#!/usr/bin/env bash # ============================================================================== # deploy.sh — Deploy Meridian LXC # # Usage: # ./deploy.sh # full deploy # ./deploy.sh --tags meridian # meridian role only # ./deploy.sh --tags litellm # litellm role only # ./deploy.sh -v # verbose output # # Secrets: # The playbook reads /meridian from Infisical itself (site.yml pre_tasks) — # master key + the direct_* provider keys. No env wiring needed; this works # identically under Semaphore. The only local requirement is the ansible-vault # password (decrypts vars/vault.yml → the Infisical machine-identity secret), # which --ask-vault-pass prompts for. Semaphore supplies it via an attached # vault key on the template. # ============================================================================== set -euo pipefail HOST_IP="$(grep -E '^[0-9]' inventory.ini | head -1 | awk '{print $1}')" HOST_USER="$(grep -o 'ansible_user=[^ ]*' inventory.ini | head -1 | cut -d= -f2)" echo "==> Checking connectivity to ${HOST_USER}@${HOST_IP} ..." if ! ssh -o ConnectTimeout=5 -o BatchMode=yes "${HOST_USER}@${HOST_IP}" true 2>/dev/null; then echo " Cannot SSH to ${HOST_IP} — refreshing host key ..." ssh-keygen -R "$HOST_IP" 2>/dev/null || true ssh-keyscan -H "$HOST_IP" >> ~/.ssh/known_hosts 2>/dev/null fi echo "==> Installing Ansible collections ..." ansible-galaxy collection install -r requirements.yml --force 2>/dev/null echo "==> Running deploy playbook ..." ansible-playbook -i inventory.ini site.yml --ask-vault-pass "$@" echo "==> Verifying ..." ssh "${HOST_USER}@${HOST_IP}" bash -s <<'VERIFY' echo "Node: $(node --version 2>/dev/null || echo missing)" echo "Meridian binary: $(which meridian 2>/dev/null || echo missing)" echo "Services:" for svc in meridian litellm; do printf " %-10s enabled=%s active=%s\n" "$svc" "$(systemctl is-enabled $svc 2>/dev/null)" "$(systemctl is-active $svc 2>/dev/null)" done echo "Endpoints:" curl -sf --max-time 3 http://127.0.0.1:3456/v1/messages -X POST -H 'Content-Type: application/json' -d '{}' >/dev/null 2>&1 \ && echo " meridian :3456 reachable" || echo " meridian :3456 not responding" curl -sf --max-time 3 http://127.0.0.1:4000/health/liveliness >/dev/null 2>&1 \ && echo " litellm :4000 healthy" || echo " litellm :4000 not responding" VERIFY echo "==> Done."