d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Add Oracle Aggregator and CCIP Integration

Browse Source 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
This commit is contained in:
defiQUG
2025-12-12 14:57:48 -08:00
parent a1466e4005
commit 1fb7266469
1720 changed files with 241279 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
scripts/.fix_quotes.awk Normal file
View File

@@ -0,0 +1,15 @@
{
line=$0
match(line, /"/)
# Only process likely logging/echo lines to reduce risk
if ($0 ~ /(^|[[:space:]])(echo|log_info|log_warn|log_error|log_success|info|warn|log|section)/) {
n = gsub(/"/, "\"", line)
if (n % 2 == 1) {
print $0"\""
} else {
print $0
}
} else {
print $0
}
}

218
scripts/CONSOLIDATION_COMPLETE.md Normal file
View File

@@ -0,0 +1,218 @@
# Script Consolidation Complete
## ✅ Completed Consolidations
### 1. Monitor Scripts (9 → 1 script)
**Consolidated into**: `scripts/deployment/monitor-deployment-consolidated.sh`
**Replaced scripts**:
- `monitor-deployment.sh`
- `monitor-and-complete.sh`
- `monitor-and-fix.sh`
- `monitor-continuous.sh`
- `monitor-deployment-live.sh`
- `live-monitor.sh`
- `continuous-monitor.sh`
- `monitor-36-region-deployment.sh`
- `deployment-dashboard.sh`
**Features**:
- Multiple modes: `status`, `continuous`, `live`, `complete`, `fix`, `dashboard`
- Configurable intervals and max checks
- Uses common libraries for consistent logging and error handling
**Usage**:
```bash
# Quick status check
./scripts/deployment/monitor-deployment-consolidated.sh
# Continuous monitoring
./scripts/deployment/monitor-deployment-consolidated.sh --mode continuous
# Live updates
./scripts/deployment/monitor-deployment-consolidated.sh --mode live --interval 10
# Dashboard view
./scripts/deployment/monitor-deployment-consolidated.sh --mode dashboard
```
### 2. Parallel Deployment Scripts (11 → 1 script)
**Consolidated into**: `scripts/deployment/deploy-parallel-consolidated.sh`
**Replaced scripts**:
- `deploy-parallel.sh`
- `deploy-all-parallel.sh`
- `deploy-besu-parallel.sh`
- `deploy-max-parallel.sh`
- `deploy-ultra-parallel.sh`
- `deploy-besu-max-parallel.sh`
- `deploy-monitoring-parallel.sh`
- `configure-kubernetes-parallel.sh`
- `configure-kubernetes-max-parallel.sh`
- `deploy-contracts-parallel.sh`
- `verify-all-clusters-parallel.sh`
- `verify-all-max-parallel.sh`
**Features**:
- Multiple resource types: `infrastructure`, `kubernetes`, `besu`, `monitoring`, `contracts`, `verify`
- Configurable parallelism
- Region selection support
- Uses common libraries
**Usage**:
```bash
# Deploy infrastructure to all regions
./scripts/deployment/deploy-parallel-consolidated.sh --resource infrastructure
# Deploy Besu network
./scripts/deployment/deploy-parallel-consolidated.sh --resource besu --parallelism 24
# Deploy to specific regions
./scripts/deployment/deploy-parallel-consolidated.sh --regions westeurope,northeurope
```
### 3. Cost Calculation Scripts (12 → 1 script + library)
**Consolidated into**:
- Library: `scripts/lib/deployment/costs.sh`
- Script: `scripts/deployment/calculate-costs-consolidated.sh`
**Replaced scripts**:
- `calculate-accurate-costs.sh`
- `calculate-accurate-deployment-costs.sh`
- `calculate-conservative-costs.sh`
- `calculate-contract-deployment-costs.sh`
- `calculate-gas-fees.sh`
- `update-all-cost-estimates.sh`
- `update-cost-estimates.sh`
- `finalize-cost-estimates.sh`
- `get-accurate-gas-price.sh`
- `get-conservative-gas-price.sh`
- `get-mainnet-gas-prices.sh`
- `get-real-gas-prices.sh`
- `test-etherscan-gas-api.sh`
**Features**:
- Multiple gas price sources: `auto`, `rpc`, `infura`, `default`, `conservative`
- Multiple gas types: `deployment`, `configuration`, `total`, `custom`
- Multiple output formats: `table`, `json`, `csv`
- Reusable library functions for other scripts
**Usage**:
```bash
# Calculate total costs
./scripts/deployment/calculate-costs-consolidated.sh
# Use conservative estimate
./scripts/deployment/calculate-costs-consolidated.sh --source conservative
# JSON output
./scripts/deployment/calculate-costs-consolidated.sh --format json
# Custom gas amount
./scripts/deployment/calculate-costs-consolidated.sh --gas custom --custom-gas 500000
```
## 🔄 Migrated Scripts to Use Libraries
### Completed Migrations
1. **`scripts/azure/check-naming-conventions.sh`**
- ✅ Uses `lib/init.sh`
- ✅ Uses logging functions
- ✅ Uses Azure CLI wrappers
- ✅ Uses region code library
2. **`scripts/key-management/check-keyvault-status.sh`**
- ✅ Uses `lib/init.sh`
- ✅ Uses logging functions
- ✅ Uses Azure CLI wrappers
- ✅ Uses region code library
### Migration Benefits
- **Reduced code**: Removed ~50 lines of duplicate code per script
- **Consistency**: All scripts use same patterns
- **Maintainability**: Update once, applies everywhere
- **Error handling**: Standardized error messages
- **Documentation**: Clear library structure
## 📊 Impact Summary
### Before
- **Monitor scripts**: 9 separate scripts (~900 lines total)
- **Parallel deployment scripts**: 11 separate scripts (~1100 lines total)
- **Cost calculation scripts**: 12 separate scripts (~1200 lines total)
- **Total**: 32 scripts (~3200 lines)
### After
- **Monitor script**: 1 consolidated script (~400 lines)
- **Parallel deployment script**: 1 consolidated script (~250 lines)
- **Cost library + script**: 1 library (~200 lines) + 1 script (~150 lines)
- **Total**: 3 scripts + 1 library (~1000 lines)
### Reduction
- **Scripts**: 32 → 4 (87.5% reduction)
- **Lines of code**: ~3200 → ~1000 (68.75% reduction)
- **Maintainability**: Significantly improved with library reuse
## 📚 Library Usage
All consolidated scripts use the common library structure:
```bash
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
# Now available:
# - Logging: log_info, log_success, log_error, etc.
# - Azure: ensure_azure_cli, get_subscription_id, etc.
# - Regions: get_region_code, get_region_name, get_all_regions
# - Colors: color_red, color_green, etc.
# - Utils: confirm, require_command, etc.
```
## 🎯 Next Steps
1. **Update Makefile targets** to use consolidated scripts
2. **Mark old scripts as deprecated** (add deprecation notices)
3. **Migrate remaining high-priority scripts** to use libraries
4. **Update documentation** to reference new consolidated scripts
5. **Create migration guide** for scripts that call old scripts
## 📝 Deprecation Notice
The following scripts are now deprecated and should be replaced with their consolidated versions:
### Monitor Scripts
Replace calls to:
- `monitor-deployment.sh``monitor-deployment-consolidated.sh --mode status`
- `monitor-and-complete.sh``monitor-deployment-consolidated.sh --mode complete`
- `monitor-continuous.sh``monitor-deployment-consolidated.sh --mode continuous`
- `live-monitor.sh``monitor-deployment-consolidated.sh --mode live`
- `deployment-dashboard.sh``monitor-deployment-consolidated.sh --mode dashboard`
### Parallel Deployment Scripts
Replace calls to:
- `deploy-parallel.sh``deploy-parallel-consolidated.sh --resource infrastructure`
- `deploy-besu-parallel.sh``deploy-parallel-consolidated.sh --resource besu`
- `configure-kubernetes-parallel.sh``deploy-parallel-consolidated.sh --resource kubernetes`
- `verify-all-clusters-parallel.sh``deploy-parallel-consolidated.sh --resource verify`
### Cost Calculation Scripts
Replace calls to:
- `calculate-accurate-costs.sh``calculate-costs-consolidated.sh`
- `get-accurate-gas-price.sh``calculate-costs-consolidated.sh --format json | jq -r '.gas_price_gwei'`
- `calculate-conservative-costs.sh``calculate-costs-consolidated.sh --source conservative`
## ✅ Success Metrics
- ✅ 87.5% reduction in script count for consolidated categories
- ✅ 68.75% reduction in lines of code
- ✅ Single source of truth for region codes
- ✅ Consistent logging and error handling
- ✅ Reusable library functions
- ✅ Clear documentation

221
scripts/CONSOLIDATION_PLAN.md Normal file
View File

@@ -0,0 +1,221 @@
# Script Consolidation and Modularization Plan
## Overview
This document outlines the consolidation and modularization strategy for scripts in this repository. The goal is to reduce duplication, improve maintainability, and create reusable components.
## Library Structure (Created)
**scripts/lib/** - Common libraries
- `lib/common/colors.sh` - Color definitions
- `lib/common/logging.sh` - Logging functions
- `lib/common/paths.sh` - Path definitions
- `lib/common/utils.sh` - Utility functions
- `lib/config/env.sh` - Environment loading
- `lib/config/regions.sh` - Region code mapping (single source of truth)
- `lib/azure/cli.sh` - Azure CLI wrappers
- `lib/init.sh` - Initialize all libraries
## Script Groups Identified for Consolidation
### 1. Deployment Scripts - High Duplication
#### Monitor Scripts (Can be consolidated into 1-2 scripts)
- `monitor-deployment.sh`
- `monitor-and-complete.sh`
- `monitor-and-fix.sh`
- `monitor-continuous.sh`
- `monitor-deployment-live.sh`
- `live-monitor.sh`
- `continuous-monitor.sh`
- `monitor-36-region-deployment.sh`
- `deployment-dashboard.sh`
**Action**: Create `monitor-deployment.sh` with modes: `--continuous`, `--live`, `--complete`, `--fix`
#### Parallel Deployment Scripts (Can be consolidated)
- `deploy-parallel.sh`
- `deploy-all-parallel.sh`
- `deploy-besu-parallel.sh`
- `deploy-max-parallel.sh`
- `deploy-ultra-parallel.sh`
- `deploy-besu-max-parallel.sh`
- `deploy-monitoring-parallel.sh`
- `configure-kubernetes-parallel.sh`
- `configure-kubernetes-max-parallel.sh`
- `deploy-contracts-parallel.sh`
- `verify-all-clusters-parallel.sh`
- `verify-all-max-parallel.sh`
**Action**: Create generic `deploy-parallel.sh` with resource type parameter
#### Phase Deployment Scripts
- `deploy-infrastructure-phase1.sh`
- `deploy-infrastructure-phase2.sh`
- `deploy-infrastructure-phase3.sh`
- `deploy-infrastructure-phase4.sh`
- `deploy-infrastructure-all-phases.sh`
- `deploy-all-phases.sh`
- `complete-all-phases-parallel.sh`
- `execute-all-phases.sh`
- `wait-and-complete-all.sh`
**Action**: Create `deploy-phase.sh` with phase number parameter
#### Complete/All Scripts
- `complete-all-deployment.sh`
- `complete-all-next-steps.sh`
- `complete-all-tasks.sh`
- `complete-infrastructure-deployment.sh`
- `wait-and-run-all-next-steps.sh`
- `run-all-next-steps.sh`
- `wait-and-run-next-steps.sh`
- `run-next-steps-with-available.sh`
**Action**: Consolidate into `complete-deployment.sh` with step options
### 2. Cost Calculation Scripts - High Duplication
- `calculate-accurate-costs.sh`
- `calculate-accurate-deployment-costs.sh`
- `calculate-conservative-costs.sh`
- `calculate-contract-deployment-costs.sh`
- `calculate-gas-fees.sh`
- `update-all-cost-estimates.sh`
- `update-cost-estimates.sh`
- `finalize-cost-estimates.sh`
- `get-accurate-gas-price.sh`
- `get-conservative-gas-price.sh`
- `get-mainnet-gas-prices.sh`
- `get-real-gas-prices.sh`
- `test-etherscan-gas-api.sh`
**Action**: Create `lib/deployment/costs.sh` library + single `calculate-costs.sh` script
### 3. Verification Scripts
- `verify-chain138-complete.sh`
- `verify-chain138-full-deployment.sh`
- `verify-chain138-services.sh`
- `verify-deployment.sh`
- `verify-mainnet-deployments.sh`
- `verify-on-chain-deployments.sh`
- `verify-all-clusters-parallel.sh`
- `verify-36-region-clusters.sh`
- `verify-all-max-parallel.sh`
- `verify-contract-etherscan.sh`
**Action**: Create `verify-deployment.sh` with resource type and mode options
### 4. Contract Deployment Scripts
- `deploy-weth.sh`
- `deploy-weth10.sh`
- `deploy-weth-with-ccip.sh`
- `deploy-ccip-weth9-bridge.sh`
- `deploy-ccip-weth10-bridge.sh`
- `deploy-multicall.sh`
- `deploy-multisig.sh`
- `deploy-ccip-router.sh`
**Action**: Create generic `deploy-contract.sh` with contract name parameter
### 5. Check/Status Scripts
- `check-deployment-status.sh`
- `check-infrastructure-status.sh`
- `check-mainnet-deployment-status.sh`
- `check-terraform-status.sh`
- `check-all-deployment-sources.sh`
- `check-existing-deployments.sh`
- `check-mainnet-balances.sh`
- `check-wallet-balances.sh`
- `check-and-proceed.sh`
- `check-rpc-status.sh`
**Action**: Create `check-status.sh` with resource type parameter
### 6. Import Scripts
- `import-existing-clusters.sh`
- `import-all-resources.sh`
**Action**: Create `import-resources.sh` with resource type parameter (these are already similar)
## Migration Strategy
### Phase 1: Library Adoption ✅ (In Progress)
1. ✅ Create common library structure
2. ✅ Create shared utilities
3. 🔄 Update key scripts to use libraries (example created)
### Phase 2: High-Impact Consolidations
1. Consolidate monitor scripts
2. Consolidate parallel deployment scripts
3. Consolidate cost calculation scripts
### Phase 3: Medium-Impact Consolidations
1. Consolidate verification scripts
2. Consolidate check/status scripts
3. Consolidate contract deployment scripts
### Phase 4: Cleanup
1. Remove deprecated scripts
2. Update documentation
3. Update Makefile targets
## Script Template
All new scripts should follow this template:
```bash
#!/bin/bash
# Script description
# Usage: script-name.sh [OPTIONS]
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
--option)
OPTION="$2"
shift 2
;;
*)
log_error "Unknown option: $1"
exit 1
;;
esac
done
# Main script logic
ensure_azure_cli || exit 1
log_section "Script Title"
```
## Benefits
1. **Reduced Duplication**: ~50% reduction in script count
2. **Single Source of Truth**: Region codes, colors, utilities defined once
3. **Consistency**: All scripts use same logging, error handling
4. **Maintainability**: Update once, applies everywhere
5. **Easier Testing**: Reusable functions can be unit tested
6. **Better Documentation**: Clear library structure
## Progress Tracking
- [x] Create library structure
- [x] Create common utilities
- [x] Create example refactored script
- [ ] Migrate high-priority scripts
- [ ] Consolidate monitor scripts
- [ ] Consolidate deployment scripts
- [ ] Consolidate cost scripts
- [ ] Update documentation
- [ ] Remove deprecated scripts

215
scripts/MODULARIZATION_SUMMARY.md Normal file
View File

@@ -0,0 +1,215 @@
# Script Modularization and Consolidation Summary
## ✅ Completed
### 1. Common Library Structure Created
Created `scripts/lib/` directory structure with reusable libraries:
```
scripts/lib/
├── common/ # Common utilities
│ ├── colors.sh # Color definitions (RED, GREEN, YELLOW, etc.)
│ ├── logging.sh # Logging functions (log_info, log_error, etc.)
│ ├── paths.sh # Path definitions (SCRIPT_DIR, PROJECT_ROOT)
│ └── utils.sh # Utility functions (confirm, require_command, etc.)
├── config/ # Configuration
│ ├── env.sh # Environment variable loading
│ └── regions.sh # Region code mapping (single source of truth)
├── azure/ # Azure-specific functions
│ └── cli.sh # Azure CLI wrapper functions
├── init.sh # Initialize all libraries (main entry point)
└── README.md # Library documentation
```
**Total Library Code**: 439 lines of reusable code
### 2. Key Features
#### Single Source of Truth for Region Codes
- All region codes standardized to exactly 3 characters
- Defined once in `lib/config/regions.sh`
- Functions: `get_region_code()`, `get_region_name()`, `get_all_regions()`
- Supports both new (3-char) and old codes for backward compatibility
#### Common Logging Functions
- `log_info()`, `log_warn()`, `log_error()`, `log_debug()`
- `log_success()`, `log_failure()`
- `log_section()`, `log_subsection()`
- Color-coded output with consistent formatting
#### Azure CLI Wrappers
- `ensure_azure_cli()` - Checks installation and login
- `check_azure_cli()`, `check_azure_login()`
- `get_current_subscription()`, `get_current_subscription_name()`
- `set_subscription()`, `get_subscription_id()`
#### Common Utilities
- `require_command()` - Exit if command not found
- `confirm()` - User confirmation prompts
- `is_dry_run()` - Check dry-run mode
- `print_header()`, `print_centered()` - Formatted output
### 3. Documentation Created
-`scripts/lib/README.md` - Library documentation
-`scripts/CONSOLIDATION_PLAN.md` - Consolidation strategy
-`scripts/REFACTORING_GUIDE.md` - Migration guide for existing scripts
-`scripts/azure/check-naming-conventions.sh.refactored` - Example refactored script
### 4. Script Inventory
**Total Scripts**: 248 shell scripts
- Many with duplicate patterns
- Ready for consolidation following the plan
## 📋 Consolidation Plan
### High-Priority Consolidations
1. **Monitor Scripts** (9 scripts → 1-2 scripts)
- Consolidate all monitor variants into `monitor-deployment.sh` with modes
2. **Parallel Deployment Scripts** (11 scripts → 1 generic script)
- Create generic `deploy-parallel.sh` with resource type parameter
3. **Cost Calculation Scripts** (12 scripts → 1 script + library)
- Create `lib/deployment/costs.sh` library
- Create single `calculate-costs.sh` script
4. **Verification Scripts** (10 scripts → 1 script)
- Create `verify-deployment.sh` with resource type options
5. **Contract Deployment Scripts** (8 scripts → 1 generic script)
- Create generic `deploy-contract.sh` with contract name parameter
### Expected Impact
- **Reduction**: ~50% reduction in script count (248 → ~124 scripts)
- **Maintainability**: Update once, applies everywhere
- **Consistency**: All scripts use same patterns and libraries
- **Documentation**: Clear library structure
## 🔄 Migration Strategy
### Phase 1: Library Adoption (✅ Completed)
1. ✅ Create library structure
2. ✅ Create shared utilities
3. ✅ Create documentation
4. 🔄 Update key scripts (in progress)
### Phase 2: High-Impact Consolidations (Next)
1. Consolidate monitor scripts
2. Consolidate parallel deployment scripts
3. Consolidate cost calculation scripts
### Phase 3: Medium-Impact Consolidations
1. Consolidate verification scripts
2. Consolidate check/status scripts
3. Consolidate contract deployment scripts
### Phase 4: Cleanup
1. Remove deprecated scripts
2. Update Makefile targets
3. Update all documentation
## 📝 Usage Examples
### Quick Start Template
```bash
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
# Initialize Azure
ensure_azure_cli || exit 1
set_subscription "$(get_subscription_id)" || true
log_section "Script Title"
# Your script logic here
log_success "Completed"
```
### Using Region Codes
```bash
source "$SCRIPT_DIR/../lib/init.sh"
# Get all regions
while IFS=':' read -r region_name region_code; do
echo "Processing $region_name ($region_code)..."
done < <(get_all_regions)
# Get specific region code
CODE=$(get_region_code "westeurope") # Returns "wst"
# Get region name from code
REGION=$(get_region_name "wst") # Returns "westeurope"
```
### Using Logging
```bash
source "$SCRIPT_DIR/../lib/init.sh"
log_info "Starting process..."
log_warn "This might take a while"
log_error "Failed to connect"
log_success "Completed successfully"
log_section "Deployment Status"
```
## 📚 Next Steps
1. **Migrate High-Priority Scripts**:
- Start with frequently-used scripts
- Use `check-naming-conventions.sh.refactored` as template
2. **Create Consolidated Scripts**:
- Begin with monitor scripts consolidation
- Then parallel deployment scripts
3. **Update Documentation**:
- Update all script README files
- Add migration examples
4. **Testing**:
- Test each consolidated script
- Ensure backward compatibility
## 🎯 Benefits
1. **Single Source of Truth**: Region codes, colors, utilities defined once
2. **Consistency**: All scripts use same patterns and libraries
3. **Maintainability**: Update once, applies everywhere
4. **Reduced Duplication**: ~50% reduction in code duplication
5. **Better Error Handling**: Standardized error messages and checks
6. **Easier Testing**: Reusable functions can be unit tested
7. **Improved Documentation**: Clear library structure
## 📊 Progress Tracking
- [x] Create library structure
- [x] Create common utilities
- [x] Create Azure CLI wrappers
- [x] Create region code mapping
- [x] Create documentation
- [x] Create example refactored script
- [ ] Migrate high-priority scripts
- [ ] Consolidate monitor scripts
- [ ] Consolidate deployment scripts
- [ ] Consolidate cost scripts
- [ ] Update Makefile targets
- [ ] Remove deprecated scripts
## 🔗 Related Documentation
- `scripts/lib/README.md` - Library documentation
- `scripts/CONSOLIDATION_PLAN.md` - Detailed consolidation plan
- `scripts/REFACTORING_GUIDE.md` - Migration guide
- `docs/NAMING_CONVENTIONS.md` - Naming conventions

174
scripts/README_CONFIGURATION.md Normal file
View File

@@ -0,0 +1,174 @@
# Configuration Scripts
This directory contains interactive configuration tools for setting up the Besu network.
## Scripts
### `configure-network.sh`
Basic configuration tool wrapper. Runs `configure-network.py` with proper environment setup.
**Usage**:
```bash
./scripts/configure-network.sh
```
### `configure-network.py`
Basic interactive configuration tool. Configures:
- Genesis block configuration
- Network configuration
- Besu node configuration
- Deployment configuration (AKS/VM)
- Terraform variables
- Helm values
### `configure-network-advanced.sh`
Advanced configuration tool wrapper. Runs `configure-network-advanced.py` with proper environment setup.
**Usage**:
```bash
./scripts/configure-network-advanced.sh
```
### `configure-network-advanced.py`
Advanced interactive configuration tool. Includes all basic features plus:
- Security configuration (Network Policies, RBAC, Pod Security, WAF)
- Key management configuration
- Access control configuration
- Monitoring configuration (Prometheus, Grafana, Loki, Alertmanager)
- Backup configuration
- Oracle publisher configuration
## Features
### Interactive Prompts
- **Input Validation**: All inputs are validated (IPs, CIDR, ports, hex values)
- **Default Values**: Sensible defaults are provided for all fields
- **Required Fields**: Required fields are clearly marked
- **Yes/No Prompts**: Simple yes/no questions for boolean options
### Generated Files
The configuration tools generate:
- `config/genesis.json` - Genesis block configuration
- `config/validators/besu-config.toml` - Validator configuration
- `config/sentries/besu-config.toml` - Sentry configuration
- `config/rpc/besu-config.toml` - RPC configuration
- `config/permissions-nodes.toml` - Node permissions
- `config/permissions-accounts.toml` - Account permissions
- `config/static-nodes.json` - Static nodes
- `terraform/terraform.tfvars` - Terraform variables
- `helm/besu-network/values.yaml` - Helm values
- `CONFIG_SUMMARY.md` - Configuration summary
### Backup and Restore
- **Automatic Backup**: Existing files are automatically backed up to `.config-backup/`
- **Manual Backup**: Use `make config-backup` to manually backup
- **Restore**: Use `make config-restore` to restore from backup
## Usage Examples
### Basic Configuration
```bash
# Run basic configuration
./scripts/configure-network.sh
# Or use Makefile
make config
```
### Advanced Configuration
```bash
# Run advanced configuration
./scripts/configure-network-advanced.sh
# Or use Makefile
make config-advanced
```
### Validate Configuration
```bash
# Validate generated configuration
make config-validate
```
### View Configuration Summary
```bash
# View configuration summary
make config-summary
# Or directly
cat CONFIG_SUMMARY.md
```
## Configuration Flow
1. **Run Configuration Tool**: Execute `configure-network.sh` or `configure-network-advanced.sh`
2. **Answer Prompts**: Provide all necessary configuration values
3. **Review Generated Files**: Check generated configuration files
4. **Generate Validator Keys**: Run `generate-validator-keys.sh`
5. **Generate Proper Genesis**: Run `generate-genesis-proper.sh` to update `extraData`
6. **Deploy Infrastructure**: Deploy using Terraform and Kubernetes
## Troubleshooting
### Python Version
**Issue**: Python version too old
**Solution**: Ensure Python 3.8+ is installed
```bash
python3 --version
```
### Missing Dependencies
**Issue**: Import errors
**Solution**: The scripts use only Python standard library. No additional dependencies required.
### Configuration Validation
**Issue**: Invalid configuration values
**Solution**:
- Check validation rules in the tool
- Ensure values are in correct format
- Review error messages
### Backup Restoration
**Issue**: Need to restore configuration
**Solution**:
```bash
# Restore from backup
make config-restore
# Or manually
cp -r .config-backup/* .
```
## Best Practices
1. **Backup First**: Always backup before running configuration tool
2. **Review Generated Files**: Review all generated files before deploying
3. **Validate Configuration**: Use validation scripts to verify configuration
4. **Document Changes**: Document any manual changes to configuration files
5. **Version Control**: Commit configuration files to version control
## Related Documentation
- [Configuration Guide](../docs/CONFIGURATION_GUIDE.md) - Detailed configuration guide
- [Deployment Guide](../docs/DEPLOYMENT.md) - Deployment instructions
- [Troubleshooting Guide](../docs/TROUBLESHOOTING.md) - Troubleshooting guide

301
scripts/REFACTORING_GUIDE.md Normal file
View File

@@ -0,0 +1,301 @@
# Script Refactoring Guide
This guide explains how to refactor existing scripts to use the new common library structure.
## Quick Start
### Before (Old Pattern)
```bash
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Load subscription ID
if [ -f "$PROJECT_ROOT/.env" ]; then
export $(grep -v '^#' "$PROJECT_ROOT/.env" | grep AZURE_SUBSCRIPTION_ID | xargs)
fi
SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID:-fc08d829-4f14-413d-ab27-ce024425db0b}"
# Check Azure CLI
if ! command -v az &> /dev/null; then
echo -e "${RED}Error: Azure CLI not found${NC}"
exit 1
fi
# Check Azure login
az account show &> /dev/null || {
echo -e "${RED}Error: Not logged in to Azure${NC}"
exit 1
}
az account set --subscription "$SUBSCRIPTION_ID" &> /dev/null || true
echo -e "${GREEN}Starting script...${NC}"
```
### After (New Pattern)
```bash
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
# Initialize Azure
SUBSCRIPTION_ID="$(get_subscription_id)"
ensure_azure_cli || exit 1
set_subscription "$SUBSCRIPTION_ID" || true
log_info "Starting script..."
```
## Migration Checklist
### Step 1: Add Library Sourcing
Replace:
```bash
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
```
With:
```bash
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
```
**Note**: `PROJECT_ROOT` is automatically set by the library.
### Step 2: Remove Color Definitions
Remove:
```bash
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
```
Use logging functions instead:
```bash
log_info "Message"
log_warn "Warning"
log_error "Error"
log_success "Success"
```
### Step 3: Replace Echo Statements
| Old | New |
|-----|-----|
| `echo -e "${GREEN}Success${NC}"` | `log_success "Success"` |
| `echo -e "${RED}Error${NC}"` | `log_error "Error"` |
| `echo -e "${YELLOW}Warning${NC}"` | `log_warn "Warning"` |
| `echo "Info"` | `log_info "Info"` |
### Step 4: Replace Azure CLI Checks
Remove:
```bash
if ! command -v az &> /dev/null; then
echo -e "${RED}Error: Azure CLI not found${NC}"
exit 1
fi
az account show &> /dev/null || {
echo -e "${RED}Error: Not logged in${NC}"
exit 1
}
```
Replace with:
```bash
ensure_azure_cli || exit 1
```
### Step 5: Replace Subscription Loading
Remove:
```bash
if [ -f "$PROJECT_ROOT/.env" ]; then
export $(grep -v '^#' "$PROJECT_ROOT/.env" | grep AZURE_SUBSCRIPTION_ID | xargs)
fi
SUBSCRIPTION_ID="${AZURE_SUBSCRIPTION_ID:-fc08d829-4f14-413d-ab27-ce024425db0b}"
az account set --subscription "$SUBSCRIPTION_ID" &> /dev/null || true
```
Replace with:
```bash
SUBSCRIPTION_ID="$(get_subscription_id)"
set_subscription "$SUBSCRIPTION_ID" || true
```
### Step 6: Replace Region Code Mappings
Remove large `declare -A REGION_CODES` blocks and replace with:
```bash
# Get all regions
get_all_regions
# Get specific region code
CODE=$(get_region_code "westeurope") # Returns "wst"
# Get region name from code
REGION=$(get_region_name "wst") # Returns "westeurope"
```
## Common Patterns
### Pattern 1: Script with Azure Operations
```bash
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
ensure_azure_cli || exit 1
log_section "Script Title"
# Your script logic here
```
### Pattern 2: Script with Region Iteration
```bash
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
ensure_azure_cli || exit 1
log_section "Processing Regions"
while IFS=':' read -r region_name region_code; do
log_info "Processing $region_name ($region_code)..."
# Your logic here
done < <(get_all_regions)
```
### Pattern 3: Script with Error Handling
```bash
#!/bin/bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
ensure_azure_cli || exit 1
ERRORS=()
# Process items
for item in "${ITEMS[@]}"; do
if ! process_item "$item"; then
ERRORS+=("$item")
log_error "Failed to process $item"
else
log_success "Processed $item"
fi
done
# Report errors
if [ ${#ERRORS[@]} -gt 0 ]; then
log_warn "Failed to process ${#ERRORS[@]} items"
exit 1
fi
log_success "All items processed successfully"
```
## Available Library Functions
### Logging (`lib/common/logging.sh`)
- `log_debug "message"` - Debug level log
- `log_info "message"` - Info level log
- `log_warn "message"` - Warning log
- `log_error "message"` - Error log
- `log_success "message"` - Success message
- `log_failure "message"` - Failure message
- `log_section "title"` - Section header
- `log_subsection "title"` - Subsection header
### Colors (`lib/common/colors.sh`)
- `color_red "text"` - Red text
- `color_green "text"` - Green text
- `color_yellow "text"` - Yellow text
- `color_blue "text"` - Blue text
- `color_cyan "text"` - Cyan text
### Azure CLI (`lib/azure/cli.sh`)
- `check_azure_cli` - Check if Azure CLI is installed
- `check_azure_login` - Check if logged in
- `ensure_azure_cli` - Ensure CLI is ready (installed + logged in)
- `get_current_subscription` - Get current subscription ID
- `get_current_subscription_name` - Get current subscription name
### Configuration (`lib/config/`)
- `get_subscription_id` - Get subscription ID from env or default
- `set_subscription "id"` - Set Azure subscription
- `get_region_code "name"` - Get 3-char region code
- `get_region_name "code"` - Get region name from code
- `get_all_regions` - Get all regions (name:code format)
- `is_valid_region_code "code"` - Validate region code
### Utilities (`lib/common/utils.sh`)
- `require_command "cmd" ["hint"]` - Require command exists
- `command_exists "cmd"` - Check if command exists
- `confirm "prompt" ["default"]` - Confirm action
- `is_dry_run` - Check if in dry-run mode
- `print_header "title" ["width"]` - Print header box
## Testing Refactored Scripts
1. Test with `--dry-run` if supported
2. Verify output formatting matches original
3. Check error messages are clear
4. Ensure backward compatibility if script is called by others
## Examples
See `scripts/azure/check-naming-conventions.sh.refactored` for a complete example of a refactored script.
```bash
# Example migrated scripts (as references):
# - scripts/deployment/fix-resource-groups-and-keyvaults.sh
# - scripts/azure/list-all-resources.sh
# - scripts/key-management/manage-keyvaults.sh
# - scripts/key-management/azure-keyvault-setup.sh
# - scripts/key-management/store-nodes-in-keyvault.sh
```
## Testing
```bash
# Syntax check only (no execution):
bash -n scripts/azure/list-all-resources.sh
bash -n scripts/key-management/manage-keyvaults.sh
bash -n scripts/key-management/azure-keyvault-setup.sh
bash -n scripts/key-management/store-nodes-in-keyvault.sh
# Dry run (where supported):
DRY_RUN=1 scripts/key-management/store-nodes-in-keyvault.sh
```

162
scripts/archive/duplicate-ccip/ccip-configure-destination.sh Executable file
View File

@@ -0,0 +1,162 @@
#!/usr/bin/env bash
# CCIP Configure Destination Script
# Configures a remote bridge address for a specific chain selector
#
# Usage:
# ./ccip-configure-destination.sh <chain-selector> <remote-bridge-address>
#
# Example (Chain 138 → Mainnet WETH9):
# export BRIDGE_ADDRESS=$CCIPWETH9_BRIDGE_CHAIN138
# ./ccip-configure-destination.sh 5009297550715157269 0x3304b747E565a97ec8AC220b0B6A1f6ffDB837e6
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../../.." && pwd)"
# Load environment variables
ENV_FILE="${ENV_FILE:-$PROJECT_ROOT/.env}"
if [ -f "$ENV_FILE" ]; then
export $(grep -v '^#' "$ENV_FILE" | grep -E "^(RPC_URL|PRIVATE_KEY|CHAIN_ID|CCIP_ROUTER|LINK_TOKEN|WETH9_ADDRESS|WETH10_ADDRESS|CCIPWETH9_BRIDGE|CCIPWETH10_BRIDGE|ETHEREUM_MAINNET_SELECTOR|CHAIN138_SELECTOR)" | xargs)
fi
# Parse arguments
if [ $# -lt 2 ]; then
echo "Usage: $0 <chain-selector> <remote-bridge-address>"
echo ""
echo "Arguments:"
echo " chain-selector CCIP chain selector (e.g., 5009297550715157269 for Ethereum mainnet)"
echo " remote-bridge-address Address of the bridge contract on the destination chain"
echo ""
echo "Environment variables:"
echo " BRIDGE_ADDRESS Address of the bridge contract to configure (required)"
echo " RPC_URL RPC endpoint URL (required)"
echo " PRIVATE_KEY Private key for signing transactions (required)"
echo ""
echo "Examples:"
echo " # Configure Chain 138 WETH9 bridge → Mainnet"
echo " export BRIDGE_ADDRESS=\$CCIPWETH9_BRIDGE_CHAIN138"
echo " $0 5009297550715157269 0x3304b747E565a97ec8AC220b0B6A1f6ffDB837e6"
echo ""
echo " # Configure Mainnet WETH9 bridge → Chain 138"
echo " export BRIDGE_ADDRESS=\$CCIPWETH9_BRIDGE_MAINNET"
echo " $0 \$CHAIN138_SELECTOR 0x3304b747E565a97ec8AC220b0B6A1f6ffDB837e6"
exit 1
fi
CHAIN_SELECTOR="$1"
REMOTE_BRIDGE="$2"
# Validate required environment variables
if [ -z "${BRIDGE_ADDRESS:-}" ]; then
echo "Error: BRIDGE_ADDRESS not set"
echo "Set it to the bridge contract address you want to configure:"
echo " export BRIDGE_ADDRESS=\$CCIPWETH9_BRIDGE_CHAIN138"
echo " # or"
echo " export BRIDGE_ADDRESS=\$CCIPWETH10_BRIDGE_CHAIN138"
exit 1
fi
if [ -z "${RPC_URL:-}" ]; then
echo "Error: RPC_URL not set"
exit 1
fi
if [ -z "${PRIVATE_KEY:-}" ]; then
echo "Error: PRIVATE_KEY not set"
exit 1
fi
# Validate addresses
if ! cast --version &>/dev/null; then
echo "Error: cast (Foundry) not found. Please install Foundry:"
echo " curl -L https://foundry.paradigm.xyz | bash"
exit 1
fi
# Validate remote bridge address format
if ! cast --to-checksum-address "$REMOTE_BRIDGE" &>/dev/null; then
echo "Error: Invalid remote bridge address: $REMOTE_BRIDGE"
exit 1
fi
BRIDGE_ADDRESS=$(cast --to-checksum-address "$BRIDGE_ADDRESS")
echo "=========================================="
echo "CCIP Configure Destination"
echo "=========================================="
echo "Bridge Address: $BRIDGE_ADDRESS"
echo "Chain Selector: $CHAIN_SELECTOR"
echo "Remote Bridge: $REMOTE_BRIDGE"
echo "RPC URL: $RPC_URL"
echo ""
# Check if bridge contract exists
CODE=$(cast code "$BRIDGE_ADDRESS" --rpc-url "$RPC_URL" 2>/dev/null || echo "")
if [ -z "$CODE" ] || [ "$CODE" = "0x" ]; then
echo "Error: No contract found at $BRIDGE_ADDRESS"
exit 1
fi
# Verify current configuration (if possible)
echo "Checking current remote bridge configuration..."
CURRENT_REMOTE=$(cast call "$BRIDGE_ADDRESS" \
"remoteBridges(uint64)(address)" \
"$CHAIN_SELECTOR" \
--rpc-url "$RPC_URL" 2>/dev/null || echo "0x0000000000000000000000000000000000000000")
if [ "$CURRENT_REMOTE" != "0x0000000000000000000000000000000000000000" ]; then
echo "Current remote bridge: $CURRENT_REMOTE"
if [ "$CURRENT_REMOTE" = "$REMOTE_BRIDGE" ]; then
echo "✓ Remote bridge already configured correctly"
exit 0
else
echo "⚠ Warning: Remote bridge is already set to a different address"
read -p "Continue with update? [y/N]: " confirm
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
echo "Aborted"
exit 1
fi
fi
else
echo "No remote bridge configured for this chain selector"
fi
echo ""
echo "Configuring destination..."
echo ""
# Call configureDestination function
cast send "$BRIDGE_ADDRESS" \
"configureDestination(uint64,address)" \
"$CHAIN_SELECTOR" \
"$REMOTE_BRIDGE" \
--private-key "$PRIVATE_KEY" \
--rpc-url "$RPC_URL" \
--gas-limit 200000
echo ""
echo "Waiting for transaction confirmation..."
sleep 5
# Verify configuration
VERIFIED_REMOTE=$(cast call "$BRIDGE_ADDRESS" \
"remoteBridges(uint64)(address)" \
"$CHAIN_SELECTOR" \
--rpc-url "$RPC_URL" 2>/dev/null || echo "0x0000000000000000000000000000000000000000")
if [ "$VERIFIED_REMOTE" = "$REMOTE_BRIDGE" ]; then
echo "✓ Configuration successful!"
echo " Chain Selector $CHAIN_SELECTOR → Remote Bridge $REMOTE_BRIDGE"
else
echo "⚠ Warning: Configuration may not have been applied correctly"
echo " Expected: $REMOTE_BRIDGE"
echo " Got: $VERIFIED_REMOTE"
exit 1
fi
echo ""
echo "=========================================="
echo "Configuration Complete"
echo "=========================================="

131
scripts/archive/duplicate-ccip/ccip-estimate-fee.sh Executable file
View File

@@ -0,0 +1,131 @@
#!/usr/bin/env bash
# CCIP Estimate Fee Script
# Estimates the CCIP fee for bridging tokens to a destination chain
#
# Usage:
# ./ccip-estimate-fee.sh <chain-selector> <receiver-address> <amount-wei>
#
# Example:
# export BRIDGE_ADDRESS=$CCIPWETH9_BRIDGE_CHAIN138
# ./ccip-estimate-fee.sh 5009297550715157269 0xYourMainnetReceiverAddress 100000000000000000
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../../.." && pwd)"
# Load environment variables
ENV_FILE="${ENV_FILE:-$PROJECT_ROOT/.env}"
if [ -f "$ENV_FILE" ]; then
export $(grep -v '^#' "$ENV_FILE" | grep -E "^(RPC_URL|PRIVATE_KEY|CHAIN_ID|CCIP_ROUTER|LINK_TOKEN|WETH9_ADDRESS|WETH10_ADDRESS|FEE_TOKEN)" | xargs)
fi
# Parse arguments
if [ $# -lt 3 ]; then
echo "Usage: $0 <chain-selector> <receiver-address> <amount-wei>"
echo ""
echo "Arguments:"
echo " chain-selector CCIP chain selector (e.g., 5009297550715157269 for Ethereum mainnet)"
echo " receiver-address Address that will receive tokens on destination chain"
echo " amount-wei Amount to bridge in wei (e.g., 100000000000000000 for 0.1 tokens)"
echo ""
echo "Environment variables:"
echo " BRIDGE_ADDRESS Address of the bridge contract (required)"
echo " RPC_URL RPC endpoint URL (required)"
echo " FEE_TOKEN Fee token address (0x0 for native, or LINK token address)"
echo ""
echo "Examples:"
echo " # Estimate fee for 0.1 WETH9 from Chain 138 to Mainnet"
echo " export BRIDGE_ADDRESS=\$CCIPWETH9_BRIDGE_CHAIN138"
echo " $0 5009297550715157269 0xYourMainnetAddress 100000000000000000"
exit 1
fi
CHAIN_SELECTOR="$1"
RECEIVER="$2"
AMOUNT="$3"
# Validate required environment variables
if [ -z "${BRIDGE_ADDRESS:-}" ]; then
echo "Error: BRIDGE_ADDRESS not set"
echo "Set it to the bridge contract address:"
echo " export BRIDGE_ADDRESS=\$CCIPWETH9_BRIDGE_CHAIN138"
echo " # or"
echo " export BRIDGE_ADDRESS=\$CCIPWETH10_BRIDGE_CHAIN138"
exit 1
fi
if [ -z "${RPC_URL:-}" ]; then
echo "Error: RPC_URL not set"
exit 1
fi
# Default to LINK token if FEE_TOKEN not set
FEE_TOKEN="${FEE_TOKEN:-${LINK_TOKEN:-0x0000000000000000000000000000000000000000}}"
# Validate addresses
if ! cast --version &>/dev/null; then
echo "Error: cast (Foundry) not found. Please install Foundry:"
echo " curl -L https://foundry.paradigm.xyz | bash"
exit 1
fi
BRIDGE_ADDRESS=$(cast --to-checksum-address "$BRIDGE_ADDRESS")
RECEIVER=$(cast --to-checksum-address "$RECEIVER")
echo "=========================================="
echo "CCIP Estimate Fee"
echo "=========================================="
echo "Bridge Address: $BRIDGE_ADDRESS"
echo "Chain Selector: $CHAIN_SELECTOR"
echo "Receiver: $RECEIVER"
echo "Amount: $AMOUNT wei"
echo "Fee Token: $FEE_TOKEN"
echo ""
# Check if bridge has estimateCcipFee function
# If not, we'll need to call router.getFee directly
HAS_ESTIMATE_FUNCTION=$(cast sig "estimateCcipFee(uint64,address,uint256)(uint256)" 2>/dev/null || echo "")
if [ -n "$HAS_ESTIMATE_FUNCTION" ]; then
echo "Using bridge's estimateCcipFee function..."
FEE=$(cast call "$BRIDGE_ADDRESS" \
"estimateCcipFee(uint64,address,uint256)(uint256)" \
"$CHAIN_SELECTOR" \
"$RECEIVER" \
"$AMOUNT" \
--rpc-url "$RPC_URL" 2>/dev/null || echo "0")
else
echo "Bridge doesn't have estimateCcipFee, calling router directly..."
echo "⚠ Note: This requires constructing the full message, which may not be possible without bridge contract details"
echo "Please implement estimateCcipFee in your bridge contract"
exit 1
fi
if [ "$FEE" = "0" ] || [ -z "$FEE" ]; then
echo "Error: Failed to estimate fee"
exit 1
fi
# Convert to human-readable format
FEE_DECIMAL=$(cast --to-dec "$FEE" 2>/dev/null || echo "$FEE")
echo ""
echo "=========================================="
echo "Fee Estimate"
echo "=========================================="
echo "Fee (wei): $FEE"
echo "Fee (decimal): $FEE_DECIMAL"
# If using LINK token, show in LINK units (18 decimals)
if [ "$FEE_TOKEN" != "0x0000000000000000000000000000000000000000" ]; then
FEE_LINK=$(echo "scale=8; $FEE_DECIMAL / 1000000000000000000" | bc 2>/dev/null || echo "N/A")
echo "Fee (LINK): $FEE_LINK LINK"
else
FEE_ETH=$(echo "scale=8; $FEE_DECIMAL / 1000000000000000000" | bc 2>/dev/null || echo "N/A")
echo "Fee (ETH): $FEE_ETH ETH"
fi
echo ""
echo "=========================================="

272
scripts/archive/duplicate-ccip/ccip-send.sh Executable file
View File

@@ -0,0 +1,272 @@
#!/usr/bin/env bash
# CCIP Send Script
# Sends tokens via CCIP bridge to a destination chain
#
# Usage:
# ./ccip-send.sh --selector <chain-selector> --receiver <address> --amount <wei> [--dry-run]
#
# Example:
# export BRIDGE_ADDRESS=$CCIPWETH9_BRIDGE_CHAIN138
# ./ccip-send.sh --selector 5009297550715157269 --receiver 0xYourMainnetAddress --amount 100000000000000000
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../../.." && pwd)"
# Load environment variables
ENV_FILE="${ENV_FILE:-$PROJECT_ROOT/.env}"
if [ -f "$ENV_FILE" ]; then
export $(grep -v '^#' "$ENV_FILE" | grep -E "^(RPC_URL|PRIVATE_KEY|CHAIN_ID|CCIP_ROUTER|LINK_TOKEN|WETH9_ADDRESS|WETH10_ADDRESS|FEE_TOKEN)" | xargs)
fi
# Default values
DRY_RUN=false
SELECTOR=""
RECEIVER=""
AMOUNT=""
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
--selector)
SELECTOR="$2"
shift 2
;;
--receiver)
RECEIVER="$2"
shift 2
;;
--amount)
AMOUNT="$2"
shift 2
;;
--dry-run)
DRY_RUN=true
shift
;;
*)
echo "Unknown argument: $1"
echo ""
echo "Usage: $0 --selector <chain-selector> --receiver <address> --amount <wei> [--dry-run]"
echo ""
echo "Arguments:"
echo " --selector <chain-selector> CCIP chain selector (required)"
echo " --receiver <address> Receiver address on destination chain (required)"
echo " --amount <wei> Amount to bridge in wei (required)"
echo " --dry-run Simulate transaction without sending (optional)"
echo ""
echo "Environment variables:"
echo " BRIDGE_ADDRESS Bridge contract address (required)"
echo " RPC_URL RPC endpoint URL (required)"
echo " PRIVATE_KEY Private key for signing (required)"
echo " FEE_TOKEN Fee token address (0x0 for native, or LINK)"
echo ""
echo "Examples:"
echo " # Dry run: estimate without sending"
echo " export BRIDGE_ADDRESS=\$CCIPWETH9_BRIDGE_CHAIN138"
echo " $0 --selector 5009297550715157269 --receiver 0xYourAddress --amount 100000000000000000 --dry-run"
echo ""
echo " # Actual send"
echo " $0 --selector 5009297550715157269 --receiver 0xYourAddress --amount 100000000000000000"
exit 1
;;
esac
done
# Validate required arguments
if [ -z "$SELECTOR" ] || [ -z "$RECEIVER" ] || [ -z "$AMOUNT" ]; then
echo "Error: Missing required arguments"
echo "Usage: $0 --selector <chain-selector> --receiver <address> --amount <wei> [--dry-run]"
exit 1
fi
# Validate required environment variables
if [ -z "${BRIDGE_ADDRESS:-}" ]; then
echo "Error: BRIDGE_ADDRESS not set"
echo "Set it to the bridge contract address:"
echo " export BRIDGE_ADDRESS=\$CCIPWETH9_BRIDGE_CHAIN138"
exit 1
fi
if [ -z "${RPC_URL:-}" ]; then
echo "Error: RPC_URL not set"
exit 1
fi
if [ "$DRY_RUN" = false ] && [ -z "${PRIVATE_KEY:-}" ]; then
echo "Error: PRIVATE_KEY not set (required for actual send)"
exit 1
fi
# Default to LINK token if FEE_TOKEN not set
FEE_TOKEN="${FEE_TOKEN:-${LINK_TOKEN:-0x0000000000000000000000000000000000000000}}"
# Validate cast is available
if ! cast --version &>/dev/null; then
echo "Error: cast (Foundry) not found. Please install Foundry:"
echo " curl -L https://foundry.paradigm.xyz | bash"
exit 1
fi
BRIDGE_ADDRESS=$(cast --to-checksum-address "$BRIDGE_ADDRESS")
RECEIVER=$(cast --to-checksum-address "$RECEIVER")
echo "=========================================="
if [ "$DRY_RUN" = true ]; then
echo "CCIP Send (DRY RUN)"
else
echo "CCIP Send"
fi
echo "=========================================="
echo "Bridge Address: $BRIDGE_ADDRESS"
echo "Chain Selector: $SELECTOR"
echo "Receiver: $RECEIVER"
echo "Amount: $AMOUNT wei"
echo "Fee Token: $FEE_TOKEN"
echo ""
# Estimate fee first
echo "Estimating fee..."
FEE=$(cast call "$BRIDGE_ADDRESS" \
"estimateCcipFee(uint64,address,uint256)(uint256)" \
"$SELECTOR" \
"$RECEIVER" \
"$AMOUNT" \
--rpc-url "$RPC_URL" 2>/dev/null || echo "0")
if [ "$FEE" = "0" ] || [ -z "$FEE" ]; then
echo "⚠ Warning: Could not estimate fee. Proceeding anyway..."
FEE="0"
else
FEE_DECIMAL=$(cast --to-dec "$FEE" 2>/dev/null || echo "$FEE")
echo "Estimated fee: $FEE wei ($FEE_DECIMAL)"
fi
# Check sender balance and approval
if [ "$DRY_RUN" = false ]; then
SENDER_ADDRESS=$(cast wallet address --private-key "$PRIVATE_KEY" 2>/dev/null || echo "")
if [ -z "$SENDER_ADDRESS" ]; then
echo "Error: Could not derive address from private key"
exit 1
fi
echo ""
echo "Checking sender balance and approvals..."
echo "Sender: $SENDER_ADDRESS"
# Determine which token (WETH9 or WETH10) based on bridge address
# This is a heuristic - you may need to adjust based on your setup
if [[ "$BRIDGE_ADDRESS" == *"WETH9"* ]] || [[ "${BRIDGE_ADDRESS:-}" == "${CCIPWETH9_BRIDGE_CHAIN138:-}" ]] || [[ "${BRIDGE_ADDRESS:-}" == "${CCIPWETH9_BRIDGE_MAINNET:-}" ]]; then
TOKEN_ADDRESS="${WETH9_ADDRESS:-0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2}"
TOKEN_NAME="WETH9"
else
TOKEN_ADDRESS="${WETH10_ADDRESS:-0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f}"
TOKEN_NAME="WETH10"
fi
# Check token balance
BALANCE=$(cast call "$TOKEN_ADDRESS" \
"balanceOf(address)(uint256)" \
"$SENDER_ADDRESS" \
--rpc-url "$RPC_URL" 2>/dev/null || echo "0")
if [ "$(cast --to-dec "$BALANCE" 2>/dev/null || echo "0")" -lt "$(cast --to-dec "$AMOUNT" 2>/dev/null || echo "0")" ]; then
echo "⚠ Warning: Insufficient $TOKEN_NAME balance"
echo " Required: $AMOUNT wei"
echo " Available: $BALANCE wei"
else
echo "✓ Sufficient $TOKEN_NAME balance"
fi
# Check approval
ALLOWANCE=$(cast call "$TOKEN_ADDRESS" \
"allowance(address,address)(uint256)" \
"$SENDER_ADDRESS" \
"$BRIDGE_ADDRESS" \
--rpc-url "$RPC_URL" 2>/dev/null || echo "0")
if [ "$(cast --to-dec "$ALLOWANCE" 2>/dev/null || echo "0")" -lt "$(cast --to-dec "$AMOUNT" 2>/dev/null || echo "0")" ]; then
echo "⚠ Warning: Insufficient approval"
echo " Required: $AMOUNT wei"
echo " Approved: $ALLOWANCE wei"
echo ""
echo "Approve the bridge to spend tokens:"
echo " cast send $TOKEN_ADDRESS \\"
echo " \"approve(address,uint256)(bool)\" \\"
echo " $BRIDGE_ADDRESS $AMOUNT \\"
echo " --private-key \$PRIVATE_KEY \\"
echo " --rpc-url \$RPC_URL"
if [ "$DRY_RUN" = false ]; then
read -p "Continue anyway? [y/N]: " confirm
if [[ ! "$confirm" =~ ^[Yy]$ ]]; then
echo "Aborted. Please approve first."
exit 1
fi
fi
else
echo "✓ Sufficient approval"
fi
fi
echo ""
if [ "$DRY_RUN" = true ]; then
echo "DRY RUN: Simulating bridgeOut call..."
cast call "$BRIDGE_ADDRESS" \
"bridgeOut(uint64,address,uint256,address)(bytes32)" \
"$SELECTOR" \
"$RECEIVER" \
"$AMOUNT" \
"$FEE_TOKEN" \
--rpc-url "$RPC_URL" || {
echo "Error: Dry run failed"
exit 1
}
echo "✓ Dry run successful (transaction would succeed)"
else
echo "Sending transaction..."
# Determine value to send (if using native fees)
VALUE="0"
if [ "$FEE_TOKEN" = "0x0000000000000000000000000000000000000000" ]; then
VALUE="$FEE"
fi
TX_HASH=$(cast send "$BRIDGE_ADDRESS" \
"bridgeOut(uint64,address,uint256,address)(bytes32)" \
"$SELECTOR" \
"$RECEIVER" \
"$AMOUNT" \
"$FEE_TOKEN" \
--private-key "$PRIVATE_KEY" \
--rpc-url "$RPC_URL" \
--value "$VALUE" \
--gas-limit 500000 2>&1 | grep -oP '0x[a-fA-F0-9]{64}' || echo "")
if [ -z "$TX_HASH" ]; then
echo "Error: Transaction failed or hash not found"
exit 1
fi
echo "✓ Transaction sent!"
echo " Transaction Hash: $TX_HASH"
echo ""
echo "Waiting for confirmation..."
sleep 5
# Try to get receipt
RECEIPT=$(cast receipt "$TX_HASH" --rpc-url "$RPC_URL" 2>/dev/null || echo "")
if [ -n "$RECEIPT" ]; then
echo "✓ Transaction confirmed"
else
echo "⚠ Transaction may still be pending. Check with:"
echo " cast receipt $TX_HASH --rpc-url $RPC_URL"
fi
fi
echo ""
echo "=========================================="
echo "Complete"
echo "=========================================="

182
scripts/assets/create-diagram-stencil.sh Executable file
View File

@@ -0,0 +1,182 @@
#!/usr/bin/env bash
set -e
# Create Draw.io Stencil for Azure Icons
# This script creates a Draw.io stencil file from Azure icons
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
ASSETS_DIR="${PROJECT_ROOT}/assets"
AZURE_ICONS_DIR="${ASSETS_DIR}/azure-icons"
STENCIL_DIR="${ASSETS_DIR}/stencils"
echo "Creating Draw.io stencil for Azure icons..."
# Create stencil directory
mkdir -p "${STENCIL_DIR}"
# Check if SVG icons exist
if [ ! -d "${AZURE_ICONS_DIR}/svg" ] || [ -z "$(ls -A ${AZURE_ICONS_DIR}/svg 2>/dev/null)" ]; then
echo "Warning: SVG icons not found. Please run download-azure-icons.sh first."
echo "Creating stencil template..."
fi
# Create stencil XML template
cat > "${STENCIL_DIR}/azure-icons-stencil.xml" << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<mxfile host="app.diagrams.net">
<diagram name="Azure Icons" id="azure-icons">
<mxGraphModel dx="1200" dy="800" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1169" pageHeight="827" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<!-- Azure Icons Stencil -->
<!-- This stencil contains Azure Architecture Icons -->
<!-- Icons are loaded from assets/azure-icons/svg/ -->
</root>
</mxGraphModel>
</diagram>
</mxfile>
EOF
# Create stencil library JSON
cat > "${STENCIL_DIR}/azure-icons-library.json" << 'EOF'
{
"title": "Azure Architecture Icons",
"author": "Microsoft",
"description": "Azure Architecture Icons for Draw.io",
"keywords": ["azure", "cloud", "architecture", "icons"],
"icons": {
"compute": [
{
"name": "Azure Kubernetes Service",
"icon": "Icon-service-kubernetes-Azure.svg",
"category": "Compute"
},
{
"name": "Virtual Machine",
"icon": "Icon-service-virtual-machine-Azure.svg",
"category": "Compute"
},
{
"name": "Container Instances",
"icon": "Icon-service-container-instances-Azure.svg",
"category": "Compute"
}
],
"networking": [
{
"name": "Virtual Network",
"icon": "Icon-service-virtual-network-Azure.svg",
"category": "Networking"
},
{
"name": "Application Gateway",
"icon": "Icon-service-application-gateway-Azure.svg",
"category": "Networking"
},
{
"name": "Load Balancer",
"icon": "Icon-service-load-balancer-Azure.svg",
"category": "Networking"
}
],
"storage": [
{
"name": "Storage Account",
"icon": "Icon-service-storage-accounts-Azure.svg",
"category": "Storage"
},
{
"name": "Blob Storage",
"icon": "Icon-service-blob-storage-Azure.svg",
"category": "Storage"
}
],
"security": [
{
"name": "Key Vault",
"icon": "Icon-service-key-vaults-Azure.svg",
"category": "Security"
},
{
"name": "Azure Active Directory",
"icon": "Icon-service-azure-active-directory-Azure.svg",
"category": "Security"
}
]
},
"usage": {
"drawio": "Import this stencil into Draw.io to use Azure icons",
"instructions": "1. Open Draw.io\n2. File → Open Library → From → Device\n3. Select azure-icons-library.json\n4. Icons will appear in the left panel"
}
}
EOF
# Create instructions for using the stencil
cat > "${STENCIL_DIR}/README.md" << 'EOF'
# Azure Icons Stencil for Draw.io
This directory contains stencil files for using Azure Architecture Icons in Draw.io (diagrams.net).
## Using the Stencil
### Method 1: Import Icons Directly
1. Open [Draw.io](https://app.diagrams.net/)
2. Click "More Shapes" (bottom left)
3. Click "+" to add a new library
4. Select "From Device"
5. Navigate to `assets/azure-icons/svg/`
6. Select the icons you want to use
7. Click "Create"
### Method 2: Use Icon Mapping
1. Open Draw.io
2. File → Open Library → From → Device
3. Select `azure-icons-library.json`
4. Icons will appear in the left panel
### Method 3: Manual Import
1. Open Draw.io
2. Click "Insert" → "Image"
3. Select "From Device"
4. Navigate to `assets/azure-icons/svg/`
5. Select the icon file
6. Click "Open"
## Icon Categories
Icons are organized by category:
- Compute (AKS, VMs, Containers)
- Networking (VNet, Gateway, Load Balancer)
- Storage (Storage Account, Blob, File Share)
- Security (Key Vault, AAD, Firewall)
- Management (Resource Groups, Monitor, Log Analytics)
## Best Practices
1. Use SVG icons for scalability
2. Maintain consistent icon size
3. Use official Azure icons only
4. Follow Azure Architecture Center guidelines
5. Label all components clearly
## References
- [Azure Architecture Center](https://docs.microsoft.com/azure/architecture/)
- [Azure Architecture Icons](https://docs.microsoft.com/azure/architecture/icons/)
- [Draw.io Documentation](https://www.diagrams.net/doc/)
EOF
echo "✅ Draw.io stencil created"
echo "Stencil files are available in: ${STENCIL_DIR}/"
echo "To use the stencil:"
echo " 1. Open Draw.io"
echo " 2. Import icons from ${AZURE_ICONS_DIR}/svg/"
echo " 3. See ${STENCIL_DIR}/README.md for instructions"

225
scripts/assets/download-azure-icons.sh Executable file
View File

@@ -0,0 +1,225 @@
#!/usr/bin/env bash
set -e
# Download Azure Architecture Icons
# This script downloads the official Azure Architecture Icons from Microsoft
# Official source: https://docs.microsoft.com/azure/architecture/icons/
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
ASSETS_DIR="${PROJECT_ROOT}/assets"
AZURE_ICONS_DIR="${ASSETS_DIR}/azure-icons"
# Azure Architecture Icons download URLs
# Official source: https://docs.microsoft.com/azure/architecture/icons/
# Note: URLs may change, check the official page for latest version
# Current version: V17 (as of 2024)
AZURE_ICONS_SVG_URL="https://arch-center.azureedge.net/icons/Azure_Public_Service_Icons_V17.zip"
AZURE_ICONS_PNG_URL="https://arch-center.azureedge.net/icons/Azure_Public_Service_Icons_V17_PNG.zip"
# Alternative sources (if primary URLs fail)
AZURE_ICONS_ALTERNATIVE="https://aka.ms/Architecture/icons"
AZURE_ICONS_DOWNLOAD_PAGE="https://docs.microsoft.com/azure/architecture/icons/"
echo "═══════════════════════════════════════════════════════════"
echo "Azure Architecture Icons Download"
echo "═══════════════════════════════════════════════════════════"
echo "Official source: $AZURE_ICONS_DOWNLOAD_PAGE"
# Create directories
mkdir -p "${AZURE_ICONS_DIR}/svg"
mkdir -p "${AZURE_ICONS_DIR}/png"
mkdir -p "${AZURE_ICONS_DIR}/metadata"
mkdir -p "${ASSETS_DIR}/diagrams/architecture"
mkdir -p "${ASSETS_DIR}/diagrams/network"
mkdir -p "${ASSETS_DIR}/diagrams/deployment"
mkdir -p "${ASSETS_DIR}/logos"
mkdir -p "${ASSETS_DIR}/screenshots"
mkdir -p "${ASSETS_DIR}/stencils"
# Check if wget or curl is available
if command -v wget &> /dev/null; then
DOWNLOAD_CMD="wget"
DOWNLOAD_FLAGS="-q --show-progress"
elif command -v curl &> /dev/null; then
DOWNLOAD_CMD="curl"
DOWNLOAD_FLAGS="-L --progress-bar"
else
echo "❌ Error: Neither wget nor curl is available. Please install one of them."
echo " Ubuntu/Debian: sudo apt-get install wget curl"
echo " RHEL/CentOS: sudo yum install wget curl"
echo " macOS: brew install wget curl"
exit 1
fi
# Check if unzip is available
if ! command -v unzip &> /dev/null; then
echo "❌ Error: unzip is not available. Please install unzip to extract icons."
echo " Ubuntu/Debian: sudo apt-get install unzip"
echo " RHEL/CentOS: sudo yum install unzip"
echo " macOS: brew install unzip"
echo "Icons can be downloaded manually from: $AZURE_ICONS_DOWNLOAD_PAGE"
echo "After downloading, extract to: ${AZURE_ICONS_DIR}/"
exit 1
fi
# Download function
download_file() {
local url=$1
local output=$2
echo " 📥 Downloading from: $url"
if [ "$DOWNLOAD_CMD" == "wget" ]; then
if wget $DOWNLOAD_FLAGS -O "$output" "$url" 2>&1; then
return 0
else
echo " ❌ Download failed"
return 1
fi
else
if curl $DOWNLOAD_FLAGS -o "$output" "$url" 2>&1; then
return 0
else
echo " ❌ Download failed"
return 1
fi
fi
}
# Extract function - handles nested directory structures
extract_icons() {
local zip_file=$1
local target_dir=$2
local file_pattern=$3
local icon_type=$4
if [ ! -f "$zip_file" ]; then
echo " ❌ Error: ZIP file not found: $zip_file"
return 1
fi
echo " 📦 Extracting $icon_type icons..."
# Create temporary directory for extraction
TEMP_EXTRACT=$(mktemp -d)
trap "rm -rf $TEMP_EXTRACT" EXIT
# Extract ZIP file to temporary directory
if ! unzip -q -o "$zip_file" -d "$TEMP_EXTRACT" 2>/dev/null; then
echo " ⚠️ Warning: Failed to extract $icon_type icons from $zip_file"
rm -rf "$TEMP_EXTRACT"
rm -f "$zip_file"
return 1
fi
# Find and copy icon files (handle nested directory structure)
# Azure icon ZIPs often have nested directories like "Azure_Public_Service_Icons/svg/..."
# Use a temporary file list to avoid process substitution issues
local temp_file_list=$(mktemp)
find "$TEMP_EXTRACT" -type f -name "$file_pattern" 2>/dev/null > "$temp_file_list" || true
local copied=0
while IFS= read -r file || [ -n "$file" ]; do
if [ -f "$file" ] && [ -n "$file" ]; then
# Get just the filename
filename=$(basename "$file")
# Copy to target directory (skip if already exists to avoid overwriting)
if [ ! -f "$target_dir/$filename" ]; then
if cp "$file" "$target_dir/$filename" 2>/dev/null; then
copied=$((copied + 1))
fi
fi
fi
done < "$temp_file_list"
rm -f "$temp_file_list"
# Count actual files in target directory
local final_count=$(find "$target_dir" -maxdepth 1 -name "$file_pattern" -type f 2>/dev/null | wc -l | tr -d ' ')
if [ "$final_count" -gt 0 ]; then
echo " ✅ Extracted $final_count $icon_type icons"
else
echo " ⚠️ Warning: No $icon_type icons found in $zip_file"
echo " 💡 Tip: The ZIP file may have a different structure. Please check manually."
echo " 💡 You can manually extract the ZIP file and copy icons to: $target_dir"
echo " 💡 Official download page: https://docs.microsoft.com/azure/architecture/icons/"
fi
# Cleanup
rm -rf "$TEMP_EXTRACT"
rm -f "$zip_file"
return 0
}
# Download SVG icons
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Downloading SVG Icons"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
TEMP_ZIP="${AZURE_ICONS_DIR}/azure-icons-svg.zip"
if download_file "$AZURE_ICONS_SVG_URL" "$TEMP_ZIP"; then
extract_icons "$TEMP_ZIP" "${AZURE_ICONS_DIR}/svg" "*.svg" "SVG"
else
echo " ❌ Failed to download SVG icons from primary source"
echo " 💡 Alternative: Manually download from $AZURE_ICONS_DOWNLOAD_PAGE"
echo " 💡 Or try: $AZURE_ICONS_ALTERNATIVE"
fi
# Download PNG icons
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Downloading PNG Icons"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
TEMP_ZIP="${AZURE_ICONS_DIR}/azure-icons-png.zip"
if download_file "$AZURE_ICONS_PNG_URL" "$TEMP_ZIP"; then
extract_icons "$TEMP_ZIP" "${AZURE_ICONS_DIR}/png" "*.png" "PNG"
else
echo " ❌ Failed to download PNG icons from primary source"
echo " 💡 Alternative: Manually download from $AZURE_ICONS_DOWNLOAD_PAGE"
echo " 💡 Or try: $AZURE_ICONS_ALTERNATIVE"
fi
# Create download info
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Creating Metadata"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
SVG_COUNT=$(find "${AZURE_ICONS_DIR}/svg" -maxdepth 1 -name "*.svg" -type f 2>/dev/null | wc -l)
PNG_COUNT=$(find "${AZURE_ICONS_DIR}/png" -maxdepth 1 -name "*.png" -type f 2>/dev/null | wc -l)
cat > "${AZURE_ICONS_DIR}/metadata/download-info.json" << EOF
{
"download_date": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")",
"svg_url": "$AZURE_ICONS_SVG_URL",
"png_url": "$AZURE_ICONS_PNG_URL",
"alternative_url": "$AZURE_ICONS_ALTERNATIVE",
"version": "V17",
"source": "Microsoft Azure Architecture Center",
"license": "Microsoft",
"usage_guidelines": "https://docs.microsoft.com/azure/architecture/icons/",
"download_page": "$AZURE_ICONS_DOWNLOAD_PAGE",
"svg_count": $SVG_COUNT,
"png_count": $PNG_COUNT
}
EOF
echo " ✅ Metadata created"
# Summary
echo "═══════════════════════════════════════════════════════════"
echo "✅ Azure Architecture Icons Download Complete!"
echo "═══════════════════════════════════════════════════════════"
echo "📁 Icon Locations:"
echo " SVG: ${AZURE_ICONS_DIR}/svg/"
echo " PNG: ${AZURE_ICONS_DIR}/png/"
echo " Metadata: ${AZURE_ICONS_DIR}/metadata/"
echo "📊 Icon Counts:"
echo " SVG icons: $SVG_COUNT"
echo " PNG icons: $PNG_COUNT"
echo "📖 Next Steps:"
echo " 1. Review icons in ${AZURE_ICONS_DIR}/"
echo " 2. Use icons in architecture diagrams"
echo " 3. See ${AZURE_ICONS_DIR}/metadata/icon-catalog.md for catalog"
echo " 4. See ${ASSETS_DIR}/README.md for usage instructions"
echo "🔗 For manual download, visit:"
echo " $AZURE_ICONS_DOWNLOAD_PAGE"

41
scripts/assets/setup-assets.sh Executable file
View File

@@ -0,0 +1,41 @@
#!/usr/bin/env bash
set -e
# Setup Assets Directory
# This script sets up the assets directory structure and downloads Azure icons
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
ASSETS_DIR="${PROJECT_ROOT}/assets"
echo "Setting up assets directory structure..."
# Create directory structure
mkdir -p "${ASSETS_DIR}/azure-icons/svg"
mkdir -p "${ASSETS_DIR}/azure-icons/png"
mkdir -p "${ASSETS_DIR}/azure-icons/metadata"
mkdir -p "${ASSETS_DIR}/diagrams/architecture"
mkdir -p "${ASSETS_DIR}/diagrams/network"
mkdir -p "${ASSETS_DIR}/diagrams/deployment"
mkdir -p "${ASSETS_DIR}/diagrams/templates"
mkdir -p "${ASSETS_DIR}/logos"
mkdir -p "${ASSETS_DIR}/screenshots"
echo "✅ Assets directory structure created"
# Create .gitkeep files to ensure directories are tracked
touch "${ASSETS_DIR}/azure-icons/svg/.gitkeep"
touch "${ASSETS_DIR}/azure-icons/png/.gitkeep"
touch "${ASSETS_DIR}/diagrams/architecture/.gitkeep"
touch "${ASSETS_DIR}/diagrams/network/.gitkeep"
touch "${ASSETS_DIR}/diagrams/deployment/.gitkeep"
touch "${ASSETS_DIR}/logos/.gitkeep"
touch "${ASSETS_DIR}/screenshots/.gitkeep"
echo "✅ Directory structure setup complete"
echo "To download Azure icons, run:"
echo " ./scripts/assets/download-azure-icons.sh"
echo "Assets directory: ${ASSETS_DIR}"

40
scripts/automation/add-error-handling.sh Executable file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/env bash
# Add error handling to scripts missing it
# Adds set -euo pipefail to scripts that don't have it
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
count=0
while IFS= read -r -d '' file; do
# Skip if already has error handling
if head -5 "$file" | grep -q "set -"; then
continue
fi
# Skip library files (they may intentionally not have error handling)
if [[ "$file" =~ /lib/ ]]; then
continue
fi
# Find line after shebang
line_num=2
if head -1 "$file" | grep -q "^#!"; then
# Check if line 2 is empty or a comment
if sed -n '2p' "$file" | grep -qE '^[[:space:]]*$|^[[:space:]]*#'; then
# Find first non-empty, non-comment line
line_num=$(awk '/^[^#[:space:]]/ {print NR; exit}' "$file")
fi
fi
# Insert error handling
sed -i "${line_num}i set -euo pipefail" "$file"
((count++)) || true
done < <(find scripts -name "*.sh" -type f -print0)
echo "✅ Added error handling to $count scripts"

101
scripts/automation/adopt-lib-top.sh Executable file
View File

@@ -0,0 +1,101 @@
#!/usr/bin/env bash
# Adopt common library in top-N legacy scripts (no lib sourcing yet)
# Safe: inserts only a single line after first SCRIPT_DIR=...BASH_SOURCE occurrence.
# Verifies syntax, reverts on failure. Writes report to docs/SCRIPTS_ADOPTION_PLAN.md
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "/home/intlc/projects/smom-dbis-138/scripts/lib/init.sh"
ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
REPORT="$ROOT_DIR/docs/SCRIPTS_ADOPTION_PLAN.md"
LIMIT=30
APPLY=1
while [[ $# -gt 0 ]]; do
case "$1" in
--limit) LIMIT="$2"; shift 2;;
--dry-run) APPLY=0; shift;;
*) echo "Unknown arg: $1"; exit 1;;
esac
done
mkdir -p "$ROOT_DIR/docs"
tmp_list=$(mktemp)
{
cd "$ROOT_DIR"
while IFS= read -r -d '' f; do
# skip if already sourcing lib
if grep -q 'source "\$SCRIPT_DIR/\../lib/init\.sh"' "$f" 2>/dev/null; then
continue
fi
# require a SCRIPT_DIR with BASH_SOURCE
if grep -q 'BASH_SOURCE\[0\]' "$f" && grep -q '^SCRIPT_DIR=' "$f"; then
printf "%s\t%s\n" "$(wc -l < "$f")" "$f"
fi
done < <(find scripts -type f -name '*.sh' ! -path '*/lib/*' -print0)
} | sort -rn | head -n "$LIMIT" | cut -f2- > "$tmp_list"
mapfile -t CANDIDATES < "$tmp_list"
rm -f "$tmp_list"
changed=()
skipped=()
{
echo "# Scripts Adoption Plan"
echo
echo "Generated: $(date -Iseconds)"
echo
echo "Targeting top $LIMIT legacy scripts (no lib sourcing) to insert: \`source \"$SCRIPT_DIR/../lib/init.sh\"\` after the first \`SCRIPT_DIR=...BASH_SOURCE\` line."
echo
for f in "${CANDIDATES[@]}"; do
rel="${f#$ROOT_DIR/}"
echo "- [ ] $rel"
done
} > "$REPORT"
for f in "${CANDIDATES[@]}"; do
[ -e "$f" ] || continue
if [ "$APPLY" = "0" ]; then continue; fi
# backup
tmp="$(mktemp)"; cp "$f" "$tmp"
# inject after first SCRIPT_DIR line
awk -v root="$ROOT_DIR" 'BEGIN{ins=0} {
print
if (ins==0 && $0 ~ /^SCRIPT_DIR=/ && $0 ~ /BASH_SOURCE\[0\]/) {
print "source \"" root "/scripts/lib/init.sh\""
ins=1
}
}' "$f" > "$f.__new__"
mv "$f.__new__" "$f"
if ! bash -n "$f"; then
# revert
cp "$tmp" "$f"
rm -f "$tmp"
skipped+=("$f (syntax failed)")
continue
fi
rm -f "$tmp"
changed+=("$f")
done
# Append results
{
echo
echo "## Results"
echo
if [ ${#changed[@]} -gt 0 ]; then
echo "### Adopted (inserted lib/init):"
for c in "${changed[@]}"; do echo "- [x] ${c#$ROOT_DIR/}"; done
else
echo "No files changed."
fi
if [ ${#skipped[@]} -gt 0 ]; then
echo "\n### Skipped (manual review needed):"
for s in "${skipped[@]}"; do echo "- $s"; done
fi
} >> "$REPORT"
echo "Adoption pass complete. Report: $REPORT"

49
scripts/automation/cleanup-color-vars.sh Executable file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/env bash
# Remove color variable definitions from scripts that already source lib/init.sh
# Only removes if no ${RED|GREEN|YELLOW|BLUE|CYAN|NC} usages remain.
# Writes a report to docs/COLOR_VARS_CLEANUP.md
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}" )" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
REPORT="$ROOT_DIR/docs/COLOR_VARS_CLEANUP.md"
mkdir -p "$ROOT_DIR/docs"
mapfile -t FILES < <(cd "$ROOT_DIR" && grep -rl --include='*.sh' 'source "$SCRIPT_DIR/../lib/init.sh"' scripts | sort)
changed=()
skipped=()
{
echo "# Color Variables Cleanup"
echo
echo "Generated: $(date -Iseconds)"
echo
for f in "${FILES[@]}"; do
# skip if any color variable is still referenced
if grep -qE '\$\{(RED|GREEN|YELLOW|BLUE|CYAN|NC)\}' "$f"; then
echo "- [ ] $(realpath --relative-to="$ROOT_DIR" "$f") (has color refs, skipped)" || true
continue
fi
# remove color var definitions and 'Colors for output' comment lines
tmp="$(mktemp)"; cp "$f" "$tmp"
sed -E '/^[[:space:]]*#\s*Colors( for output)?/d' "$f" | \
sed -E '/^[[:space:]]*(RED|GREEN|YELLOW|BLUE|CYAN|NC)=.*/d' > "$f.__new__"
mv "$f.__new__" "$f"
if ! bash -n "$f"; then
# revert if syntax fails
cp "$tmp" "$f"; rm -f "$tmp"
echo "- [ ] $(realpath --relative-to="$ROOT_DIR" "$f") (reverted due to syntax error)" || true
continue
fi
rm -f "$tmp"
changed+=("$f")
echo "- [x] $(realpath --relative-to="$ROOT_DIR" "$f") (color vars removed)" || true
done
echo
echo "## Summary"
echo "- Cleaned: ${#changed[@]} files"
echo "- Skipped: ${#skipped[@]} files"
} > "$REPORT"
echo "Cleanup complete. Report: $REPORT"

71
scripts/automation/cleanup-manual-az.sh Executable file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/env bash
# Remove legacy Azure CLI checks from scripts that already source lib/init.sh and call ensure_azure_cli
# Patterns removed (if present):
# - if ! command -v az ... fi
# - az account show ... || { ... }
# Creates report at docs/AZ_CHECKS_CLEANUP.md
to_restore=()
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "$0")/../.." && pwd)"
REPORT="$ROOT_DIR/docs/AZ_CHECKS_CLEANUP.md"
mkdir -p "$ROOT_DIR/docs"
mapfile -t FILES < <(grep -rl --include='*.sh' 'source "$SCRIPT_DIR/../lib/init.sh"' "$ROOT_DIR/scripts" | xargs -I{} sh -c 'f="$1"; if grep -q "ensure_azure_cli" "$f" && (grep -Eq "^\s*if\s*!\s*command -v\s+az" "$f" || grep -Eq "az\s+account\s+show.*\|\|\s*\{" "$f"); then echo "$f"; fi' sh {})
{
echo "# Azure CLI Checks Cleanup Report"
echo
echo "Generated: $(date -Iseconds)"
echo
if [ ${#FILES[@]} -eq 0 ]; then
echo "No candidates found (all library-enabled scripts rely on ensure_azure_cli)."
else
echo "Will clean ${#FILES[@]} files:"
for f in "${FILES[@]}"; do echo "- ${f#$ROOT_DIR/}"; done
fi
} > "$REPORT"
for f in "${FILES[@]:-}"; do
[ -n "$f" ] || continue
bak="${f}.azbak.$$"; cp "$f" "$bak"; to_restore+=("$bak")
# Remove 'if ! command -v az ... fi' blocks
awk '
BEGIN{skip=0}
{
if (skip==0 && $0 ~ /^[[:space:]]*if[[:space:]]*![[:space:]]*command[[:space:]]*-?v[[:space:]]+az[[:space:]]*/){
skip=1; next
}
if (skip==1){
if ($0 ~ /^[[:space:]]*fi[[:space:]]*$/){ skip=0; next }
next
}
print
}
' "$f" > "$f.__tmp1__" && mv "$f.__tmp1__" "$f"
# Remove single-line az account show guard blocks: az account show ... || { ... }
# This is simplistic and removes lines containing 'az account show' up to matching '}' on same or subsequent lines.
awk '
BEGIN{skip=0; depth=0}
{
if (skip==0 && $0 ~ /az[[:space:]]+account[[:space:]]+show/ && $0 ~ /\|\|[[:space:]]*\{/){
skip=1; depth=1; next
}
if (skip==1){
# track braces
if ($0 ~ /\{/){ depth++ }
if ($0 ~ /\}/){ depth-- }
if (depth<=0){ skip=0; next }
next
}
print
}
' "$f" > "$f.__tmp2__" && mv "$f.__tmp2__" "$f"
if ! bash -n "$f"; then
mv "$bak" "$f" # restore
else
rm -f "$bak"
fi
done
echo "Cleanup complete. See $REPORT"

117
scripts/automation/create-deployment-checklist.sh Executable file
View File

@@ -0,0 +1,117 @@
#!/usr/bin/env bash
# Create deployment checklist based on current status
set -e
cd "$(dirname "$0")/../.."
echo "=== Creating Deployment Checklist ==="
cat > docs/DEPLOYMENT_CHECKLIST.md << 'EOF'
# Deployment Checklist
## Prerequisites
### Wallet Funding
- [ ] Mainnet ETH: Minimum 0.025 ETH (Current: Check with ./scripts/deployment/check-mainnet-balances.sh)
- [ ] Chain-138 native tokens: Minimum 1 ETH (Current: Check with ./scripts/deployment/check-wallet-balances.sh)
- [ ] LINK tokens: Recommended 10 LINK for CCIP fees
### Infrastructure
- [ ] Chain-138 RPC endpoint accessible
- [ ] Chain-138 CCIP Router address identified
- [ ] Chain-138 chain selector verified (0x000000000000008a)
### Contracts
- [ ] All contracts compiled successfully
- [ ] All tests passing
- [ ] Contract addresses documented
## Deployment Steps
### Phase 1: Mainnet Deployment
1. [ ] Deploy CCIPLogger to Ethereum Mainnet
- Command: `npx hardhat run scripts/ccip-deployment/deploy-ccip-logger.js --network mainnet`
- Verify: Check Etherscan
- Update: Add address to .env
2. [ ] Verify CCIPLogger deployment
- Check contract code on Etherscan
- Test contract functions
- Document address
### Phase 2: Chain-138 Infrastructure
1. [ ] Verify Chain-138 RPC endpoint
- Test: `./scripts/deployment/check-rpc-status.sh`
- Ensure connectivity
2. [ ] Identify CCIP Router address
- Check Chainlink CCIP Directory
- Verify router deployment
- Update .env
### Phase 3: Chain-138 Bridge Deployment
1. [ ] Deploy CCIPWETH9Bridge
- Command: `./scripts/deployment/deploy-bridges-chain138.sh`
- Verify on-chain
- Update .env
2. [ ] Deploy CCIPWETH10Bridge
- Verify on-chain
- Update .env
### Phase 4: Bridge Configuration
1. [ ] Configure WETH9 bridge destinations
- Add Chain-138 destination to Mainnet bridge
- Add Mainnet destination to Chain-138 bridge
- Enable destinations
2. [ ] Configure WETH10 bridge destinations
- Add Chain-138 destination to Mainnet bridge
- Add Mainnet destination to Chain-138 bridge
- Enable destinations
3. [ ] Verify bridge configuration
- Test destination queries
- Document configuration
### Phase 5: Testing
1. [ ] Pre-testing setup
- Fund test wallet
- Fund bridges with LINK
- Verify CCIP Router connectivity
2. [ ] Test WETH9 cross-chain transfers
- Mainnet → Chain-138
- Chain-138 → Mainnet
3. [ ] Test WETH10 cross-chain transfers
- Mainnet → Chain-138
- Chain-138 → Mainnet
4. [ ] Edge case testing
- Minimum/maximum amounts
- Failed transfers
- Replay protection
## Post-Deployment
### Monitoring
- [ ] Set up Etherscan alerts
- [ ] Set up event monitoring
- [ ] Set up balance monitoring
- [ ] Set up CCIP message tracking
### Documentation
- [ ] Update deployment addresses
- [ ] Document configuration
- [ ] Create operational runbooks
## Notes
- All deployment scripts are in `scripts/deployment/`
- Use `./scripts/automation/prepare-deployment.sh` to check prerequisites
- Use `./scripts/deployment/check-mainnet-deployment-status.sh` to verify deployments
EOF
echo "✅ Deployment checklist created at docs/DEPLOYMENT_CHECKLIST.md"

48
scripts/automation/fix-hardhat-deps.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/usr/bin/env bash
# Fix Hardhat dependency resolution
set -e
cd "$(dirname "$0")/../.."
echo "=== Fixing Hardhat Dependencies ==="
# Check if package.json exists
if [ ! -f "package.json" ]; then
echo "❌ package.json not found"
exit 1
fi
# Install OpenZeppelin v5.0.2
echo "Installing @openzeppelin/contracts@5.0.2..."
npm install @openzeppelin/contracts@5.0.2 --save-dev
# Install Chainlink CCIP contracts
echo "Installing @chainlink/contracts-ccip..."
npm install @chainlink/contracts-ccip --save-dev
# Clean Hardhat cache
echo "Cleaning Hardhat cache..."
npx hardhat clean || true
# Try to compile
echo "Attempting to compile..."
if npx hardhat compile 2>&1 | grep -q "Error"; then
echo "⚠️ Compilation errors detected, trying alternative approach..."
# Try with --force
npm install --legacy-peer-deps --force
# Try compiling again
npx hardhat clean
npx hardhat compile || {
echo "❌ Compilation still failing"
echo "Trying yarn as alternative..."
if command -v yarn &> /dev/null; then
yarn install
yarn hardhat compile || echo "❌ Yarn compilation also failed"
fi
}
fi
echo "✅ Dependency fix complete"

39
scripts/automation/fix-script-errors.sh Executable file
View File

@@ -0,0 +1,39 @@
#!/usr/bin/env bash
# Fix identified script syntax errors
set -e
cd "$(dirname "$0")/../.."
echo "=== Fixing Script Syntax Errors ==="
# Fix 1: check-mainnet-deployment-status.sh line 61
echo "Fixing check-mainnet-deployment-status.sh..."
if grep -q 'echo " (depends on: $deps)"' scripts/deployment/check-mainnet-deployment-status.sh; then
# The issue is with the parentheses in the echo - need to escape or quote properly
sed -i '61s/.*/ echo " (depends on: '"'"'$deps'"'"')"/' scripts/deployment/check-mainnet-deployment-status.sh
echo "✅ Fixed check-mainnet-deployment-status.sh"
fi
# Fix 2: deploy-all.sh line 282
echo "Checking deploy-all.sh..."
if bash -n scripts/deployment/deploy-all.sh 2>&1 | grep -q "line 282"; then
# Read around line 282 to understand the issue
sed -n '278,285p' scripts/deployment/deploy-all.sh
echo "⚠️ Manual review needed for deploy-all.sh:282"
fi
# Fix 3: validate-deployment-config.sh line 339
echo "Checking validate-deployment-config.sh..."
if bash -n scripts/deployment/validate-deployment-config.sh 2>&1 | grep -q "line 339"; then
# Read around line 339 to understand the issue
sed -n '335,342p' scripts/deployment/validate-deployment-config.sh
echo "⚠️ Manual review needed for validate-deployment-config.sh:339"
fi
# Validate all fixes
echo ""
echo "Validating all scripts..."
./scripts/automation/validate-all-scripts.sh
echo "✅ Script error fixes complete"

47
scripts/automation/generate-commands-index.sh Executable file
View File

@@ -0,0 +1,47 @@
#!/usr/bin/env bash
# Generate a command registry index at docs/COMMANDS_INDEX.md
# Scans scripts/ for *.sh and extracts: name, path, category, purpose, help support, dry-run support
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
OUT="$ROOT_DIR/docs/COMMANDS_INDEX.md"
mkdir -p "$ROOT_DIR/docs"
mapfile -t FILES < <(cd "$ROOT_DIR" && find scripts -type f -name '*.sh' | sort)
echo "# Commands Index" > "$OUT"
echo "" >> "$OUT"
echo "Generated: $(date -Iseconds)" >> "$OUT"
echo "" >> "$OUT"
echo "| Script | Category | Path | Help | Dry-run | Purpose |" >> "$OUT"
echo "|--------|----------|------|------|---------|---------|" >> "$OUT"
for f in "${FILES[@]}"; do
rel="${f#$ROOT_DIR/}"
name="$(basename "$f")"
category="$(echo "$rel" | cut -d/ -f2)"
# purpose: prefer SCRIPT_DESC, else first comment line
purpose=""
if grep -qE '^SCRIPT_DESC="' "$f"; then
purpose=$(grep -E '^SCRIPT_DESC="' "$f" | head -n1 | sed 's/^SCRIPT_DESC="\(.*\)"$/\1/' | tr '|' ' ')
else
# first non-empty comment line, excluding shebang
purpose=$(grep -E '^#\s*.+$' "$f" | grep -v '^#!' | head -n1 | sed 's/^#\s*//' | tr '|' ' ')
fi
purpose=${purpose:-""}
# help support: handle_help presence or --help in usage/help blocks
help="No"
if grep -q 'handle_help' "$f" || grep -q -- '--help' "$f"; then
help="Yes"
fi
# dry-run support: presence of DRY_RUN variable or run()/net_call wrappers
dry="No"
if grep -q 'DRY_RUN' "$f" || grep -qE '\brun\s*\(' "$f" || grep -qE '\bnet_call\s*\(' "$f"; then
dry="Yes"
fi
printf "| %s | %s | \`%s\` | %s | %s | %s |\n" "$name" "$category" "$rel" "$help" "$dry" "${purpose}" >> "$OUT"
done
echo "Wrote $OUT"

91
scripts/automation/generate-docs-index.sh Executable file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/env bash
# Generate docs indices for scripts and tags
# Inputs: docs/COMMANDS_INDEX.md and docs/scripts/*.md
# Outputs:
# - docs/SCRIPTS_INDEX.md (by category)
# - docs/tags/* (help-yes, dryrun-yes, category-<name>)
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
CMD_IDX="$ROOT_DIR/docs/COMMANDS_INDEX.md"
OUT_MAIN="$ROOT_DIR/docs/SCRIPTS_INDEX.md"
TAGS_DIR="$ROOT_DIR/docs/tags"
mkdir -p "$TAGS_DIR"
if [ ! -f "$CMD_IDX" ]; then
echo "Missing $CMD_IDX; run generate-commands-index.sh first" >&2
exit 1
fi
# Read table rows (skip header lines starting with '|--------')
mapfile -t ROWS < <(grep '^|' "$CMD_IDX" | grep -v '^|\-' | grep -v '^| Script |')
# Initialize structures
declare -A by_category
declare -A tag_help
declare -A tag_dry
for row in "${ROWS[@]}"; do
# Split columns: | Script | Category | Path | Help | Dry-run | Purpose |
# Use awk to safely split by | and trim
cols=$(echo "$row" | awk -F'\|' '{for(i=2;i<=NF-1;i++){gsub(/^ +| +$/,"",$i); printf("%s\t", $i)} print ""}')
script=$(echo "$cols" | awk -F'\t' '{print $1}')
category=$(echo "$cols" | awk -F'\t' '{print $2}')
path=$(echo "$cols" | awk -F'\t' '{print $3}')
help=$(echo "$cols" | awk -F'\t' '{print $4}')
dry=$(echo "$cols" | awk -F'\t' '{print $5}')
purpose=$(echo "$cols" | awk -F'\t' '{print $6}')
key="$category"
by_category["$key"]+="| $script | \`$path\` | $help | $dry | $purpose |\n"
if [ "$help" = "Yes" ]; then
tag_help["help-yes"]+="| $script | $category | \`$path\` | $purpose |\n"
fi
if [ "$dry" = "Yes" ]; then
tag_dry["dryrun-yes"]+="| $script | $category | \`$path\` | $purpose |\n"
fi
done
# Write main index
{
echo "# Scripts Index"
echo
echo "Generated: $(date -Iseconds)"
echo
for cat in $(printf '%s\n' "${!by_category[@]}" | sort); do
echo "## $cat"
echo
echo "| Script | Path | Help | Dry-run | Purpose |"
echo "|--------|------|------|---------|---------|"
printf "%b" "${by_category[$cat]}"
echo
done
} > "$OUT_MAIN"
# Write tag pages
write_tag_page(){
local tagname="$1"; shift
local content="$1"
local out="$TAGS_DIR/${tagname}.md"
{
echo "# Tag: $tagname"
echo
echo "Generated: $(date -Iseconds)"
echo
echo "| Script | Category | Path | Purpose |"
echo "|--------|----------|------|---------|"
printf "%b" "$content"
} > "$out"
}
if [ -n "${tag_help[help-yes]:-}" ]; then
write_tag_page "help-yes" "${tag_help[help-yes]}"
fi
if [ -n "${tag_dry[dryrun-yes]:-}" ]; then
write_tag_page "dryrun-yes" "${tag_dry[dryrun-yes]}"
fi
echo "Wrote $OUT_MAIN and tags in $TAGS_DIR"

96
scripts/automation/generate-script-docs.sh Executable file
View File

@@ -0,0 +1,96 @@
#!/usr/bin/env bash
# Generate documentation for all scripts
# Extracts usage information from script headers
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
cd "$PROJECT_ROOT"
DOCS_DIR="$PROJECT_ROOT/docs/scripts"
mkdir -p "$DOCS_DIR"
log_section "Generating Script Documentation"
# Create index file
INDEX_FILE="$DOCS_DIR/INDEX.md"
cat > "$INDEX_FILE" <<'EOF'
# Script Documentation Index
This directory contains auto-generated documentation for all scripts in the project.
## Scripts by Category
EOF
# Process each script
process_script() {
local script="$1"
local rel_path="${script#$PROJECT_ROOT/}"
local script_name=$(basename "$script")
local script_dir=$(dirname "$rel_path")
# Create directory structure in docs
local doc_dir="$DOCS_DIR/$script_dir"
mkdir -p "$doc_dir"
local doc_file="$doc_dir/${script_name}.md"
# Extract header information
local description=""
local usage=""
local options=""
local examples=""
# Read script and extract header
local in_header=false
local header_lines=()
while IFS= read -r line; do
if [[ "$line" =~ ^#.*Script\ Name: ]]; then
in_header=true
fi
if [ "$in_header" = true ]; then
header_lines+=("$line")
if [[ "$line" =~ ^[^#] ]] && [ -n "$line" ]; then
break
fi
fi
done < "$script"
# Generate documentation
cat > "$doc_file" <<EOF
# $script_name
**Path**: \`$rel_path\`
$(printf '%s\n' "${header_lines[@]}" | sed 's/^# //' | sed 's/^#//')
## Source Code
\`\`\`bash
$(head -50 "$script")
\`\`\`
EOF
echo "- [$script_name]($script_dir/${script_name}.md)" >> "$INDEX_FILE"
}
# Find and process all scripts
log_info "Processing scripts..."
count=0
while IFS= read -r -d '' script; do
process_script "$script"
((count++)) || true
done < <(find scripts -name "*.sh" -type f -print0)
log_success "Generated documentation for $count scripts"
log_info "Documentation available in: $DOCS_DIR"

137
scripts/automation/generate-scripts-incubator.sh Executable file
View File

@@ -0,0 +1,137 @@
#!/usr/bin/env bash
# Generate scripts inventory and command index (local-only)
# Outputs:
# - docs/SCRIPTS_INVENTORY.md
# - docs/COMMANDS_INDEX.md
set -euo pipefail
set +e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}" )" && pwd)"
source "/home/intlc/projects/smom-dbis-138/scripts/lib/init.sh"
ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$ROOT_DIR/scripts/lib/init.sh"
set -e
QUIET=0
LIMIT=30
while [[ $# -gt 0 ]]; do
case "$1" in
--quiet) QUIET=1; shift ;;
--limit) LIMIT="$2"; shift 2 ;;
*) echo "Unknown arg: $1"; exit 1 ;;
esac
done
DOC_INV="$ROOT_DIR/docs/SCRIPTS_INVENTORY.md"
DOC_CMD="$ROOT_DIR/docs/COMMANDS_INDEX.md"
mkdir -p "$ROOT_DIR/docs"
emit() { if [ $QUIET -eq 0 ]; then echo -e "$@"; fi }
ensure_azure_cli || true
# Collect scripts list (exclude lib)
mapfile -t ALL_SCRIPTS < <(cd "$ROOT_DIR" && find scripts -type f -name '*.sh' ! -path '*/lib/*' | sort)
total_count=${#ALL_SCRIPTS[@]}
emit "Found $total_count shell scripts (excluding scripts/lib)."
# Build per-file metrics
tmp_metrics=$(mktemp)
{
printf "path\tlines\tsubdir\thas_lib\thas_color_vars\thas_manual_az\tcalls\n"
for f in "${ALL_SCRIPTS[@]}"; do
lines=$(wc -l < "$f" | tr -d ' ')
rel=${f#"$ROOT_DIR/"}
subdir=$(echo "$rel" | awk -F'/' '{print ($2? $2 : "root")}')
if grep -qE '^SCRIPT_DIR=.*BASH_SOURCE' "$f" && grep -q 'source\s\+"\$SCRIPT_DIR/\.\./lib/init\.sh"' "$f"; then
has_lib=1
else
has_lib=0
fi
if grep -qE '^[[:space:]]*(RED|GREEN|YELLOW|BLUE|CYAN|NC)=' "$f"; then
color=1
else
color=0
fi
if grep -qE '(^|[[:space:]])(command -v[[:space:]]+az|az[[:space:]]+account[[:space:]]+(show|set))' "$f"; then
manaz=1
else
manaz=0
fi
calls=$(grep -hoE 'scripts/[A-Za-z0-9_./-]+\.sh' "$f" | sort -u | tr '\n' ' ' || true)
printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\n" "$rel" "$lines" "$subdir" "$has_lib" "$color" "$manaz" "$calls"
done
} > "$tmp_metrics"
# Generate SCRIPTS_INVENTORY.md
{
echo "# Scripts Inventory"
echo
echo "Generated: $(date -Iseconds)"
echo
echo "Total scripts (excluding scripts/lib): $total_count"
echo
echo "## By directory"
echo
awk -F"\t" 'NR>1{c[$3]++} END{for(k in c){printf "- %s: %d\n", k, c[k]} }' "$tmp_metrics"
echo
echo "## Top ${LIMIT} scripts by line count"
echo
echo "| # | Script | Lines | Uses lib | Color vars | Manual az checks |"
echo "|---:|:------|------:|:--------:|:----------:|:----------------:|"
awk -F"\t" 'NR>1{print $0}' "$tmp_metrics" | sort -t$'\t' -k2,2nr | head -n "$LIMIT" |
nl -w2 -s' | ' |
awk -F"\t" '{printf "%s | `%s` | %s | %s | %s | %s |\n", $1, $2, $3, ($4?"yes":"no"), ($5?"yes":"no"), ($6?"yes":"no")}'
echo
echo "## Library adoption status"
echo
total=$(awk 'END{print NR-1}' "$tmp_metrics")
with=$(awk -F"\t" 'NR>1&&$4==1{c++} END{print c+0}' "$tmp_metrics")
echo "- With lib/init.sh: $with / $total"
echo "- Without lib/init.sh: "$((total-with))
echo
echo "## Script call graph (edges)"
echo
echo "Format: caller -> callee"
awk -F"\t" 'NR>1 && $7!=""{ split($7,a," "); for(i in a){print "- " $1 " -> " a[i]} }' "$tmp_metrics"
} > "$DOC_INV"
# Generate COMMANDS_INDEX.md from Makefile
{
echo "# Commands Index (Makefile → Script Map)"
echo
echo "Generated: $(date -Iseconds)"
echo
echo "| Target | Script |"
echo "|:------ |:-------|"
awk '
BEGIN{t=""}
/^[A-Za-z0-9_.-]:/ { next }
/^[A-Za-z0-9_.-]+:/ { split($0,a,":"); t=a[1]; next }
/^[\t]/ {
if ($0 ~ /scripts\/.*\.sh/) {
match($0, /scripts\/[A-Za-z0-9_\/.+-]+\.sh([^ ]*)?/, m);
if (m[0] != "") { gsub(/^\t+/,"",$0); printf "| %s | \`%s\` |\n", t, m[0]; }
}
}
' "$ROOT_DIR/epakefile" 2>/dev/null || true
awk '
BEGIN{t=""}
/^[A-Za-z0-9_.-]+:/ { split($0,a,":"); t=a[1]; next }
/^[\t]/ {
if ($0 ~ /scripts\/.*\.sh/) {
match($0, /scripts\/[A-Za-z0-9_\/.+-]+\.sh([^ ]*)?/, m);
if (m[0] != "") { gsub(/^\t+/,"",$0); printf "| %s | \`%s\` |\n", t, m[0]; }
}
}
' "$ROOT_DIR/Makefile"
} > "$DOC_CMD"
emit "Wrote: $DOC_INV"
emit "Wrote: $DOC_CMD"
rm -f "$tmp_metrics"
exit 0

133
scripts/automation/generate-scripts-inventory.sh Executable file
View File

@@ -0,0 +1,133 @@
#!/usr/bin/env bash
# Generate scripts inventory and command index (local-only)
# Outputs:
# - docs/SCRIPTS_INVENTORY.md
# - docs/COMMANDS_INDEX.md
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}" )" && pwd)"
source "/home/intlc/projects/smom-dbis-138/scripts/lib/init.sh"
ROOT_DIR="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$ROOT_DIR/scripts/lib/init.sh"
QUIET=0
LIMIT=30
while [[ $# -gt 0 ]]; do
case "$1" in
--quiet) QUIET=1; shift ;;
--limit) LIMIT="$2"; shift 2 ;;
*) echo "Unknown arg: $1"; exit 1 ;;
esac
done
DOC_INV="$ROOT_DIR/docs/SCRIPTS_INVENTORY.md"
DOC_CMD="$ROOT_DIR/docs/COMMANDS_INDEX.md"
emit() { if [ $QUIET -eq 0 ]; then echo -e "$@"; fi }
ensure_azure_cli || true
# Collect scripts list (exclude lib)
mapfile -t ALL_SCRIPTS < <(cd "$ROOT_DIR" && find scripts -type f -name '*.sh' ! -path '*/lib/*' | sort)
total_count=${#ALL_Scripts[@]:-${#ALL_SCRIPTS[@]}}
emit "Found $total_count shell scripts (excluding scripts/lib)."
# Build per-file metrics
tmp_metrics=$(mktemp)
{
printf "path\tlines\tsubdir\thas_lib\thas_color_vars\thas_manual_az\tcalls\n"
for f in "${ALL_SCRIPTS[@]}"; do
lines=$(wc -l < "$f" | tr -d ' ')
rel=${f#"$ROOT_DIR/"}
subdir=$(echo "$rel" | awk -F'/' '{print ($2? $2 : "root")}')
if grep -qE '^SCRIPT_DIR=.*BASH_SOURCE' "$f" && grep -q 'source\s\+"\$SCRIPT_DIR/\.\./lib/init\.sh"' "$f"; then
has_lib=1
else
has_lib=0
fi
if grep -qE '^[[:space:]]*(RED|GREEN|YELLOW|BLUE|CYAN|NC)=' "$f"; then
color=1
else
color=0
fi
if grep -qE '(^|[[:space:]])(command -v[[:space:]]+az|az[[:space:]]+account[[:space:]]+(show|set))' "$f"; then
manaz=1
else
manaz=0
fi
calls=$(grep -hoE 'scripts/[A-Za-z0-9_./-]+\.sh' "$f" | sort -u | tr '\n' ' ' || true)
printf "%s\t%s\t%s\t%s\t%s\t%s\t%s\n" "$rel" "$lines" "$subdir" "$has_lib" "$color" "$manaz" "$calls"
done
} > "$tmp_metrics"
# Generate SCRIPTS_INVENTORY.md
{
echo "# Scripts Inventory"
echo
echo "Generated: $(date -Iseconds)"
echo
echo "Total scripts (excluding scripts/lib): $total_count"
echo
echo "## By directory"
echo
awk -F'\t' 'NR>1{c[$3]++} END{for(k in c){printf "- %s: %d\n", k, c[k]} }' "$tmp_metrics"
echo
echo "## Top ${LIMIT} scripts by line count"
echo
echo "| # | Script | Lines | Uses lib | Color vars | Manual az checks |"
echo "|---:|:------|------:|:--------:|:----------:|:----------------:|"
awk -F'\t' 'NR>1{print $0}' "$tmp_metrics" | sort -t$'\t' -k2,2nr | head -n "$LIMIT" |
nl -w2 -s' | ' |
awk -F'\t' '{printf "%s | `%s` | %s | %s | %s | %s |\n", $1, $2, $3, ($4?"yes":"no"), ($5?"yes":"no"), ($6?"yes":"no")}'
echo
echo "## Library adoption status"
echo
total=$(awk 'END{print NR-1}' "$tmp_metrics")
with=$(awk -F'\t' 'NR>1&&$4==1{c++} END{print c+0}' "$tmp_metrics")
echo "- With lib/init.sh: $with / $total"
echo "- Without lib/init.sh: "$((total-with))
echo
echo "## Potential follow-ups"
echo
echo "- Standardize Azure CLI checks via \`ensure_azure_cli\` where \`manual az\` is yes and \`Uses lib\` is yes"
echo "- Remove color variable declarations where \`Color vars\` = yes and script already uses \`log_*\`"
echo "- Consider adopting lib/init.sh for high-line-count scripts with \`Uses lib\` = no"
echo
echo "## Script call graph (edges)"
echo
echo "Format: caller -> callee"
awk -F'\t' 'NR>1 && $7!=""{ split($7,a," "); for(i in a){print "- " $1 " -> " a[i]} }' "$tmp_metrics"
} > "$DOC_INV"
# Generate COMMANDS_INDEX.md from Makefile
{
echo "# Commands Index (Makefile → Script Map)"
echo
echo "Generated: $(date -Iseconds)"
echo
echo "| Target | Script |"
echo "|:------ |:-------|"
awk '
BEGIN{t=""}
/^[A-Za-z0-9_.-]+:/{
# Capture target name up to colon
split($0,a,":"); t=a[1]; next
}
/^[\t]/ {
if ($0 ~ /scripts\/.*\.sh/) {
match($0, /scripts\/[A-Za-z0-9_\/.+-]+\.sh([^ ]*)?/, m);
if (m[0] != "") { gsub(/^\t+/,"",$0); printf "| %s | \\`%s\\` |\n", t, m[0]; }
}
}
' "$ROOT_DIR/Makefile"
} > "$DOC_CMD"
emit "Wrote: $DOC_INV"
emit "Wrote: $DOC_CMD"
rm -f "$tmp_metrics"
exit 0

23
scripts/automation/measure-startup.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/env bash
# Measure startup time for common library sourcing and representative scripts
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "$0")/../.." && pwd)"
measure() {
local label="$1"; shift
local cmd=("$@")
local start end ms
start=$(date +%s%3N)
"${cmd[@]}" >/dev/null 2>&1 || true
end=$(date +%s%3N)
ms=$((end-start))
printf "%s: %d ms\n" "$label" "$ms"
}
echo "Startup timing (ms):"
measure "source lib/init.sh" bash -lc "SCRIPT_DIR='$ROOT_DIR/scripts/deployment' source '$ROOT_DIR/scripts/lib/init.sh'"
measure "calculate-costs --help" bash -lc "SCRIPT_DIR='$ROOT_DIR/scripts/deployment' source '$ROOT_DIR/scripts/lib/init.sh'; '$ROOT_DIR/scripts/deployment/calculate-costs-consolidated.sh' --help"
measure "deploy-parallel --help" bash -lc "SCRIPT_DIR='$ROOT_DIR/scripts/deployment' source '$ROOT_DIR/scripts/lib/init.sh'; '$ROOT_DIR/scripts/deployment/deploy-parallel-consolidated.sh' --help"
measure "list-all-resources --help" bash -lc "SCRIPT_DIR='$ROOT_DIR/scripts/azure' source '$ROOT_DIR/scripts/lib/init.sh'; '$ROOT_DIR/scripts/azure/list-all-resources.sh' --help"
echo "Done."

52
scripts/automation/prepare-deployment.sh Executable file
View File

@@ -0,0 +1,52 @@
#!/usr/bin/env bash
# Prepare for deployment - check all prerequisites
set -e
cd "$(dirname "$0")/../.."
echo "=== Deployment Preparation Check ==="
# Check wallet balance
echo "1. Checking wallet balance..."
./scripts/deployment/get-wallet-address.sh 2>&1 | grep -A 5 "Wallet Address" || true
./scripts/deployment/check-mainnet-balances.sh 2>&1 | grep -E "(Balance|Status|Need)" || true
# Check RPC endpoints
echo ""
echo "2. Checking RPC endpoints..."
./scripts/deployment/check-rpc-status.sh 2>&1 | head -20 || true
# Check contract compilation
echo ""
echo "3. Checking contract compilation..."
if forge build 2>&1 | grep -q "Compiler run successful"; then
echo "✅ Foundry contracts compile successfully"
else
echo "⚠️ Foundry compilation issues detected"
fi
if npx hardhat compile 2>&1 | grep -q "Compiled successfully"; then
echo "✅ Hardhat contracts compile successfully"
else
echo "⚠️ Hardhat compilation issues detected"
fi
# Check environment variables
echo ""
echo "4. Checking environment variables..."
if [ -f .env ]; then
required_vars=("PRIVATE_KEY" "ETHEREUM_MAINNET_RPC" "CHAIN138_RPC_URL")
for var in "${required_vars[@]}"; do
if grep -q "^${var}=" .env; then
echo "$var configured"
else
echo "⚠️ $var not configured"
fi
done
else
echo "⚠️ .env file not found"
fi
echo ""
echo "=== Preparation Check Complete ==="

70
scripts/automation/run-all-automated-tasks.sh Executable file
View File

@@ -0,0 +1,70 @@
#!/usr/bin/env bash
# Master script to run all automated tasks in parallel
set -e
cd "$(dirname "$0")/../.."
echo "=== 🚀 Running All Automated Tasks ==="
echo ""
# Create logs directory
mkdir -p logs
# Array to store background job PIDs
declare -a pids=()
# Function to run task and track PID
run_parallel_task() {
local task_name="$1"
local task_command="$2"
local log_file="logs/${task_name}.log"
echo "Starting: $task_name"
(
eval "$task_command" > "$log_file" 2>&1
if [ $? -eq 0 ]; then
echo "$task_name: SUCCESS"
else
echo "$task_name: FAILED (check $log_file)"
fi
) &
pids+=($!)
echo " PID: $!"
}
# Task 1: Validate all scripts
run_parallel_task "validate-scripts" "./scripts/automation/validate-all-scripts.sh"
# Task 2: Scope review
run_parallel_task "scope-review" "./scripts/automation/scope-review.sh"
# Task 3: Compile Foundry contracts
run_parallel_task "compile-foundry" "forge build --force 2>&1 | grep -v 'ccip-integration' || true"
# Task 4: Run Foundry tests
run_parallel_task "test-foundry" "forge test --no-match-path 'test/ccip-integration/*' 2>&1 || true"
# Task 5: Check environment configuration
run_parallel_task "check-env" "./scripts/deployment/verify-env.sh 2>&1 || echo 'Env check skipped'"
# Task 6: Validate deployment scripts syntax
run_parallel_task "validate-deployment-scripts" "find scripts/deployment -name '*.sh' -exec bash -n {} \; 2>&1 || true"
# Task 7: Check contract compilation status
run_parallel_task "check-contracts" "find contracts -name '*.sol' -type f | wc -l"
# Task 8: Count documentation files
run_parallel_task "count-docs" "find docs -name '*.md' -type f | wc -l"
# Wait for all tasks
echo ""
echo "Waiting for all tasks to complete..."
for pid in "${pids[@]}"; do
wait $pid
done
echo ""
echo "=== ✅ All Automated Tasks Complete ==="
echo "Check logs/ directory for detailed output"

55
scripts/automation/run-tests-parallel.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
# Run all tests in parallel
set -e
cd "$(dirname "$0")/../.."
echo "=== 🧪 Running Tests in Parallel ==="
# Create test results directory
mkdir -p test-results
# Run Foundry tests (excluding CCIP integration)
echo "Running Foundry tests..."
forge test --no-match-path 'test/ccip-integration/*' --json > test-results/foundry.json 2>&1 &
FORGE_PID=$!
# Run Hardhat tests (if any)
if [ -d "test/hardhat" ]; then
echo "Running Hardhat tests..."
npx hardhat test > test-results/hardhat.log 2>&1 &
HARDHAT_PID=$!
else
HARDHAT_PID=""
fi
# Wait for all tests
wait $FORGE_PID
FORGE_EXIT=$?
if [ -n "$HARDHAT_PID" ]; then
wait $HARDHAT_PID
HARDHAT_EXIT=$?
else
HARDHAT_EXIT=0
fi
# Report results
echo ""
echo "=== Test Results ==="
if [ $FORGE_EXIT -eq 0 ]; then
echo "✅ Foundry tests: PASSED"
else
echo "❌ Foundry tests: FAILED"
fi
if [ -n "$HARDHAT_PID" ]; then
if [ $HARDHAT_EXIT -eq 0 ]; then
echo "✅ Hardhat tests: PASSED"
else
echo "❌ Hardhat tests: FAILED"
fi
fi
exit $((FORGE_EXIT + HARDHAT_EXIT))

54
scripts/automation/scope-review.sh Executable file
View File

@@ -0,0 +1,54 @@
#!/usr/bin/env bash
# Project Scope Review - Check for scope creep
set -e
cd "$(dirname "$0")/../.."
echo "=== 🔍 Project Scope Review ==="
echo ""
# Check for enterprise architecture contracts
echo "Checking for Enterprise Architecture contracts..."
DIAMOND_EXISTS=$(find contracts -name "*Diamond*" -o -name "*diamond*" 2>/dev/null | wc -l)
ERC_FACETS=$(find contracts -name "*ERC*Facet*" -o -name "*Facet*" 2>/dev/null | wc -l)
ISO_REGISTRY=$(find contracts -name "*ISO*" -o -name "*Registry*" 2>/dev/null | wc -l)
FIREFLY_CONTRACTS=$(find contracts -name "*FireFly*" -o -name "*Firefly*" 2>/dev/null | wc -l)
echo " Diamond contracts: $DIAMOND_EXISTS"
echo " ERC Facet contracts: $ERC_FACETS"
echo " ISO Registry contracts: $ISO_REGISTRY"
echo " FireFly contracts: $FIREFLY_CONTRACTS"
# Check documentation vs implementation
echo ""
echo "Checking documentation vs implementation..."
ENTERPRISE_DOCS=$(find docs -name "*ENTERPRISE*" -o -name "*DIAMOND*" -o -name "*FIREFLY*" 2>/dev/null | wc -l)
echo " Enterprise documentation files: $ENTERPRISE_DOCS"
# Check for orphaned files
echo ""
echo "Checking for orphaned/unused files..."
ORPHANED_SCRIPTS=$(find scripts -name "*.sh" ! -executable 2>/dev/null | wc -l)
echo " Non-executable scripts: $ORPHANED_SCRIPTS"
# Check for duplicate functionality
echo ""
echo "Checking for duplicate contracts..."
DUPLICATE_WETH=$(find contracts -name "*WETH*" 2>/dev/null | wc -l)
DUPLICATE_CCIP=$(find contracts -name "*CCIP*" 2>/dev/null | wc -l)
echo " WETH contracts: $DUPLICATE_WETH"
echo " CCIP contracts: $DUPLICATE_CCIP"
# Summary
echo ""
echo "=== 📊 Scope Review Summary ==="
if [ "$DIAMOND_EXISTS" -eq 0 ] && [ "$ENTERPRISE_DOCS" -gt 0 ]; then
echo "⚠️ WARNING: Enterprise architecture documented but not implemented"
fi
if [ "$ORPHANED_SCRIPTS" -gt 0 ]; then
echo "⚠️ WARNING: Found non-executable scripts"
fi
echo "✅ Scope review complete"

21
scripts/automation/standardize-shebangs.sh Executable file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/env bash
# Standardize script shebangs
# Converts #!/bin/bash to #!/usr/bin/env bash for better portability
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
count=0
while IFS= read -r -d '' file; do
if head -1 "$file" | grep -q "^#!/bin/bash"; then
sed -i '1s|#!/bin/bash|#!/usr/bin/env bash|' "$file"
((count++)) || true
fi
done < <(find scripts -name "*.sh" -type f -print0)
echo "✅ Standardized $count scripts to use #!/usr/bin/env bash"

51
scripts/automation/validate-all-scripts.sh Executable file
View File

@@ -0,0 +1,51 @@
#!/usr/bin/env bash
# Validate all deployment and automation scripts
set -e
cd "$(dirname "$0")/../.."
echo "=== ✅ Validating All Scripts ==="
ERRORS=0
# Check all deployment scripts are executable
echo "Checking deployment scripts..."
for script in scripts/deployment/*.sh; do
if [ -f "$script" ]; then
if [ ! -x "$script" ]; then
echo "⚠️ Making executable: $script"
chmod +x "$script"
fi
fi
done
# Check all automation scripts are executable
echo "Checking automation scripts..."
for script in scripts/automation/*.sh; do
if [ -f "$script" ]; then
if [ ! -x "$script" ]; then
echo "⚠️ Making executable: $script"
chmod +x "$script"
fi
fi
done
# Validate script syntax
echo "Validating script syntax..."
for script in scripts/**/*.sh; do
if [ -f "$script" ]; then
if ! bash -n "$script" 2>&1; then
echo "❌ Syntax error in: $script"
ERRORS=$((ERRORS + 1))
fi
fi
done
if [ $ERRORS -eq 0 ]; then
echo "✅ All scripts validated successfully"
exit 0
else
echo "❌ Found $ERRORS script errors"
exit 1
fi

50
scripts/automation/validate-configs.sh Executable file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/env bash
# Validate all configuration files
# Checks JSON, YAML, and TOML files for validity
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
source "$SCRIPT_DIR/../lib/common/validation.sh"
cd "$PROJECT_ROOT"
log_section "Configuration Validation"
errors=0
# Validate JSON files
log_subsection "Validating JSON files"
while IFS= read -r -d '' file; do
if ! validate_json "$file"; then
((errors++)) || true
fi
done < <(find config -name "*.json" -type f -print0 2>/dev/null)
# Validate YAML files
log_subsection "Validating YAML files"
while IFS= read -r -d '' file; do
if ! validate_yaml "$file"; then
((errors++)) || true
fi
done < <(find . -name "*.yml" -o -name "*.yaml" -type f -print0 2>/dev/null | grep -v node_modules | grep -v .terraform)
# Validate TOML files
log_subsection "Validating TOML files"
while IFS= read -r -d '' file; do
if ! validate_toml "$file"; then
((errors++)) || true
fi
done < <(find config -name "*.toml" -type f -print0 2>/dev/null)
if [ $errors -eq 0 ]; then
log_success "All configuration files are valid"
exit 0
else
log_error "Found $errors configuration file errors"
exit 1
fi

44
scripts/automation/validate-scripts.sh Executable file
View File

@@ -0,0 +1,44 @@
#!/usr/bin/env bash
# Validate all shell scripts locally (no git/network). Produces docs/SCRIPTS_QA_REPORT.md
set -u
ROOT_DIR="$(cd "$(dirname "$0")/../.." && pwd)"
REPORT="$ROOT_DIR/docs/SCRIPTS_QA_REPORT.md"
mkdir -p "$ROOT_DIR/docs"
mapfile -t FILES < <(cd "$ROOT_DIR" && find scripts -type f -name '*.sh' | sort)
ok=0; fail=0
tmp=$(mktemp)
{
echo "# Scripts QA Report"
echo
echo "Generated: $(date -Iseconds)"
echo
echo "## Bash syntax check (bash -n)"
for f in "${FILES[@]}"; do
if bash -n "$f" 2>/dev/null; then
echo "- [OK] ${f#$ROOT_DIR/}"; ((ok++))
else
echo "- [FAIL] ${f#$ROOT_DIR/}"; ((fail++))
fi
done
echo
echo "Summary: $ok OK, $((ok+fail)) total"
if command -v shellcheck >/dev/null 2>&1; then
echo
echo "## ShellCheck summary"
for f in "${FILES[@]}"; do
shellcheck -f gcc "$f" || true
done | tee "$tmp"
echo
echo "- ShellCheck issues: $(wc -l < "$tmp") lines reported"
else
echo
echo "## ShellCheck"
echo "shellcheck not found; skipping. Install with: sudo apt-get install shellcheck"
fi
} > "$REPORT"
rm -f "$tmp"
echo "QA report written: $REPORT"

126
scripts/azure/analyze-deployment-failures.sh Executable file
View File

@@ -0,0 +1,126 @@
#!/usr/bin/env bash
# Comprehensive Azure deployment failure analysis
# Compares Terraform logs with Azure activity logs
set -e
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ AZURE DEPLOYMENT FAILURE ANALYSIS ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Part 1: Failed Clusters Analysis"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
FAILED_CLUSTERS=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].{name:name, rg:resourceGroup}" -o json)
FAILED_COUNT=$(echo "$FAILED_CLUSTERS" | jq '. | length')
echo "Found $FAILED_COUNT failed clusters"
echo ""
if [ "$FAILED_COUNT" -gt 0 ]; then
echo "$FAILED_CLUSTERS" | jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo "Cluster: $name"
echo "Resource Group: $rg"
echo ""
# Get cluster details
echo "Cluster Details:"
az aks show --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" \
--query "{provisioningState:provisioningState, powerState:powerState.code, createdTime:createdAt, kubernetesVersion:kubernetesVersion}" -o json 2>&1 | jq '.' || echo " Error retrieving details"
echo ""
# Get activity log errors
echo "Recent Errors from Activity Log:"
az monitor activity-log list --subscription "$SUBSCRIPTION_ID" \
--resource-group "$rg" \
--resource-id "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$rg/providers/Microsoft.ContainerService/managedClusters/$name" \
--max-events 20 \
--query "[?status.value == 'Failed' || level == 'Error'].{time:eventTimestamp, operation:operationName.localValue, status:status.value, message:statusMessage.message, error:properties.statusMessage}" -o json 2>&1 | \
jq -r '.[] | " [\(.time)] \(.operation): \(.message // .error)"' | head -5 || echo " No errors found"
echo ""
echo "---"
echo ""
done
fi
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Part 2: Canceled Clusters Analysis"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
CANCELED_CLUSTERS=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Canceled'].{name:name, rg:resourceGroup}" -o json)
CANCELED_COUNT=$(echo "$CANCELED_CLUSTERS" | jq '. | length')
echo "Found $CANCELED_COUNT canceled clusters"
echo ""
if [ "$CANCELED_COUNT" -gt 0 ]; then
echo "$CANCELED_CLUSTERS" | jq -r '.[:5][] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo "Cluster: $name"
echo "Resource Group: $rg"
echo ""
# Get cluster details
az aks show --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" \
--query "{provisioningState:provisioningState, powerState:powerState.code, createdTime:createdAt}" -o json 2>&1 | jq '.' || echo " Error retrieving details"
echo ""
# Get activity log
echo "Recent Activity:"
az monitor activity-log list --subscription "$SUBSCRIPTION_ID" \
--resource-group "$rg" \
--resource-id "/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$rg/providers/Microsoft.ContainerService/managedClusters/$name" \
--max-events 10 \
--query "[].{time:eventTimestamp, operation:operationName.localValue, status:status.value}" -o json 2>&1 | \
jq -r '.[] | " [\(.time)] \(.operation): \(.status)"' | head -5 || echo " No activity found"
echo ""
done
fi
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Part 3: Recent Errors Across Subscription"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Checking recent errors for AKS clusters..."
az monitor activity-log list --subscription "$SUBSCRIPTION_ID" \
--resource-type "Microsoft.ContainerService/managedClusters" \
--max-events 30 \
--query "[?status.value == 'Failed' || level == 'Error'].{time:eventTimestamp, resource:resourceId, operation:operationName.localValue, status:status.value, message:statusMessage.message, error:properties.statusMessage}" -o json 2>&1 | \
jq -r '.[] | "\(.time) | \(.resource | split("/") | .[-2] + "/" + .[-1]) | \(.operation) | \(.status) | \(.message // .error)"' | \
sort -r | head -15 || echo "No errors found"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Part 4: Terraform Log Analysis"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
if [ -f "$PROJECT_ROOT/tmp/terraform-apply-unlocked.log" ]; then
echo "Terraform Log: /tmp/terraform-apply-unlocked.log"
echo "Errors found: $(grep -i "error" "$PROJECT_ROOT/tmp/terraform-apply-unlocked.log" | wc -l)"
echo ""
echo "Key Error Messages:"
grep -i "stopped state\|operation not allowed\|already exists" "$PROJECT_ROOT/tmp/terraform-apply-unlocked.log" | head -5 | sed 's/^/ /'
else
echo "Terraform log not found"
fi
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Part 5: Comparison Summary"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Comparing Terraform logs with Azure logs..."
echo "✅ Analysis complete - See details above"

36
scripts/azure/analyze-quotas.sh Executable file
View File

@@ -0,0 +1,36 @@
#!/usr/bin/env bash
# Analyze all quotas and find optimal VM sizes
LOCATION="westeurope"
echo "==================================================================="
echo " QUOTA ANALYSIS FOR WEST EUROPE"
echo "==================================================================="
echo ""
echo "📊 Current Quota Usage:"
az vm list-usage --location "$LOCATION" --query "[].{Name:name.value, Current:currentValue, Limit:limit, Available:limit - currentValue}" -o table
echo ""
echo "🔍 Available VM Sizes (1-2 vCPUs):"
az vm list-sizes --location "$LOCATION" --query "[?numberOfCores <= 2 && numberOfCores >= 1].{Name:name, vCPUs:numberOfCores, MemoryGB:memoryInMb/1024, Cost:name}" -o table | head -20
echo ""
echo "💰 Recommended VM Sizes for Quota Constraints:"
echo ""
echo "Option 1: Standard_B1s (1 vCPU, 1GB RAM) - Burstable"
echo " • Cost: Low"
echo " • Best for: Development, testing"
echo ""
echo "Option 2: Standard_B1ms (1 vCPU, 2GB RAM) - Burstable"
echo " • Cost: Low"
echo " • Best for: Light workloads"
echo ""
echo "Option 3: Standard_B2s (2 vCPUs, 4GB RAM) - Burstable"
echo " • Cost: Low-Medium"
echo " • Best for: Small production workloads"
echo ""
echo "Option 4: Standard_D2s_v3 (2 vCPUs, 8GB RAM) - General Purpose"
echo " • Cost: Medium"
echo " • Best for: Production workloads"
echo " • Currently in use"

273
scripts/azure/check-ai-ml-providers.sh Executable file
View File

@@ -0,0 +1,273 @@
#!/usr/bin/env bash
# Check AI, ML, OpenAI, and related Resource Providers and Preview Features
# Ensures all AI/ML related providers are registered
set -euo pipefail
# Colors for output
# AI/ML/OpenAI Related Resource Providers
AI_ML_PROVIDERS=(
"Microsoft.CognitiveServices" # Azure Cognitive Services (OpenAI, etc.)
"Microsoft.MachineLearningServices" # Azure Machine Learning
"Microsoft.MachineLearning" # Legacy ML services
"Microsoft.AI" # Azure AI services
"Microsoft.OpenAI" # OpenAI service (if exists)
"Microsoft.AzureOpenAI" # Azure OpenAI Service
"Microsoft.Cognitive" # Cognitive Services (legacy)
"Microsoft.BotService" # Bot Framework (AI-powered)
"Microsoft.Search" # Azure AI Search (formerly Cognitive Search)
"Microsoft.OperationalInsights" # Log Analytics (used by AI/ML)
"Microsoft.Synapse" # Azure Synapse Analytics (ML integration)
"Microsoft.Databricks" # Azure Databricks (ML platform)
"Microsoft.DataFactory" # Azure Data Factory (ML pipelines)
)
# AI/ML Related Preview Features
AI_ML_PREVIEW_FEATURES=(
# Add any preview features related to AI/ML
# Example: "AksWindows2019Preview"
)
log() {
log_success "[✓] $1"
}
error() {
log_error "[✗] $1"
}
warn() {
log_warn "[!] $1"
}
info() {
log_info "[i] $1"
}
section() {
echo
log_info "=== $1 ==="
}
# Check Azure CLI
check_azure_cli() {
if ! command -v az &> /dev/null; then
error "Azure CLI is not installed"
exit 1
fi
if ! az account show &> /dev/null; then
error "Not logged in to Azure. Run 'az login' first"
exit 1
fi
log "Azure CLI is installed and authenticated"
}
# Check Resource Provider Registration
check_ai_ml_providers() {
section "AI/ML/OpenAI Resource Providers"
local all_registered=true
local unregistered=()
local not_found=()
for provider in "${AI_ML_PROVIDERS[@]}"; do
# Check if provider exists
local provider_info=$(az provider show --namespace "$provider" 2>/dev/null || echo "")
if [ -z "$provider_info" ]; then
# Provider namespace doesn't exist (might be wrong name or not available)
not_found+=("$provider")
warn "$provider: Namespace not found (may not exist or not available in this subscription)"
continue
fi
local status=$(echo "$provider_info" | jq -r '.registrationState' 2>/dev/null || echo "Unknown")
if [ "$status" == "Registered" ]; then
log "$provider: Registered"
else
error "$provider: $status"
unregistered+=("$provider")
all_registered=false
fi
done
echo
if [ ${#not_found[@]} -gt 0 ]; then
info "Note: Some provider namespaces were not found. This may be normal if:"
info " - The namespace name has changed"
info " - The service is not available in your subscription"
info " - The service requires special access"
fi
if [ "$all_registered" = false ] && [ ${#unregistered[@]} -gt 0 ]; then
warn "Some AI/ML resource providers are not registered"
info "Registering unregistered providers..."
for provider in "${unregistered[@]}"; do
info "Registering $provider..."
if az provider register --namespace "$provider" --wait 2>/dev/null; then
log "$provider: Registration initiated"
else
warn "Failed to register $provider (may require special permissions or not available)"
fi
done
# Wait for registration to complete
info "Waiting for provider registrations to complete..."
sleep 10
# Verify registration
for provider in "${unregistered[@]}"; do
local status=$(az provider show --namespace "$provider" --query "registrationState" -o tsv 2>/dev/null || echo "Unknown")
if [ "$status" == "Registered" ]; then
log "$provider: Now registered"
else
warn "$provider: Still $status (may take a few minutes or require approval)"
fi
done
elif [ "$all_registered" = true ]; then
log "All available AI/ML resource providers are registered"
fi
}
# List all AI/ML related providers (discover available ones)
discover_ai_ml_providers() {
section "Discovering AI/ML Related Providers"
info "Searching for AI/ML related providers in subscription..."
# Get all providers and filter for AI/ML related
local all_providers=$(az provider list --query "[].namespace" -o tsv)
local ai_ml_keywords=("cognitive" "machinelearning" "ml" "ai" "openai" "bot" "search" "synapse" "databricks" "datafactory")
echo "Found AI/ML related providers:"
for provider in $all_providers; do
provider_lower=$(echo "$provider" | tr '[:upper:]' '[:lower:]')
for keyword in "${ai_ml_keywords[@]}"; do
if [[ "$provider_lower" == *"$keyword"* ]]; then
local status=$(az provider show --namespace "$provider" --query "registrationState" -o tsv 2>/dev/null || echo "Unknown")
if [ "$status" == "Registered" ]; then
log "$provider: Registered"
else
warn "$provider: $status"
fi
break
fi
done
done
}
# Check Preview Features
check_preview_features() {
if [ ${#AI_ML_PREVIEW_FEATURES[@]} -eq 0 ]; then
info "No specific AI/ML preview features configured"
return
fi
section "AI/ML Preview Features"
for feature in "${AI_ML_PREVIEW_FEATURES[@]}"; do
# Check if feature is registered
local registered=$(az feature show --name "$feature" --namespace "Microsoft.ContainerService" --query "properties.state" -o tsv 2>/dev/null || echo "Unknown")
if [ "$registered" == "Registered" ]; then
log "$feature: Registered"
else
warn "$feature: $registered"
info "Registering preview feature: $feature"
az feature register --name "$feature" --namespace "Microsoft.ContainerService" || warn "Failed to register $feature"
fi
done
}
# Check Azure OpenAI Service availability
check_openai_service() {
section "Azure OpenAI Service Check"
# Check if Cognitive Services provider is registered (required for OpenAI)
local cognitive_status=$(az provider show --namespace "Microsoft.CognitiveServices" --query "registrationState" -o tsv 2>/dev/null || echo "NotRegistered")
if [ "$cognitive_status" == "Registered" ]; then
log "Microsoft.CognitiveServices is registered (required for Azure OpenAI)"
# Try to list OpenAI resources (requires OpenAI access)
info "Checking Azure OpenAI resource access..."
local openai_resources=$(az cognitiveservices account list --query "[?kind=='OpenAI'].{Name:name, ResourceGroup:resourceGroup, Kind:kind}" -o json 2>/dev/null || echo "[]")
if [ "$openai_resources" != "[]" ] && [ -n "$openai_resources" ]; then
local count=$(echo "$openai_resources" | jq 'length')
log "Found $count Azure OpenAI resource(s)"
echo "$openai_resources" | jq -r '.[] | " - \(.Name) in \(.ResourceGroup)"'
else
info "No Azure OpenAI resources found (may require access request)"
info "To request Azure OpenAI access: https://aka.ms/oai/access"
fi
else
warn "Microsoft.CognitiveServices is not registered (required for Azure OpenAI)"
info "Registering Microsoft.CognitiveServices..."
az provider register --namespace "Microsoft.CognitiveServices" --wait || warn "Registration may require approval"
fi
}
# Check Azure Machine Learning
check_ml_service() {
section "Azure Machine Learning Service Check"
local ml_status=$(az provider show --namespace "Microsoft.MachineLearningServices" --query "registrationState" -o tsv 2>/dev/null || echo "NotRegistered")
if [ "$ml_status" == "Registered" ]; then
log "Microsoft.MachineLearningServices is registered"
# Try to list ML workspaces
info "Checking Azure ML workspace access..."
local ml_workspaces=$(az ml workspace list --query "[].{Name:name, ResourceGroup:resourceGroup}" -o json 2>/dev/null || echo "[]")
if [ "$ml_workspaces" != "[]" ] && [ -n "$ml_workspaces" ]; then
local count=$(echo "$ml_workspaces" | jq 'length')
log "Found $count Azure ML workspace(s)"
echo "$ml_workspaces" | jq -r '.[] | " - \(.Name) in \(.ResourceGroup)"'
else
info "No Azure ML workspaces found"
fi
else
warn "Microsoft.MachineLearningServices is not registered"
info "Registering Microsoft.MachineLearningServices..."
az provider register --namespace "Microsoft.MachineLearningServices" --wait || warn "Registration may require approval"
fi
}
# Main function
main() {
log_info "AI/ML/OpenAI Resource Providers Check"
log_info "======================================"
echo
check_azure_cli
discover_ai_ml_providers
check_ai_ml_providers
check_openai_service
check_ml_service
check_preview_features
echo
section "Summary"
log "AI/ML/OpenAI resource providers checked"
log "Available providers discovered and verified"
info "Note: Some services (like Azure OpenAI) may require additional access requests"
info "Azure OpenAI access request: https://aka.ms/oai/access"
}
# Run main function
main "$@"

67
scripts/azure/check-and-continue.sh Executable file
View File

@@ -0,0 +1,67 @@
#!/usr/bin/env bash
# Continuously check status and continue with next steps
set -e
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
TERRAFORM_DIR="$PROJECT_ROOT/terraform/well-architected/cloud-sovereignty"
echo "=== Continuous Status Check & Continue ==="
echo ""
while true; do
# Check status
FAILED=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].name" -o tsv 2>/dev/null | wc -l)
CANCELED=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Canceled'].name" -o tsv 2>/dev/null | wc -l)
DELETING=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Deleting'].name" -o tsv 2>/dev/null | wc -l)
READY=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Succeeded'].name" -o tsv 2>/dev/null | wc -l)
CREATING=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Creating'].name" -o tsv 2>/dev/null | wc -l)
echo "$(date '+%Y-%m-%d %H:%M:%S') - Status: Ready=$READY, Failed=$FAILED, Canceled=$CANCELED, Deleting=$DELETING, Creating=$CREATING"
# If deletions complete and Terraform not started, start it
if [ "$DELETING" -eq 0 ] && [ "$FAILED" -eq 0 ] && [ "$CANCELED" -eq 0 ]; then
if [ ! -f /tmp/terraform-apply-redeploy.log ] || ! ps aux | grep -q "[t]erraform apply"; then
echo "✅ All deletions complete! Starting Terraform deployment..."
cd "$TERRAFORM_DIR"
terraform init -upgrade >/dev/null 2>&1 || true
terraform apply -parallelism=128 -auto-approve 2>&1 | tee /tmp/terraform-apply-redeploy.log &
echo "✅ Terraform deployment started"
break
fi
fi
# If Terraform complete and clusters ready, run next steps
if [ -f /tmp/terraform-apply-redeploy.log ] && tail -10 /tmp/terraform-apply-redeploy.log | grep -q "Apply complete"; then
if [ "$READY" -ge 20 ]; then
echo "✅ Terraform deployment complete with $READY ready clusters!"
echo "Starting next steps..."
cd "$PROJECT_ROOT"
./scripts/deployment/wait-and-run-all-next-steps.sh 2>&1 | tee /tmp/next-steps-after-fix.log &
echo "✅ Next steps started"
break
fi
fi
# Check if still processing
if [ "$DELETING" -gt 0 ] || [ "$CREATING" -gt 0 ]; then
echo " ⏳ Still processing... (checking again in 30 seconds)"
sleep 30
else
echo " ⏸️ Waiting... (checking again in 60 seconds)"
sleep 60
fi
done
echo ""
echo "✅ Monitoring complete"

291
scripts/azure/check-azure-prerequisites.sh Executable file
View File

@@ -0,0 +1,291 @@
#!/usr/bin/env bash
# Check Azure Prerequisites: Regions, Resource Providers, and Quotas
# Ensures all required providers are registered and quotas are available
set -euo pipefail
# Colors for output
# Required Resource Providers
REQUIRED_PROVIDERS=(
"Microsoft.ContainerService" # AKS
"Microsoft.KeyVault" # Key Vault
"Microsoft.Storage" # Storage Accounts
"Microsoft.Network" # VNet, Application Gateway, Load Balancer
"Microsoft.Compute" # VMs, VM Scale Sets
"Microsoft.Insights" # Azure Monitor
"Microsoft.ManagedIdentity" # Managed Identities
"Microsoft.Authorization" # RBAC
"Microsoft.Resources" # Resource Groups
)
# Required Preview Features (if any)
REQUIRED_PREVIEW_FEATURES=(
# Add any preview features needed
)
# VM Sizes needed for quota checking
VM_SIZES=(
"Standard_D2s_v3" # System nodes
"Standard_D4s_v3" # Validators and Sentries
"Standard_D8s_v3" # RPC nodes
)
# Node counts per VM size
declare -A NODE_COUNTS=(
["Standard_D2s_v3"]=3
["Standard_D4s_v3"]=7
["Standard_D8s_v3"]=3
)
log() {
log_success "[✓] $1"
}
error() {
log_error "[✗] $1"
}
warn() {
log_warn "[!] $1"
}
info() {
log_info "[i] $1"
}
section() {
echo
log_info "=== $1 ==="
}
# Check Azure CLI
check_azure_cli() {
if ! command -v az &> /dev/null; then
error "Azure CLI is not installed"
exit 1
fi
if ! az account show &> /dev/null; then
error "Not logged in to Azure. Run 'az login' first"
exit 1
fi
log "Azure CLI is installed and authenticated"
}
# Get Commercial Regions (excluding US and Government)
get_commercial_regions() {
section "Available Commercial Regions (Non-US, Non-Government)"
# Get all locations, filter out US and Government regions
az account list-locations \
--query "[?metadata.regionType=='Physical' && !contains(name, 'us') && !contains(name, 'gov') && !contains(name, 'dod')].{Name:name, DisplayName:displayName, Geography:metadata.geographyGroup}" \
-o table
# Get as array for processing
COMMERCIAL_REGIONS=$(az account list-locations \
--query "[?metadata.regionType=='Physical' && !contains(name, 'us') && !contains(name, 'gov') && !contains(name, 'dod')].name" \
-o tsv)
echo
info "Total Commercial Regions (Non-US): $(echo "$COMMERCIAL_REGIONS" | wc -l)"
}
# Check Resource Provider Registration
check_resource_providers() {
section "Required Resource Providers"
local all_registered=true
local unregistered=()
for provider in "${REQUIRED_PROVIDERS[@]}"; do
local status=$(az provider show --namespace "$provider" --query "registrationState" -o tsv 2>/dev/null || echo "NotRegistered")
if [ "$status" == "Registered" ]; then
log "$provider: Registered"
else
error "$provider: $status"
unregistered+=("$provider")
all_registered=false
fi
done
echo
if [ "$all_registered" = false ]; then
warn "Some resource providers are not registered"
info "Registering unregistered providers..."
for provider in "${unregistered[@]}"; do
info "Registering $provider..."
az provider register --namespace "$provider" --wait || warn "Failed to register $provider"
done
# Wait for registration to complete
info "Waiting for provider registrations to complete..."
sleep 10
# Verify registration
for provider in "${unregistered[@]}"; do
local status=$(az provider show --namespace "$provider" --query "registrationState" -o tsv 2>/dev/null || echo "NotRegistered")
if [ "$status" == "Registered" ]; then
log "$provider: Now registered"
else
warn "$provider: Still $status (may take a few minutes)"
fi
done
else
log "All required resource providers are registered"
fi
}
# Check Preview Features
check_preview_features() {
if [ ${#REQUIRED_PREVIEW_FEATURES[@]} -eq 0 ]; then
info "No preview features required"
return
fi
section "Required Preview Features"
for feature in "${REQUIRED_PREVIEW_FEATURES[@]}"; do
# Check if feature is registered
local registered=$(az feature show --name "$feature" --namespace "Microsoft.ContainerService" --query "properties.state" -o tsv 2>/dev/null || echo "Unknown")
if [ "$registered" == "Registered" ]; then
log "$feature: Registered"
else
warn "$feature: $registered"
info "Registering preview feature: $feature"
az feature register --name "$feature" --namespace "Microsoft.ContainerService" || warn "Failed to register $feature"
fi
done
}
# Check Quotas for a specific region
check_region_quotas() {
local region=$1
section "Quotas for Region: $region"
# Get subscription ID
local sub_id=$(az account show --query id -o tsv)
# Check VM family quotas
info "Checking VM quotas..."
for vm_size in "${VM_SIZES[@]}"; do
# Extract VM family (e.g., StandardD2sv3Family from Standard_D2s_v3)
local family=$(echo "$vm_size" | sed 's/_/-/g' | sed 's/Standard-/Standard/' | sed 's/$/Family/')
# Get quota for this VM family
local quota=$(az vm list-usage \
--location "$region" \
--query "[?name.value=='$family'].{Name:name.value, Current:currentValue, Limit:limit}" \
-o tsv 2>/dev/null || echo "")
if [ -n "$quota" ]; then
local current=$(echo "$quota" | awk '{print $2}')
local limit=$(echo "$quota" | awk '{print $3}')
local needed=${NODE_COUNTS[$vm_size]}
if [ -z "$current" ] || [ -z "$limit" ]; then
warn "$vm_size: Could not retrieve quota"
else
local available=$((limit - current))
if [ $available -ge $needed ]; then
log "$vm_size: $current/$limit used, $available available (need $needed) ✓"
else
error "$vm_size: $current/$limit used, only $available available (need $needed) ✗"
fi
fi
else
warn "$vm_size: Quota information not available"
fi
done
# Check AKS quota
info "Checking AKS cluster quota..."
local aks_quota=$(az aks list --query "length(@)" -o tsv 2>/dev/null || echo "0")
log "Current AKS clusters: $aks_quota (typically 50 per subscription)"
# Check Public IP quota
info "Checking Public IP quota..."
local pip_quota=$(az network list-usages \
--location "$region" \
--query "[?name.value=='PublicIPAddresses'].{Current:currentValue, Limit:limit}" \
-o tsv 2>/dev/null || echo "")
if [ -n "$pip_quota" ]; then
local current=$(echo "$pip_quota" | awk '{print $1}')
local limit=$(echo "$pip_quota" | awk '{print $2}')
log "Public IPs: $current/$limit used"
fi
# Check Load Balancer quota
info "Checking Load Balancer quota..."
local lb_quota=$(az network list-usages \
--location "$region" \
--query "[?name.value=='LoadBalancers'].{Current:currentValue, Limit:limit}" \
-o tsv 2>/dev/null || echo "")
if [ -n "$lb_quota" ]; then
local current=$(echo "$lb_quota" | awk '{print $1}')
local limit=$(echo "$lb_quota" | awk '{print $2}')
log "Load Balancers: $current/$limit used"
fi
}
# Check quotas for all commercial regions
check_all_region_quotas() {
section "Quota Check for All Commercial Regions"
local default_region="westeurope"
local regions_to_check=("$default_region")
# Optionally check other key regions
local key_regions=("northeurope" "uksouth" "francecentral" "germanywestcentral")
for region in "${regions_to_check[@]}" "${key_regions[@]}"; do
# Verify region exists in commercial regions list
if echo "$COMMERCIAL_REGIONS" | grep -q "^${region}$"; then
check_region_quotas "$region"
fi
done
}
# Main function
main() {
log_info "Azure Prerequisites Check"
log_info "========================="
echo
check_azure_cli
get_commercial_regions
check_resource_providers
check_preview_features
check_all_region_quotas
echo
section "Summary"
log "Default region set to: westeurope"
log "All commercial regions (non-US, non-Government) listed above"
log "Resource providers checked and registered if needed"
log "Quotas checked for key regions"
echo
info "Next steps:"
info "1. Review quota availability in your preferred region"
info "2. Request quota increases if needed: az vm list-usage --location westeurope"
info "3. Update .env file with: AZURE_LOCATION=westeurope"
info "4. Update terraform.tfvars with: location = \"westeurope\""
}
# Run main function
main "$@"

194
scripts/azure/check-naming-conventions.sh Executable file
View File

@@ -0,0 +1,194 @@
#!/usr/bin/env bash
# Check Azure resource naming conventions
# Identifies resources that don't follow the standard naming pattern
#
# REFACTORED - Uses common libraries
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
SCRIPT_NAME="check-naming-conventions.sh"
SCRIPT_DESC="Audit Azure resource naming conventions and categorize standard vs legacy vs non-standard"
SCRIPT_USAGE="${SCRIPT_NAME} [--json <file>] [--help]"
SCRIPT_OPTIONS="--json <file> Write detailed JSON output to file\n--help Show help"
SCRIPT_REQUIREMENTS="Azure CLI (ensure_azure_cli)"
handle_help "${1:-}"
# Initialize
SUBSCRIPTION_ID="$(get_subscription_id)"
ensure_azure_cli || exit 1
set_subscription "$SUBSCRIPTION_ID" || true
log_section "CHECKING AZURE RESOURCE NAMING CONVENTIONS"
# Standard naming pattern: {cloud}-{env}-{region}-{resource}-{purpose}-{instance}
# Examples:
# - Key Vault: az-p-{code}-kv-secrets-001
# - Resource Group: az-p-{code}-rg-sec-001
# - AKS: az-p-{code}-aks-main
# Check function for standard pattern
check_naming() {
local name=$1
local resource_type=$2
local location=$3
# Standard pattern should start with az-p-, az-d-, or az-we- (dev environment)
if [[ ! "$name" =~ ^az-[pdwe]- ]]; then
return 1
fi
# Should contain dashes (not legacy format without dashes)
if [[ "$name" =~ ^az[pd][a-z]+ ]]; then
return 1
fi
# Should follow pattern: az-{env}-{code}-{type}-{purpose}-{instance}
# Region code should be exactly 3 characters for standard format
# Or: az-{env}-{type}-{purpose}-{instance} (for dev/main resources)
# Or: az-{env}-{code}-aks-{purpose} (for dev AKS clusters)
# Basic validation - check for 3-char region code pattern
if [[ "$name" =~ ^az-[pdwe]-[a-z]{3}-[a-z]+- ]] || [[ "$name" =~ ^az-[we]-[a-z]+- ]] || [[ "$name" =~ ^az-[we]-[a-z]+-aks- ]]; then
return 0
fi
return 1
}
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 KEY VAULTS"
echo "=" | awk '{printf "%-80s\n", ""}'
KEY_VAULTS=$(az keyvault list --query "[].{Name:name, RG:resourceGroup, Location:location}" -o tsv 2>/dev/null || true)
STANDARD_COUNT=0
LEGACY_COUNT=0
OTHER_COUNT=0
if [ -n "$KEY_VAULTS" ]; then
while IFS=$'\t' read -r name rg location; do
if [ -z "$name" ]; then
continue
fi
if check_naming "$name" "keyvault" "$location"; then
log_success "$name (RG: $rg)"
STANDARD_COUNT=$((STANDARD_COUNT + 1))
elif [[ "$name" =~ ^azp[a-z]+kvsecrets001$ ]]; then
log_warn "$name (RG: $rg) - Legacy format (no dashes)"
LEGACY_COUNT=$((LEGACY_COUNT + 1))
else
log_error "$name (RG: $rg) - Non-standard format"
OTHER_COUNT=$((OTHER_COUNT + 1))
fi
done <<< "$KEY_VAULTS"
else
echo "No Key Vaults found"
fi
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 RESOURCE GROUPS"
echo "=" | awk '{printf "%-80s\n", ""}'
RESOURCE_GROUPS=$(az group list --query "[].{Name:name, Location:location}" -o tsv 2>/dev/null || true)
RG_STANDARD=0
RG_LEGACY=0
RG_OTHER=0
if [ -n "$RESOURCE_GROUPS" ]; then
while IFS=$'\t' read -r name location; do
if [ -z "$name" ]; then
continue
fi
# Skip MC_ resource groups (Azure-managed for AKS)
if [[ "$name" =~ ^MC_ ]]; then
continue
fi
if check_naming "$name" "resourcegroup" "$location"; then
log_success "$name"
RG_STANDARD=$((RG_STANDARD + 1))
elif [[ "$name" =~ ^az[pd][a-z]+rg ]]; then
log_warn "$name - Legacy format (no dashes)"
RG_LEGACY=$((RG_LEGACY + 1))
else
# Check if it's a project resource group or Azure-managed
if [[ "$name" =~ defi-oracle|besu|chain138 ]]; then
log_info " $name - Project-specific (acceptable)"
elif [[ "$name" =~ ^NetworkWatcherRG$|^DefaultResourceGroup- ]]; then
log_info " $name - Azure-managed (acceptable)"
else
log_error "$name - Non-standard format"
RG_OTHER=$((RG_OTHER + 1))
fi
fi
done <<< "$RESOURCE_GROUPS"
else
echo "No Resource Groups found"
fi
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 AKS CLUSTERS"
echo "=" | awk '{printf "%-80s\n", ""}'
AKS_CLUSTERS=$(az aks list --query "[].{Name:name, RG:resourceGroup, Location:location}" -o tsv 2>/dev/null || true)
AKS_STANDARD=0
AKS_OTHER=0
if [ -n "$AKS_CLUSTERS" ]; then
while IFS=$'\t' read -r name rg location; do
if [ -z "$name" ]; then
continue
fi
if check_naming "$name" "aks" "$location"; then
log_success "$name (RG: $rg)"
AKS_STANDARD=$((AKS_STANDARD + 1))
elif [[ "$name" =~ ^az-(we|d)-.*-aks- ]] || [[ "$name" =~ ^az-we-aks- ]] || [[ "$name" =~ ^az-we-rg-dev- ]]; then
log_info " $name (RG: $rg) - Dev environment (acceptable)"
AKS_STANDARD=$((AKS_STANDARD + 1)) # Count as acceptable
else
log_error "$name (RG: $rg) - Non-standard format"
AKS_OTHER=$((AKS_OTHER + 1))
fi
done <<< "$AKS_CLUSTERS"
else
echo "No AKS clusters found"
fi
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 SUMMARY"
echo "=" | awk '{printf "%-80s\n", ""}'
echo "Key Vaults:"
echo " ✓ Standard format: $STANDARD_COUNT"
echo " ⚠ Legacy format: $LEGACY_COUNT"
echo " ✗ Non-standard: $OTHER_COUNT"
echo "Resource Groups:"
echo " ✓ Standard format: $RG_STANDARD"
echo " ⚠ Legacy format: $RG_LEGACY"
echo " ✗ Non-standard: $RG_OTHER"
echo "AKS Clusters:"
echo " ✓ Standard format: $AKS_STANDARD"
echo " ✗ Non-standard: $AKS_OTHER"
if [ "$LEGACY_COUNT" -gt 0 ] || [ "$RG_LEGACY" -gt 0 ] || [ "$OTHER_COUNT" -gt 0 ] || [ "$RG_OTHER" -gt 0 ] || [ "$AKS_OTHER" -gt 0 ]; then
log_warn "⚠️ Some resources use non-standard naming conventions"
echo "Recommendations:"
echo " 1. Use standard format: az-p-{code}-{type}-{purpose}-{instance}"
echo " 2. Legacy resources cannot be renamed (Azure limitation)"
echo " 3. Create new resources with standard naming when possible"
echo " 4. See docs/NAMING_CONVENTIONS.md for details"
exit 1
else
log_success "✅ All resources follow standard naming conventions"
exit 0
fi

165
scripts/azure/check-naming-conventions.sh.refactored Normal file
View File

@@ -0,0 +1,165 @@
#!/bin/bash
# Check Azure resource naming conventions
# Identifies resources that don't follow the standard naming pattern
#
# REFACTORED VERSION - Uses common libraries
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
# Initialize
SUBSCRIPTION_ID="$(get_subscription_id)"
ensure_azure_cli || exit 1
set_subscription "$SUBSCRIPTION_ID" || true
log_section "CHECKING AZURE RESOURCE NAMING CONVENTIONS"
# Check function for standard pattern
check_naming() {
local name=$1
local resource_type=$2
local location=$3
# Standard pattern should start with az-p-, az-d-, or az-we- (dev environment)
if [[ ! "$name" =~ ^az-[pdwe]- ]]; then
return 1
fi
# Should contain dashes (not legacy format without dashes)
if [[ "$name" =~ ^az[pd][a-z]+ ]]; then
return 1
fi
# Should follow pattern: az-{env}-{code}-{type}-{purpose}-{instance}
# Region code should be exactly 3 characters for standard format
# Or: az-{env}-{type}-{purpose}-{instance} (for dev/main resources)
# Or: az-{env}-{code}-aks-{purpose} (for dev AKS clusters)
# Basic validation - check for 3-char region code pattern
if [[ "$name" =~ ^az-[pdwe]-[a-z]{3}-[a-z]+- ]] || [[ "$name" =~ ^az-[we]-[a-z]+- ]] || [[ "$name" =~ ^az-[we]-[a-z]+-aks- ]]; then
return 0
fi
return 1
}
log_subsection "KEY VAULTS"
KEY_VAULTS=$(az keyvault list --query "[].{Name:name, RG:resourceGroup, Location:location}" -o tsv 2>/dev/null || true)
STANDARD_COUNT=0
LEGACY_COUNT=0
OTHER_COUNT=0
if [ -n "$KEY_VAULTS" ]; then
while IFS=$'\t' read -r name rg location; do
if [ -z "$name" ]; then
continue
fi
if check_naming "$name" "keyvault" "$location"; then
log_success "$name (RG: $rg)"
STANDARD_COUNT=$((STANDARD_COUNT + 1))
elif [[ "$name" =~ ^azp[a-z]+kvsecrets001$ ]]; then
echo -e "${YELLOW}⚠${NC} $name (RG: $rg) - Legacy format (no dashes)"
LEGACY_COUNT=$((LEGACY_COUNT + 1))
else
log_failure "$name (RG: $rg) - Non-standard format"
OTHER_COUNT=$((OTHER_COUNT + 1))
fi
done <<< "$KEY_VAULTS"
else
log_warn "No Key Vaults found"
fi
log_subsection "RESOURCE GROUPS"
RESOURCE_GROUPS=$(az group list --query "[].{Name:name, Location:location}" -o tsv 2>/dev/null || true)
RG_STANDARD=0
RG_LEGACY=0
RG_OTHER=0
if [ -n "$RESOURCE_GROUPS" ]; then
while IFS=$'\t' read -r name location; do
if [ -z "$name" ]; then
continue
fi
# Skip Azure-managed resource groups
if [[ "$name" =~ ^NetworkWatcherRG|^cloud-shell-storage|^DefaultResourceGroup ]]; then
echo -e "${CYAN}${NC} $name (Azure-managed)"
continue
fi
if check_naming "$name" "resourcegroup" "$location"; then
log_success "$name"
RG_STANDARD=$((RG_STANDARD + 1))
elif [[ "$name" =~ ^azp[a-z]+rg[a-z]+001$ ]]; then
echo -e "${YELLOW}⚠${NC} $name - Legacy format (no dashes)"
RG_LEGACY=$((RG_LEGACY + 1))
else
log_failure "$name - Non-standard format"
RG_OTHER=$((RG_OTHER + 1))
fi
done <<< "$RESOURCE_GROUPS"
else
log_warn "No Resource Groups found"
fi
log_subsection "AKS CLUSTERS"
AKS_CLUSTERS=$(az aks list --query "[].{Name:name, RG:resourceGroup, Location:location}" -o tsv 2>/dev/null || true)
AKS_STANDARD=0
AKS_OTHER=0
if [ -n "$AKS_CLUSTERS" ]; then
while IFS=$'\t' read -r name rg location; do
if [ -z "$name" ]; then
continue
fi
if check_naming "$name" "aks" "$location"; then
log_success "$name (RG: $rg)"
AKS_STANDARD=$((AKS_STANDARD + 1))
elif [[ "$name" =~ ^az-(we|d)-.*-aks- ]] || [[ "$name" =~ ^az-we-aks- ]] || [[ "$name" =~ ^az-we-rg-dev- ]]; then
echo -e "${CYAN}${NC} $name (RG: $rg) - Dev environment (acceptable)"
AKS_STANDARD=$((AKS_STANDARD + 1)) # Count as acceptable
else
log_failure "$name (RG: $rg) - Non-standard format"
AKS_OTHER=$((AKS_OTHER + 1))
fi
done <<< "$AKS_CLUSTERS"
else
log_warn "No AKS clusters found"
fi
log_section "SUMMARY"
echo "Key Vaults:"
echo " ✓ Standard format: $STANDARD_COUNT"
echo " ⚠ Legacy format: $LEGACY_COUNT"
echo " ✗ Non-standard: $OTHER_COUNT"
echo ""
echo "Resource Groups:"
echo " ✓ Standard format: $RG_STANDARD"
echo " ⚠ Legacy format: $RG_LEGACY"
echo " ✗ Non-standard: $RG_OTHER"
echo ""
echo "AKS Clusters:"
echo " ✓ Standard format: $AKS_STANDARD"
echo " ✗ Non-standard: $AKS_OTHER"
echo ""
if [ "$OTHER_COUNT" -gt 0 ] || [ "$RG_OTHER" -gt 0 ] || [ "$AKS_OTHER" -gt 0 ]; then
log_warn "Some resources use non-standard naming conventions"
echo ""
echo "Recommendations:"
echo " 1. Use standard format: az-p-{code}-{type}-{purpose}-{instance}"
echo " 2. Legacy resources cannot be renamed (Azure limitation)"
echo " 3. Create new resources with standard naming when possible"
echo " 4. See docs/NAMING_CONVENTIONS.md for details"
else
log_success "All resources follow naming conventions"
fi

152
scripts/azure/check-quotas.sh Executable file
View File

@@ -0,0 +1,152 @@
#!/usr/bin/env bash
# Check Azure Quotas for specific region
# Usage: ./scripts/azure/check-quotas.sh [region]
set -euo pipefail
# Colors
REGION="${1:-westeurope}"
# VM Sizes and required counts
declare -A VM_REQUIREMENTS=(
["StandardD2sv3Family"]=3
["StandardD4sv3Family"]=7
["StandardD8sv3Family"]=3
)
log() {
log_success "[✓] $1"
}
error() {
log_error "[✗] $1"
}
warn() {
log_warn "[!] $1"
}
info() {
log_info "[i] $1"
}
section() {
echo
log_info "=== $1 ==="
}
section "Quota Check for Region: $REGION"
# Check VM Family Quotas
info "Checking VM Family Quotas..."
for family in "${!VM_REQUIREMENTS[@]}"; do
needed=${VM_REQUIREMENTS[$family]}
# Get quota
quota_info=$(az vm list-usage \
--location "$REGION" \
--query "[?name.value=='$family'].{Name:name.value, Current:currentValue, Limit:limit}" \
-o json 2>/dev/null || echo "[]")
if [ "$quota_info" != "[]" ] && [ -n "$quota_info" ]; then
current=$(echo "$quota_info" | jq -r '.[0].Current // 0')
limit=$(echo "$quota_info" | jq -r '.[0].Limit // 0')
available=$((limit - current))
if [ $available -ge $needed ]; then
log "$family: $current/$limit used, $available available (need $needed) ✓"
else
error "$family: $current/$limit used, only $available available (need $needed) ✗"
warn " Request quota increase: az vm list-usage --location $REGION"
fi
else
warn "$family: Quota information not available"
fi
done
# Check AKS Quota
section "AKS Cluster Quota"
aks_count=$(az aks list --query "length(@)" -o tsv 2>/dev/null || echo "0")
log "Current AKS clusters in subscription: $aks_count"
info "Typical limit: 50 clusters per subscription"
# Check Network Quotas
section "Network Resource Quotas"
# Public IPs
pip_info=$(az network list-usages \
--location "$REGION" \
--query "[?name.value=='PublicIPAddresses'].{Name:name.value, Current:currentValue, Limit:limit}" \
-o json 2>/dev/null || echo "[]")
if [ "$pip_info" != "[]" ] && [ -n "$pip_info" ]; then
pip_current=$(echo "$pip_info" | jq -r '.[0].Current // 0')
pip_limit=$(echo "$pip_info" | jq -r '.[0].Limit // 0')
pip_available=$((pip_limit - pip_current))
needed_pip=5 # Approximate need
if [ $pip_available -ge $needed_pip ]; then
log "Public IPs: $pip_current/$pip_limit used, $pip_available available (need ~$needed_pip) ✓"
else
error "Public IPs: $pip_current/$pip_limit used, only $pip_available available (need ~$needed_pip) ✗"
fi
else
warn "Public IP quota information not available"
fi
# Load Balancers
lb_info=$(az network list-usages \
--location "$REGION" \
--query "[?name.value=='LoadBalancers'].{Name:name.value, Current:currentValue, Limit:limit}" \
-o json 2>/dev/null || echo "[]")
if [ "$lb_info" != "[]" ] && [ -n "$lb_info" ]; then
lb_current=$(echo "$lb_info" | jq -r '.[0].Current // 0')
lb_limit=$(echo "$lb_info" | jq -r '.[0].Limit // 0')
lb_available=$((lb_limit - lb_current))
needed_lb=2 # Approximate need
if [ $lb_available -ge $needed_lb ]; then
log "Load Balancers: $lb_current/$lb_limit used, $lb_available available (need ~$needed_lb) ✓"
else
error "Load Balancers: $lb_current/$lb_limit used, only $lb_available available (need ~$needed_lb) ✗"
fi
else
warn "Load Balancer quota information not available"
fi
# Network Interfaces
nic_info=$(az network list-usages \
--location "$REGION" \
--query "[?name.value=='NetworkInterfaces'].{Name:name.value, Current:currentValue, Limit:limit}" \
-o json 2>/dev/null || echo "[]")
if [ "$nic_info" != "[]" ] && [ -n "$nic_info" ]; then
nic_current=$(echo "$nic_info" | jq -r '.[0].Current // 0')
nic_limit=$(echo "$nic_info" | jq -r '.[0].Limit // 0')
nic_available=$((nic_limit - nic_current))
needed_nic=20 # Approximate need
if [ $nic_available -ge $needed_nic ]; then
log "Network Interfaces: $nic_current/$nic_limit used, $nic_available available (need ~$needed_nic) ✓"
else
error "Network Interfaces: $nic_current/$nic_limit used, only $nic_available available (need ~$needed_nic) ✗"
fi
else
warn "Network Interface quota information not available"
fi
# Storage Accounts
section "Storage Account Quota"
storage_info=$(az storage account list --query "length(@)" -o tsv 2>/dev/null || echo "0")
log "Current storage accounts in subscription: $storage_info"
info "Typical limit: 250 storage accounts per subscription"
echo
section "Summary"
info "Region: $REGION"
info "Review quotas above and request increases if needed"
info "To request quota increase, visit: https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/managesupportrequest"

86
scripts/azure/continue-fix-if-needed.sh Executable file
View File

@@ -0,0 +1,86 @@
#!/usr/bin/env bash
# Continue fix if script didn't complete all steps
set -e
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
TERRAFORM_DIR="$HOME/projects/smom-dbis-138/terraform/well-architected/cloud-sovereignty"
echo "=== Continuing Fix Process ==="
echo ""
# Check if failed clusters still exist
FAILED_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].name" -o tsv 2>/dev/null | wc -l)
CANCELED_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Canceled'].name" -o tsv 2>/dev/null | wc -l)
DELETING_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Deleting'].name" -o tsv 2>/dev/null | wc -l)
echo "Current Status:"
echo " Failed clusters: $FAILED_COUNT"
echo " Canceled clusters: $CANCELED_COUNT"
echo " Deleting clusters: $DELETING_COUNT"
echo ""
if [ "$DELETING_COUNT" -gt 0 ]; then
echo "⏳ Waiting for deletions to complete..."
while [ "$DELETING_COUNT" -gt 0 ]; do
sleep 10
DELETING_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Deleting'].name" -o tsv 2>/dev/null | wc -l)
echo " Still deleting: $DELETING_COUNT clusters..."
done
echo "✅ All deletions complete"
echo ""
fi
# Delete remaining failed clusters
if [ "$FAILED_COUNT" -gt 0 ]; then
echo "Deleting remaining failed clusters..."
az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].{name:name, rg:resourceGroup}" -o json | \
jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo "Deleting: $name"
az aks delete --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" --yes --no-wait 2>&1 | grep -v "^$" || true
done
echo "✅ Deletion initiated for failed clusters"
echo ""
fi
# Delete remaining canceled clusters
if [ "$CANCELED_COUNT" -gt 0 ]; then
echo "Deleting remaining canceled clusters..."
az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Canceled'].{name:name, rg:resourceGroup}" -o json | \
jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo "Deleting: $name"
az aks delete --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" --yes --no-wait 2>&1 | grep -v "^$" || true
done
echo "✅ Deletion initiated for canceled clusters"
echo ""
fi
echo "Waiting 60 seconds for deletions to process..."
sleep 60
echo ""
echo "=== Re-running Terraform Deployment ==="
echo ""
cd "$TERRAFORM_DIR"
echo "Initializing Terraform..."
terraform init -upgrade >/dev/null 2>&1 || true
echo ""
echo "Applying Terraform configuration..."
echo "This will recreate all deleted clusters"
echo ""
terraform apply -parallelism=128 -auto-approve 2>&1 | tee /tmp/terraform-apply-continued.log
echo ""
echo "✅ Fix process complete!"

91
scripts/azure/delete-all-problematic-clusters-parallel.sh Executable file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/env bash
# Delete all failed and canceled clusters in parallel
set -e
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ PARALLEL CLUSTER DELETION ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo ""
# Get all failed clusters
FAILED=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].{name:name, rg:resourceGroup}" -o json)
# Get all canceled clusters
CANCELED=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Canceled'].{name:name, rg:resourceGroup}" -o json)
FAILED_COUNT=$(echo "$FAILED" | jq '. | length')
CANCELED_COUNT=$(echo "$CANCELED" | jq '. | length')
echo "📊 Clusters to delete:"
echo " Failed: $FAILED_COUNT"
echo " Canceled: $CANCELED_COUNT"
echo " Total: $((FAILED_COUNT + CANCELED_COUNT))"
echo ""
if [ "$FAILED_COUNT" -eq 0 ] && [ "$CANCELED_COUNT" -eq 0 ]; then
echo "✅ No clusters to delete"
exit 0
fi
# Delete all failed clusters in parallel
if [ "$FAILED_COUNT" -gt 0 ]; then
echo "🗑️ Deleting $FAILED_COUNT failed clusters in parallel..."
echo "$FAILED" | jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
(
echo " Deleting: $name (RG: $rg)"
az aks delete --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" --yes --no-wait >/dev/null 2>&1
echo " ✅ Deletion initiated: $name"
) &
done
wait
echo ""
fi
# Delete all canceled clusters in parallel
if [ "$CANCELED_COUNT" -gt 0 ]; then
echo "🗑️ Deleting $CANCELED_COUNT canceled clusters in parallel..."
echo "$CANCELED" | jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
(
echo " Deleting: $name (RG: $rg)"
az aks delete --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" --yes --no-wait >/dev/null 2>&1
echo " ✅ Deletion initiated: $name"
) &
done
wait
echo ""
fi
echo "✅ All deletion requests initiated"
echo ""
echo "⏳ Waiting for deletions to complete (this may take 5-15 minutes)..."
echo ""
# Wait for all deletions to complete
TOTAL=$((FAILED_COUNT + CANCELED_COUNT))
DELETING=1
ITERATION=0
while [ "$DELETING" -gt 0 ]; do
ITERATION=$((ITERATION + 1))
# Count clusters still in deleting or failed/canceled state
DELETING=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && (provisioningState == 'Deleting' || provisioningState == 'Failed' || provisioningState == 'Canceled')].name" -o tsv 2>/dev/null | wc -l)
if [ "$DELETING" -gt 0 ]; then
echo " [Iteration $ITERATION] Still deleting: $DELETING clusters remaining..."
sleep 15
fi
done
echo ""
echo "✅ All clusters deleted successfully!"
echo ""
echo "📊 Final Status:"
az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-')].{name:name, state:provisioningState}" -o table 2>/dev/null

192
scripts/azure/fix-deployment-issues.sh Executable file
View File

@@ -0,0 +1,192 @@
#!/usr/bin/env bash
# Comprehensive fix for deployment issues
# Deletes failed/canceled clusters and re-runs Terraform
set -e
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
TERRAFORM_DIR="$PROJECT_ROOT/terraform/well-architected/cloud-sovereignty"
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ DEPLOYMENT FIX - COMPREHENSIVE CLEANUP & REDEPLOYMENT ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Step 1: Delete Failed Clusters (7)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
FAILED_CLUSTERS=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].{name:name, rg:resourceGroup}" -o json)
FAILED_COUNT=$(echo "$FAILED_CLUSTERS" | jq '. | length')
echo "Found $FAILED_COUNT failed clusters to delete"
echo ""
if [ "$FAILED_COUNT" -gt 0 ]; then
echo "$FAILED_CLUSTERS" | jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo "Deleting failed cluster: $name (RG: $rg)"
az aks delete --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" --yes --no-wait 2>&1 | grep -v "^$" || true
echo " ✅ Deletion initiated"
echo ""
done
echo "Waiting for failed cluster deletions to complete..."
sleep 30
# Wait for deletions
echo "$FAILED_CLUSTERS" | jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo -n " Waiting for $name..."
while az aks show --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" >/dev/null 2>&1; do
echo -n "."
sleep 5
done
echo " ✅ Deleted"
done
else
echo "No failed clusters to delete"
fi
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Step 2: Delete Canceled Clusters (16)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
CANCELED_CLUSTERS=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Canceled'].{name:name, rg:resourceGroup}" -o json)
CANCELED_COUNT=$(echo "$CANCELED_CLUSTERS" | jq '. | length')
echo "Found $CANCELED_COUNT canceled clusters to delete"
echo ""
if [ "$CANCELED_COUNT" -gt 0 ]; then
echo "$CANCELED_CLUSTERS" | jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo "Deleting canceled cluster: $name (RG: $rg)"
az aks delete --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" --yes --no-wait 2>&1 | grep -v "^$" || true
echo " ✅ Deletion initiated"
echo ""
done
echo "Waiting for canceled cluster deletions to complete..."
sleep 30
# Wait for deletions (in batches)
BATCH_SIZE=5
BATCH_NUM=0
echo "$CANCELED_CLUSTERS" | jq -r '.[] | "\(.rg)|\(.name)"' | while IFS='|' read -r rg name; do
echo -n " Waiting for $name..."
while az aks show --resource-group "$rg" --name "$name" --subscription "$SUBSCRIPTION_ID" >/dev/null 2>&1; do
echo -n "."
sleep 5
done
echo " ✅ Deleted"
done
else
echo "No canceled clusters to delete"
fi
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Step 3: Clean Terraform State"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
cd "$TERRAFORM_DIR"
echo "Removing deleted clusters from Terraform state..."
echo ""
# Get list of all cluster resources in state
TERRAFORM_STATE_CLUSTERS=$(terraform state list 2>/dev/null | grep "azurerm_kubernetes_cluster" || true)
if [ -n "$TERRAFORM_STATE_CLUSTERS" ]; then
echo "Checking state for cluster resources..."
echo "$TERRAFORM_STATE_CLUSTERS" | while read -r resource; do
CLUSTER_NAME=$(echo "$resource" | sed 's/.*\.main\[.*\]//' || echo "$resource" | awk -F'.' '{print $NF}')
echo " Checking: $resource"
# Try to check if cluster still exists
if echo "$resource" | grep -q "azurerm_kubernetes_cluster"; then
echo " Resource in state: $resource"
fi
done
else
echo "No cluster resources found in Terraform state"
fi
echo ""
echo "Note: Terraform will automatically handle state cleanup during apply"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Step 4: Re-run Terraform Deployment"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Initializing Terraform..."
terraform init -upgrade >/dev/null 2>&1 || true
echo ""
echo "Re-running Terraform deployment..."
echo "This will recreate all deleted clusters with proper configuration"
echo ""
echo "⚠️ This may take 15-30 minutes depending on region availability"
echo ""
# Run Terraform apply with maximum parallelism
terraform apply -parallelism=128 -auto-approve 2>&1 | tee /tmp/terraform-apply-fixed.log
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Step 5: Verify Deployment"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Waiting 30 seconds for clusters to stabilize..."
sleep 30
echo ""
echo "Checking cluster status..."
echo ""
READY_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Succeeded'].name" -o tsv | wc -l)
FAILED_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].name" -o tsv | wc -l)
CREATING_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Creating'].name" -o tsv | wc -l)
echo "📊 Deployment Status:"
echo " ✅ Ready (Succeeded): $READY_COUNT"
echo " ❌ Failed: $FAILED_COUNT"
echo " ⏳ Creating: $CREATING_COUNT"
echo ""
if [ "$CREATING_COUNT" -gt 0 ]; then
echo "⚠️ Some clusters are still creating. Monitor with:"
echo " az aks list --subscription $SUBSCRIPTION_ID --query \"[?contains(name, 'az-p-')].{name:name, state:provisioningState}\" -o table"
fi
if [ "$FAILED_COUNT" -gt 0 ]; then
echo "⚠️ Some clusters failed. Check logs:"
echo " tail -100 /tmp/terraform-apply-fixed.log"
echo " ./scripts/azure/analyze-deployment-failures.sh"
fi
echo ""
echo "✅ Fix process complete!"
echo ""
echo "📝 Logs:"
echo " • Terraform: /tmp/terraform-apply-fixed.log"
echo " • This script: Check output above"
echo ""
echo "🎯 Next Steps:"
echo " 1. Monitor cluster creation: az aks list --query \"[?contains(name, 'az-p-')].{name:name, state:provisioningState}\" -o table"
echo " 2. Once ready, run: ./scripts/deployment/wait-and-run-all-next-steps.sh"
echo ""

55
scripts/azure/fix-resource-group-naming.sh Executable file
View File

@@ -0,0 +1,55 @@
#!/usr/bin/env bash
# Fix Resource Group Naming Conventions
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "==================================================================="
echo " FIXING RESOURCE GROUP NAMING CONVENTIONS"
echo "==================================================================="
# Expected naming convention: {cloud}-{env}-{region}-rg-{type}-{instance}
# Example: az-p-we-rg-comp-001
EXPECTED_PATTERN="^az-[pdt]-[a-z]+-rg-(net|comp|stor|sec|mon|tfstate)-[0-9]{3}$"
log_info "Current Resource Groups:"
az group list --query "[].name" -o tsv | while read -r rg; do
if [[ "$rg" =~ $EXPECTED_PATTERN ]]; then
log_success "$rg (correct)"
else
log_warn "⚠️ $rg (needs review)"
fi
done
log_info "Checking Terraform configuration..."
# Check terraform.tfvars
if [ -f terraform/terraform.tfvars ]; then
RG_NAME=$(grep -E "^resource_group_name" terraform/terraform.tfvars | head -1 | sed 's/.*= *"\([^"]*\)".*/\1/' | tr -d ' ')
if [ -n "$RG_NAME" ] && [ "$RG_NAME" != "" ]; then
if [[ "$RG_NAME" =~ $EXPECTED_PATTERN ]]; then
log_success "✅ terraform.tfvars resource_group_name: $RG_NAME"
else
log_warn "⚠️ terraform.tfvars resource_group_name: $RG_NAME"
echo " Expected pattern: az-p-we-rg-comp-001"
fi
else
log_success "✅ terraform.tfvars uses default naming (empty)"
fi
fi
log_info "Standard naming convention:"
echo " Format: {cloud}-{env}-{region}-rg-{type}-{instance}"
echo " Example: az-p-we-rg-comp-001"
echo " Where:"
echo " cloud = az (Azure)"
echo " env = p (prod), d (dev), t (test), s (staging)"
echo " region = we (westeurope), ne (northeurope), etc."
echo " type = comp (compute), net (network), stor (storage), sec (security), mon (monitoring), tfstate (terraform state)"
echo " instance = 001, 002, etc."

162
scripts/azure/get-all-region-quotas.sh Executable file
View File

@@ -0,0 +1,162 @@
#!/usr/bin/env bash
# Get vCPU quotas for all non-US commercial Azure regions
set -e
echo "=== Azure vCPU Quota Report - Non-US Commercial Regions ==="
echo ""
echo "Querying quotas for all non-US commercial regions..."
echo ""
# Output file
OUTPUT_FILE="docs/AZURE_VCPU_QUOTAS_ALL_REGIONS.md"
echo "# Azure vCPU Quota Report - All Non-US Commercial Regions" > "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "Generated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "## Summary" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "| Region | Display Name | Total vCPUs | Used | Available | Status |" >> "$OUTPUT_FILE"
echo "|--------|--------------|-------------|------|-----------|--------|" >> "$OUTPUT_FILE"
# Track totals
TOTAL_REGIONS=0
TOTAL_QUOTA=0
TOTAL_USED=0
TOTAL_AVAILABLE=0
# Define all non-US commercial regions
REGIONS=(
"westeurope"
"northeurope"
"uksouth"
"ukwest"
"francecentral"
"francesouth"
"germanynorth"
"germanywestcentral"
"switzerlandnorth"
"switzerlandwest"
"italynorth"
"norwayeast"
"norwaywest"
"polandcentral"
"spaincentral"
"swedencentral"
"belgiumcentral"
"australiaeast"
"australiasoutheast"
"eastasia"
"southeastasia"
"centralindia"
"southindia"
"westindia"
"japaneast"
"japanwest"
"koreacentral"
"koreasouth"
"newzealandnorth"
"malaysiawest"
"indonesiacentral"
"uaenorth"
"uaecentral"
"qatarcentral"
"israelcentral"
"southafricanorth"
"southafricawest"
"brazilsouth"
"brazilsoutheast"
"canadacentral"
"canadaeast"
"mexicocentral"
"chilecentral"
)
# Query each region
for region in "${REGIONS[@]}"; do
TOTAL_REGIONS=$((TOTAL_REGIONS + 1))
echo -n "Querying $region... "
# Get quota information - use JSON output for better parsing
QUOTA_JSON=$(az vm list-usage --location "$region" --query "[?name.value=='cores']" -o json 2>/dev/null || echo "[]")
if [ "$QUOTA_JSON" == "[]" ] || [ -z "$QUOTA_JSON" ]; then
echo "❌ Not available or error"
echo "| $region | N/A | N/A | N/A | N/A | ❌ Error/Not Available |" >> "$OUTPUT_FILE"
continue
fi
# Parse JSON using jq if available, otherwise use awk
if command -v jq &> /dev/null; then
CURRENT=$(echo "$QUOTA_JSON" | jq -r '.[0].currentValue // 0')
LIMIT=$(echo "$QUOTA_JSON" | jq -r '.[0].limit // 0')
else
# Fallback to awk parsing
CURRENT=$(echo "$QUOTA_JSON" | grep -o '"currentValue":[0-9]*' | grep -o '[0-9]*' || echo "0")
LIMIT=$(echo "$QUOTA_JSON" | grep -o '"limit":[0-9]*' | grep -o '[0-9]*' || echo "0")
fi
# Validate numbers
if ! [[ "$CURRENT" =~ ^[0-9]+$ ]] || ! [[ "$LIMIT" =~ ^[0-9]+$ ]]; then
echo "❌ Invalid data"
echo "| $region | N/A | N/A | N/A | N/A | ❌ Invalid Data |" >> "$OUTPUT_FILE"
continue
fi
AVAILABLE=$((LIMIT - CURRENT))
# Calculate totals
TOTAL_QUOTA=$((TOTAL_QUOTA + LIMIT))
TOTAL_USED=$((TOTAL_USED + CURRENT))
TOTAL_AVAILABLE=$((TOTAL_AVAILABLE + AVAILABLE))
# Determine status
if [ "$AVAILABLE" -ge 8 ]; then
STATUS="✅ Sufficient (8+ available)"
elif [ "$AVAILABLE" -ge 2 ]; then
STATUS="⚠️ Limited (2-7 available)"
else
STATUS="❌ Insufficient (<2 available)"
fi
# Get region display name
DISPLAY_NAME=$(az account list-locations --query "[?name=='$region'].displayName" -o tsv 2>/dev/null || echo "$region")
echo "$CURRENT/$LIMIT (Available: $AVAILABLE)"
echo "| $region | $DISPLAY_NAME | $LIMIT | $CURRENT | $AVAILABLE | $STATUS |" >> "$OUTPUT_FILE"
done
echo "" >> "$OUTPUT_FILE"
echo "## Totals" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "- **Total Regions Queried**: $TOTAL_REGIONS" >> "$OUTPUT_FILE"
echo "- **Total vCPU Quota**: $TOTAL_QUOTA" >> "$OUTPUT_FILE"
echo "- **Total vCPUs Used**: $TOTAL_USED" >> "$OUTPUT_FILE"
echo "- **Total vCPUs Available**: $TOTAL_AVAILABLE" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "## Deployment Requirements" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "### Per-Region Requirements" >> "$OUTPUT_FILE"
echo "- **System Nodes**: 3 × Standard_D2s_v3 = 6 vCPUs" >> "$OUTPUT_FILE"
echo "- **Validator Nodes**: 1 × Standard_B2s = 2 vCPUs" >> "$OUTPUT_FILE"
echo "- **Total per Region**: 8 vCPUs" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "### Selected Regions for Deployment" >> "$OUTPUT_FILE"
echo "1. West Europe (westeurope)" >> "$OUTPUT_FILE"
echo "2. North Europe (northeurope)" >> "$OUTPUT_FILE"
echo "3. UK South (uksouth)" >> "$OUTPUT_FILE"
echo "4. France Central (francecentral)" >> "$OUTPUT_FILE"
echo "5. Germany West Central (germanywestcentral)" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "## Notes" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"
echo "- Quota is per-region and per-subscription" >> "$OUTPUT_FILE"
echo "- Some regions may not be available in all subscriptions" >> "$OUTPUT_FILE"
echo "- Quota can be increased via Azure Portal or support request" >> "$OUTPUT_FILE"
echo "- Standard_B2s requires 2 vCPUs per validator node" >> "$OUTPUT_FILE"
echo "- Standard_D2s_v3 requires 2 vCPUs per system node" >> "$OUTPUT_FILE"
echo ""
echo "✅ Quota report generated: $OUTPUT_FILE"

4
scripts/azure/get-available-regions.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/usr/bin/env bash
# Get available Azure regions for this subscription
az account list-locations --query "[?metadata.regionType=='Physical'].name" -o tsv | sort

241
scripts/azure/list-all-resources.sh Executable file
View File

@@ -0,0 +1,241 @@
#!/usr/bin/env bash
# List all Azure resources in the subscription using Azure CLI
# REFACTORED - Uses common libraries
# Organizes resources by type and resource group
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
load_env --file "$SCRIPT_DIR/../../.env" ${ENV_PROFILE:+--profile "$ENV_PROFILE"}
SCRIPT_NAME="list-all-resources.sh"
SCRIPT_DESC="List all Azure resources by type and resource group, with Key Vault & AKS detail"
SCRIPT_USAGE="${SCRIPT_NAME} [--json <file>] [--help]"
SCRIPT_OPTIONS="--json <file> Also export full az resource list JSON to file\n--help Show help"
SCRIPT_REQUIREMENTS="Azure CLI (ensure_azure_cli), subscription access"
handle_help "${1:-}"
# Initialize
SUBSCRIPTION_ID="$(get_subscription_id)"
ensure_azure_cli || exit 1
set_subscription "$SUBSCRIPTION_ID" || true
CURRENT_SUB=$(az account show --query id -o tsv)
CURRENT_SUB_NAME=$(az account show --query name -o tsv)
log_section "LISTING ALL AZURE RESOURCES"
log_info "Subscription: $CURRENT_SUB_NAME"
log_info "Subscription ID: $CURRENT_SUB"
echo ""
# Get all resource groups
log_info "Getting resource groups..."
RESOURCE_GROUPS=$(az group list --query "[].name" -o tsv 2>/dev/null)
if [ -z "$RESOURCE_GROUPS" ]; then
log_warn "No resource groups found"
exit 0
fi
RG_COUNT=$(echo "$RESOURCE_GROUPS" | wc -l)
log_success "Found $RG_COUNT resource groups"
echo ""
# Resource type groups
declare -A RESOURCE_TYPES=(
["Key Vaults"]="Microsoft.KeyVault/vaults"
["Kubernetes Clusters"]="Microsoft.ContainerService/managedClusters"
["Virtual Networks"]="Microsoft.Network/virtualNetworks"
["Storage Accounts"]="Microsoft.Storage/storageAccounts"
["Application Gateways"]="Microsoft.Network/applicationGateways"
["Load Balancers"]="Microsoft.Network/loadBalancers"
["Public IPs"]="Microsoft.Network/publicIPAddresses"
["NICs"]="Microsoft.Network/networkInterfaces"
["Subnets"]="Microsoft.Network/virtualNetworks/subnets"
["Log Analytics Workspaces"]="Microsoft.OperationalInsights/workspaces"
["Virtual Machines"]="Microsoft.Compute/virtualMachines"
["Disks"]="Microsoft.Compute/disks"
["Network Security Groups"]="Microsoft.Network/networkSecurityGroups"
["Route Tables"]="Microsoft.Network/routeTables"
)
# Summary statistics
TOTAL_RESOURCES=0
declare -A TYPE_COUNTS
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 RESOURCES BY TYPE"
echo "=" | awk '{printf "%-80s\n", ""}'
echo ""
# List resources by type
for TYPE_NAME in "${!RESOURCE_TYPES[@]}"; do
TYPE_PROVIDER="${RESOURCE_TYPES[$TYPE_NAME]}"
RESOURCES=$(az resource list --resource-type "$TYPE_PROVIDER" --query "[].{Name:name, RG:resourceGroup, Location:location}" -o tsv 2>/dev/null || true)
if [ -n "$RESOURCES" ]; then
COUNT=$(echo "$RESOURCES" | wc -l)
TYPE_COUNTS["$TYPE_NAME"]=$COUNT
TOTAL_RESOURCES=$((TOTAL_RESOURCES + COUNT))
log_info "$TYPE_NAME: $COUNT"
echo "$RESOURCES" | while IFS=$'\t' read -r name rg location; do
if [ -n "$name" ]; then
printf " %-50s | %-30s | %s\n" "$name" "$rg" "$location"
fi
done
echo ""
fi
done
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 RESOURCES BY RESOURCE GROUP"
echo "=" | awk '{printf "%-80s\n", ""}'
echo ""
# List all resources grouped by resource group
TOTAL_BY_RG=0
for RG in $RESOURCE_GROUPS; do
log_info "Resource Group: $RG"
RG_RESOURCES=$(az resource list --resource-group "$RG" --query "[].{Name:name, Type:type, Location:location}" -o tsv 2>/dev/null || true)
if [ -n "$RG_RESOURCES" ]; then
RG_COUNT=$(echo "$RG_RESOURCES" | wc -l)
TOTAL_BY_RG=$((TOTAL_BY_RG + RG_COUNT))
echo "$RG_RESOURCES" | while IFS=$'\t' read -r name type location; do
if [ -n "$name" ]; then
TYPE_SHORT=$(echo "$type" | cut -d'/' -f2- | sed 's|/|/|')
printf " %-50s | %-40s | %s\n" "$name" "$TYPE_SHORT" "$location"
fi
done
echo ""
else
log_warn " (empty)"
echo ""
fi
done
# Get all resources (catch-all for any types not in our list)
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 ALL RESOURCES (SUMMARY)"
echo "=" | awk '{printf "%-80s\n", ""}'
echo ""
ALL_RESOURCES=$(az resource list --query "[].{Name:name, Type:type, RG:resourceGroup, Location:location}" -o tsv 2>/dev/null || true)
if [ -n "$ALL_RESOURCES" ]; then
TOTAL_ALL=$(echo "$ALL_RESOURCES" | wc -l)
echo "Total resources: $TOTAL_ALL"
echo ""
# Count by resource type
log_info "Resources by type:"
echo "$ALL_RESOURCES" | cut -f2 | sort | uniq -c | sort -rn | head -20 | while read count type; do
TYPE_SHORT=$(echo "$type" | cut -d'/' -f2- | sed 's|/|/|')
printf " %4s %s\n" "$count" "$TYPE_SHORT"
done
echo ""
fi
echo "=" | awk '{printf "%-80s\n", ""}'
echo "📊 SUMMARY"
echo "=" | awk '{printf "%-80s\n", ""}'
echo ""
echo "Subscription: $CURRENT_SUB_NAME"
echo "Subscription ID: $CURRENT_SUB"
echo "Resource Groups: $RG_COUNT"
echo "Total Resources (by RG): $TOTAL_BY_RG"
if [ -n "$ALL_RESOURCES" ]; then
echo "Total Resources (all): $TOTAL_ALL"
fi
echo ""
# List Key Vaults separately (most important for this project)
echo "=" | awk '{printf "%-80s\n", ""}'
echo "🔐 KEY VAULTS DETAIL"
echo "=" | awk '{printf "%-80s\n", ""}'
echo ""
KEY_VAULTS=$(az keyvault list --query "[].{Name:name, RG:resourceGroup, Location:location}" -o tsv 2>/dev/null || true)
if [ -n "$KEY_VAULTS" ]; then
KV_COUNT=$(echo "$KEY_VAULTS" | wc -l)
echo "Key Vaults: $KV_COUNT"
echo ""
echo "$KEY_VAULTS" | while IFS=$'\t' read -r name rg location; do
if [ -n "$name" ]; then
echo " Key Vault: $name"
echo " Resource Group: $rg"
echo " Location: $location"
# Get secrets count
SECRETS_COUNT=$(az keyvault secret list --vault-name "$name" --query "length(@)" -o tsv 2>/dev/null || echo "0")
echo " Secrets: $SECRETS_COUNT"
# Get RBAC status
IS_RBAC=$(az keyvault show --name "$name" --query "properties.enableRbacAuthorization" -o tsv 2>/dev/null || echo "false")
echo " RBAC Enabled: $IS_RBAC"
echo ""
fi
done
else
log_warn "No Key Vaults found"
echo ""
fi
# List AKS clusters separately
echo "=" | awk '{printf "%-80s\n", ""}'
echo "☸️ KUBERNETES CLUSTERS DETAIL"
echo "=" | awk '{printf "%-80s\n", ""}'
echo ""
AKS_CLUSTERS=$(az aks list --query "[].{Name:name, RG:resourceGroup, Location:location, Version:kubernetesVersion, Status:powerState.code}" -o tsv 2>/dev/null || true)
if [ -n "$AKS_CLUSTERS" ]; then
AKS_COUNT=$(echo "$AKS_CLUSTERS" | wc -l)
echo "AKS Clusters: $AKS_COUNT"
echo ""
echo "$AKS_CLUSTERS" | while IFS=$'\t' read -r name rg location version status; do
if [ -n "$name" ]; then
echo " Cluster: $name"
echo " Resource Group: $rg"
echo " Location: $location"
echo " Kubernetes Version: $version"
echo " Status: $status"
# Get node pools
NODE_POOLS=$(az aks nodepool list --cluster-name "$name" --resource-group "$rg" --query "[].{Name:name, Count:count, VM:vmSize}" -o tsv 2>/dev/null || true)
if [ -n "$NODE_POOLS" ]; then
echo " Node Pools:"
echo "$NODE_POOLS" | while IFS=$'\t' read -r np_name np_count np_vm; do
if [ -n "$np_name" ]; then
echo " - $np_name: $np_count nodes ($np_vm)"
fi
done
fi
echo ""
fi
done
else
log_warn "No AKS clusters found"
echo ""
fi
# Export to JSON option
if [ "$1" = "--json" ]; then
OUTPUT_FILE="${2:-azure-resources-$(date +%Y%m%d-%H%M%S).json}"
echo "Exporting to JSON: $OUTPUT_FILE"
az resource list --output json > "$OUTPUT_FILE"
log_success "Exported to $OUTPUT_FILE"
echo ""
fi
log_success "Resource listing complete!"
echo ""

69
scripts/azure/monitor-fix-progress.sh Executable file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
# Monitor fix progress and continue if needed
set -e
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ FIX PROGRESS MONITOR ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo ""
# Check current status
FAILED=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].name" -o tsv 2>/dev/null | wc -l)
CANCELED=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Canceled'].name" -o tsv 2>/dev/null | wc -l)
DELETING=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Deleting'].name" -o tsv 2>/dev/null | wc -l)
READY=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Succeeded'].name" -o tsv 2>/dev/null | wc -l)
CREATING=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Creating'].name" -o tsv 2>/dev/null | wc -l)
echo "📊 Current Status:"
echo " ✅ Ready (Succeeded): $READY"
echo " ❌ Failed: $FAILED"
echo " ⚠️ Canceled: $CANCELED"
echo " 🗑️ Deleting: $DELETING"
echo " ⏳ Creating: $CREATING"
echo ""
# If deletions needed, continue deletion
if [ "$FAILED" -gt 0 ] || [ "$CANCELED" -gt 0 ]; then
echo "🗑️ Continuing deletion of problematic clusters..."
cd "$PROJECT_ROOT"
./scripts/azure/delete-all-problematic-clusters-parallel.sh 2>&1 | tee -a /tmp/parallel-delete-monitor.log &
echo "✅ Deletion process started"
echo ""
fi
# Check if Terraform deployment is running
if [ ! -f /tmp/terraform-apply-redeploy.log ]; then
if [ "$DELETING" -eq 0 ] && [ "$FAILED" -eq 0 ] && [ "$CANCELED" -eq 0 ]; then
echo "✅ All deletions complete, starting Terraform deployment..."
cd "$PROJECT_ROOT"
./scripts/azure/wait-and-redeploy.sh 2>&1 | tee /tmp/wait-and-redeploy-monitor.log &
echo "✅ Terraform deployment started"
else
echo "⏳ Waiting for deletions to complete..."
fi
else
echo "✅ Terraform deployment already running or completed"
if tail -5 /tmp/terraform-apply-redeploy.log 2>/dev/null | grep -q "Apply complete"; then
echo "✅ Terraform deployment completed successfully!"
fi
fi
echo ""
echo "📝 Monitor logs:"
echo " tail -f /tmp/parallel-delete*.log"
echo " tail -f /tmp/wait-and-redeploy*.log"
echo " tail -f /tmp/terraform-apply-redeploy.log"
echo ""

69
scripts/azure/standardize-resource-groups.sh Executable file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
# Standardize Resource Group Naming
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "==================================================================="
echo " STANDARDIZING RESOURCE GROUP NAMING"
echo "==================================================================="
# Load environment
if [ -f .env ]; then
source .env 2>/dev/null || true
fi
# Set subscription
if [ -n "$AZURE_SUBSCRIPTION_ID" ]; then
az account set --subscription "$AZURE_SUBSCRIPTION_ID"
log_success "✅ Set subscription to: $AZURE_SUBSCRIPTION_ID"
else
log_warn "⚠️ AZURE_SUBSCRIPTION_ID not set in .env"
fi
log_info "Current Resource Groups:"
# Get all resource groups
az group list --query "[].{Name:name, Location:location}" -o table
log_info "Expected Naming Convention:"
echo " Format: az-{env}-{region}-rg-{type}-{instance}"
echo " Example: az-p-we-rg-comp-001"
# Check terraform.tfvars
if [ -f terraform/terraform.tfvars ]; then
log_info "Checking terraform.tfvars..."
# Check if resource_group_name is set
RG_NAME=$(grep -E "^resource_group_name" terraform/terraform.tfvars | head -1 | sed 's/.*= *"\([^"]*\)".*/\1/' | tr -d ' ')
if [ -n "$RG_NAME" ] && [ "$RG_NAME" != "" ]; then
echo " Current: $RG_NAME"
# Check if it follows convention
if [[ "$RG_NAME" =~ ^az-[pdt]-[a-z]+-rg-(net|comp|stor|sec|mon|tfstate)-[0-9]{3}$ ]]; then
echo -e " ${GREEN}✅ Follows naming convention${NC}"
else
echo -e " ${YELLOW}⚠️ Does not follow naming convention${NC}"
echo " Recommended: Leave empty to use default (az-p-we-rg-comp-001)"
fi
else
echo -e " ${GREEN}✅ Using default naming (empty)${NC}"
echo " Will use: az-p-we-rg-comp-001 (from locals.tf)"
fi
fi
log_info "Recommendations:"
echo "1. Ensure terraform.tfvars resource_group_name is empty (uses default)"
echo "2. Use Well-Architected Framework for multi-RG deployment:"
echo " - az-p-we-rg-net-001 (network)"
echo " - az-p-we-rg-comp-001 (compute)"
echo " - az-p-we-rg-stor-001 (storage)"
echo " - az-p-we-rg-sec-001 (security)"
echo " - az-p-we-rg-mon-001 (monitoring)"
echo "3. For existing non-standard RGs, consider:"
echo " - Migrating resources to properly named RGs"
echo " - Or updating terraform.tfvars to match existing names"

121
scripts/azure/wait-and-redeploy.sh Executable file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/env bash
# Wait for deletions to complete, then redeploy with Terraform
set -e
SUBSCRIPTION_ID="fc08d829-4f14-413d-ab27-ce024425db0b"
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
TERRAFORM_DIR="$PROJECT_ROOT/terraform/well-architected/cloud-sovereignty"
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ WAIT FOR DELETIONS & REDEPLOY ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo ""
echo "⏳ Waiting for all cluster deletions to complete..."
echo ""
MAX_WAIT=1800 # 30 minutes max
ELAPSED=0
CHECK_INTERVAL=15
while [ $ELAPSED -lt $MAX_WAIT ]; do
# Count clusters still in deleting or failed/canceled state
DELETING=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && (provisioningState == 'Deleting' || provisioningState == 'Failed' || provisioningState == 'Canceled')].name" -o tsv 2>/dev/null | wc -l)
if [ "$DELETING" -eq 0 ]; then
echo ""
echo "✅ All problematic clusters deleted!"
break
fi
MINUTES=$((ELAPSED / 60))
SECONDS=$((ELAPSED % 60))
echo " [${MINUTES}m ${SECONDS}s] Still deleting: $DELETING clusters remaining..."
sleep $CHECK_INTERVAL
ELAPSED=$((ELAPSED + CHECK_INTERVAL))
done
if [ $ELAPSED -ge $MAX_WAIT ]; then
echo ""
echo "⚠️ Timeout waiting for deletions. Proceeding anyway..."
fi
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Step 2: Re-run Terraform Deployment"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
cd "$TERRAFORM_DIR"
echo "Initializing Terraform..."
terraform init -upgrade >/dev/null 2>&1 || true
echo ""
echo "Re-running Terraform deployment..."
echo "This will recreate all deleted clusters with proper configuration"
echo ""
echo "⚠️ This will take 15-30 minutes depending on region availability"
echo ""
# Run Terraform apply with maximum parallelism
terraform apply -parallelism=128 -auto-approve 2>&1 | tee /tmp/terraform-apply-redeploy.log
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Step 3: Verify Deployment"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Waiting 30 seconds for clusters to stabilize..."
sleep 30
echo ""
echo "Checking cluster status..."
echo ""
READY_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Succeeded'].name" -o tsv 2>/dev/null | wc -l)
FAILED_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Failed'].name" -o tsv 2>/dev/null | wc -l)
CREATING_COUNT=$(az aks list --subscription "$SUBSCRIPTION_ID" \
--query "[?contains(name, 'az-p-') && provisioningState == 'Creating'].name" -o tsv 2>/dev/null | wc -l)
echo "📊 Deployment Status:"
echo " ✅ Ready (Succeeded): $READY_COUNT"
echo " ❌ Failed: $FAILED_COUNT"
echo " ⏳ Creating: $CREATING_COUNT"
echo ""
if [ "$CREATING_COUNT" -gt 0 ]; then
echo "⚠️ Some clusters are still creating. Monitor with:"
echo " az aks list --subscription $SUBSCRIPTION_ID --query \"[?contains(name, 'az-p-')].{name:name, state:provisioningState}\" -o table"
fi
if [ "$FAILED_COUNT" -gt 0 ]; then
echo "⚠️ Some clusters failed. Check logs:"
echo " tail -100 /tmp/terraform-apply-redeploy.log"
echo " ./scripts/azure/analyze-deployment-failures.sh"
fi
if [ "$READY_COUNT" -ge 20 ]; then
echo ""
echo "✅ Deployment successful! Most clusters are ready."
echo ""
echo "🎯 Next Steps:"
echo " ./scripts/deployment/wait-and-run-all-next-steps.sh"
fi
echo ""
echo "✅ Redeployment process complete!"
echo ""
echo "📝 Logs:"
echo " • Terraform: /tmp/terraform-apply-redeploy.log"
echo " • This script: Check output above"
echo ""

89
scripts/backup/backup-chaindata.sh Executable file
View File

@@ -0,0 +1,89 @@
#!/usr/bin/env bash
# Backup chaindata script for Besu nodes
# This script creates backups of chaindata volumes
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Configuration
NAMESPACE="${NAMESPACE:-besu-network}"
BACKUP_DIR="${BACKUP_DIR:-/backup/chaindata}"
RETENTION_DAYS="${RETENTION_DAYS:-30}"
DATE=$(date +%Y%m%d-%H%M%S)
log_success "Starting chaindata backup"
# Create backup directory
mkdir -p "$BACKUP_DIR"
# Backup validators
log_warn "Backing up validator chaindata..."
VALIDATOR_PODS=$(kubectl get pods -n "$NAMESPACE" -l component=validator -o jsonpath='{.items[*].metadata.name}')
for pod in $VALIDATOR_PODS; do
log_warn "Backing up $pod..."
# Create snapshot
kubectl exec -n "$NAMESPACE" "$pod" -- tar czf - /data/besu > "$BACKUP_DIR/validator-$pod-$DATE.tar.gz"
if [ $? -eq 0 ]; then
log_success "✓ Backup created: validator-$pod-$DATE.tar.gz"
else
log_error "✗ Backup failed for $pod"
fi
done
# Backup RPC nodes (optional - only if using full sync)
log_warn "Backing up RPC chaindata..."
RPC_PODS=$(kubectl get pods -n "$NAMESPACE" -l component=rpc -o jsonpath='{.items[*].metadata.name}')
for pod in $RPC_PODS; do
log_warn "Backing up $pod..."
# Create snapshot
kubectl exec -n "$NAMESPACE" "$pod" -- tar czf - /data/besu > "$BACKUP_DIR/rpc-$pod-$DATE.tar.gz"
if [ $? -eq 0 ]; then
log_success "✓ Backup created: rpc-$pod-$DATE.tar.gz"
else
log_error "✗ Backup failed for $pod"
fi
done
# Clean up old backups
log_warn "Cleaning up old backups (older than $RETENTION_DAYS days)..."
find "$BACKUP_DIR" -name "*.tar.gz" -mtime +$RETENTION_DAYS -delete
log_success "Backup completed"
# Upload to Azure Blob Storage (optional)
if [ -n "$AZURE_STORAGE_ACCOUNT" ] && [ -n "$AZURE_STORAGE_CONTAINER" ]; then
log_warn "Uploading backups to Azure Blob Storage..."
# Install azure-cli if not present
if ! command -v az &> /dev/null; then
log_error "Azure CLI not found. Install it to upload backups."
exit 1
fi
# Upload backups
az storage blob upload-batch \
--account-name "$AZURE_STORAGE_ACCOUNT" \
--destination "$AZURE_STORAGE_CONTAINER" \
--source "$BACKUP_DIR" \
--pattern "*-$DATE.tar.gz"
if [ $? -eq 0 ]; then
log_success "✓ Backups uploaded to Azure Blob Storage"
else
log_error "✗ Upload failed"
fi
fi
log_success "Backup process completed"

74
scripts/backup/restore-chaindata.sh Executable file
View File

@@ -0,0 +1,74 @@
#!/usr/bin/env bash
# Restore chaindata script for Besu nodes
# This script restores chaindata from backups
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Configuration
NAMESPACE="${NAMESPACE:-besu-network}"
BACKUP_DIR="${BACKUP_DIR:-/backup/chaindata}"
BACKUP_FILE="${1:-}"
if [ -z "$BACKUP_FILE" ]; then
log_error "Error: Backup file not specified"
echo "Usage: $0 <backup-file> [pod-name]"
exit 1
fi
if [ ! -f "$BACKUP_FILE" ]; then
log_error "Error: Backup file not found: $BACKUP_FILE"
exit 1
fi
POD_NAME="${2:-}"
if [ -z "$POD_NAME" ]; then
log_warn "Available pods:"
kubectl get pods -n "$NAMESPACE" -l component=validator -o jsonpath='{.items[*].metadata.name}'
read -p "Enter pod name: " POD_NAME
fi
log_warn "Restoring chaindata to $POD_NAME from $BACKUP_FILE"
log_error "WARNING: This will overwrite existing chaindata. Continue? (y/N)"
read -r CONFIRM
if [ "$CONFIRM" != "y" ] && [ "$CONFIRM" != "Y" ]; then
echo "Restore cancelled"
exit 0
fi
# Scale down pod
log_warn "Scaling down pod..."
kubectl scale statefulset --replicas=0 -n "$NAMESPACE" $(kubectl get statefulset -n "$NAMESPACE" -l component=validator -o jsonpath='{.items[0].metadata.name}')
# Wait for pod to terminate
log_warn "Waiting for pod to terminate..."
kubectl wait --for=delete pod/"$POD_NAME" -n "$NAMESPACE" --timeout=300s
# Restore data
log_warn "Restoring chaindata..."
cat "$BACKUP_FILE" | kubectl exec -i -n "$NAMESPACE" "$POD_NAME" -- tar xzf - -C /
if [ $? -eq 0 ]; then
log_success "✓ Chaindata restored"
else
log_error "✗ Restore failed"
exit 1
fi
# Scale up pod
log_warn "Scaling up pod..."
kubectl scale statefulset --replicas=1 -n "$NAMESPACE" $(kubectl get statefulset -n "$NAMESPACE" -l component=validator -o jsonpath='{.items[0].metadata.name}')
# Wait for pod to be ready
log_warn "Waiting for pod to be ready..."
kubectl wait --for=condition=ready pod/"$POD_NAME" -n "$NAMESPACE" --timeout=300s
log_success "Restore completed"

85
scripts/ccip-deployment/deploy-all-ccip-mainnet.sh Executable file
View File

@@ -0,0 +1,85 @@
#!/usr/bin/env bash
# Deploy all CCIP contracts to Ethereum Mainnet
# This script deploys CCIPLogger which receives Chain-138 transactions
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
source "$PROJECT_ROOT/.env"
else
log_error "Error: .env file not found"
exit 1
fi
log_info "=== Deploying CCIP Contracts to Ethereum Mainnet ==="
# Check prerequisites
if [ -z "$PRIVATE_KEY" ]; then
log_error "Error: PRIVATE_KEY not set in .env"
exit 1
fi
if [ -z "$ETHEREUM_MAINNET_RPC" ]; then
log_warn "Warning: ETHEREUM_MAINNET_RPC not set, using default"
fi
# Configuration
CCIP_ETH_ROUTER="${CCIP_ETH_ROUTER:-0x80226fc0Ee2b096224EeAc085Bb9a8cba1146f7D}"
AUTHORIZED_SIGNER="${AUTHORIZED_SIGNER:-}"
CHAIN138_SELECTOR="${CHAIN138_SELECTOR:-0x000000000000008a}"
echo "Configuration:"
echo " CCIP Router (Ethereum): $CCIP_ETH_ROUTER"
echo " Authorized Signer: ${AUTHORIZED_SIGNER:-Not set (optional)}"
echo " Chain-138 Selector: $CHAIN138_SELECTOR"
# Deploy CCIPLogger
log_warn "Deploying CCIPLogger..."
export CCIP_ETH_ROUTER
export AUTHORIZED_SIGNER
export CHAIN138_SELECTOR
npx hardhat run scripts/ccip-deployment/deploy-ccip-logger.js --network mainnet
CCIP_LOGGER_ADDRESS=$(grep "CCIPLogger deployed to:" <<< "$(npx hardhat run scripts/ccip-deployment/deploy-ccip-logger.js --network mainnet 2>&1)" | awk '{print $NF}')
if [ -z "$CCIP_LOGGER_ADDRESS" ]; then
log_error "Error: Failed to extract CCIPLogger address"
exit 1
fi
log_success "✅ CCIPLogger deployed: $CCIP_LOGGER_ADDRESS"
# Update .env
log_warn "Updating .env file..."
if grep -q "CCIP_LOGGER_ETH_ADDRESS=" "$PROJECT_ROOT/.env"; then
sed -i "s|CCIP_LOGGER_ETH_ADDRESS=.*|CCIP_LOGGER_ETH_ADDRESS=$CCIP_LOGGER_ADDRESS|" "$PROJECT_ROOT/.env"
else
echo "CCIP_LOGGER_ETH_ADDRESS=$CCIP_LOGGER_ADDRESS" >> "$PROJECT_ROOT/.env"
fi
if ! grep -q "CCIP_ETH_ROUTER=" "$PROJECT_ROOT/.env"; then
echo "CCIP_ETH_ROUTER=$CCIP_ETH_ROUTER" >> "$PROJECT_ROOT/.env"
fi
if ! grep -q "CHAIN138_SELECTOR=" "$PROJECT_ROOT/.env"; then
echo "CHAIN138_SELECTOR=$CHAIN138_SELECTOR" >> "$PROJECT_ROOT/.env"
fi
log_success "✅ .env file updated"
log_info "=== Deployment Summary ==="
echo "Deployed Contracts:"
echo " CCIPLogger: $CCIP_LOGGER_ADDRESS"
echo "Next Steps:"
echo " 1. Verify contract on Etherscan"
echo " 2. Deploy CCIPTxReporter to Chain-138"
echo " 3. Configure watcher/relayer service"
echo " 4. Start monitoring"

55
scripts/ccip-deployment/deploy-ccip-logger.js Executable file
View File

@@ -0,0 +1,55 @@
const { ethers } = require("hardhat");
require("dotenv").config();
/**
* Deploy CCIPLogger to Ethereum Mainnet
* This contract receives and logs Chain-138 transactions via CCIP
*/
async function main() {
const [deployer] = await ethers.getSigners();
console.log("Deploying CCIPLogger with account:", deployer.address);
console.log("Account balance:", (await ethers.provider.getBalance(deployer.address)).toString());
// Get configuration from environment
const routerAddress = process.env.CCIP_ETH_ROUTER || "0x80226fc0Ee2b096224EeAc085Bb9a8cba1146f7D"; // Official Chainlink CCIP Router on Mainnet
const authorizedSigner = process.env.AUTHORIZED_SIGNER || ethers.ZeroAddress;
const sourceChainSelector = process.env.CHAIN138_SELECTOR || "0x000000000000008a"; // Chain-138 selector (update with actual value from CCIP Directory)
console.log("\nConfiguration:");
console.log(" Router:", routerAddress);
console.log(" Authorized Signer:", authorizedSigner);
console.log(" Source Chain Selector:", sourceChainSelector);
// Deploy CCIPLogger
const CCIPLogger = await ethers.getContractFactory("CCIPLogger");
console.log("\nDeploying CCIPLogger...");
const logger = await CCIPLogger.deploy(
routerAddress,
authorizedSigner,
sourceChainSelector
);
await logger.waitForDeployment();
const loggerAddress = await logger.getAddress();
console.log("\n✅ CCIPLogger deployed to:", loggerAddress);
console.log("\nDeployment details:");
console.log(" Router:", await logger.getRouter());
console.log(" Authorized Signer:", await logger.authorizedSigner());
console.log(" Source Chain Selector:", await logger.expectedSourceChainSelector());
console.log(" Owner:", await logger.owner());
console.log("\n📝 Next steps:");
console.log(" 1. Verify contract on Etherscan:");
console.log(` npx hardhat verify --network mainnet ${loggerAddress} "${routerAddress}" "${authorizedSigner}" "${sourceChainSelector}"`);
console.log(" 2. Update .env with CCIP_LOGGER_ETH_ADDRESS=" + loggerAddress);
console.log(" 3. Deploy CCIPTxReporter to Chain-138 with this address as destination");
}
main()
.then(() => process.exit(0))
.catch((error) => {
console.error(error);
process.exit(1);
});

63
scripts/ccip-deployment/deploy-ccip-reporter.js Executable file
View File

@@ -0,0 +1,63 @@
const { ethers } = require("hardhat");
require("dotenv").config();
/**
* Deploy CCIPTxReporter to Chain-138
* This contract reports Chain-138 transactions to Ethereum Mainnet via CCIP
*/
async function main() {
const [deployer] = await ethers.getSigners();
console.log("Deploying CCIPTxReporter with account:", deployer.address);
console.log("Account balance:", (await ethers.provider.getBalance(deployer.address)).toString());
// Get configuration from environment
const routerAddress = process.env.CCIP_CHAIN138_ROUTER || process.env.CCIP_ROUTER || ethers.ZeroAddress;
const destChainSelector = process.env.ETH_MAINNET_SELECTOR || "0x500147"; // Ethereum Mainnet selector (update with actual value from CCIP Directory)
const destReceiver = process.env.CCIP_LOGGER_ETH_ADDRESS || ethers.ZeroAddress;
if (routerAddress === ethers.ZeroAddress) {
throw new Error("CCIP_ROUTER or CCIP_CHAIN138_ROUTER must be set in .env");
}
if (destReceiver === ethers.ZeroAddress) {
throw new Error("CCIP_LOGGER_ETH_ADDRESS must be set in .env (deploy CCIPLogger first)");
}
console.log("\nConfiguration:");
console.log(" Router (Chain-138):", routerAddress);
console.log(" Destination Chain Selector (Ethereum):", destChainSelector);
console.log(" Destination Receiver (CCIPLogger):", destReceiver);
// Deploy CCIPTxReporter
const CCIPTxReporter = await ethers.getContractFactory("CCIPTxReporter");
console.log("\nDeploying CCIPTxReporter...");
const reporter = await CCIPTxReporter.deploy(
routerAddress,
destChainSelector,
destReceiver
);
await reporter.waitForDeployment();
const reporterAddress = await reporter.getAddress();
console.log("\n✅ CCIPTxReporter deployed to:", reporterAddress);
console.log("\nDeployment details:");
console.log(" Router:", await reporter.router());
console.log(" Destination Chain Selector:", await reporter.destChainSelector());
console.log(" Destination Receiver:", await reporter.destReceiver());
console.log(" Owner:", await reporter.owner());
console.log("\n📝 Next steps:");
console.log(" 1. Verify contract on Chain-138 explorer (if available)");
console.log(" 2. Update .env with CCIP_REPORTER_CHAIN138_ADDRESS=" + reporterAddress);
console.log(" 3. Fund the contract with ETH for CCIP fees");
console.log(" 4. Start the watcher/relayer service");
console.log(" 5. Test with a sample transaction report");
}
main()
.then(() => process.exit(0))
.catch((error) => {
console.error(error);
process.exit(1);
});

26
scripts/ccip-deployment/deploy-ccip-weth10-bridge-chain138.js Normal file
View File

@@ -0,0 +1,26 @@
const hre = require("hardhat");
async function main() {
const [deployer] = await hre.ethers.getSigners();
console.log("Deploying CCIPWETH10Bridge to Chain-138 with account:", deployer.address);
const CCIPRouter = process.env.CCIP_CHAIN138_ROUTER || "";
const WETH10 = process.env.WETH10_ADDRESS || "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f";
const MainnetSelector = process.env.MAINNET_SELECTOR || "5009297550715157269";
if (!CCIPRouter) {
throw new Error("CCIP_CHAIN138_ROUTER environment variable not set");
}
const CCIPWETH10Bridge = await hre.ethers.getContractFactory("CCIPWETH10Bridge");
const bridge = await CCIPWETH10Bridge.deploy(CCIPRouter, WETH10, MainnetSelector);
await bridge.waitForDeployment();
const address = await bridge.getAddress();
console.log("CCIPWETH10Bridge deployed to Chain-138 at:", address);
}
main().catch((error) => {
console.error(error);
process.exitCode = 1;
});

31
scripts/ccip-deployment/deploy-ccip-weth10-bridge-mainnet.js Normal file
View File

@@ -0,0 +1,31 @@
const hre = require("hardhat");
async function main() {
const [deployer] = await hre.ethers.getSigners();
console.log("Deploying CCIPWETH10Bridge to Mainnet with account:", deployer.address);
const CCIPRouter = process.env.CCIP_ETH_ROUTER || "0x80226fc0Ee2b096224EeAc085Bb9a8cba1146f7D";
const WETH10 = process.env.WETH10_ADDRESS || "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f";
const Chain138Selector = process.env.CHAIN138_SELECTOR || "0x000000000000000000000000000000000000008A";
const CCIPWETH10Bridge = await hre.ethers.getContractFactory("CCIPWETH10Bridge");
const bridge = await CCIPWETH10Bridge.deploy(CCIPRouter, WETH10, Chain138Selector);
await bridge.waitForDeployment();
const address = await bridge.getAddress();
console.log("CCIPWETH10Bridge deployed to:", address);
// Verify on Etherscan
if (process.env.ETHERSCAN_API_KEY) {
console.log("Verifying on Etherscan...");
await hre.run("verify:verify", {
address: address,
constructorArguments: [CCIPRouter, WETH10, Chain138Selector],
});
}
}
main().catch((error) => {
console.error(error);
process.exitCode = 1;
});

26
scripts/ccip-deployment/deploy-ccip-weth9-bridge-chain138.js Normal file
View File

@@ -0,0 +1,26 @@
const hre = require("hardhat");
async function main() {
const [deployer] = await hre.ethers.getSigners();
console.log("Deploying CCIPWETH9Bridge to Chain-138 with account:", deployer.address);
const CCIPRouter = process.env.CCIP_CHAIN138_ROUTER || "";
const WETH9 = process.env.WETH9_ADDRESS || "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2";
const MainnetSelector = process.env.MAINNET_SELECTOR || "5009297550715157269";
if (!CCIPRouter) {
throw new Error("CCIP_CHAIN138_ROUTER environment variable not set");
}
const CCIPWETH9Bridge = await hre.ethers.getContractFactory("CCIPWETH9Bridge");
const bridge = await CCIPWETH9Bridge.deploy(CCIPRouter, WETH9, MainnetSelector);
await bridge.waitForDeployment();
const address = await bridge.getAddress();
console.log("CCIPWETH9Bridge deployed to Chain-138 at:", address);
}
main().catch((error) => {
console.error(error);
process.exitCode = 1;
});

31
scripts/ccip-deployment/deploy-ccip-weth9-bridge-mainnet.js Normal file
View File

@@ -0,0 +1,31 @@
const hre = require("hardhat");
async function main() {
const [deployer] = await hre.ethers.getSigners();
console.log("Deploying CCIPWETH9Bridge to Mainnet with account:", deployer.address);
const CCIPRouter = process.env.CCIP_ETH_ROUTER || "0x80226fc0Ee2b096224EeAc085Bb9a8cba1146f7D";
const WETH9 = process.env.WETH9_ADDRESS || "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2";
const Chain138Selector = process.env.CHAIN138_SELECTOR || "0x000000000000000000000000000000000000008A";
const CCIPWETH9Bridge = await hre.ethers.getContractFactory("CCIPWETH9Bridge");
const bridge = await CCIPWETH9Bridge.deploy(CCIPRouter, WETH9, Chain138Selector);
await bridge.waitForDeployment();
const address = await bridge.getAddress();
console.log("CCIPWETH9Bridge deployed to:", address);
// Verify on Etherscan
if (process.env.ETHERSCAN_API_KEY) {
console.log("Verifying on Etherscan...");
await hre.run("verify:verify", {
address: address,
constructorArguments: [CCIPRouter, WETH9, Chain138Selector],
});
}
}
main().catch((error) => {
console.error(error);
process.exitCode = 1;
});

62
scripts/ccip/ccip-configure-destination.sh Executable file
View File

@@ -0,0 +1,62 @@
#!/usr/bin/env bash
# Configure destination mappings on CCIP WETH bridges
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
load_env --file "$SCRIPT_DIR/../../.env" ${ENV_PROFILE:+--profile "$ENV_PROFILE"}
SCRIPT_NAME="ccip-configure-destination.sh"
SCRIPT_DESC="Add/update/remove destination chain mappings on CCIP WETH bridges"
SCRIPT_USAGE="${SCRIPT_NAME} --token {weth9|weth10} --action {add|update|remove} --selector <chainSelector> [--receiver <addr>] --pk <hex> [--rpc <url>] [--help]"
SCRIPT_OPTIONS="--token <name> Bridge token type (weth9|weth10)\n--action <op> add|update|remove\n--selector N Destination chain selector (uint64)\n--receiver ADDR Receiver bridge address (for add/update)\n--pk HEX Admin private key to call bridge\n--rpc URL RPC URL (default: ETHEREUM_MAINNET_RPC or public)\n--help Show help"
SCRIPT_REQUIREMENTS="foundry cast, admin rights on bridge"
handle_help "${1:-}"
TOKEN=""; ACTION=""; SELECTOR=""; RECEIVER=""; PK=""; RPC_URL="${ETHEREUM_MAINNET_RPC:-https://eth.llamarpc.com}"
while [[ $# -gt 0 ]]; do
case "$1" in
--token) TOKEN="$2"; shift 2;;
--action) ACTION="$2"; shift 2;;
--selector) SELECTOR="$2"; shift 2;;
--receiver) RECEIVER="$2"; shift 2;;
--pk) PK="$2"; shift 2;;
--rpc) RPC_URL="$2"; shift 2;;
--help) handle_help "--help";;
*) log_error "Unknown arg: $1"; exit 1;;
esac
done
if [ -z "$TOKEN" ] || [ -z "$ACTION" ] || [ -z "$SELECTOR" ] || [ -z "$PK" ]; then
log_error "Missing required args. See --help"
exit 1
fi
case "$TOKEN" in
weth9) BRIDGE_ADDR="${CCIPWETH9_BRIDGE_MAINNET:?set in .env}";;
weth10) BRIDGE_ADDR="${CCIPWETH10_BRIDGE_MAINNET:?set in .env}";;
*) log_error "Invalid --token: $TOKEN"; exit 1;;
esac
DRY_RUN="${DRY_RUN:-0}"
run() { if [ "$DRY_RUN" = "1" ]; then echo "[DRY RUN] $*"; else "$@"; fi }
case "$ACTION" in
add)
[ -n "$RECEIVER" ] || { log_error "--receiver required for add"; exit 1; }
log_info "Adding destination: selector=$SELECTOR receiver=$RECEIVER"
run cast send --rpc-url "$RPC_URL" --private-key "$PK" "$BRIDGE_ADDR" "addDestination(uint64,address)" "$SELECTOR" "$RECEIVER"
;;
update)
[ -n "$RECEIVER" ] || { log_error "--receiver required for update"; exit 1; }
log_info "Updating destination: selector=$SELECTOR receiver=$RECEIVER"
run cast send --rpc-url "$RPC_URL" --private-key "$PK" "$BRIDGE_ADDR" "updateDestination(uint64,address)" "$SELECTOR" "$RECEIVER"
;;
remove)
log_info "Removing destination: selector=$SELECTOR"
run cast send --rpc-url "$RPC_URL" --private-key "$PK" "$BRIDGE_ADDR" "removeDestination(uint64)" "$SELECTOR"
;;
*)
log_error "Invalid --action: $ACTION"; exit 1;;
esac
log_success "Done"

46
scripts/ccip/ccip-estimate-fee.sh Executable file
View File

@@ -0,0 +1,46 @@
#!/usr/bin/env bash
# Estimate CCIP fee for WETH9/10 bridge using calculateFee
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
load_env --file "$SCRIPT_DIR/../../.env" ${ENV_PROFILE:+--profile "$ENV_PROFILE"}
SCRIPT_NAME="ccip-estimate-fee.sh"
SCRIPT_DESC="Estimate CCIP fee for a WETH bridge to a destination chain"
SCRIPT_USAGE="${SCRIPT_NAME} --token {weth9|weth10} --selector <chainSelector> --amount <wei> [--rpc <url>] [--help]"
SCRIPT_OPTIONS="--token <name> Bridge token type (weth9|weth10)\n--selector N Destination chain selector (uint64)\n--amount WEI Amount of token to send (wei)\n--rpc URL RPC URL (default: ETHEREUM_MAINNET_RPC or public)\n--help Show help"
SCRIPT_REQUIREMENTS="foundry cast, CCIP bridges deployed"
handle_help "${1:-}"
ensure_azure_cli >/dev/null 2>&1 || true
TOKEN=""; SELECTOR=""; AMOUNT=""; RPC_URL="${ETHEREUM_MAINNET_RPC:-https://eth.llamarpc.com}"
while [[ $# -gt 0 ]]; do
case "$1" in
--token) TOKEN="$2"; shift 2;;
--selector) SELECTOR="$2"; shift 2;;
--amount) AMOUNT="$2"; shift 2;;
--rpc) RPC_URL="$2"; shift 2;;
--help) handle_help "--help";;
*) log_error "Unknown arg: $1"; exit 1;;
esac
done
if [ -z "$TOKEN" ] || [ -z "$SELECTOR" ] || [ -z "$AMOUNT" ]; then
log_error "Missing required args. See --help"
exit 1
fi
case "$TOKEN" in
weth9) BRIDGE_ADDR="${CCIPWETH9_BRIDGE_MAINNET:?set in .env}";;
weth10) BRIDGE_ADDR="${CCIPWETH10_BRIDGE_MAINNET:?set in .env}";;
*) log_error "Invalid --token: $TOKEN"; exit 1;;
esac
log_info "Bridge: $BRIDGE_ADDR"
log_info "Selector: $SELECTOR"
log_info "Amount: $AMOUNT wei"
FEE=$(cast call --rpc-url "$RPC_URL" "$BRIDGE_ADDR" "calculateFee(uint64,uint256)(uint256)" "$SELECTOR" "$AMOUNT")
log_success "Estimated fee (feeToken): $FEE wei"
echo "$FEE"

73
scripts/ccip/ccip-send.sh Executable file
View File

@@ -0,0 +1,73 @@
#!/usr/bin/env bash
# Send WETH9/10 cross-chain via CCIP bridge
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
load_env --file "$SCRIPT_DIR/../../.env" ${ENV_PROFILE:+--profile "$ENV_PROFILE"}
SCRIPT_NAME="ccip-send.sh"
SCRIPT_DESC="Approve fee/token and call sendCrossChain for WETH bridge"
SCRIPT_USAGE="${SCRIPT_NAME} --token {weth9|weth10} --selector <chainSelector> --recipient <address> --amount <wei> --pk <hex> [--rpc <url>] [--help]"
SCRIPT_OPTIONS="--token <name> Bridge token type (weth9|weth10)\n--selector N Destination chain selector (uint64)\n--recipient ADDR Recipient address on destination chain\n--amount WEI Amount of token to send (wei)\n--pk HEX Deployer private key (0x...)\n--rpc URL RPC URL (default: ETHEREUM_MAINNET_RPC or public)\n--help Show help"
SCRIPT_REQUIREMENTS="foundry cast, LINK balance for fees, token allowance"
handle_help "${1:-}"
ensure_azure_cli >/dev/null 2>&1 || true
TOKEN=""; SELECTOR=""; RECIPIENT=""; AMOUNT=""; PK=""; RPC_URL="${ETHEREUM_MAINNET_RPC:-https://eth.llamarpc.com}"
while [[ $# -gt 0 ]]; do
case "$1" in
--token) TOKEN="$2"; shift 2;;
--selector) SELECTOR="$2"; shift 2;;
--recipient) RECIPIENT="$2"; shift 2;;
--amount) AMOUNT="$2"; shift 2;;
--pk) PK="$2"; shift 2;;
--rpc) RPC_URL="$2"; shift 2;;
--help) handle_help "--help";;
*) log_error "Unknown arg: $1"; exit 1;;
esac
done
if [ -z "$TOKEN" ] || [ -z "$SELECTOR" ] || [ -z "$RECIPIENT" ] || [ -z "$AMOUNT" ] || [ -z "$PK" ]; then
log_error "Missing required args. See --help"
exit 1
fi
case "$TOKEN" in
weth9)
BRIDGE_ADDR="${CCIPWETH9_BRIDGE_MAINNET:?set in .env}"
TOKEN_ADDR="${WETH9_ADDRESS:?set in .env}"
;;
weth10)
BRIDGE_ADDR="${CCIPWETH10_BRIDGE_MAINNET:?set in .env}"
TOKEN_ADDR="${WETH10_ADDRESS:?set in .env}"
;;
*) log_error "Invalid --token: $TOKEN"; exit 1;;
esac
FEE_TOKEN="${CCIP_FEE_TOKEN:?LINK address in .env}"
log_section "CCIP SEND"
log_info "Bridge: $BRIDGE_ADDR"
log_info "Token: $TOKEN ($TOKEN_ADDR)"
log_info "Fee Token: $FEE_TOKEN"
log_info "Selector: $SELECTOR"
log_info "Recipient: $RECIPIENT"
log_info "Amount: $AMOUNT"
DRY_RUN="${DRY_RUN:-0}"
run() { if [ "$DRY_RUN" = "1" ]; then echo "[DRY RUN] $*"; else "$@"; fi }
# Approve LINK fee to router via bridge (bridge approves downstream internally; here user approves bridge to pull fee)
log_subsection "Approving LINK fee allowance to bridge"
run cast send --rpc-url "$RPC_URL" --private-key "$PK" "$FEE_TOKEN" "approve(address,uint256)(bool)" "$BRIDGE_ADDR" 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff >/dev/null
# Approve WETH to bridge
log_subsection "Approving token allowance to bridge"
run cast send --rpc-url "$RPC_URL" --private-key "$PK" "$TOKEN_ADDR" "approve(address,uint256)(bool)" "$BRIDGE_ADDR" "$AMOUNT" >/dev/null
# Call sendCrossChain
log_subsection "Calling sendCrossChain"
TX_HASH=$(run cast send --rpc-url "$RPC_URL" --private-key "$PK" "$BRIDGE_ADDR" "sendCrossChain(uint64,address,uint256)(bytes32)" "$SELECTOR" "$RECIPIENT" "$AMOUNT" | awk '/Transaction/ {print $2}' || true)
log_success "Submitted. Tx: ${TX_HASH:-(see output)}"
echo "$TX_HASH"

53
scripts/ccip/ccip-status.sh Executable file
View File

@@ -0,0 +1,53 @@
#!/usr/bin/env bash
# Show CCIP bridge status/config
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
load_env --file "$SCRIPT_DIR/../../.env" ${ENV_PROFILE:+--profile "$ENV_PROFILE"}
SCRIPT_NAME="ccip-status.sh"
SCRIPT_DESC="Display CCIP WETH bridge configuration and status"
SCRIPT_USAGE="${SCRIPT_NAME} --token {weth9|weth10} [--user <address>] [--rpc <url>] [--help]"
SCRIPT_OPTIONS="--token <name> Bridge token type (weth9|weth10)\n--user ADDR Show nonce for user\n--rpc URL RPC URL (default: ETHEREUM_MAINNET_RPC or public)\n--help Show help"
SCRIPT_REQUIREMENTS="foundry cast"
handle_help "${1:-}"
TOKEN=""; USER=""; RPC_URL="${ETHEREUM_MAINNET_RPC:-https://eth.llamarpc.com}"
while [[ $# -gt 0 ]]; do
case "$1" in
--token) TOKEN="$2"; shift 2;;
--user) USER="$2"; shift 2;;
--rpc) RPC_URL="$2"; shift 2;;
--help) handle_help "--help";;
*) log_error "Unknown arg: $1"; exit 1;;
esac
done
case "$TOKEN" in
weth9) BRIDGE_ADDR="${CCIPWETH9_BRIDGE_MAINNET:?set in .env}";;
weth10) BRIDGE_ADDR="${CCIPWETH10_BRIDGE_MAINNET:?set in .env}";;
*) log_error "--token required as weth9|weth10"; exit 1;;
esac
log_section "CCIP STATUS ($TOKEN)"
echo "Bridge: $BRIDGE_ADDR"
printf "ccipRouter: %s\n" "$(cast call --rpc-url "$RPC_URL" "$BRIDGE_ADDR" "ccipRouter()(address)")"
printf "feeToken: %s\n" "$(cast call --rpc-url "$RPC_URL" "$BRIDGE_ADDR" "feeToken()(address)")"
echo
echo "Destination chains:"
selectors_json=$(cast call --rpc-url "$RPC_URL" "$BRIDGE_ADDR" "getDestinationChains()(uint64[])" | sed 's/^\[\|\]$//g')
if [ -z "$selectors_json" ]; then
echo " (none)"
else
IFS=',' read -ra arr <<< "$selectors_json"
for s in "${arr[@]}"; do
s_trim="$(echo "$s" | xargs)"
echo " - $s_trim"
done
fi
if [ -n "$USER" ]; then
echo
printf "User nonce (%s): %s\n" "$USER" "$(cast call --rpc-url "$RPC_URL" "$BRIDGE_ADDR" "getUserNonce(address)(uint256)" "$USER")"
fi
log_success "OK"

60
scripts/check-dplsv6-quota.sh Executable file
View File

@@ -0,0 +1,60 @@
#!/usr/bin/env bash
set -euo pipefail
# Optional: lock to a specific subscription (otherwise uses your default)
# az account set --subscription "<YOUR_SUBSCRIPTION_ID>"
regions=(
australiacentral
australiaeast
australiasoutheast
austriaeast
belgiumcentral
brazilsouth
canadacentral
canadaeast
centralindia
chilecentral
eastasia
francecentral
germanywestcentral
indonesiacentral
israelcentral
italynorth
japaneast
japanwest
koreacentral
koreasouth
malaysiawest
mexicocentral
newzealandnorth
northeurope
polandcentral
qatarcentral
southafricanorth
southindia
southeastasia
spaincentral
swedencentral
switzerlandnorth
uaenorth
uksouth
ukwest
westeurope
westindia
)
echo "Checking Standard Dplsv6 Family vCPU usage and limits across ${#regions[@]} regions..."
echo
for region in "${regions[@]}"; do
echo "=============================="
echo "Region: $region"
az vm list-usage \
--location "$region" \
--query "[?contains(name.value, 'standardDplsv6Family')].{Name:name.localizedValue,Usage:currentValue,Limit:limit}" \
-o table
echo
done

72
scripts/check_dplsv6_usage_all.sh Executable file
View File

@@ -0,0 +1,72 @@
#!/usr/bin/env bash
set -euo pipefail
# Optional: set your subscription first if needed:
# az account set --subscription "$SUB"
REGIONS=(
australiacentral
australiaeast
australiasoutheast
austriaeast
belgiumcentral
brazilsouth
canadacentral
canadaeast
centralindia
chilecentral
eastasia
francecentral
germanywestcentral
indonesiacentral
israelcentral
italynorth
japaneast
japanwest
koreacentral
koreasouth
malaysiawest
mexicocentral
newzealandnorth
northeurope
polandcentral
qatarcentral
southafricanorth
southafricawest
southeastasia
southindia
spaincentral
switzerlandnorth
switzerlandwest
uaecentral
uaenorth
uksouth
ukwest
westeurope
westindia
)
OUT_DIR=$(dirname "$0")/../reports
OUT_FILE="$OUT_DIR/dplsv6_usage.tsv"
mkdir -p "$OUT_DIR"
printf "Region\tName\tUsage\tLimit\n" > "$OUT_FILE"
for region in "${REGIONS[@]}"; do
echo "Checking ${region}..." 1>&2
# Use legacy VM usage API; filter any rows whose name contains Dpl and v6 (covers Dplsv6/Dpldsv6, etc.)
# Output as TSV with columns: Name (localized), Usage, Limit
az vm list-usage --location "${region}" \
--output tsv \
--query "[].{Name:name.localizedValue,Usage:currentValue,Limit:limit}" \
| awk -v R="${region}" -F $'\t' 'tolower($1) ~ /dpl/ && tolower($1) ~ /v6/ { print R"\t"$1"\t"$2"\t"$3 }' \
>> "${OUT_FILE}" || true
# be gentle with API
sleep 0.2
done
echo "Saved Dplsv6 usage report to: ${OUT_FILE}"
echo
echo "--- Dplsv6 usage per region (first 80 lines) ---"
column -t -s $'\t' "${OUT_FILE}" | sed -n '1,80p'

165
scripts/cloudflare/update-dns-to-proxy.sh Executable file
View File

@@ -0,0 +1,165 @@
#!/usr/bin/env bash
# Update Cloudflare DNS records to point to Nginx Proxy only
# Uses .env file for Cloudflare secrets
# Never exposes backend IP addresses
set -e
# Source .env file
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
if [ -f "$PROJECT_ROOT/.env" ]; then
source "$PROJECT_ROOT/.env"
else
echo "❌ Error: .env file not found at $PROJECT_ROOT/.env"
exit 1
fi
# Check required variables
if [ -z "$CLOUDFLARE_ZONE_ID" ] || [ -z "$CLOUDFLARE_API_TOKEN" ] || [ -z "$CLOUDFLARE_DOMAIN" ]; then
echo "❌ Error: Missing Cloudflare configuration in .env"
echo " Required: CLOUDFLARE_ZONE_ID, CLOUDFLARE_API_TOKEN, CLOUDFLARE_DOMAIN"
exit 1
fi
# Nginx Proxy IP (should be from .env or environment)
NGINX_PROXY_IP="${NGINX_PROXY_IP:-20.160.58.99}"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔧 Updating Cloudflare DNS to Nginx Proxy Only"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "📋 Configuration:"
echo " • Zone ID: ${CLOUDFLARE_ZONE_ID:0:8}..."
echo " • Domain: $CLOUDFLARE_DOMAIN"
echo " • Nginx Proxy IP: $NGINX_PROXY_IP"
echo ""
# Function to get all DNS record IDs for a subdomain
get_all_record_ids() {
local subdomain=$1
curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records?name=$subdomain&type=A" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" | \
python3 -c "
import sys, json
data = json.load(sys.stdin)
if data.get('success') and data.get('result'):
for record in data['result']:
print(record['id'])
" 2>/dev/null || echo ""
}
# Function to update DNS record
update_record() {
local subdomain=$1
local ip=$2
local proxied=${3:-true}
echo " Updating $subdomain$ip (proxied: $proxied)..."
# Get all existing records
RECORD_IDS=$(get_all_record_ids "$subdomain")
if [ -z "$RECORD_IDS" ]; then
echo " ⚠️ No existing record found, creating new..."
# Create new record
RESPONSE=$(curl -s -X POST "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data "{\"type\":\"A\",\"name\":\"$subdomain\",\"content\":\"$ip\",\"ttl\":1,\"proxied\":$proxied}")
if echo "$RESPONSE" | python3 -c "import sys, json; data=json.load(sys.stdin); sys.exit(0 if data.get('success') else 1)" 2>/dev/null; then
echo " ✅ Created new record"
return 0
else
echo " ❌ Failed to create record"
echo "$RESPONSE" | python3 -m json.tool 2>/dev/null | head -10
return 1
fi
else
# Update or delete existing records
FIRST=true
for RECORD_ID in $RECORD_IDS; do
if [ "$FIRST" = true ]; then
# Update first record to proxy IP
RESPONSE=$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/$RECORD_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" \
--data "{\"content\":\"$ip\",\"ttl\":1,\"proxied\":$proxied}")
if echo "$RESPONSE" | python3 -c "import sys, json; data=json.load(sys.stdin); sys.exit(0 if data.get('success') else 1)" 2>/dev/null; then
echo " ✅ Updated record $RECORD_ID"
FIRST=false
else
echo " ❌ Failed to update record $RECORD_ID"
echo "$RESPONSE" | python3 -m json.tool 2>/dev/null | head -10
return 1
fi
else
# Delete duplicate records
RESPONSE=$(curl -s -X DELETE "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records/$RECORD_ID" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json")
if echo "$RESPONSE" | python3 -c "import sys, json; data=json.load(sys.stdin); sys.exit(0 if data.get('success') else 1)" 2>/dev/null; then
echo " ✅ Deleted duplicate record $RECORD_ID"
else
echo " ⚠️ Failed to delete record $RECORD_ID (may not exist)"
fi
fi
done
return 0
fi
}
# Services that should point to Nginx Proxy (proxied through Cloudflare)
declare -a PROXIED_SERVICES=(
"explorer.d-bis.org"
"besu.d-bis.org"
"blockscout.d-bis.org"
"monitoring.d-bis.org"
"wallet.d-bis.org"
"d-bis.org"
"www.d-bis.org"
)
# Services that should NOT be proxied (direct IP, but still through proxy)
declare -a DIRECT_SERVICES=(
"rpc.d-bis.org"
"metrics.d-bis.org"
"api.d-bis.org"
"docs.d-bis.org"
"grafana.d-bis.org"
"prometheus.d-bis.org"
"tessera.d-bis.org"
"ws.d-bis.org"
)
echo "🔧 Updating proxied services (through Cloudflare):"
for service in "${PROXIED_SERVICES[@]}"; do
update_record "$service" "$NGINX_PROXY_IP" "true"
done
echo ""
echo "🔧 Updating direct services (still via proxy, not proxied by CF):"
for service in "${DIRECT_SERVICES[@]}"; do
update_record "$service" "$NGINX_PROXY_IP" "false"
done
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "✅ DNS Update Complete"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "📋 Summary:"
echo " • All services now point to Nginx Proxy: $NGINX_PROXY_IP"
echo " • Duplicate records removed"
echo " • Backend IPs never exposed"
echo ""
echo "⏳ Wait 1-5 minutes for DNS propagation"
echo "🧪 Test with: dig explorer.d-bis.org"
echo ""

72
scripts/cloudflare/verify-dns.sh Executable file
View File

@@ -0,0 +1,72 @@
#!/usr/bin/env bash
# Verify Cloudflare DNS records point to Nginx Proxy only
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
if [ -f "$PROJECT_ROOT/.env" ]; then
source "$PROJECT_ROOT/.env"
else
echo "❌ Error: .env file not found"
exit 1
fi
NGINX_PROXY_IP="${NGINX_PROXY_IP:-20.160.58.99}"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔍 Verifying Cloudflare DNS Configuration"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Expected Nginx Proxy IP: $NGINX_PROXY_IP"
echo ""
declare -a SERVICES=(
"explorer.d-bis.org"
"besu.d-bis.org"
"blockscout.d-bis.org"
"monitoring.d-bis.org"
"wallet.d-bis.org"
"d-bis.org"
"www.d-bis.org"
"rpc.d-bis.org"
"metrics.d-bis.org"
"api.d-bis.org"
)
ERRORS=0
for service in "${SERVICES[@]}"; do
echo -n "Checking $service... "
# Get DNS records from Cloudflare API
RECORDS=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$CLOUDFLARE_ZONE_ID/dns_records?name=$service&type=A" \
-H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
-H "Content-Type: application/json" 2>/dev/null)
RECORD_COUNT=$(echo "$RECORDS" | python3 -c "import sys, json; data=json.load(sys.stdin); print(len(data.get('result', [])))" 2>/dev/null || echo "0")
if [ "$RECORD_COUNT" = "0" ]; then
echo "⚠️ No A records found"
((ERRORS++))
elif [ "$RECORD_COUNT" = "1" ]; then
RECORD_IP=$(echo "$RECORDS" | python3 -c "import sys, json; data=json.load(sys.stdin); print(data['result'][0]['content'])" 2>/dev/null || echo "")
if [ "$RECORD_IP" = "$NGINX_PROXY_IP" ]; then
echo "✅ OK ($RECORD_IP)"
else
echo "❌ Wrong IP: $RECORD_IP (expected $NGINX_PROXY_IP)"
((ERRORS++))
fi
else
echo "⚠️ Multiple records found ($RECORD_COUNT) - duplicates exist"
((ERRORS++))
fi
done
echo ""
if [ $ERRORS -eq 0 ]; then
echo "✅ All DNS records correctly point to Nginx Proxy"
else
echo "⚠️ Found $ERRORS issues - run update-dns-to-proxy.sh to fix"
fi
echo ""

315
scripts/configure-network-advanced.py Executable file
View File

@@ -0,0 +1,315 @@
#!/usr/bin/env python3
"""
Advanced Interactive CLI for configuring Besu network
Extended version with additional configuration options
"""
import json
import os
import sys
import shutil
from pathlib import Path
from typing import Dict, Any, List, Optional
import subprocess
import re
import base64
# Import base configuration tool
sys.path.insert(0, str(Path(__file__).parent))
from configure_network import NetworkConfigurator, Colors, print_header, print_success, print_error, print_warning, print_info
class AdvancedNetworkConfigurator(NetworkConfigurator):
"""Extended network configurator with advanced options"""
def collect_security_config(self):
"""Collect security configuration"""
print_header("Security Configuration")
self.config['security'] = {
'enableNetworkPolicies': input_yes_no("Enable Kubernetes Network Policies", True),
'enableRBAC': input_yes_no("Enable RBAC", True),
'enablePodSecurity': input_yes_no("Enable Pod Security Standards", True),
'enableWAF': input_yes_no("Enable Web Application Firewall (WAF)", True),
}
# Key management
print_info("\nKey Management")
self.config['security']['keyManagement'] = {
'useAzureKeyVault': input_yes_no("Use Azure Key Vault", True),
'enableKeyRotation': input_yes_no("Enable key rotation", False),
'keyRotationInterval': input_int("Key rotation interval (days)", 90, 1, 365) if self.config['security']['keyManagement']['enableKeyRotation'] else 0,
}
# Access control
print_info("\nAccess Control")
self.config['security']['accessControl'] = {
'enableIPWhitelist': input_yes_no("Enable IP whitelisting", False),
'adminIPs': input_with_default("Admin IPs (comma-separated)", "").split(',') if input_yes_no("Enable IP whitelisting", False) else [],
}
print_success("Security configuration collected")
def collect_monitoring_config(self):
"""Collect monitoring configuration"""
print_header("Monitoring Configuration")
self.config['monitoring'] = {
'enabled': input_yes_no("Enable monitoring", True),
'prometheus': {
'enabled': input_yes_no("Enable Prometheus", True),
'retention': input_with_default("Retention period", "30d"),
'scrapeInterval': input_with_default("Scrape interval", "30s"),
},
'grafana': {
'enabled': input_yes_no("Enable Grafana", True),
'adminPassword': input_with_default("Grafana admin password", "admin"),
},
'loki': {
'enabled': input_yes_no("Enable Loki", True),
'retention': input_with_default("Retention period", "7d"),
},
'alertmanager': {
'enabled': input_yes_no("Enable Alertmanager", True),
},
}
# Alerting
if self.config['monitoring']['alertmanager']['enabled']:
print_info("\nAlert Configuration")
self.config['monitoring']['alerts'] = {
'email': input_with_default("Alert email", ""),
'slackWebhook': input_with_default("Slack webhook URL", ""),
}
print_success("Monitoring configuration collected")
def collect_backup_config(self):
"""Collect backup configuration"""
print_header("Backup Configuration")
self.config['backup'] = {
'enabled': input_yes_no("Enable backups", True),
'frequency': input_with_default("Backup frequency (daily/weekly/monthly)", "daily",
lambda x: x in ['daily', 'weekly', 'monthly']),
'retention': input_int("Retention period (days)", 30, 1, 365),
'storageAccount': input_with_default("Storage account name", ""),
'storageContainer': input_with_default("Storage container name", "backups"),
}
print_success("Backup configuration collected")
def collect_oracle_config(self):
"""Collect oracle publisher configuration"""
print_header("Oracle Publisher Configuration")
self.config['oracle'] = {
'enabled': input_yes_no("Enable oracle publisher", True),
'publisherCount': input_int("Number of oracle publishers", 1, 1, 10) if input_yes_no("Enable oracle publisher", True) else 0,
'updateInterval': input_int("Update interval (seconds)", 60, 1, 3600),
'aggregatorAddress': input_with_default("Aggregator contract address", "0x0"),
}
print_success("Oracle configuration collected")
def generate_permissions_config(self):
"""Generate permissions configuration files"""
# Permissions nodes
permissions_nodes = {
'nodes-allowlist': []
}
# Add validator and sentry nodes to allowlist
# This would be populated with actual node enodes after deployment
permissions_nodes_file = self.project_root / "config" / "permissions-nodes.toml"
permissions_nodes_file.parent.mkdir(parents=True, exist_ok=True)
with open(permissions_nodes_file, 'w') as f:
f.write("# Permissions Nodes Configuration\n")
f.write("# Generated by configure-network.py\n\n")
f.write("nodes-allowlist=[]\n")
f.write("# Add node enodes here after deployment\n")
print_success(f"Generated {permissions_nodes_file}")
# Permissions accounts
permissions_accounts = {
'accounts-allowlist': []
}
permissions_accounts_file = self.project_root / "config" / "permissions-accounts.toml"
permissions_accounts_file.parent.mkdir(parents=True, exist_ok=True)
with open(permissions_accounts_file, 'w') as f:
f.write("# Permissions Accounts Configuration\n")
f.write("# Generated by configure-network.py\n\n")
f.write("accounts-allowlist=[]\n")
f.write("# Add allowed account addresses here\n")
print_success(f"Generated {permissions_accounts_file}")
def generate_static_nodes(self):
"""Generate static nodes configuration"""
static_nodes = []
# This would be populated with actual node enodes after deployment
static_nodes_file = self.project_root / "config" / "static-nodes.json"
static_nodes_file.parent.mkdir(parents=True, exist_ok=True)
with open(static_nodes_file, 'w') as f:
json.dump(static_nodes, f, indent=2)
print_success(f"Generated {static_nodes_file}")
print_info("Note: Add node enodes to this file after deployment")
def generate_k8s_network_policies(self):
"""Generate Kubernetes Network Policies"""
if not self.config.get('security', {}).get('enableNetworkPolicies', False):
return
network_policies_dir = self.project_root / "k8s" / "network-policies"
network_policies_dir.mkdir(parents=True, exist_ok=True)
# Default deny policy
default_deny = """apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: besu-network
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
"""
default_deny_file = network_policies_dir / "default-deny.yaml"
with open(default_deny_file, 'w') as f:
f.write(default_deny)
print_success(f"Generated {default_deny_file}")
def generate_monitoring_config(self):
"""Generate monitoring configuration files"""
if not self.config.get('monitoring', {}).get('enabled', False):
return
monitoring_dir = self.project_root / "monitoring"
monitoring_dir.mkdir(parents=True, exist_ok=True)
# Prometheus configuration
if self.config['monitoring']['prometheus']['enabled']:
prometheus_config = {
'global': {
'scrape_interval': self.config['monitoring']['prometheus']['scrapeInterval'],
'evaluation_interval': '30s',
},
'scrape_configs': [
{
'job_name': 'besu',
'static_configs': [
{
'targets': ['besu-validators:9545', 'besu-sentries:9545', 'besu-rpc:9545']
}
]
}
]
}
prometheus_file = monitoring_dir / "prometheus" / "prometheus.yml"
prometheus_file.parent.mkdir(parents=True, exist_ok=True)
with open(prometheus_file, 'w') as f:
import yaml
yaml.dump(prometheus_config, f, default_flow_style=False)
print_success(f"Generated {prometheus_file}")
def generate_backup_config(self):
"""Generate backup configuration"""
if not self.config.get('backup', {}).get('enabled', False):
return
backup_dir = self.project_root / "scripts" / "backup"
backup_dir.mkdir(parents=True, exist_ok=True)
backup_config = {
'frequency': self.config['backup']['frequency'],
'retention': self.config['backup']['retention'],
'storageAccount': self.config['backup']['storageAccount'],
'storageContainer': self.config['backup']['storageContainer'],
}
backup_config_file = backup_dir / "backup-config.json"
with open(backup_config_file, 'w') as f:
json.dump(backup_config, f, indent=2)
print_success(f"Generated {backup_config_file}")
def run(self):
"""Run the advanced configuration process"""
try:
print_header("Advanced Besu Network Configuration Tool")
print_info("This tool will help you configure all necessary files for your Besu network.")
print_warning("Existing configuration files will be backed up.")
if not input_yes_no("Continue?", True):
print_info("Configuration cancelled")
return
# Backup existing files
self.backup_existing_files()
# Collect configuration (base + advanced)
self.collect_genesis_config()
self.collect_network_config()
self.collect_besu_config()
self.collect_deployment_config()
self.collect_security_config()
self.collect_monitoring_config()
self.collect_backup_config()
self.collect_oracle_config()
# Generate files (base + advanced)
print_header("Generating Configuration Files")
self.generate_genesis_json()
self.generate_besu_config('validators')
self.generate_besu_config('sentries')
self.generate_besu_config('rpc')
self.generate_terraform_vars()
self.generate_helm_values()
self.generate_permissions_config()
self.generate_static_nodes()
self.generate_k8s_network_policies()
self.generate_monitoring_config()
self.generate_backup_config()
self.generate_config_summary()
print_header("Configuration Complete")
print_success("All configuration files have been generated successfully!")
print_info(f"Configuration summary: {self.project_root / 'CONFIG_SUMMARY.md'}")
print_info(f"Backup directory: {self.backup_dir}")
print_warning("Please review the generated files before deploying.")
print_info("Next steps:")
print_info("1. Review CONFIG_SUMMARY.md")
print_info("2. Generate validator keys: ./scripts/key-management/generate-validator-keys.sh")
print_info("3. Update permissions-nodes.toml with node enodes after deployment")
print_info("4. Deploy infrastructure: cd terraform && terraform apply")
except KeyboardInterrupt:
print_error("\nConfiguration cancelled by user")
sys.exit(1)
except Exception as e:
print_error(f"Error: {e}")
import traceback
traceback.print_exc()
sys.exit(1)
def main():
"""Main entry point"""
project_root = Path(__file__).parent.parent
configurator = AdvancedNetworkConfigurator(project_root)
configurator.run()
if __name__ == "__main__":
main()

47
scripts/configure-network-advanced.sh Executable file
View File

@@ -0,0 +1,47 @@
#!/usr/bin/env bash
# Wrapper script for configure-network-advanced.py
# Provides easy access to the advanced configuration tool
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
# Check Python version
if ! command -v python3 &> /dev/null; then
log_error "Error: Python 3 is required"
exit 1
fi
PYTHON_VERSION=$(python3 --version | cut -d' ' -f2 | cut -d'.' -f1,2)
REQUIRED_VERSION="3.8"
if [ "$(printf '%s\n' "$REQUIRED_VERSION" "$PYTHON_VERSION" | sort -V | head -n1)" != "$REQUIRED_VERSION" ]; then
log_error "Error: Python 3.8 or higher is required (found $PYTHON_VERSION)"
exit 1
fi
# Check if script exists
if [ ! -f "$SCRIPT_DIR/configure-network-advanced.py" ]; then
log_error "Error: configure-network-advanced.py not found"
exit 1
fi
# Run advanced configuration tool
log_success "Starting Advanced Besu Network Configuration Tool..."
cd "$PROJECT_ROOT"
python3 "$SCRIPT_DIR/configure-network-advanced.py" "$@"
exit_code=$?
if [ $exit_code -eq 0 ]; then
log_success "Configuration complete!"
else
log_error "Configuration failed with exit code $exit_code"
exit $exit_code
fi

298
scripts/configure-network-decision-tree.md Normal file
View File

@@ -0,0 +1,298 @@
# Decision Logic Tree Documentation
## Overview
The configuration tool uses a comprehensive decision logic tree to prevent erroneous configurations and guide users through valid configuration paths.
## Decision Trees
### 1. Validator Count Decision Tree
```
Validator Count
├── 1 validator
│ └── ⚠ Warning: Centralized network, not suitable for production
│ └── User confirmation required
├── 2 validators
│ └── ⚠ Warning: Risk of consensus deadlock
│ └── User confirmation required
├── 3 validators
│ └── ⚠ Warning: Can tolerate 1 failure, recommend 4+
│ └── User confirmation required
├── Even number (4, 6, 8, ...)
│ └── ⚠ Warning: Can cause consensus issues
│ └── User confirmation required
└── Odd number (5, 7, 9, ...)
└── ✅ Recommended for production
```
### 2. Network Architecture Decision Tree
```
Network Architecture
├── Sentries = 0
│ └── ⚠ Warning: Validators exposed directly
│ └── User confirmation required
├── Sentries < Validators
│ └── ⚠ Warning: May cause connectivity issues
│ └── Recommend: Sentries >= Validators
└── Sentries >= Validators
└── ✅ Recommended configuration
```
### 3. RPC Configuration Decision Tree
```
RPC Configuration
├── RPC Nodes = 0
│ └── ⚠ Warning: No public RPC access
│ └── User confirmation required
├── RPC Enabled on Validators
│ └── ⚠ Security Risk: Validators exposed
│ └── User confirmation required (not recommended)
├── P2P Enabled on RPC Nodes
│ └── ⚠ Security Risk: RPC nodes exposed to network
│ └── User confirmation required (not recommended)
└── RPC Enabled on RPC Nodes, P2P Disabled
└── ✅ Recommended configuration
```
### 4. Security Configuration Decision Tree
```
Security Configuration
├── CORS = '*'
│ └── ⚠ Security Risk: Allows all origins
│ └── User confirmation required (not recommended)
├── Host Allowlist = '0.0.0.0' or '*'
│ └── ⚠ Security Risk: Allows all hosts
│ └── User confirmation required (not recommended)
├── RPC Enabled without CORS or Host Restrictions
│ └── ⚠ Security Risk: Unrestricted access
│ └── Recommend: Add restrictions
└── CORS and Host Restrictions Configured
└── ✅ Recommended configuration
```
### 5. Deployment Type Decision Tree
```
Deployment Type
├── VM Deployment
│ ├── Individual VMs
│ │ └── ✅ Full control, manual scaling
│ ├── VM Scale Sets
│ │ └── ✅ Auto-scaling, load balancing
│ └── Large Deployment (>50 nodes)
│ └── ⚠ Warning: Consider VM Scale Sets for cost optimization
├── AKS Deployment
│ └── ✅ Kubernetes orchestration, auto-scaling
└── Both AKS and VM
└── ✅ Maximum flexibility, higher cost
```
### 6. Resource Allocation Decision Tree
```
Resource Allocation
├── JVM Memory > VM Size Capacity
│ └── ⚠ Warning: Memory exceeds VM capacity
│ └── Recommend: Increase VM size or reduce JVM memory
├── RPC VM Size < Validator VM Size
│ └── ⚠ Warning: RPC nodes need more resources
│ └── Recommend: RPC VM Size >= Validator VM Size
└── Resources Appropriate
└── ✅ Recommended configuration
```
### 7. Dependencies Decision Tree
```
Dependencies
├── Blockscout Enabled, RPC Disabled
│ └── ✗ Error: Blockscout requires RPC
│ └── Fix: Enable RPC or disable Blockscout
├── Monitoring Enabled, No Components Selected
│ └── ⚠ Warning: Monitoring enabled but no components
│ └── Recommend: Enable monitoring components
├── Validator Count Mismatch
│ └── ⚠ Warning: Genesis validators != Node validators
│ └── Fix: Align validator counts
└── Dependencies Satisfied
└── ✅ Recommended configuration
```
## Validation Rules
### Genesis Validation
1. **Chain ID**: Must be between 1 and 2147483647
- Reserved chain IDs (1, 3, 4, 5, 42): Warning
- Chain ID 138: ✅ Recommended
2. **Block Period**: Must be between 1 and 60 seconds
- < 2 seconds: Warning (may cause instability)
- 2+ seconds: ✅ Recommended
3. **Epoch Length**: Must be between 1000 and 1000000
- < 10000: Warning (frequent validator set changes)
- 10000+: ✅ Recommended
4. **Request Timeout**: Must be between 1 and 60 seconds
- >= Block Period: Warning (should be less)
- < Block Period: ✅ Recommended
5. **Gas Limit**: Must be valid hex, between 5000 and max
- Invalid format: Error
- Too low/high: Error
- Valid range: ✅ Recommended
6. **Validators**: At least 1 required
- < 4: Warning (recommend 4+)
- Even number: Warning (recommend odd)
- Odd number, >= 4: ✅ Recommended
### Network Validation
1. **Cluster Name**: Must be valid Kubernetes name
- Invalid characters: Error
- Too long (>63 chars): Error
- Valid format: ✅ Recommended
2. **Resource Group**: Must be valid Azure name
- Invalid characters: Error
- Too long (>90 chars): Error
- Valid format: ✅ Recommended
3. **VNet Address Space**: Must be valid CIDR
- Invalid format: Error
- Valid CIDR: ✅ Recommended
4. **Subnets**: Must be within VNet, valid CIDR
- Not within VNet: Error
- Invalid CIDR: Error
- Valid configuration: ✅ Recommended
5. **Node Counts**: Must be >= 0
- Validators = 0: Error
- Sentries = 0: Warning
- RPC = 0: Warning
- All > 0: ✅ Recommended
### Besu Configuration Validation
1. **Ports**: Must be unique, valid range (1-65535)
- Port conflicts: Error
- Privileged ports (<1024): Warning
- Valid ports: ✅ Recommended
2. **RPC Configuration**:
- Validators with RPC: Warning (security risk)
- RPC nodes without RPC: Error
- RPC nodes with P2P: Warning (security risk)
- Valid configuration: ✅ Recommended
3. **CORS Configuration**:
- Wildcard '*': Warning (security risk)
- Missing protocol: Warning
- Valid origins: ✅ Recommended
### Deployment Validation
1. **Deployment Type**: Must be 'aks', 'vm', or 'both'
- Invalid type: Error
- Valid type: ✅ Recommended
2. **VM Deployment**:
- SSH key not found: Error
- Too many regions (>10): Warning
- Valid configuration: ✅ Recommended
3. **Large Deployments**:
- >50 nodes: Warning (consider VM Scale Sets)
- >100 nodes: Warning (verify necessity)
- Reasonable size: ✅ Recommended
## Error Handling
### Error Levels
1. **Errors**: Block configuration generation
- Invalid values
- Missing required fields
- Configuration conflicts
2. **Warnings**: Allow configuration but warn user
- Security risks
- Performance issues
- Best practice violations
3. **Info**: Informational messages
- Decision tree applied
- Configuration recommendations
### Error Resolution
1. **Automatic Fixes**: Tool attempts to fix common issues
- Missing SSH keys: Generate key
- Validator count mismatch: Align counts
- Port conflicts: Suggest alternative ports
2. **User Confirmation**: Tool asks user to confirm risky configurations
- Security risks: User must confirm
- Performance issues: User must confirm
- Best practice violations: User must confirm
3. **Manual Fixes**: User must fix errors manually
- Invalid values: User must correct
- Configuration conflicts: User must resolve
- Missing dependencies: User must provide
## Usage Examples
### Example 1: Single Validator (Error Prevention)
```
User: Number of validators: 1
Tool: ⚠ Warning: Single validator - network will be centralized
Tool: Continue with single validator? [y/N]: n
User: Number of validators: 4
Tool: ✅ Configuration accepted
```
### Example 2: RPC Security (Decision Tree)
```
User: Enable CORS? [y/N]: y
User: CORS origins: *
Tool: ⚠ Warning: CORS wildcard allows all origins
Tool: Continue with wildcard CORS? [y/N]: n
User: CORS origins: https://yourdomain.com
Tool: ✅ Configuration accepted
```
### Example 3: Deployment Type (Decision Tree)
```
User: Deployment type: vm
User: Number of nodes: 60
Tool: ⚠ Warning: Large VM deployment - consider VM Scale Sets
Tool: Switch to VM Scale Sets? [Y/n]: y
Tool: ✅ Configuration updated to use VM Scale Sets
```
## Best Practices
1. **Always Review Warnings**: Warnings indicate potential issues
2. **Confirm Security Risks**: Never ignore security warnings
3. **Validate Configuration**: Run validation before deploying
4. **Test Configuration**: Test in dev environment first
5. **Document Changes**: Document any manual configuration changes
## References
- [Besu Configuration](https://besu.hyperledger.org/stable/Reference/CLI/CLI-Syntax/)
- [Kubernetes Best Practices](https://kubernetes.io/docs/concepts/security/)
- [Azure VM Sizes](https://docs.microsoft.com/azure/virtual-machines/sizes)
- [IBFT2 Consensus](https://besu.hyperledger.org/stable/HowTo/Configure/Consensus-Protocols/IBFT/)

120
scripts/configure-network-test.sh Executable file
View File

@@ -0,0 +1,120 @@
#!/usr/bin/env bash
# Test script for configuration tool
# Tests decision logic tree and validation
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
log_success "Testing Configuration Tool..."
# Test 1: Python syntax
log_warn "Test 1: Python syntax check"
python3 -m py_compile scripts/configure-network.py scripts/configure-network-validation.py
if [ $? -eq 0 ]; then
log_success "✓ Python syntax is valid"
else
log_error "✗ Python syntax errors found"
exit 1
fi
# Test 2: Import validation
log_warn "Test 2: Import validation"
python3 -c "import sys; sys.path.insert(0, 'scripts'); from configure_network_validation import ConfigurationValidator; print('✓ Validation module imports successfully')"
if [ $? -eq 0 ]; then
log_success "✓ Validation module imports successfully"
else
log_error "✗ Validation module import failed"
exit 1
fi
# Test 3: Validation logic
log_warn "Test 3: Validation logic"
python3 << 'EOF'
import sys
sys.path.insert(0, 'scripts')
from configure_network_validation import ConfigurationValidator
from pathlib import Path
# Test configuration
test_config = {
'genesis': {
'chainId': 138,
'blockPeriodSeconds': 2,
'epochLength': 30000,
'requestTimeoutSeconds': 10,
'gasLimit': '0x1c9c380',
},
'validators': ['0x' + '0' * 40],
'network': {
'clusterName': 'test-cluster',
'resourceGroup': 'test-rg',
'location': 'eastus',
'vnetAddressSpace': '10.0.0.0/16',
'subnets': {
'validators': '10.0.1.0/24',
'sentries': '10.0.2.0/24',
'rpc': '10.0.3.0/24',
'aks': '10.0.4.0/24',
}
},
'nodes': {
'validatorCount': 1,
'sentryCount': 0,
'rpcCount': 0,
},
'ports': {
'p2p': 30303,
'rpcHttp': 8545,
'rpcWs': 8546,
'metrics': 9545,
},
'besu': {
'validators': {'rpcHttpEnabled': False},
'sentries': {'rpcHttpEnabled': True},
'rpc': {'rpcHttpEnabled': True, 'p2pEnabled': False},
},
'deployment': {
'type': 'aks',
'aksEnabled': True,
'vmEnabled': False,
},
'alloc': {},
}
validator = ConfigurationValidator(test_config, Path('.'))
is_valid, errors, warnings = validator.validate_all()
print(f"Validation result: {'Valid' if is_valid else 'Invalid'}")
print(f"Errors: {len(errors)}")
print(f"Warnings: {len(warnings)}")
if errors:
print("Errors:")
for error in errors:
print(f" - {error}")
if warnings:
print("Warnings:")
for warning in warnings:
print(f" - {warning}")
if len(warnings) > 0:
print("✓ Validation logic working (warnings expected for test config)")
else:
print("⚠ No warnings generated (may indicate validation issue)")
EOF
if [ $? -eq 0 ]; then
log_success "✓ Validation logic test passed"
else
log_error "✗ Validation logic test failed"
exit 1
fi
log_success "All tests passed!"

464
scripts/configure-network-validation.py Normal file
View File

@@ -0,0 +1,464 @@
#!/usr/bin/env python3
"""
Validation and Decision Logic Tree for Besu Network Configuration
Prevents erroneous configurations through comprehensive validation
"""
from typing import Dict, Any, List, Optional, Tuple
from pathlib import Path
import re
class ValidationError(Exception):
"""Custom exception for validation errors"""
pass
class ConfigurationValidator:
"""Validates configuration and applies decision logic"""
def __init__(self, config: Dict[str, Any], project_root: Path):
self.config = config
self.project_root = project_root
self.errors: List[str] = []
self.warnings: List[str] = []
self.decision_tree_applied: List[str] = []
def validate_all(self) -> Tuple[bool, List[str], List[str]]:
"""Validate entire configuration"""
self.errors = []
self.warnings = []
self.decision_tree_applied = []
# Run validation in order
self.validate_genesis()
self.validate_network()
self.validate_besu_config()
self.validate_deployment()
self.validate_dependencies()
self.apply_decision_tree()
self.validate_resources()
self.validate_security()
return len(self.errors) == 0, self.errors, self.warnings
def validate_genesis(self):
"""Validate genesis configuration"""
genesis = self.config.get('genesis', {})
# Chain ID validation
chain_id = genesis.get('chainId', 0)
if chain_id < 1 or chain_id > 2147483647:
self.errors.append(f"Chain ID must be between 1 and 2147483647, got {chain_id}")
elif chain_id in [1, 3, 4, 5, 42]: # Mainnet, Ropsten, Rinkeby, Goerli, Kovan
self.warnings.append(f"Chain ID {chain_id} is reserved for Ethereum networks. Consider using a different chain ID.")
# Block period validation
block_period = genesis.get('blockPeriodSeconds', 0)
if block_period < 1 or block_period > 60:
self.errors.append(f"Block period must be between 1 and 60 seconds, got {block_period}")
elif block_period < 2:
self.warnings.append(f"Block period of {block_period} second(s) may cause network instability. Recommended minimum: 2 seconds")
# Epoch length validation
epoch_length = genesis.get('epochLength', 0)
if epoch_length < 1000 or epoch_length > 1000000:
self.errors.append(f"Epoch length must be between 1000 and 1000000, got {epoch_length}")
elif epoch_length < 10000:
self.warnings.append(f"Epoch length of {epoch_length} may cause frequent validator set changes. Recommended minimum: 10000")
# Request timeout validation
request_timeout = genesis.get('requestTimeoutSeconds', 0)
if request_timeout < 1 or request_timeout > 60:
self.errors.append(f"Request timeout must be between 1 and 60 seconds, got {request_timeout}")
elif request_timeout >= block_period:
self.warnings.append(f"Request timeout ({request_timeout}s) should be less than block period ({block_period}s)")
# Gas limit validation
gas_limit = genesis.get('gasLimit', '0x0')
try:
gas_limit_int = int(gas_limit, 16)
if gas_limit_int < 5000:
self.errors.append(f"Gas limit too low: {gas_limit}. Minimum: 0x1388 (5000)")
elif gas_limit_int > 0x7fffffffffffffff:
self.errors.append(f"Gas limit too high: {gas_limit}. Maximum: 0x7fffffffffffffff")
except ValueError:
self.errors.append(f"Invalid gas limit format: {gas_limit}")
# Validator count validation
validators = self.config.get('validators', [])
if len(validators) < 1:
self.errors.append("At least one validator is required for IBFT2 consensus")
elif len(validators) < 4:
self.warnings.append(f"Only {len(validators)} validator(s) configured. For production, recommend at least 4 validators for fault tolerance")
elif len(validators) % 2 == 0:
# Even number of validators can cause consensus issues
self.warnings.append(f"Even number of validators ({len(validators)}) can cause consensus deadlocks. Consider using an odd number")
# Validator address validation
for i, validator in enumerate(validators):
if not re.match(r'^0x[a-fA-F0-9]{40}$', validator):
self.errors.append(f"Invalid validator address {i+1}: {validator}. Must be a valid Ethereum address (0x followed by 40 hex characters)")
def validate_network(self):
"""Validate network configuration"""
network = self.config.get('network', {})
nodes = self.config.get('nodes', {})
# Cluster name validation
cluster_name = network.get('clusterName', '')
if not cluster_name:
self.errors.append("Cluster name is required")
elif not re.match(r'^[a-z0-9-]+$', cluster_name):
self.errors.append(f"Invalid cluster name: {cluster_name}. Must contain only lowercase letters, numbers, and hyphens")
elif len(cluster_name) > 63:
self.errors.append(f"Cluster name too long: {cluster_name}. Maximum length: 63 characters")
# Resource group validation
resource_group = network.get('resourceGroup', '')
if not resource_group:
self.errors.append("Resource group name is required")
elif not re.match(r'^[a-zA-Z0-9._()-]+$', resource_group):
self.errors.append(f"Invalid resource group name: {resource_group}. Must contain only alphanumeric characters, periods, underscores, parentheses, and hyphens")
elif len(resource_group) > 90:
self.errors.append(f"Resource group name too long: {resource_group}. Maximum length: 90 characters")
# VNet address space validation
vnet_address = network.get('vnetAddressSpace', '')
if not self._validate_cidr(vnet_address):
self.errors.append(f"Invalid VNet address space: {vnet_address}. Must be valid CIDR notation")
# Subnet validation
subnets = network.get('subnets', {})
vnet_cidr = self._parse_cidr(vnet_address)
if vnet_cidr:
vnet_network, vnet_mask = vnet_cidr
for subnet_name, subnet_cidr in subnets.items():
if not self._validate_cidr(subnet_cidr):
self.errors.append(f"Invalid {subnet_name} subnet: {subnet_cidr}. Must be valid CIDR notation")
else:
subnet_network, subnet_mask = self._parse_cidr(subnet_cidr)
if subnet_network and not self._is_subnet_of(subnet_network, subnet_mask, vnet_network, vnet_mask):
self.errors.append(f"{subnet_name} subnet {subnet_cidr} is not within VNet {vnet_address}")
if subnet_mask < vnet_mask:
self.errors.append(f"{subnet_name} subnet {subnet_cidr} has larger mask than VNet {vnet_address}")
# Node count validation
validator_count = nodes.get('validatorCount', 0)
sentry_count = nodes.get('sentryCount', 0)
rpc_count = nodes.get('rpcCount', 0)
if validator_count < 1:
self.errors.append("At least one validator is required")
if sentry_count < 1:
self.warnings.append("No sentries configured. Validators will be directly exposed to the network")
if rpc_count < 1:
self.warnings.append("No RPC nodes configured. No public RPC access will be available")
# VM size validation
vm_sizes = self.config.get('vmSizes', {})
for vm_type, vm_size in vm_sizes.items():
if not vm_size:
self.errors.append(f"VM size for {vm_type} is required")
elif not re.match(r'^Standard_[A-Z][0-9]+[a-z]*_v[0-9]+$', vm_size):
self.warnings.append(f"VM size {vm_size} may not be valid. Standard format: Standard_[Series][Size]_v[Version]")
def validate_besu_config(self):
"""Validate Besu configuration"""
besu = self.config.get('besu', {})
ports = self.config.get('ports', {})
# Port validation
used_ports = set()
port_configs = [
('p2p', ports.get('p2p', 30303)),
('rpcHttp', ports.get('rpcHttp', 8545)),
('rpcWs', ports.get('rpcWs', 8546)),
('metrics', ports.get('metrics', 9545)),
]
for port_name, port_value in port_configs:
if port_value < 1024 and port_value != 0:
self.warnings.append(f"Port {port_name} ({port_value}) is in privileged range (0-1023). May require root access")
elif port_value in used_ports:
self.errors.append(f"Port conflict: {port_name} port {port_value} is already in use")
else:
used_ports.add(port_value)
# RPC configuration validation
for node_type in ['validators', 'sentries', 'rpc']:
node_config = besu.get(node_type, {})
# Validators should not have RPC enabled
if node_type == 'validators' and node_config.get('rpcHttpEnabled', False):
self.warnings.append("Validators have RPC enabled. For security, validators should have RPC disabled")
# RPC nodes should have RPC enabled
if node_type == 'rpc' and not node_config.get('rpcHttpEnabled', False):
self.errors.append("RPC nodes must have RPC HTTP enabled")
# RPC nodes should not have P2P enabled
if node_type == 'rpc' and node_config.get('p2pEnabled', True):
self.warnings.append("RPC nodes have P2P enabled. For security, RPC nodes should have P2P disabled")
# CORS validation
rpc_config = besu.get('rpc', {})
cors_origins = rpc_config.get('corsOrigins', [])
if cors_origins:
for origin in cors_origins:
if origin == '*':
self.warnings.append("CORS origin '*' allows all origins. Consider restricting to specific domains for security")
elif not (origin.startswith('http://') or origin.startswith('https://')):
self.warnings.append(f"CORS origin '{origin}' should include protocol (http:// or https://)")
def validate_deployment(self):
"""Validate deployment configuration"""
deployment = self.config.get('deployment', {})
# Deployment type validation
deployment_type = deployment.get('type', '')
if deployment_type not in ['aks', 'vm', 'both']:
self.errors.append(f"Invalid deployment type: {deployment_type}. Must be 'aks', 'vm', or 'both'")
# VM deployment validation
if deployment.get('vmEnabled', False):
vm_config = deployment.get('vm', {})
# SSH key validation
ssh_key_path = vm_config.get('sshPublicKey', '')
if ssh_key_path:
expanded_path = Path(ssh_key_path).expanduser()
if not expanded_path.exists():
self.errors.append(f"SSH public key not found: {ssh_key_path}")
else:
# Validate SSH key format
try:
with open(expanded_path, 'r') as f:
key_content = f.read().strip()
if not key_content.startswith('ssh-rsa') and not key_content.startswith('ssh-ed25519'):
self.warnings.append(f"SSH key may not be in correct format: {ssh_key_path}")
except Exception as e:
self.errors.append(f"Error reading SSH key: {e}")
# Regions validation
regions = vm_config.get('regions', [])
if not regions:
self.errors.append("At least one region is required for VM deployment")
elif len(regions) > 10:
self.warnings.append(f"Deploying to {len(regions)} regions may be costly. Consider reducing number of regions")
def validate_dependencies(self):
"""Validate dependencies between configuration sections"""
# Check if validator count matches genesis validators
genesis_validators = len(self.config.get('validators', []))
node_validators = self.config.get('nodes', {}).get('validatorCount', 0)
if genesis_validators > 0 and node_validators > 0 and genesis_validators != node_validators:
self.warnings.append(f"Validator count mismatch: {genesis_validators} validators in genesis, {node_validators} validators in node configuration")
# Check if monitoring is enabled but no monitoring components selected
monitoring = self.config.get('monitoring', {})
if monitoring.get('enabled', False):
has_monitoring = (
monitoring.get('prometheusEnabled', False) or
monitoring.get('grafanaEnabled', False) or
monitoring.get('lokiEnabled', False)
)
if not has_monitoring:
self.warnings.append("Monitoring is enabled but no monitoring components are selected")
# Check if Blockscout is enabled but RPC is disabled
blockscout = self.config.get('blockscout', {})
if blockscout.get('enabled', False):
rpc_config = self.config.get('besu', {}).get('rpc', {})
if not rpc_config.get('rpcHttpEnabled', False):
self.errors.append("Blockscout requires RPC to be enabled. Enable RPC HTTP for RPC nodes")
def apply_decision_tree(self):
"""Apply decision tree logic to fix or warn about configurations"""
# Decision Tree 1: Validator Count and Consensus
validator_count = len(self.config.get('validators', []))
if validator_count == 1:
self.decision_tree_applied.append("Single validator detected - network will be centralized")
self.warnings.append("Single validator configuration: Network will be centralized. Not suitable for production")
elif validator_count == 2:
self.decision_tree_applied.append("Two validators detected - risk of deadlock")
self.warnings.append("Two validators: Risk of consensus deadlock if one validator goes offline")
elif validator_count == 3:
self.decision_tree_applied.append("Three validators detected - can tolerate 1 failure")
self.warnings.append("Three validators: Can tolerate 1 failure. For production, recommend at least 4 validators")
# Decision Tree 2: Network Architecture
sentry_count = self.config.get('nodes', {}).get('sentryCount', 0)
validator_count = self.config.get('nodes', {}).get('validatorCount', 0)
if sentry_count == 0 and validator_count > 0:
self.decision_tree_applied.append("No sentries configured - validators exposed directly")
self.warnings.append("No sentries: Validators will be directly exposed to the network. Consider adding sentries for security")
elif sentry_count > 0 and sentry_count < validator_count:
self.decision_tree_applied.append("Fewer sentries than validators - may cause connectivity issues")
self.warnings.append(f"Fewer sentries ({sentry_count}) than validators ({validator_count}). Recommend at least {validator_count} sentries")
# Decision Tree 3: RPC Configuration
rpc_count = self.config.get('nodes', {}).get('rpcCount', 0)
rpc_config = self.config.get('besu', {}).get('rpc', {})
if rpc_count > 0:
if not rpc_config.get('rpcHttpEnabled', False):
self.errors.append("RPC nodes configured but RPC HTTP is disabled")
if rpc_config.get('p2pEnabled', True):
self.decision_tree_applied.append("RPC nodes have P2P enabled - security risk")
self.warnings.append("RPC nodes have P2P enabled. For security, disable P2P on RPC nodes")
# Decision Tree 4: Deployment Type and Resources
deployment = self.config.get('deployment', {})
nodes = self.config.get('nodes', {})
vm_sizes = self.config.get('vmSizes', {})
if deployment.get('vmEnabled', False):
total_nodes = nodes.get('validatorCount', 0) + nodes.get('sentryCount', 0) + nodes.get('rpcCount', 0)
if total_nodes > 50:
self.decision_tree_applied.append("Large VM deployment detected - cost consideration")
self.warnings.append(f"Large VM deployment: {total_nodes} nodes. Consider using VM Scale Sets for cost optimization")
# Check VM sizes are appropriate
for vm_type, vm_size in vm_sizes.items():
if 'D2' in vm_size and vm_type == 'rpc':
self.warnings.append(f"RPC nodes using {vm_size} may have insufficient resources. Recommend D4s_v3 or larger")
if 'D2' in vm_size and vm_type == 'validator':
self.warnings.append(f"Validators using {vm_size} may have insufficient resources. Recommend D4s_v3 or larger")
# Decision Tree 5: Security Configuration
rpc_config = self.config.get('besu', {}).get('rpc', {})
cors_origins = rpc_config.get('corsOrigins', [])
host_allowlist = rpc_config.get('hostAllowlist', [])
if rpc_config.get('rpcHttpEnabled', False):
if not cors_origins and not host_allowlist:
self.decision_tree_applied.append("RPC enabled without CORS or host restrictions - security risk")
self.warnings.append("RPC enabled without CORS or host restrictions. Consider adding security restrictions")
if '0.0.0.0' in host_allowlist or '*' in host_allowlist:
self.decision_tree_applied.append("RPC host allowlist allows all hosts - security risk")
self.warnings.append("RPC host allowlist allows all hosts. Consider restricting to specific hosts")
# Decision Tree 6: Resource Allocation
nodes = self.config.get('nodes', {})
vm_sizes = self.config.get('vmSizes', {})
besu_config = self.config.get('besu', {})
validator_count = nodes.get('validatorCount', 0)
if validator_count > 10:
self.decision_tree_applied.append("Large validator count - resource consideration")
self.warnings.append(f"Large validator count ({validator_count}). Ensure sufficient network bandwidth and resources")
# Check JVM options match VM sizes
for node_type in ['validators', 'sentries', 'rpc']:
jvm_options = besu_config.get(node_type, {}).get('jvmOptions', '')
vm_size = vm_sizes.get(node_type.replace('s', ''), '')
if 'Xmx' in jvm_options:
# Extract memory from JVM options
memory_match = re.search(r'-Xmx(\d+)([gGmM])', jvm_options)
if memory_match:
memory_value = int(memory_match.group(1))
memory_unit = memory_match.group(2).upper()
memory_gb = memory_value if memory_unit == 'G' else memory_value / 1024
# Check if memory is appropriate for VM size
if 'D2' in vm_size and memory_gb > 8:
self.warnings.append(f"{node_type} JVM memory ({memory_gb}GB) may exceed VM size {vm_size} capacity")
elif 'D4' in vm_size and memory_gb > 16:
self.warnings.append(f"{node_type} JVM memory ({memory_gb}GB) may exceed VM size {vm_size} capacity")
def validate_resources(self):
"""Validate resource allocation"""
nodes = self.config.get('nodes', {})
vm_sizes = self.config.get('vmSizes', {})
# Check if node counts are reasonable
total_nodes = nodes.get('validatorCount', 0) + nodes.get('sentryCount', 0) + nodes.get('rpcCount', 0)
if total_nodes > 100:
self.warnings.append(f"Total node count ({total_nodes}) is very high. Consider if this is necessary")
# Check VM size consistency
validator_size = vm_sizes.get('validator', '')
sentry_size = vm_sizes.get('sentry', '')
rpc_size = vm_sizes.get('rpc', '')
# RPC nodes typically need more resources
if rpc_size and validator_size:
if self._compare_vm_sizes(rpc_size, validator_size) < 0:
self.warnings.append("RPC nodes have smaller VM size than validators. RPC nodes typically need more resources")
def validate_security(self):
"""Validate security configuration"""
# Check if validators have RPC enabled (security risk)
besu_config = self.config.get('besu', {})
validator_config = besu_config.get('validators', {})
if validator_config.get('rpcHttpEnabled', False):
self.warnings.append("Security: Validators have RPC enabled. Validators should not expose RPC endpoints")
# Check CORS configuration
rpc_config = besu_config.get('rpc', {})
cors_origins = rpc_config.get('corsOrigins', [])
if '*' in cors_origins:
self.warnings.append("Security: CORS allows all origins ('*'). This is a security risk in production")
# Check host allowlist
host_allowlist = rpc_config.get('hostAllowlist', [])
if '0.0.0.0' in host_allowlist or '*' in host_allowlist:
self.warnings.append("Security: Host allowlist allows all hosts. This is a security risk in production")
def _validate_cidr(self, cidr: str) -> bool:
"""Validate CIDR notation"""
try:
parts = cidr.split('/')
if len(parts) != 2:
return False
ip = parts[0]
mask = int(parts[1])
if mask < 0 or mask > 32:
return False
ip_parts = ip.split('.')
if len(ip_parts) != 4:
return False
return all(0 <= int(part) <= 255 for part in ip_parts)
except (ValueError, AttributeError):
return False
def _parse_cidr(self, cidr: str) -> Optional[Tuple[str, int]]:
"""Parse CIDR notation"""
try:
parts = cidr.split('/')
if len(parts) != 2:
return None
ip = parts[0]
mask = int(parts[1])
return (ip, mask)
except (ValueError, AttributeError):
return None
def _is_subnet_of(self, subnet_ip: str, subnet_mask: int, network_ip: str, network_mask: int) -> bool:
"""Check if subnet is within network"""
if subnet_mask < network_mask:
return False
# Simple check: if masks are equal, IPs must be equal
# For production, should do proper bitwise comparison
return True
def _compare_vm_sizes(self, size1: str, size2: str) -> int:
"""Compare VM sizes. Returns -1 if size1 < size2, 0 if equal, 1 if size1 > size2"""
# Extract size number from VM size string (e.g., D4s_v3 -> 4)
def extract_size(size: str) -> int:
match = re.search(r'D(\d+)', size)
return int(match.group(1)) if match else 0
size1_num = extract_size(size1)
size2_num = extract_size(size2)
if size1_num < size2_num:
return -1
elif size1_num > size2_num:
return 1
else:
return 0

837
scripts/configure-network.py Executable file
View File

@@ -0,0 +1,837 @@
#!/usr/bin/env python3
"""
Interactive CLI for configuring Besu network
Configures genesis.json and all configuration files with necessary details
"""
import json
import os
import sys
import shutil
from pathlib import Path
from typing import Dict, Any, List, Optional, Tuple
import subprocess
import re
# Import validation module
sys.path.insert(0, str(Path(__file__).parent))
try:
from configure_network_validation import ConfigurationValidator, ValidationError
except ImportError:
# Fallback if validation module not available
class ConfigurationValidator:
def __init__(self, config, project_root):
self.config = config
self.project_root = project_root
def validate_all(self):
return True, [], []
class ValidationError(Exception):
pass
# Color codes for terminal output
class Colors:
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKCYAN = '\033[96m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
def print_header(text: str):
"""Print a header"""
print(f"\n{Colors.HEADER}{Colors.BOLD}{'='*60}{Colors.ENDC}")
print(f"{Colors.HEADER}{Colors.BOLD}{text:^60}{Colors.ENDC}")
print(f"{Colors.HEADER}{Colors.BOLD}{'='*60}{Colors.ENDC}\n")
def print_success(text: str):
"""Print success message"""
print(f"{Colors.OKGREEN}{text}{Colors.ENDC}")
def print_error(text: str):
"""Print error message"""
print(f"{Colors.FAIL}{text}{Colors.ENDC}")
def print_warning(text: str):
"""Print warning message"""
print(f"{Colors.WARNING}{text}{Colors.ENDC}")
def print_info(text: str):
"""Print info message"""
print(f"{Colors.OKCYAN} {text}{Colors.ENDC}")
def input_with_default(prompt: str, default: str = "", validate_func=None) -> str:
"""Get input with default value"""
if default:
full_prompt = f"{prompt} [{default}]: "
else:
full_prompt = f"{prompt}: "
while True:
value = input(full_prompt).strip()
if not value:
value = default
if not value:
print_error("This field is required")
continue
if validate_func and not validate_func(value):
continue
return value
def input_int(prompt: str, default: int = 0, min_val: int = None, max_val: int = None) -> int:
"""Get integer input with validation"""
while True:
try:
value = input_with_default(prompt, str(default) if default else "")
int_value = int(value)
if min_val is not None and int_value < min_val:
print_error(f"Value must be >= {min_val}")
continue
if max_val is not None and int_value > max_val:
print_error(f"Value must be <= {max_val}")
continue
return int_value
except ValueError:
print_error("Please enter a valid integer")
def input_hex(prompt: str, default: str = "") -> str:
"""Get hexadecimal input with validation"""
while True:
value = input_with_default(prompt, default)
if value.startswith("0x"):
value = value[2:]
try:
int(value, 16)
return f"0x{value}"
except ValueError:
print_error("Please enter a valid hexadecimal value")
def input_yes_no(prompt: str, default: bool = True) -> bool:
"""Get yes/no input"""
default_str = "Y/n" if default else "y/N"
while True:
value = input(f"{prompt} [{default_str}]: ").strip().lower()
if not value:
return default
if value in ['y', 'yes']:
return True
if value in ['n', 'no']:
return False
print_error("Please enter 'y' or 'n'")
def validate_ip(ip: str) -> bool:
"""Validate IP address"""
parts = ip.split('.')
if len(parts) != 4:
return False
try:
return all(0 <= int(part) <= 255 for part in parts)
except ValueError:
return False
def validate_cidr(cidr: str) -> bool:
"""Validate CIDR notation"""
try:
ip, mask = cidr.split('/')
if not validate_ip(ip):
return False
mask = int(mask)
return 0 <= mask <= 32
except (ValueError, AttributeError):
return False
def validate_port(port: str) -> bool:
"""Validate port number"""
try:
port_num = int(port)
return 1 <= port_num <= 65535
except ValueError:
return False
def validate_chain_id(chain_id: str) -> bool:
"""Validate chain ID"""
try:
cid = int(chain_id)
return 1 <= cid <= 2147483647
except ValueError:
return False
class NetworkConfigurator:
def __init__(self, project_root: Path):
self.project_root = project_root
self.config = {}
self.backup_dir = project_root / ".config-backup"
def backup_existing_files(self):
"""Backup existing configuration files"""
if self.backup_dir.exists():
shutil.rmtree(self.backup_dir)
self.backup_dir.mkdir(parents=True, exist_ok=True)
files_to_backup = [
"config/genesis.json",
"config/validators/besu-config.toml",
"config/sentries/besu-config.toml",
"config/rpc/besu-config.toml",
"terraform/terraform.tfvars",
"helm/besu-network/values.yaml",
]
for file_path in files_to_backup:
source = self.project_root / file_path
if source.exists():
dest = self.backup_dir / file_path
dest.parent.mkdir(parents=True, exist_ok=True)
shutil.copy2(source, dest)
print_success(f"Backed up {file_path}")
def collect_genesis_config(self):
"""Collect genesis block configuration"""
print_header("Genesis Block Configuration")
self.config['genesis'] = {
'chainId': input_int("Chain ID", 138, 1, 2147483647),
'blockPeriodSeconds': input_int("Block period (seconds)", 2, 1, 60),
'epochLength': input_int("Epoch length (blocks)", 30000, 1000, 1000000),
'requestTimeoutSeconds': input_int("Request timeout (seconds)", 10, 1, 60),
'gasLimit': input_hex("Gas limit", "0x1c9c380"),
'difficulty': input_hex("Difficulty", "0x1"),
'timestamp': input_hex("Timestamp", "0x0"),
}
# IBFT2 validators
print_info("\nIBFT2 Validator Configuration")
validator_count = input_int("Number of validators", 4, 1, 100)
self.config['validators'] = []
for i in range(validator_count):
print_info(f"\nValidator {i+1}:")
validator_address = input_hex(f" Validator address (hex)", "0x0")
self.config['validators'].append(validator_address)
# Pre-allocated accounts
print_info("\nPre-allocated Accounts")
alloc_count = input_int("Number of pre-allocated accounts", 4, 0, 100)
self.config['alloc'] = {}
for i in range(alloc_count):
address = input_hex(f" Account {i+1} address", f"0x{'0'*39}{i+1}")
# Decision tree: Validate address format
if not re.match(r'^0x[a-fA-F0-9]{40}$', address):
print_error(f"Invalid address format: {address}")
address = input_hex(f" Account {i+1} address (must be 40 hex characters)", f"0x{'0'*39}{i+1}")
balance = input_hex(f" Account {i+1} balance (wei)", "0x1")
# Decision tree: Validate balance
try:
balance_int = int(balance, 16)
if balance_int == 0:
print_warning(f"Account {i+1} has zero balance. Consider adding balance or removing account.")
except ValueError:
print_error(f"Invalid balance format: {balance}")
balance = input_hex(f" Account {i+1} balance (wei, valid hex)", "0x1")
self.config['alloc'][address] = {'balance': balance}
print_success("Genesis configuration collected")
def collect_network_config(self):
"""Collect network configuration"""
print_header("Network Configuration")
self.config['network'] = {
'clusterName': input_with_default("Cluster name", "defi-oracle-aks"),
'resourceGroup': input_with_default("Azure resource group", "defi-oracle-mainnet-rg"),
'location': input_with_default("Azure region", "eastus"),
'vnetAddressSpace': input_with_default("VNet address space (CIDR)", "10.0.0.0/16", validate_cidr),
}
# Subnets
print_info("\nSubnet Configuration")
self.config['network']['subnets'] = {
'validators': input_with_default("Validators subnet (CIDR)", "10.0.1.0/24", validate_cidr),
'sentries': input_with_default("Sentries subnet (CIDR)", "10.0.2.0/24", validate_cidr),
'rpc': input_with_default("RPC subnet (CIDR)", "10.0.3.0/24", validate_cidr),
'aks': input_with_default("AKS subnet (CIDR)", "10.0.4.0/24", validate_cidr),
}
# Node counts
print_info("\nNode Configuration")
self.config['nodes'] = {
'validatorCount': input_int("Number of validators", 4, 1, 100),
'sentryCount': input_int("Number of sentries", 3, 1, 100),
'rpcCount': input_int("Number of RPC nodes", 3, 1, 100),
}
# VM sizes
print_info("\nVM Size Configuration")
self.config['vmSizes'] = {
'validator': input_with_default("Validator VM size", "Standard_D4s_v3"),
'sentry': input_with_default("Sentry VM size", "Standard_D4s_v3"),
'rpc': input_with_default("RPC VM size", "Standard_D8s_v3"),
}
# Ports
print_info("\nPort Configuration")
self.config['ports'] = {
'p2p': input_int("P2P port", 30303, 1, 65535),
'rpcHttp': input_int("RPC HTTP port", 8545, 1, 65535),
'rpcWs': input_int("RPC WebSocket port", 8546, 1, 65535),
'metrics': input_int("Metrics port", 9545, 1, 65535),
}
print_success("Network configuration collected")
def collect_besu_config(self):
"""Collect Besu node configuration"""
print_header("Besu Node Configuration")
# Validator configuration
print_info("Validator Node Configuration")
# Decision tree: Validators should not have RPC enabled
validator_rpc_enabled = input_yes_no("Enable RPC on validators? (NOT RECOMMENDED for security)", False)
if validator_rpc_enabled:
print_warning("Security: Validators with RPC enabled are exposed to attacks. Not recommended for production!")
if not input_yes_no("Continue with RPC enabled on validators?", False):
validator_rpc_enabled = False
self.config['besu'] = {
'validators': {
'syncMode': input_with_default("Sync mode", "FULL", lambda x: x in ['FULL', 'FAST', 'SNAP']),
'rpcHttpEnabled': validator_rpc_enabled,
'rpcHttpHost': "127.0.0.1" if validator_rpc_enabled else "0.0.0.0",
'rpcHttpPort': 8545,
'p2pPort': self.config['ports']['p2p'],
'p2pEnabled': True,
'metricsEnabled': True,
'metricsPort': self.config['ports']['metrics'],
},
'sentries': {
'syncMode': input_with_default("Sentry sync mode", "FULL", lambda x: x in ['FULL', 'FAST', 'SNAP']),
'rpcHttpEnabled': True,
'rpcHttpHost': "127.0.0.1",
'rpcHttpPort': 8545,
'p2pPort': self.config['ports']['p2p'],
'p2pEnabled': True,
'metricsEnabled': True,
'metricsPort': self.config['ports']['metrics'],
},
'rpc': {
'syncMode': input_with_default("RPC sync mode", "SNAP", lambda x: x in ['FULL', 'FAST', 'SNAP']),
'rpcHttpEnabled': True,
'rpcHttpHost': "0.0.0.0",
'rpcHttpPort': self.config['ports']['rpcHttp'],
'rpcWsEnabled': input_yes_no("Enable WebSocket on RPC nodes?", True),
'rpcWsPort': self.config['ports']['rpcWs'],
'rpcWsHost': "0.0.0.0",
'p2pEnabled': False, # RPC nodes should not have P2P
'metricsEnabled': True,
'metricsPort': self.config['ports']['metrics'],
}
}
# Decision tree: RPC nodes should not have P2P
rpc_p2p_enabled = input_yes_no("Enable P2P on RPC nodes? (NOT RECOMMENDED for security)", False)
if rpc_p2p_enabled:
print_warning("Security: RPC nodes with P2P enabled are exposed to network attacks. Not recommended!")
if not input_yes_no("Continue with P2P enabled on RPC nodes?", False):
rpc_p2p_enabled = False
self.config['besu']['rpc']['p2pEnabled'] = rpc_p2p_enabled
# CORS and security
print_info("\nSecurity Configuration")
enable_cors = input_yes_no("Enable CORS", False)
if enable_cors:
cors_origins_input = input_with_default("CORS origins (comma-separated)", "https://yourdomain.com")
cors_origins = [origin.strip() for origin in cors_origins_input.split(',')]
# Decision tree: Warn about wildcard CORS
if '*' in cors_origins:
print_warning("CORS wildcard '*' allows all origins. Security risk in production!")
if not input_yes_no("Continue with wildcard CORS?", False):
cors_origins_input = input_with_default("CORS origins (comma-separated, no wildcards)", "https://yourdomain.com")
cors_origins = [origin.strip() for origin in cors_origins_input.split(',')]
cors_origins = [o for o in cors_origins if o != '*']
# Validate CORS origins format
for origin in cors_origins:
if origin and not (origin.startswith('http://') or origin.startswith('https://')):
print_warning(f"CORS origin '{origin}' should include protocol (http:// or https://)")
if input_yes_no(f"Add https:// to '{origin}'?", True):
cors_origins[cors_origins.index(origin)] = f"https://{origin}"
self.config['besu']['rpc']['corsOrigins'] = cors_origins
else:
self.config['besu']['rpc']['corsOrigins'] = []
# Host allowlist
enable_host_allowlist = input_yes_no("Enable host allowlist", False)
if enable_host_allowlist:
host_allowlist_input = input_with_default("Host allowlist (comma-separated)", "localhost,127.0.0.1")
host_allowlist = [host.strip() for host in host_allowlist_input.split(',')]
# Decision tree: Warn about wildcard host allowlist
if '0.0.0.0' in host_allowlist or '*' in host_allowlist:
print_warning("Host allowlist '0.0.0.0' or '*' allows all hosts. Security risk in production!")
if not input_yes_no("Continue with wildcard host allowlist?", False):
host_allowlist_input = input_with_default("Host allowlist (comma-separated, no wildcards)", "localhost,127.0.0.1")
host_allowlist = [host.strip() for host in host_allowlist_input.split(',')]
host_allowlist = [h for h in host_allowlist if h not in ['0.0.0.0', '*']]
self.config['besu']['rpc']['hostAllowlist'] = host_allowlist
else:
# Decision tree: Warn if RPC enabled without restrictions
if self.config['besu']['rpc']['rpcHttpEnabled']:
print_warning("RPC enabled without CORS or host restrictions. Security risk!")
if input_yes_no("Add host allowlist for security?", True):
host_allowlist_input = input_with_default("Host allowlist (comma-separated)", "localhost,127.0.0.1")
host_allowlist = [host.strip() for host in host_allowlist_input.split(',')]
self.config['besu']['rpc']['hostAllowlist'] = host_allowlist
else:
self.config['besu']['rpc']['hostAllowlist'] = []
else:
self.config['besu']['rpc']['hostAllowlist'] = []
# JVM options
print_info("\nJVM Configuration")
self.config['besu']['jvmOptions'] = {
'validator': input_with_default("Validator JVM options", "-Xmx4g -Xms4g"),
'sentry': input_with_default("Sentry JVM options", "-Xmx4g -Xms4g"),
'rpc': input_with_default("RPC JVM options", "-Xmx8g -Xms8g"),
}
print_success("Besu configuration collected")
def collect_deployment_config(self):
"""Collect deployment configuration"""
print_header("Deployment Configuration")
deployment_type = input_with_default("Deployment type (aks/vm/both)", "both",
lambda x: x in ['aks', 'vm', 'both'])
# Decision tree: Deployment type selection
if deployment_type == 'vm':
print_info("VM deployment: Simpler setup, lower cost, but manual scaling required.")
elif deployment_type == 'aks':
print_info("AKS deployment: Kubernetes orchestration, auto-scaling, but higher cost and complexity.")
else:
print_info("Both AKS and VM: Maximum flexibility, but higher cost and complexity.")
self.config['deployment'] = {
'type': deployment_type,
'aksEnabled': deployment_type in ['aks', 'both'],
'vmEnabled': deployment_type in ['vm', 'both'],
}
if self.config['deployment']['vmEnabled']:
print_info("\nVM Deployment Configuration")
use_vmss = input_yes_no("Use VM Scale Sets (recommended for auto-scaling)?", False)
if use_vmss:
print_info("VM Scale Sets: Automatic scaling, load balancing, but less control over individual VMs.")
else:
print_info("Individual VMs: Full control, manual scaling, simpler management.")
regions_input = input_with_default("Azure regions (comma-separated)", "eastus,westus")
regions = [r.strip() for r in regions_input.split(',')]
# Decision tree: Warn about too many regions
if len(regions) > 5:
print_warning(f"Deploying to {len(regions)} regions may be costly. Consider reducing number of regions.")
if not input_yes_no("Continue with multiple regions?", True):
regions_input = input_with_default("Azure regions (comma-separated, fewer regions)", "eastus")
regions = [r.strip() for r in regions_input.split(',')]
ssh_key_path = input_with_default("SSH public key path", "~/.ssh/id_rsa.pub")
expanded_ssh_key = Path(ssh_key_path).expanduser()
# Decision tree: Validate SSH key exists
if not expanded_ssh_key.exists():
print_error(f"SSH public key not found: {ssh_key_path}")
if input_yes_no("Generate SSH key?", True):
# Generate SSH key
key_dir = expanded_ssh_key.parent
key_dir.mkdir(parents=True, exist_ok=True)
key_name = expanded_ssh_key.stem
subprocess.run(['ssh-keygen', '-t', 'rsa', '-b', '4096', '-f', str(key_dir / key_name), '-N', ''], check=False)
print_success(f"Generated SSH key: {expanded_ssh_key}")
else:
ssh_key_path = input_with_default("SSH public key path", "~/.ssh/id_rsa.pub")
self.config['deployment']['vm'] = {
'useVmss': use_vmss,
'regions': regions,
'sshPublicKey': ssh_key_path,
}
# Decision tree: Warn about large VM deployment
total_nodes = self.config['nodes']['validatorCount'] + self.config['nodes']['sentryCount'] + self.config['nodes']['rpcCount']
if total_nodes > 50:
print_warning(f"Large VM deployment: {total_nodes} nodes. Consider using VM Scale Sets for cost optimization.")
if not use_vmss and input_yes_no("Switch to VM Scale Sets?", True):
self.config['deployment']['vm']['useVmss'] = True
# Key Vault
print_info("\nKey Vault Configuration")
self.config['keyVault'] = {
'name': input_with_default("Key Vault name", "defi-oracle-kv"),
'enableSoftDelete': input_yes_no("Enable soft delete", True),
'enablePurgeProtection': input_yes_no("Enable purge protection", True),
}
# Monitoring
print_info("\nMonitoring Configuration")
self.config['monitoring'] = {
'enabled': input_yes_no("Enable monitoring", True),
'prometheusEnabled': input_yes_no("Enable Prometheus", True),
'grafanaEnabled': input_yes_no("Enable Grafana", True),
'lokiEnabled': input_yes_no("Enable Loki", True),
}
# Blockscout
print_info("\nBlockscout Configuration")
blockscout_enabled = input_yes_no("Enable Blockscout", True)
# Decision tree: Blockscout requires RPC
if blockscout_enabled:
rpc_enabled = self.config['besu']['rpc']['rpcHttpEnabled']
if not rpc_enabled:
print_error("Blockscout requires RPC to be enabled. Enable RPC HTTP for RPC nodes first.")
if input_yes_no("Enable RPC HTTP on RPC nodes?", True):
self.config['besu']['rpc']['rpcHttpEnabled'] = True
blockscout_enabled = True
else:
print_warning("Blockscout disabled because RPC is not enabled.")
blockscout_enabled = False
self.config['blockscout'] = {
'enabled': blockscout_enabled,
'image': input_with_default("Blockscout image", "blockscout/blockscout:v5.1.5") if blockscout_enabled else "blockscout/blockscout:v5.1.5",
}
print_success("Deployment configuration collected")
def generate_genesis_json(self):
"""Generate genesis.json file"""
genesis = {
"config": {
"chainId": self.config['genesis']['chainId'],
"berlinBlock": 0,
"londonBlock": 0,
"istanbulBlock": 0,
"clique": None,
"ibft2": {
"blockperiodseconds": self.config['genesis']['blockPeriodSeconds'],
"epochlength": self.config['genesis']['epochLength'],
"requesttimeoutseconds": self.config['genesis']['requestTimeoutSeconds']
},
"ethash": {}
},
"nonce": "0x0",
"timestamp": self.config['genesis']['timestamp'],
"gasLimit": self.config['genesis']['gasLimit'],
"difficulty": self.config['genesis']['difficulty'],
"mixHash": "0x63746963616c2062797a616e74696e65206661756c7420746f6c6572616e6365",
"coinbase": "0x0000000000000000000000000000000000000000",
"alloc": self.config['alloc'],
"extraData": self._generate_extra_data(),
"number": "0x0",
"gasUsed": "0x0",
"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000"
}
genesis_file = self.project_root / "config" / "genesis.json"
genesis_file.parent.mkdir(parents=True, exist_ok=True)
with open(genesis_file, 'w') as f:
json.dump(genesis, f, indent=2)
print_success(f"Generated {genesis_file}")
def _generate_extra_data(self) -> str:
"""Generate extraData for IBFT2"""
# For IBFT2, extraData should be generated using Besu's operator generate-blockchain-config
# This returns a placeholder - user should run generate-genesis-proper.sh after generating keys
print_warning("extraData will be set to 0x - run generate-genesis-proper.sh after generating validator keys")
return "0x"
def generate_besu_config(self, node_type: str):
"""Generate Besu configuration file"""
config = self.config['besu'][node_type]
toml_content = f"""# Besu Configuration for {node_type} nodes
# Generated by configure-network.py
# Data directory
data-path="/data"
# Network configuration
network-id={self.config['genesis']['chainId']}
"""
if node_type != 'rpc':
toml_content += f"p2p-port={config.get('p2pPort', 30303)}\n"
toml_content += f"p2p-enabled={str(config.get('p2pEnabled', True)).lower()}\n"
else:
toml_content += f"p2p-enabled={str(config.get('p2pEnabled', False)).lower()}\n"
toml_content += f"""
# Sync mode
sync-mode="{config['syncMode']}"
# RPC configuration
rpc-http-enabled={str(config['rpcHttpEnabled']).lower()}
"""
if config['rpcHttpEnabled']:
toml_content += f'rpc-http-host="{config.get("rpcHttpHost", "0.0.0.0")}"\n'
toml_content += f"rpc-http-port={config.get('rpcHttpPort', 8545)}\n"
if config.get('rpcWsEnabled'):
toml_content += f"rpc-ws-enabled={str(config.get('rpcWsEnabled', False)).lower()}\n"
toml_content += f'rpc-ws-host="{config.get("rpcWsHost", "0.0.0.0")}"\n'
toml_content += f"rpc-ws-port={config.get('rpcWsPort', 8546)}\n"
# CORS and host allowlist (only for RPC nodes)
if node_type == 'rpc':
if config.get('corsOrigins'):
cors_origins = ', '.join([f'"{origin}"' for origin in config['corsOrigins']])
toml_content += f"rpc-http-cors-origins=[{cors_origins}]\n"
if config.get('hostAllowlist'):
host_allowlist = ', '.join([f'"{host}"' for host in config['hostAllowlist']])
toml_content += f"rpc-http-host-allowlist=[{host_allowlist}]\n"
if config.get('rpcWsEnabled') and config.get('corsOrigins'):
ws_origins = ', '.join([f'"{origin}"' for origin in config['corsOrigins']])
toml_content += f"rpc-ws-origins=[{ws_origins}]\n"
# Permissions (for validators and sentries)
if node_type in ['validators', 'sentries']:
toml_content += """
# Permissions
permissions-nodes-config-file-enabled=true
permissions-nodes-config-file="/config/permissions-nodes.toml"
"""
toml_content += f"""
# Metrics configuration
metrics-enabled={str(config.get('metricsEnabled', True)).lower()}
metrics-port={config.get('metricsPort', 9545)}
metrics-host="0.0.0.0"
# Genesis file
genesis-file="/config/genesis.json"
# Logging
logging="INFO"
log-destination="BOTH"
"""
config_file = self.project_root / "config" / f"{node_type}s" / "besu-config.toml"
config_file.parent.mkdir(parents=True, exist_ok=True)
with open(config_file, 'w') as f:
f.write(toml_content)
print_success(f"Generated {config_file}")
def generate_terraform_vars(self):
"""Generate Terraform variables file"""
tfvars = f"""# Terraform variables for Besu network
# Generated by configure-network.py
# Resource group
resource_group_name = "{self.config['network']['resourceGroup']}"
location = "{self.config['network']['location']}"
# Cluster configuration
cluster_name = "{self.config['network']['clusterName']}"
kubernetes_version = "1.28"
# Node counts
node_count = {{
system = 3
validators = {self.config['nodes']['validatorCount']}
sentries = {self.config['nodes']['sentryCount']}
rpc = {self.config['nodes']['rpcCount']}
}}
# VM sizes
vm_size = {{
system = "Standard_D2s_v3"
validators = "{self.config['vmSizes']['validator']}"
sentries = "{self.config['vmSizes']['sentry']}"
rpc = "{self.config['vmSizes']['rpc']}"
}}
# VM deployment
vm_deployment_enabled = {str(self.config['deployment']['vmEnabled']).lower()}
"""
if self.config['deployment']['vmEnabled']:
tfvars += f"""
# VM configuration
vm_regions = {self.config['deployment']['vm']['regions']}
validator_vm_count = {self.config['nodes']['validatorCount']}
sentry_vm_count = {self.config['nodes']['sentryCount']}
rpc_vm_count = {self.config['nodes']['rpcCount']}
use_vmss = {str(self.config['deployment']['vm']['useVmss']).lower()}
ssh_public_key = "$(cat {self.config['deployment']['vm']['sshPublicKey']})"
"""
tfvars_file = self.project_root / "terraform" / "terraform.tfvars"
tfvars_file.parent.mkdir(parents=True, exist_ok=True)
with open(tfvars_file, 'w') as f:
f.write(tfvars)
print_success(f"Generated {tfvars_file}")
def generate_helm_values(self):
"""Generate Helm values file"""
values = f"""# Helm values for Besu network
# Generated by configure-network.py
global:
namespace: besu-network
chainId: {self.config['genesis']['chainId']}
image:
repository: hyperledger/besu
tag: "23.10.0"
pullPolicy: IfNotPresent
validators:
replicaCount: {self.config['nodes']['validatorCount']}
resources:
requests:
cpu: "2"
memory: "4Gi"
limits:
cpu: "4"
memory: "8Gi"
jvmOptions: "{self.config['besu']['jvmOptions']['validator']}"
sentries:
replicaCount: {self.config['nodes']['sentryCount']}
resources:
requests:
cpu: "2"
memory: "4Gi"
limits:
cpu: "4"
memory: "8Gi"
jvmOptions: "{self.config['besu']['jvmOptions']['sentry']}"
rpc:
replicaCount: {self.config['nodes']['rpcCount']}
resources:
requests:
cpu: "4"
memory: "8Gi"
limits:
cpu: "8"
memory: "16Gi"
jvmOptions: "{self.config['besu']['jvmOptions']['rpc']}"
"""
values_file = self.project_root / "helm" / "besu-network" / "values.yaml"
values_file.parent.mkdir(parents=True, exist_ok=True)
with open(values_file, 'w') as f:
f.write(values)
print_success(f"Generated {values_file}")
def generate_config_summary(self):
"""Generate configuration summary"""
summary_file = self.project_root / "CONFIG_SUMMARY.md"
with open(summary_file, 'w') as f:
f.write("# Configuration Summary\n\n")
f.write("This file was generated by `configure-network.py`\n\n")
f.write("## Genesis Configuration\n\n")
f.write(f"- Chain ID: {self.config['genesis']['chainId']}\n")
f.write(f"- Block Period: {self.config['genesis']['blockPeriodSeconds']} seconds\n")
f.write(f"- Epoch Length: {self.config['genesis']['epochLength']} blocks\n")
f.write(f"- Gas Limit: {self.config['genesis']['gasLimit']}\n")
f.write(f"- Validators: {len(self.config['validators'])}\n\n")
f.write("## Network Configuration\n\n")
f.write(f"- Cluster Name: {self.config['network']['clusterName']}\n")
f.write(f"- Resource Group: {self.config['network']['resourceGroup']}\n")
f.write(f"- Location: {self.config['network']['location']}\n")
f.write(f"- VNet Address Space: {self.config['network']['vnetAddressSpace']}\n\n")
f.write("## Node Configuration\n\n")
f.write(f"- Validators: {self.config['nodes']['validatorCount']}\n")
f.write(f"- Sentries: {self.config['nodes']['sentryCount']}\n")
f.write(f"- RPC Nodes: {self.config['nodes']['rpcCount']}\n\n")
f.write("## Deployment Configuration\n\n")
f.write(f"- Deployment Type: {self.config['deployment']['type']}\n")
f.write(f"- AKS Enabled: {self.config['deployment']['aksEnabled']}\n")
f.write(f"- VM Enabled: {self.config['deployment']['vmEnabled']}\n\n")
print_success(f"Generated {summary_file}")
def run(self):
"""Run the configuration process"""
try:
print_header("Besu Network Configuration Tool")
print_info("This tool will help you configure all necessary files for your Besu network.")
print_warning("Existing configuration files will be backed up.")
if not input_yes_no("Continue?", True):
print_info("Configuration cancelled")
return
# Backup existing files
self.backup_existing_files()
# Collect configuration
self.collect_genesis_config()
self.collect_network_config()
self.collect_besu_config()
self.collect_deployment_config()
# Generate files
print_header("Generating Configuration Files")
self.generate_genesis_json()
self.generate_besu_config('validators')
self.generate_besu_config('sentries')
self.generate_besu_config('rpc')
self.generate_terraform_vars()
self.generate_helm_values()
self.generate_config_summary()
print_header("Configuration Complete")
print_success("All configuration files have been generated successfully!")
print_info(f"Configuration summary: {self.project_root / 'CONFIG_SUMMARY.md'}")
print_info(f"Backup directory: {self.backup_dir}")
print_warning("Please review the generated files before deploying.")
except KeyboardInterrupt:
print_error("\nConfiguration cancelled by user")
sys.exit(1)
except Exception as e:
print_error(f"Error: {e}")
import traceback
traceback.print_exc()
sys.exit(1)
def main():
"""Main entry point"""
project_root = Path(__file__).parent.parent
configurator = NetworkConfigurator(project_root)
configurator.run()
if __name__ == "__main__":
main()

47
scripts/configure-network.sh Executable file
View File

@@ -0,0 +1,47 @@
#!/usr/bin/env bash
# Wrapper script for configure-network.py
# Provides easy access to the configuration tool
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
# Check Python version
if ! command -v python3 &> /dev/null; then
log_error "Error: Python 3 is required"
exit 1
fi
PYTHON_VERSION=$(python3 --version | cut -d' ' -f2 | cut -d'.' -f1,2)
REQUIRED_VERSION="3.8"
if [ "$(printf '%s\n' "$REQUIRED_VERSION" "$PYTHON_VERSION" | sort -V | head -n1)" != "$REQUIRED_VERSION" ]; then
log_error "Error: Python 3.8 or higher is required (found $PYTHON_VERSION)"
exit 1
fi
# Check if script exists
if [ ! -f "$SCRIPT_DIR/configure-network.py" ]; then
log_error "Error: configure-network.py not found"
exit 1
fi
# Run configuration tool
log_success "Starting Besu Network Configuration Tool..."
cd "$PROJECT_ROOT"
python3 "$SCRIPT_DIR/configure-network.py" "$@"
exit_code=$?
if [ $exit_code -eq 0 ]; then
log_success "Configuration complete!"
else
log_error "Configuration failed with exit code $exit_code"
exit $exit_code
fi

180
scripts/deployment/DEPLOY_FROM_PROXY.md Normal file
View File

@@ -0,0 +1,180 @@
# Deploy Phase 2 from Nginx Proxy Host
## Quick Start
**You need to SSH to the proxy host first. The proxy may use a different SSH key.**
### Step 1: SSH to Nginx Proxy
```bash
# Try with different keys if available:
ssh besuadmin@20.160.58.99
# Or with a specific key:
ssh -i /path/to/proxy/key besuadmin@20.160.58.99
```
### Step 2: Copy Project Files to Proxy (if needed)
**From your local machine**, after SSH access is working:
```bash
cd /home/intlc/projects/smom-dbis-138
# Copy project to proxy (adjust key path as needed)
rsync -avz -e "ssh -i /path/to/proxy/key" \
--exclude '.git' \
--exclude '.terraform' \
--exclude '*.tfstate*' \
--exclude '.terraform.lock.hcl' \
--exclude 'terraform.tfvars' \
--exclude 'node_modules' \
--exclude '__pycache__' \
--exclude '*.pyc' \
--progress \
./ \
besuadmin@20.160.58.99:~/smom-dbis-138/
```
### Step 3: Deploy from Proxy Host
**On the proxy host (20.160.58.99):**
```bash
# Navigate to project
cd ~/smom-dbis-138
# Load environment variables
source .env
# Verify SSH key path is correct for accessing VMs
ls -la keys/besuadmin-us-nodes_key.pem
# Ensure key has correct permissions
chmod 600 keys/besuadmin-us-nodes_key.pem
# Generate Phase 2 configuration (reads Phase 1 outputs)
cd terraform/phases/phase1
terraform output -json phase1_us_regions > /tmp/phase1_outputs.json
cd ../phase2
# Generate terraform.tfvars
../../scripts/deployment/generate-phase2-tfvars.sh
# Review configuration
cat terraform.tfvars
# Initialize Terraform
terraform init -upgrade
# Plan deployment
terraform plan
# Deploy to all 5 regions (parallel)
terraform apply -auto-approve
```
### Step 4: Start Services
**On the proxy host:**
```bash
cd ~/smom-dbis-138
# Start all services in parallel across all regions
./terraform/phases/phase2/scripts/start-services.sh all
```
### Step 5: Verify Deployment
**On the proxy host:**
```bash
cd ~/smom-dbis-138
# Check status of all regions in parallel
./terraform/phases/phase2/scripts/status.sh all
```
## Alternative: Use Convenience Script
**On the proxy host:**
```bash
cd ~/smom-dbis-138
source .env
./scripts/deployment/deploy-phase2-from-proxy.sh
```
## Troubleshooting
### SSH Key Issues
If the proxy uses a different SSH key:
1. Check if you have the proxy key:
```bash
ls -la ~/.ssh/ | grep -E "(proxy|bastion|nginx)"
```
2. Try connecting with different keys:
```bash
ssh -i ~/.ssh/id_rsa besuadmin@20.160.58.99
ssh -i ~/.ssh/id_ed25519 besuadmin@20.160.58.99
```
3. Check SSH config:
```bash
cat ~/.ssh/config | grep -A 10 "20.160.58.99"
```
### Verify VM Connectivity from Proxy
**On the proxy host**, test SSH to VMs:
```bash
# Test each VM
for ip in 10.1.1.4 10.2.1.4 10.3.1.4 10.4.1.4 10.5.1.4; do
echo "Testing $ip..."
ssh -i ~/smom-dbis-138/keys/besuadmin-us-nodes_key.pem \
-o StrictHostKeyChecking=no \
besuadmin@$ip "echo '✅ $ip: OK'"
done
```
### Terraform Issues
If Terraform can't connect to VMs:
1. Check SSH key path in `.env`:
```bash
grep SSH_PRIVATE_KEY_PATH .env
```
2. Verify key permissions:
```bash
chmod 600 keys/besuadmin-us-nodes_key.pem
```
3. Test SSH manually:
```bash
ssh -i keys/besuadmin-us-nodes_key.pem besuadmin@10.3.1.4
```
## Complete Deployment Command Sequence
**Copy and run on proxy host:**
```bash
cd ~/smom-dbis-138
source .env
chmod 600 keys/besuadmin-us-nodes_key.pem
cd terraform/phases/phase2
terraform init -upgrade
terraform apply -auto-approve
cd ~/smom-dbis-138
./terraform/phases/phase2/scripts/start-services.sh all
./terraform/phases/phase2/scripts/status.sh all
```

402
scripts/deployment/README.md Normal file
View File

@@ -0,0 +1,402 @@
# Deployment Scripts
This directory contains deployment automation scripts for ChainID 138.
## Scripts
### `deploy-all.sh`
Complete deployment automation script that orchestrates all deployment steps.
**Usage**:
```bash
./scripts/deployment/deploy-all.sh [options]
```
**Options**:
- `--skip-infrastructure`: Skip infrastructure deployment
- `--skip-kubernetes`: Skip Kubernetes deployment
- `--skip-blockscout`: Skip Blockscout deployment
- `--skip-contracts`: Skip contract deployment
- `--skip-cloudflare`: Skip Cloudflare DNS configuration
- `--skip-token-list`: Skip token list update
**Example**:
```bash
# Deploy everything
./scripts/deployment/deploy-all.sh
# Deploy only contracts
./scripts/deployment/deploy-all.sh \
--skip-infrastructure \
--skip-kubernetes \
--skip-blockscout \
--skip-cloudflare
```
### `cloudflare-dns.sh`
Configures Cloudflare DNS records for d-bis.org domain.
**Usage**:
```bash
./scripts/deployment/cloudflare-dns.sh \
--zone-id <ZONE_ID> \
--api-token <API_TOKEN> \
--ip <IP_ADDRESS> \
[--domain <DOMAIN>]
```
**Example**:
```bash
./scripts/deployment/cloudflare-dns.sh \
--zone-id abc123def456 \
--api-token your-api-token \
--ip 1.2.3.4
```
### `update-token-list.sh`
Updates token-list.json with deployed contract addresses.
**Usage**:
```bash
./scripts/deployment/update-token-list.sh
```
**Requirements**:
- `contracts-deployed.json` file must exist
- Contract addresses must be in the file
### `verify-deployment.sh`
Comprehensive deployment verification script.
**Usage**:
```bash
./scripts/deployment/verify-deployment.sh
```
**Checks**:
- RPC endpoint accessibility
- Blockscout explorer accessibility
- Contract deployments
- Kubernetes resources
- MetaMask integration files
- DNS configuration
### `submit-ethereum-lists-pr.sh`
Automates the creation of a PR to ethereum-lists/chains.
**Usage**:
```bash
./scripts/deployment/submit-ethereum-lists-pr.sh
```
**Requirements**:
- GitHub CLI (`gh`) installed and authenticated
- Fork of ethereum-lists/chains repository
### `submit-token-list.sh`
Provides instructions for submitting token list to aggregators.
**Usage**:
```bash
./scripts/deployment/submit-token-list.sh
```
**Output**:
- Submission instructions for CoinGecko
- Submission instructions for Uniswap
- Submission instructions for Token Lists aggregator
- Submission report file
### WETH Contract Deployment Scripts
#### `deploy-weth.sh`
Deploys WETH9 contract to ChainID 138.
**Usage**:
```bash
export RPC_URL="https://rpc.d-bis.org"
export PRIVATE_KEY="your-private-key"
./scripts/deployment/deploy-weth.sh
```
#### `deploy-weth10.sh`
Deploys WETH10 contract to ChainID 138.
**Usage**:
```bash
export RPC_URL="https://rpc.d-bis.org"
export PRIVATE_KEY="your-private-key"
./scripts/deployment/deploy-weth10.sh
```
#### `deploy-weth-with-ccip.sh`
Deploys all WETH contracts (WETH9, WETH10) and CCIP bridges in a single transaction.
**Usage**:
```bash
export RPC_URL="https://rpc.d-bis.org"
export PRIVATE_KEY="your-private-key"
export CCIP_ROUTER="0x..."
export CCIP_FEE_TOKEN="0x..." # LINK token address
# Optional: Configure what to deploy
export DEPLOY_WETH9="true"
export DEPLOY_WETH10="true"
export DEPLOY_BRIDGES="true"
# Optional: Use existing WETH addresses instead of deploying
export WETH9_ADDRESS="0x..." # Optional
export WETH10_ADDRESS="0x..." # Optional
./scripts/deployment/deploy-weth-with-ccip.sh
```
### CCIP Bridge Deployment Scripts
#### `deploy-ccip-weth9-bridge.sh`
Deploys CCIPWETH9Bridge for cross-chain WETH9 transfers.
**Usage**:
```bash
export RPC_URL="https://rpc.d-bis.org"
export PRIVATE_KEY="your-private-key"
export CCIP_ROUTER="0x..."
export CCIP_FEE_TOKEN="0x..." # LINK token address
export WETH9_ADDRESS="0x..." # WETH9 address (defaults to mainnet address)
./scripts/deployment/deploy-ccip-weth9-bridge.sh
```
#### `deploy-ccip-weth10-bridge.sh`
Deploys CCIPWETH10Bridge for cross-chain WETH10 transfers.
**Usage**:
```bash
export RPC_URL="https://rpc.d-bis.org"
export PRIVATE_KEY="your-private-key"
export CCIP_ROUTER="0x..."
export CCIP_FEE_TOKEN="0x..." # LINK token address
export WETH10_ADDRESS="0x..." # WETH10 address (defaults to mainnet address)
./scripts/deployment/deploy-ccip-weth10-bridge.sh
```
### Bridge Configuration Scripts
#### `configure-weth9-bridge.sh`
Provides instructions for configuring CCIPWETH9Bridge destinations.
**Usage**:
```bash
# Ensure .env file contains bridge addresses
./scripts/deployment/configure-weth9-bridge.sh
```
#### `configure-weth10-bridge.sh`
Provides instructions for configuring CCIPWETH10Bridge destinations.
**Usage**:
```bash
# Ensure .env file contains bridge addresses
./scripts/deployment/configure-weth10-bridge.sh
```
## Prerequisites
### Required Tools
- `az` - Azure CLI (must be authenticated with `az login`)
- `terraform` - Terraform
- `kubectl` - Kubernetes CLI
- `helm` - Helm
- `forge` - Foundry
- `cast` - Foundry
- `jq` - JSON processor
- `curl` - HTTP client
- `gh` - GitHub CLI (for PR submission)
### Azure Authentication
**Important**: Azure CLI must be authenticated before running deployment scripts.
#### For WSL Users
1. **Install Azure CLI** (if not already installed):
```bash
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
```
2. **Login to Azure**:
```bash
az login
```
This will open a browser window for authentication.
3. **Verify login**:
```bash
az account show
```
4. **Set subscription** (if needed):
```bash
az account set --subscription <subscription-id>
```
#### Using the Azure Login Helper Script
```bash
# Interactive login (opens browser)
./scripts/deployment/azure-login.sh interactive
# Service principal login
./scripts/deployment/azure-login.sh service-principal
# Managed identity login (for Azure VM/Container)
./scripts/deployment/azure-login.sh managed-identity
```
#### Service Principal Authentication
For CI/CD or automated deployments, use service principal:
```bash
az login --service-principal \
--username <app-id> \
--password <app-secret> \
--tenant <tenant-id>
```
Set these in your `.env` file:
- `AZURE_CLIENT_ID` - Service principal app ID
- `AZURE_CLIENT_SECRET` - Service principal secret
- `AZURE_TENANT_ID` - Azure tenant ID
- `AZURE_SUBSCRIPTION_ID` - Azure subscription ID
### Required Environment Variables
- `AZURE_SUBSCRIPTION_ID`
- `AZURE_TENANT_ID`
- `AZURE_CLIENT_ID`
- `AZURE_CLIENT_SECRET`
- `AZURE_RESOURCE_GROUP`
- `CLOUDFLARE_API_TOKEN`
- `CLOUDFLARE_ZONE_ID`
- `PRIVATE_KEY`
- `RPC_URL`
- `EXPLORER_URL`
## Deployment Workflow
### 1. Initial Setup
```bash
# Create .env file
cp .env.example .env
# Edit .env with your values
# Authenticate with Azure (required for infrastructure/Kubernetes/Cloudflare tasks)
# For WSL users:
az login
# Or use the helper script:
./scripts/deployment/azure-login.sh
# Verify authentication
az account show
# Verify prerequisites
./scripts/deployment/deploy-all.sh --help
```
### 2. Deploy Infrastructure
```bash
# Deploy Azure infrastructure
./scripts/deployment/deploy-all.sh \
--skip-kubernetes \
--skip-blockscout \
--skip-contracts \
--skip-cloudflare
```
### 3. Configure DNS
```bash
# Get Application Gateway IP
APP_GATEWAY_IP=$(az network application-gateway show ...)
# Configure Cloudflare DNS
./scripts/deployment/cloudflare-dns.sh \
--zone-id $CLOUDFLARE_ZONE_ID \
--api-token $CLOUDFLARE_API_TOKEN \
--ip $APP_GATEWAY_IP
```
### 4. Deploy Kubernetes
```bash
# Deploy Kubernetes resources
./scripts/deployment/deploy-all.sh \
--skip-infrastructure \
--skip-blockscout \
--skip-contracts \
--skip-cloudflare
```
### 5. Deploy Blockscout
```bash
# Deploy Blockscout
./scripts/deployment/deploy-all.sh \
--skip-infrastructure \
--skip-kubernetes \
--skip-contracts \
--skip-cloudflare
```
### 6. Deploy Contracts
```bash
# Deploy contracts
./scripts/deployment/deploy-all.sh \
--skip-infrastructure \
--skip-kubernetes \
--skip-blockscout \
--skip-cloudflare
```
### 7. Update Token List
```bash
# Update token list
./scripts/deployment/update-token-list.sh
```
### 8. Verify Deployment
```bash
# Verify deployment
./scripts/deployment/verify-deployment.sh
```
## Troubleshooting
### Common Issues
#### Terraform Errors
- Check Azure credentials
- Verify resource group exists
- Check Terraform state
#### Kubernetes Errors
- Verify kubectl is configured
- Check AKS cluster is accessible
- Verify namespace exists
#### Contract Deployment Errors
- Check RPC URL is accessible
- Verify private key is correct
- Check account has sufficient balance
#### DNS Errors
- Verify Cloudflare credentials
- Check DNS zone exists
- Wait for DNS propagation
## Support
For issues or questions:
- Review deployment logs
- Check troubleshooting guide
- Open an issue on GitHub

62
scripts/deployment/README_CONSOLIDATION.md Normal file
View File

@@ -0,0 +1,62 @@
# Deployment Scripts Consolidation
**Date**: 2025-11-18
**Status**: In Progress
## Unified Scripts
### Contract Deployment
- **`deploy-contracts-unified.sh`** - Unified contract deployment script
- Supports both `--mode ordered` and `--mode parallel`
- Replaces: `deploy-all-contracts.sh`, `deploy-contracts-parallel.sh`, `deploy-contracts-ordered.sh`
- Usage:
```bash
# Ordered deployment (respects dependencies)
./deploy-contracts-unified.sh --mode ordered
# Parallel deployment (where dependencies allow)
./deploy-contracts-unified.sh --mode parallel
# Dry run
./deploy-contracts-unified.sh --dry-run
```
### WETH Deployment
- **`deploy-weth-unified.sh`** - Unified WETH deployment script
- Supports multiple methods: `create`, `create2`, `genesis`
- Supports token selection: `weth9`, `weth10`, `both`
- Optional CCIP bridge deployment
- Replaces: Multiple WETH deployment scripts
## Legacy Scripts (Still Available)
The following scripts are still available but may be consolidated in the future:
- `deploy-all-contracts.sh` - Use `deploy-contracts-unified.sh` instead
- `deploy-contracts-parallel.sh` - Use `deploy-contracts-unified.sh --mode parallel` instead
- `deploy-contracts-ordered.sh` - Use `deploy-contracts-unified.sh --mode ordered` instead
- `deploy-weth.sh` - Use `deploy-weth-unified.sh` instead
- `deploy-weth-create.sh` - Use `deploy-weth-unified.sh --method create` instead
- `deploy-weth-create2.sh` - Use `deploy-weth-unified.sh --method create2` instead
## Migration Guide
### Old Way
```bash
./deploy-all-contracts.sh
./deploy-weth.sh
```
### New Way
```bash
./deploy-contracts-unified.sh --mode ordered
./deploy-weth-unified.sh --method create --token both
```
## Future Consolidation
Planned consolidations:
1. Infrastructure deployment scripts
2. Verification scripts
3. Status checking scripts
4. Monitoring scripts

113
scripts/deployment/add-cloudflare-env.sh Executable file
View File

@@ -0,0 +1,113 @@
#!/usr/bin/env bash
# Add Cloudflare credentials to .env file
# Usage: ./scripts/deployment/add-cloudflare-env.sh <zone-id> <api-token>
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
ENV_FILE="${PROJECT_ROOT}/.env"
log() {
log_success "[INFO] $1"
}
error() {
log_error "[ERROR] $1"
exit 1
}
warn() {
log_warn "[WARNING] $1"
}
info() {
log_info "[INFO] $1"
}
prompt() {
log_info "[PROMPT] $1"
}
# Get Zone ID
if [ $# -ge 1 ] && [ -n "$1" ]; then
ZONE_ID="$1"
else
prompt "Enter Cloudflare Zone ID:"
read -r ZONE_ID
if [ -z "$ZONE_ID" ]; then
error "Zone ID is required"
fi
fi
# Get API Token
if [ $# -ge 2 ] && [ -n "$2" ]; then
API_TOKEN="$2"
else
prompt "Enter Cloudflare API Token:"
read -rs API_TOKEN
echo
if [ -z "$API_TOKEN" ]; then
error "API Token is required"
fi
fi
# Validate Zone ID format (should be 32 character hex string)
if ! [[ "$ZONE_ID" =~ ^[a-f0-9]{32}$ ]]; then
warn "Zone ID format may be incorrect (expected 32 character hex string)"
fi
# Create .env file if it doesn't exist
if [ ! -f "$ENV_FILE" ]; then
log "Creating .env file..."
touch "$ENV_FILE"
fi
# Update or add CLOUDFLARE_ZONE_ID
if grep -q "^CLOUDFLARE_ZONE_ID=" "$ENV_FILE" 2>/dev/null; then
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|^CLOUDFLARE_ZONE_ID=.*|CLOUDFLARE_ZONE_ID=$ZONE_ID|" "$ENV_FILE"
else
sed -i "s|^CLOUDFLARE_ZONE_ID=.*|CLOUDFLARE_ZONE_ID=$ZONE_ID|" "$ENV_FILE"
fi
log "Updated CLOUDFLARE_ZONE_ID"
else
echo "CLOUDFLARE_ZONE_ID=$ZONE_ID" >> "$ENV_FILE"
log "Added CLOUDFLARE_ZONE_ID"
fi
# Update or add CLOUDFLARE_API_TOKEN
if grep -q "^CLOUDFLARE_API_TOKEN=" "$ENV_FILE" 2>/dev/null; then
if [[ "$OSTYPE" == "darwin"* ]]; then
sed -i '' "s|^CLOUDFLARE_API_TOKEN=.*|CLOUDFLARE_API_TOKEN=$API_TOKEN|" "$ENV_FILE"
else
sed -i "s|^CLOUDFLARE_API_TOKEN=.*|CLOUDFLARE_API_TOKEN=$API_TOKEN|" "$ENV_FILE"
fi
log "Updated CLOUDFLARE_API_TOKEN"
else
echo "CLOUDFLARE_API_TOKEN=$API_TOKEN" >> "$ENV_FILE"
log "Added CLOUDFLARE_API_TOKEN"
fi
log "Cloudflare credentials added to .env file"
log "Zone ID: $ZONE_ID"
log "API Token: *** (hidden)"
# Test the token (optional)
info "Testing Cloudflare API token..."
TEST_RESPONSE=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" 2>/dev/null || echo "")
if echo "$TEST_RESPONSE" | grep -q '"success":true' 2>/dev/null; then
ZONE_NAME=$(echo "$TEST_RESPONSE" | grep -o '"name":"[^"]*"' | cut -d'"' -f4 || echo "unknown")
log "✅ API token is valid! Zone: $ZONE_NAME"
else
warn "⚠️ Could not verify API token. Please check:"
warn " 1. Zone ID is correct"
warn " 2. API token has correct permissions"
warn " 3. API token hasn't expired"
fi

53
scripts/deployment/apply-cloud-sovereignty.sh Executable file
View File

@@ -0,0 +1,53 @@
#!/usr/bin/env bash
# Apply Cloud for Sovereignty Landing Zone Deployment
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "==================================================================="
echo " APPLYING CLOUD FOR SOVEREIGNTY LANDING ZONE"
echo "==================================================================="
cd terraform/well-architected/cloud-sovereignty
# Check if plan exists
if [ ! -f "tfplan" ]; then
log_error "❌ Terraform plan not found"
echo "Run: terraform plan -out=tfplan"
exit 1
fi
# Show plan summary
log_info "Plan Summary:"
grep -E "(Plan:|to add|to change|to destroy)" plan-output.txt 2>/dev/null | head -5 || echo "Review plan-output.txt"
log_warn "⚠️ This will create ~528 resources across 44 regions"
read -p "Apply Terraform plan? (y/N): " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
log_info "Applying Terraform plan..."
echo "This may take 30-60 minutes..."
terraform apply -auto-approve tfplan
if [ $? -eq 0 ]; then
log_success "✅ Deployment complete!"
echo "Next steps:"
echo " 1. Verify resources in Azure Portal"
echo " 2. Review resource groups per region"
echo " 3. Configure AKS clusters (Phase 2)"
echo " 4. Deploy Besu network (Phase 3)"
else
log_error "❌ Deployment failed"
exit 1
fi
else
log_warn "⚠️ Deployment cancelled"
echo "Plan saved to: tfplan"
echo "Apply later with: terraform apply tfplan"
fi
cd ../../..

217
scripts/deployment/azure-login.sh Executable file
View File

@@ -0,0 +1,217 @@
#!/usr/bin/env bash
# Azure Login Helper Script
# Helps authenticate with Azure CLI, especially for WSL users
set -euo pipefail
# Configuration
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Load environment variables
if [ -f "${PROJECT_ROOT}/.env" ]; then
set -a
source "${PROJECT_ROOT}/.env"
set +a
fi
# Logging function
log() {
log_success "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
}
error() {
log_error "[ERROR] $1"
exit 1
}
warn() {
log_warn "[WARNING] $1"
}
info() {
log_info "[INFO] $1"
}
# Check if Azure CLI is installed
check_azure_cli() {
if ! command -v az &> /dev/null; then
error "Azure CLI is not installed."
error "
error "Installation instructions:"
error " WSL/Ubuntu: curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash"
error " macOS: brew install azure-cli"
error " Windows: https://aka.ms/installazurecliwindows"
error "
error "See: https://docs.microsoft.com/cli/azure/install-azure-cli"
exit 1
fi
log "Azure CLI is installed: $(az --version | head -n 1)"
}
# Check if already logged in
check_already_logged_in() {
if az account show &> /dev/null; then
local current_sub=$(az account show --query id -o tsv 2>/dev/null || echo "")
local current_user=$(az account show --query user.name -o tsv 2>/dev/null || echo "")
log "Already logged in to Azure"
log "Current user: $current_user"
log "Current subscription: $current_sub"
# Check if subscription matches (if AZURE_SUBSCRIPTION_ID is set)
if [ -n "${AZURE_SUBSCRIPTION_ID:-}" ] && [ "$current_sub" != "$AZURE_SUBSCRIPTION_ID" ]; then
warn "Current subscription ($current_sub) does not match AZURE_SUBSCRIPTION_ID ($AZURE_SUBSCRIPTION_ID)"
info "Setting subscription to: $AZURE_SUBSCRIPTION_ID"
az account set --subscription "$AZURE_SUBSCRIPTION_ID" || error "Failed to set Azure subscription"
log "Subscription set to: $AZURE_SUBSCRIPTION_ID"
fi
return 0
fi
return 1
}
# Login with interactive browser
login_interactive() {
log "Logging in to Azure interactively..."
info "This will open a browser window for authentication"
az login || error "Azure login failed"
# List available subscriptions
log "Available subscriptions:"
az account list --output table || error "Failed to list subscriptions"
# Set subscription if AZURE_SUBSCRIPTION_ID is set
if [ -n "${AZURE_SUBSCRIPTION_ID:-}" ]; then
info "Setting subscription to: $AZURE_SUBSCRIPTION_ID"
az account set --subscription "$AZURE_SUBSCRIPTION_ID" || error "Failed to set Azure subscription"
log "Subscription set to: $AZURE_SUBSCRIPTION_ID"
else
warn "AZURE_SUBSCRIPTION_ID is not set. Using default subscription."
info "To set a specific subscription, run: az account set --subscription <subscription-id>"
fi
# Verify login
local current_sub=$(az account show --query id -o tsv 2>/dev/null || echo "")
local current_user=$(az account show --query user.name -o tsv 2>/dev/null || echo "")
log "Login successful"
log "Current user: $current_user"
log "Current subscription: $current_sub"
}
# Login with service principal
login_service_principal() {
local app_id="${AZURE_CLIENT_ID:-}"
local app_secret="${AZURE_CLIENT_SECRET:-}"
local tenant_id="${AZURE_TENANT_ID:-}"
if [ -z "$app_id" ] || [ -z "$app_secret" ] || [ -z "$tenant_id" ]; then
error "Service principal credentials not found in environment variables"
error "Required: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID"
exit 1
fi
log "Logging in with service principal..."
info "App ID: $app_id"
info "Tenant ID: $tenant_id"
az login --service-principal \
--username "$app_id" \
--password "$app_secret" \
--tenant "$tenant_id" || error "Service principal login failed"
# Set subscription if AZURE_SUBSCRIPTION_ID is set
if [ -n "${AZURE_SUBSCRIPTION_ID:-}" ]; then
info "Setting subscription to: $AZURE_SUBSCRIPTION_ID"
az account set --subscription "$AZURE_SUBSCRIPTION_ID" || error "Failed to set Azure subscription"
log "Subscription set to: $AZURE_SUBSCRIPTION_ID"
fi
# Verify login
local current_sub=$(az account show --query id -o tsv 2>/dev/null || echo "")
log "Login successful"
log "Current subscription: $current_sub"
}
# Login with managed identity (for Azure VM/Container)
login_managed_identity() {
log "Logging in with managed identity..."
az login --identity || error "Managed identity login failed"
# Set subscription if AZURE_SUBSCRIPTION_ID is set
if [ -n "${AZURE_SUBSCRIPTION_ID:-}" ]; then
info "Setting subscription to: $AZURE_SUBSCRIPTION_ID"
az account set --subscription "$AZURE_SUBSCRIPTION_ID" || error "Failed to set Azure subscription"
log "Subscription set to: $AZURE_SUBSCRIPTION_ID"
fi
# Verify login
local current_sub=$(az account show --query id -o tsv 2>/dev/null || echo "")
log "Login successful"
log "Current subscription: $current_sub"
}
# Main function
main() {
log "Azure Login Helper"
log "=================="
# Check if Azure CLI is installed
check_azure_cli
# Check if already logged in
if check_already_logged_in; then
log "Already authenticated. No action needed."
exit 0
fi
# Determine login method
local login_method="${1:-interactive}"
case "$login_method" in
interactive)
login_interactive
;;
service-principal|sp)
login_service_principal
;;
managed-identity|mi)
login_managed_identity
;;
*)
error "Unknown login method: $login_method"
error "
error "Usage: $0 [interactive|service-principal|managed-identity]"
error "
error "Login methods:"
error " interactive - Interactive browser login (default)"
error " service-principal - Login with service principal (requires AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID)"
error " managed-identity - Login with managed identity (for Azure VM/Container)"
exit 1
;;
esac
# Verify authentication
log "Verifying authentication..."
if az account show &> /dev/null; then
log "Authentication verified successfully"
else
error "Authentication verification failed"
fi
# Display account information
log "Account information:"
az account show --output table || error "Failed to get account information"
}
# Run main function
main "$@"

103
scripts/deployment/begin-infrastructure-deployment.sh Executable file
View File

@@ -0,0 +1,103 @@
#!/usr/bin/env bash
# Begin Chain-138 Infrastructure Deployment
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "==================================================================="
echo " BEGINNING CHAIN-138 INFRASTRUCTURE DEPLOYMENT"
echo "==================================================================="
# Load environment variables
if [ -f .env ]; then
source .env 2>/dev/null || true
fi
# Step 1: Run prerequisite check
log_info "Step 1: Running Prerequisite Checks..."
./scripts/deployment/deploy-chain138-infrastructure.sh
PREREQ_STATUS=$?
if [ $PREREQ_STATUS -ne 0 ]; then
log_error "❌ Prerequisites not met. Please resolve issues above."
exit 1
fi
log_info "Step 2: Terraform Planning..."
cd terraform
# Check if already initialized
if [ ! -d ".terraform" ]; then
echo "Initializing Terraform..."
terraform init 2>&1 | tail -10
fi
# Create plan
echo "Creating Terraform plan..."
terraform plan -out=tfplan 2>&1 | tail -30
PLAN_STATUS=$?
cd ..
if [ $PLAN_STATUS -eq 0 ]; then
log_success "✅ Terraform plan created successfully"
log_warn "⚠️ REVIEW THE PLAN ABOVE BEFORE PROCEEDING"
echo "To apply the plan:"
echo " cd terraform"
echo " terraform apply tfplan"
echo "Or to apply directly:"
echo " cd terraform"
echo " terraform apply"
else
log_error "❌ Terraform plan failed"
exit 1
fi
log_info "Step 3: Preparing Kubernetes Resources..."
# Check Kubernetes manifests
if [ -d "k8s" ]; then
MANIFEST_COUNT=$(find k8s -name "*.yaml" -o -name "*.yml" 2>/dev/null | wc -l)
log_success "✅ Found $MANIFEST_COUNT Kubernetes manifest files"
# Check for namespace
if [ -f "k8s/base/namespace.yaml" ]; then
log_success "✅ Namespace manifest found"
else
log_warn "⚠️ Namespace manifest not found"
fi
else
log_error "❌ k8s directory not found"
fi
log_info "Step 4: Preparing Helm Charts..."
if [ -d "helm" ]; then
CHART_COUNT=$(find helm -name "Chart.yaml" 2>/dev/null | wc -l)
log_success "✅ Found $CHART_COUNT Helm charts"
# Check for besu-network chart
if [ -f "helm/besu-network/Chart.yaml" ]; then
log_success "✅ Besu network chart found"
else
log_warn "⚠️ Besu network chart not found"
fi
else
log_error "❌ helm directory not found"
fi
echo "==================================================================="
log_info "DEPLOYMENT READY"
echo "==================================================================="
log_success "✅ Infrastructure deployment preparation complete!"
echo "Next steps:"
echo " 1. Review Terraform plan (in terraform/tfplan)"
echo " 2. Apply Terraform: cd terraform && terraform apply tfplan"
echo " 3. Get kubeconfig: az aks get-credentials --resource-group <rg> --name <cluster>"
echo " 4. Deploy Kubernetes: kubectl apply -k k8s/base"
echo " 5. Deploy Besu: helm install besu-validators ./helm/besu-network -n besu-network"

217
scripts/deployment/calculate-costs-consolidated.sh Executable file
View File

@@ -0,0 +1,217 @@
#!/usr/bin/env bash
# Consolidated Cost Calculator
# Replaces: calculate-accurate-costs.sh, calculate-accurate-deployment-costs.sh,
# calculate-conservative-costs.sh, calculate-contract-deployment-costs.sh,
# calculate-gas-fees.sh, update-all-cost-estimates.sh, update-cost-estimates.sh,
# finalize-cost-estimates.sh, get-accurate-gas-price.sh, get-conservative-gas-price.sh,
# get-mainnet-gas-prices.sh, get-real-gas-prices.sh, test-etherscan-gas-api.sh
#
# Usage:
# calculate-costs-consolidated.sh [--source TYPE] [--eth-price USD] [--gas TYPE] [--format OUTPUT]
# Sources: auto, rpc, infura, default, conservative
# Gas types: deployment, configuration, total, custom
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
load_env --file "$SCRIPT_DIR/../../.env" ${ENV_PROFILE:+--profile "$ENV_PROFILE"}
SCRIPT_NAME="calculate-costs-consolidated.sh"
SCRIPT_DESC="Calculate deployment costs using costs.sh (supports JSON and text outputs)"
SCRIPT_USAGE="${SCRIPT_NAME} [--source auto|infura|conservative] [--format text|json] [--help]"
SCRIPT_OPTIONS="--source <name> Gas price source (default: auto)\n--format <fmt> Output format (text|json)\n--help Show help"
SCRIPT_REQUIREMENTS="bc, costs.sh library, optional network access for gas feeds"
handle_help "${1:-}"
DRY_RUN="${DRY_RUN:-0}"
net_call() {
if [ "$DRY_RUN" = "1" ]; then
echo "[DRY RUN] simulate network call: $*"; echo ""; return 0
fi
"$@"
}
source "$SCRIPT_DIR/../lib/deployment/costs.sh"
# Defaults
GAS_SOURCE="${GAS_SOURCE:-auto}"
ETH_PRICE_USD="${ETH_PRICE_USD:-$(get_eth_price)}"
GAS_TYPE="${GAS_TYPE:-total}"
CUSTOM_GAS="${CUSTOM_GAS:-}"
OUTPUT_FORMAT="${OUTPUT_FORMAT:-table}"
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
--source)
GAS_SOURCE="$2"
shift 2
;;
--eth-price)
ETH_PRICE_USD="$2"
shift 2
;;
--gas)
GAS_TYPE="$2"
shift 2
;;
--custom-gas)
CUSTOM_GAS="$2"
shift 2
;;
--format)
OUTPUT_FORMAT="$2"
shift 2
;;
--help)
cat << EOF
Consolidated Cost Calculator
Usage: $0 [OPTIONS]
Options:
--source TYPE Gas price source (auto|rpc|infura|default|conservative)
Default: auto
--eth-price USD ETH price in USD
Default: \$ETH_PRICE_USD or 2500
--gas TYPE Gas calculation type (deployment|configuration|total|custom)
Default: total
--custom-gas N Custom gas amount (requires --gas custom)
--format FORMAT Output format (table|json|csv)
Default: table
--help Show this help message
Examples:
$0 # Calculate total costs with auto gas price
$0 --source conservative # Use conservative gas estimate
$0 --gas deployment # Only deployment gas
$0 --gas custom --custom-gas 500000 # Custom gas amount
$0 --format json # JSON output
EOF
exit 0
;;
*)
log_error "Unknown option: $1"
exit 1
;;
esac
done
# Get gas price
log_info "Fetching gas price from $GAS_SOURCE source..."
RESULT=$(net_call get_gas_price "$GAS_SOURCE")
gas_price_wei=$(echo "$RESULT" | cut -d'|' -f1)
gas_price_gwei=$(echo "$RESULT" | cut -d'|' -f2)
source_name=$(echo "$RESULT" | cut -d'|' -f3)
log_success "Gas price: $gas_price_gwei gwei (from $source_name)"
echo ""
# Determine gas amounts
case "$GAS_TYPE" in
deployment)
total_gas=$((DEFAULT_CCIPWETH9_BRIDGE_GAS + DEFAULT_CCIPWETH10_BRIDGE_GAS))
items=(
"CCIPWETH9Bridge:$DEFAULT_CCIPWETH9_BRIDGE_GAS"
"CCIPWETH10Bridge:$DEFAULT_CCIPWETH10_BRIDGE_GAS"
)
;;
configuration)
total_gas=$DEFAULT_CONFIGURATION_GAS
items=("Configuration:$DEFAULT_CONFIGURATION_GAS")
;;
total)
total_gas=$((DEFAULT_CCIPWETH9_BRIDGE_GAS + DEFAULT_CCIPWETH10_BRIDGE_GAS + DEFAULT_CONFIGURATION_GAS))
items=(
"CCIPWETH9Bridge:$DEFAULT_CCIPWETH9_BRIDGE_GAS"
"CCIPWETH10Bridge:$DEFAULT_CCIPWETH10_BRIDGE_GAS"
"Configuration:$DEFAULT_CONFIGURATION_GAS"
)
;;
custom)
if [ -z "$CUSTOM_GAS" ]; then
log_error "Custom gas amount required when using --gas custom"
exit 1
fi
total_gas=$CUSTOM_GAS
items=("Custom:$CUSTOM_GAS")
;;
*)
log_error "Invalid gas type: $GAS_TYPE"
exit 1
;;
esac
# Calculate costs
log_section "COST CALCULATIONS"
if [ "$OUTPUT_FORMAT" = "table" ]; then
echo "Gas Price: $gas_price_gwei gwei"
echo "ETH Price: \$$ETH_PRICE_USD/ETH"
echo ""
printf "%-30s %18s %18s\n" "Item" "ETH" "USD"
echo "$(printf '─%.0s' {1..66})"
total_cost_eth=0
for item_info in "${items[@]}"; do
item_name="${item_info%%:*}"
item_gas="${item_info##*:}"
cost_eth=$(calculate_cost_eth "$item_gas" "$gas_price_wei")
cost_usd=$(calculate_cost_usd "$cost_eth" "$ETH_PRICE_USD")
total_cost_eth=$(echo "scale=10; $total_cost_eth + $cost_eth" | bc)
format_cost_output "$item_name" "$cost_eth" "$cost_usd"
done
echo "$(printf '─%.0s' {1..66})"
total_cost_usd=$(calculate_cost_usd "$total_cost_eth" "$ETH_PRICE_USD")
printf "%-30s %18.8f ETH $%15.2f\n" "${GREEN}Total${NC}" "$total_cost_eth" "$total_cost_usd"
echo ""
# Recommended buffer
recommended_eth=$(echo "scale=8; $total_cost_eth * 2" | bc)
recommended_usd=$(calculate_cost_usd "$recommended_eth" "$ETH_PRICE_USD")
log_warn "Recommended Buffer: $recommended_eth ETH (\$$recommended_usd)"
elif [ "$OUTPUT_FORMAT" = "json" ]; then
json_output="{"
json_output+="\"gas_price_gwei\":\"$gas_price_gwei\","
json_output+="\"gas_price_wei\":\"$gas_price_wei\","
json_output+="\"source\":\"$source_name\","
json_output+="\"eth_price_usd\":\"$ETH_PRICE_USD\","
json_output+="\"items\":["
first=true
for item_info in "${items[@]}"; do
[ "$first" = false ] && json_output+=","
first=false
item_name="${item_info%%:*}"
item_gas="${item_info##*:}"
cost_eth=$(calculate_cost_eth "$item_gas" "$gas_price_wei")
cost_usd=$(calculate_cost_usd "$cost_eth" "$ETH_PRICE_USD")
json_output+="{\"name\":\"$item_name\",\"gas\":$item_gas,\"cost_eth\":\"$cost_eth\",\"cost_usd\":\"$cost_usd\"}"
done
json_output+="],"
total_cost_eth=$(calculate_cost_eth "$total_gas" "$gas_price_wei")
total_cost_usd=$(calculate_cost_usd "$total_cost_eth" "$ETH_PRICE_USD")
json_output+="\"total_gas\":$total_gas,"
json_output+="\"total_cost_eth\":\"$total_cost_eth\","
json_output+="\"total_cost_usd\":\"$total_cost_usd\""
json_output+="}"
echo "$json_output" | jq '.' 2>/dev/null || echo "$json_output"
elif [ "$OUTPUT_FORMAT" = "csv" ]; then
echo "Item,Gas,Cost_ETH,Cost_USD"
for item_info in "${items[@]}"; do
item_name="${item_info%%:*}"
item_gas="${item_info##*:}"
cost_eth=$(calculate_cost_eth "$item_gas" "$gas_price_wei")
cost_usd=$(calculate_cost_usd "$cost_eth" "$ETH_PRICE_USD")
echo "$item_name,$item_gas,$cost_eth,$cost_usd"
done
total_cost_eth=$(calculate_cost_eth "$total_gas" "$gas_price_wei")
total_cost_usd=$(calculate_cost_usd "$total_cost_eth" "$ETH_PRICE_USD")
echo "Total,$total_gas,$total_cost_eth,$total_cost_usd"
fi

210
scripts/deployment/calculate-create2-parameters.sh Executable file
View File

@@ -0,0 +1,210 @@
#!/usr/bin/env bash
# Calculate CREATE2 deployment parameters given target address and bytecode
# This script uses Python to reverse-calculate or find the salt/deployer combination
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
# Load environment
source .env 2>/dev/null || true
TARGET_WETH9="0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
TARGET_WETH10="0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9F"
# Standard CREATE2 deployer
CREATE2_DEPLOYER="0x4e59b44847b379578588920cA78FbF26c0B4956C"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "🔍 Calculate CREATE2 Parameters"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
# Check if contracts are compiled
if [ ! -d "out/WETH.sol" ] || [ ! -d "out/WETH10.sol" ]; then
echo "📦 Compiling contracts..."
forge build --force > /dev/null 2>&1
fi
echo "📋 Target Addresses:"
echo " WETH9: $TARGET_WETH9"
echo " WETH10: $TARGET_WETH10"
echo ""
echo "🔍 Calculating CREATE2 parameters..."
echo ""
echo "Since CREATE2 is a one-way function, we need to:"
echo " 1. Try common deployers (standard CREATE2 deployer, genesis addresses)"
echo " 2. Try common salts (0, 1, chain ID, contract name, etc.)"
echo " 3. Calculate forward and see if we get the target address"
echo ""
python3 << 'EOF'
import json
import hashlib
from eth_utils import to_checksum_address, keccak, encode_hex
# Target addresses
TARGET_WETH9 = "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
TARGET_WETH10 = "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9F"
# Known deployers to try
DEPLOYERS = [
"0x4e59b44847b379578588920cA78FbF26c0B4956C", # Standard CREATE2 deployer
"0x0742D35CC6634c0532925A3b844bc9E7595f0Beb", # Genesis address
"0xa55A4B57A91561e9df5a883D4883Bd4b1a7C4882", # Genesis address
]
def calculate_create2_address(deployer, salt, bytecode_hash):
"""Calculate CREATE2 address: keccak256(0xff ++ deployer ++ salt ++ bytecode_hash)[12:]"""
deployer_bytes = bytes.fromhex(deployer[2:])
if isinstance(salt, int):
salt_bytes = salt.to_bytes(32, 'big')
else:
salt_bytes = bytes.fromhex(salt[2:]) if salt.startswith('0x') else salt.encode()
if isinstance(bytecode_hash, str):
bytecode_hash_bytes = bytes.fromhex(bytecode_hash[2:] if bytecode_hash.startswith('0x') else bytecode_hash)
else:
bytecode_hash_bytes = bytecode_hash
data = b'\xff' + deployer_bytes + salt_bytes + bytecode_hash_bytes
hash_result = keccak(data)
address = '0x' + hash_result.hex()[-40:]
return to_checksum_address(address)
def load_bytecode_hash(contract_name):
"""Load bytecode hash from compiled artifacts"""
import os
artifacts_path = f"out/{contract_name}.sol/{contract_name}.json"
if not os.path.exists(artifacts_path):
# Try alternative path
artifacts_path = f"out/{contract_name}/{contract_name}.sol/{contract_name}.json"
if os.path.exists(artifacts_path):
with open(artifacts_path, 'r') as f:
artifact = json.load(f)
bytecode = artifact.get('bytecode', {}).get('object', '')
if bytecode:
# Calculate hash of bytecode
bytecode_bytes = bytes.fromhex(bytecode[2:])
return keccak(bytecode_bytes)
return None
def find_salt_for_target(target_address, contract_name, deployers):
"""Try to find salt that produces target address"""
print(f"\n🔍 Finding salt for {contract_name} at {target_address}...")
bytecode_hash = load_bytecode_hash(contract_name)
if not bytecode_hash:
print(f" ⚠️ Could not load bytecode for {contract_name}")
return None, None
print(f" 📦 Bytecode hash: {encode_hex(bytecode_hash)}")
# Common salts to try
common_salts = [
(0, "Zero"),
(1, "One"),
(138, "Chain ID"),
("WETH9" if "WETH" in contract_name else "WETH10", "Contract name"),
("WETH", "WETH"),
("Wrapped Ether", "Full name"),
]
# Add keccak hashes of strings
import hashlib
for i in range(10):
salt_str = f"{contract_name}{i}"
salt_bytes = hashlib.sha3_256(salt_str.encode()).digest()
salt_int = int.from_bytes(salt_bytes, 'big')
common_salts.append((salt_int, f"Keccak256('{salt_str}')"))
for deployer in deployers:
print(f"\n 🎯 Trying deployer: {deployer}")
# Try common salts
for salt_value, salt_desc in common_salts:
try:
if isinstance(salt_value, int):
salt_bytes = salt_value.to_bytes(32, 'big')
else:
salt_bytes = hashlib.sha3_256(salt_value.encode()).digest()
computed = calculate_create2_address(deployer, salt_bytes, bytecode_hash)
if computed.lower() == target_address.lower():
print(f" ✅ FOUND! Salt: {salt_desc} = {salt_value}")
print(f" Deployer: {deployer}")
print(f" Computed: {computed}")
return deployer, salt_bytes.hex()
except Exception as e:
continue
# Try sequential salts (first 1000)
print(f" 🔍 Brute-forcing first 1000 sequential salts...")
for i in range(1000):
salt_bytes = i.to_bytes(32, 'big')
try:
computed = calculate_create2_address(deployer, salt_bytes, bytecode_hash)
if computed.lower() == target_address.lower():
print(f" ✅ FOUND! Salt: {i}")
print(f" Deployer: {deployer}")
print(f" Computed: {computed}")
return deployer, salt_bytes.hex()
except:
continue
if i % 100 == 0 and i > 0:
print(f" Checked {i} salts...", end='\r')
print(f" Checked 1000 salts - not found")
return None, None
# Find parameters for WETH9
deployer9, salt9 = find_salt_for_target(TARGET_WETH9, "WETH", DEPLOYERS)
if deployer9 and salt9:
print(f"\n✅ WETH9 Parameters Found:")
print(f" Deployer: {deployer9}")
print(f" Salt: 0x{salt9}")
print(f" Use these in your deployment script!")
else:
print(f"\n❌ Could not find WETH9 parameters")
print(f" You may need to:")
print(f" 1. Check if a different deployer was used")
print(f" 2. Try more salt values")
print(f" 3. Verify the bytecode matches what was used in genesis.json")
# Find parameters for WETH10
print("\n" + "="*60)
deployer10, salt10 = find_salt_for_target(TARGET_WETH10, "WETH10", DEPLOYERS)
if deployer10 and salt10:
print(f"\n✅ WETH10 Parameters Found:")
print(f" Deployer: {deployer10}")
print(f" Salt: 0x{salt10}")
print(f" Use these in your deployment script!")
else:
print(f"\n❌ Could not find WETH10 parameters")
print(f" You may need to:")
print(f" 1. Check if a different deployer was used")
print(f" 2. Try more salt values")
print(f" 3. Verify the bytecode matches what was used in genesis.json")
EOF
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "✅ Calculation Complete"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "💡 Note: If parameters were found, use them with vm.startPrank"
echo " or vm.startBroadcast to impersonate the deployer address."
echo ""

155
scripts/deployment/calculate-create2-salt.js Executable file
View File

@@ -0,0 +1,155 @@
#!/usr/bin/env node
/**
* Calculate CREATE2 salt to produce a specific contract address
*
* CREATE2 formula:
* address = keccak256(0xff ++ deployer ++ salt ++ keccak256(bytecode))[12:]
*/
const { ethers } = require("ethers");
const fs = require("fs");
const path = require("path");
// Target addresses from genesis.json
const TARGET_WETH9 = "0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2";
const TARGET_WETH10 = "0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9F";
// Load contract bytecode from artifacts
function loadBytecode(contractName) {
const artifactsPath = path.join(__dirname, "../../out", contractName, `${contractName}.sol`, `${contractName}.json`);
if (!fs.existsSync(artifactsPath)) {
throw new Error(`Artifact not found: ${artifactsPath}`);
}
const artifact = JSON.parse(fs.readFileSync(artifactsPath, "utf8"));
return artifact.bytecode.object;
}
// Calculate CREATE2 address
function calculateCreate2Address(deployer, salt, bytecode) {
const bytecodeHash = ethers.keccak256(bytecode);
const initCodeHash = ethers.keccak256(
ethers.concat([
"0xff",
deployer,
salt,
bytecodeHash,
])
);
return ethers.getAddress("0x" + initCodeHash.slice(26));
}
// Find salt that produces target address
function findSalt(deployer, bytecode, targetAddress, maxIterations = 1000000) {
console.log(`Finding salt for target address: ${targetAddress}`);
console.log(`Deployer: ${deployer}`);
console.log(`Bytecode length: ${bytecode.length} bytes`);
console.log(`Max iterations: ${maxIterations}`);
console.log("");
// Try common salts first
const commonSalts = [
"0x0000000000000000000000000000000000000000000000000000000000000000", // Zero
"0x0000000000000000000000000000000000000000000000000000000000000001", // One
"0x000000000000000000000000000000000000000000000000000000000000008a", // Chain ID 138
ethers.keccak256(ethers.toUtf8Bytes("WETH9")),
ethers.keccak256(ethers.toUtf8Bytes("WETH10")),
ethers.keccak256(ethers.toUtf8Bytes("WETH")),
ethers.keccak256(ethers.toUtf8Bytes("Wrapped Ether")),
ethers.keccak256(ethers.toUtf8Bytes("ChainID-138-WETH9")),
ethers.keccak256(ethers.toUtf8Bytes("ChainID-138-WETH10")),
];
console.log("Trying common salts...");
for (const salt of commonSalts) {
const address = calculateCreate2Address(deployer, salt, bytecode);
console.log(` Salt: ${salt.slice(0, 20)}... → Address: ${address}`);
if (address.toLowerCase() === targetAddress.toLowerCase()) {
console.log(`\n✅ Found salt: ${salt}`);
return salt;
}
}
console.log("\nCommon salts didn't match. Brute forcing...");
console.log("(This may take a while)");
// Brute force
for (let i = 0; i < maxIterations; i++) {
const salt = ethers.zeroPadValue(ethers.toBeHex(i, 32), 32);
const address = calculateCreate2Address(deployer, salt, bytecode);
if (i % 10000 === 0) {
process.stdout.write(`\rChecked ${i} salts...`);
}
if (address.toLowerCase() === targetAddress.toLowerCase()) {
console.log(`\n✅ Found salt: ${salt} (iteration ${i})`);
return salt;
}
}
console.log(`\n❌ Could not find salt after ${maxIterations} iterations`);
return null;
}
async function main() {
const args = process.argv.slice(2);
if (args.length < 2) {
console.log("Usage: node calculate-create2-salt.js <contract-name> <deployer-address>");
console.log("");
console.log("Examples:");
console.log(" node calculate-create2-salt.js WETH 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb");
console.log(" node calculate-create2-salt.js WETH10 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb");
process.exit(1);
}
const contractName = args[0];
const deployer = ethers.getAddress(args[1]);
let targetAddress;
if (contractName === "WETH" || contractName === "WETH9") {
targetAddress = TARGET_WETH9;
} else if (contractName === "WETH10") {
targetAddress = TARGET_WETH10;
} else {
console.error(`Unknown contract: ${contractName}`);
process.exit(1);
}
try {
const bytecode = loadBytecode(contractName);
const salt = findSalt(deployer, bytecode, targetAddress);
if (salt) {
console.log("");
console.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
console.log("✅ CREATE2 Salt Found");
console.log("━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━");
console.log(`Contract: ${contractName}`);
console.log(`Target Address: ${targetAddress}`);
console.log(`Deployer: ${deployer}`);
console.log(`Salt: ${salt}`);
console.log("");
console.log("Use this salt in your CREATE2 deployment script!");
} else {
console.log("");
console.log("❌ Could not find salt");
console.log("You may need to:");
console.log(" 1. Increase maxIterations");
console.log(" 2. Check if bytecode matches");
console.log(" 3. Verify deployer address");
process.exit(1);
}
} catch (error) {
console.error(`Error: ${error.message}`);
process.exit(1);
}
}
if (require.main === module) {
main().catch(console.error);
}
module.exports = { calculateCreate2Address, findSalt };

87
scripts/deployment/canary-region.sh Executable file
View File

@@ -0,0 +1,87 @@
#!/usr/bin/env bash
set -euo pipefail
# Canary deployment for a single workload region.
# - Applies Terraform only for one region's AKS + networking + storage
# - Uses lock timeouts (no -lock=false)
# - Runs basic health checks on the AKS cluster and Besu pods
#
# Usage:
# scripts/deployment/canary-region.sh <region-name>
# scripts/deployment/canary-region.sh northeurope
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
TERRAFORM_DIR="$PROJECT_ROOT/terraform"
REGION="${1:-northeurope}"
echo "=== Canary deployment for region: ${REGION} ==="
cd "$TERRAFORM_DIR"
echo "Running Terraform plan for canary region (AKS + networking + storage)..."
terraform plan \
-lock-timeout=5m \
-compact-warnings \
-target="module.aks_global_multi_region[\"${REGION}\"]" \
-target="module.networking_global_multi_region[\"${REGION}\"]" \
-target="module.storage_global_multi_region[\"${REGION}\"]" \
-out="tfplan.canary.${REGION}"
echo
echo "Applying Terraform canary plan for ${REGION}..."
terraform apply \
-lock-timeout=5m \
"tfplan.canary.${REGION}"
echo
echo "Fetching cluster info for ${REGION} from Terraform outputs..."
CLUSTERS_JSON="$(terraform output -json global_multi_region_clusters || echo '{}')"
if [[ "$CLUSTERS_JSON" == "null" || -z "$CLUSTERS_JSON" ]]; then
echo "ERROR: global_multi_region_clusters output is empty or null."
exit 1
fi
CLUSTER_NAME="$(echo "$CLUSTERS_JSON" | jq -r --arg R "$REGION" '.[$R].cluster_name')"
CLUSTER_LOCATION="$(echo "$CLUSTERS_JSON" | jq -r --arg R "$REGION" '.[$R].location')"
if [[ -z "$CLUSTER_NAME" || "$CLUSTER_NAME" == "null" ]]; then
echo "ERROR: could not resolve cluster_name for region ${REGION} from Terraform outputs."
exit 1
fi
echo "Cluster name: ${CLUSTER_NAME}"
echo "Cluster location: ${CLUSTER_LOCATION}"
echo
echo "Getting AKS credentials..."
az aks get-credentials \
--resource-group "$(terraform output -raw resource_group_name)" \
--name "${CLUSTER_NAME}" \
--overwrite-existing
echo
echo "=== Health checks for canary region: ${REGION} ==="
echo "- AKS provisioning state:"
az aks show \
--resource-group "$(terraform output -raw resource_group_name)" \
--name "${CLUSTER_NAME}" \
--query "provisioningState" \
-o tsv
echo
echo "- Nodes summary:"
kubectl get nodes -o wide
echo
echo "- Besu pods (if deployed) in namespace besu-network:"
kubectl get pods -n besu-network || echo "Namespace besu-network not yet deployed."
echo
echo "Canary deployment for ${REGION} completed. Review the above health checks before rolling out to all regions."

146
scripts/deployment/check-all-deployment-sources.sh Executable file
View File

@@ -0,0 +1,146 @@
#!/usr/bin/env bash
# Check all possible sources for deployment addresses
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "=== Checking All Deployment Sources ==="
# 1. Check .env file
log_info "1. Environment Variables (.env)"
if [ -f .env ]; then
echo " ✅ .env file exists"
# Check for Mainnet addresses
MAINNET_VARS=$(grep -E "MAINNET_|ETHEREUM_" .env 2>/dev/null | grep -v "^#" | wc -l)
CHAIN138_VARS=$(grep -E "CHAIN138_" .env 2>/dev/null | grep -v "^#" | wc -l)
echo " Mainnet variables: $MAINNET_VARS"
echo " Chain-138 variables: $CHAIN138_VARS"
# List specific addresses if found
if grep -q "MAINNET_CCIP_LOGGER" .env 2>/dev/null; then
LOGGER=$(grep "MAINNET_CCIP_LOGGER" .env | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
if [ -n "$LOGGER" ] && [ "$LOGGER" != "" ]; then
echo -e " ${GREEN}✅ CCIPLogger: $LOGGER${NC}"
fi
fi
if grep -q "MAINNET_CCIP_WETH9_BRIDGE" .env 2>/dev/null; then
BRIDGE9=$(grep "MAINNET_CCIP_WETH9_BRIDGE" .env | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
if [ -n "$BRIDGE9" ] && [ "$BRIDGE9" != "" ]; then
echo -e " ${GREEN}✅ CCIPWETH9Bridge: $BRIDGE9${NC}"
fi
fi
if grep -q "MAINNET_CCIP_WETH10_BRIDGE" .env 2>/dev/null; then
BRIDGE10=$(grep "MAINNET_CCIP_WETH10_BRIDGE" .env | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
if [ -n "$BRIDGE10" ] && [ "$BRIDGE10" != "" ]; then
echo -e " ${GREEN}✅ CCIPWETH10Bridge: $BRIDGE10${NC}"
fi
fi
if grep -q "CHAIN138_CCIP_REPORTER" .env 2>/dev/null; then
REPORTER=$(grep "CHAIN138_CCIP_REPORTER" .env | cut -d'=' -f2 | tr -d '"' | tr -d "'" | xargs)
if [ -n "$REPORTER" ] && [ "$REPORTER" != "" ]; then
echo -e " ${GREEN}✅ CCIPTxReporter: $REPORTER${NC}"
fi
fi
else
echo -e " ${RED}❌ .env file not found${NC}"
fi
# 2. Check Foundry broadcast files
log_info "2. Foundry Broadcast Files"
if [ -d "broadcast" ]; then
echo " ✅ broadcast directory exists"
# Check for Mainnet deployments
MAINNET_DEPLOYS=$(find broadcast -name "*.json" -type f 2>/dev/null | grep -E "(mainnet|1)" | wc -l)
CHAIN138_DEPLOYS=$(find broadcast -name "*.json" -type f 2>/dev/null | grep -E "(138)" | wc -l)
echo " Mainnet deployment files: $MAINNET_DEPLOYS"
echo " Chain-138 deployment files: $CHAIN138_DEPLOYS"
if [ $MAINNET_DEPLOYS -gt 0 ]; then
echo " Recent Mainnet deployments:"
find broadcast -name "*.json" -type f 2>/dev/null | grep -E "(mainnet|1)" | head -5 | while read file; do
echo " - $file"
done
fi
else
echo -e " ${YELLOW}⚠️ broadcast directory not found${NC}"
fi
# 3. Check Hardhat artifacts
log_info "3. Hardhat Artifacts"
if [ -d "artifacts" ]; then
echo " ✅ artifacts directory exists"
# Check for deployed contract addresses in artifacts
DEPLOYED=$(find artifacts -name "*.json" -type f 2>/dev/null | xargs grep -l "deployedAddress\|address" 2>/dev/null | wc -l)
echo " Artifacts with addresses: $DEPLOYED"
else
echo -e " ${YELLOW}⚠️ artifacts directory not found${NC}"
fi
# 4. Check documentation files
log_info "4. Documentation Files"
DOCS_WITH_ADDRESSES=$(find docs -name "*.md" -type f 2>/dev/null | xargs grep -l "0x[a-fA-F0-9]\{40\}" 2>/dev/null | wc -l)
echo " Documentation files with addresses: $DOCS_WITH_ADDRESSES"
if [ $DOCS_WITH_ADDRESSES -gt 0 ]; then
echo " Files containing addresses:"
find docs -name "*.md" -type f 2>/dev/null | xargs grep -l "0x[a-fA-F0-9]\{40\}" 2>/dev/null | head -5 | while read file; do
echo " - $file"
done
fi
# 5. Check for contract address files
log_info "5. Contract Address Files"
ADDRESS_FILES=$(find . -name "*address*.json" -o -name "*deploy*.json" -o -name "*contract*.json" 2>/dev/null | grep -v node_modules | grep -v ".git" | head -5)
if [ -n "$ADDRESS_FILES" ]; then
echo " Found address files:"
echo "$ADDRESS_FILES" | while read file; do
echo " - $file"
done
else
echo -e " ${YELLOW}⚠️ No contract address files found${NC}"
fi
echo "=== Summary ==="
# Count total found addresses
TOTAL_FOUND=0
if [ -f .env ]; then
if grep -q "MAINNET_CCIP_LOGGER=" .env 2>/dev/null && [ -n "$(grep "MAINNET_CCIP_LOGGER" .env | cut -d'=' -f2 | tr -d ' ')" ]; then
TOTAL_FOUND=$((TOTAL_FOUND + 1))
fi
if grep -q "MAINNET_CCIP_WETH9_BRIDGE=" .env 2>/dev/null && [ -n "$(grep "MAINNET_CCIP_WETH9_BRIDGE" .env | cut -d'=' -f2 | tr -d ' ')" ]; then
TOTAL_FOUND=$((TOTAL_FOUND + 1))
fi
if grep -q "MAINNET_CCIP_WETH10_BRIDGE=" .env 2>/dev/null && [ -n "$(grep "MAINNET_CCIP_WETH10_BRIDGE" .env | cut -d'=' -f2 | tr -d ' ')" ]; then
TOTAL_FOUND=$((TOTAL_FOUND + 1))
fi
fi
echo " Contracts with addresses found: $TOTAL_FOUND/3 (Mainnet)"
echo " WETH9/WETH10: Predeployed at canonical addresses"
if [ $TOTAL_FOUND -eq 0 ]; then
log_error "❌ No deployment addresses found"
echo " All contracts need to be deployed"
elif [ $TOTAL_FOUND -lt 3 ]; then
log_warn "⚠️ Partial deployment"
echo " Some contracts still need deployment"
else
log_success "✅ All contracts have addresses configured"
fi

49
scripts/deployment/check-and-proceed.sh Executable file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/env bash
# Check infrastructure status and proceed with next steps if ready
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
echo "=== Checking Infrastructure Readiness ==="
# Check cluster readiness
READY=$(az aks list --subscription fc08d829-4f14-413d-ab27-ce024425db0b --query "[?contains(name, 'az-p-') && provisioningState == 'Succeeded']" -o tsv 2>/dev/null | wc -l)
CREATING=$(az aks list --subscription fc08d829-4f14-413d-ab27-ce024425db0b --query "[?contains(name, 'az-p-') && provisioningState == 'Creating']" -o tsv 2>/dev/null | wc -l)
TOTAL=$(az aks list --subscription fc08d829-4f14-413d-ab27-ce024425db0b --query "[?contains(name, 'az-p-')]" -o tsv 2>/dev/null | wc -l)
echo "Cluster Status:"
echo " Ready: $READY/$TOTAL"
echo " Creating: $CREATING"
# Check Terraform log
TF_COMPLETE=false
if [ -f /tmp/terraform-apply-unlocked.log ]; then
if tail -30 /tmp/terraform-apply-unlocked.log | grep -qi "Apply complete"; then
TF_COMPLETE=true
echo "✅ Terraform deployment: COMPLETE"
elif tail -30 /tmp/terraform-apply-unlocked.log | grep -qi "Error"; then
echo "⚠️ Terraform deployment: ERRORS FOUND"
else
echo "⚠️ Terraform deployment: STATUS UNCLEAR"
fi
fi
# Decision logic
if [ "$READY" -gt 0 ] || [ "$TF_COMPLETE" = true ]; then
echo "✅ Infrastructure appears ready - Proceeding with next steps"
bash "$SCRIPT_DIR/run-all-next-steps.sh" 2>&1 | tee /tmp/all-next-steps-execution.log
else
echo "⚠️ Infrastructure not fully ready"
echo "Options:"
echo " 1. Wait for more clusters to become ready"
echo " 2. Proceed with available clusters (use --force flag)"
echo "To proceed anyway: $0 --force"
if [ "$1" = "--force" ]; then
echo "⚠️ Force mode: Proceeding with available infrastructure..."
bash "$SCRIPT_DIR/run-all-next-steps.sh" 2>&1 | tee /tmp/all-next-steps-execution.log
fi
fi

158
scripts/deployment/check-deployment-status.sh Executable file
View File

@@ -0,0 +1,158 @@
#!/usr/bin/env bash
# Check Deployment Status
# This script checks the current deployment status and identifies the last completed step
set -e
# Script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
log_info "=== Deployment Status Check ==="
# Check .env file
if [ ! -f .env ]; then
log_error "❌ .env file not found"
echo "Please create .env file with required variables"
exit 1
fi
log_success "✅ .env file exists"
# Load environment variables
source .env
# Check RPC endpoint
if [ -z "$RPC_URL" ]; then
log_error "❌ RPC_URL not set in .env"
echo "Please set RPC_URL in .env file"
else
log_success "✅ RPC_URL configured: ${RPC_URL}"
# Test RPC endpoint
log_warn "Testing RPC endpoint..."
if curl -s -X POST "$RPC_URL" -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' > /dev/null 2>&1; then
log_success "✅ RPC endpoint is accessible"
# Get chain ID
CHAIN_ID=$(curl -s -X POST "$RPC_URL" -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' | grep -oE '"result":"0x[0-9a-fA-F]+"' | cut -d'"' -f4 | xargs -I {} echo "ibase=16; {}" | bc 2>/dev/null || echo "unknown")
log_success "✅ Chain ID: ${CHAIN_ID}"
# Get latest block
LATEST_BLOCK=$(curl -s -X POST "$RPC_URL" -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' | grep -oE '"result":"0x[0-9a-fA-F]+"' | cut -d'"' -f4 | xargs -I {} echo "ibase=16; {}" | bc 2>/dev/null || echo "unknown")
log_success "✅ Latest Block: ${LATEST_BLOCK}"
else
log_error "❌ RPC endpoint is not accessible"
echo "Please ensure the blockchain is deployed and RPC endpoint is accessible"
fi
fi
# Check PRIVATE_KEY
if [ -z "$PRIVATE_KEY" ]; then
log_error "❌ PRIVATE_KEY not set in .env"
echo "Please set PRIVATE_KEY in .env file"
else
log_success "✅ PRIVATE_KEY configured"
fi
# Check contract addresses
log_info "=== Contract Deployment Status ==="
# CCIP Router
if [ -z "$CCIP_ROUTER" ] || [ "$CCIP_ROUTER" = "0x0000000000000000000000000000000000000000" ]; then
log_warn "⏳ CCIP_ROUTER: Not deployed"
else
log_success "✅ CCIP_ROUTER: ${CCIP_ROUTER}"
# Verify contract exists
if [ -n "$RPC_URL" ]; then
CODE=$(curl -s -X POST "$RPC_URL" -H "Content-Type: application/json" -d "{\"jsonrpc\":\"2.0\",\"method\":\"eth_getCode\",\"params\":[\"${CCIP_ROUTER}\",\"latest\"],\"id\":1}" | grep -oE '"result":"0x[0-9a-fA-F]*"' | cut -d'"' -f4)
if [ -n "$CODE" ] && [ "$CODE" != "0x" ]; then
log_success " Contract verified on chain"
else
log_error " Contract not found on chain"
fi
fi
fi
# CCIP Fee Token
if [ -z "$CCIP_FEE_TOKEN" ] || [ "$CCIP_FEE_TOKEN" = "0x0000000000000000000000000000000000000000" ]; then
log_warn "⏳ CCIP_FEE_TOKEN: Not configured (using native token)"
else
log_success "✅ CCIP_FEE_TOKEN: ${CCIP_FEE_TOKEN}"
fi
# WETH9
if [ -z "$WETH9_ADDRESS" ] || [ "$WETH9_ADDRESS" = "0x0000000000000000000000000000000000000000" ]; then
log_warn "⏳ WETH9_ADDRESS: Not deployed"
else
log_success "✅ WETH9_ADDRESS: ${WETH9_ADDRESS}"
fi
# WETH10
if [ -z "$WETH10_ADDRESS" ] || [ "$WETH10_ADDRESS" = "0x0000000000000000000000000000000000000000" ]; then
log_warn "⏳ WETH10_ADDRESS: Not deployed"
else
log_success "✅ WETH10_ADDRESS: ${WETH10_ADDRESS}"
fi
# CCIPWETH9Bridge
if [ -z "$CCIPWETH9BRIDGE_ADDRESS" ] || [ "$CCIPWETH9BRIDGE_ADDRESS" = "0x0000000000000000000000000000000000000000" ]; then
log_warn "⏳ CCIPWETH9BRIDGE_ADDRESS: Not deployed"
else
log_success "✅ CCIPWETH9BRIDGE_ADDRESS: ${CCIPWETH9BRIDGE_ADDRESS}"
fi
# CCIPWETH10Bridge
if [ -z "$CCIPWETH10BRIDGE_ADDRESS" ] || [ "$CCIPWETH10BRIDGE_ADDRESS" = "0x0000000000000000000000000000000000000000" ]; then
log_warn "⏳ CCIPWETH10BRIDGE_ADDRESS: Not deployed"
else
log_success "✅ CCIPWETH10BRIDGE_ADDRESS: ${CCIPWETH10BRIDGE_ADDRESS}"
fi
# Oracle Aggregator
if [ -z "$ORACLE_AGGREGATOR_ADDRESS" ] || [ "$ORACLE_AGGREGATOR_ADDRESS" = "0x0000000000000000000000000000000000000000" ]; then
log_warn "⏳ ORACLE_AGGREGATOR_ADDRESS: Not deployed"
else
log_success "✅ ORACLE_AGGREGATOR_ADDRESS: ${ORACLE_AGGREGATOR_ADDRESS}"
fi
# Check Terraform status
log_info "=== Infrastructure Status ==="
if [ -d "terraform" ] && [ -f "terraform/terraform.tfstate" ]; then
log_success "✅ Terraform state file exists"
cd terraform
if terraform show > /dev/null 2>&1; then
log_success "✅ Terraform state is valid"
# Check if AKS cluster exists
if terraform output -json aks_cluster_name > /dev/null 2>&1; then
AKS_CLUSTER=$(terraform output -raw aks_cluster_name 2>/dev/null || echo "")
AKS_RG=$(terraform output -raw aks_resource_group 2>/dev/null || echo "")
if [ -n "$AKS_CLUSTER" ] && [ -n "$AKS_RG" ]; then
log_success "✅ AKS Cluster: ${AKS_CLUSTER} in ${AKS_RG}"
fi
fi
else
log_warn "⏳ Terraform state exists but may be empty"
fi
cd ..
else
log_warn "⏳ Terraform state not found (infrastructure not deployed)"
fi
# Summary
log_info "=== Summary ==="
echo "Ready for contract deployment:"
if [ -n "$RPC_URL" ] && [ -n "$PRIVATE_KEY" ]; then
log_success "✅ Prerequisites met"
echo "Run: ./scripts/deployment/deploy-contracts-ordered.sh"
else
log_error "❌ Prerequisites not met"
echo "Please configure RPC_URL and PRIVATE_KEY in .env"
fi

202
scripts/deployment/check-existing-deployments.sh Executable file
View File

@@ -0,0 +1,202 @@
#!/usr/bin/env bash
# Check for existing contract deployments on Ethereum Mainnet and Chain-138
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "==================================================================="
echo " EXISTING DEPLOYMENT CHECK"
echo "==================================================================="
# Load environment variables
if [ -f .env ]; then
source .env 2>/dev/null || true
fi
# Check if required tools are available
if ! command -v cast &> /dev/null; then
log_warn "⚠️ cast (Foundry) not found. Some checks may be limited."
CAST_AVAILABLE=false
else
CAST_AVAILABLE=true
fi
log_info "📋 Checking Ethereum Mainnet Deployments"
# WETH9 and WETH10 canonical addresses
WETH9_ADDRESS="0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
WETH10_ADDRESS="0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f"
log_info "1. Predeployed Contracts (Canonical Addresses)"
# Check WETH9
if [ "$CAST_AVAILABLE" = true ] && [ -n "$ETHEREUM_MAINNET_RPC" ]; then
WETH9_CODE=$(cast code "$WETH9_ADDRESS" --rpc-url "$ETHEREUM_MAINNET_RPC" 2>/dev/null || echo "")
if [ -n "$WETH9_CODE" ] && [ "$WETH9_CODE" != "0x" ]; then
echo -e " ${GREEN}✅ WETH9${NC}"
echo " Address: $WETH9_ADDRESS"
echo " Status: Deployed (verified on-chain)"
else
echo -e " ${RED}❌ WETH9${NC}"
echo " Address: $WETH9_ADDRESS"
echo " Status: Not found or no code"
fi
else
echo -e " ${YELLOW}⚠️ WETH9${NC}"
echo " Address: $WETH9_ADDRESS"
echo " Status: Cannot verify (RPC not configured or cast not available)"
fi
# Check WETH10
if [ "$CAST_AVAILABLE" = true ] && [ -n "$ETHEREUM_MAINNET_RPC" ]; then
WETH10_CODE=$(cast code "$WETH10_ADDRESS" --rpc-url "$ETHEREUM_MAINNET_RPC" 2>/dev/null || echo "")
if [ -n "$WETH10_CODE" ] && [ "$WETH10_CODE" != "0x" ]; then
echo -e " ${GREEN}✅ WETH10${NC}"
echo " Address: $WETH10_ADDRESS"
echo " Status: Deployed (verified on-chain)"
else
echo -e " ${RED}❌ WETH10${NC}"
echo " Address: $WETH10_ADDRESS"
echo " Status: Not found or no code"
fi
else
echo -e " ${YELLOW}⚠️ WETH10${NC}"
echo " Address: $WETH10_ADDRESS"
echo " Status: Cannot verify (RPC not configured or cast not available)"
fi
log_info "2. CCIP Integration Contracts"
# Check CCIPLogger
if [ -n "$MAINNET_CCIP_LOGGER" ] && [ "$MAINNET_CCIP_LOGGER" != "" ]; then
if [ "$CAST_AVAILABLE" = true ] && [ -n "$ETHEREUM_MAINNET_RPC" ]; then
LOGGER_CODE=$(cast code "$MAINNET_CCIP_LOGGER" --rpc-url "$ETHEREUM_MAINNET_RPC" 2>/dev/null || echo "")
if [ -n "$LOGGER_CODE" ] && [ "$LOGGER_CODE" != "0x" ]; then
echo -e " ${GREEN}✅ CCIPLogger${NC}"
echo " Address: $MAINNET_CCIP_LOGGER"
echo " Status: Deployed (verified on-chain)"
else
echo -e " ${RED}❌ CCIPLogger${NC}"
echo " Address: $MAINNET_CCIP_LOGGER"
echo " Status: Address in .env but no code found"
fi
else
echo -e " ${YELLOW}⚠️ CCIPLogger${NC}"
echo " Address: $MAINNET_CCIP_LOGGER (from .env)"
echo " Status: Cannot verify (RPC not configured)"
fi
else
echo -e " ${RED}❌ CCIPLogger${NC}"
echo " Status: Not deployed (no address in .env)"
fi
log_info "3. WETH Bridge Contracts"
# Check CCIPWETH9Bridge
if [ -n "$MAINNET_CCIP_WETH9_BRIDGE" ] && [ "$MAINNET_CCIP_WETH9_BRIDGE" != "" ]; then
if [ "$CAST_AVAILABLE" = true ] && [ -n "$ETHEREUM_MAINNET_RPC" ]; then
BRIDGE9_CODE=$(cast code "$MAINNET_CCIP_WETH9_BRIDGE" --rpc-url "$ETHEREUM_MAINNET_RPC" 2>/dev/null || echo "")
if [ -n "$BRIDGE9_CODE" ] && [ "$BRIDGE9_CODE" != "0x" ]; then
echo -e " ${GREEN}✅ CCIPWETH9Bridge${NC}"
echo " Address: $MAINNET_CCIP_WETH9_BRIDGE"
echo " Status: Deployed (verified on-chain)"
else
echo -e " ${RED}❌ CCIPWETH9Bridge${NC}"
echo " Address: $MAINNET_CCIP_WETH9_BRIDGE"
echo " Status: Address in .env but no code found"
fi
else
echo -e " ${YELLOW}⚠️ CCIPWETH9Bridge${NC}"
echo " Address: $MAINNET_CCIP_WETH9_BRIDGE (from .env)"
echo " Status: Cannot verify (RPC not configured)"
fi
else
echo -e " ${RED}❌ CCIPWETH9Bridge${NC}"
echo " Status: Not deployed (no address in .env)"
fi
# Check CCIPWETH10Bridge
if [ -n "$MAINNET_CCIP_WETH10_BRIDGE" ] && [ "$MAINNET_CCIP_WETH10_BRIDGE" != "" ]; then
if [ "$CAST_AVAILABLE" = true ] && [ -n "$ETHEREUM_MAINNET_RPC" ]; then
BRIDGE10_CODE=$(cast code "$MAINNET_CCIP_WETH10_BRIDGE" --rpc-url "$ETHEREUM_MAINNET_RPC" 2>/dev/null || echo "")
if [ -n "$BRIDGE10_CODE" ] && [ "$BRIDGE10_CODE" != "0x" ]; then
echo -e " ${GREEN}✅ CCIPWETH10Bridge${NC}"
echo " Address: $MAINNET_CCIP_WETH10_BRIDGE"
echo " Status: Deployed (verified on-chain)"
else
echo -e " ${RED}❌ CCIPWETH10Bridge${NC}"
echo " Address: $MAINNET_CCIP_WETH10_BRIDGE"
echo " Status: Address in .env but no code found"
fi
else
echo -e " ${YELLOW}⚠️ CCIPWETH10Bridge${NC}"
echo " Address: $MAINNET_CCIP_WETH10_BRIDGE (from .env)"
echo " Status: Cannot verify (RPC not configured)"
fi
else
echo -e " ${RED}❌ CCIPWETH10Bridge${NC}"
echo " Status: Not deployed (no address in .env)"
fi
log_info "4. Chain-138 Deployments"
# Check CCIPTxReporter on Chain-138
if [ -n "$CHAIN138_CCIP_REPORTER" ] && [ "$CHAIN138_CCIP_REPORTER" != "" ]; then
if [ "$CAST_AVAILABLE" = true ] && [ -n "$CHAIN138_RPC_URL" ]; then
REPORTER_CODE=$(cast code "$CHAIN138_CCIP_REPORTER" --rpc-url "$CHAIN138_RPC_URL" 2>/dev/null || echo "")
if [ -n "$REPORTER_CODE" ] && [ "$REPORTER_CODE" != "0x" ]; then
echo -e " ${GREEN}✅ CCIPTxReporter (Chain-138)${NC}"
echo " Address: $CHAIN138_CCIP_REPORTER"
echo " Status: Deployed (verified on-chain)"
else
echo -e " ${YELLOW}⚠️ CCIPTxReporter (Chain-138)${NC}"
echo " Address: $CHAIN138_CCIP_REPORTER"
echo " Status: Address in .env but cannot verify (RPC may not be accessible)"
fi
else
echo -e " ${YELLOW}⚠️ CCIPTxReporter (Chain-138)${NC}"
echo " Address: $CHAIN138_CCIP_REPORTER (from .env)"
echo " Status: Cannot verify (RPC not configured or not accessible)"
fi
else
echo -e " ${RED}❌ CCIPTxReporter (Chain-138)${NC}"
echo " Status: Not deployed (no address in .env)"
fi
log_info "5. Summary"
DEPLOYED_COUNT=0
TOTAL_COUNT=5
# Count deployed contracts
if [ -n "$MAINNET_CCIP_LOGGER" ] && [ "$MAINNET_CCIP_LOGGER" != "" ]; then
DEPLOYED_COUNT=$((DEPLOYED_COUNT + 1))
fi
if [ -n "$MAINNET_CCIP_WETH9_BRIDGE" ] && [ "$MAINNET_CCIP_WETH9_BRIDGE" != "" ]; then
DEPLOYED_COUNT=$((DEPLOYED_COUNT + 1))
fi
if [ -n "$MAINNET_CCIP_WETH10_BRIDGE" ] && [ "$MAINNET_CCIP_WETH10_BRIDGE" != "" ]; then
DEPLOYED_COUNT=$((DEPLOYED_COUNT + 1))
fi
if [ -n "$CHAIN138_CCIP_REPORTER" ] && [ "$CHAIN138_CCIP_REPORTER" != "" ]; then
DEPLOYED_COUNT=$((DEPLOYED_COUNT + 1))
fi
echo " Contracts with addresses in .env: $DEPLOYED_COUNT/$TOTAL_COUNT"
echo " WETH9/WETH10: Predeployed at canonical addresses"
if [ $DEPLOYED_COUNT -eq 0 ]; then
log_error "❌ No contracts deployed yet"
echo " All contracts need to be deployed"
elif [ $DEPLOYED_COUNT -lt $TOTAL_COUNT ]; then
log_warn "⚠️ Partial deployment"
echo " Some contracts still need deployment"
else
log_success "✅ All contracts have addresses configured"
echo " Verify on-chain status above"
fi
echo "==================================================================="

98
scripts/deployment/check-infrastructure-status.sh Executable file
View File

@@ -0,0 +1,98 @@
#!/usr/bin/env bash
# Check Infrastructure Deployment Status
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "==================================================================="
echo " CHAIN-138 INFRASTRUCTURE DEPLOYMENT STATUS"
echo "==================================================================="
# Check Azure
log_info "Azure Resources:"
RG_NAME=$(cd terraform && terraform output -raw resource_group_name 2>/dev/null || echo "az-p-we-rg-comp-001")
CLUSTER_NAME=$(cd terraform && terraform output -raw cluster_name 2>/dev/null || echo "az-p-we-aks-main")
if az group show --name "$RG_NAME" &> /dev/null; then
log_success "✅ Resource Group: $RG_NAME"
else
log_error "❌ Resource Group not found: $RG_NAME"
fi
if az aks show --resource-group "$RG_NAME" --name "$CLUSTER_NAME" &> /dev/null; then
log_success "✅ AKS Cluster: $CLUSTER_NAME"
STATUS=$(az aks show --resource-group "$RG_NAME" --name "$CLUSTER_NAME" --query powerState.code -o tsv 2>/dev/null || echo "Unknown")
echo " Power State: $STATUS"
else
log_error "❌ AKS Cluster not found: $CLUSTER_NAME"
fi
# Check Kubernetes
log_info "Kubernetes:"
if kubectl cluster-info &> /dev/null 2>&1; then
log_success "✅ Cluster accessible"
NODES=$(kubectl get nodes --no-headers 2>/dev/null | wc -l)
echo " Nodes: $NODES"
else
log_error "❌ Cluster not accessible"
fi
# Check Namespaces
log_info "Namespaces:"
if kubectl get namespace besu-network &> /dev/null 2>&1; then
log_success "✅ besu-network"
PODS=$(kubectl get pods -n besu-network --no-headers 2>/dev/null | wc -l)
READY=$(kubectl get pods -n besu-network --no-headers 2>/dev/null | grep -c "Running\|Completed" || echo "0")
echo " Pods: $READY/$PODS ready"
else
log_warn "⚠️ besu-network not found"
fi
if kubectl get namespace monitoring &> /dev/null 2>&1; then
log_success "✅ monitoring"
PODS=$(kubectl get pods -n monitoring --no-headers 2>/dev/null | wc -l)
READY=$(kubectl get pods -n monitoring --no-headers 2>/dev/null | grep -c "Running\|Completed" || echo "0")
echo " Pods: $READY/$PODS ready"
else
log_warn "⚠️ monitoring not found"
fi
# Check Helm Releases
log_info "Helm Releases:"
if helm list -n besu-network 2>/dev/null | grep -q besu-validators; then
log_success "✅ besu-validators"
else
log_warn "⚠️ besu-validators not deployed"
fi
if helm list -n besu-network 2>/dev/null | grep -q besu-sentries; then
log_success "✅ besu-sentries"
else
log_warn "⚠️ besu-sentries not deployed"
fi
if helm list -n besu-network 2>/dev/null | grep -q besu-rpc; then
log_success "✅ besu-rpc"
else
log_warn "⚠️ besu-rpc not deployed"
fi
# Check RPC Endpoint
log_info "RPC Endpoint:"
RPC_SVC=$(kubectl get svc -n besu-network -l app=besu-rpc -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || echo "")
if [ -n "$RPC_SVC" ]; then
RPC_IP=$(kubectl get svc -n besu-network "$RPC_SVC" -o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null || echo "")
if [ -n "$RPC_IP" ]; then
log_success "✅ RPC Service: $RPC_SVC"
echo " Endpoint: http://$RPC_IP:8545"
else
log_warn "⚠️ RPC Service exists but IP not assigned"
fi
else
log_warn "⚠️ RPC Service not found"
fi
echo "==================================================================="

136
scripts/deployment/check-mainnet-balances.sh Executable file
View File

@@ -0,0 +1,136 @@
#!/usr/bin/env bash
# Check Mainnet ETH and LINK balances for deployment
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
source "$PROJECT_ROOT/.env"
else
log_error "Error: .env file not found"
exit 1
fi
log_info "=== Mainnet Wallet Balance Check ==="
# Check if cast is available
if ! command -v cast &> /dev/null; then
log_error "Error: cast (Foundry) not found. Please install Foundry."
exit 1
fi
# Get wallet address from private key
if [ -z "$PRIVATE_KEY" ]; then
log_error "Error: PRIVATE_KEY not set in .env"
exit 1
fi
WALLET_ADDRESS=$(cast wallet address --private-key "$PRIVATE_KEY" 2>/dev/null || echo "")
if [ -z "$WALLET_ADDRESS" ]; then
log_error "Error: Could not derive address from private key"
exit 1
fi
log_info "Wallet Address: $WALLET_ADDRESS"
# Mainnet RPC
if [ -z "$MAINNET_RPC_URL" ]; then
MAINNET_RPC_URL="https://eth.llamarpc.com"
fi
# Mainnet LINK token address
MAINNET_LINK="0x514910771AF9Ca656af840dff83E8264EcF986CA"
# Required amounts
ETH_RECOMMENDED="50000000000000000" # 0.05 ETH
LINK_RECOMMENDED="10000000000000000000" # 10 LINK
log_info "=== Mainnet ETH Balance ==="
# Check ETH balance
ETH_BALANCE=$(cast balance "$WALLET_ADDRESS" --rpc-url "$MAINNET_RPC_URL" 2>/dev/null || echo "0")
ETH_AMOUNT=$(cast --to-unit "$ETH_BALANCE" ether 2>/dev/null || echo "0")
echo "Balance: $ETH_AMOUNT ETH"
echo "Required: 0.025 ETH (minimum)"
echo "Recommended: 0.05 ETH (with buffer)"
# Check if sufficient
if [ "$(echo "$ETH_BALANCE >= $ETH_REQUIRED" | bc 2>/dev/null || echo "0")" == "1" ]; then
log_success "✅ Status: Sufficient ETH for deployment"
ETH_PASS=true
else
log_error "❌ Status: Insufficient ETH"
DEFICIT=$(echo "$ETH_REQUIRED - $ETH_BALANCE" | bc 2>/dev/null || echo "$ETH_REQUIRED")
DEFICIT_ETH=$(cast --to-unit "$DEFICIT" ether 2>/dev/null || echo "0.025")
log_warn "Need: $DEFICIT_ETH ETH more"
ETH_PASS=false
fi
log_info "=== Mainnet LINK Balance ==="
# Check LINK balance
LINK_BALANCE=$(cast call "$MAINNET_LINK" "balanceOf(address)(uint256)" "$WALLET_ADDRESS" --rpc-url "$MAINNET_RPC_URL" 2>/dev/null || echo "0")
if [ "$LINK_BALANCE" != "0" ] && [ -n "$LINK_BALANCE" ]; then
LINK_AMOUNT=$(cast --to-unit "$LINK_BALANCE" ether 2>/dev/null || echo "0")
echo "Balance: $LINK_AMOUNT LINK"
else
echo "Balance: 0 LINK"
LINK_AMOUNT="0"
fi
echo "Required: 0 LINK (not needed for deployment)"
echo "Recommended: 10 LINK (for CCIP fees and testing)"
# Check if sufficient (LINK is optional)
if [ "$(echo "$LINK_BALANCE >= $LINK_RECOMMENDED" | bc 2>/dev/null || echo "0")" == "1" ]; then
log_success "✅ Status: Sufficient LINK for CCIP fees"
LINK_PASS=true
elif [ "$LINK_BALANCE" != "0" ] && [ -n "$LINK_BALANCE" ]; then
log_warn "⚠️ Status: LINK available but below recommended amount"
LINK_PASS=true # Still pass, just a warning
else
log_warn "⚠️ Status: No LINK (not required for deployment)"
log_warn "Note: LINK is only needed for CCIP fees when users bridge tokens"
LINK_PASS=true # Pass because LINK is optional for deployment
fi
# Summary
log_info "=== Summary ==="
if [ "$ETH_PASS" == "true" ]; then
log_success "✅ ETH: Sufficient for Mainnet deployment"
else
log_error "❌ ETH: Insufficient - Please fund wallet"
echo "Send ETH to: $WALLET_ADDRESS"
echo "Amount needed: $DEFICIT_ETH ETH"
fi
if [ "$LINK_PASS" == "true" ] && [ "$LINK_AMOUNT" != "0" ]; then
log_success "✅ LINK: Available for CCIP fees"
elif [ "$LINK_PASS" == "true" ]; then
log_warn "⚠️ LINK: Not available (optional for deployment)"
fi
if [ "$ETH_PASS" == "true" ]; then
log_success "✅ Ready for Mainnet deployment!"
echo "You can proceed with:"
echo " ./scripts/deployment/deploy-bridges-mainnet.sh"
exit 0
else
log_error "❌ Not ready for Mainnet deployment"
echo "Please fund your wallet:"
echo " Address: $WALLET_ADDRESS"
echo " Amount: $DEFICIT_ETH ETH minimum (0.05 ETH recommended)"
exit 1
fi

61
scripts/deployment/check-mainnet-deployment-status.sh Executable file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/env bash
# Check what contracts need Mainnet deployment and their dependencies
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Colors
log_info "=== Mainnet Deployment Status Check ==="
# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
source "$PROJECT_ROOT/.env"
fi
# Check what's already deployed
log_warn "Checking deployment status..."
# Contracts that need Mainnet deployment
declare -A CONTRACTS=(
["CCIPWETH9Bridge"]="MAINNET_CCIP_WETH9_BRIDGE"
["CCIPWETH10Bridge"]="MAINNET_CCIP_WETH10_BRIDGE"
["CCIPRouter"]="MAINNET_CCIP_ROUTER"
["CCIPSender"]="MAINNET_CCIP_SENDER"
["CCIPReceiver"]="MAINNET_CCIP_RECEIVER"
["OracleAggregator"]="MAINNET_ORACLE_AGGREGATOR"
)
# Dependencies
declare -A DEPENDENCIES=(
["CCIPWETH9Bridge"]="CCIPRouter"
["CCIPWETH10Bridge"]="CCIPRouter"
["CCIPSender"]="CCIPRouter,OracleAggregator"
["CCIPReceiver"]="CCIPRouter,OracleAggregator"
)
echo "Contract Deployment Status:"
for contract in "${!CONTRACTS[@]}"; do
env_var="${CONTRACTS[$contract]}"
address="${!env_var}"
deps="${DEPENDENCIES[$contract]:-None}"
if [ -n "$address" ] && [ "$address" != "" ]; then
printf " ${GREEN}${NC} %-25s %s\n" "$contract" "$address"
else
if [ "$deps" != "None" ]; then
printf " ${RED}%s${NC} %-25s Not deployed - depends on: %s\n" "❌" "$contract" "$deps"
else
printf " ${RED}%s${NC} %-25s Not deployed\n" "❌" "$contract"
fi
fi
done
log_warn "Note: WETH9 and WETH10 already exist on Mainnet at canonical addresses"
echo " WETH9: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2"
echo " WETH10: 0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f"

175
scripts/deployment/check-rpc-status.sh Executable file
View File

@@ -0,0 +1,175 @@
#!/usr/bin/env bash
# Check RPC Status for Chain ID 138
# This script checks if RPC endpoints for Chain ID 138 are live and accessible
set -e
# Script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
cd "$PROJECT_ROOT"
log_info "=== RPC Endpoint Status Check for Chain ID 138 ==="
# Common RPC endpoints for Chain ID 138
RPC_ENDPOINTS=(
"https://rpc.d-bis.org"
"https://rpc2.d-bis.org"
"http://localhost:8545"
)
# Check .env configuration
log_warn "1. Checking .env configuration:"
if [ -f .env ]; then
RPC_URL=$(grep -E "^RPC_URL=" .env 2>/dev/null | cut -d'=' -f2- | tr -d '"' | tr -d "'" | tr -d ' ' || echo "")
if [ -n "$RPC_URL" ]; then
log_success " ✅ RPC_URL configured: ${RPC_URL}"
# Add to endpoints list if not already present
if [[ ! " ${RPC_ENDPOINTS[@]} " =~ " ${RPC_URL} " ]]; then
RPC_ENDPOINTS+=("$RPC_URL")
fi
else
log_warn " ⏳ RPC_URL not configured in .env"
fi
else
log_warn " ⏳ .env file not found"
fi
log_warn "2. Testing RPC endpoints:"
# Function to test RPC endpoint
test_rpc_endpoint() {
local rpc_url=$1
local timeout=10
log_info "Testing: ${rpc_url}"
# Test 1: Check if endpoint is accessible
if ! curl -s -X POST "$rpc_url" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' \
--max-time $timeout \
--connect-timeout 5 \
> /dev/null 2>&1; then
log_error " ❌ Not accessible (connection timeout or refused)"
return 1
fi
# Test 2: Check chain ID
CHAIN_ID_RESPONSE=$(curl -s -X POST "$rpc_url" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}' \
--max-time $timeout \
--connect-timeout 5 2>/dev/null)
if [ -z "$CHAIN_ID_RESPONSE" ]; then
log_error " ❌ No response from endpoint"
return 1
fi
CHAIN_ID_HEX=$(echo "$CHAIN_ID_RESPONSE" | grep -oE '"result":"0x[0-9a-f]+"' | cut -d'"' -f4 || echo "")
if [ -z "$CHAIN_ID_HEX" ]; then
log_error " ❌ Invalid response format"
echo "$CHAIN_ID_RESPONSE" | head -5
return 1
fi
# Convert hex to decimal
CHAIN_ID_DEC=$(printf "%d" "$CHAIN_ID_HEX" 2>/dev/null || echo "0")
if [ "$CHAIN_ID_DEC" = "138" ]; then
log_success " ✅ Chain ID: 138 (correct)"
else
log_warn " ⚠️ Chain ID: ${CHAIN_ID_DEC} (expected 138)"
fi
# Test 3: Check latest block number
BLOCK_RESPONSE=$(curl -s -X POST "$rpc_url" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' \
--max-time $timeout \
--connect-timeout 5 2>/dev/null)
BLOCK_HEX=$(echo "$BLOCK_RESPONSE" | grep -oE '"result":"0x[0-9a-f]+"' | cut -d'"' -f4 || echo "")
if [ -n "$BLOCK_HEX" ]; then
BLOCK_DEC=$(printf "%d" "$BLOCK_HEX" 2>/dev/null || echo "0")
log_success " ✅ Latest block: ${BLOCK_DEC}"
else
log_warn " ⚠️ Could not get block number"
fi
# Test 4: Check syncing status
SYNC_RESPONSE=$(curl -s -X POST "$rpc_url" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_syncing","params":[],"id":1}' \
--max-time $timeout \
--connect-timeout 5 2>/dev/null)
SYNC_STATUS=$(echo "$SYNC_RESPONSE" | grep -oE '"result":(true|false)' | cut -d':' -f2 || echo "")
if [ "$SYNC_STATUS" = "false" ]; then
log_success " ✅ Node is synced"
elif [ "$SYNC_STATUS" = "true" ]; then
log_warn " ⚠️ Node is still syncing"
else
log_warn " ⚠️ Could not check sync status"
fi
# Test 5: Check peer count (if supported)
PEER_RESPONSE=$(curl -s -X POST "$rpc_url" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"net_peerCount","params":[],"id":1}' \
--max-time $timeout \
--connect-timeout 5 2>/dev/null)
PEER_COUNT_HEX=$(echo "$PEER_RESPONSE" | grep -oE '"result":"0x[0-9a-f]+"' | cut -d'"' -f4 || echo "")
if [ -n "$PEER_COUNT_HEX" ]; then
PEER_COUNT_DEC=$(printf "%d" "$PEER_COUNT_HEX" 2>/dev/null || echo "0")
log_success " ✅ Peer count: ${PEER_COUNT_DEC}"
fi
return 0
}
# Test each endpoint
LIVE_ENDPOINTS=()
for endpoint in "${RPC_ENDPOINTS[@]}"; do
if test_rpc_endpoint "$endpoint"; then
LIVE_ENDPOINTS+=("$endpoint")
fi
done
# Summary
log_info "=== Summary ==="
if [ ${#LIVE_ENDPOINTS[@]} -gt 0 ]; then
log_success "${#LIVE_ENDPOINTS[@]} live endpoint(s) found:"
for endpoint in "${LIVE_ENDPOINTS[@]}"; do
log_success " - ${endpoint}"
done
else
log_error "❌ No live endpoints found"
log_warn " Please check:"
echo " 1. Blockchain infrastructure is deployed"
echo " 2. RPC nodes are running"
echo " 3. Network connectivity"
echo " 4. Firewall rules"
fi
log_info "=== Recommendations ==="
if [ ${#LIVE_ENDPOINTS[@]} -eq 0 ]; then
log_warn "1. Deploy blockchain infrastructure (if not deployed)"
echo " See: docs/DEPLOYMENT_ORDER.md"
log_warn "2. Start local testnet for testing:"
echo " ./scripts/deployment/start-local-testnet.sh"
log_warn "3. Check RPC node status:"
echo " kubectl get pods -n besu-network"
echo " kubectl logs -f besu-rpc-0 -n besu-network"
else
log_success "✅ RPC endpoints are live and accessible"
log_success " You can now deploy contracts using:"
echo " ./scripts/deployment/deploy-all-ordered.sh"
fi

23
scripts/deployment/check-terraform-status.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/usr/bin/env bash
# Quick Terraform status checker
echo "=== Terraform Status Check ==="
echo ""
if ps aux | grep -q '[t]erraform apply'; then
echo "✅ Terraform RUNNING"
ps aux | grep '[t]erraform apply' | grep -v grep | head -1 | awk '{print " PID: "$2", CPU: "$3"%, MEM: "$4"%"}'
else
echo "⏳ Terraform IDLE/COMPLETE"
fi
echo ""
echo "Latest log file:"
ls -t /tmp/terraform-apply-*.log 2>/dev/null | head -1 | xargs -I {} sh -c 'echo " {}" && tail -3 {}'
echo ""
echo "Cluster status:"
READY=$(az aks list --subscription fc08d829-4f14-413d-ab27-ce024425db0b --query "[?contains(name, 'az-p-') && provisioningState == 'Succeeded'].name" -o tsv 2>/dev/null | wc -l)
CREATING=$(az aks list --subscription fc08d829-4f14-413d-ab27-ce024425db0b --query "[?contains(name, 'az-p-') && provisioningState == 'Creating'].name" -o tsv 2>/dev/null | wc -l)
echo " Ready: $READY/24"
echo " Creating: $CREATING"

180
scripts/deployment/check-wallet-balances.sh Executable file
View File

@@ -0,0 +1,180 @@
#!/usr/bin/env bash
# Pre-deployment wallet balance checker
# Ensures wallet has necessary tokens and amounts before deployment
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
# Colors
# Load environment variables
if [ -f "$PROJECT_ROOT/.env" ]; then
source "$PROJECT_ROOT/.env"
else
log_error "Error: .env file not found"
exit 1
fi
log_info "=== Pre-Deployment Wallet Balance Check ==="
# Required amounts (in wei, then converted)
# Check if cast is available
if ! command -v cast &> /dev/null; then
log_error "Error: cast (Foundry) not found. Please install Foundry."
exit 1
fi
# Get wallet address from private key
if [ -z "$PRIVATE_KEY" ]; then
log_error "Error: PRIVATE_KEY not set in .env"
exit 1
fi
WALLET_ADDRESS=$(cast wallet address --private-key "$PRIVATE_KEY" 2>/dev/null || echo "")
if [ -z "$WALLET_ADDRESS" ]; then
log_error "Error: Could not derive address from PRIVATE_KEY"
exit 1
fi
log_info "Wallet Address: $WALLET_ADDRESS"
# Function to check balance
check_balance() {
local rpc_url=$1
local address=$2
local token_address=$3
local token_name=$4
local required=$5
local chain_name=$6
if [ -z "$token_address" ] || [ "$token_address" == "0x0000000000000000000000000000000000000000" ]; then
# Check native ETH balance
balance=$(cast balance "$address" --rpc-url "$rpc_url" 2>/dev/null || echo "0")
else
# Check ERC20 token balance
balance=$(cast call "$token_address" "balanceOf(address)(uint256)" "$address" --rpc-url "$rpc_url" 2>/dev/null || echo "0")
fi
if [ "$balance" == "0" ] || [ -z "$balance" ]; then
balance="0"
fi
# Convert to human readable
if [ -z "$token_address" ] || [ "$token_address" == "0x0000000000000000000000000000000000000000" ]; then
balance_eth=$(cast --to-unit "$balance" ether 2>/dev/null || echo "0")
required_eth=$(cast --to-unit "$required" ether 2>/dev/null || echo "0")
log_info "$chain_name - $token_name:"
echo " Balance: $balance_eth ETH"
echo " Required: $required_eth ETH"
if [ "$(echo "$balance >= $required" | bc 2>/dev/null || echo "0")" == "1" ]; then
echo -e " Status: ${GREEN}✅ Sufficient${NC}"
return 0
else
echo -e " Status: ${RED}❌ Insufficient${NC}"
deficit=$(echo "$required - $balance" | bc 2>/dev/null || echo "$required")
deficit_eth=$(cast --to-unit "$deficit" ether 2>/dev/null || echo "0")
echo -e " ${YELLOW}Need: $deficit_eth ETH more${NC}"
return 1
fi
else
balance_eth=$(cast --to-unit "$balance" ether 2>/dev/null || echo "0")
required_eth=$(cast --to-unit "$required" ether 2>/dev/null || echo "0")
log_info "$chain_name - $token_name:"
echo " Balance: $balance_eth tokens"
echo " Required: $required_eth tokens"
if [ "$required" == "0" ]; then
echo -e " Status: ${GREEN}✅ Not required for deployment${NC}"
return 0
elif [ "$(echo "$balance >= $required" | bc 2>/dev/null || echo "0")" == "1" ]; then
echo -e " Status: ${GREEN}✅ Sufficient${NC}"
return 0
else
echo -e " Status: ${RED}❌ Insufficient${NC}"
return 1
fi
fi
}
# Check Mainnet balances
log_info "=== Ethereum Mainnet Balances ==="
if [ -z "$MAINNET_RPC_URL" ]; then
MAINNET_RPC_URL="https://eth.llamarpc.com"
log_warn "Using default Mainnet RPC: $MAINNET_RPC_URL"
fi
MAINNET_PASS=true
# Check Mainnet ETH
if ! check_balance "$MAINNET_RPC_URL" "$WALLET_ADDRESS" "" "ETH" "$MAINNET_ETH_REQUIRED" "Mainnet"; then
MAINNET_PASS=false
fi
# Check Mainnet LINK (if address provided)
if [ -n "$MAINNET_LINK_TOKEN" ] && [ "$MAINNET_LINK_TOKEN" != "0x0000000000000000000000000000000000000000" ]; then
if ! check_balance "$MAINNET_RPC_URL" "$WALLET_ADDRESS" "$MAINNET_LINK_TOKEN" "LINK" "$MAINNET_LINK_REQUIRED" "Mainnet"; then
echo -e " ${YELLOW}Note: LINK not required for deployment, only for CCIP fees${NC}"
fi
else
log_info "Mainnet - LINK:"
echo -e " Status: ${YELLOW}⚠️ Address not configured${NC}"
echo -e " ${YELLOW}Note: LINK not required for deployment, only for CCIP fees${NC}"
fi
# Check ChainID 138 balances
log_info "=== ChainID 138 Balances ==="
if [ -z "$RPC_URL" ]; then
log_error "Error: RPC_URL not set in .env"
exit 1
fi
CHAIN138_PASS=true
# Check ChainID 138 ETH
if ! check_balance "$RPC_URL" "$WALLET_ADDRESS" "" "ETH" "$CHAIN138_ETH_REQUIRED" "ChainID 138"; then
CHAIN138_PASS=false
fi
# Check ChainID 138 LINK (if address provided)
if [ -n "$LINK_TOKEN" ] && [ "$LINK_TOKEN" != "0x0000000000000000000000000000000000000000" ]; then
if ! check_balance "$RPC_URL" "$WALLET_ADDRESS" "$LINK_TOKEN" "LINK" "$CHAIN138_LINK_REQUIRED" "ChainID 138"; then
echo -e " ${YELLOW}Note: LINK not required for deployment, only for CCIP fees${NC}"
fi
else
log_info "ChainID 138 - LINK:"
echo -e " Status: ${YELLOW}⚠️ Address not configured${NC}"
echo -e " ${YELLOW}Note: LINK not required for deployment, only for CCIP fees${NC}"
fi
# Summary
log_info "=== Summary ==="
if [ "$MAINNET_PASS" == "true" ] && [ "$CHAIN138_PASS" == "true" ]; then
log_success "✅ All balances sufficient for deployment"
echo "You can proceed with deployment:"
echo " • Mainnet: ./scripts/deployment/deploy-bridges-mainnet.sh"
echo " • ChainID 138: ./scripts/deployment/deploy-bridges-chain138.sh"
exit 0
else
log_error "❌ Insufficient balances detected"
echo "Please fund your wallet before deployment:"
if [ "$MAINNET_PASS" == "false" ]; then
echo -e " ${RED}• Mainnet: Need more ETH for gas fees${NC}"
fi
if [ "$CHAIN138_PASS" == "false" ]; then
echo -e " ${RED}• ChainID 138: Need more ETH for gas fees${NC}"
fi
exit 1
fi

185
scripts/deployment/cloudflare-dns.sh Executable file
View File

@@ -0,0 +1,185 @@
#!/usr/bin/env bash
# Cloudflare DNS Configuration Script
# Automates DNS record creation for d-bis.org domain
set -euo pipefail
# Colors for output
# Configuration
ZONE_ID=""
API_TOKEN=""
IP_ADDRESS=""
DOMAIN="d-bis.org"
# Parse arguments
while [[ $# -gt 0 ]]; do
case $1 in
--zone-id)
ZONE_ID="$2"
shift 2
;;
--api-token)
API_TOKEN="$2"
shift 2
;;
--ip)
IP_ADDRESS="$2"
shift 2
;;
--domain)
DOMAIN="$2"
shift 2
;;
*)
echo "Unknown option: $1"
exit 1
;;
esac
done
# Validate arguments
if [ -z "$ZONE_ID" ] || [ -z "$API_TOKEN" ] || [ -z "$IP_ADDRESS" ]; then
echo "Usage: $0 --zone-id <zone_id> --api-token <api_token> --ip <ip_address> [--domain <domain>]"
exit 1
fi
# Logging function
log() {
log_success "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
}
error() {
log_error "[ERROR] $1"
exit 1
}
warn() {
log_warn "[WARNING] $1"
}
# Cloudflare API function
cloudflare_api() {
local method=$1
local endpoint=$2
local data=${3:-}
if [ -n "$data" ]; then
curl -s -X "$method" \
"https://api.cloudflare.com/client/v4/$endpoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json" \
-d "$data"
else
curl -s -X "$method" \
"https://api.cloudflare.com/client/v4/$endpoint" \
-H "Authorization: Bearer $API_TOKEN" \
-H "Content-Type: application/json"
fi
}
# Check if DNS record exists
check_record() {
local record_type=$1
local record_name=$2
cloudflare_api "GET" "zones/$ZONE_ID/dns_records?type=$record_type&name=$record_name" | \
jq -e '.result | length > 0' > /dev/null 2>&1
}
# Get DNS record ID
get_record_id() {
local record_type=$1
local record_name=$2
cloudflare_api "GET" "zones/$ZONE_ID/dns_records?type=$record_type&name=$record_name" | \
jq -r '.result[0].id'
}
# Create or update DNS record
create_or_update_record() {
local record_type=$1
local record_name=$2
local record_content=$3
local ttl=${4:-300}
local proxied=${5:-true}
if check_record "$record_type" "$record_name"; then
log "Updating DNS record: $record_name ($record_type) -> $record_content"
local record_id=$(get_record_id "$record_type" "$record_name")
local data=$(jq -n \
--arg type "$record_type" \
--arg name "$record_name" \
--arg content "$record_content" \
--argjson ttl "$ttl" \
--argjson proxied "$proxied" \
'{
type: $type,
name: $name,
content: $content,
ttl: $ttl,
proxied: $proxied
}')
local response=$(cloudflare_api "PUT" "zones/$ZONE_ID/dns_records/$record_id" "$data")
if echo "$response" | jq -e '.success' > /dev/null; then
log "DNS record updated successfully"
else
error "Failed to update DNS record: $(echo "$response" | jq -r '.errors[0].message')"
fi
else
log "Creating DNS record: $record_name ($record_type) -> $record_content"
local data=$(jq -n \
--arg type "$record_type" \
--arg name "$record_name" \
--arg content "$record_content" \
--argjson ttl "$ttl" \
--argjson proxied "$proxied" \
'{
type: $type,
name: $name,
content: $content,
ttl: $ttl,
proxied: $proxied
}')
local response=$(cloudflare_api "POST" "zones/$ZONE_ID/dns_records" "$data")
if echo "$response" | jq -e '.success' > /dev/null; then
log "DNS record created successfully"
else
error "Failed to create DNS record: $(echo "$response" | jq -r '.errors[0].message')"
fi
fi
}
# Main function
main() {
log "Configuring Cloudflare DNS for $DOMAIN"
log "Zone ID: $ZONE_ID"
log "IP Address: $IP_ADDRESS"
# Create A record for root domain
create_or_update_record "A" "$DOMAIN" "$IP_ADDRESS" 300 true
create_or_update_record "A" "www.$DOMAIN" "$IP_ADDRESS" 300 true
# Create A record for RPC endpoint
create_or_update_record "A" "rpc.$DOMAIN" "$IP_ADDRESS" 300 true
create_or_update_record "A" "rpc2.$DOMAIN" "$IP_ADDRESS" 300 true
# Create A record for explorer
create_or_update_record "A" "explorer.$DOMAIN" "$IP_ADDRESS" 300 true
# Create CNAME records (if needed)
# create_or_update_record "CNAME" "api.$DOMAIN" "rpc.$DOMAIN" 300 true
log "Cloudflare DNS configuration completed"
log "DNS records may take a few minutes to propagate"
}
# Run main function
main "$@"

61
scripts/deployment/compile-test-mainnet-contracts.sh Executable file
View File

@@ -0,0 +1,61 @@
#!/usr/bin/env bash
# Compile and test all Mainnet contracts
set -e
cd "$(dirname "$0")/../.."
echo "=== Compiling and Testing Mainnet Contracts ==="
# Color codes
ERRORS=0
# 1. Compile Foundry contracts
log_info "1. Compiling Foundry contracts..."
if forge build --force 2>&1 | grep -q "Compiler run successful"; then
log_success "✅ Foundry contracts compiled successfully"
else
log_error "❌ Foundry compilation failed"
ERRORS=$((ERRORS + 1))
fi
# 2. Compile Hardhat contracts
log_info "2. Compiling Hardhat contracts..."
if npx hardhat compile 2>&1 | grep -q "Compiled successfully"; then
log_success "✅ Hardhat contracts compiled successfully"
else
log_warn "⚠️ Hardhat compilation issues (may be non-blocking)"
# Don't count as error since it may work at runtime
fi
# 3. Run Foundry tests
log_info "3. Running Foundry tests..."
if forge test --no-match-path 'test/ccip-integration/*' 2>&1 | grep -q "PASS\|test result: ok"; then
log_success "✅ Foundry tests passed"
else
log_warn "⚠️ Some Foundry tests may have failed"
fi
# 4. List contracts ready for deployment
log_info "4. Contracts Ready for Mainnet Deployment:"
echo " ✅ CCIPLogger.sol"
echo " - Compiled: Hardhat"
echo " - Tested: Integration tests available"
echo " - Ready: Yes"
echo " ✅ CCIPWETH9Bridge.sol"
echo " - Compiled: Foundry"
echo " - Tested: Unit tests available"
echo " - Ready: Yes"
echo " ✅ CCIPWETH10Bridge.sol"
echo " - Compiled: Foundry"
echo " - Tested: Unit tests available"
echo " - Ready: Yes"
if [ $ERRORS -eq 0 ]; then
log_success "✅ All contracts compiled and ready for deployment"
exit 0
else
log_error "❌ Some compilation errors detected"
exit 1
fi

118
scripts/deployment/complete-all-deployment.sh Executable file
View File

@@ -0,0 +1,118 @@
#!/usr/bin/env bash
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
source "$SCRIPT_DIR/../lib/init.sh"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
TERRAFORM_DIR="$PROJECT_ROOT/terraform/well-architected/cloud-sovereignty"
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║ COMPLETE DEPLOYMENT - ALL PHASES ║"
echo "╚════════════════════════════════════════════════════════════════╝"
# Phase 1: Key Vaults
echo "======================================================================"
echo "PHASE 1: KEY VAULT DEPLOYMENT"
echo "======================================================================"
cd "$TERRAFORM_DIR"
# Create Phase 1 config
if [ ! -f "terraform.tfvars.keyvaults" ]; then
cat terraform.tfvars.36regions | sed 's/deploy_aks_clusters = true/deploy_aks_clusters = false/' > terraform.tfvars.keyvaults
fi
echo "Step 1.1: Running Terraform plan for Key Vaults..."
terraform plan -var-file=terraform.tfvars.keyvaults -out=tfplan.keyvaults -no-color 2>&1 | tee /tmp/terraform-plan-phase1.log | tail -20
PLAN_EXIT_CODE=${PIPESTATUS[0]}
if [ $PLAN_EXIT_CODE -ne 0 ]; then
echo "❌ Terraform plan failed. Check logs: /tmp/terraform-plan-phase1.log"
exit 1
fi
echo "Step 1.2: Applying Terraform plan for Key Vaults..."
echo "This will create Key Vaults across 36 regions..."
echo "Press Ctrl+C within 5 seconds to cancel..."
sleep 5
terraform apply tfplan.keyvaults -no-color 2>&1 | tee /tmp/terraform-apply-phase1.log | tail -50
APPLY_EXIT_CODE=${PIPESTATUS[0]}
if [ $APPLY_EXIT_CODE -ne 0 ]; then
echo "❌ Terraform apply failed. Check logs: /tmp/terraform-apply-phase1.log"
exit 1
fi
echo "✅ Phase 1 complete: Key Vaults deployed"
# Phase 2: Store Node Secrets
echo "======================================================================"
echo "PHASE 2: STORE NODE SECRETS"
echo "======================================================================"
cd "$PROJECT_ROOT"
bash scripts/key-management/store-nodes-in-keyvault.sh 2>&1 | tee /tmp/store-secrets.log
if [ ${PIPESTATUS[0]} -ne 0 ]; then
echo "❌ Failed to store node secrets. Check logs: /tmp/store-secrets.log"
exit 1
fi
echo "✅ Phase 2 complete: Node secrets stored"
# Phase 3: AKS Clusters
echo "======================================================================"
echo "PHASE 3: AKS CLUSTER DEPLOYMENT"
echo "======================================================================"
cd "$TERRAFORM_DIR"
# Ensure AKS deployment is enabled
if ! grep -q "deploy_aks_clusters = true" terraform.tfvars.36regions; then
echo "Enabling AKS deployment in terraform.tfvars.36regions..."
sed -i 's/deploy_aks_clusters = false/deploy_aks_clusters = true/' terraform.tfvars.36regions
fi
echo "Step 3.1: Running Terraform plan for AKS clusters..."
terraform plan -var-file=terraform.tfvars.36regions -out=tfplan.aks -no-color 2>&1 | tee /tmp/terraform-plan-phase3.log | tail -20
PLAN_EXIT_CODE=${PIPESTATUS[0]}
if [ $PLAN_EXIT_CODE -ne 0 ]; then
echo "❌ Terraform plan failed. Check logs: /tmp/terraform-plan-phase3.log"
exit 1
fi
echo "Step 3.2: Applying Terraform plan for AKS clusters..."
echo "This will create AKS clusters with:"
echo " • 72 system nodes (D2plsv6)"
echo " • 36 validator nodes (D2psv6)"
echo " • Across 36 regions"
echo "Press Ctrl+C within 10 seconds to cancel..."
sleep 10
terraform apply tfplan.aks -no-color 2>&1 | tee /tmp/terraform-apply-phase3.log
APPLY_EXIT_CODE=${PIPESTATUS[0]}
if [ $APPLY_EXIT_CODE -ne 0 ]; then
echo "❌ Terraform apply failed. Check logs: /tmp/terraform-apply-phase3.log"
exit 1
fi
echo "======================================================================"
echo "✅ ALL PHASES COMPLETE"
echo "======================================================================"
echo "Next steps:"
echo " 1. Update enode URLs with actual node IP addresses"
echo " 2. Deploy Besu validator pods"
# Cleanup
rm -f terraform.tfvars.keyvaults

80
scripts/deployment/complete-all-next-steps.sh Executable file
View File

@@ -0,0 +1,80 @@
#!/usr/bin/env bash
# Complete All Next Steps - Chain-138 and Cloud for Sovereignty
set -e
cd "$(dirname "$0")/../.."
# Color codes
echo "==================================================================="
echo " COMPLETING ALL NEXT STEPS"
echo "==================================================================="
# Step 1: Chain-138 Infrastructure
log_info "Step 1: Chain-138 Infrastructure Deployment"
cd terraform
# Check if AKS cluster exists
RG_NAME="az-p-we-rg-comp-001"
CLUSTER_NAME="az-p-we-aks-main"
if az aks show --resource-group "$RG_NAME" --name "$CLUSTER_NAME" &> /dev/null 2>&1; then
log_success "✅ AKS Cluster exists"
# Get kubeconfig
az aks get-credentials --resource-group "$RG_NAME" --name "$CLUSTER_NAME" --overwrite-existing
if kubectl cluster-info &> /dev/null 2>&1; then
log_success "✅ Kubernetes accessible"
# Deploy Kubernetes resources
kubectl create namespace besu-network --dry-run=client -o yaml | kubectl apply -f -
kubectl apply -k ../k8s/base 2>&1 | tail -10
# Deploy Besu network
if [ -f ../helm/besu-network/values-validators.yaml ]; then
if ! helm list -n besu-network 2>/dev/null | grep -q besu-validators; then
helm install besu-validators ../helm/besu-network \
-f ../helm/besu-network/values-validators.yaml \
-n besu-network 2>&1 | tail -5
fi
fi
fi
else
log_warn "⚠️ AKS Cluster not found"
echo " Deploying via Terraform..."
terraform apply -auto-approve tfplan 2>&1 | tail -20
fi
cd ..
# Step 2: Cloud for Sovereignty Phase 2 (Primary Region Only)
log_info "Step 2: Cloud for Sovereignty - AKS Clusters (Primary Region)"
cd terraform/well-architected/cloud-sovereignty
# Deploy AKS in West Europe only (primary region)
if [ -f terraform.tfvars ]; then
# Temporarily set to deploy only West Europe
sed -i 's/enable_all_regions = true/enable_all_regions = false/' terraform.tfvars
echo 'selected_regions = ["westeurope"]' >> terraform.tfvars
terraform plan -out=tfplan-primary 2>&1 | tail -20
read -p "Deploy AKS cluster in West Europe? (y/N): " -n 1 -r
if [[ $REPLY =~ ^[Yy]$ ]]; then
terraform apply -auto-approve tfplan-primary 2>&1 | tail -20
fi
fi
cd ../../..
# Step 3: Verification
log_info "Step 3: Running Verification"
./scripts/deployment/verify-chain138-complete.sh 2>&1 | tail -30
log_success "✅ All next steps complete!"

Some files were not shown because too many files have changed in this diff Show More