diff options
Diffstat (limited to 'bin/taler-deployment-prepare-with-eufin')
| -rwxr-xr-x | bin/taler-deployment-prepare-with-eufin | 418 |
1 files changed, 0 insertions, 418 deletions
diff --git a/bin/taler-deployment-prepare-with-eufin b/bin/taler-deployment-prepare-with-eufin deleted file mode 100755 index f3313b6..0000000 --- a/bin/taler-deployment-prepare-with-eufin +++ /dev/null @@ -1,418 +0,0 @@ -#!/bin/bash - -# Values needed: -# -# currency - -set -eu - -source "$HOME/activate" - -# $1 = {yes,no} indicates WITH_DB_RESET. Defaults to no. -# Helps avoiding color Y destroying the DB while color X is in -# production. -WITH_DB_RESET=${1-no} - -if [[ -z ${TALER_ENV_NAME+x} ]]; then - echo "TALER_ENV_NAME not set" - exit 1 -fi - -if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then - echo "TALER_CONFIG_CURRENCY not set" - exit 1 -fi - -# The script stops what started along the flow. -# This function should help against processes left -# somehow running. -function stop_running() { - taler-deployment-stop - for n in `jobs -p` - do - kill $n 2> /dev/null || true - done - wait -} - -trap "stop_running" EXIT - - -export IBAN_EXCHANGE="EX00000000000000000000" -function generate_config() { - EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv") - - mkdir -p "$HOME/.config" - - taler-deployment-config-generate \ - --exchange-pub "$EXCHANGE_PUB" \ - --currency "$TALER_CONFIG_CURRENCY" \ - --outdir "$HOME/.config" \ - --envname "$TALER_ENV_NAME" \ - --frontends-apitoken "$TALER_ENV_FRONTENDS_APITOKEN" - -taler-config -s exchange-account-1 \ - -o PAYTO_URI \ - -V "payto://sepa/bank.${TALER_ENV_NAME}.taler.net/eufin/sandbox/$IBAN_EXCHANGE" -} - -## -## Step 1: Generate config -## - -echo -n "Generating configuration.." -case $TALER_ENV_NAME in - tanker|demo|test|int|local) - generate_config - ;; - *) - echo "Not generating config for env $TALER_ENV_NAME" - ;; -esac -echo " OK" -## -## Step 1b: initialize database -## -if test $WITH_DB_RESET = resetDb; then - echo -n "Reset and init exchange DB.." - taler-exchange-dbinit --reset - echo " OK" -fi -## -## Step 2: Copy key material and update denom keys -## - -# For demo, make sure the link to shared data between demo-blue and demo-green is -# set up properly. -case $TALER_ENV_NAME in - demo) - echo -n "Syminking demo's taler-data/ to the color's home directory.." - ln -sfT ~demo/shared-data ~/taler-data - # Check if we won't mess up permissions later - if [[ ! -g ~/taler-data ]]; then - echo "the shared-data directory should have the set-group-id bit set" - exit 1 - fi - echo " OK" - ;; -esac - -echo -n "Trying to copy the exchange private key from deployment.git.." -case $TALER_ENV_NAME in - demo|test|int|local) - EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv") - EXCHANGE_PRIV_FILE=$(taler-config -f -s exchange-offline -o master_priv_file) - if [[ -e "$EXCHANGE_PRIV_FILE" ]]; then - EXCHANGE_PUB2=$(gnunet-ecc -p "$EXCHANGE_PRIV_FILE") - if [[ "$EXCHANGE_PUB" != "$EXCHANGE_PUB2" ]]; then - echo "Warning: Different exchange private key already exists, not copying" - fi - else - mkdir -p "$(dirname "$EXCHANGE_PRIV_FILE")" - cp "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv" "$EXCHANGE_PRIV_FILE" - fi - ;; - *) - echo "Not copying key material for env $TALER_ENV_NAME" - ;; -esac -echo " OK" - -echo -n "Add this exchange to the auditor..." -EXCHANGE_MASTER_PUB=$(taler-config -s exchange -o master_public_key) -taler-auditor-exchange \ - -m "$EXCHANGE_MASTER_PUB" \ - -u "$(taler-config -s exchange -o base_url)" || true -# Make configuration accessible to auditor -chmod 750 "$HOME/.config" -echo " OK" - -## -## Step 3: Set up the exchange key material -## - -echo -n "Setup exchange's key material.." -taler-deployment-arm -s - -# Quickly start+shutdown exchange httpd and crypto SM helpers -taler-deployment-arm -i taler-exchange -taler-deployment-arm -i taler-exchange-secmod-rsa -taler-deployment-arm -i taler-exchange-secmod-eddsa - -sleep 2 # FIXME: poll keys? -if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then - echo "Exchange didn't start, cannot set up keys" - exit 1 -fi -if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then - echo "Exchange (RSA module) didn't start, cannot set up keys." - exit 1 -fi - -if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then - echo "Exchange (EDDSA module) didn't start, cannot set up keys." - exit 1 -fi - -taler-exchange-offline download sign upload - -payto_uri=$(taler-config -s exchange-account-1 -o payto_uri) -taler-exchange-offline enable-account "$payto_uri" upload - -# Set up wire fees for next 5 years -year=$(date +%Y) -curr=$TALER_CONFIG_CURRENCY -for y in $(seq $year $((year + 5))); do - taler-exchange-offline wire-fee $y sepa "$curr:0.01" "$curr:0.01" upload -done - -taler-deployment-arm -k taler-exchange -taler-deployment-arm -k taler-exchange-secmod-rsa -taler-deployment-arm -k taler-exchange-secmod-eddsa -echo " OK" -# Give time to store to disk. -sleep 5 - -## -## Step 4: Set up euFin -## - -if test $WITH_DB_RESET = resetDb; then - echo -n "Resetting euFin databases.." - # NOTE/FIXME: those values _could_ be extracted from - # the environment, as this one contains already the DB - # connection strings. - rm ~/nexus.sqlite - rm ~/sandbox.sqlite - echo " OK" -fi -export LIBEUFIN_SANDBOX_USERNAME="admin" -export LIBEUFIN_SANDBOX_PASSWORD=${LIBEUFIN_ENV_SANDBOX_ADMIN_PASSWORD} -# $1 = ebics user id, $2 = ebics partner, $3 = bank connection name -# $4 = bank account name local to Nexus, $5 = bank account name as known -# by Sandbox -function prepare_nexus_account() { - echo -n "Making bank connection $3 ..." - libeufin-cli connections new-ebics-connection \ - --ebics-url="${SANDBOX_URL}ebicsweb" \ - --host-id=$EBICS_HOST \ - --partner-id=$2 \ - --ebics-user-id=$1 \ - $3 > /dev/null - echo " OK" - echo -n "Connecting $3 ..." - libeufin-cli connections connect $3 > /dev/null - echo " OK" - echo -n "Importing Sandbox bank account ($5) to Nexus ($4) ..." - libeufin-cli connections download-bank-accounts $3 > /dev/null - libeufin-cli connections import-bank-account \ - --offered-account-id=$5 --nexus-bank-account-id=$4 $3 > /dev/null - echo " OK" - # Set how often the automatic routing must fetch the bank account. - echo -n "Setting background payment initiator.." - libeufin-cli accounts task-schedule $4 \ - --task-type="submit" \ - --task-name='submit-payments-every-second' \ - --task-cronspec='* * *' - echo " OK" - echo -n "Setting background history fetch.." - libeufin-cli accounts task-schedule $4 \ - --task-type="fetch" \ - --task-name='fetch-reports-every-second' \ - --task-cronspec='* * *' \ - --task-param-level=report \ - --task-param-range-type=latest - echo " OK" -} - -# $1=ebics username, $2=ebics partner name, -# $3=person name, $4=sandbox bank account name, $5=iban -function prepare_sandbox_account() { - echo -n "Activating ebics subscriber $1 at the sandbox ..." - libeufin-cli \ - sandbox --sandbox-url=$SANDBOX_URL \ - ebicssubscriber create \ - --host-id=$EBICS_HOST \ - --partner-id=$2 \ - --user-id=$1 - echo " OK" - echo -n "Giving a bank account ($4) to $1 ..." - libeufin-cli \ - sandbox --sandbox-url=$SANDBOX_URL \ - ebicsbankaccount create \ - --iban=$5 \ - --bic="BCMAESM1XXX"\ - --person-name="$3" \ - --account-name=$4 \ - --ebics-user-id=$1 \ - --ebics-host-id=$EBICS_HOST \ - --ebics-partner-id=$2 \ - --currency=$TALER_CONFIG_CURRENCY - echo " OK" -} - -NEXUS_URL="http://localhost:5222/" -SANDBOX_URL="http://localhost:5111/" - -echo -n "Making Sandbox superuser..." -libeufin-sandbox superuser admin --password=${LIBEUFIN_ENV_SANDBOX_ADMIN_PASSWORD} -echo " OK" - -echo -n "Lunching Sandbox..." -taler-deployment-arm -i libeufin-sandbox - -if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then - echo "Could not launch Sandbox" - stop_running - exit 1 -fi -echo " OK" - -echo -n "Launching Nexus..." -taler-deployment-arm -i libeufin-nexus -if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then - echo "Could not launch Nexus" - stop_running - exit 1 -fi -echo " OK" - -EBICS_HOST="ebicsDeployedHost" - -echo -n "Make Sandbox EBICS host..." -libeufin-cli \ - sandbox --sandbox-url=$SANDBOX_URL \ - ebicshost create \ - --host-id=$EBICS_HOST -echo " OK" - -export IBAN_MERCHANT="ME00000000000000000001" -export IBAN_CUSTOMER="WA00000000000000000000" - -# note: Ebisc schema doesn't allow dashed names. -prepare_sandbox_account \ - ebicsuserExchange \ - ebicspartnerExchange \ - "Person Exchange" \ - sandbox-account-exchange \ - $IBAN_EXCHANGE -prepare_sandbox_account \ - ebicsuserMerchant \ - ebicspartnerMerchant \ - "Person Merchant" \ - sandbox-account-merchant \ - $IBAN_MERCHANT -prepare_sandbox_account \ - ebicsuserCustomer \ - ebicspartnerCustomer \ - "Person Customer" \ - sandbox-account-customer \ - $IBAN_CUSTOMER - -# Only the exchange needs Nexus. -EXCHANGE_NEXUS_USERNAME=exchange-nexus-user -EXCHANGE_NEXUS_PASSWORD=exchange-nexus-password -echo -n "Make Nexus superuser ..." -libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME --password=$EXCHANGE_NEXUS_PASSWORD -echo " OK" -export LIBEUFIN_NEXUS_URL=$NEXUS_URL -export LIBEUFIN_NEXUS_USERNAME=$EXCHANGE_NEXUS_USERNAME -export LIBEUFIN_NEXUS_PASSWORD=$EXCHANGE_NEXUS_PASSWORD - -# FIXME: this command below likely not needed. Please -# remove, run the test, and commit+push if it still works! -prepare_nexus_account \ - ebicsuserExchange \ - ebicspartnerExchange \ - bankconnection-exchange \ - nexus-bankaccount-exchange \ - sandbox-account-exchange - -echo -n "Create Taler facade ..." -libeufin-cli facades new-taler-wire-gateway-facade \ - --currency=$TALER_CONFIG_CURRENCY \ - --facade-name=facade-exchange \ - bankconnection-exchange nexus-bankaccount-exchange -echo " OK" -FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \") - -taler-deployment-arm -k libeufin-nexus -taler-deployment-arm -k libeufin-sandbox - -# Point the exchange to the facade. -taler-config -s exchange-accountcredentials-1 \ - -o WIRE_GATEWAY_URL \ - -V "${FACADE_URL}" - -taler-config -s exchange-accountcredentials-1 \ - -o USERNAME \ - -V "${EXCHANGE_NEXUS_USERNAME}" - -taler-config -s exchange-accountcredentials-1 \ - -o PASSWORD \ - -V "${EXCHANGE_NEXUS_PASSWORD}" - - -## -## Step 5: Adjust some permissions -## - -case $TALER_ENV_NAME in - demo|test|int) - # Make sure the web server can read ~/local - chmod og+rx ~/local - - # Make sure that shared files created by this user - # are group writable and readable. - find ~/taler-data/ -user "$USER" -exec chmod g+rw {} \; - ;; - *) - ;; -esac - -## -## Step 6: Set up merchant -## - -if test $WITH_DB_RESET = resetDb; then - echo -n "Reset and init merchant database.." - taler-merchant-dbinit --reset - echo " OK" -fi - -# Making sure ARM is not running yet. -taler-deployment-arm -e - -# Need the following services to config instances and tip reserve: -taler-deployment-arm -s - -taler-deployment-arm -i taler-exchange -taler-deployment-arm -i taler-exchange-secmod-rsa -taler-deployment-arm -i taler-exchange-secmod-eddsa -sleep 5 - -if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then - echo "Exchange didn't start, cannot create tip reserve." - exit 1 -fi - -if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then - echo "Exchange (RSA module) didn't start, cannot create tip reserve." - exit 1 -fi - -if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then - echo "Exchange (EDDSA module) didn't start, cannot create tip reserve." - exit 1 -fi - -echo "Configuring instances" -taler-deployment-config-instances-iban -echo "Stopping all the services" -# The following three commands should be removed, -# because the last one is already supposed to stop -# all the running ones. -taler-deployment-arm -k taler-exchange -taler-deployment-arm -k taler-exchange-secmod-rsa -taler-deployment-arm -k taler-exchange-secmod-eddsa -taler-deployment-arm -e |