VyOS Migration: Validation & Stabilization

#!/bin/bash
# VyOS Migration - Final Validation
# Run from workstation after completing all milestones
#
# Usage: bash migration-final-validation.sh
# NOTE: Attribute placeholders ({...}) must be replaced with actual values
#       or sourced from environment before running.

DOMAIN="${DOMAIN:-inside.domusdigitalis.dev}"
BIND_IP="${BIND_IP}"
VYOS_VIP="${VYOS_VIP}"
VYOS_01_IP="${VYOS_01_IP}"
VYOS_02_IP="${VYOS_02_IP}"
VYOS_01_HOST="${VYOS_01_HOST}"
VYOS_02_HOST="${VYOS_02_HOST}"

echo "=== DNS Validation ==="
for h in ${VYOS_01_HOST} ${VYOS_02_HOST}; do
  IP=$(dig @${BIND_IP} ${h} +short)
  [[ -n "$IP" ]] && echo "✓ ${h} → ${IP}" || echo "✗ ${h} FAILED"
done

echo ""
echo "=== Connectivity Validation ==="
for ip in ${VYOS_VIP} ${VYOS_02_IP} ${VYOS_01_IP} 8.8.8.8; do
  ping -c1 -W2 ${ip} >/dev/null 2>&1 && echo "✓ ${ip} reachable" || echo "✗ ${ip} FAILED"
done

echo ""
echo "=== VRRP Validation ==="
ssh ${VYOS_01_HOST} "show vrrp" 2>/dev/null | grep -E "State|Interface" || echo "${VYOS_01_HOST} VRRP check failed"
ssh ${VYOS_02_HOST} "show vrrp" 2>/dev/null | grep -E "State|Interface" || echo "${VYOS_02_HOST} VRRP check failed"

echo ""
echo "=== Firewall Validation ==="
ssh ${VYOS_01_HOST} "show firewall" 2>/dev/null | head -10 || echo "${VYOS_01_HOST} firewall check failed"

echo ""
echo "=== Internet Routing ==="
traceroute -n -m 3 8.8.8.8 2>/dev/null | head -5

echo ""
echo "=== Migration Status ==="
VIP_PING=$(ping -c1 -W2 ${VYOS_VIP} >/dev/null 2>&1 && echo "OK" || echo "FAIL")
VRRP_01=$(ssh ${VYOS_01_HOST} "show vrrp" 2>/dev/null | grep -c "State" || echo "0")
VRRP_02=$(ssh ${VYOS_02_HOST} "show vrrp" 2>/dev/null | grep -c "State" || echo "0")

if [[ "$VIP_PING" == "OK" && "$VRRP_01" -gt 0 && "$VRRP_02" -gt 0 ]]; then
  echo "✓ MIGRATION COMPLETE - VyOS HA operational"
else
  echo "✗ MIGRATION INCOMPLETE - Check failures above"
fi