From ca6387acbbb9bc0e2888c9a6802a45fd743bea75 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Mon, 16 Oct 2023 20:01:22 +0200 Subject: WIP --- sandcastle-ng/Dockerfile | 13 +++- sandcastle-ng/buildconfig/merchant-demos.tag | 2 +- sandcastle-ng/scripts/setup-sandcastle.sh | 88 ++++++++++++++++++++++++---- 3 files changed, 88 insertions(+), 15 deletions(-) diff --git a/sandcastle-ng/Dockerfile b/sandcastle-ng/Dockerfile index 5eba820..6c47ae3 100644 --- a/sandcastle-ng/Dockerfile +++ b/sandcastle-ng/Dockerfile @@ -33,6 +33,7 @@ RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends inst npm \ openjdk-17-jre-headless \ openjdk-17-jdk-headless \ + default-jre-headless \ nano \ procps \ python3-jinja2 \ @@ -53,7 +54,12 @@ RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends inst fakeroot \ libzbar-dev \ libltdl-dev \ - net-tools + net-tools \ + python3-flask \ + python3-flask-babel \ + uwsgi \ + python3-bs4 \ + pybuild-plugin-pyproject # old: libzbar-dev @@ -123,7 +129,6 @@ COPY buildconfig/libeufin.tag /buildconfig/ RUN TAG=$(cat /buildconfig/libeufin.tag) && \ git clone git://git.taler.net/libeufin \ --branch $TAG -RUN apt-get install -y default-jre-headless WORKDIR /build/libeufin RUN ./bootstrap RUN ./configure --prefix=/usr @@ -214,7 +219,9 @@ RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends inst less \ caddy \ systemd-coredump \ - libnss3-tools + libnss3-tools \ + latexmk \ + texlive-latex-extra RUN mkdir -p /packages COPY --from=gnunet /packages/gnunet/* /packages/ COPY --from=exchange /packages/exchange/* /packages/ diff --git a/sandcastle-ng/buildconfig/merchant-demos.tag b/sandcastle-ng/buildconfig/merchant-demos.tag index d47a5c3..06dc5b3 100644 --- a/sandcastle-ng/buildconfig/merchant-demos.tag +++ b/sandcastle-ng/buildconfig/merchant-demos.tag @@ -1 +1 @@ -v0.9.3-dev.2 +v0.9.3-dev.4 diff --git a/sandcastle-ng/scripts/setup-sandcastle.sh b/sandcastle-ng/scripts/setup-sandcastle.sh index b52f7f5..5afa20c 100755 --- a/sandcastle-ng/scripts/setup-sandcastle.sh +++ b/sandcastle-ng/scripts/setup-sandcastle.sh @@ -2,6 +2,10 @@ # This scripts provisions all configuration and # services for the Taler sandcastle container. +# +# Important: This script needs to be completely +# idempotent, nothing must break if it is executed +# multiple times. set -eu set -x @@ -18,6 +22,10 @@ EXCHANGE_BANK_PASSWORD=sandbox systemctl stop taler-exchange.target systemctl stop taler-merchant-httpd.service systemctl stop postgresql.service +systemctl stop taler-demo-landing.service +systemctl stop taler-demo-blog.service +systemctl stop taler-demo-donations.service +systemctl stop taler-demo-survey.service # We now make sure that some important locations are symlinked to # the persistent storage volume. @@ -60,18 +68,23 @@ lift_dir /var/lib/postgresql var-lib-postgresql systemctl stop caddy.service -LANDING_DOMAIN=demo.taler.net -BANK_DOMAIN=bank.demo.taler.net -EXCHANGE_DOMAIN=exchange.demo.taler.net -MERCHANT_DOMAIN=backend.demo.taler.net -BLOG_DOMAIN=shop.demo.taler.net -DONATIONS_DOMAIN=donations.demo.taler.net -SURVEY_DOMAIN=survey.demo.taler.net +MYDOMAIN=demo.taler.net +LANDING_DOMAIN=$MYDOMAIN +BANK_DOMAIN=bank.$MYDOMAIN +EXCHANGE_DOMAIN=exchange.$MYDOMAIN +MERCHANT_DOMAIN=backend.$MYDOMAIN +BLOG_DOMAIN=shop.$MYDOMAIN +DONATIONS_DOMAIN=donations.$MYDOMAIN +SURVEY_DOMAIN=survey.$MYDOMAIN cat < /etc/caddy/Caddyfile https://$BANK_DOMAIN { tls internal - reverse_proxy :8080 + reverse_proxy :8080 { + # libeufin-bank should eventually not require this anymore, + # but currently doesn't work without this header. + header_up X-Forwarded-Prefix "/" + } } https://$EXCHANGE_DOMAIN { @@ -196,6 +209,17 @@ echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u pos echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +# # The ToS generator is currently borked, we don't generated ToS until that's fixed. +TOS_PATH=/usr/share/taler/terms +if [[ ! -e "$TOS_PATH/stamp-generated" ]]; then + # ToS generator is picky about the path that it is being run from + cd $TOS_PATH + taler-terms-generator -i exchange-tos-v0 -a "Taler Systems SA" -C "Taler Systems SA" -p a4 -o $TOS_PATH -l en + taler-terms-generator -i exchange-pp-v0 -a "Taler Systems SA" -C "Taler Systems SA" -p a4 -o $TOS_PATH -l en + touch "$TOS_PATH/stamp-generated" + cd - +fi + systemctl enable --now taler-exchange.target taler-harness deployment wait-taler-service taler-exchange https://$EXCHANGE_DOMAIN/config @@ -226,9 +250,8 @@ cat </etc/taler/secrets/merchant-db.secret.conf [merchantdb-postgres] CONFIG=postgres:///${MERCHANT_DB} EOF -# FIXME: The right groups don't exist right now -#chmod 440 /etc/taler/secrets/merchant-db.secret.conf -#chown root:taler-merchant-db /etc/taler/secrets/merchant-db.secret.conf +chmod 440 /etc/taler/secrets/merchant-db.secret.conf +chown taler-merchant-httpd:root /etc/taler/secrets/merchant-db.secret.conf sudo -u taler-merchant-httpd taler-merchant-dbinit -c /etc/taler/taler.conf @@ -237,3 +260,46 @@ taler-harness deployment wait-taler-service taler-merchant https://$MERCHANT_DOM # merchant passwd # taler-harness deployment provision-merchant-instance https://$MERCHANT_DOMAIN/ + +taler-harness deployment provision-merchant-instance \ + https://backend.demo.taler.net/ \ + --management-token secret-token:sandbox \ + --instance-token secret-token:sandbox \ + --name Merchant \ + --id default \ + --payto 'payto://iban/DE5135717?receiver-name=Merchant' + + +# Now we set up the taler-merchant-demos + +cat </etc/taler/taler-merchant-frontends.conf +# Different entry point, we need to repeat some settings. +# In the future, taler-merchant-demos should become +# robust enough to read from the main config. +[taler] +CURRENCY = $CURRENCY +[frontends] +BACKEND = https://backend.demo.taler.net/ +BACKEND_APIKEY = secret-token:sandbox +[landing] +SERVE = http +HTTP_PORT = 8501 +[blog] +SERVE = http +HTTP_PORT = 8502 +[donations] +SERVE = http +HTTP_PORT = 8503 +[survey] +SERVE = http +HTTP_PORT = 8504 +EOF + +systemctl enable --now taler-demo-landing +systemctl enable --now taler-demo-blog +systemctl enable --now taler-demo-donations +systemctl enable --now taler-demo-survey + + +# FIXME: Maybe do some taler-wallet-cli test? +# FIXME: How do we report errors occurring during the setup script? -- cgit v1.2.3