#!/usr/bin/env bash # Run all waves in maximum parallel mode per FULL_PARALLEL_EXECUTION_ORDER.md. # Wave 0 → Wave 1 (parallel within wave) → Wave 2 (parallel) → Wave 3 (parallel where possible). # # Usage: bash scripts/run-all-waves-parallel.sh [--dry-run] [--skip-wave0] [--skip-wave2] [--host PROXMOX_HOST] # --dry-run Print commands only; do not execute. # --skip-wave0 Skip Wave 0 (e.g. if already done or no LAN/SSH). # --skip-wave2 Skip Wave 2 (infra deploy; requires SSH to Proxmox). # --host HOST Proxmox host for Wave 0 and Wave 2 (default: 192.168.11.11 for NPMplus). set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" cd "$PROJECT_ROOT" [ -f .env ] && set +u && source .env 2>/dev/null; set -u [ -f config/ip-addresses.conf ] && source config/ip-addresses.conf 2>/dev/null || true DRY_RUN=false SKIP_WAVE0=false SKIP_WAVE2=false PROXMOX_HOST="${PROXMOX_HOST:-${PROXMOX_HOST_R630_01:-192.168.11.11}}" while [[ $# -gt 0 ]]; do case "$1" in --dry-run) DRY_RUN=true ;; --skip-wave0) SKIP_WAVE0=true ;; --skip-wave2) SKIP_WAVE2=true ;; --host) PROXMOX_HOST="${2:-$PROXMOX_HOST}"; shift ;; *) ;; esac shift done log() { echo -e "\033[0;34m[INFO]\033[0m $1"; } ok() { echo -e "\033[0;32m[✓]\033[0m $1"; } warn() { echo -e "\033[0;33m[⚠]\033[0m $1"; } err() { echo -e "\033[0;31m[✗]\033[0m $1"; } RUN_DIR=$(mktemp -d) cleanup() { rm -rf "$RUN_DIR"; } trap cleanup EXIT echo "" echo "═══════════════════════════════════════════════════════════════" echo " Run All Waves — Maximum Parallel Mode" echo " DRY_RUN=$DRY_RUN SKIP_WAVE0=$SKIP_WAVE0 SKIP_WAVE2=$SKIP_WAVE2 HOST=$PROXMOX_HOST" echo "═══════════════════════════════════════════════════════════════" echo "" # ---- Wave 0 ---- if [[ "$SKIP_WAVE0" != true ]]; then log "Wave 0: Gates (W0-1 RPC fix, W0-3 backup; W0-2 sendCrossChain run separately)" if [[ "$DRY_RUN" == true ]]; then echo " [DRY-RUN] bash scripts/run-via-proxmox-ssh.sh wave0 --host $PROXMOX_HOST" echo " [DRY-RUN] W0-2: bash scripts/bridge/run-send-cross-chain.sh [recipient] # omit --dry-run when ready" else if bash scripts/run-via-proxmox-ssh.sh wave0 --host "$PROXMOX_HOST" 2>&1; then ok "Wave 0 (W0-1, W0-3) done. W0-2: run run-send-cross-chain.sh without --dry-run when ready." else warn "Wave 0 failed (SSH or NPMplus unreachable?). Continue with Wave 1." fi fi echo "" fi # ---- Wave 1 (parallel) ---- log "Wave 1: Running automatable tasks in parallel..." W1_PIDS=() if [[ "$DRY_RUN" == true ]]; then echo " [DRY-RUN] scripts/security/secure-env-permissions.sh" echo " [DRY-RUN] scripts/maintenance/schedule-npmplus-backup-cron.sh --install" echo " [DRY-RUN] scripts/maintenance/schedule-daily-weekly-cron.sh --install" echo " [DRY-RUN] scripts/security/setup-ssh-key-auth.sh --dry-run" echo " [DRY-RUN] scripts/security/firewall-proxmox-8006.sh --dry-run" echo " [DRY-RUN] scripts/verify/run-shellcheck.sh --optional" echo " [DRY-RUN] scripts/validation/validate-config-files.sh (if exists)" else bash scripts/security/secure-env-permissions.sh >> "$RUN_DIR/w1-env.log" 2>&1 & W1_PIDS+=($!) bash scripts/maintenance/schedule-npmplus-backup-cron.sh --install >> "$RUN_DIR/w1-npmcron.log" 2>&1 & W1_PIDS+=($!) bash scripts/maintenance/schedule-daily-weekly-cron.sh --install >> "$RUN_DIR/w1-dailycron.log" 2>&1 & W1_PIDS+=($!) bash scripts/security/setup-ssh-key-auth.sh --dry-run >> "$RUN_DIR/w1-ssh.log" 2>&1 & W1_PIDS+=($!) bash scripts/security/firewall-proxmox-8006.sh --dry-run >> "$RUN_DIR/w1-fw.log" 2>&1 & W1_PIDS+=($!) bash scripts/verify/run-shellcheck.sh --optional >> "$RUN_DIR/w1-shellcheck.log" 2>&1 & W1_PIDS+=($!) [ -f scripts/validation/validate-config-files.sh ] && bash scripts/validation/validate-config-files.sh >> "$RUN_DIR/w1-validate.log" 2>&1 & W1_PIDS+=($!) for p in "${W1_PIDS[@]}"; do wait "$p" 2>/dev/null || true; done ok "Wave 1 parallel tasks finished. Check $RUN_DIR/w1-*.log for details." fi echo "" # ---- Wave 2 (parallel where scriptable) ---- if [[ "$SKIP_WAVE2" != true ]]; then log "Wave 2: Infra / deploy (W2-6: create missing 2506,2507,2508; others per runbook)" if [[ "$DRY_RUN" == true ]]; then echo " [DRY-RUN] create-missing-containers-2506-2508.sh (only 2506,2507,2508; requires SSH to $PROXMOX_HOST)" echo " [DRY-RUN] W2-1..W2-5, W2-7, W2-8: see docs/00-meta/WAVE2_WAVE3_OPERATOR_CHECKLIST.md" else if ssh -o ConnectTimeout=5 -o BatchMode=yes root@"$PROXMOX_HOST" "pct list >/dev/null 2>&1"; then export PROXMOX_HOST if bash scripts/create-missing-containers-2506-2508.sh 2>&1 | tee "$RUN_DIR/w2-create.log"; then ok "Wave 2 (W2-6 create 2506,2507,2508) finished." else warn "Wave 2 create script had errors (see w2-create.log). Other W2 tasks: runbooks." fi else warn "SSH to $PROXMOX_HOST failed. Skip W2-6. Run from host with Proxmox access." fi fi echo "" fi # ---- Wave 3 (runbook; no single script) ---- log "Wave 3: CCIP Fleet + Phase 4 tenant isolation (runbooks; after Wave 2)" if [[ "$DRY_RUN" == true ]]; then echo " [DRY-RUN] W3-1: CCIP Fleet deploy — docs/07-ccip/CCIP_DEPLOYMENT_SPEC.md" echo " [DRY-RUN] W3-2: Phase 4 tenant isolation — scripts/deployment/phase4-sovereign-tenants.sh" else echo " See docs/00-meta/FULL_PARALLEL_EXECUTION_ORDER.md § Wave 3 and WAVE2_WAVE3_OPERATOR_CHECKLIST.md" fi echo "" ok "All waves (scriptable parts) complete. Logs in $RUN_DIR (if Wave 1 ran)." echo ""