#!/bin/bash # Values needed: # # currency set -eu source "$HOME/activate" # $1 = {yes,no} indicates WITH_DB_RESET. Defaults to no. # Helps avoiding color Y destroying the DB while color X is in # production. WITH_DB_RESET=${1-no} if [[ -z ${TALER_ENV_NAME+x} ]]; then echo "TALER_ENV_NAME not set" exit 1 fi if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then echo "TALER_CONFIG_CURRENCY not set" exit 1 fi # The script stops what started along the flow. # This function should help against processes left # somehow running. function stop_running() { taler-deployment-stop for n in `jobs -p` do kill $n 2> /dev/null || true done wait } trap "stop_running" EXIT export IBAN_EXCHANGE="EX00000000000000000000" function generate_config() { EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv") mkdir -p "$HOME/.config" taler-deployment-config-generate \ --exchange-pub "$EXCHANGE_PUB" \ --currency "$TALER_CONFIG_CURRENCY" \ --outdir "$HOME/.config" \ --envname "$TALER_ENV_NAME" \ --frontends-apitoken "$TALER_ENV_FRONTENDS_APITOKEN" taler-config -s exchange-account-1 \ -o PAYTO_URI \ -V "payto://sepa/bank.${TALER_ENV_NAME}.taler.net/eufin/sandbox/$IBAN_EXCHANGE" } ## ## Step 1: Generate config ## echo -n "Generating configuration.." case $TALER_ENV_NAME in tanker|demo|test|int|local) generate_config ;; *) echo "Not generating config for env $TALER_ENV_NAME" ;; esac echo " OK" ## ## Step 1b: initialize database ## if test $WITH_DB_RESET = resetDb; then echo -n "Reset and init exchange DB.." taler-exchange-dbinit --reset echo " OK" fi ## ## Step 2: Copy key material and update denom keys ## # For demo, make sure the link to shared data between demo-blue and demo-green is # set up properly. case $TALER_ENV_NAME in demo) echo -n "Syminking demo's taler-data/ to the color's home directory.." ln -sfT ~demo/shared-data ~/taler-data # Check if we won't mess up permissions later if [[ ! -g ~/taler-data ]]; then echo "the shared-data directory should have the set-group-id bit set" exit 1 fi echo " OK" ;; esac echo -n "Trying to copy the exchange private key from deployment.git.." case $TALER_ENV_NAME in demo|test|int|local) EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv") EXCHANGE_PRIV_FILE=$(taler-config -f -s exchange-offline -o master_priv_file) if [[ -e "$EXCHANGE_PRIV_FILE" ]]; then EXCHANGE_PUB2=$(gnunet-ecc -p "$EXCHANGE_PRIV_FILE") if [[ "$EXCHANGE_PUB" != "$EXCHANGE_PUB2" ]]; then echo "Warning: Different exchange private key already exists, not copying" fi else mkdir -p "$(dirname "$EXCHANGE_PRIV_FILE")" cp "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv" "$EXCHANGE_PRIV_FILE" fi ;; *) echo "Not copying key material for env $TALER_ENV_NAME" ;; esac echo " OK" echo -n "Add this exchange to the auditor..." EXCHANGE_MASTER_PUB=$(taler-config -s exchange -o master_public_key) taler-auditor-exchange \ -m "$EXCHANGE_MASTER_PUB" \ -u "$(taler-config -s exchange -o base_url)" || true # Make configuration accessible to auditor chmod 750 "$HOME/.config" echo " OK" ## ## Step 3: Set up the exchange key material ## echo -n "Setup exchange's key material.." taler-deployment-arm -s # Quickly start+shutdown exchange httpd and crypto SM helpers taler-deployment-arm -i taler-exchange taler-deployment-arm -i taler-exchange-secmod-rsa taler-deployment-arm -i taler-exchange-secmod-eddsa sleep 2 # FIXME: poll keys? if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then echo "Exchange didn't start, cannot set up keys" exit 1 fi if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then echo "Exchange (RSA module) didn't start, cannot set up keys." exit 1 fi if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then echo "Exchange (EDDSA module) didn't start, cannot set up keys." exit 1 fi taler-exchange-offline download sign upload payto_uri=$(taler-config -s exchange-account-1 -o payto_uri) taler-exchange-offline enable-account "$payto_uri" upload # Set up wire fees for next 5 years year=$(date +%Y) curr=$TALER_CONFIG_CURRENCY for y in $(seq $year $((year + 5))); do taler-exchange-offline wire-fee $y sepa "$curr:0.01" "$curr:0.01" upload done taler-deployment-arm -k taler-exchange taler-deployment-arm -k taler-exchange-secmod-rsa taler-deployment-arm -k taler-exchange-secmod-eddsa echo " OK" # Give time to store to disk. sleep 5 ## ## Step 4: Set up euFin ## if test $WITH_DB_RESET = resetDb; then echo -n "Resetting euFin databases.." # NOTE/FIXME: those values _could_ be extracted from # the environment, as this one contains already the DB # connection strings. rm ~/nexus.sqlite rm ~/sandbox.sqlite echo " OK" fi export LIBEUFIN_SANDBOX_USERNAME="admin" export LIBEUFIN_SANDBOX_PASSWORD=${LIBEUFIN_ENV_SANDBOX_ADMIN_PASSWORD} # $1 = ebics user id, $2 = ebics partner, $3 = bank connection name # $4 = bank account name local to Nexus, $5 = bank account name as known # by Sandbox function prepare_nexus_account() { echo -n "Making bank connection $3 ..." libeufin-cli connections new-ebics-connection \ --ebics-url="${SANDBOX_URL}ebicsweb" \ --host-id=$EBICS_HOST \ --partner-id=$2 \ --ebics-user-id=$1 \ $3 > /dev/null echo " OK" echo -n "Connecting $3 ..." libeufin-cli connections connect $3 > /dev/null echo " OK" echo -n "Importing Sandbox bank account ($5) to Nexus ($4) ..." libeufin-cli connections download-bank-accounts $3 > /dev/null libeufin-cli connections import-bank-account \ --offered-account-id=$5 --nexus-bank-account-id=$4 $3 > /dev/null echo " OK" # Set how often the automatic routing must fetch the bank account. echo -n "Setting background payment initiator.." libeufin-cli accounts task-schedule $4 \ --task-type="submit" \ --task-name='submit-payments-every-second' \ --task-cronspec='* * *' echo " OK" echo -n "Setting background history fetch.." libeufin-cli accounts task-schedule $4 \ --task-type="fetch" \ --task-name='fetch-reports-every-second' \ --task-cronspec='* * *' \ --task-param-level=report \ --task-param-range-type=latest echo " OK" } # $1=ebics username, $2=ebics partner name, # $3=person name, $4=sandbox bank account name, $5=iban function prepare_sandbox_account() { echo -n "Activating ebics subscriber $1 at the sandbox ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicssubscriber create \ --host-id=$EBICS_HOST \ --partner-id=$2 \ --user-id=$1 echo " OK" echo -n "Giving a bank account ($4) to $1 ..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicsbankaccount create \ --iban=$5 \ --bic="BCMAESM1XXX"\ --person-name="$3" \ --account-name=$4 \ --ebics-user-id=$1 \ --ebics-host-id=$EBICS_HOST \ --ebics-partner-id=$2 \ --currency=$TALER_CONFIG_CURRENCY echo " OK" } NEXUS_URL="http://localhost:5222/" SANDBOX_URL="http://localhost:5111/" echo -n "Making Sandbox superuser..." libeufin-sandbox superuser admin --password=${LIBEUFIN_ENV_SANDBOX_ADMIN_PASSWORD} echo " OK" echo -n "Lunching Sandbox..." taler-deployment-arm -i libeufin-sandbox if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then echo "Could not launch Sandbox" stop_running exit 1 fi echo " OK" echo -n "Launching Nexus..." taler-deployment-arm -i libeufin-nexus if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then echo "Could not launch Nexus" stop_running exit 1 fi echo " OK" EBICS_HOST="ebicsDeployedHost" echo -n "Make Sandbox EBICS host..." libeufin-cli \ sandbox --sandbox-url=$SANDBOX_URL \ ebicshost create \ --host-id=$EBICS_HOST echo " OK" export IBAN_MERCHANT="ME00000000000000000001" export IBAN_CUSTOMER="WA00000000000000000000" # note: Ebisc schema doesn't allow dashed names. prepare_sandbox_account \ ebicsuserExchange \ ebicspartnerExchange \ "Person Exchange" \ sandbox-account-exchange \ $IBAN_EXCHANGE prepare_sandbox_account \ ebicsuserMerchant \ ebicspartnerMerchant \ "Person Merchant" \ sandbox-account-merchant \ $IBAN_MERCHANT prepare_sandbox_account \ ebicsuserCustomer \ ebicspartnerCustomer \ "Person Customer" \ sandbox-account-customer \ $IBAN_CUSTOMER # Only the exchange needs Nexus. EXCHANGE_NEXUS_USERNAME=exchange-nexus-user EXCHANGE_NEXUS_PASSWORD=exchange-nexus-password echo -n "Make Nexus superuser ..." libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME --password=$EXCHANGE_NEXUS_PASSWORD echo " OK" export LIBEUFIN_NEXUS_URL=$NEXUS_URL export LIBEUFIN_NEXUS_USERNAME=$EXCHANGE_NEXUS_USERNAME export LIBEUFIN_NEXUS_PASSWORD=$EXCHANGE_NEXUS_PASSWORD # FIXME: this command below likely not needed. Please # remove, run the test, and commit+push if it still works! prepare_nexus_account \ ebicsuserExchange \ ebicspartnerExchange \ bankconnection-exchange \ nexus-bankaccount-exchange \ sandbox-account-exchange echo -n "Create Taler facade ..." libeufin-cli facades new-taler-wire-gateway-facade \ --currency=$TALER_CONFIG_CURRENCY \ --facade-name=facade-exchange \ bankconnection-exchange nexus-bankaccount-exchange echo " OK" FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \") taler-deployment-arm -k libeufin-nexus taler-deployment-arm -k libeufin-sandbox # Point the exchange to the facade. taler-config -s exchange-accountcredentials-1 \ -o WIRE_GATEWAY_URL \ -V "${FACADE_URL}" taler-config -s exchange-accountcredentials-1 \ -o USERNAME \ -V "${EXCHANGE_NEXUS_USERNAME}" taler-config -s exchange-accountcredentials-1 \ -o PASSWORD \ -V "${EXCHANGE_NEXUS_PASSWORD}" ## ## Step 5: Adjust some permissions ## case $TALER_ENV_NAME in demo|test|int) # Make sure the web server can read ~/local chmod og+rx ~/local # Make sure that shared files created by this user # are group writable and readable. find ~/taler-data/ -user "$USER" -exec chmod g+rw {} \; ;; *) ;; esac ## ## Step 6: Set up merchant ## if test $WITH_DB_RESET = resetDb; then echo -n "Reset and init merchant database.." taler-merchant-dbinit --reset echo " OK" fi # Making sure ARM is not running yet. taler-deployment-arm -e # Need the following services to config instances and tip reserve: taler-deployment-arm -s taler-deployment-arm -i taler-exchange taler-deployment-arm -i taler-exchange-secmod-rsa taler-deployment-arm -i taler-exchange-secmod-eddsa sleep 5 if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then echo "Exchange didn't start, cannot create tip reserve." exit 1 fi if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then echo "Exchange (RSA module) didn't start, cannot create tip reserve." exit 1 fi if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then echo "Exchange (EDDSA module) didn't start, cannot create tip reserve." exit 1 fi echo "Configuring instances" taler-deployment-config-instances-iban echo "Stopping all the services" # The following three commands should be removed, # because the last one is already supposed to stop # all the running ones. taler-deployment-arm -k taler-exchange taler-deployment-arm -k taler-exchange-secmod-rsa taler-deployment-arm -k taler-exchange-secmod-eddsa taler-deployment-arm -e