292 lines
11 KiB
Bash
Executable File
292 lines
11 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Deploy the three selected DBIS RTGS first-slice sidecars to their LXC targets.
|
|
# Usage:
|
|
# ./scripts/deployment/deploy-dbis-rtgs-first-slice-sidecars.sh [--dry-run]
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
|
|
if [[ -f "$PROJECT_ROOT/omnl-fineract/.env" ]]; then
|
|
set +u
|
|
# shellcheck source=/dev/null
|
|
source "$PROJECT_ROOT/omnl-fineract/.env"
|
|
set -u
|
|
fi
|
|
|
|
HOST="${PROXMOX_HOST_R630_02:-192.168.11.12}"
|
|
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o StrictHostKeyChecking=accept-new"
|
|
|
|
SCSM_JAR="/home/intlc/projects/HYBX_Sidecars/mifos-fineract-sidecar/scsm-app/target/scsm-app-1.0.0-SNAPSHOT.jar"
|
|
FUNDS_JAR="/home/intlc/projects/HYBX_Sidecars/server-funds-sidecar/funds-app/target/funds-app-1.0.0-SNAPSHOT.jar"
|
|
XAU_JAR="/home/intlc/projects/HYBX_Sidecars/off-ledger-2-on-ledger-sidecar/target/off-ledger-2-on-ledger-sidecar-0.1.0-SNAPSHOT.jar"
|
|
|
|
SCSM_FINERACT_BASE_URL="${SCSM_FINERACT_BASE_URL:-${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}}"
|
|
SCSM_FINERACT_TENANT="${SCSM_FINERACT_TENANT:-${OMNL_FINERACT_TENANT:-omnl}}"
|
|
SCSM_FINERACT_USERNAME="${SCSM_FINERACT_USERNAME:-${OMNL_FINERACT_USER:-}}"
|
|
SCSM_FINERACT_PASSWORD="${SCSM_FINERACT_PASSWORD:-${OMNL_FINERACT_PASSWORD:-}}"
|
|
|
|
FUNDS_FINERACT_BASE_URL="${FUNDS_FINERACT_BASE_URL:-${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}}"
|
|
FUNDS_FINERACT_TENANT="${FUNDS_FINERACT_TENANT:-${OMNL_FINERACT_TENANT:-omnl}}"
|
|
FUNDS_FINERACT_USERNAME="${FUNDS_FINERACT_USERNAME:-${OMNL_FINERACT_USER:-}}"
|
|
FUNDS_FINERACT_PASSWORD="${FUNDS_FINERACT_PASSWORD:-${OMNL_FINERACT_PASSWORD:-}}"
|
|
FUNDS_FINERACT_OFFICE_ID="${FUNDS_FINERACT_OFFICE_ID:-1}"
|
|
FUNDS_DEFAULT_DEBIT_GL_ID="${FUNDS_DEFAULT_DEBIT_GL_ID:-24}"
|
|
FUNDS_DEFAULT_CREDIT_GL_ID="${FUNDS_DEFAULT_CREDIT_GL_ID:-3}"
|
|
|
|
XAU_FINERACT_BASE_URL="${XAU_FINERACT_BASE_URL:-${OMNL_FINERACT_BASE_URL:-http://192.168.11.85:8080/fineract-provider/api/v1}}"
|
|
XAU_FINERACT_TENANT="${XAU_FINERACT_TENANT:-${OMNL_FINERACT_TENANT:-omnl}}"
|
|
XAU_FINERACT_USERNAME="${XAU_FINERACT_USERNAME:-${OMNL_FINERACT_USER:-}}"
|
|
XAU_FINERACT_PASSWORD="${XAU_FINERACT_PASSWORD:-${OMNL_FINERACT_PASSWORD:-}}"
|
|
XAU_FINERACT_OFFICE_ID="${XAU_FINERACT_OFFICE_ID:-1}"
|
|
XAU_FEED_URL="${XAU_FEED_URL:-}"
|
|
XAU_STUB_PRICE="${XAU_STUB_PRICE:-2000}"
|
|
XAU_GL_GOLD_COLLATERAL_ENCUMBERED="${XAU_GL_GOLD_COLLATERAL_ENCUMBERED:-7}"
|
|
XAU_GL_GOLD_COLLATERAL_FREE="${XAU_GL_GOLD_COLLATERAL_FREE:-1}"
|
|
XAU_GL_OFF_LEDGER_SETTLEMENT_CLEARING="${XAU_GL_OFF_LEDGER_SETTLEMENT_CLEARING:-14}"
|
|
XAU_GL_BORROWER_RECEIVABLE="${XAU_GL_BORROWER_RECEIVABLE:-24}"
|
|
XAU_GL_TEMPORARY_CREDIT_ISSUED="${XAU_GL_TEMPORARY_CREDIT_ISSUED:-3}"
|
|
XAU_GL_TEMPORARY_DEBT_PAYABLE="${XAU_GL_TEMPORARY_DEBT_PAYABLE:-25}"
|
|
XAU_GL_CONVERSION_CONTROL_SUSPENSE="${XAU_GL_CONVERSION_CONTROL_SUSPENSE:-5}"
|
|
CHAIN138_SETTLEMENT_PRIVATE_KEY="${CHAIN138_SETTLEMENT_PRIVATE_KEY:-${PRIVATE_KEY:-}}"
|
|
CHAIN138_SETTLEMENT_WAIT_FOR_RECEIPT="${CHAIN138_SETTLEMENT_WAIT_FOR_RECEIPT:-false}"
|
|
CHAIN138_SETTLEMENT_MERCHANT_ADDRESS="${CHAIN138_SETTLEMENT_MERCHANT_ADDRESS:-}"
|
|
if [[ -z "$CHAIN138_SETTLEMENT_MERCHANT_ADDRESS" && -n "$CHAIN138_SETTLEMENT_PRIVATE_KEY" ]] && command -v cast >/dev/null 2>&1; then
|
|
CHAIN138_SETTLEMENT_MERCHANT_ADDRESS="$(cast wallet address "$CHAIN138_SETTLEMENT_PRIVATE_KEY" 2>/dev/null || true)"
|
|
fi
|
|
|
|
DRY_RUN=false
|
|
if [[ "${1:-}" == "--dry-run" ]]; then
|
|
DRY_RUN=true
|
|
fi
|
|
|
|
TARGETS="${TARGETS:-scsm,funds,xau}"
|
|
|
|
require_file() {
|
|
local path="$1"
|
|
if [[ ! -f "$path" ]]; then
|
|
echo "Missing required artifact: $path" >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
require_file "$SCSM_JAR"
|
|
require_file "$FUNDS_JAR"
|
|
require_file "$XAU_JAR"
|
|
|
|
run_remote() {
|
|
local vmid="$1"
|
|
local cmd="$2"
|
|
if $DRY_RUN; then
|
|
echo "[DRY-RUN][CT $vmid] $cmd"
|
|
else
|
|
ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- bash -lc $(printf '%q' "$cmd")"
|
|
fi
|
|
}
|
|
|
|
target_enabled() {
|
|
local want="$1"
|
|
[[ ",$TARGETS," == *",$want,"* ]]
|
|
}
|
|
|
|
wait_for_health() {
|
|
local vmid="$1"
|
|
local url="$2"
|
|
local out_file="$3"
|
|
local attempts="${4:-20}"
|
|
local sleep_seconds="${5:-2}"
|
|
local cmd="for i in \$(seq 1 $attempts); do if curl -sf \"$url\" > \"$out_file\"; then cat \"$out_file\"; exit 0; fi; sleep $sleep_seconds; done; exit 7"
|
|
run_remote "$vmid" "$cmd"
|
|
}
|
|
|
|
push_file() {
|
|
local vmid="$1"
|
|
local src="$2"
|
|
local dest="$3"
|
|
if $DRY_RUN; then
|
|
echo "[DRY-RUN][CT $vmid] copy $src -> $dest"
|
|
else
|
|
ssh $SSH_OPTS "root@$HOST" "pct exec $vmid -- mkdir -p $(dirname "$dest")"
|
|
ssh $SSH_OPTS "root@$HOST" "cat > /tmp/$(basename "$dest")" < "$src"
|
|
ssh $SSH_OPTS "root@$HOST" "pct push $vmid /tmp/$(basename "$dest") $dest >/dev/null && rm -f /tmp/$(basename "$dest")"
|
|
fi
|
|
}
|
|
|
|
setup_base_runtime() {
|
|
local vmid="$1"
|
|
run_remote "$vmid" "export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y openjdk-21-jre-headless redis-server curl ca-certificates"
|
|
run_remote "$vmid" "systemctl enable redis-server --now"
|
|
}
|
|
|
|
deploy_scsm() {
|
|
local vmid=5802
|
|
setup_base_runtime "$vmid"
|
|
push_file "$vmid" "$SCSM_JAR" "/opt/dbis-rtgs/scsm/scsm-app.jar"
|
|
local envfile unit
|
|
envfile="$(mktemp)"
|
|
cat > "$envfile" <<EOF
|
|
SERVER_PORT=8080
|
|
DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/scsm/scsm;DB_CLOSE_ON_EXIT=FALSE
|
|
DB_USER=sa
|
|
DB_PASSWORD=
|
|
REDIS_HOST=127.0.0.1
|
|
REDIS_PORT=6379
|
|
KAFKA_BOOTSTRAP_SERVERS=
|
|
SCSM_KAFKA_ENABLED=false
|
|
FINERACT_BASE_URL=${SCSM_FINERACT_BASE_URL}
|
|
FINERACT_TENANT=${SCSM_FINERACT_TENANT}
|
|
FINERACT_USERNAME=${SCSM_FINERACT_USERNAME}
|
|
FINERACT_PASSWORD=${SCSM_FINERACT_PASSWORD}
|
|
FINERACT_OFFICE_ID=1
|
|
EOF
|
|
push_file "$vmid" "$envfile" "/etc/dbis-rtgs/scsm.env"
|
|
rm -f "$envfile"
|
|
unit="$(mktemp)"
|
|
cat > "$unit" <<'EOF'
|
|
[Unit]
|
|
Description=DBIS RTGS SCSM sidecar
|
|
After=network-online.target redis-server.service
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
User=root
|
|
WorkingDirectory=/opt/dbis-rtgs/scsm
|
|
EnvironmentFile=/etc/dbis-rtgs/scsm.env
|
|
ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/scsm/scsm-app.jar
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-scsm.service"
|
|
rm -f "$unit"
|
|
run_remote "$vmid" "mkdir -p /var/lib/dbis-rtgs/scsm /opt/dbis-rtgs/scsm /etc/dbis-rtgs && systemctl daemon-reload && systemctl enable dbis-rtgs-scsm && systemctl restart dbis-rtgs-scsm"
|
|
wait_for_health "$vmid" "http://127.0.0.1:8080/actuator/health" "/tmp/scsm-health.json"
|
|
}
|
|
|
|
deploy_funds() {
|
|
local vmid=5803
|
|
setup_base_runtime "$vmid"
|
|
push_file "$vmid" "$FUNDS_JAR" "/opt/dbis-rtgs/funds/funds-app.jar"
|
|
local envfile unit
|
|
envfile="$(mktemp)"
|
|
cat > "$envfile" <<EOF
|
|
SERVER_PORT=8080
|
|
DB_URL=jdbc:h2:file:/var/lib/dbis-rtgs/funds/funds;DB_CLOSE_ON_EXIT=FALSE
|
|
DB_USER=sa
|
|
DB_PASSWORD=
|
|
REDIS_HOST=127.0.0.1
|
|
REDIS_PORT=6379
|
|
KAFKA_BOOTSTRAP_SERVERS=
|
|
SPRING_AUTOCONFIGURE_EXCLUDE=org.springframework.boot.autoconfigure.kafka.KafkaAutoConfiguration
|
|
FINERACT_BASE_URL=${FUNDS_FINERACT_BASE_URL}
|
|
FINERACT_TENANT=${FUNDS_FINERACT_TENANT}
|
|
FINERACT_USERNAME=${FUNDS_FINERACT_USERNAME}
|
|
FINERACT_PASSWORD=${FUNDS_FINERACT_PASSWORD}
|
|
FINERACT_OFFICE_ID=${FUNDS_FINERACT_OFFICE_ID}
|
|
FINERACT_DEFAULT_DEBIT_GL_ID=${FUNDS_DEFAULT_DEBIT_GL_ID}
|
|
FINERACT_DEFAULT_CREDIT_GL_ID=${FUNDS_DEFAULT_CREDIT_GL_ID}
|
|
FUNDS_KAFKA_ENABLED=false
|
|
EOF
|
|
push_file "$vmid" "$envfile" "/etc/dbis-rtgs/funds.env"
|
|
rm -f "$envfile"
|
|
unit="$(mktemp)"
|
|
cat > "$unit" <<'EOF'
|
|
[Unit]
|
|
Description=DBIS RTGS server-funds sidecar
|
|
After=network-online.target redis-server.service
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
User=root
|
|
WorkingDirectory=/opt/dbis-rtgs/funds
|
|
EnvironmentFile=/etc/dbis-rtgs/funds.env
|
|
ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/funds/funds-app.jar
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-funds.service"
|
|
rm -f "$unit"
|
|
run_remote "$vmid" "mkdir -p /var/lib/dbis-rtgs/funds /opt/dbis-rtgs/funds /etc/dbis-rtgs && systemctl daemon-reload && systemctl enable dbis-rtgs-funds && systemctl restart dbis-rtgs-funds"
|
|
wait_for_health "$vmid" "http://127.0.0.1:8080/actuator/health" "/tmp/funds-health.json"
|
|
}
|
|
|
|
deploy_xau() {
|
|
local vmid=5804
|
|
setup_base_runtime "$vmid"
|
|
push_file "$vmid" "$XAU_JAR" "/opt/dbis-rtgs/xau/off-ledger-2-on-ledger-sidecar.jar"
|
|
local envfile unit
|
|
envfile="$(mktemp)"
|
|
cat > "$envfile" <<EOF
|
|
SERVER_PORT=8080
|
|
FINERACT_BASE_URL=${XAU_FINERACT_BASE_URL}
|
|
FINERACT_TENANT=${XAU_FINERACT_TENANT}
|
|
FINERACT_USERNAME=${XAU_FINERACT_USERNAME}
|
|
FINERACT_PASSWORD=${XAU_FINERACT_PASSWORD}
|
|
FINERACT_OFFICE_ID=${XAU_FINERACT_OFFICE_ID}
|
|
XAU_FINERACT_ENABLED=true
|
|
XAU_FEED_URL=${XAU_FEED_URL}
|
|
XAU_STUB_PRICE=${XAU_STUB_PRICE}
|
|
GL_ASSETS_GOLD_COLLATERAL_ENCUMBERED=${XAU_GL_GOLD_COLLATERAL_ENCUMBERED}
|
|
GL_ASSETS_GOLD_COLLATERAL_FREE=${XAU_GL_GOLD_COLLATERAL_FREE}
|
|
GL_ASSETS_OFF_LEDGER_SETTLEMENT_CLEARING=${XAU_GL_OFF_LEDGER_SETTLEMENT_CLEARING}
|
|
GL_ASSETS_BORROWER_RECEIVABLE=${XAU_GL_BORROWER_RECEIVABLE}
|
|
GL_LIABILITIES_TEMPORARY_CREDIT_ISSUED=${XAU_GL_TEMPORARY_CREDIT_ISSUED}
|
|
GL_LIABILITIES_TEMPORARY_DEBT_PAYABLE=${XAU_GL_TEMPORARY_DEBT_PAYABLE}
|
|
GL_CONTROL_CONVERSION_CONTROL_SUSPENSE=${XAU_GL_CONVERSION_CONTROL_SUSPENSE}
|
|
JAVA_TOOL_OPTIONS=-Dgl.assets.goldCollateralEncumbered=${XAU_GL_GOLD_COLLATERAL_ENCUMBERED}\ -Dgl.assets.goldCollateralFree=${XAU_GL_GOLD_COLLATERAL_FREE}\ -Dgl.assets.offLedgerSettlementClearing=${XAU_GL_OFF_LEDGER_SETTLEMENT_CLEARING}\ -Dgl.assets.borrowerReceivable=${XAU_GL_BORROWER_RECEIVABLE}\ -Dgl.liabilities.temporaryCreditIssued=${XAU_GL_TEMPORARY_CREDIT_ISSUED}\ -Dgl.liabilities.temporaryDebtPayable=${XAU_GL_TEMPORARY_DEBT_PAYABLE}\ -Dgl.control.conversionControlSuspense=${XAU_GL_CONVERSION_CONTROL_SUSPENSE}
|
|
CHAIN138_SETTLEMENT_ENABLED=true
|
|
CHAIN138_RPC_URL=${CHAIN138_RPC_URL:-${RPC_URL_138:-}}
|
|
CHAIN138_SETTLEMENT_PRIVATE_KEY=${CHAIN138_SETTLEMENT_PRIVATE_KEY}
|
|
CHAIN138_SETTLEMENT_WAIT_FOR_RECEIPT=${CHAIN138_SETTLEMENT_WAIT_FOR_RECEIPT}
|
|
SETTLEMENT_REGISTRY_ADDRESS=${SETTLEMENT_REGISTRY_ADDRESS:-${MERCHANT_SETTLEMENT_REGISTRY:-}}
|
|
CHAIN138_SETTLEMENT_MERCHANT_ADDRESS=${CHAIN138_SETTLEMENT_MERCHANT_ADDRESS}
|
|
EOF
|
|
push_file "$vmid" "$envfile" "/etc/dbis-rtgs/xau.env"
|
|
rm -f "$envfile"
|
|
unit="$(mktemp)"
|
|
cat > "$unit" <<'EOF'
|
|
[Unit]
|
|
Description=DBIS RTGS XAU conversion sidecar
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
User=root
|
|
WorkingDirectory=/opt/dbis-rtgs/xau
|
|
EnvironmentFile=/etc/dbis-rtgs/xau.env
|
|
ExecStart=/usr/bin/java -jar /opt/dbis-rtgs/xau/off-ledger-2-on-ledger-sidecar.jar
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
push_file "$vmid" "$unit" "/etc/systemd/system/dbis-rtgs-xau.service"
|
|
rm -f "$unit"
|
|
run_remote "$vmid" "mkdir -p /opt/dbis-rtgs/xau /etc/dbis-rtgs && systemctl daemon-reload && systemctl enable dbis-rtgs-xau && systemctl restart dbis-rtgs-xau"
|
|
wait_for_health "$vmid" "http://127.0.0.1:8080/actuator/health" "/tmp/xau-health.json"
|
|
}
|
|
|
|
echo "=== Deploy DBIS RTGS first-slice sidecars ==="
|
|
echo "Host: $HOST"
|
|
echo
|
|
|
|
if target_enabled scsm; then
|
|
deploy_scsm
|
|
fi
|
|
if target_enabled funds; then
|
|
deploy_funds
|
|
fi
|
|
if target_enabled xau; then
|
|
deploy_xau
|
|
fi
|
|
|
|
echo
|
|
echo "Done."
|