proxmox/scripts/deployment/provision-oracle-publisher-lxc-3500.sh

#!/usr/bin/env bash
# Install Oracle Publisher on LXC 3500 (fresh Ubuntu template). Run from project root on LAN.
# Sources scripts/lib/load-project-env.sh for PRIVATE_KEY, AGGREGATOR_ADDRESS, COINGECKO_API_KEY, etc.
#
# Usage: ./scripts/deployment/provision-oracle-publisher-lxc-3500.sh
# Env:   ORACLE_LXC_PROXMOX_HOST (default 192.168.11.12 — node where VMID 3500 runs; do not use root PROXMOX_HOST)
#        ORACLE_VMID (default 3500)

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# shellcheck source=/dev/null
source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh"

PROXMOX_HOST="${ORACLE_LXC_PROXMOX_HOST:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"
ORACLE_VMID="${ORACLE_VMID:-3500}"
ORACLE_HOME="/opt/oracle-publisher"
ORACLE_USER="${ORACLE_USER:-oracle}"
RPC_URL="${RPC_URL:-http://192.168.11.211:8545}"
AGGREGATOR_ADDRESS="${AGGREGATOR_ADDRESS:-${ORACLE_AGGREGATOR_ADDRESS:-0x99b3511a2d315a497c8112c1fdd8d508d4b1e506}}"
ORACLE_PROXY_ADDRESS="${ORACLE_PROXY_ADDRESS:-0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6}"
SSH_OPTS=(-o ConnectTimeout=25 -o StrictHostKeyChecking=accept-new)

if [[ -z "${PRIVATE_KEY:-}" ]]; then
  echo "ERROR: PRIVATE_KEY not set. Source smom-dbis-138/.env or export PRIVATE_KEY before running." >&2
  exit 1
fi

PY_SRC="${PROJECT_ROOT}/smom-dbis-138/services/oracle-publisher/oracle_publisher.py"
REQ="${PROJECT_ROOT}/smom-dbis-138/services/oracle-publisher/requirements.txt"
[[ -f "$PY_SRC" ]] || { echo "ERROR: missing $PY_SRC" >&2; exit 1; }
[[ -f "$REQ" ]] || { echo "ERROR: missing $REQ" >&2; exit 1; }

remote() { ssh "${SSH_OPTS[@]}" "root@${PROXMOX_HOST}" "$@"; }

echo "=== Provisioning Oracle Publisher: host=${PROXMOX_HOST} vmid=${ORACLE_VMID} ==="

remote "pct status ${ORACLE_VMID}" >/dev/null

echo "[1/6] OS packages + oracle user..."
remote "pct exec ${ORACLE_VMID} -- bash -es" <<EOS
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y -qq python3 python3-pip python3-venv ca-certificates curl
if ! id -u ${ORACLE_USER} &>/dev/null; then
  useradd -r -s /bin/bash -d ${ORACLE_HOME} -m ${ORACLE_USER}
fi
mkdir -p ${ORACLE_HOME}
chown -R ${ORACLE_USER}:${ORACLE_USER} ${ORACLE_HOME}
EOS

echo "[2/6] Push Python app + requirements..."
scp "${SSH_OPTS[@]}" "$PY_SRC" "root@${PROXMOX_HOST}:/tmp/oracle_publisher.py"
scp "${SSH_OPTS[@]}" "$REQ" "root@${PROXMOX_HOST}:/tmp/oracle-requirements.txt"
remote "pct push ${ORACLE_VMID} /tmp/oracle_publisher.py ${ORACLE_HOME}/oracle_publisher.py"
remote "pct push ${ORACLE_VMID} /tmp/oracle-requirements.txt ${ORACLE_HOME}/requirements.txt"
remote "pct exec ${ORACLE_VMID} -- chown ${ORACLE_USER}:${ORACLE_USER} ${ORACLE_HOME}/oracle_publisher.py ${ORACLE_HOME}/requirements.txt"
remote "pct exec ${ORACLE_VMID} -- chmod 755 ${ORACLE_HOME}/oracle_publisher.py"

echo "[3/6] Python venv + pip..."
remote "pct exec ${ORACLE_VMID} -- bash -es" <<EOS
sudo -u ${ORACLE_USER} python3 -m venv ${ORACLE_HOME}/venv
sudo -u ${ORACLE_USER} ${ORACLE_HOME}/venv/bin/pip install -q --upgrade pip
sudo -u ${ORACLE_USER} ${ORACLE_HOME}/venv/bin/pip install -q -r ${ORACLE_HOME}/requirements.txt || true
# Minimal set if optional OTEL packages fail; web3 v7 breaks geth_poa_middleware — pin v6
sudo -u ${ORACLE_USER} ${ORACLE_HOME}/venv/bin/pip install -q 'web3>=6.15,<7' eth-account requests python-dotenv prometheus-client || true
EOS

echo "[4/6] Write .env (no stdout of secrets)..."
ENV_TMP="$(mktemp)"
chmod 600 "$ENV_TMP"
# Quote URLs for systemd EnvironmentFile: unquoted "&" can break parsing / concatenation.
DS1_URL="https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd"
if [[ -n "${COINGECKO_API_KEY:-}" ]]; then
  DS1_URL="${DS1_URL}&x_cg_demo_api_key=${COINGECKO_API_KEY}"
fi
{
  echo "RPC_URL=${RPC_URL}"
  echo "AGGREGATOR_ADDRESS=${AGGREGATOR_ADDRESS}"
  echo "PRIVATE_KEY=${PRIVATE_KEY}"
  echo "HEARTBEAT=60"
  echo "DEVIATION_THRESHOLD=0.5"
  echo "ORACLE_ADDRESS=${ORACLE_PROXY_ADDRESS}"
  echo "CHAIN_ID=138"
  echo "COINGECKO_API_KEY=${COINGECKO_API_KEY:-}"
  echo "DATA_SOURCE_1_URL=\"${DS1_URL}\""
  echo "DATA_SOURCE_1_PARSER=ethereum.usd"
  echo "DATA_SOURCE_2_URL=\"https://api.coinbase.com/v2/prices/ETH-USD/spot\""
  echo "DATA_SOURCE_2_PARSER=data.amount"
  # Match smom-dbis-138/scripts/update-oracle-price.sh (100k was OOG on aggregator)
  echo "GAS_LIMIT=400000"
  echo "GAS_PRICE=1000000000"
} > "$ENV_TMP"
scp "${SSH_OPTS[@]}" "$ENV_TMP" "root@${PROXMOX_HOST}:/tmp/oracle-publisher.env"
rm -f "$ENV_TMP"
remote "pct push ${ORACLE_VMID} /tmp/oracle-publisher.env ${ORACLE_HOME}/.env"
remote "pct exec ${ORACLE_VMID} -- chown ${ORACLE_USER}:${ORACLE_USER} ${ORACLE_HOME}/.env"
remote "pct exec ${ORACLE_VMID} -- chmod 600 ${ORACLE_HOME}/.env"
remote "rm -f /tmp/oracle-publisher.env"

echo "[5/6] systemd unit..."
remote "pct exec ${ORACLE_VMID} -- bash -es" <<EOF
cat > /etc/systemd/system/oracle-publisher.service <<'UNIT'
[Unit]
Description=Oracle Publisher Service (Chain 138)
After=network.target
Wants=network-online.target

[Service]
Type=simple
User=${ORACLE_USER}
Group=${ORACLE_USER}
WorkingDirectory=${ORACLE_HOME}
Environment="PATH=${ORACLE_HOME}/venv/bin:/usr/local/bin:/usr/bin:/bin"
EnvironmentFile=-${ORACLE_HOME}/.env
ExecStart=${ORACLE_HOME}/venv/bin/python ${ORACLE_HOME}/oracle_publisher.py
Restart=always
RestartSec=15
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target
UNIT
systemctl daemon-reload
systemctl enable oracle-publisher.service
EOF

echo "[6/6] Start service..."
remote "pct exec ${ORACLE_VMID} -- systemctl restart oracle-publisher.service"
sleep 3
remote "pct exec ${ORACLE_VMID} -- systemctl is-active oracle-publisher.service"

echo ""
echo "OK: Oracle Publisher on VMID ${ORACLE_VMID} (${PROXMOX_HOST})."
echo "Logs: ssh root@${PROXMOX_HOST} \"pct exec ${ORACLE_VMID} -- journalctl -u oracle-publisher -n 40 --no-pager\""