f-deployment.tex (5843B)
1 \section{Deployment} 2 \label{sec-deployment} 3 4 \subsection{Preparation} 5 6 For the deployment the it is recommended to use a Debian Linux machine. To prepare the deployment of C2EC following steps must be done: 7 8 \begin{enumerate} 9 \item Machine which has bash, go and postgres installed must be prepared. 10 \item Three \textit{different} passwords (each must be different, stored in a secure location, like a password manager for example) 11 \item For the setup the username and password of postgresql superuser must be known. 12 \item The name for the database must be known and the database must exist at the target database system. 13 \item The installation location of C2EC must be created 14 \item The \textit{setup} script in the root directory of cashless2cash must be altered with the values mentioned above. 15 \item Set the postgres variables \texttt{PGHOST} and \texttt{PGPORT} to the correct values if needed 16 \end{enumerate} 17 18 For the deployment of the Wallee payment terminal app, the following steps are necessary to prepare the usage of the cashless withdrawals leveraging Wallee: 19 20 \begin{enumerate} 21 \item A running deployment of C2EC must be accessible. 22 \item Wallee must be a registered provider at the C2EC instance. 23 \item The terminal must be registered at C2EC. 24 \end{enumerate} 25 26 \subsection{Setup} 27 28 Once the steps from the preparation were succesfully done, the \textit{setup}-script can now be run. It will initiate the database and setup the users (as described in \autoref{sec-security-db-users}) with the correct permissions. It will further generate the executables for C2EC, the cli and the simulation inside the specified \texttt{C2EC\_HOME}. The setup script contains sensitive credentials and shall be deleted after using it. Maybe it can be stored in a save location like a password manager. Like this it will be still available in the future but will not lie around on the filesystem. 29 30 \subsubsection{Setting Up Wallee As Provider} 31 32 To allow withdrawals using Wallee as provider, the correct access tokens must be created at the Wallee backend. Therefore a new application user must be created and the \textit{application user key} must be saved to a password manager. Then Wallee must be registered at C2EC using the cli (described in \autoref{sec-implementation-cli}) and the \textit{rp} command. There the space-id, the user-id of the application user and the application-user-key must be provided. The cli will register the provider using these values. 33 34 \subsubsection{Registering Wallee Terminal} 35 \label{sec-implementation-deployment-wallee-terminal} 36 37 When Wallee was registered as provider, one must register a terminal to allow access to the Taler Terminals API of C2EC. Therefore also the cli with its \textit{rt} command can be used. It will generate the terminal user id and the access token. Both these values should be stored in a save location like the password manager 38 39 \subsubsection{Setting Up The Terminal} 40 41 To setup the Wallee terminal, the Android app must be configured and built with the credentials gained by the terminal registration process described in \autoref{sec-implementation-deployment-wallee-terminal}. 42 43 \subsubsection{Setting Up The Simulation} 44 45 When the simulation shall be installed the \textit{prod}-flag in the C2EC configuration should be disabled, in order to allow the simulation provider to be registered at startup. This is a security measure, that testing facilities are not reachable in productive use of the system. 46 47 \subsection{Deploy} 48 49 When the provider and the terminal was successfully registered, the configuration located inside the \texttt{C2EC\_HOME} must be adjusted to the correct values. Once this is done, the C2EC process can be started using \texttt{./c2ec -c [PATH-TO-CONFIGFILE]}. 50 51 The terminal app must be deployed by the Wallee support. The Android package (APK) will be installed over the air by them once the APK was accepted and signed by them. To get a signed APK, it must be sent to \textit{info@wallee.com}. They will first check and sign the APK. After this step another message must be sent to them with a link to the signed APK. With this request the information of the terminal to install the application on must be given. Wallee will then rollout the app on the specified device. 52 53 \subsubsection{Making C2EC Accessible Via Internet} 54 55 To make the C2EC instance available a web-server must be configured to receive requests and hand them to the C2EC instance. The exact configuration will not be covered within this thesis. The test installation uses a NGINX reverse proxy \cite{nginx-reverse-proxy} to allow the access over the internet. A rudimentary configuration is enough to allow the access. It helps to set big timeouts since a lot of long-polling is done. To not undermine this, NGINX should not terminate the connection before the long-poll time exceeds. Setting big values for timeouts will be a good practice for C2EC. On the other hand clients should not run long running requests (more than a minute or two) against C2EC and instead leverage retries to extend the time they wait for a response. A value between 30 and 60 seconds might be a good choice for long-polling requests (These values are also used by the wallet and the wire watch process of the Exchange). Using too long values for long-pollings can result in less robust systems due to timeout problems. 56 57 \subsection{Migration And Releases} 58 \label{sec-implementation-deployment-migration} 59 60 When a new version of the system shall be installed, the new executable can be built by issueing \texttt{make build} from the sources root directory. After migrating the database using \texttt{make migrate} the newly built executable can be started. For new versions of the cli and the installation \texttt{make cli} and \texttt{make simulation} can be used.