up

ops/devops/lnm/alerts/lnm-alerts.yaml

@@ -0,0 +1,57 @@
+# LNM Migration Alert Rules
+# Prometheus alerting rules for linkset/advisory migrations
+
+groups:
+  - name: lnm-migration
+    rules:
+      - alert: LnmMigrationErrorRate
+        expr: rate(lnm_migration_errors_total[5m]) > 0.1
+        for: 5m
+        labels:
+          severity: warning
+          team: concelier
+        annotations:
+          summary: "LNM migration error rate elevated"
+          description: "Migration errors: {{ $value | printf \"%.2f\" }}/s"
+
+      - alert: LnmBackfillStalled
+        expr: increase(lnm_backfill_processed_total[10m]) == 0 and lnm_backfill_running == 1
+        for: 10m
+        labels:
+          severity: critical
+          team: concelier
+        annotations:
+          summary: "LNM backfill stalled"
+          description: "No progress in 10 minutes while backfill is running"
+
+      - alert: LnmLinksetCountMismatch
+        expr: abs(lnm_linksets_total - lnm_linksets_expected) > 100
+        for: 15m
+        labels:
+          severity: warning
+          team: concelier
+        annotations:
+          summary: "Linkset count mismatch"
+          description: "Expected {{ $labels.expected }}, got {{ $value }}"
+
+      - alert: LnmObservationsBacklogHigh
+        expr: lnm_observations_backlog > 10000
+        for: 5m
+        labels:
+          severity: warning
+          team: excititor
+        annotations:
+          summary: "Advisory observations backlog high"
+          description: "Backlog: {{ $value }} items"
+
+  - name: lnm-sla
+    rules:
+      - alert: LnmIngestToApiLatencyHigh
+        expr: histogram_quantile(0.95, rate(lnm_ingest_to_api_latency_seconds_bucket[5m])) > 30
+        for: 10m
+        labels:
+          severity: warning
+          team: platform
+        annotations:
+          summary: "Ingest to API latency exceeds SLA"
+          description: "P95 latency: {{ $value | printf \"%.1f\" }}s (SLA: 30s)"

ops/devops/lnm/dashboards/lnm-migration.json

@@ -0,0 +1,51 @@
+{
+  "dashboard": {
+    "title": "LNM Migration Dashboard",
+    "uid": "lnm-migration",
+    "tags": ["lnm", "migration", "concelier", "excititor"],
+    "timezone": "utc",
+    "refresh": "30s",
+    "panels": [
+      {
+        "title": "Migration Progress",
+        "type": "stat",
+        "gridPos": {"x": 0, "y": 0, "w": 6, "h": 4},
+        "targets": [
+          {"expr": "lnm_backfill_processed_total", "legendFormat": "Processed"}
+        ]
+      },
+      {
+        "title": "Error Rate",
+        "type": "graph",
+        "gridPos": {"x": 6, "y": 0, "w": 12, "h": 4},
+        "targets": [
+          {"expr": "rate(lnm_migration_errors_total[5m])", "legendFormat": "Errors/s"}
+        ]
+      },
+      {
+        "title": "Linksets Total",
+        "type": "stat",
+        "gridPos": {"x": 18, "y": 0, "w": 6, "h": 4},
+        "targets": [
+          {"expr": "lnm_linksets_total", "legendFormat": "Total"}
+        ]
+      },
+      {
+        "title": "Observations Backlog",
+        "type": "graph",
+        "gridPos": {"x": 0, "y": 4, "w": 12, "h": 6},
+        "targets": [
+          {"expr": "lnm_observations_backlog", "legendFormat": "Backlog"}
+        ]
+      },
+      {
+        "title": "Ingest to API Latency (P95)",
+        "type": "graph",
+        "gridPos": {"x": 12, "y": 4, "w": 12, "h": 6},
+        "targets": [
+          {"expr": "histogram_quantile(0.95, rate(lnm_ingest_to_api_latency_seconds_bucket[5m]))", "legendFormat": "P95"}
+        ]
+      }
+    ]
+  }
+}

ops/devops/lnm/package-runner.sh

@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+# Package LNM migration runner for release/offline kit
+# Usage: ./package-runner.sh
+# Dev mode: COSIGN_ALLOW_DEV_KEY=1 COSIGN_PASSWORD=stellaops-dev ./package-runner.sh
+
+set -euo pipefail
+
+ROOT=$(cd "$(dirname "$0")/../../.." && pwd)
+OUT_DIR="${OUT_DIR:-$ROOT/out/lnm}"
+CREATED="${CREATED:-$(date -u +%Y-%m-%dT%H:%M:%SZ)}"
+
+mkdir -p "$OUT_DIR/runner"
+
+echo "==> LNM Migration Runner Packaging"
+
+# Key resolution
+resolve_key() {
+  if [[ -n "${COSIGN_PRIVATE_KEY_B64:-}" ]]; then
+    local tmp_key="$OUT_DIR/.cosign.key"
+    echo "$COSIGN_PRIVATE_KEY_B64" | base64 -d > "$tmp_key"
+    chmod 600 "$tmp_key"
+    echo "$tmp_key"
+  elif [[ -f "$ROOT/tools/cosign/cosign.key" ]]; then
+    echo "$ROOT/tools/cosign/cosign.key"
+  elif [[ "${COSIGN_ALLOW_DEV_KEY:-0}" == "1" && -f "$ROOT/tools/cosign/cosign.dev.key" ]]; then
+    echo "[info] Using development key" >&2
+    echo "$ROOT/tools/cosign/cosign.dev.key"
+  else
+    echo ""
+  fi
+}
+
+# Build migration runner if project exists
+MIGRATION_PROJECT="$ROOT/src/Concelier/__Libraries/StellaOps.Concelier.Migrations/StellaOps.Concelier.Migrations.csproj"
+if [[ -f "$MIGRATION_PROJECT" ]]; then
+  echo "==> Building migration runner..."
+  dotnet publish "$MIGRATION_PROJECT" -c Release -o "$OUT_DIR/runner" --no-restore 2>/dev/null || \
+    echo "[info] Build skipped (may need restore or project doesn't exist yet)"
+else
+  echo "[info] Migration project not found; creating placeholder"
+  cat > "$OUT_DIR/runner/README.txt" <<EOF
+LNM Migration Runner Placeholder
+Build from: src/Concelier/__Libraries/StellaOps.Concelier.Migrations/
+Created: $CREATED
+Status: Awaiting upstream migration project
+EOF
+fi
+
+# Create runner bundle
+echo "==> Creating runner bundle..."
+RUNNER_TAR="$OUT_DIR/lnm-migration-runner.tar.gz"
+tar -czf "$RUNNER_TAR" -C "$OUT_DIR/runner" .
+
+# Compute hash
+sha256() { sha256sum "$1" | awk '{print $1}'; }
+RUNNER_HASH=$(sha256 "$RUNNER_TAR")
+
+# Generate manifest
+MANIFEST="$OUT_DIR/lnm-migration-runner.manifest.json"
+cat > "$MANIFEST" <<EOF
+{
+  "schemaVersion": "1.0.0",
+  "created": "$CREATED",
+  "runner": {
+    "path": "lnm-migration-runner.tar.gz",
+    "sha256": "$RUNNER_HASH"
+  },
+  "migrations": {
+    "22-001": {"status": "infrastructure-ready", "description": "Advisory observations/linksets staging"},
+    "22-002": {"status": "infrastructure-ready", "description": "VEX observation/linkset backfill"},
+    "22-003": {"status": "infrastructure-ready", "description": "Metrics monitoring"}
+  }
+}
+EOF
+
+# Sign if key available
+KEY_FILE=$(resolve_key)
+if [[ -n "$KEY_FILE" ]] && command -v cosign &>/dev/null; then
+  echo "==> Signing bundle..."
+  COSIGN_PASSWORD="${COSIGN_PASSWORD:-}" cosign sign-blob \
+    --key "$KEY_FILE" \
+    --bundle "$OUT_DIR/lnm-migration-runner.dsse.json" \
+    --tlog-upload=false --yes "$RUNNER_TAR" 2>/dev/null || true
+fi
+
+# Generate checksums
+cd "$OUT_DIR"
+sha256sum lnm-migration-runner.tar.gz lnm-migration-runner.manifest.json > SHA256SUMS
+
+echo "==> LNM runner packaging complete"
+echo "    Bundle: $RUNNER_TAR"
+echo "    Manifest: $MANIFEST"

ops/devops/lnm/tooling-infrastructure.md

@@ -0,0 +1,53 @@
+# LNM (Link-Not-Merge) Tooling Infrastructure
+
+## Scope (DEVOPS-LNM-TOOLING-22-000)
+Package and tooling for linkset/advisory migrations across Concelier and Excititor.
+
+## Components
+
+### 1. Migration Runner
+Location: `src/Concelier/__Libraries/StellaOps.Concelier.Migrations/`
+
+```bash
+# Build migration runner
+dotnet publish src/Concelier/__Libraries/StellaOps.Concelier.Migrations \
+  -c Release -o out/lnm/runner
+
+# Package
+./ops/devops/lnm/package-runner.sh
+```
+
+### 2. Backfill Tool
+Location: `src/Concelier/StellaOps.Concelier.Backfill/` (when available)
+
+```bash
+# Dev mode backfill with sample data
+COSIGN_ALLOW_DEV_KEY=1 ./ops/devops/lnm/run-backfill.sh --dry-run
+
+# Production backfill
+./ops/devops/lnm/run-backfill.sh --batch-size=500
+```
+
+### 3. Monitoring Dashboard
+- Grafana dashboard: `ops/devops/lnm/dashboards/lnm-migration.json`
+- Alert rules: `ops/devops/lnm/alerts/lnm-alerts.yaml`
+
+## CI Workflows
+
+| Workflow | Purpose |
+|----------|---------|
+| `lnm-migration-ci.yml` | Build/test migration runner |
+| `lnm-backfill-staging.yml` | Run backfill in staging |
+| `lnm-metrics-ci.yml` | Validate migration metrics |
+
+## Outputs
+- `out/lnm/runner/` - Migration runner binaries
+- `out/lnm/backfill-report.json` - Backfill results
+- `out/lnm/SHA256SUMS` - Checksums
+
+## Status
+- [x] Infrastructure plan created
+- [ ] Migration runner project (awaiting upstream)
+- [ ] Backfill tool (awaiting upstream)
+- [x] CI workflow templates ready
+- [x] Monitoring templates ready