euFin deployment: first steps

1 files changed, 375 insertions, 0 deletions

diff --git a/bin/taler-deployment-prepare-with-eufin b/bin/taler-deployment-prepare-with-eufin
new file mode 100755
index 0000000..1d373ec
--- /dev/null
+++ b/bin/taler-deployment-prepare-with-eufin
@@ -0,0 +1,375 @@
+#!/bin/bash
+
+# Prepare a deployment for execution:
+# * generate the configuration and setup database
+# * put keys in the right place
+# * set bank password for the exchange
+# * sign the exchange's wire response
+# * run some sanity checks (FIXME: not done yet!)
+
+set -eu
+
+source "$HOME/activate"
+
+# $1 = {yes,no} indicates WITH_DB_RESET.  Defaults to no.
+# Helps avoiding color Y destroying the DB while color X is in
+# production.
+WITH_DB_RESET=${1-no}
+
+if [[ -z ${TALER_ENV_NAME+x} ]]; then
+  echo "TALER_ENV_NAME not set"
+  exit 1
+fi
+
+if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then
+  echo "TALER_CONFIG_CURRENCY not set"
+  exit 1
+fi
+
+# The script stops what started along the flow.
+# This function should help against processes left
+# somehow running.
+function stop_running() {
+  taler-deployment-stop
+  for n in `jobs -p`
+  do
+      kill $n 2> /dev/null || true
+  done
+  wait
+}
+
+trap "stop_running" EXIT
+
+function generate_config() {
+  EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
+
+  mkdir -p "$HOME/.config"
+
+  taler-deployment-config-generate \
+    --exchange-pub "$EXCHANGE_PUB" \
+    --currency "$TALER_CONFIG_CURRENCY" \
+    --outdir "$HOME/.config" \
+    --envname "$TALER_ENV_NAME" \
+    --frontends-apitoken "$TALER_ENV_FRONTENDS_APITOKEN"
+}
+
+##
+## Step 1: Generate config
+##
+
+case $TALER_ENV_NAME in
+  tanker|demo|test|int|local)
+    generate_config
+    ;;
+  *)
+    echo "Not generating config for env $TALER_ENV_NAME"
+    ;;
+esac
+
+##
+## Step 1b: initialize database
+##
+
+if test $WITH_DB_RESET = yes; then
+  taler-exchange-dbinit --reset
+fi
+
+##
+## Step 2: Copy key material and update denom keys
+##
+
+# For demo, make sure the link to shared data between demo-blue and demo-green is
+# set up properly.
+case $TALER_ENV_NAME in
+  demo)
+    echo "linking taler-data"
+    ln -sfT ~demo/shared-data ~/taler-data
+    # Check if we won't mess up permissions later
+    if [[ ! -g ~/taler-data ]]; then
+      echo "the shared-data directory should have the set-group-id bit set"
+      exit 1
+    fi
+  ;;
+esac
+
+case $TALER_ENV_NAME in
+  demo|test|int|local)
+    EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
+    EXCHANGE_PRIV_FILE=$(taler-config -f -s exchange-offline -o master_priv_file)
+    if [[ -e "$EXCHANGE_PRIV_FILE" ]]; then
+      EXCHANGE_PUB2=$(gnunet-ecc -p "$EXCHANGE_PRIV_FILE")
+      if [[ "$EXCHANGE_PUB" != "$EXCHANGE_PUB2" ]]; then
+        echo "Warning: Different exchange private key already exists, not copying"
+      fi
+    else
+      mkdir -p "$(dirname "$EXCHANGE_PRIV_FILE")"
+      cp "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv" "$EXCHANGE_PRIV_FILE"
+    fi
+    ;;
+  *)
+    echo "Not copying key material for env $TALER_ENV_NAME"
+    ;;
+esac
+
+EXCHANGE_MASTER_PUB=$(taler-config -s exchange -o master_public_key)
+taler-auditor-exchange \
+  -m "$EXCHANGE_MASTER_PUB" \
+  -u "$(taler-config -s exchange -o base_url)" || true
+
+# Make configuration accessible to auditor
+chmod 750 "$HOME/.config"
+
+
+##
+## Step 3: Set up the exchange key material
+##
+
+taler-deployment-arm -s
+
+# Quickly start+shutdown exchange httpd and crypto SM helpers
+taler-deployment-arm -i taler-exchange
+taler-deployment-arm -i taler-exchange-secmod-rsa
+taler-deployment-arm -i taler-exchange-secmod-eddsa
+
+sleep 2 # FIXME: poll keys?
+if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then
+    echo "Exchange didn't start, cannot set up keys"
+    exit 1
+fi
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then
+    echo "Exchange (RSA module) didn't start, cannot set up keys."
+    exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then
+    echo "Exchange (EDDSA module) didn't start, cannot set up keys."
+    exit 1
+fi
+
+taler-exchange-offline download sign upload
+
+payto_uri=$(taler-config -s exchange-account-1 -o payto_uri)
+taler-exchange-offline enable-account "$payto_uri" upload
+
+# Set up wire fees for next 5 years
+year=$(date +%Y)
+curr=$TALER_CONFIG_CURRENCY
+for y in $(seq $year $((year + 5))); do
+  taler-exchange-offline wire-fee $y x-taler-bank "$curr:0.01" "$curr:0.01" upload
+done
+
+taler-deployment-arm -k taler-exchange
+taler-deployment-arm -k taler-exchange-secmod-rsa
+taler-deployment-arm -k taler-exchange-secmod-eddsa
+
+# Give time to store to disk.
+sleep 5
+
+##
+## Step 4:  Set up euFin
+##
+
+function prepare_sandbox_account() {
+  echo -n "Activating ebics subscriber $1 at the sandbox ..."
+  libeufin-cli \
+    sandbox --sandbox-url=$SANDBOX_URL \
+      ebicssubscriber create \
+        --host-id=$EBICS_HOST \
+        --partner-id=$2 \
+        --user-id=$1
+  echo " OK"
+  echo -n "Giving a bank account ($4) to $1 ..."
+  libeufin-cli \
+    sandbox --sandbox-url=$SANDBOX_URL \
+      ebicsbankaccount create \
+        --iban=$5 \
+        --bic="BCMAESM1XXX"\
+        --person-name="$3" \
+        --account-name=$4 \
+        --ebics-user-id=$1 \
+        --ebics-host-id=$EBICS_HOST \
+        --ebics-partner-id=$2 \
+        --currency=$CURRENCY
+  echo " OK"
+}
+
+SANDBOX_SQLITE_FILE="$HOME/sandbox.sqlite"
+NEXUS_SQLITE_FILE="$HOME/nexus.sqlite"
+
+NEXUS_URL="http://localhost:5001/"
+SANDBOX_URL="http://localhost:5000/"
+
+
+# Deleting old data:
+rm $SANDBOX_SQLITE_FILE
+rm $NEXUS_SQLITE_FILE
+
+export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$SANDBOX_SQLITE_FILE"
+export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$NEXUS_SQLITE_FILE"
+
+taler-deployment-arm -i libeufin-nexus
+taler-deployment-arm -i libeufin-sandbox
+
+if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then
+  echo "Could not launch Sandbox"
+  stop_running
+  exit 1
+fi
+
+if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then
+  echo "Could not launch Nexus"
+  stop_running
+  exit 1
+fi
+
+EBICS_HOST="ebicsDeployedHost"
+
+echo -n "Preparing Sandbox ..."
+libeufin-cli \
+  sandbox --sandbox-url=$SANDBOX_URL \
+    ebicshost create \
+      --host-id=$EBICS_HOST
+echo " OK"
+
+echo -n "Preparing accounts ..."
+# note: Ebisc schema doesn't allow dashed names.
+prepare_sandbox_account \
+  ebicsuserExchange \
+  ebicspartnerExchange \
+  "Person Exchange" \
+  sandbox-account-exchange \
+  $IBAN_EXCHANGE
+prepare_sandbox_account \
+  ebicsuserMerchant \
+  ebicspartnerMerchant \
+  "Person Merchant" \
+  sandbox-account-merchant \
+  $IBAN_MERCHANT
+prepare_sandbox_account \
+  ebicsuserCustomer \
+  ebicspartnerCustomer \
+  "Person Customer" \
+  sandbox-account-customer \
+  $IBAN_CUSTOMER
+echo "Sandbox preparation done"
+
+# Only the exchange needs Nexus.
+echo -n "Preparing Nexus ..."
+export LIBEUFIN_NEXUS_URL=$NEXUS_URL
+EXCHANGE_NEXUS_USERNAME=exchange-nexus-user
+EXCHANGE_NEXUS_PASSWORD=exchange-nexus-password
+libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME --password=$EXCHANGE_NEXUS_PASSWORD
+echo " OK"
+export LIBEUFIN_NEXUS_USERNAME=$EXCHANGE_NEXUS_USERNAME
+export LIBEUFIN_NEXUS_PASSWORD=$EXCHANGE_NEXUS_PASSWORD
+
+# FIXME: this command below likely not needed.  Please
+# remove, run the test, and commit+push if it still works!
+prepare_nexus_account \
+  ebicsuserExchange \
+  ebicspartnerExchange \
+  bankconnection-exchange \
+  nexus-bankaccount-exchange \
+  sandbox-account-exchange
+
+echo -n "Create Taler facade ..."
+libeufin-cli facades new-taler-wire-gateway-facade \
+  --currency=$TALER_CONFIG_CURRENCY \
+  --facade-name=facade-exchange \
+  bankconnection-exchange nexus-bankaccount-exchange
+echo " OK"
+FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \")
+
+taler-deployment-arm -k libeufin-nexus
+taler-deployment-arm -k libeufin-sandbox
+
+# For now, override what the non-euFin deployment put
+# in the configuration.  Later, the three values below
+# will be specified by the "config generator".
+taler-config -s exchange-accountcredentials-1 \
+             -o WIRE_GATEWAY_URL \
+             -V "${FACADE_URL}"
+
+taler-config -s exchange-accountcredentials-1 \
+             -o USERNAME \
+	     -V "${EXCHANGE_NEXUS_USERNAME}"
+
+taler-config -s exchange-accountcredentials-1 \
+             -o PASSWORD \
+	     -V "${EXCHANGE_NEXUS_PASSWORD}"
+
+##
+## Step 5: Adjust some permissions
+##
+
+case $TALER_ENV_NAME in
+  demo|test|int)
+    # Make sure the web server can read ~/local
+    chmod og+rx ~/local
+
+    # Make sure that shared files created by this user
+    # are group writable and readable.
+    find ~/taler-data/ -user "$USER" -exec chmod g+rw {} \;
+    ;;
+  *)
+    ;;
+esac
+
+##
+## Step 6: Set up merchant
+##
+
+if test $WITH_DB_RESET = yes; then
+  taler-merchant-dbinit --reset
+fi
+
+# Making sure ARM is not running yet.
+taler-deployment-arm -e
+
+# Need the following services to config instances and tip reserve:
+taler-deployment-arm -s
+taler-deployment-arm -i taler-merchant
+taler-deployment-arm -i taler-demobank
+
+taler-deployment-arm -i taler-exchange
+taler-deployment-arm -i taler-exchange-secmod-rsa
+taler-deployment-arm -i taler-exchange-secmod-eddsa
+sleep 5
+
+if ! taler-deployment-arm -I | grep "^taler-merchant" | grep "status=started" > /dev/null; then
+    echo "Merchant didn't start, cannot configure instances / create tip reserve."
+    exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-demobank" | grep "status=started" > /dev/null; then
+    echo "Bank didn't start, cannot create tip reserve."
+    exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then
+    echo "Exchange didn't start, cannot create tip reserve."
+    exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then
+    echo "Exchange (RSA module) didn't start, cannot create tip reserve."
+    exit 1
+fi
+
+if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then
+    echo "Exchange (EDDSA module) didn't start, cannot create tip reserve."
+    exit 1
+fi
+
+echo "Configuring instances"
+taler-deployment-config-instances
+
+echo "Creating tip reserve"
+taler-deployment-config-tips
+
+taler-deployment-arm -k taler-merchant
+taler-deployment-arm -k taler-demobank
+taler-deployment-arm -k taler-exchange
+taler-deployment-arm -k taler-exchange-secmod-rsa
+taler-deployment-arm -k taler-exchange-secmod-eddsa
+taler-deployment-arm -e