d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4f85e0bf0e59e78511998aefc5d2076ed13b0a14
proxmox/scripts/reconfigure-vault-network.sh.bak

266 lines
8.7 KiB
Bash
Raw Normal View History

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00
#!/bin/bash
# Reconfigure Vault Cluster to use 192.168.11.0/24 instead of VLAN 160
# Assigns IPs from main network without VLAN tagging
set -euo pipefail
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
log_error() { echo -e "${RED}[✗]${NC} $1"; }
# Configuration
PROXMOX_HOST_1="${PROXMOX_HOST_1:-192.168.11.11}"
PROXMOX_HOST_2="${PROXMOX_HOST_2:-192.168.11.12}"
# New IP assignments (using 192.168.11.0/24)
VAULT_NODE_1_VMID=8640
VAULT_NODE_1_IP="192.168.11.200"
VAULT_NODE_2_VMID=8641
VAULT_NODE_2_IP="192.168.11.215"
VAULT_NODE_3_VMID=8642
VAULT_NODE_3_IP="192.168.11.202"
GATEWAY="192.168.11.1"
echo "═══════════════════════════════════════════════════════════"
echo " Vault Cluster Network Reconfiguration"
echo "═══════════════════════════════════════════════════════════"
echo ""
log_info "Reconfiguring from VLAN 160 (10.160.0.x) to 192.168.11.0/24"
echo ""
# Function to reconfigure container network
reconfigure_node() {
local vmid=$1
local new_ip=$2
local proxmox_host=$3
local hostname=$4
log_info "Reconfiguring Node $vmid ($hostname) to $new_ip..."
# Stop container
log_info "Stopping container $vmid..."
ssh root@"$proxmox_host" "pct stop $vmid" || log_warn "Container may already be stopped"
sleep 2
# Get current network config
CURRENT_NET=$(ssh root@"$proxmox_host" "pct config $vmid | grep '^net0:'")
log_info "Current network: $CURRENT_NET"
# Reconfigure network (remove VLAN tag, use 192.168.11.0/24)
log_info "Updating network configuration..."
ssh root@"$proxmox_host" "pct set $vmid --net0 name=eth0,bridge=vmbr0,ip=$new_ip/24,gw=$GATEWAY" || {
log_error "Failed to update network configuration"
return 1
}
log_success "Network configuration updated for $vmid"
# Start container
log_info "Starting container $vmid..."
ssh root@"$proxmox_host" "pct start $vmid" || {
log_error "Failed to start container"
return 1
}
sleep 5
# Verify IP
ACTUAL_IP=$(ssh root@"$proxmox_host" "pct exec $vmid -- ip addr show eth0 | grep 'inet ' | awk '{print \$2}' | cut -d/ -f1")
if [ "$ACTUAL_IP" = "$new_ip" ]; then
log_success "IP verified: $new_ip"
else
log_warn "IP mismatch: expected $new_ip, got $ACTUAL_IP"
fi
return 0
}
# Phase 1: Reconfigure Network
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Phase 1: Reconfiguring Container Networks"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
reconfigure_node $VAULT_NODE_1_VMID $VAULT_NODE_1_IP $PROXMOX_HOST_1 "vault-phoenix-1"
reconfigure_node $VAULT_NODE_2_VMID $VAULT_NODE_2_IP $PROXMOX_HOST_2 "vault-phoenix-2"
reconfigure_node $VAULT_NODE_3_VMID $VAULT_NODE_3_IP $PROXMOX_HOST_1 "vault-phoenix-3"
echo ""
# Phase 2: Update Vault Configuration
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Phase 2: Updating Vault Configuration Files"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
# Node 1
log_info "Updating Vault config for Node 1..."
ssh root@"$PROXMOX_HOST_1" "pct exec $VAULT_NODE_1_VMID -- bash" << CONFIG_EOF
cat > /etc/vault.d/vault.hcl << VAULT_CONFIG
ui = true
disable_mlock = true
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "$VAULT_NODE_1_IP:8201"
tls_disable = 1
}
storage "raft" {
path = "/opt/vault/data"
node_id = "vault-phoenix-1"
retry_join {
leader_api_addr = "http://$VAULT_NODE_1_IP:8200"
}
retry_join {
leader_api_addr = "http://$VAULT_NODE_2_IP:8200"
}
retry_join {
leader_api_addr = "http://$VAULT_NODE_3_IP:8200"
}
}
api_addr = "http://$VAULT_NODE_1_IP:8200"
cluster_addr = "http://$VAULT_NODE_1_IP:8201"
log_level = "INFO"
log_file = "/var/log/vault/vault.log"
log_rotate_duration = "24h"
log_rotate_max_files = 30
VAULT_CONFIG
CONFIG_EOF
log_success "Node 1 configuration updated"
# Node 2
log_info "Updating Vault config for Node 2..."
ssh root@"$PROXMOX_HOST_2" "pct exec $VAULT_NODE_2_VMID -- bash" << CONFIG_EOF
cat > /etc/vault.d/vault.hcl << VAULT_CONFIG
ui = true
disable_mlock = true
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "$VAULT_NODE_2_IP:8201"
tls_disable = 1
}
storage "raft" {
path = "/opt/vault/data"
node_id = "vault-phoenix-2"
retry_join {
leader_api_addr = "http://$VAULT_NODE_1_IP:8200"
}
retry_join {
leader_api_addr = "http://$VAULT_NODE_2_IP:8200"
}
retry_join {
leader_api_addr = "http://$VAULT_NODE_3_IP:8200"
}
}
api_addr = "http://$VAULT_NODE_2_IP:8200"
cluster_addr = "http://$VAULT_NODE_2_IP:8201"
log_level = "INFO"
log_file = "/var/log/vault/vault.log"
log_rotate_duration = "24h"
log_rotate_max_files = 30
VAULT_CONFIG
CONFIG_EOF
log_success "Node 2 configuration updated"
# Node 3
log_info "Updating Vault config for Node 3..."
ssh root@"$PROXMOX_HOST_1" "pct exec $VAULT_NODE_3_VMID -- bash" << CONFIG_EOF
cat > /etc/vault.d/vault.hcl << VAULT_CONFIG
ui = true
disable_mlock = true
listener "tcp" {
address = "0.0.0.0:8200"
cluster_address = "$VAULT_NODE_3_IP:8201"
tls_disable = 1
}
storage "raft" {
path = "/opt/vault/data"
node_id = "vault-phoenix-3"
retry_join {
leader_api_addr = "http://$VAULT_NODE_1_IP:8200"
}
retry_join {
leader_api_addr = "http://$VAULT_NODE_2_IP:8200"
}
retry_join {
leader_api_addr = "http://$VAULT_NODE_3_IP:8200"
}
}
api_addr = "http://$VAULT_NODE_3_IP:8200"
cluster_addr = "http://$VAULT_NODE_3_IP:8201"
log_level = "INFO"
log_file = "/var/log/vault/vault.log"
log_rotate_duration = "24h"
log_rotate_max_files = 30
VAULT_CONFIG
CONFIG_EOF
log_success "Node 3 configuration updated"
echo ""
# Phase 3: Restart Vault Services
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Phase 3: Restarting Vault Services"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
log_info "Restarting Vault on all nodes..."
ssh root@"$PROXMOX_HOST_1" "pct exec $VAULT_NODE_1_VMID -- systemctl restart vault" && log_success "Node 1 restarted"
ssh root@"$PROXMOX_HOST_2" "pct exec $VAULT_NODE_2_VMID -- systemctl restart vault" && log_success "Node 2 restarted"
ssh root@"$PROXMOX_HOST_1" "pct exec $VAULT_NODE_3_VMID -- systemctl restart vault" && log_success "Node 3 restarted"
sleep 10
echo ""
# Phase 4: Verify Cluster
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Phase 4: Verifying Cluster Status"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
log_info "Checking cluster status..."
ssh root@"$PROXMOX_HOST_1" "pct exec $VAULT_NODE_1_VMID -- bash -c 'export VAULT_ADDR=http://127.0.0.1:8200 && vault status'" || log_warn "Could not get status"
echo ""
# Summary
echo "═══════════════════════════════════════════════════════════"
echo " Reconfiguration Summary"
echo "═══════════════════════════════════════════════════════════"
echo ""
log_success "Network reconfiguration complete!"
log_info "New IP assignments:"
log_info " Node 1 (vault-phoenix-1): $VAULT_NODE_1_IP"
log_info " Node 2 (vault-phoenix-2): $VAULT_NODE_2_IP"
log_info " Node 3 (vault-phoenix-3): $VAULT_NODE_3_IP"
echo ""
log_warn "Note: Nodes may need to be unsealed after restart"
log_info "Unseal keys are stored in: .secure/vault-credentials/"
echo ""
Reference in New Issue Copy Permalink