1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
|
#!/bin/bash
# Prepare a deployment for execution:
# * generate the configuration and setup database
# * put keys in the right place
# * set bank password for the exchange
# * sign the exchange's wire response
# * run some sanity checks (FIXME: not done yet!)
set -eu
source "$HOME/activate"
# $1 = {yes,no} indicates WITH_DB_RESET. Defaults to no.
# Helps avoiding color Y destroying the DB while color X is in
# production.
WITH_DB_RESET=${1-no}
if [[ -z ${TALER_ENV_NAME+x} ]]; then
echo "TALER_ENV_NAME not set"
exit 1
fi
if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then
echo "TALER_CONFIG_CURRENCY not set"
exit 1
fi
# The script stops what started along the flow.
# This function should help against processes left
# somehow running.
function stop_running() {
taler-deployment-stop
for n in `jobs -p`
do
kill $n 2> /dev/null || true
done
wait
}
trap "stop_running" EXIT
function generate_config() {
EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
mkdir -p "$HOME/.config"
taler-deployment-config-generate \
--exchange-pub "$EXCHANGE_PUB" \
--currency "$TALER_CONFIG_CURRENCY" \
--outdir "$HOME/.config" \
--envname "$TALER_ENV_NAME" \
--frontends-apitoken "$TALER_ENV_FRONTENDS_APITOKEN"
}
##
## Step 1: Generate config
##
echo -n "Generating configuration.."
case $TALER_ENV_NAME in
tanker|demo|test|int|local)
generate_config
;;
*)
echo "Not generating config for env $TALER_ENV_NAME"
;;
esac
echo " OK"
##
## Step 1b: initialize database
##
echo -n "Reset and init exchange DB.."
if test $WITH_DB_RESET = yes; then
taler-exchange-dbinit --reset
fi
echo " OK"
##
## Step 2: Copy key material and update denom keys
##
# For demo, make sure the link to shared data between demo-blue and demo-green is
# set up properly.
case $TALER_ENV_NAME in
demo)
echo -n "Syminking demo's taler-data/ to the color's home directory.."
ln -sfT ~demo/shared-data ~/taler-data
# Check if we won't mess up permissions later
if [[ ! -g ~/taler-data ]]; then
echo "the shared-data directory should have the set-group-id bit set"
exit 1
fi
echo " OK"
;;
esac
echo -n "Trying to copy the exchange private key from deployment.git.."
case $TALER_ENV_NAME in
demo|test|int|local)
EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
EXCHANGE_PRIV_FILE=$(taler-config -f -s exchange-offline -o master_priv_file)
if [[ -e "$EXCHANGE_PRIV_FILE" ]]; then
EXCHANGE_PUB2=$(gnunet-ecc -p "$EXCHANGE_PRIV_FILE")
if [[ "$EXCHANGE_PUB" != "$EXCHANGE_PUB2" ]]; then
echo "Warning: Different exchange private key already exists, not copying"
fi
else
mkdir -p "$(dirname "$EXCHANGE_PRIV_FILE")"
cp "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv" "$EXCHANGE_PRIV_FILE"
fi
;;
*)
echo "Not copying key material for env $TALER_ENV_NAME"
;;
esac
echo " OK"
echo -n "Add this exchange to the auditor.."
EXCHANGE_MASTER_PUB=$(taler-config -s exchange -o master_public_key)
taler-auditor-exchange \
-m "$EXCHANGE_MASTER_PUB" \
-u "$(taler-config -s exchange -o base_url)" || true
# Make configuration accessible to auditor
chmod 750 "$HOME/.config"
echo " OK"
##
## Step 3: Set up the exchange key material
##
echo -n "Setup exchange's key material.."
taler-deployment-arm -s
# Quickly start+shutdown exchange httpd and crypto SM helpers
taler-deployment-arm -i taler-exchange
taler-deployment-arm -i taler-exchange-secmod-rsa
taler-deployment-arm -i taler-exchange-secmod-eddsa
sleep 2 # FIXME: poll keys?
if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then
echo "Exchange didn't start, cannot set up keys"
exit 1
fi
if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then
echo "Exchange (RSA module) didn't start, cannot set up keys."
exit 1
fi
if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then
echo "Exchange (EDDSA module) didn't start, cannot set up keys."
exit 1
fi
taler-exchange-offline download sign upload
payto_uri=$(taler-config -s exchange-account-1 -o payto_uri)
taler-exchange-offline enable-account "$payto_uri" upload
# Set up wire fees for next 5 years
year=$(date +%Y)
curr=$TALER_CONFIG_CURRENCY
for y in $(seq $year $((year + 5))); do
taler-exchange-offline wire-fee $y x-taler-bank "$curr:0.01" "$curr:0.01" upload
done
taler-deployment-arm -k taler-exchange
taler-deployment-arm -k taler-exchange-secmod-rsa
taler-deployment-arm -k taler-exchange-secmod-eddsa
echo " OK"
# Give time to store to disk.
sleep 5
##
## Step 4: Set up euFin
##
export LIBEUFIN_SANDBOX_USERNAME="admin"
export LIBEUFIN_SANDBOX_PASSWORD=${LIBEUFIN_ENV_SANDBOX_ADMIN_PASSWORD}
# $1 = ebics user id, $2 = ebics partner, $3 = bank connection name
# $4 = bank account name local to Nexus, $5 = bank account name as known
# by Sandbox
function prepare_nexus_account() {
echo -n "Making bank connection $3 ..."
libeufin-cli connections new-ebics-connection \
--ebics-url="${SANDBOX_URL}ebicsweb" \
--host-id=$EBICS_HOST \
--partner-id=$2 \
--ebics-user-id=$1 \
$3 > /dev/null
echo " OK"
echo -n "Connecting $3 ..."
libeufin-cli connections connect $3 > /dev/null
echo " OK"
echo -n "Importing Sandbox bank account ($5) to Nexus ($4) ..."
libeufin-cli connections download-bank-accounts $3 > /dev/null
libeufin-cli connections import-bank-account \
--offered-account-id=$5 --nexus-bank-account-id=$4 $3 > /dev/null
echo " OK"
}
# $1=ebics username, $2=ebics partner name,
# $3=person name, $4=sandbox bank account name, $5=iban
function prepare_sandbox_account() {
echo -n "Activating ebics subscriber $1 at the sandbox ..."
libeufin-cli \
sandbox --sandbox-url=$SANDBOX_URL \
ebicssubscriber create \
--host-id=$EBICS_HOST \
--partner-id=$2 \
--user-id=$1
echo " OK"
echo -n "Giving a bank account ($4) to $1 ..."
libeufin-cli \
sandbox --sandbox-url=$SANDBOX_URL \
ebicsbankaccount create \
--iban=$5 \
--bic="BCMAESM1XXX"\
--person-name="$3" \
--account-name=$4 \
--ebics-user-id=$1 \
--ebics-host-id=$EBICS_HOST \
--ebics-partner-id=$2 \
--currency=$TALER_CONFIG_CURRENCY
echo " OK"
}
NEXUS_URL="http://localhost:5222/"
SANDBOX_URL="http://localhost:5111/"
libeufin-sandbox superuser admin --password=${LIBEUFIN_ENV_SANDBOX_ADMIN_PASSWORD}
taler-deployment-arm -i libeufin-nexus
taler-deployment-arm -i libeufin-sandbox
if ! curl -s --retry 5 --retry-connrefused $SANDBOX_URL > /dev/null; then
echo "Could not launch Sandbox"
stop_running
exit 1
fi
echo "Sandbox launched"
if ! curl -s --retry 5 --retry-connrefused $NEXUS_URL > /dev/null; then
echo "Could not launch Nexus"
stop_running
exit 1
fi
echo "Nexus launched"
EBICS_HOST="ebicsDeployedHost"
echo -n "Preparing Sandbox ..."
libeufin-cli \
sandbox --sandbox-url=$SANDBOX_URL \
ebicshost create \
--host-id=$EBICS_HOST
echo " OK"
echo -n "Preparing accounts ..."
export IBAN_EXCHANGE="DE89370400440532013000"
export IBAN_MERCHANT="FR1420041010050500013M02606"
export IBAN_CUSTOMER="FR1420041010050500013M02607"
# note: Ebisc schema doesn't allow dashed names.
prepare_sandbox_account \
ebicsuserExchange \
ebicspartnerExchange \
"Person Exchange" \
sandbox-account-exchange \
$IBAN_EXCHANGE
prepare_sandbox_account \
ebicsuserMerchant \
ebicspartnerMerchant \
"Person Merchant" \
sandbox-account-merchant \
$IBAN_MERCHANT
prepare_sandbox_account \
ebicsuserCustomer \
ebicspartnerCustomer \
"Person Customer" \
sandbox-account-customer \
$IBAN_CUSTOMER
echo "Sandbox preparation done"
# Only the exchange needs Nexus.
EXCHANGE_NEXUS_USERNAME=exchange-nexus-user
EXCHANGE_NEXUS_PASSWORD=exchange-nexus-password
echo -n "Make Nexus superuser ..."
libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME --password=$EXCHANGE_NEXUS_PASSWORD
echo " OK"
export LIBEUFIN_NEXUS_URL=$NEXUS_URL
export LIBEUFIN_NEXUS_USERNAME=$EXCHANGE_NEXUS_USERNAME
export LIBEUFIN_NEXUS_PASSWORD=$EXCHANGE_NEXUS_PASSWORD
# FIXME: this command below likely not needed. Please
# remove, run the test, and commit+push if it still works!
prepare_nexus_account \
ebicsuserExchange \
ebicspartnerExchange \
bankconnection-exchange \
nexus-bankaccount-exchange \
sandbox-account-exchange
echo -n "Create Taler facade ..."
libeufin-cli facades new-taler-wire-gateway-facade \
--currency=$TALER_CONFIG_CURRENCY \
--facade-name=facade-exchange \
bankconnection-exchange nexus-bankaccount-exchange
echo " OK"
FACADE_URL=$(libeufin-cli facades list | jq .facades[0].baseUrl | tr -d \")
taler-deployment-arm -k libeufin-nexus
taler-deployment-arm -k libeufin-sandbox
# For now, override what the non-euFin deployment put
# in the configuration. Later, the three values below
# will be specified by the "config generator".
taler-config -s exchange-accountcredentials-1 \
-o WIRE_GATEWAY_URL \
-V "${FACADE_URL}"
taler-config -s exchange-accountcredentials-1 \
-o USERNAME \
-V "${EXCHANGE_NEXUS_USERNAME}"
taler-config -s exchange-accountcredentials-1 \
-o PASSWORD \
-V "${EXCHANGE_NEXUS_PASSWORD}"
##
## Step 5: Adjust some permissions
##
case $TALER_ENV_NAME in
demo|test|int)
# Make sure the web server can read ~/local
chmod og+rx ~/local
# Make sure that shared files created by this user
# are group writable and readable.
find ~/taler-data/ -user "$USER" -exec chmod g+rw {} \;
;;
*)
;;
esac
##
## Step 6: Set up merchant
##
if test $WITH_DB_RESET = yes; then
taler-merchant-dbinit --reset
fi
# Making sure ARM is not running yet.
taler-deployment-arm -e
# Need the following services to config instances and tip reserve:
taler-deployment-arm -s
taler-deployment-arm -i taler-merchant
taler-deployment-arm -i taler-demobank
taler-deployment-arm -i taler-exchange
taler-deployment-arm -i taler-exchange-secmod-rsa
taler-deployment-arm -i taler-exchange-secmod-eddsa
sleep 5
if ! taler-deployment-arm -I | grep "^taler-merchant" | grep "status=started" > /dev/null; then
echo "Merchant didn't start, cannot configure instances / create tip reserve."
exit 1
fi
if ! taler-deployment-arm -I | grep "^taler-demobank" | grep "status=started" > /dev/null; then
echo "Bank didn't start, cannot create tip reserve."
exit 1
fi
if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then
echo "Exchange didn't start, cannot create tip reserve."
exit 1
fi
if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then
echo "Exchange (RSA module) didn't start, cannot create tip reserve."
exit 1
fi
if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then
echo "Exchange (EDDSA module) didn't start, cannot create tip reserve."
exit 1
fi
echo "Configuring instances"
taler-deployment-config-instances
echo "Creating tip reserve"
taler-deployment-config-tips
taler-deployment-arm -k taler-merchant
taler-deployment-arm -k taler-demobank
taler-deployment-arm -k taler-exchange
taler-deployment-arm -k taler-exchange-secmod-rsa
taler-deployment-arm -k taler-exchange-secmod-eddsa
taler-deployment-arm -e
|
