source: config/besu-node-lists/ (single source of truth).
# Ensures identical node lists on every validator, sentry, and RPC for correct permissioning.
#
# Usage: ./scripts/deploy-besu-node-lists-to-all.sh [--dry-run]

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

SSH_OPTS=(-o ConnectTimeout=20 -o ServerAliveInterval=15 -o ServerAliveCountMax=3 -o StrictHostKeyChecking=accept-new)

DRY_RUN=false
[[ "${1:-}" == "--dry-run" ]] && DRY_RUN=true

STATIC="${PROJECT_ROOT}/config/besu-node-lists/static-nodes.json"
PERMS="${PROJECT_ROOT}/config/besu-node-lists/permissions-nodes.toml"

if [[ ! -f "$STATIC" ]] || [[ ! -f "$PERMS" ]]; then
    echo "ERROR: Canonical files not found:" >&2
    [[ ! -f "$STATIC" ]] && echo "  $STATIC" >&2
    [[ ! -f "$PERMS" ]] && echo "  $PERMS" >&2
    echo "See config/besu-node-lists/README.md" >&2
    exit 1
fi

# VMID -> Proxmox host (per BESU_VMIDS_FROM_PROXMOX / list-besu-vmids-from-proxmox.sh)
declare -A HOST_BY_VMID
# r630-01 (192.168.11.11) — 2500-2505 removed (destroyed; see ALL_VMIDS_ENDPOINTS.md)
for v in 1000 1001 1002 1500 1501 1502 2101 2103; do HOST_BY_VMID[$v]="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"; done
# r630-02 (192.168.11.12)
for v in 2201 2303 2305 2306 2307 2308 2401; do HOST_BY_VMID[$v]="${PROXMOX_R630_02:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"; done
# r630-03 (192.168.11.13)
for v in 1003 1004 1503 1504 1505 1506 1507 1508 1509 1510 2102 2301 2304 2400 2402 2403; do HOST_BY_VMID[$v]="${PROXMOX_R630_03:-${PROXMOX_HOST_R630_03:-192.168.11.13}}"; done

BESU_VMIDS=(1000 1001 1002 1003 1004 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 2101 2102 2103 2201 2301 2303 2304 2305 2306 2307 2308 2400 2401 2402 2403)

echo "Deploying Besu node lists from config/besu-node-lists/ to all nodes"
echo "  static-nodes.json      -> /etc/besu/static-nodes.json"
echo "  permissions-nodes.toml -> /etc/besu/permissions-nodes.toml"
echo ""

# Group by host to minimize scp/ssh
declare -A VMIDS_ON_HOST
for vmid in "${BESU_VMIDS[@]}"; do
    host="${HOST_BY_VMID[$vmid]:-}"
    [[ -z "$host" ]] && continue
    VMIDS_ON_HOST[$host]+=" $vmid"
done

for host in "${!VMIDS_ON_HOST[@]}"; do
    vmids="${VMIDS_ON_HOST[$host]}"
    echo "--- Host $host (VMIDs:${vmids}) ---"
    if $DRY_RUN; then
        echo "  [dry-run] would scp and pct push to:${vmids}"
        continue
    fi
    scp "${SSH_OPTS[@]}" -q "$STATIC" "$PERMS" "root@${host}:/tmp/" || { echo "  Failed to scp to $host"; continue; }
    for vmid in $vmids; do
        if ssh "${SSH_OPTS[@]}" "root@${host}" "pct status $vmid 2>/dev/null | grep -q running" 2>/dev/null; then
            # timeout: pct push can hang on slow storage; do not block the whole fleet deploy
            ssh "${SSH_OPTS[@]}" "root@${host}" "timeout 180 bash -c 'pct push $vmid /tmp/static-nodes.json /etc/besu/static-nodes.json && pct push $vmid /tmp/permissions-nodes.toml /etc/besu/permissions-nodes.toml && (pct exec $vmid -- chown besu:besu /etc/besu/static-nodes.json /etc/besu/permissions-nodes.toml 2>/dev/null || pct exec $vmid -- chown root:root /etc/besu/static-nodes.json /etc/besu/permissions-nodes.toml 2>/dev/null)'" 2>/dev/null && echo "  OK VMID $vmid" || echo "  Skip/fail VMID $vmid"
        else
            echo "  Skip VMID $vmid (not running)"
        fi
    done
    ssh "${SSH_OPTS[@]}" "root@${host}" "rm -f /tmp/static-nodes.json /tmp/permissions-nodes.toml" 2>/dev/null || true
done

echo ""
echo "Done. To reload static-nodes.json and permissions-nodes.toml immediately, run:"
echo "  bash scripts/besu/restart-besu-reload-node-lists.sh"