diff options
author | MS <ms@taler.net> | 2022-11-01 13:43:47 +0100 |
---|---|---|
committer | MS <ms@taler.net> | 2022-11-01 13:43:47 +0100 |
commit | 0bacccfe77a2dbfe6b7edcafc741c6fcbde78a1c (patch) | |
tree | f576da665187f31d7804728a19e68dddbdd3e2ed | |
parent | c36379f472a4f34d580fb571aabc38c94f6cf980 (diff) | |
download | deployment-0bacccfe77a2dbfe6b7edcafc741c6fcbde78a1c.tar.gz deployment-0bacccfe77a2dbfe6b7edcafc741c6fcbde78a1c.tar.bz2 deployment-0bacccfe77a2dbfe6b7edcafc741c6fcbde78a1c.zip |
docker: not resetting data by default
-rw-r--r-- | docker/hybrid/README | 14 | ||||
-rwxr-xr-x | docker/hybrid/backup.sh | 5 | ||||
-rw-r--r-- | docker/hybrid/images/base/Dockerfile | 7 | ||||
-rw-r--r-- | docker/hybrid/images/exchange/startup.sh | 31 | ||||
-rw-r--r-- | docker/hybrid/images/exchange/taler.conf | 48 | ||||
-rw-r--r-- | docker/hybrid/images/libeufin/startup.sh | 47 | ||||
-rw-r--r-- | docker/hybrid/images/merchant/startup.sh | 5 | ||||
-rwxr-xr-x | docker/hybrid/import-backup.sh | 2 |
8 files changed, 124 insertions, 35 deletions
diff --git a/docker/hybrid/README b/docker/hybrid/README index 7e3cbb2..aa975ab 100644 --- a/docker/hybrid/README +++ b/docker/hybrid/README @@ -55,24 +55,24 @@ run the following command to export database, key material, and logs: $ ./backup.sh -The following command imports a TAR backup into -the Docker volumes. From this directory: +The following command imports the TAR backup from +the previous step into the Docker volumes. From this directory: $ ./import-backup.sh +If data needs to be removed, from this folder: + $ docker-compose down -v + Run --- -Only if stale data needs to be removed, from this folder run: - $ docker-compose down -v - -From this folder, run: +From this folder: $ docker-compose up --remove-orphans --abort-on-container-exit How to test on localhost ======================== -From this folder, run: +From this folder: $ ./test-docker-mvp.sh diff --git a/docker/hybrid/backup.sh b/docker/hybrid/backup.sh index 544e716..fe31ddf 100755 --- a/docker/hybrid/backup.sh +++ b/docker/hybrid/backup.sh @@ -19,11 +19,14 @@ if test -a $BACKUP_FILE; then exit 3 fi +# 'chown' should still help rootful runs to +# have the TAR owned by the user invoking the command. docker run \ -v /tmp:/tmp \ -v hybrid_talerdata:/taler-data \ -v hybrid_talerlogs:/taler-logs \ -it debian:stable \ - /bin/bash -c "tar --no-same-owner --no-same-permissions -c -f ${BACKUP_FILE} /taler-data /taler-logs && chown $(id --user):$(id --group) ${BACKUP_FILE}" > /dev/null + /bin/bash -c "tar --no-same-owner --no-same-permissions -c -f ${BACKUP_FILE} /taler-data /taler-logs" > /dev/null + # /bin/bash -c "tar --no-same-owner --no-same-permissions -c -f ${BACKUP_FILE} /taler-data /taler-logs && chown $(id --user):$(id --group) ${BACKUP_FILE}" > /dev/null echo Backup at: ${BACKUP_FILE} diff --git a/docker/hybrid/images/base/Dockerfile b/docker/hybrid/images/base/Dockerfile index 227ad44..59e2bee 100644 --- a/docker/hybrid/images/base/Dockerfile +++ b/docker/hybrid/images/base/Dockerfile @@ -17,6 +17,7 @@ RUN git clone git://git.taler.net/exchange /exchange RUN git clone git://git.taler.net/merchant /merchant RUN git clone git://git.taler.net/libeufin /libeufin RUN git clone git://git.taler.net/taler-merchant-demos /taler-merchant-demos +RUN git clone git://git.taler.net/wallet-core /wallet-core WORKDIR /libmicrohttpd RUN ./bootstrap @@ -50,4 +51,10 @@ RUN ./bootstrap RUN ./configure RUN make install +WORKDIR /wallet-core +RUN ./bootstrap +WORKDIR ./packages/demobank-ui +RUN ./configure +RUN make install + WORKDIR / diff --git a/docker/hybrid/images/exchange/startup.sh b/docker/hybrid/images/exchange/startup.sh index a0bc725..48f2360 100644 --- a/docker/hybrid/images/exchange/startup.sh +++ b/docker/hybrid/images/exchange/startup.sh @@ -27,29 +27,35 @@ while ! pg_isready -h talerdb -d taler; do done echo Now DB is ready. -taler-exchange-dbinit -L DEBUG -c /config/taler.conf --reset +echo -n "Init database... " +taler-exchange-dbinit -L DEBUG -c /config/taler.conf +echo DONE +echo -n "Starting EDDSA helper..." taler-exchange-secmod-eddsa -L DEBUG \ -c /config/taler.conf 2>&1 | \ rotatelogs -e /logs/taler-exchange-secmod-eddsa-%Y-%m-%d 86400 & - +echo DONE +echo -n "Starting RSA helper..." taler-exchange-secmod-rsa -L DEBUG \ -c /config/taler.conf 2>&1 | \ rotatelogs -e /logs/taler-exchange-secmod-rsa-%Y-%m-%d 86400 & - +echo DONE +echo -n "Starting CS helper..." taler-exchange-secmod-cs -L DEBUG \ -c /config/taler.conf 2>&1 | \ rotatelogs -e /logs/taler-exchange-secmod-cs-%Y-%m-%d 86400 & - -echo "Crypto helpers started.." +echo DONE EXCHANGE_MASTER_PUB=$(taler-exchange-offline -c /config/taler.conf setup) + sed -i "s/__EXCHANGE_MASTER_PUB__/$EXCHANGE_MASTER_PUB/" /config/taler.conf +echo -n "Launching exchange HTTPD..." taler-exchange-httpd -L DEBUG -c /config/taler.conf 2>&1 | \ rotatelogs -e /logs/taler-exchange-httpd-%Y-%m-%d 86400 & -for n in `seq 1 20` +for n in `seq 1 50` do echo "." - sleep 0.4 + sleep 0.3 OK=1 wget http://exchange/ -o /dev/null -O /dev/null >/dev/null && break OK=0 @@ -59,24 +65,27 @@ for n in `seq 1 20` echo "ERROR: failed to launch Exchange" exit 1 fi -echo Echange launched. -echo Launching wirewatch... +echo DONE +echo -n "Launching wirewatch..." taler-exchange-wirewatch -L DEBUG -c /config/taler.conf 2>&1 | \ rotatelogs -e /logs/taler-exchange-wirewatch-%Y-%m-%d 86400 & echo DONE -echo Launching transfer service... +echo -n "Launching transfer service..." taler-exchange-transfer -L DEBUG -c /config/taler.conf 2>&1 | \ rotatelogs -e /logs/taler-exchange-transfer-%Y-%m-%d 86400 & echo DONE -echo Launching aggregator service... +echo -n "Launching aggregator service..." taler-exchange-aggregator -L DEBUG -c /config/taler.conf 2>&1 | \ rotatelogs -e /logs/taler-exchange-aggregator-%Y-%m-%d 86400 & echo DONE +echo +echo -n "Setup keys and fees with taler-exchange-offline..." taler-exchange-offline -L DEBUG -c /config/taler.conf \ download sign \ enable-account "payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company" \ wire-fee now iban ${CURRENCY}:0.01 ${CURRENCY}:0.01 ${CURRENCY}:0.01 \ global-fee now ${CURRENCY}:0.01 ${CURRENCY}:0.01 ${CURRENCY}:0.01 ${CURRENCY}:0.01 1h 1h 1year 5 \ upload 2>&1 +echo DONE wait diff --git a/docker/hybrid/images/exchange/taler.conf b/docker/hybrid/images/exchange/taler.conf index 1bd5124..a23cf7a 100644 --- a/docker/hybrid/images/exchange/taler.conf +++ b/docker/hybrid/images/exchange/taler.conf @@ -40,6 +40,42 @@ port = 80 [exchangedb-postgres] config = postgres://root:__DB_PASSWORD__@talerdb/taler +[coin___CURRENCY___10] +rsa_keysize = 2048 +fee_deposit = __CURRENCY__:0.01 +fee_refund = __CURRENCY__:0.01 +fee_refresh = __CURRENCY__:0.01 +fee_withdraw = __CURRENCY__:0.01 +duration_legal = 10 years +duration_spend = 5 years +duration_withdraw = 3 years +value = __CURRENCY__:10 +cipher = RSA + +[coin___CURRENCY___5] +rsa_keysize = 2048 +fee_deposit = __CURRENCY__:0.01 +fee_refund = __CURRENCY__:0.01 +fee_refresh = __CURRENCY__:0.01 +fee_withdraw = __CURRENCY__:0.01 +duration_legal = 10 years +duration_spend = 5 years +duration_withdraw = 3 years +value = __CURRENCY__:5 +cipher = RSA + +[coin___CURRENCY___2] +rsa_keysize = 2048 +fee_deposit = __CURRENCY__:0.01 +fee_refund = __CURRENCY__:0.01 +fee_refresh = __CURRENCY__:0.01 +fee_withdraw = __CURRENCY__:0.01 +duration_legal = 10 years +duration_spend = 5 years +duration_withdraw = 3 years +value = __CURRENCY__:2 +cipher = RSA + [coin___CURRENCY___1] rsa_keysize = 2048 fee_deposit = __CURRENCY__:0.01 @@ -51,3 +87,15 @@ duration_spend = 5 years duration_withdraw = 3 years value = __CURRENCY__:1 cipher = RSA + +[coin___CURRENCY___ct_10] +rsa_keysize = 2048 +fee_deposit = __CURRENCY__:0.01 +fee_refund = __CURRENCY__:0.01 +fee_refresh = __CURRENCY__:0.01 +fee_withdraw = __CURRENCY__:0.01 +duration_legal = 10 years +duration_spend = 5 years +duration_withdraw = 3 years +value = __CURRENCY__:0.10 +cipher = RSA diff --git a/docker/hybrid/images/libeufin/startup.sh b/docker/hybrid/images/libeufin/startup.sh index 129e404..07bb4ee 100644 --- a/docker/hybrid/images/libeufin/startup.sh +++ b/docker/hybrid/images/libeufin/startup.sh @@ -2,13 +2,18 @@ set -eu +MAYBE_VOLUME_MOUNTPOINT="/data/libeufin" +export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${MAYBE_VOLUME_MOUNTPOINT}/sandbox.sqlite3" +export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:${MAYBE_VOLUME_MOUNTPOINT}/nexus.sqlite3" +# This file indicates that data preparation ran already +# once. It helps against some non idempotent commands. +INIT_MARKER=${MAYBE_VOLUME_MOUNTPOINT}/init-done export LD_LIBRARY_PATH=/usr/local/lib # helps taler-config CURRENCY=`taler-config -c /config/deployment.conf -s taler-deployment -o currency` SANDBOX_PORT=15000 NEXUS_PORT=15001 SANDBOX_BASE_URL="http://localhost:${SANDBOX_PORT}" EXCHANGE_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o default-exchange` -MAYBE_VOLUME_MOUNTPOINT="/data/libeufin" # As wanted by the Libeufin CLI: export LIBEUFIN_SANDBOX_URL="${SANDBOX_BASE_URL}/demobanks/default" export LIBEUFIN_NEXUS_URL="http://localhost:${NEXUS_PORT}" @@ -17,7 +22,9 @@ export LIBEUFIN_NEXUS_URL="http://localhost:${NEXUS_PORT}" register_sandbox_account() { export LIBEUFIN_SANDBOX_USERNAME=$1 export LIBEUFIN_SANDBOX_PASSWORD=$2 - libeufin-cli sandbox demobank register --name "$4" --iban $3 + # A unavailable username upon registration should + # fail, hence non idempotence is acceptable here. + test -a $INIT_MARKER || libeufin-cli sandbox demobank register --name "$4" --iban $3 unset LIBEUFIN_SANDBOX_USERNAME unset LIBEUFIN_SANDBOX_PASSWORD } @@ -43,13 +50,12 @@ is_serving() { EXCHANGE_IBAN=DE159593 mkdir -p ${MAYBE_VOLUME_MOUNTPOINT} -export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${MAYBE_VOLUME_MOUNTPOINT}/sandbox.sqlite3" export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret echo -n "Creating ${CURRENCY} default demobank..." -libeufin-sandbox config --currency ${CURRENCY} default +test -a $INIT_MARKER || libeufin-sandbox config --currency ${CURRENCY} default echo DONE echo -n "Specify default exchange..." -libeufin-sandbox default-exchange \ +test -a $INIT_MARKER || libeufin-sandbox default-exchange \ ${EXCHANGE_URL} \ "payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company" echo DONE @@ -73,10 +79,10 @@ echo -n "Create exchange EBICS subscriber at Sandbox.." export LIBEUFIN_SANDBOX_USERNAME=admin export LIBEUFIN_SANDBOX_PASSWORD=secret echo -n "Create EBICS host at Sandbox.." -libeufin-cli sandbox --sandbox-url $SANDBOX_BASE_URL ebicshost create --host-id talerebics +test -a $INIT_MARKER || libeufin-cli sandbox --sandbox-url $SANDBOX_BASE_URL ebicshost create --host-id talerebics echo DONE echo -n "Create exchange's EBICS subscriber at Sandbox.." -libeufin-cli sandbox \ +test -a $INIT_MARKER || libeufin-cli sandbox \ demobank new-ebicssubscriber --host-id talerebics \ --user-id exchangeebics --partner-id talerpartner \ --bank-account $EXCHANGE_SANDBOX_USERNAME @@ -84,8 +90,10 @@ echo DONE ## NEXUS SETUP EXCHANGE_NEXUS_USERNAME=`taler-config -c /config/deployment.conf -s taler-deployment -o exchange-nexus-username` EXCHANGE_NEXUS_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o exchange-nexus-password` -export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:${MAYBE_VOLUME_MOUNTPOINT}/nexus.sqlite3" + echo -n "Creating Nexus superuser..." +# Idempotent in the sense that if the user is found, +# they'll get the password changed. libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME \ --password $EXCHANGE_NEXUS_PASSWORD echo DONE @@ -97,8 +105,12 @@ is_serving $LIBEUFIN_NEXUS_URL Nexus export LIBEUFIN_NEXUS_USERNAME=$EXCHANGE_NEXUS_USERNAME export LIBEUFIN_NEXUS_PASSWORD=$EXCHANGE_NEXUS_PASSWORD + echo -n Creating a EBICS connection at Nexus.. -libeufin-cli connections new-ebics-connection \ +# Not idempotent: the implementation does check if +# a connection with the requested name exists, and +# returns "409 Conflict". FIXME +test -a $INIT_MARKER || libeufin-cli connections new-ebics-connection \ --ebics-url "${SANDBOX_BASE_URL}/ebicsweb" \ --host-id talerebics \ --partner-id talerpartner \ @@ -106,12 +118,15 @@ libeufin-cli connections new-ebics-connection \ talerconn echo DONE echo -n Setup EBICS keying.. -libeufin-cli connections connect talerconn > /dev/null +# idempotent (noop if 'talerconn' is found) +libeufin-cli connections connect talerconn > /dev/null echo DONE echo -n Download bank account name from Sandbox.. +# idempotent (only stores new bank account names) libeufin-cli connections download-bank-accounts talerconn echo DONE echo -n Importing bank account info into Nexus.. +# idempotent NEXUS_IMPORTED_BANKACCOUNT=nexus-bankaccount libeufin-cli connections import-bank-account \ --offered-account-id $EXCHANGE_SANDBOX_USERNAME \ @@ -120,7 +135,8 @@ libeufin-cli connections import-bank-account \ echo DONE echo -n Setup payments submission task.. # Tries every second. -libeufin-cli accounts task-schedule \ +# Not idempotent, FIXME +test -a $INIT_MARKER || libeufin-cli accounts task-schedule \ --task-type submit \ --task-name exchange-payments \ --task-cronspec "* * *" \ @@ -128,7 +144,8 @@ libeufin-cli accounts task-schedule \ echo DONE # Tries every second. Ask C52 echo -n Setup history fetch task.. -libeufin-cli accounts task-schedule \ +# Not idempotent, FIXME +test -a $INIT_MARKER || libeufin-cli accounts task-schedule \ --task-type fetch \ --task-name exchange-history \ --task-cronspec "* * *" \ @@ -137,11 +154,15 @@ libeufin-cli accounts task-schedule \ $NEXUS_IMPORTED_BANKACCOUNT echo DONE echo -n Create the Taler facade at Nexus.. +# Not idempotent, in the sense that a duplicate +# facade will be created. FIXME FACADE_NAME=taler-facade -libeufin-cli facades \ +test -a $INIT_MARKER || libeufin-cli facades \ new-taler-wire-gateway-facade \ --currency ${CURRENCY} --facade-name $FACADE_NAME \ talerconn $NEXUS_IMPORTED_BANKACCOUNT echo DONE +touch $INIT_MARKER + wait diff --git a/docker/hybrid/images/merchant/startup.sh b/docker/hybrid/images/merchant/startup.sh index c067e54..118998a 100644 --- a/docker/hybrid/images/merchant/startup.sh +++ b/docker/hybrid/images/merchant/startup.sh @@ -69,8 +69,9 @@ sed -i "s/__CURRENCY__/${CURRENCY}/" /config/taler.conf sed -i "s/__BACKEND_APIKEY__/${BACKEND_APIKEY}/" /config/taler.conf sed -i "s;__BACKEND_URL__;${BACKEND_URL};" /config/taler.conf sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" /config/taler.conf -echo -n "Reset database..." -taler-merchant-dbinit -L DEBUG -c /config/taler.conf --reset + +echo "Init database... " +taler-merchant-dbinit -L DEBUG -c /config/taler.conf echo DONE echo -n "Launch merchant backend..." taler-merchant-httpd -c /config/taler.conf 2>&1 | \ diff --git a/docker/hybrid/import-backup.sh b/docker/hybrid/import-backup.sh index c49ad15..4fdb9c4 100755 --- a/docker/hybrid/import-backup.sh +++ b/docker/hybrid/import-backup.sh @@ -13,7 +13,7 @@ if ! docker images | grep debian | grep stable > /dev/null; then fi if test -z $1; then - echo Please, give the backup file\'s path as the one argument. + echo "Please, give the backup (TAR) file\'s path as the one argument." exit 1 fi |