scripts/create-and-setup-rpc-core-2-2102.sh

#!/usr/bin/env bash
# Create LXC 2102 (besu-rpc-core-2), install Besu RPC, push config/genesis/node lists, start service.
# Then collect enode, add to config/besu-node-lists, and run deploy. SFValley2 tunnel is manual (see doc).
#
# Usage: ./scripts/create-and-setup-rpc-core-2-2102.sh [--skip-create]
#   --skip-create  Skip pct create (container already exists).

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

VMID=2102
IP="${RPC_CORE_2:-192.168.11.212}"
HOST="${PROXMOX_ML110:-${PROXMOX_HOST_ML110:-192.168.11.10}}"
HOST_2101="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"
GATEWAY="${NETWORK_GATEWAY:-192.168.11.1}"
TEMPLATE="${TEMPLATE:-local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst}"
STORAGE="${STORAGE:-local-lvm}"
NETWORK="${NETWORK:-vmbr0}"
SSH_OPTS="-o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"

SKIP_CREATE=false
[[ "${1:-}" == "--skip-create" ]] && SKIP_CREATE=true

echo "=== RPC Core-2 (2102) — Create and setup ==="
echo "Host: $HOST | IP: $IP"
echo ""

if ! $SKIP_CREATE; then
  if ssh $SSH_OPTS root@$HOST "pct status $VMID 2>/dev/null" | grep -q running; then
    echo "Container $VMID already exists and is running. Use --skip-create to only install/config/start."
    read -p "Continue with create (will destroy existing)? [yN] " r
    [[ "${r,,}" != "y" ]] && exit 0
  fi
  if ssh $SSH_OPTS root@$HOST "pct list 2>/dev/null" | grep -q " $VMID "; then
    echo "Stopping and destroying existing $VMID..."
    ssh $SSH_OPTS root@$HOST "pct stop $VMID 2>/dev/null || true; pct destroy $VMID --purge 1" 2>/dev/null || true
    sleep 2
  fi
  echo "Creating CT $VMID..."
  ssh $SSH_OPTS root@$HOST "pct create $VMID $TEMPLATE --hostname besu-rpc-core-2 --memory 8192 --cores 2 --rootfs $STORAGE:100 --net0 name=eth0,bridge=$NETWORK,ip=$IP/24,gw=$GATEWAY --description 'Besu RPC Core-2 (Nathan, SFValley2)' --start 1 --onboot 1 --unprivileged 0"
  echo "Waiting for container to boot..."
  sleep 15
fi

echo "Pushing and running Besu install (RPC)..."
scp -q $SSH_OPTS "$PROJECT_ROOT/scripts/install-besu-in-ct-standalone.sh" root@$HOST:/tmp/
ssh $SSH_OPTS root@$HOST "pct push $VMID /tmp/install-besu-in-ct-standalone.sh /tmp/install-besu-in-ct-standalone.sh && pct exec $VMID -- env NODE_TYPE=rpc bash /tmp/install-besu-in-ct-standalone.sh" 2>/dev/null || {
  echo "Install may have failed; checking if Besu exists..."
  ssh $SSH_OPTS root@$HOST "pct exec $VMID -- test -x /opt/besu/bin/besu" || { echo "Besu not found in 2102. Aborting."; exit 1; }
}

echo "Fetching config and genesis from 2101..."
ssh $SSH_OPTS root@$HOST_2101 "pct exec 2101 -- cat /etc/besu/config-rpc-core.toml 2>/dev/null || pct exec 2101 -- cat /etc/besu/config-rpc.toml 2>/dev/null" | sed "s/p2p-host = .*/p2p-host = \"$IP\"/" | sed "s/192\.168\.11\.211/$IP/g" > /tmp/config-rpc-2102.toml
ssh $SSH_OPTS root@$HOST_2101 "pct exec 2101 -- cat /etc/besu/genesis.json" > /tmp/genesis-2102.json

echo "Pushing config and genesis to 2102..."
scp -q $SSH_OPTS /tmp/config-rpc-2102.toml /tmp/genesis-2102.json root@$HOST:/tmp/
ssh $SSH_OPTS root@$HOST "pct push $VMID /tmp/config-rpc-2102.toml /tmp/config-rpc-2102.toml && pct push $VMID /tmp/genesis-2102.json /tmp/genesis-2102.json"
ssh $SSH_OPTS root@$HOST "pct exec $VMID -- bash -c 'cp /tmp/config-rpc-2102.toml /etc/besu/config-rpc.toml; cp /tmp/genesis-2102.json /etc/besu/genesis.json; chown -R besu:besu /etc/besu'"
# Fix paths and remove unsupported options (Besu 23.10): genesis/permissions/static in /etc/besu; drop rpc-ws-origins, tx-pool-min-score
ssh $SSH_OPTS root@$HOST "pct exec $VMID -- sed -i 's|genesis-file=.*|genesis-file=\"/etc/besu/genesis.json\"|; s|permissions-nodes-config-file=.*|permissions-nodes-config-file=\"/etc/besu/permissions-nodes.toml\"|; s|static-nodes-file=.*|static-nodes-file=\"/etc/besu/static-nodes.json\"|; /^rpc-ws-origins/d; /^tx-pool-min-score/d' /etc/besu/config-rpc.toml"

echo "Pushing node lists to 2102..."
scp -q $SSH_OPTS "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json" "$PROJECT_ROOT/config/besu-node-lists/permissions-nodes.toml" root@$HOST:/tmp/
ssh $SSH_OPTS root@$HOST "pct push $VMID /tmp/static-nodes.json /tmp/static-nodes.json && pct push $VMID /tmp/permissions-nodes.toml /tmp/permissions-nodes.toml"
ssh $SSH_OPTS root@$HOST "pct exec $VMID -- bash -c 'cp /tmp/static-nodes.json /tmp/permissions-nodes.toml /etc/besu/; chown besu:besu /etc/besu/static-nodes.json /etc/besu/permissions-nodes.toml'"

echo "Starting besu-rpc in 2102..."
ssh $SSH_OPTS root@$HOST "pct exec $VMID -- systemctl enable besu-rpc.service; pct exec $VMID -- systemctl start besu-rpc.service"

echo "Waiting for RPC to respond (up to 90s)..."
for i in $(seq 1 18); do
  if ssh $SSH_OPTS root@$HOST "pct exec $VMID -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545 2>/dev/null" | grep -q '"enode"'; then
    break
  fi
  sleep 5
done

ENODE=$(ssh $SSH_OPTS root@$HOST "pct exec $VMID -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545 2>/dev/null" | jq -r '.result.enode // empty' 2>/dev/null)
if [[ -z "$ENODE" ]]; then
  ENODE=$(ssh $SSH_OPTS root@$HOST "pct exec $VMID -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545 2>/dev/null" | grep -o '"enode":"[^"]*"' | cut -d'"' -f4)
fi
if [[ -n "$ENODE" ]]; then
  # Ensure IP in enode is .212
  ENODE=$(echo "$ENODE" | sed "s/@[0-9.]*:/@$IP:/")
  echo "Enode for 2102: $ENODE"
  echo "Adding to config/besu-node-lists and redeploying..."
  # Add to static-nodes.json
  jq --arg e "$ENODE" '. + [$e]' "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json" > /tmp/static-nodes-2102.json && mv /tmp/static-nodes-2102.json "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json"
  # Add to permissions-nodes.toml (comma on last entry, then new enode before ])
  PERMS="$PROJECT_ROOT/config/besu-node-lists/permissions-nodes.toml"
  sed -i 's/@192.168.11.241:30303"$/@192.168.11.241:30303",/' "$PERMS"
  sed -i '/^]$/i\  "'"$ENODE"'"' "$PERMS"
  # Deploy to all nodes including 2102
  BESU_VMIDS_EXTRA=(2102)
  export BESU_VMIDS_EXTRA
  "$PROJECT_ROOT/scripts/deploy-besu-node-lists-to-all.sh" 2>/dev/null || true
  # Deploy script may not include 2102 in default list; push directly
  scp -q $SSH_OPTS "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json" "$PROJECT_ROOT/config/besu-node-lists/permissions-nodes.toml" root@$HOST:/tmp/
  ssh $SSH_OPTS root@$HOST "pct exec $VMID -- bash -c 'cp /tmp/static-nodes.json /tmp/permissions-nodes.toml /etc/besu/; chown besu:besu /etc/besu/static-nodes.json /etc/besu/permissions-nodes.toml'"
  echo "2102 enode added to canonical lists and deployed to 2102."
else
  echo "Could not get enode from 2102 yet. Once RPC is up, run:"
  echo "  curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://$IP:8545 | jq -r '.result.enode'"
  echo "Then add that enode to config/besu-node-lists/static-nodes.json and permissions-nodes.toml and run: ./scripts/deploy-besu-node-lists-to-all.sh"
fi

echo ""
echo "=== Next: SFValley2 tunnel (manual) ==="
echo "See: docs/04-configuration/cloudflare/RPC_CORE_2_NATHAN_SFVALLEY2_TUNNEL.md"
echo "1. Create tunnel SFValley2 in Zero Trust, install connector with token."
echo "2. Add Public Hostname (e.g. rpc-core-2.d-bis.org) -> https://192.168.11.169:443 (third NPMplus, same as Alltra/HYBX) or http://$IP:8545."
echo "3. In third NPMplus (192.168.11.169:81) add Proxy Host for that domain -> $IP:8545."
echo "4. Create DNS CNAME for hostname -> <tunnel-id>.cfargotunnel.com."
echo "Done."
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-12 15:46:57 -08:00			`#!/usr/bin/env bash`
			`# Create LXC 2102 (besu-rpc-core-2), install Besu RPC, push config/genesis/node lists, start service.`
			`# Then collect enode, add to config/besu-node-lists, and run deploy. SFValley2 tunnel is manual (see doc).`
			`#`
			`# Usage: ./scripts/create-and-setup-rpc-core-2-2102.sh [--skip-create]`
			`# --skip-create Skip pct create (container already exists).`

			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"`
			`source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null \|\| true`

			`VMID=2102`
			`IP="${RPC_CORE_2:-192.168.11.212}"`
			`HOST="${PROXMOX_ML110:-${PROXMOX_HOST_ML110:-192.168.11.10}}"`
			`HOST_2101="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"`
			`GATEWAY="${NETWORK_GATEWAY:-192.168.11.1}"`
			`TEMPLATE="${TEMPLATE:-local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst}"`
			`STORAGE="${STORAGE:-local-lvm}"`
			`NETWORK="${NETWORK:-vmbr0}"`
			`SSH_OPTS="-o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"`

			`SKIP_CREATE=false`
			`[[ "${1:-}" == "--skip-create" ]] && SKIP_CREATE=true`

			`echo "=== RPC Core-2 (2102) — Create and setup ==="`
			`echo "Host: $HOST \| IP: $IP"`
			`echo ""`

			`if ! $SKIP_CREATE; then`
			`if ssh $SSH_OPTS root@$HOST "pct status $VMID 2>/dev/null" \| grep -q running; then`
			`echo "Container $VMID already exists and is running. Use --skip-create to only install/config/start."`
			`read -p "Continue with create (will destroy existing)? [yN] " r`
			`[[ "${r,,}" != "y" ]] && exit 0`
			`fi`
			`if ssh $SSH_OPTS root@$HOST "pct list 2>/dev/null" \| grep -q " $VMID "; then`
			`echo "Stopping and destroying existing $VMID..."`
			`ssh $SSH_OPTS root@$HOST "pct stop $VMID 2>/dev/null \|\| true; pct destroy $VMID --purge 1" 2>/dev/null \|\| true`
			`sleep 2`
			`fi`
			`echo "Creating CT $VMID..."`
			`ssh $SSH_OPTS root@$HOST "pct create $VMID $TEMPLATE --hostname besu-rpc-core-2 --memory 8192 --cores 2 --rootfs $STORAGE:100 --net0 name=eth0,bridge=$NETWORK,ip=$IP/24,gw=$GATEWAY --description 'Besu RPC Core-2 (Nathan, SFValley2)' --start 1 --onboot 1 --unprivileged 0"`
			`echo "Waiting for container to boot..."`
			`sleep 15`
			`fi`

			`echo "Pushing and running Besu install (RPC)..."`
			`scp -q $SSH_OPTS "$PROJECT_ROOT/scripts/install-besu-in-ct-standalone.sh" root@$HOST:/tmp/`
			`ssh $SSH_OPTS root@$HOST "pct push $VMID /tmp/install-besu-in-ct-standalone.sh /tmp/install-besu-in-ct-standalone.sh && pct exec $VMID -- env NODE_TYPE=rpc bash /tmp/install-besu-in-ct-standalone.sh" 2>/dev/null \|\| {`
			`echo "Install may have failed; checking if Besu exists..."`
			`ssh $SSH_OPTS root@$HOST "pct exec $VMID -- test -x /opt/besu/bin/besu" \|\| { echo "Besu not found in 2102. Aborting."; exit 1; }`
			`}`

			`echo "Fetching config and genesis from 2101..."`
			`ssh $SSH_OPTS root@$HOST_2101 "pct exec 2101 -- cat /etc/besu/config-rpc-core.toml 2>/dev/null \|\| pct exec 2101 -- cat /etc/besu/config-rpc.toml 2>/dev/null" \| sed "s/p2p-host = .*/p2p-host = \"$IP\"/" \| sed "s/192\.168\.11\.211/$IP/g" > /tmp/config-rpc-2102.toml`
			`ssh $SSH_OPTS root@$HOST_2101 "pct exec 2101 -- cat /etc/besu/genesis.json" > /tmp/genesis-2102.json`

			`echo "Pushing config and genesis to 2102..."`
			`scp -q $SSH_OPTS /tmp/config-rpc-2102.toml /tmp/genesis-2102.json root@$HOST:/tmp/`
			`ssh $SSH_OPTS root@$HOST "pct push $VMID /tmp/config-rpc-2102.toml /tmp/config-rpc-2102.toml && pct push $VMID /tmp/genesis-2102.json /tmp/genesis-2102.json"`
			`ssh $SSH_OPTS root@$HOST "pct exec $VMID -- bash -c 'cp /tmp/config-rpc-2102.toml /etc/besu/config-rpc.toml; cp /tmp/genesis-2102.json /etc/besu/genesis.json; chown -R besu:besu /etc/besu'"`
			`# Fix paths and remove unsupported options (Besu 23.10): genesis/permissions/static in /etc/besu; drop rpc-ws-origins, tx-pool-min-score`
			`ssh $SSH_OPTS root@$HOST "pct exec $VMID -- sed -i 's\|genesis-file=.\|genesis-file=\"/etc/besu/genesis.json\"\|; s\|permissions-nodes-config-file=.\|permissions-nodes-config-file=\"/etc/besu/permissions-nodes.toml\"\|; s\|static-nodes-file=.*\|static-nodes-file=\"/etc/besu/static-nodes.json\"\|; /^rpc-ws-origins/d; /^tx-pool-min-score/d' /etc/besu/config-rpc.toml"`

			`echo "Pushing node lists to 2102..."`
			`scp -q $SSH_OPTS "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json" "$PROJECT_ROOT/config/besu-node-lists/permissions-nodes.toml" root@$HOST:/tmp/`
			`ssh $SSH_OPTS root@$HOST "pct push $VMID /tmp/static-nodes.json /tmp/static-nodes.json && pct push $VMID /tmp/permissions-nodes.toml /tmp/permissions-nodes.toml"`
			`ssh $SSH_OPTS root@$HOST "pct exec $VMID -- bash -c 'cp /tmp/static-nodes.json /tmp/permissions-nodes.toml /etc/besu/; chown besu:besu /etc/besu/static-nodes.json /etc/besu/permissions-nodes.toml'"`

			`echo "Starting besu-rpc in 2102..."`
			`ssh $SSH_OPTS root@$HOST "pct exec $VMID -- systemctl enable besu-rpc.service; pct exec $VMID -- systemctl start besu-rpc.service"`

			`echo "Waiting for RPC to respond (up to 90s)..."`
			`for i in $(seq 1 18); do`
			`if ssh $SSH_OPTS root@$HOST "pct exec $VMID -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545 2>/dev/null" \| grep -q '"enode"'; then`
			`break`
			`fi`
			`sleep 5`
			`done`

			`ENODE=$(ssh $SSH_OPTS root@$HOST "pct exec $VMID -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545 2>/dev/null" \| jq -r '.result.enode // empty' 2>/dev/null)`
			`if [[ -z "$ENODE" ]]; then`
			`ENODE=$(ssh $SSH_OPTS root@$HOST "pct exec $VMID -- curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://127.0.0.1:8545 2>/dev/null" \| grep -o '"enode":"[^"]*"' \| cut -d'"' -f4)`
			`fi`
			`if [[ -n "$ENODE" ]]; then`
			`# Ensure IP in enode is .212`
			`ENODE=$(echo "$ENODE" \| sed "s/@[0-9.]*:/@$IP:/")`
			`echo "Enode for 2102: $ENODE"`
			`echo "Adding to config/besu-node-lists and redeploying..."`
			`# Add to static-nodes.json`
			`jq --arg e "$ENODE" '. + [$e]' "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json" > /tmp/static-nodes-2102.json && mv /tmp/static-nodes-2102.json "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json"`
			`# Add to permissions-nodes.toml (comma on last entry, then new enode before ])`
			`PERMS="$PROJECT_ROOT/config/besu-node-lists/permissions-nodes.toml"`
			`sed -i 's/@192.168.11.241:30303"$/@192.168.11.241:30303",/' "$PERMS"`
			`sed -i '/^]$/i\ "'"$ENODE"'"' "$PERMS"`
			`# Deploy to all nodes including 2102`
			`BESU_VMIDS_EXTRA=(2102)`
			`export BESU_VMIDS_EXTRA`
			`"$PROJECT_ROOT/scripts/deploy-besu-node-lists-to-all.sh" 2>/dev/null \|\| true`
			`# Deploy script may not include 2102 in default list; push directly`
			`scp -q $SSH_OPTS "$PROJECT_ROOT/config/besu-node-lists/static-nodes.json" "$PROJECT_ROOT/config/besu-node-lists/permissions-nodes.toml" root@$HOST:/tmp/`
			`ssh $SSH_OPTS root@$HOST "pct exec $VMID -- bash -c 'cp /tmp/static-nodes.json /tmp/permissions-nodes.toml /etc/besu/; chown besu:besu /etc/besu/static-nodes.json /etc/besu/permissions-nodes.toml'"`
			`echo "2102 enode added to canonical lists and deployed to 2102."`
			`else`
			`echo "Could not get enode from 2102 yet. Once RPC is up, run:"`
			`echo " curl -s -X POST -H 'Content-Type: application/json' --data '{\"jsonrpc\":\"2.0\",\"method\":\"admin_nodeInfo\",\"params\":[],\"id\":1}' http://$IP:8545 \| jq -r '.result.enode'"`
			`echo "Then add that enode to config/besu-node-lists/static-nodes.json and permissions-nodes.toml and run: ./scripts/deploy-besu-node-lists-to-all.sh"`
			`fi`

			`echo ""`
			`echo "=== Next: SFValley2 tunnel (manual) ==="`
			`echo "See: docs/04-configuration/cloudflare/RPC_CORE_2_NATHAN_SFVALLEY2_TUNNEL.md"`
			`echo "1. Create tunnel SFValley2 in Zero Trust, install connector with token."`
			`echo "2. Add Public Hostname (e.g. rpc-core-2.d-bis.org) -> https://192.168.11.169:443 (third NPMplus, same as Alltra/HYBX) or http://$IP:8545."`
			`echo "3. In third NPMplus (192.168.11.169:81) add Proxy Host for that domain -> $IP:8545."`
			`echo "4. Create DNS CNAME for hostname -> <tunnel-id>.cfargotunnel.com."`
			`echo "Done."`