fix(scripts): Besu fleet ops use load-project-env and scoped VMIDs

Prefer load-project-env over raw ip-addresses.conf; add --vmid/--apply patterns
and safer dry-run defaults across fix-all-besu, static-nodes reload, node-list
deploy, max-peers rollout, rolling upgrade, and permissions verification.

Made-with: Cursor

scripts/verify/verify-static-permissions-on-all-besu-nodes.sh

@@ -1,24 +1,65 @@
 #!/usr/bin/env bash
 # Confirm static-nodes.json and permissions-nodes.toml on each Besu node (deploy target: /etc/besu/).
-# Usage: bash scripts/verify/verify-static-permissions-on-all-besu-nodes.sh [--checksum]
+# Usage:
+#   bash scripts/verify/verify-static-permissions-on-all-besu-nodes.sh [--checksum]
+#   bash scripts/verify/verify-static-permissions-on-all-besu-nodes.sh --vmid 2301 [--checksum]
 #   --checksum: compare content hash to canonical (requires same files on all nodes).
 
 set -euo pipefail
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
-source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
+source "${PROJECT_ROOT}/scripts/lib/load-project-env.sh"
 
 STATIC_CANONICAL="${PROJECT_ROOT}/config/besu-node-lists/static-nodes.json"
 PERMS_CANONICAL="${PROJECT_ROOT}/config/besu-node-lists/permissions-nodes.toml"
 CHECKSUM=false
-[[ "${1:-}" = "--checksum" ]] && CHECKSUM=true
+TARGET_VMIDS=()
 
-# Same VMID -> host as deploy-besu-node-lists-to-all.sh
-declare -A HOST_BY_VMID
-for v in 1000 1001 1002 1500 1501 1502 2101 2420 2430 2440 2460 2470 2480; do HOST_BY_VMID[$v]="${PROXMOX_R630_01:-${PROXMOX_HOST_R630_01:-192.168.11.11}}"; done
-for v in 2201 2303 2305 2306 2307 2308 2401; do HOST_BY_VMID[$v]="${PROXMOX_R630_02:-${PROXMOX_HOST_R630_02:-192.168.11.12}}"; done
-for v in 1003 1004 1503 1504 1505 1506 1507 1508 1509 1510 2102 2301 2304 2400 2402 2403; do HOST_BY_VMID[$v]="${PROXMOX_R630_03:-${PROXMOX_HOST_R630_03:-192.168.11.13}}"; done
+usage() {
+  cat <<'EOF'
+Usage: bash scripts/verify/verify-static-permissions-on-all-besu-nodes.sh [--checksum] [--vmid <N>]
+
+Options:
+  --checksum   Compare remote content hash to canonical files
+  --vmid <N>   Limit to one VMID; repeatable
+EOF
+}
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --checksum)
+      CHECKSUM=true
+      shift
+      ;;
+    --vmid)
+      [[ $# -ge 2 ]] || { usage >&2; exit 2; }
+      TARGET_VMIDS+=("$2")
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "Unknown argument: $1" >&2
+      usage >&2
+      exit 2
+      ;;
+  esac
+done
+
+BESU_VMIDS=(1000 1001 1002 1003 1004 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 2101 2102 2201 2301 2303 2304 2305 2306 2307 2308 2400 2401 2402 2403 2420 2430 2440 2460 2470 2480)
+
+selected_vmid() {
+  local vmid="$1"
+  [[ ${#TARGET_VMIDS[@]} -eq 0 ]] && return 0
+  local wanted
+  for wanted in "${TARGET_VMIDS[@]}"; do
+    [[ "$vmid" == "$wanted" ]] && return 0
+  done
+  return 1
+}
 
 SSH_OPTS="-o ConnectTimeout=6 -o StrictHostKeyChecking=no"
 CANONICAL_STATIC_SUM=""
@@ -40,8 +81,9 @@ STATIC_PATH="/etc/besu/static-nodes.json"
 PERMS_PATH="/etc/besu/permissions-nodes.toml"
 
 FAIL=0
-for vmid in 1000 1001 1002 1003 1004 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 2101 2102 2201 2301 2303 2304 2305 2306 2307 2308 2400 2401 2402 2403 2420 2430 2440 2460 2470 2480; do
-  host="${HOST_BY_VMID[$vmid]:-}"
+for vmid in "${BESU_VMIDS[@]}"; do
+  selected_vmid "$vmid" || continue
+  host="$(get_host_for_vmid "$vmid")"
   [[ -z "$host" ]] && continue
   run=$(ssh $SSH_OPTS root@$host "pct exec $vmid -- bash -c 's=\"\"; p=\"\"; [ -f $STATIC_PATH ] && s=\"OK\" || s=\"MISSING\"; [ -f $PERMS_PATH ] && p=\"OK\" || p=\"MISSING\"; echo \"\$s \$p\"' 2>/dev/null" || echo "SKIP SKIP")
   if [[ "$run" =~ "SKIP" ]]; then