Index: /branches/amp_4_0/platform/README.md
===================================================================
--- /branches/amp_4_0/platform/README.md	(revision 0)
+++ /branches/amp_4_0/platform/README.md	(working copy)
@@ -0,0 +1,3 @@
+### directory - platform
+
+Within this directory, you'll find the scripts and configurations specifically designed to enhance the AMP device platform.
\ No newline at end of file
Index: /branches/amp_4_0/platform/tools/README.md
===================================================================
--- /branches/amp_4_0/platform/tools/README.md	(revision 0)
+++ /branches/amp_4_0/platform/tools/README.md	(working copy)
@@ -0,0 +1,20 @@
+### Tools directory contains the scripts to install the AMP tools.
+
+### Tool & Version
+
+* Python -> 3.13
+* Django -> 5
+* Java -> 21
+* PostgresSQL -> 13.20
+* Elastic -> 8.18.0-1
+* Logstash -> 1:8.18.0-1
+* Kibana -> 8.18.0-1
+* MetricBeats -> 8.18.0-1
+* InfluxDB -> 2.7.11-1
+* InfluxDB-CLI -> 2.7.5-1
+* Telegraf -> 1.34.1-1
+
+
+### ToDo (Best practices)
+
+* Use random passwords or better alternatives for the stored passwords from the script.
Index: /branches/amp_4_0/platform/tools/install_elk.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_elk.sh	(revision 0)
+++ /branches/amp_4_0/platform/tools/install_elk.sh	(working copy)
@@ -0,0 +1,397 @@
+#!/bin/bash
+set -e
+
+# --- Log File Configuration ---
+LOG_FILE="/var/log/elk_install.log"
+
+# --- Version Configuration ---
+ELASTIC_MAJOR="8.x"
+KIBANA_MAJOR="8.x"
+BEATS_MAJOR="8.x"
+LOGSTASH_MAJOR="8.x"
+
+# --- Credentials ---
+ELASTIC_PASSWORD="Arr@y2050"
+KIBANA_SYSTEM_PASSWORD="KArr@y2050"
+METRICBEAT_ELASTIC_PASSWORD="$ELASTIC_PASSWORD"
+LOGSTASH_SYSTEM_PASSWORD="LArr@y2050"
+ADMIN_PASSWORD="Array@123"
+DATA_READER_ROLE="data_reader"
+
+# --- Server IP Configuration ---
+# Get the primary IP address
+SERVER_IP=$(hostname -I | awk '{print $1}')
+if [[ -z "$SERVER_IP" ]]; then
+  echo "Failed to automatically determine server IP address.  Please set SERVER_IP manually." | tee -a "$LOG_FILE"
+  exit 1
+fi
+echo "Detected server IP address: $SERVER_IP" | tee -a "$LOG_FILE"
+
+# --- Logging Helpers ---
+log_info() {
+  echo "[INFO] $(date +'%Y-%m-%d %H:%M:%S') $1" | tee -a "$LOG_FILE"
+}
+
+log_error() {
+  echo "[ERROR] $(date +'%Y-%m-%d %H:%M:%S') $1" >&2 | tee -a "$LOG_FILE"
+}
+
+# --- Command Check ---
+check_command() {
+  if ! command -v "$1" &>/dev/null; then
+    log_error "$1 not found. Please install it."
+    exit 1
+  fi
+}
+# --- Repository Check ---
+check_repo() {
+    if ! dnf repolist enabled | grep -q "$1"; then
+        log_error "Repository '$1' is not enabled."
+        exit 1
+    fi
+}
+
+log_info "Verifying required commands..."
+for cmd in curl sudo rpm tee dnf sed systemctl ip firewall-cmd jq; do check_command "$cmd"; done #Added firewall-cmd
+
+# --- Add 8.x Repositories ---
+log_info "Adding Elastic 8.x repositories..."
+sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
+repo_config=$(cat <<EOF
+[elasticsearch]
+name=Elasticsearch 8.x
+baseurl=https://artifacts.elastic.co/packages/8.x/yum
+gpgcheck=1
+enabled=1
+
+[kibana]
+name=Kibana 8.x
+baseurl=https://artifacts.elastic.co/packages/8.x/yum
+gpgcheck=1
+enabled=1
+
+[beats]
+name=Beats 8.x
+baseurl=https://artifacts.elastic.co/packages/8.x/yum
+gpgcheck=1
+enabled=1
+
+[logstash]
+name=Logstash 8.x
+baseurl=https://artifacts.elastic.co/packages/8.x/yum
+gpgcheck=1
+enabled=1
+EOF
+)
+echo "$repo_config" | sudo tee /etc/yum.repos.d/elastic-8.x.repo
+sudo dnf makecache
+
+# --- Determine Latest 8.x Version ---
+log_info "Determining latest Elasticsearch 8.x version..."
+ELASTIC_VERSION=$(dnf --disablerepo="*" --enablerepo=elasticsearch list --showduplicates elasticsearch \
+  | awk '/^elasticsearch\./ {print $2}' | grep "^${ELASTIC_MAJOR%.*}\\." | sort -V | tail -n1)
+
+if [[ -z "$ELASTIC_VERSION" ]]; then
+  log_error "No Elasticsearch ${ELASTIC_MAJOR} version found in repository."
+  exit 1
+fi
+KIBANA_VERSION="$ELASTIC_VERSION"
+BEATS_VERSION="$ELASTIC_VERSION"
+LOGSTASH_VERSION="$ELASTIC_VERSION"
+log_info "Using version $ELASTIC_VERSION for all components"
+
+# --- Install Components ---
+log_info "Installing Elasticsearch, Kibana, Metricbeat, and Logstash..."
+sudo dnf install -y \
+  elasticsearch-${ELASTIC_VERSION} \
+  kibana-${KIBANA_VERSION} \
+  metricbeat-${BEATS_VERSION} \
+  logstash-${LOGSTASH_VERSION} | tee -a "$LOG_FILE" # Install Logstash
+
+# --- Configure Elasticsearch ---
+ES_YML="/etc/elasticsearch/elasticsearch.yml"
+log_info "Backing up and cleaning existing Elasticsearch config..."
+sudo cp "$ES_YML" "${ES_YML}.bak" | tee -a "$LOG_FILE"
+
+# Remove any previous conflicting settings or SSL references
+declare -a REMOVE_KEYS=(
+  '^xpack.security\.'
+  '^cluster.initial_master_nodes'
+  '^discovery.type'
+  '^network.host'
+  'certs/'
+  'ssl\.keystore\.path'
+  'ssl\.truststore\.path'
+  '^path\.data'
+  '^path\.logs'
+)
+
+for pattern in "${REMOVE_KEYS[@]}"; do
+  # Escape forward slashes for sed
+  escaped_pattern=$(printf '%s\n' "$pattern" | sed 's/[\/&]/\\&/g')
+  sudo sed -i "/$escaped_pattern/d" "$ES_YML" | tee -a "$LOG_FILE"
+done
+
+# Overwrite/add Elasticsearch settings
+log_info "Applying required Elasticsearch settings..."
+ES_CONFIG_BLOCK=$(cat <<EOF
+# --- Security and Single-Node Setup ---
+xpack.security.enabled: true
+xpack.security.transport.ssl.enabled: false
+xpack.security.http.ssl.enabled: false
+
+# --- Discovery and Networking ---
+discovery.type: single-node
+network.host: 0.0.0.0
+
+# --- Paths ---
+path.data: /var/lib/elasticsearch
+path.logs: /var/log/elasticsearch
+EOF
+)
+
+# Remove existing lines and re-append
+while IFS= read -r line; do
+  setting=$(echo "$line" | sed -e 's/:.*//')
+  [[ -n "$setting" ]] && sudo sed -i "/^$setting:/d" "$ES_YML" | tee -a "$LOG_FILE"
+done <<< "$ES_CONFIG_BLOCK"
+echo "$ES_CONFIG_BLOCK" | sudo tee -a "$ES_YML"
+
+# Check for duplicates
+log_info "Checking for duplicate keys in elasticsearch.yml..."
+DUPLICATES=$(grep -E '^[a-zA-Z0-9_.-]+:' "$ES_YML" | sed 's/:.*//' | sort | uniq -d)
+if [[ -n "$DUPLICATES" ]]; then
+  log_error "Found duplicate keys:" && echo "$DUPLICATES" | tee -a "$LOG_FILE"
+  exit 1 # Exit if duplicates are found.
+else
+  log_info "No duplicate keys found."
+fi
+
+cat "$ES_YML" | tee -a "$LOG_FILE"
+
+# --- Remove SSL entries from keystore ---
+log_info "Removing SSL settings from Elasticsearch keystore if present..."
+KEYSTORE_TOOL="/usr/share/elasticsearch/bin/elasticsearch-keystore"
+for KEY in \
+  xpack.security.http.ssl.keystore.path \
+  xpack.security.http.ssl.truststore.path \
+  xpack.security.http.ssl.keystore.password \
+  xpack.security.http.ssl.truststore.password; do
+  if sudo $KEYSTORE_TOOL list | grep -q "$KEY"; then
+    log_info "Removing $KEY"
+    echo y | sudo $KEYSTORE_TOOL remove "$KEY" | tee -a "$LOG_FILE"
+  fi
+done
+
+log_info "Ensuring Elasticsearch keystore exists..."
+if [ ! -f /etc/elasticsearch/elasticsearch.keystore ]; then
+  sudo $KEYSTORE_TOOL create | tee -a "$LOG_FILE"
+else
+  log_info "Elasticsearch keystore already exists. Skipping creation."
+fi
+
+# --- Start Elasticsearch ---
+log_info "Enabling and starting Elasticsearch..."
+sudo systemctl daemon-reexec | tee -a "$LOG_FILE"
+sudo systemctl enable --now elasticsearch | tee -a "$LOG_FILE"
+
+log_info "Waiting an additional 15 seconds for Elasticsearch security to initialize..."
+sleep 15
+
+# Wait for Elasticsearch HTTP endpoint (accepts 200 or 401 as up)
+log_info "Waiting for Elasticsearch HTTP endpoint to respond (200 or 401)..."
+ELASTICSEARCH_UP=0
+for i in {1..20}; do #wait for 60 seconds
+  if curl --connect-timeout 3 --silent --output /dev/null --write-out "%{http_code}" http://localhost:9200/ | grep -E '^(200|401)$'; then
+    ELASTICSEARCH_UP=1
+    break
+  fi
+  echo -n "."; sleep 3
+done
+echo "" | tee -a "$LOG_FILE"
+
+if [[ $ELASTICSEARCH_UP -eq 0 ]]; then
+    log_error "Elasticsearch failed to start after 60 seconds."
+    exit 1
+fi
+log_info "Elasticsearch is up and running."
+
+# Get initial elastic user password
+INITIAL_PW=$(sudo grep "The generated password for the elastic built-in superuser is" "$LOG_FILE" | awk -F': ' '{print $2}')
+
+if [[ -n "$INITIAL_PW" ]]; then
+  log_info "Setting password for elastic user..."
+  ELASTIC_PW_RESULT=$(curl -s -X POST -u elastic:"$INITIAL_PW" -H 'Content-Type: application/json' \
+    -d "{ \"password\": \"$ELASTIC_PASSWORD\" }" \
+    http://localhost:9200/_security/user/elastic/_password)  | tee -a "$LOG_FILE"
+  echo "$ELASTIC_PW_RESULT" | jq . >/dev/null 2>&1 #check the json
+  if [[ $? -ne 0 ]]; then
+    log_error "Failed to set elastic password.  Output: $ELASTIC_PW_RESULT"
+    exit 1
+  fi
+
+  log_info "Setting password for kibana_system user..."
+  KIBANA_PW_RESULT=$(curl -s -X POST -u elastic:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
+    -d "{ \"password\": \"$KIBANA_SYSTEM_PASSWORD\" }" \
+    http://localhost:9200/_security/user/kibana_system/_password) | tee -a "$LOG_FILE"
+  echo "$KIBANA_PW_RESULT" | jq . >/dev/null 2>&1 #check the json
+    if [[ $? -ne 0 ]]; then
+    log_error "Failed to set kibana_system password. Output: $KIBANA_PW_RESULT"
+    exit 1
+  fi
+
+  log_info "Setting password for logstash_system user..."
+  LOGSTASH_PW_RESULT=$(curl -s -X POST -u elastic:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
+    -d "{ \"password\": \"$LOGSTASH_SYSTEM_PASSWORD\" }" \
+    http://localhost:9200/_security/user/logstash_system/_password) | tee -a "$LOG_FILE"
+  echo "$LOGSTASH_PW_RESULT" | jq . >/dev/null 2>&1 #check the json
+    if [[ $? -ne 0 ]]; then
+    log_error "Failed to set logstash_system password. Output: $LOGSTASH_PW_RESULT"
+    exit 1
+  fi
+
+else
+  log_error "Failed to extract initial password from logs."
+  exit 1
+fi
+
+# --- Create the custom 'data_reader' role with necessary privileges ---
+log_info "Creating the '$DATA_READER_ROLE' role with necessary data access privileges..."
+DATA_READER_ROLE_RESULT=$(curl -s -X PUT "http://localhost:9200/_security/role/$DATA_READER_ROLE" \
+  -H "Content-Type: application/json" \
+  -u "elastic:$ELASTIC_PASSWORD" \
+  -d "{
+    \"indices\": [
+      {
+        \"names\": [\"*\"],
+        \"privileges\": [\"read\", \"view_index_metadata\"]
+      }
+    ],
+    \"run_as\": [],
+    \"cluster\": []
+  }") | tee -a "$LOG_FILE"
+echo "$DATA_READER_ROLE_RESULT" | jq . >/dev/null 2>&1
+if [[ $? -ne 0 ]]; then
+  log_error "Failed to create the '$DATA_READER_ROLE' role. Output: $DATA_READER_ROLE_RESULT"
+  exit 1
+fi
+log_info "Successfully created the '$DATA_READER_ROLE' role."
+
+# --- Create the 'admin' user ---
+log_info "Creating the 'admin' user for Kibana..."
+ADMIN_USER_RESULT=$(curl -s -X POST "http://localhost:9200/_security/user/admin" \
+  -H "Content-Type: application/json" \
+  -u "elastic:$ELASTIC_PASSWORD" \
+  -d "{
+    \"password\" : \"$ADMIN_PASSWORD\",
+    \"roles\" : [ \"kibana_admin\", \"$DATA_READER_ROLE\" ],
+    \"full_name\" : \"Admin User\"
+  }") | tee -a "$LOG_FILE" # Log the curl command and its output
+echo "$ADMIN_USER_RESULT" | jq .  >/dev/null 2>&1
+if [[ $? -ne 0 ]]; then
+  log_error "Failed to create the 'admin' user. Output: $ADMIN_USER_RESULT"
+  exit 1
+fi
+log_info "Successfully created the 'admin' user."
+
+# --- Configure Kibana ---
+KB_YML="/etc/kibana/kibana.yml"
+log_info "Backing up and updating Kibana config..."
+sudo cp "$KB_YML" "${KB_YML}.bak" | tee -a "$LOG_FILE"
+
+# use sed to remove
+sudo sed -i '/^server.host/d' "$KB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^elasticsearch.hosts/d' "$KB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^elasticsearch.username/d' "$KB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^elasticsearch.password/d' "$KB_YML" | tee -a "$LOG_FILE"
+# Append to the file.
+echo "server.host: 0.0.0.0" | sudo tee -a "$KB_YML"
+echo "elasticsearch.hosts: ['http://localhost:9200']" | sudo tee -a "$KB_YML"
+echo "elasticsearch.username: 'kibana_system'" | sudo tee -a "$KB_YML"
+echo "elasticsearch.password: '$KIBANA_SYSTEM_PASSWORD'" | sudo tee -a "$KB_YML"
+
+cat "$KB_YML" | tee -a "$LOG_FILE" # Log the content of the file
+
+# --- Configure Metricbeat ---
+MB_YML="/etc/metricbeat/metricbeat.yml"
+log_info "Backing up and updating Metricbeat config..."
+sudo cp "$MB_YML" "${MB_YML}.bak" | tee -a "$LOG_FILE"
+#use sed to remove
+sudo sed -i '/^output.elasticsearch/d' "$MB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^  hosts:/d' "$MB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^  username:/d' "$MB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^  password:/d' "$MB_YML" | tee -a "$LOG_FILE"
+#append
+echo "output.elasticsearch:" | sudo tee -a "$MB_YML"
+echo "  hosts: ['localhost:9200']" | sudo tee -a "$MB_YML"
+echo "  username: 'elastic'" | sudo tee -a "$LOG_FILE"
+echo "  password: '$METRICBEAT_ELASTIC_PASSWORD'" | sudo tee -a "$LOG_FILE"
+cat "$MB_YML" | tee -a "$LOG_FILE" # Log the content of the file
+
+# --- Configure Logstash ---
+LS_YML="/etc/logstash/logstash.yml"
+LS_CONF_DIR="/etc/logstash/conf.d"
+LS_PIPELINE_CONF="$LS_CONF_DIR/logstash.conf"
+
+log_info "Backing up and updating Logstash config..."
+sudo cp "$LS_YML" "${LS_YML}.bak" | tee -a "$LOG_FILE"
+
+# use sed to remove monitoring settings
+sudo sed -i '/^xpack.monitoring.enabled/d' "$LS_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^xpack.monitoring.elasticsearch.hosts/d' "$LS_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^xpack.monitoring.elasticsearch.username/d' "$LS_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^xpack.monitoring.elasticsearch.password/d' "$LS_YML"
+
+# Add the configuration settings
+echo "xpack.monitoring.enabled: true" | sudo tee -a "$LS_YML"
+echo "xpack.monitoring.elasticsearch.hosts: ['http://localhost:9200']" | sudo tee -a "$LS_YML"
+echo "xpack.monitoring.elasticsearch.username: 'logstash_system'" | sudo tee -a "$LOG_FILE"
+echo "xpack.monitoring.elasticsearch.password: '$LOGSTASH_SYSTEM_PASSWORD'" | sudo tee -a "$LOG_FILE"
+
+cat "$LS_YML" | tee -a "$LOG_FILE"
+
+# Create a basic Logstash pipeline configuration
+log_info "Creating a basic Logstash pipeline configuration..."
+LS_PIPELINE_CONFIG=$(cat <<EOF
+input {
+  stdin { }
+}
+output {
+  elasticsearch {
+    hosts => ["http://localhost:9200"]
+    index => "logstash-%{+YYYY.MM.dd}"
+    user => "logstash_system"
+    password => "$LOGSTASH_SYSTEM_PASSWORD"
+  }
+  stdout { codec => rubydebug }
+}
+EOF
+)
+echo "$LS_PIPELINE_CONFIG" | sudo tee "$LS_PIPELINE_CONF" | tee -a "$LOG_FILE"
+
+# --- Open Firewall for Kibana and Logstash ---
+if systemctl is-active --quiet firewalld; then
+  log_info "Opening firewall for Kibana (port 5601) and Logstash (port 9600)..."
+  sudo firewall-cmd --permanent --add-port=5601/tcp --add-port=9600/tcp | tee -a "$LOG_FILE"
+  sudo firewall-cmd --reload | tee -a "$LOG_FILE"
+fi
+
+# --- Start Elasticsearch, Kibana, Metricbeat, and Logstash ---
+log_info "Enabling and starting Elasticsearch, Kibana, Metricbeat, and Logstash..."
+sudo systemctl enable --now elasticsearch kibana metricbeat logstash | tee -a "$LOG_FILE"
+
+# --- Final Verification ---
+log_info "Verifying services..."
+for svc in elasticsearch kibana metricbeat logstash; do
+  if systemctl is-active --quiet "$svc"; then
+    log_info "$svc is running."
+  else
+    log_error "$svc failed to start. See logs: journalctl -u $svc"
+  fi
+done
+
+log_info "✅ ELK Stack 8.x single-node setup complete."
+log_info "Installation logs are available in $LOG_FILE."
+log_info "Access Kibana at http://${SERVER_IP}:5601 (admin / ${ADMIN_PASSWORD})"
+
+exit 0
Index: /branches/amp_4_0/platform/tools/install_influx.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_influx.sh	(revision 0)
+++ /branches/amp_4_0/platform/tools/install_influx.sh	(working copy)
@@ -0,0 +1,173 @@
+#!/bin/bash
+
+set -e
+
+# --- Configuration ---
+LOG_FILE="/var/log/influxdb2_install.log"
+INFLUXDB_USERNAME="array"
+INFLUXDB_PASSWORD="Arr@y20250"
+INFLUXDB_ORG="AN"
+INFLUXDB_BUCKET="AMP"
+INFLUXDB_TOKEN_DESCRIPTION="Admin Token - Initial Setup"
+CONFIG_FILE="/opt/influxdb2_token.toml"
+INFLUXDB_HOST="http://localhost:8086"
+
+# Redirect all script output to the log file
+exec > "$LOG_FILE" 2>&1
+
+log_info() {
+  echo "[INFO] $1"
+}
+
+log_error() {
+  echo "[ERROR] $1" >&2
+}
+
+check_command() {
+  if ! command -v "$1" &> /dev/null; then
+    log_error "$1 command not found. Please install it."
+    exit 1
+  fi
+}
+
+# --- Check directory existence and writable ---
+for dir in "/var/log" "/opt"; do
+  if [[ ! -d "$dir" ]]; then
+    log_error "$dir directory does not exist."
+    exit 1
+  fi
+  if [[ ! -w "$dir" ]]; then
+    log_error "$dir directory is not writable. Please check permissions."
+    exit 1
+  fi
+done
+
+# --- Prerequisites Check ---
+log_info "Checking for required commands..."
+check_command curl
+check_command sudo
+check_command dnf
+check_command jq
+
+# --- Add InfluxData Repository for InfluxDB 2.x ---
+log_info "Adding InfluxData repository for InfluxDB 2.x..."
+REPO_URL="https://repos.influxdata.com/centos/9/x86_64/stable"
+REPO_FILE="/etc/yum.repos.d/influxdata.repo"
+
+cat <<EOF | sudo tee "$REPO_FILE"
+[influxdata]
+name = InfluxData Repository - Stable
+baseurl = $REPO_URL
+gpgcheck = 1
+gpgkey = https://repos.influxdata.com/influxdata-archive_compat.key
+enabled = 1
+EOF
+
+sudo dnf update -y
+
+# --- Install InfluxDB 2.x and the CLI (influx) ---
+log_info "Installing influxdb2 and influxdb2-cli (influx)..."
+sudo dnf install -y influxdb2 influxdb2-cli
+
+# --- Check if the influxdb.service file exists ---
+if [[ ! -f "/usr/lib/systemd/system/influxdb.service" ]]; then
+  log_error "InfluxDB 2.x service unit file not found at /usr/lib/systemd/system/influxdb.service. Installation may have failed."
+  exit 1
+fi
+
+# --- Start and Enable InfluxDB 2.x Service (using influxdb.service) ---
+log_info "Starting and enabling influxdb service (assuming influxdb.service for 2.x)..."
+sudo systemctl enable --now influxdb
+
+# Check if the enable command was successful
+if [ $? -ne 0 ]; then
+  log_error "Failed to enable the influxdb service. Please check the output above."
+  exit 1
+fi
+
+sudo systemctl start influxdb
+
+# Check if the start command was successful
+if [ $? -ne 0 ]; then
+  log_error "Failed to start the influxdb service. Please check the output."
+  exit 1
+fi
+
+# --- Wait for InfluxDB 2.x to start ---
+log_info "Waiting for InfluxDB 2.x service to start..."
+sleep 15
+
+# --- Find Influx CLI Path ---
+INFLUX_CLI_PATH=$(which influx)
+if [[ -z "$INFLUX_CLI_PATH" ]]; then
+  log_warning "influx command not found in PATH. Checking common locations..."
+  if [[ -f "/usr/local/bin/influx" ]]; then
+    INFLUX_CLI_PATH="/usr/local/bin/influx"
+  elif [[ -f "/usr/bin/influx" ]]; then
+    INFLUX_CLI_PATH="/usr/bin/influx"
+  elif [[ -f "/opt/influxdb2/usr/bin/influx" ]]; then
+    INFLUX_CLI_PATH="/opt/influxdb2/usr/bin/influx"
+  else
+    log_error "influx command not found. Installation might be incomplete or PATH is not set correctly."
+    exit 1
+  fi
+  log_info "Found influx at: $INFLUX_CLI_PATH"
+fi
+
+# --- Initialize InfluxDB 2.x Non-Interactively ---
+log_info "Initializing InfluxDB 2.x non-interactively..."
+sudo "$INFLUX_CLI_PATH" setup --host "$INFLUXDB_HOST" \
+  --username "$INFLUXDB_USERNAME" \
+  --password "$INFLUXDB_PASSWORD" \
+  --org "$INFLUXDB_ORG" \
+  --bucket "$INFLUXDB_BUCKET" \
+  --force
+
+if [ $? -eq 0 ]; then
+  log_info "InfluxDB 2.x initialized successfully..."
+else
+  log_error "Failed to initialize InfluxDB 2.x."
+  exit 1
+fi
+
+# --- Create an Initial Admin Token Non-Interactively and Store in TOML File ---
+log_info "Creating an initial admin token non-interactively and storing in $CONFIG_FILE..."
+AUTH_OUTPUT=$(sudo "$INFLUX_CLI_PATH" auth create --host "$INFLUXDB_HOST" \
+  --org "$INFLUXDB_ORG" \
+  --user "$INFLUXDB_USERNAME" \
+  --all-access \
+  --description "$INFLUXDB_TOKEN_DESCRIPTION" \
+  --json)
+echo "Output of influx auth create (JSON):"
+echo "$AUTH_OUTPUT"
+ADMIN_TOKEN=$(echo "$AUTH_OUTPUT" | jq -r '.token')
+
+if [ -n "$ADMIN_TOKEN" ]; then
+  log_info "Successfully created initial admin token."
+  echo "[influxdb]" > "$CONFIG_FILE"
+  echo "token = \"$ADMIN_TOKEN\"" >> "$CONFIG_FILE"
+  chmod 600 "$CONFIG_FILE"
+  log_info "Admin token stored securely in $CONFIG_FILE."
+else
+  log_error "Failed to create initial admin token."
+fi
+
+# --- Verify Installation ---
+log_info "Verifying InfluxDB 2.x installation..."
+sudo "$INFLUX_CLI_PATH" version
+
+# Attempt to list buckets
+log_info "Listing buckets using the token from $CONFIG_FILE..."
+STORED_TOKEN=$(grep "^token = " "$CONFIG_FILE" | cut -d '"' -f 2)
+sudo "$INFLUX_CLI_PATH" bucket list --host "$INFLUXDB_HOST" --org "$INFLUXDB_ORG" --token "$STORED_TOKEN"
+
+if [ $? -eq 0 ]; then
+  log_info "Successfully listed buckets."
+else
+  log_warning "Failed to list buckets. Ensure InfluxDB 2.x is running and the token is correct."
+fi
+
+log_info "InfluxDB 2.x and InfluxDB CLI installed and configured!"
+log_info "Installation logs are available in $LOG_FILE."
+
+exit 0
\ No newline at end of file
Index: /branches/amp_4_0/platform/tools/install_psql.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_psql.sh	(revision 0)
+++ /branches/amp_4_0/platform/tools/install_psql.sh	(working copy)
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+set -e
+
+LOG_FILE="/var/log/psql_install_$(date +%F-%T | tr ':' '-').log"
+DB_USER="postgres"
+DB_PASSWORD="Arr@y2050"
+
+# Ensure we are root
+if [[ "$EUID" -ne 0 ]]; then
+  echo "This script must be run as root." | tee -a "$LOG_FILE"
+  exit 1
+fi
+
+echo ">>> Logging PostgreSQL installation to $LOG_FILE"
+exec > >(tee -a "$LOG_FILE") 2>&1
+
+echo ">>> Starting PostgreSQL installation on Rocky Linux 9.5..."
+
+echo ">>> Adding PostgreSQL repository..."
+dnf -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-9-x86_64/pgdg-redhat-repo-latest.noarch.rpm
+
+echo ">>> Disabling built-in PostgreSQL module..."
+dnf -y module disable postgresql
+
+echo ">>> Installing PostgreSQL server and client..."
+dnf -y install postgresql-server postgresql
+
+echo ">>> Initializing PostgreSQL database..."
+/usr/bin/postgresql-setup --initdb
+
+echo ">>> Enabling and starting PostgreSQL service..."
+systemctl enable postgresql
+systemctl start postgresql
+
+echo ">>> Configuring PostgreSQL for remote access..."
+CONF_FILE="/var/lib/pgsql/data/postgresql.conf"
+HBA_FILE="/var/lib/pgsql/data/pg_hba.conf"
+
+# Enable remote connections and use scram-sha-256
+sed -i "s/^#\?listen_addresses\s*=.*/listen_addresses = '*'/" "$CONF_FILE"
+sed -i "s/^#\?password_encryption\s*=.*/password_encryption = 'scram-sha-256'/" "$CONF_FILE"
+
+# Add remote access rules to pg_hba.conf if they don't exist
+if ! grep -q "host    all             all             0.0.0.0/0               scram-sha-256" "$HBA_FILE"; then
+    echo "host    all             all             0.0.0.0/0               scram-sha-256" >> "$HBA_FILE"
+fi
+if ! grep -q "host    all             all             ::/0                    scram-sha-256" "$HBA_FILE"; then
+    echo "host    all             all             ::/0                    scram-sha-256" >> "$HBA_FILE"
+fi
+
+echo ">>> Restarting PostgreSQL to apply config..."
+systemctl restart postgresql
+
+echo ">>> Setting password for 'postgres' user..."
+sudo -u postgres psql -c "ALTER USER $DB_USER WITH PASSWORD '$DB_PASSWORD';"
+
+echo ">>> Opening PostgreSQL port 5432 in firewalld..."
+firewall-cmd --add-port=5432/tcp --permanent
+firewall-cmd --reload
+
+echo ">>> PostgreSQL installation complete with SCRAM-SHA-256 authentication!"
+echo ">>> Password for user '$DB_USER' has been securely set."
+echo ">>> Log saved to $LOG_FILE"
Index: /branches/amp_4_0/platform/tools/install_python.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_python.sh	(revision 0)
+++ /branches/amp_4_0/platform/tools/install_python.sh	(working copy)
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+set -e
+
+LOGFILE="/var/log/install_python_$(date +%F-%T | tr ':' '-').log"
+exec > >(tee -a "$LOGFILE") 2>&1
+
+# Ensure we are root
+if [[ "$EUID" -ne 0 ]]; then
+  echo "This script must be run as root." | tee -a "$LOGFILE"
+  exit 1
+fi
+
+echo "🔧 Updating system..."
+dnf update -y
+
+echo "📦 Installing required dependencies..."
+dnf install -y gcc openssl-devel bzip2-devel libffi-devel zlib-devel wget make tar
+
+echo "☕ Installing Python 3.13..."
+cd /usr/src
+wget https://www.python.org/ftp/python/3.13.0/Python-3.13.0.tgz
+tar xzf Python-3.13.0.tgz
+cd Python-3.13.0
+
+./configure --enable-optimizations
+make altinstall
+
+echo "🔗 Creating symbolic links for 'python3.13' and 'python'..."
+if [[ ! -f /usr/bin/python3.13 ]]; then
+  ln -s /usr/local/bin/python3.13 /usr/bin/python3.13
+fi
+
+if [[ -f /usr/bin/python ]]; then
+  mv /usr/bin/python /usr/bin/python_backup_$(date +%F-%T | tr ':' '-')
+  echo "⚠️ Existing 'python' binary backed up."
+fi
+
+ln -sf /usr/local/bin/python3.13 /usr/bin/python
+
+echo "🐍 Verifying Python installation..."
+python --version
+
+echo "📦 Installing pip for Python 3.13..."
+/usr/local/bin/python3.13 -m ensurepip --upgrade
+/usr/local/bin/python3.13 -m pip install --upgrade pip
+
+echo "🌐 Installing Django 5..."
+/usr/local/bin/python3.13 -m pip install "django==5.*"
+
+echo "🔎 Verifying Django installation..."
+/usr/local/bin/python3.13 -m django --version
+
+echo "✅ Python 3.13, pip, and Django 5 installation completed!"
+echo "➡️ Python version: $(python --version)"
+echo "➡️ Django version: $(/usr/local/bin/python3.13 -m django --version)"
+echo "📁 Installation log saved to: $LOGFILE"
Index: /branches/amp_4_0/platform/tools/install_telegraf.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_telegraf.sh	(revision 0)
+++ /branches/amp_4_0/platform/tools/install_telegraf.sh	(working copy)
@@ -0,0 +1,143 @@
+#!/bin/bash
+
+set -e
+
+# --- Configuration ---
+LOG_FILE="/var/log/telegraf_install.log"
+CONFIG_FILE="/opt/influxdb2_token.toml"
+TELEGRAF_CONFIG_DIR="/etc/telegraf/telegraf.d"
+TELEGRAF_CONFIG="/etc/telegraf/telegraf.conf"
+INFLUXDB_HOST="http://localhost:8086"
+INFLUXDB_ORG="AN"
+TELEGRAF_BUCKET="AMP"
+TELEGRAF_VERSION="1.34.1"
+
+# Function to log messages
+log_message() {
+  local level="$1"
+  local message="$2"
+  local timestamp="$(date +'%Y-%m-%d %H:%M:%S')"
+  local log_line="[$level] $timestamp - $message"
+  echo "$log_line"
+  echo "$log_line" >> "$LOG_FILE"
+}
+
+log_info()    { log_message "INFO" "$1"; }
+log_error()   { log_message "ERROR" "$1" >&2; }
+log_warning() { log_message "WARNING" "$1"; }
+
+check_command() {
+  if ! command -v "$1" &>/dev/null; then
+    log_error "$1 command not found. Please install it."
+    exit 1
+  fi
+}
+
+# --- Check directory permissions ---
+log_info "Checking directory permissions..."
+for dir in "/var/log" "/etc/telegraf" "$TELEGRAF_CONFIG_DIR"; do
+  if [[ ! -d "$dir" ]]; then
+    log_warning "$dir directory does not exist. Creating it..."
+    sudo mkdir -p "$dir"
+    [[ $? -ne 0 ]] && log_error "Failed to create directory $dir." && exit 1
+  fi
+  [[ ! -w "$dir" ]] && log_error "$dir directory is not writable. Please check permissions." && exit 1
+done
+log_info "Directory permissions check complete."
+
+# --- Prerequisites ---
+log_info "Checking for required commands..."
+for cmd in curl sudo dnf grep sed; do check_command "$cmd"; done
+log_info "All required commands are present."
+
+# --- Add InfluxData Repo ---
+log_info "Adding InfluxData repository..."
+REPO_URL="https://repos.influxdata.com/centos/9/x86_64/stable"
+REPO_FILE="/etc/yum.repos.d/influxdata.repo"
+
+if [[ ! -f "$REPO_FILE" ]]; then
+  cat <<EOF | sudo tee "$REPO_FILE"
+[influxdata]
+name = InfluxData Repository - Stable
+baseurl = $REPO_URL
+gpgcheck = 1
+gpgkey = https://repos.influxdata.com/influxdata-archive_compat.key
+enabled = 1
+EOF
+  sudo dnf update -y
+  [[ $? -ne 0 ]] && log_error "Failed to add repo or update system." && exit 1
+  log_info "InfluxData repo added and system updated."
+else
+  log_info "InfluxData repo already exists."
+fi
+
+# --- Install Telegraf ---
+log_info "Installing Telegraf version $TELEGRAF_VERSION..."
+sudo dnf install -y "telegraf-${TELEGRAF_VERSION}"
+[[ $? -ne 0 ]] && log_error "Telegraf installation failed." && exit 1
+log_info "Telegraf $TELEGRAF_VERSION installed successfully."
+
+# --- Read Token ---
+log_info "Reading InfluxDB token from $CONFIG_FILE..."
+if [[ ! -f "$CONFIG_FILE" ]]; then
+  log_error "Token file not found. Please run the InfluxDB setup first."
+  exit 1
+fi
+
+STORED_TOKEN=$(grep '^token *= *"' "$CONFIG_FILE" | sed -E 's/token *= *"([^"]+)"/\1/')
+[[ -z "$STORED_TOKEN" ]] && log_error "Failed to extract token." && exit 1
+log_info "Token read successfully."
+
+# --- Configure Telegraf ---
+log_info "Creating Telegraf configuration..."
+sudo mkdir -p "$TELEGRAF_CONFIG_DIR"
+sudo tee "$TELEGRAF_CONFIG" > /dev/null <<EOF
+[agent]
+  interval = "10s"
+  round_interval = true
+  metric_batch_size = 1000
+  metric_buffer_limit = 10000
+  collection_jitter = "0s"
+  flush_interval = "10s"
+  precision = ""
+  hostname = ""
+  omit_hostname = false
+
+[[outputs.influxdb_v2]]
+  urls = ["$INFLUXDB_HOST"]
+  token = "$STORED_TOKEN"
+  organization = "$INFLUXDB_ORG"
+  bucket = "$TELEGRAF_BUCKET"
+
+[[inputs.cpu]]
+  percpu = true
+  totalcpu = true
+
+[[inputs.disk]]
+  ignore_fs = ["tmpfs", "devtmpfs", "overlay", "rootfs"]
+
+[[inputs.mem]]
+
+[[inputs.system]]
+  fieldpass = ["load1", "load5", "load15", "uptime"]
+EOF
+
+[[ $? -ne 0 ]] && log_error "Failed to write config." && cat "$TELEGRAF_CONFIG" && exit 1
+log_info "Telegraf configuration written to $TELEGRAF_CONFIG"
+
+# --- Start and Enable Telegraf ---
+log_info "Enabling and starting Telegraf service..."
+sudo systemctl enable --now telegraf
+[[ $? -ne 0 ]] && log_error "Failed to start Telegraf service." && exit 1
+
+# --- Final Check ---
+log_info "Checking if Telegraf is active..."
+if sudo systemctl is-active --quiet telegraf; then
+  log_info "Telegraf is active and running."
+else
+  log_error "Telegraf is not running."
+  exit 1
+fi
+
+log_info "Telegraf setup complete. Logs at $LOG_FILE"
+exit 0