[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] branch master updated: euFin deployment: first steps
|
From: |
gnunet |
|
Subject: |
[taler-deployment] branch master updated: euFin deployment: first steps |
|
Date: |
Thu, 16 Sep 2021 16:49:58 +0200 |
This is an automated email from the git hooks/post-receive script.
ms pushed a commit to branch master
in repository deployment.
The following commit(s) were added to refs/heads/master by this push:
new af22c20 euFin deployment: first steps
af22c20 is described below
commit af22c20c0a7ade6635c5512cef8b8d3b3bf761ee
Author: ms <ms@taler.net>
AuthorDate: Thu Sep 16 16:49:44 2021 +0200
euFin deployment: first steps
---
bin/taler-deployment-prepare-with-eufin | 375 ++++++++++++++++++++++++++++++++
taler-arm/libeufin-nexus.conf | 2 +-
taler-arm/libeufin-sandbox.conf | 4 +
3 files changed, 380 insertions(+), 1 deletion(-)
diff --git a/bin/taler-deployment-prepare-with-eufin
b/bin/taler-deployment-prepare-with-eufin
new file mode 100755
index 0000000..1d373ec
--- /dev/null
+++ b/bin/taler-deployment-prepare-with-eufin
@@ -0,0 +1,375 @@
+#!/bin/bash
+
+# Prepare a deployment for execution:
+# * generate the configuration and setup database
+# * put keys in the right place
+# * set bank password for the exchange
+# * sign the exchange's wire response
+# * run some sanity checks (FIXME: not done yet!)
+
+set -eu
+
+source "$HOME/activate"
+
+# $1 = {yes,no} indicates WITH_DB_RESET. Defaults to no.
+# Helps avoiding color Y destroying the DB while color X is in
+# production.
+WITH_DB_RESET=${1-no}
+
+if [[ -z ${TALER_ENV_NAME+x} ]]; then
+ echo "TALER_ENV_NAME not set"
+ exit 1
+fi
+
+if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then
+ echo "TALER_CONFIG_CURRENCY not set"
+ exit 1
+fi
+
+# The script stops what started along the flow.
+# This function should help against processes left
+# somehow running.
+function stop_running() {
+ taler-deployment-stop
+ for n in `jobs -p`
+ do
+ kill $n 2> /dev/null || true
+ done
+ wait
+}
+
+trap "stop_running" EXIT
+
+function generate_config() {
+ EXCHANGE_PUB=$(gnunet-ecc -p
"$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
+
+ mkdir -p "$HOME/.config"
+
+ taler-deployment-config-generate \
+ --exchange-pub "$EXCHANGE_PUB" \
+ --currency "$TALER_CONFIG_CURRENCY" \
+ --outdir "$HOME/.config" \
+ --envname "$TALER_ENV_NAME" \
+ --frontends-apitoken "$TALER_ENV_FRONTENDS_APITOKEN"
+}
+
+##
+## Step 1: Generate config
+##
+
+case $TALER_ENV_NAME in
+ tanker|demo|test|int|local)
+ generate_config
+ ;;
+ *)
+ echo "Not generating config for env $TALER_ENV_NAME"
+ ;;
+esac
+
+##
+## Step 1b: initialize database
+##
+
+if test $WITH_DB_RESET = yes; then
+ taler-exchange-dbinit --reset
+fi
+
+##
+## Step 2: Copy key material and update denom keys
+##
+
+# For demo, make sure the link to shared data between demo-blue and demo-green
is
+# set up properly.
+case $TALER_ENV_NAME in
+ demo)
+ echo "linking taler-data"
+ ln -sfT ~demo/shared-data ~/taler-data
+ # Check if we won't mess up permissions later
+ if [[ ! -g ~/taler-data ]]; then
+ echo "the shared-data directory should have the set-group-id bit set"
+ exit 1
+ fi
+ ;;
+esac
+
+case $TALER_ENV_NAME in
+ demo|test|int|local)
+ EXCHANGE_PUB=$(gnunet-ecc -p
"$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
+ EXCHANGE_PRIV_FILE=$(taler-config -f -s exchange-offline -o
master_priv_file)
+ if [[ -e "$EXCHANGE_PRIV_FILE" ]]; then
+ EXCHANGE_PUB2=$(gnunet-ecc -p "$EXCHANGE_PRIV_FILE")
+ if [[ "$EXCHANGE_PUB" != "$EXCHANGE_PUB2" ]]; then
+ echo "Warning: Different exchange private key already exists, not
copying"
+ fi
+ else
+ mkdir -p "$(dirname "$EXCHANGE_PRIV_FILE")"
+ cp
"$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv"
"$EXCHANGE_PRIV_FILE"
+ fi
+ ;;
+ *)
+ echo "Not copying key material for env $TALER_ENV_NAME"
+ ;;
+esac
+
+EXCHANGE_MASTER_PUB=$(taler-config -s exchange -o master_public_key)
+taler-auditor-exchange \
+ -m "$EXCHANGE_MASTER_PUB" \
+ -u "$(taler-config -s exchange -o base_url)" || true
+
+# Make configuration accessible to auditor
+chmod 750 "$HOME/.config"
+
+
+##
+## Step 3: Set up the exchange key material
+##
+
+taler-deployment-arm -s
+
+# Quickly start+shutdown exchange httpd and crypto SM helpers
+taler-deployment-arm -i taler-exchange
+taler-deployment-arm -i taler-exchange-secmod-rsa
+taler-deployment-arm -i taler-exchange-secmod-eddsa
+
+sleep 2 # FIXME: poll keys?
+if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started"
> /dev/null; then
+ echo "Exchange didn't start, cannot set up keys"
+ exit 1
+fi
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep
"status=started" > /dev/null; then
+ echo "Exchange (RSA module) didn't start, cannot set up keys."
+ exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep
"status=started" > /dev/null; then
+ echo "Exchange (EDDSA module) didn't start, cannot set up keys."
+ exit 1
+fi
+
+taler-exchange-offline download sign upload
+
+payto_uri=$(taler-config -s exchange-account-1 -o payto_uri)
+taler-exchange-offline enable-account "$payto_uri" upload
+
+# Set up wire fees for next 5 years
+year=$(date +%Y)
+curr=$TALER_CONFIG_CURRENCY
+for y in $(seq $year $((year + 5))); do
+ taler-exchange-offline wire-fee $y x-taler-bank "$curr:0.01" "$curr:0.01"
upload
+done
+
+taler-deployment-arm -k taler-exchange
+taler-deployment-arm -k taler-exchange-secmod-rsa
+taler-deployment-arm -k taler-exchange-secmod-eddsa
+
+# Give time to store to disk.
+sleep 5
+
+##
+## Step 4: Set up euFin
+##
+
+function prepare_sandbox_account() {
+ echo -n "Activating ebics subscriber $1 at the sandbox ..."
+ libeufin-cli \
+ sandbox --sandbox-url=$SANDBOX_URL \
+ ebicssubscriber create \
+ --host-id=$EBICS_HOST \
+ --partner-id=$2 \
+ --user-id=$1
+ echo " OK"
+ echo -n "Giving a bank account ($4) to $1 ..."
+ libeufin-cli \
+ sandbox --sandbox-url=$SANDBOX_URL \
+ ebicsbankaccount create \
+ --iban=$5 \
+ --bic="BCMAESM1XXX"\
+ --person-name="$3" \
+ --account-name=$4 \
+ --ebics-user-id=$1 \
+ --ebics-host-id=$EBICS_HOST \
+ --ebics-partner-id=$2 \
+ --currency=$CURRENCY
+ echo " OK"
+}
+
+SANDBOX_SQLITE_FILE="$HOME/sandbox.sqlite"
+NEXUS_SQLITE_FILE="$HOME/nexus.sqlite"
+
+NEXUS_URL="http://localhost:5001/";
+SANDBOX_URL="http://localhost:5000/";
+
+
+# Deleting old data:
+rm $SANDBOX_SQLITE_FILE
+rm $NEXUS_SQLITE_FILE
+
+export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$SANDBOX_SQLITE_FILE"
+export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$NEXUS_SQLITE_FILE"
+
+taler-deployment-arm -i libeufin-nexus
+taler-deployment-arm -i libeufin-sandbox
+
+if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then
+ echo "Could not launch Sandbox"
+ stop_running
+ exit 1
+fi
+
+if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then
+ echo "Could not launch Nexus"
+ stop_running
+ exit 1
+fi
+
+EBICS_HOST="ebicsDeployedHost"
+
+echo -n "Preparing Sandbox ..."
+libeufin-cli \
+ sandbox --sandbox-url=$SANDBOX_URL \
+ ebicshost create \
+ --host-id=$EBICS_HOST
+echo " OK"
+
+echo -n "Preparing accounts ..."
+# note: Ebisc schema doesn't allow dashed names.
+prepare_sandbox_account \
+ ebicsuserExchange \
+ ebicspartnerExchange \
+ "Person Exchange" \
+ sandbox-account-exchange \
+ $IBAN_EXCHANGE
+prepare_sandbox_account \
+ ebicsuserMerchant \
+ ebicspartnerMerchant \
+ "Person Merchant" \
+ sandbox-account-merchant \
+ $IBAN_MERCHANT
+prepare_sandbox_account \
+ ebicsuserCustomer \
+ ebicspartnerCustomer \
+ "Person Customer" \
+ sandbox-account-customer \
+ $IBAN_CUSTOMER
+echo "Sandbox preparation done"
+
+# Only the exchange needs Nexus.
+echo -n "Preparing Nexus ..."
+export LIBEUFIN_NEXUS_URL=$NEXUS_URL
+EXCHANGE_NEXUS_USERNAME=exchange-nexus-user
+EXCHANGE_NEXUS_PASSWORD=exchange-nexus-password
+libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME
--password=$EXCHANGE_NEXUS_PASSWORD
+echo " OK"
+export LIBEUFIN_NEXUS_USERNAME=$EXCHANGE_NEXUS_USERNAME
+export LIBEUFIN_NEXUS_PASSWORD=$EXCHANGE_NEXUS_PASSWORD
+
+# FIXME: this command below likely not needed. Please
+# remove, run the test, and commit+push if it still works!
+prepare_nexus_account \
+ ebicsuserExchange \
+ ebicspartnerExchange \
+ bankconnection-exchange \
+ nexus-bankaccount-exchange \
+ sandbox-account-exchange
+
+echo -n "Create Taler facade ..."
+libeufin-cli facades new-taler-wire-gateway-facade \
+ --currency=$TALER_CONFIG_CURRENCY \
+ --facade-name=facade-exchange \
+ bankconnection-exchange nexus-bankaccount-exchange
+echo " OK"
+FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \")
+
+taler-deployment-arm -k libeufin-nexus
+taler-deployment-arm -k libeufin-sandbox
+
+# For now, override what the non-euFin deployment put
+# in the configuration. Later, the three values below
+# will be specified by the "config generator".
+taler-config -s exchange-accountcredentials-1 \
+ -o WIRE_GATEWAY_URL \
+ -V "${FACADE_URL}"
+
+taler-config -s exchange-accountcredentials-1 \
+ -o USERNAME \
+ -V "${EXCHANGE_NEXUS_USERNAME}"
+
+taler-config -s exchange-accountcredentials-1 \
+ -o PASSWORD \
+ -V "${EXCHANGE_NEXUS_PASSWORD}"
+
+##
+## Step 5: Adjust some permissions
+##
+
+case $TALER_ENV_NAME in
+ demo|test|int)
+ # Make sure the web server can read ~/local
+ chmod og+rx ~/local
+
+ # Make sure that shared files created by this user
+ # are group writable and readable.
+ find ~/taler-data/ -user "$USER" -exec chmod g+rw {} \;
+ ;;
+ *)
+ ;;
+esac
+
+##
+## Step 6: Set up merchant
+##
+
+if test $WITH_DB_RESET = yes; then
+ taler-merchant-dbinit --reset
+fi
+
+# Making sure ARM is not running yet.
+taler-deployment-arm -e
+
+# Need the following services to config instances and tip reserve:
+taler-deployment-arm -s
+taler-deployment-arm -i taler-merchant
+taler-deployment-arm -i taler-demobank
+
+taler-deployment-arm -i taler-exchange
+taler-deployment-arm -i taler-exchange-secmod-rsa
+taler-deployment-arm -i taler-exchange-secmod-eddsa
+sleep 5
+
+if ! taler-deployment-arm -I | grep "^taler-merchant" | grep "status=started"
> /dev/null; then
+ echo "Merchant didn't start, cannot configure instances / create tip
reserve."
+ exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-demobank" | grep "status=started"
> /dev/null; then
+ echo "Bank didn't start, cannot create tip reserve."
+ exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started"
> /dev/null; then
+ echo "Exchange didn't start, cannot create tip reserve."
+ exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep
"status=started" > /dev/null; then
+ echo "Exchange (RSA module) didn't start, cannot create tip reserve."
+ exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep
"status=started" > /dev/null; then
+ echo "Exchange (EDDSA module) didn't start, cannot create tip reserve."
+ exit 1
+fi
+
+echo "Configuring instances"
+taler-deployment-config-instances
+
+echo "Creating tip reserve"
+taler-deployment-config-tips
+
+taler-deployment-arm -k taler-merchant
+taler-deployment-arm -k taler-demobank
+taler-deployment-arm -k taler-exchange
+taler-deployment-arm -k taler-exchange-secmod-rsa
+taler-deployment-arm -k taler-exchange-secmod-eddsa
+taler-deployment-arm -e
diff --git a/taler-arm/libeufin-nexus.conf b/taler-arm/libeufin-nexus.conf
index c653abe..dbb3db6 100644
--- a/taler-arm/libeufin-nexus.conf
+++ b/taler-arm/libeufin-nexus.conf
@@ -1,4 +1,4 @@
[libeufin-nexus]
TYPE = simple
BINARY = taler-log-adapter
-OPTIONS = $HOME/logs/nexus-%Y-%m-%d.log nexus serve
+OPTIONS = $HOME/logs/nexus-%Y-%m-%d.log libeufin-nexus serve
diff --git a/taler-arm/libeufin-sandbox.conf b/taler-arm/libeufin-sandbox.conf
new file mode 100644
index 0000000..7da437f
--- /dev/null
+++ b/taler-arm/libeufin-sandbox.conf
@@ -0,0 +1,4 @@
+[libeufin-sandbox]
+TYPE = simple
+BINARY = taler-log-adapter
+OPTIONS = $HOME/logs/sandbox-%Y-%m-%d.log libeufin-sandbox serve
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-deployment] branch master updated: euFin deployment: first steps,
gnunet <=