@meshxdata/fops 0.1.48 → 0.1.50

package/src/plugins/bundled/fops-plugin-azure/lib/azure-provision-health.js

@@ -0,0 +1,279 @@
+/**
+ * Azure VM — Post-start health checks
+ * Extracted from azure-provision.js for maintainability
+ *
+ * Waits for Postgres, runs migrations check, grants admin, and verifies URL reachability.
+ */
+import chalk from "chalk";
+import { DIM, OK, WARN, banner, hint, sshCmd } from "./azure-helpers.js";
+
+// ── TLS fetch helper (suppresses self-signed cert warnings) ──────────────────
+
+let _tlsWarningSuppressed = false;
+async function tlsFetch(url, opts = {}) {
+  if (!_tlsWarningSuppressed) {
+    _tlsWarningSuppressed = true;
+    const origEmit = process.emitWarning;
+    process.emitWarning = (warning, ...args) => {
+      if (typeof warning === "string" && warning.includes("NODE_TLS_REJECT_UNAUTHORIZED")) return;
+      return origEmit.call(process, warning, ...args);
+    };
+  }
+  const prev = process.env.NODE_TLS_REJECT_UNAUTHORIZED;
+  process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+  try {
+    return await fetch(url, opts);
+  } finally {
+    if (prev === undefined) delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
+    else process.env.NODE_TLS_REJECT_UNAUTHORIZED = prev;
+  }
+}
+
+// ── URL wait mode ────────────────────────────────────────────────────────────
+
+export const URL_WAIT_MODE_HTTP_ANY = "http-any";
+export const URL_WAIT_MODE_HTTP_2XX = "http-2xx";
+const URL_WAIT_PROGRESS_INTERVAL_MS = 15000;
+
+function normalizeUrlWaitMode(mode) {
+  const normalized = String(mode || URL_WAIT_MODE_HTTP_ANY).trim().toLowerCase();
+  if (normalized === URL_WAIT_MODE_HTTP_2XX) return URL_WAIT_MODE_HTTP_2XX;
+  return URL_WAIT_MODE_HTTP_ANY;
+}
+
+function isUrlReadyByMode(status, waitMode) {
+  if (waitMode === URL_WAIT_MODE_HTTP_2XX) {
+    return status >= 200 && status < 300;
+  }
+  // Any HTTP response means DNS + TLS + edge routing are reachable.
+  return Number.isInteger(status) && status >= 100 && status <= 599;
+}
+
+// ── Postgres wait constants ──────────────────────────────────────────────────
+
+const POSTGRES_INITIAL_DELAY_MS = 45000;  // give compose time to start containers after nohup fops up
+const POSTGRES_POLL_INTERVAL_MS = 10000;
+const POSTGRES_MAX_WAIT_MS = 600000;      // 10 min for first boot / heavy stack or recovery
+const POSTGRES_RECOVERY_HINT_INTERVAL_MS = 60000;  // remind every 60s that we're waiting on recovery
+
+// ── Post-start checks ────────────────────────────────────────────────────────
+
+export async function postStartChecks(execa, ip, adminUser, { maxWait = POSTGRES_MAX_WAIT_MS, publicUrl, waitMode } = {}) {
+  banner("Post-start checks");
+
+  const ssh = (cmd, timeout = 30000) => sshCmd(execa, ip, adminUser, cmd, timeout);
+
+  hint("Waiting for Postgres…");
+  await new Promise((r) => setTimeout(r, POSTGRES_INITIAL_DELAY_MS));
+  const pgStart = Date.now();
+  let pgReady = false;
+  let lastRecoveryHintAt = -POSTGRES_RECOVERY_HINT_INTERVAL_MS;  // so first recovery is reported immediately
+  let lastEventCheckAt = 0;
+  const EVENT_CHECK_INTERVAL_MS = 15000;  // show docker events every 15s while waiting
+
+  while (Date.now() - pgStart < maxWait) {
+    const { exitCode, stdout, stderr } = await ssh(
+      "cd /opt/foundation-compose && sudo docker compose exec -T postgres psql -U foundation -d foundation -c 'SELECT 1' 2>&1",
+      15000
+    );
+    if (exitCode === 0) { pgReady = true; break; }
+    const out = (stdout || "") + (stderr || "");
+    const inRecovery = /recovery|not yet accepting connections|Consistent recovery state has not been yet reached/i.test(out);
+    if (inRecovery && Date.now() - lastRecoveryHintAt >= POSTGRES_RECOVERY_HINT_INTERVAL_MS) {
+      console.log(WARN("  Postgres in recovery (database was not properly shut down). Waiting for it to accept connections…"));
+      lastRecoveryHintAt = Date.now();
+    }
+
+    // Show recent docker events while waiting
+    if (Date.now() - lastEventCheckAt >= EVENT_CHECK_INTERVAL_MS) {
+      const { stdout: events } = await ssh(
+        "docker events --since 30s --until 0s --format '{{.Type}}|{{.Action}}|{{.Actor.Attributes.name}}|{{.Actor.Attributes.image}}' 2>/dev/null | tail -8",
+        10000
+      ).catch(() => ({ stdout: "" }));
+      if (events?.trim()) {
+        const eventIcons = { pull: "📥", start: "▶", create: "✦", die: "✗", kill: "⚡", stop: "■" };
+        const lines = events.trim().split("\n").map((line) => {
+          const [type, action, name, image] = line.split("|");
+          const icon = eventIcons[action] || "·";
+          const svc = name || image?.split("/").pop()?.split(":")[0] || "";
+          return `${icon} ${action.padEnd(7)} ${svc}`;
+        });
+        const elapsed = Math.round((Date.now() - pgStart) / 1000);
+        console.log(DIM(`  [${elapsed}s] Docker activity:`));
+        for (const line of lines) console.log(DIM(`    ${line}`));
+      }
+      lastEventCheckAt = Date.now();
+    }
+
+    await new Promise((r) => setTimeout(r, POSTGRES_POLL_INTERVAL_MS));
+  }
+  if (!pgReady) {
+    console.log(WARN("  ⚠ Postgres not ready after timeout (may still be in recovery after unclean shutdown)"));
+
+    const { stdout: composePs } = await ssh(
+      "cd /opt/foundation-compose && sudo docker compose ps -a --format '{{.Service}}\t{{.State}}\t{{.Status}}' 2>/dev/null | head -20"
+    );
+    const states = composePs?.trim()?.split("\n").map((line) => line.split("\t")[1]).filter(Boolean) ?? [];
+    const allCreated = states.length > 0 && states.every((s) => s === "created");
+    if (composePs?.trim()) {
+      hint("Container status:");
+      for (const line of composePs.trim().split("\n")) hint(`  ${line}`);
+      if (allCreated) {
+        hint("Containers still in 'created' — stack may still be starting. Wait a few minutes then: fops azure deploy");
+      }
+    } else {
+      hint("No containers found — docker compose may not have started.");
+    }
+
+    const { stdout: pullErrors } = await ssh(
+      "grep -i -E 'error|denied|unauthorized|manifest unknown|pull access denied' /tmp/fops-up.log 2>/dev/null | tail -5"
+    );
+    if (pullErrors?.trim()) {
+      console.log(WARN("  Possible pull errors:"));
+      for (const line of pullErrors.trim().split("\n")) hint(`  ${line}`);
+    }
+
+    const { stdout: ghcrCheck } = await ssh(
+      "sudo cat /root/.docker/config.json 2>/dev/null | grep -q ghcr.io && echo 'ok' || echo 'missing'"
+    );
+    if (ghcrCheck?.trim() !== "ok") {
+      console.log(WARN("  ⚠ GHCR credentials missing from /root/.docker/config.json"));
+      hint("Re-run: fops azure up (will re-configure credentials)");
+    }
+
+    const { stdout: upLogTail } = await ssh(
+      "tail -80 /tmp/fops-up.log 2>/dev/null || echo '(log not found or empty)'"
+    );
+    if (upLogTail?.trim()) {
+      console.log(WARN("  Last lines of /tmp/fops-up.log:"));
+      for (const line of upLogTail.trim().split("\n").slice(-40)) {
+        console.log(chalk.dim(`    ${line}`));
+      }
+    }
+
+    hint(`\nDebug: ssh ${adminUser}@${ip} "tail -100 /tmp/fops-up.log"`);
+    hint("Retry: fops azure deploy\n");
+    return;
+  }
+  console.log(OK("  ✓ Postgres ready"));
+
+  hint("Waiting for backend migrations…");
+  const migStart = Date.now();
+  let migReady = false;
+  while (Date.now() - migStart < 120000) {
+    const { exitCode: migCheck } = await ssh(
+      `cd /opt/foundation-compose && sudo docker compose exec -T postgres psql -U foundation -d foundation -c "SELECT 1 FROM \\"user\\" LIMIT 1" >/dev/null 2>&1`
+    );
+    if (migCheck === 0) { migReady = true; break; }
+    await new Promise((r) => setTimeout(r, 5000));
+  }
+  if (!migReady) {
+    hint("Retrying migration check in 30s…");
+    await new Promise((r) => setTimeout(r, 30000));
+    const { exitCode: retryCheck } = await ssh(
+      `cd /opt/foundation-compose && sudo docker compose exec -T postgres psql -U foundation -d foundation -c "SELECT 1 FROM \\"user\\" LIMIT 1" >/dev/null 2>&1`
+    );
+    if (retryCheck === 0) migReady = true;
+  }
+  if (!migReady) {
+    console.log(WARN("  ⚠ Migrations not complete — skipping grant-admin (schema not ready)"));
+    hint("Run manually after stack is up:  fops azure grant admin");
+  } else {
+  const operatorEmail = process.env.FOUNDATION_USERNAME || process.env.FOUNDATION_OPERATOR_EMAIL || process.env.QA_USERNAME || "compose@meshx.io";
+  hint(`Ensuring ${operatorEmail} user + Foundation Admin…`);
+  const ensureUserSql = [
+    // Ensure the default operator user exists
+    `INSERT INTO "user" (identifier, urn, username, first_name, last_name, email, is_system)`,
+    `  VALUES (gen_random_uuid(), 'urn:meshx:user:operator', $op, 'Foundation', 'Operator', $op, false)`.replace(/\$op/g, `'${operatorEmail.replace(/'/g, "''")}'`),
+    `  ON CONFLICT (username) DO NOTHING;`,
+    // Grant Foundation Admin to operator user
+    `INSERT INTO role_member (identifier, role_id)`,
+    `  SELECT u.identifier, r.id FROM "user" u CROSS JOIN "role" r`,
+    `  WHERE u.username = '${operatorEmail.replace(/'/g, "''")}' AND r.name = 'Foundation Admin'`,
+    `  ON CONFLICT (role_id, identifier) DO NOTHING;`,
+    // Grant Foundation Admin to all other non-system users too
+    `INSERT INTO role_member (identifier, role_id)`,
+    `  SELECT u.identifier, r.id FROM "user" u CROSS JOIN "role" r`,
+    `  WHERE NOT u.is_system`,
+    `    AND u.username NOT IN ('admin@meshx.io', 'scheduler@meshx.io', 'opa@meshx.io')`,
+    `    AND r.name = 'Foundation Admin'`,
+    `  ON CONFLICT (role_id, identifier) DO NOTHING;`,
+  ].join("\n");
+  const b64Grant = Buffer.from(ensureUserSql).toString("base64");
+  let grantCode = -1;
+  let grantOut = "";
+  for (let attempt = 0; attempt < 2; attempt++) {
+    if (attempt === 1) {
+      hint("Grant failed; retrying in 20s…");
+      await new Promise((r) => setTimeout(r, 20000));
+    }
+    const result = await ssh(
+      `cd /opt/foundation-compose && echo '${b64Grant}' | base64 -d | sudo docker compose exec -T postgres psql -U foundation -d foundation -v ON_ERROR_STOP=1 2>&1`
+    );
+    grantOut = result.stdout || "";
+    grantCode = result.exitCode;
+    if (grantCode === 0) break;
+  }
+  if (grantCode === 0) {
+    console.log(OK(`  ✓ ${operatorEmail} — Foundation Admin granted`));
+  } else {
+    console.log(WARN("  ⚠ Admin grant failed — run manually:  fops azure grant admin"));
+    if (grantOut?.trim()) hint(grantOut.trim());
+  }
+
+  const orgSql = `INSERT INTO user_organization (user_id, organization_id) SELECT u.id, o.id FROM "user" u CROSS JOIN organization o WHERE o.name = 'root' ON CONFLICT DO NOTHING;`;
+  const b64Org = Buffer.from(orgSql).toString("base64");
+  let orgCode = -1;
+  for (let attempt = 0; attempt < 2; attempt++) {
+    if (attempt === 1) await new Promise((r) => setTimeout(r, 15000));
+    const result = await ssh(
+      `cd /opt/foundation-compose && echo '${b64Org}' | base64 -d | sudo docker compose exec -T postgres psql -U foundation -d foundation -v ON_ERROR_STOP=1 2>&1`
+    );
+    orgCode = result.exitCode;
+    if (orgCode === 0) break;
+  }
+  if (orgCode === 0) {
+    console.log(OK("  ✓ Root organization membership ensured"));
+  }
+  }
+
+  // Wait for the public URL to become reachable (Traefik + DNS propagation)
+  if (publicUrl) {
+    const urlWaitMode = normalizeUrlWaitMode(waitMode);
+    hint(`Waiting for ${publicUrl} to respond (mode: ${urlWaitMode})…`);
+    const urlMaxWait = 300000; // 5 min — Traefik + DNS can be slow after start
+    const urlStart = Date.now();
+    let lastProgressAt = 0;
+    let lastProbe = "not probed yet";
+    let urlOk = false;
+    while (Date.now() - urlStart < urlMaxWait) {
+      try {
+        const r = await tlsFetch(publicUrl, { signal: AbortSignal.timeout(8000), redirect: "follow" });
+        lastProbe = `HTTP ${r.status}`;
+        if (isUrlReadyByMode(r.status, urlWaitMode)) {
+          urlOk = true;
+          break;
+        }
+      } catch (err) {
+        // DNS not ready or connection refused — retry
+        lastProbe = err?.name || err?.message || "network error";
+      }
+      const now = Date.now();
+      if (now - lastProgressAt >= URL_WAIT_PROGRESS_INTERVAL_MS) {
+        const elapsed = Math.round((now - urlStart) / 1000);
+        hint(`Still waiting for ${publicUrl} [${elapsed}s] — last probe: ${lastProbe}`);
+        lastProgressAt = now;
+      }
+      await new Promise(r => setTimeout(r, 5000));
+    }
+    if (urlOk) {
+      console.log(OK(`  ✓ ${publicUrl} is reachable (${lastProbe})`));
+    } else {
+      console.log(WARN(`  ⚠ ${publicUrl} not responding yet (${lastProbe}) — Traefik, DNS, or edge config may still be propagating`));
+      hint(`Try stricter mode if needed: fops azure up --wait-mode ${URL_WAIT_MODE_HTTP_2XX}`);
+      hint("Check:  curl -sk " + publicUrl);
+    }
+  }
+
+  console.log("");
+}

package/src/plugins/bundled/fops-plugin-azure/lib/azure-provision-init.js

@@ -0,0 +1,186 @@
+/**
+ * Azure VM — Initial provisioning
+ * Extracted from azure-provision.js for maintainability
+ *
+ * Installs Docker, Node.js, fops CLI, clones foundation-compose repo on a fresh Ubuntu VM.
+ */
+import fs from "node:fs";
+import path from "node:path";
+import { OK, WARN, banner, hint, sshCmd } from "./azure-helpers.js";
+
+// ═══════════════════════════════════════════════════════════════════════════
+// Provision — install Docker, Node, fops, clone repo on a fresh Ubuntu VM
+// ═══════════════════════════════════════════════════════════════════════════
+
+export async function provisionVm(execa, ip, adminUser, { githubToken, branch = "main", fopsVersion = "latest" } = {}) {
+  banner("Provisioning VM");
+  const ssh = (cmd, timeout = 120000) => sshCmd(execa, ip, adminUser, cmd, timeout);
+
+  async function runScript(label, script, timeout = 180000) {
+    hint(`${label}…`);
+    const b64 = Buffer.from(script).toString("base64");
+    const { exitCode, stdout } = await ssh(
+      `echo '${b64}' | base64 -d | sudo bash -e 2>&1`, timeout,
+    );
+    if (exitCode !== 0) {
+      console.log(WARN(`  ⚠ ${label} had issues`));
+      if (stdout?.trim()) hint(stdout.trim().split("\n").pop());
+    } else {
+      console.log(OK(`  ✓ ${label}`));
+    }
+    return exitCode;
+  }
+
+  const waitAptLock = "while fuser /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock >/dev/null 2>&1; do echo 'Waiting for apt/dpkg lock…'; sleep 5; done";
+  await runScript("Waiting for cloud-init", [
+    "cloud-init status --wait 2>/dev/null || true",
+    "while fuser /var/lib/dpkg/lock-frontend /var/lib/apt/lists/lock /var/cache/apt/archives/lock >/dev/null 2>&1; do sleep 3; done",
+  ].join("\n"), 300000);
+
+  await runScript("Installing system packages", [
+    waitAptLock,
+    "export DEBIAN_FRONTEND=noninteractive",
+    "apt-get update -y -qq",
+    "apt-get install -y -qq apt-transport-https ca-certificates curl gnupg lsb-release jq git make unzip zsh software-properties-common python3-venv python3-pip",
+  ].join("\n"), 300000);
+
+  await runScript("Installing Docker", [
+    waitAptLock,
+    "export DEBIAN_FRONTEND=noninteractive",
+    "install -m 0755 -d /etc/apt/keyrings",
+    "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg",
+    "chmod a+r /etc/apt/keyrings/docker.gpg",
+    `echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list`,
+    "apt-get update -qq",
+    "apt-get install -y -qq docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin",
+    "systemctl enable docker && systemctl start docker",
+    `usermod -aG docker ${adminUser}`,
+  ].join("\n"), 300000);
+
+  await runScript("Configuring br_netfilter for k3s DNS", [
+    "modprobe br_netfilter",
+    "echo br_netfilter > /etc/modules-load.d/br_netfilter.conf",
+    "sysctl -w net.bridge.bridge-nf-call-iptables=1",
+    "echo 'net.bridge.bridge-nf-call-iptables = 1' > /etc/sysctl.d/99-br-netfilter.conf",
+  ].join("\n"));
+
+  await runScript("Installing GitHub CLI", [
+    waitAptLock,
+    "set +e",
+    "curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg 2>/dev/null",
+    "chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg 2>/dev/null",
+    "echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main\" > /etc/apt/sources.list.d/github-cli.list",
+    "for _ in 1 2 3 4 5; do if apt-get update -qq && apt-get install -y -qq gh; then break; fi; echo 'Retrying in 10s…'; sleep 10; done",
+    "set -e",
+    "command -v gh >/dev/null 2>&1 || (echo 'gh not found after install attempts' && exit 1)",
+  ].join("\n"), 120000);
+
+  const fopsPkg = fopsVersion === "latest"
+    ? "@meshxdata/fops"
+    : `@meshxdata/fops@${fopsVersion}`;
+  await runScript("Installing Node.js + fops", [
+    waitAptLock,
+    `curl -fsSL https://deb.nodesource.com/setup_20.x | bash -`,
+    "apt-get install -y -qq nodejs",
+    `npm install -g ${fopsPkg}`,
+    `FOPS_DIR=$(npm root -g)/@meshxdata/fops`,
+    `if [ ! -d "$FOPS_DIR/node_modules/commander" ]; then`,
+    `  echo "Dependencies missing — installing inside package dir…"`,
+    `  cd "$FOPS_DIR" && npm install --omit=dev`,
+    `fi`,
+    `fops --version || { echo "fops binary not on PATH — linking manually"; ln -sf "$(npm root -g)/@meshxdata/fops/fops.mjs" /usr/local/bin/fops; fops --version; }`,
+  ].join("\n"), 300000);
+
+  if (githubToken) {
+    await runScript("Configuring GitHub credentials", [
+      `printf 'machine github.com login x-access-token password %s\\n' '${githubToken}' > /root/.netrc && chmod 600 /root/.netrc`,
+      `printf 'machine github.com login x-access-token password %s\\n' '${githubToken}' > /home/${adminUser}/.netrc && chmod 600 /home/${adminUser}/.netrc && chown ${adminUser}:${adminUser} /home/${adminUser}/.netrc`,
+      `echo '${githubToken}' | docker login ghcr.io -u x-access-token --password-stdin`,
+      `mkdir -p /home/${adminUser}/.docker && cp /root/.docker/config.json /home/${adminUser}/.docker/config.json 2>/dev/null && chown -R ${adminUser}:${adminUser} /home/${adminUser}/.docker || true`,
+    ].join("\n"));
+  }
+
+  await runScript("Cloning foundation-compose", [
+    "rm -rf /opt/foundation-compose",
+    `git clone --branch ${branch} --depth 1 https://github.com/meshxdata/foundation-compose.git /opt/foundation-compose`,
+    "mkdir -p /opt/foundation-compose/credentials",
+    "touch /opt/foundation-compose/credentials/kubeconfig.yaml",
+    `chown -R ${adminUser}:${adminUser} /opt/foundation-compose`,
+  ].join("\n"), 300000);
+
+  await runScript("Initializing submodules", [
+    "cd /opt/foundation-compose",
+    "git submodule update --init --recursive --depth 1",
+    `chown -R ${adminUser}:${adminUser} /opt/foundation-compose`,
+  ].join("\n"), 300000);
+
+  await runScript("Installing fops-api systemd service", [
+    `cat > /etc/systemd/system/fops-api.service <<'UNIT'`,
+    "[Unit]",
+    "Description=fops API server",
+    "After=network.target docker.service",
+    "Wants=docker.service",
+    "",
+    "[Service]",
+    "Type=simple",
+    `User=${adminUser}`,
+    "WorkingDirectory=/opt/foundation-compose",
+    "Environment=COMPOSE_ROOT=/opt/foundation-compose",
+    "EnvironmentFile=-/opt/foundation-compose/.env",
+    "ExecStart=/usr/bin/env fops serve --host 127.0.0.1 --port 4100",
+    "Restart=always",
+    "RestartSec=10",
+    "Environment=NODE_ENV=production",
+    "",
+    "[Install]",
+    "WantedBy=multi-user.target",
+    "UNIT",
+    "systemctl daemon-reload",
+    "systemctl enable --now fops-api",
+  ].join("\n"));
+
+  const cloudInitSrc = path.resolve(
+    import.meta.dirname, "..", "..", "..", "..", "..", "packer", "scripts", "cloud-init-foundation.sh",
+  );
+  let cloudInitScript = "";
+  try {
+    cloudInitScript = fs.readFileSync(cloudInitSrc, "utf8");
+  } catch {
+    hint("cloud-init-foundation.sh not found locally — skipping per-boot script");
+  }
+  if (cloudInitScript) {
+    const b64 = Buffer.from(cloudInitScript).toString("base64");
+    await ssh(
+      `echo '${b64}' | base64 -d | sudo tee /var/lib/cloud/scripts/per-boot/foundation-startup.sh > /dev/null && sudo chmod +x /var/lib/cloud/scripts/per-boot/foundation-startup.sh`,
+    );
+    console.log(OK("  ✓ Cloud-init per-boot script installed"));
+  }
+
+  await runScript("Setting MOTD", [
+    "chmod -x /etc/update-motd.d/* 2>/dev/null || true",
+    `cat > /etc/motd <<'MOTD'
+
+    ___                      _       _   _
+   / __\\__  _   _ _ __   __| | __ _| |_(_) ___  _ __
+  / _\\/ _ \\| | | | '_ \\ / _\` |/ _\` | __| |/ _ \\| '_ \\
+ / / | (_) | |_| | | | | (_| | (_| | |_| | (_) | | | |
+ \\/   \\___/ \\__,_|_| |_|\\__,_|\\__,_|\\__|_|\\___/|_| |_|
+
+  Data Mesh Platform
+
+  Quick start:
+    fops status          Show running services
+    fops up              Start the platform
+    fops down            Stop the platform
+    fops logs <service>  Tail service logs
+    fops doctor          Diagnose issues
+
+  Project dir:   /opt/foundation-compose
+
+MOTD`,
+  ].join("\n"));
+
+  await ssh("sudo apt-get clean && sudo rm -rf /var/lib/apt/lists/*", 30000);
+
+  console.log(OK("\n  ✓ Provisioning complete"));
+}