diff options
Diffstat (limited to 'netzbon/setup-exchange.sh')
-rwxr-xr-x | netzbon/setup-exchange.sh | 171 |
1 files changed, 130 insertions, 41 deletions
diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh index 3491554..8881134 100755 --- a/netzbon/setup-exchange.sh +++ b/netzbon/setup-exchange.sh @@ -10,104 +10,193 @@ source config/internal.conf # # - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus) # - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus) +# - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus) # - EXCHANGE_IBAN (exchange account IBAN) # - EXCHANGE_PAYTO (exchange account PAYTO) # - ENABLE_TLS (http or https?) -check_nexus_exchange "LIBEUFIN_NEXUS_USERNAME" -check_nexus_exchange "NEXUS_EXCHANGE_PASSWORD" - -check_nexus_exchange "EXCHANGE_IBAN" -check_nexus_exchange "EXCHANGE_PAYTO" +if test -z ${LIBEUFIN_NEXUS_USERNAME:-} +then + say "Failure: LIBEUFIN_NEXUS_USERNAME not set" + exit 1 +fi +if test -z ${NEXUS_EXCHANGE_PASSWORD:-} +then + say "Failure: NEXUS_EXCHANGE_PASSWORD not set" + exit 1 +fi +if test -z ${EXCHANGE_IBAN:-} +then + say "Failure: EXCHANGE_IBAN not set" + exit 1 +fi +if test -z ${WIRE_GATEWAY_URL:-} +then + say "Failure: WIRE_GATEWAY_URL not set" + exit 1 +fi +if test -z ${EXCHANGE_PAYTO:-} +then + say "Failure: EXCHANGE_PAYTO not set" + exit 1 +fi -# Create master key as root *unless* user already +# Create master key as taler-exchange-offline *unless* user already # set the MASTER_PUBLIC_KEY to some value we can use. - +export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys +export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv +export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub if test -z ${MASTER_PUBLIC_KEY:-} then + if test ${DO_OFFLINE:-y} == n + then + say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO" + exit 1 + fi say "Setting up offline key" - mkdir -p ~/.local/share/taler/exchange/offline-keys - MASTER_PRIV_FILE=~/.local/share/taler/exchange/offline-keys/master.priv - gnunet-ecc -g1 ${MASTER_PRIV_FILE} - MASTER_PUBLIC_KEY=`gnunet-ecc -p ~/.local/share/taler/exchange/offline-keys/master.priv` + MASTER_PUBLIC_KEY=`sudo -i -u taler-exchange-offline taler-exchange-offline setup` + echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/user.conf + if test -z ${DO_OFFLINE:-} + then + # Set 'DO_OFFLINE' + DO_OFFLINE=y + echo "DO_OFFLINE=y" >> config/user.conf + fi fi export MASTER_PUBLIC_KEY -echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/taler-internal.conf + + +say "Setting up exchange database" +EXCHANGE_DB=talerexchange +# Use "|| true" to continue if these already exist. +sudo -i -u postgres createuser -d taler-exchange-httpd || true +sudo -i -u postgres createuser taler-exchange-wire || true +sudo -i -u postgres createuser taler-exchange-closer || true +sudo -i -u postgres createuser taler-exchange-aggregator || true +sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true + +echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} say "Configuring exchange" if test ${ENABLE_TLS} = "y" then - export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}" + export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}/" else - export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}" + export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}/" fi -# Generate /etc/taler/conf.d/setup.conf +# Generate /etc/taler/conf.d/setup.conf echo -e "[taler]\n"\ "CURRENCY=${CURRENCY}\n"\ "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n"\ "AML_THRESHOLD=${CURRENCY}:1000000\n"\ - "\n"\ - "[exchange]\n"\ + "\n[exchange]\n"\ "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n"\ - "MASTER_PRIV_FILE=${MASTER_PUBLIC_KEY}\n"\ "BASE_URL=${EXCHANGE_BASE_URL}\n"\ - "\n"\ - "[merchant-exchange-${DOMAIN_NAME}]\n"\ + "\n[exchange-offline]\n"\ + "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\ + "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\ + "\n[merchant-exchange-${DOMAIN_NAME}]\n"\ "MASTER_KEY=${MASTER_PUBLIC_KEY}\n"\ "CURRENCY=${CURRENCY}\n"\ "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n"\ - "\n"\ - "[exchange-account-default]\n"\ + "\n[exchange-account-default]\n"\ "PAYTO_URI=${EXCHANGE_PAYTO}\n"\ "ENABLE_DEBIT=YES\n"\ "ENABLE_CREDIT=YES\n"\ - "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" + "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" \ > /etc/taler/conf.d/setup.conf +echo -e "[exchangedb-postgres]\n"\ + "CONFIG=postgres:///${EXCHANGE_DB}\n"\ + > /etc/taler/secrets/exchange-db.secret.conf +chmod 440 /etc/taler/secrets/exchange-db.secret.conf +chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf + echo -e "[exchange-accountcredentials-default]\n"\ - "WIRE_GATEWAY_URL=${CURRENCY}\n"\ + "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n"\ "WIRE_GATEWAY_AUTH_METHOD=basic\n"\ "USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n"\ "PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n"\ > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf taler-harness deployment gen-coin-config \ --min-amount ${CURRENCY}:0.01 \ --max-amount ${CURRENCY}:100 \ | sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \ - > /etc/taler/conf.d/${CURRENCY}-coins.conf + > /etc/taler/conf.d/${CURRENCY}-coins.conf + + +# FIXME-DOLD: this belongs with taler-harness +for SEC in `taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -S | grep COIN-` +do + taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -s $SEC -o CIPHER -V "RSA" +done + +say "Initializing exchange database" +sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf say "Launching exchange" -systemctl enable --now taler-exchange +systemctl enable --now taler-exchange.target -echo -n "Waiting for exchange..." +say "Waiting for exchange HTTP service (/config)..." curl --max-time 2 \ --retry-connrefused \ --retry-delay 1 \ --retry 10 \ - ${EXCHANGE_BASE_URL}/config &> /dev/null -echo "DONE" + ${EXCHANGE_BASE_URL}config &> /dev/null +say "DONE" -say "Offline interaction..." +say "Waiting for exchange management keys (this may take a while)..." +curl --max-time 30 \ + --retry-delay 1 \ + --retry 60 \ + ${EXCHANGE_BASE_URL}management/keys &> /dev/null +say "DONE" -taler-exchange-offline \ - -c /etc/taler/taler.conf \ - download \ - sign \ - enable-account ${EXCHANGE_PAYTO} \ - wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \ - global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6y 0 \ - upload +say "Offline interaction..." +if test ${DO_OFFLINE} == y +then + sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + -c /etc/taler/taler.conf \ + download \ + sign \ + upload + + sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + enable-account ${EXCHANGE_PAYTO} \ + wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \ + global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6a 0 \ + upload +fi -echo -n "Waiting for exchange /keys..." +say "Waiting for exchange /keys..." curl --max-time 2 \ --retry-connrefused \ --retry-delay 1 \ --retry 10 \ - ${EXCHANGE_BASE_URL}/keys &> /dev/null -echo "DONE" + ${EXCHANGE_BASE_URL}keys &> /dev/null +say "DONE" + +say "Exchange setup finished" |