sandcastle-ng

Scripts for the deployment of Sandcastle (GNU Taler)
Log | Files | Refs | README

sandcastle-run (4321B)

      1 #!/usr/bin/env bash
      2 
      3 # Run the Taler container with all the right mounts and preset parameters
      4 
      5 set -exou
      6 
      7 # Ports where individual services are published to the host
      8 SANDCASTLE_PORT_MERCHANT=${SANDCASTLE_PORT_MERCHANT:-127.0.0.1:16000}
      9 SANDCASTLE_PORT_EXCHANGE=${SANDCASTLE_PORT_EXCHANGE:-127.0.0.1:16001}
     10 SANDCASTLE_PORT_BLOG=${SANDCASTLE_PORT_BLOG:-127.0.0.1:16002}
     11 SANDCASTLE_PORT_DONATIONS=${SANDCASTLE_PORT_DONATIONS:-127.0.0.1:16003}
     12 SANDCASTLE_PORT_PROVISION=${SANDCASTLE_PORT_PROVISION:-127.0.0.1:16004}
     13 SANDCASTLE_PORT_LANDING=${SANDCASTLE_PORT_LANDING:-127.0.0.1:16005}
     14 SANDCASTLE_PORT_LIBEUFIN_BANK=${SANDCASTLE_PORT_LIBEUFIN_BANK:-127.0.0.1:16007}
     15 SANDCASTLE_PORT_BANK_SPA=${SANDCASTLE_PORT_BANK_SPA:-127.0.0.1:16009}
     16 SANDCASTLE_PORT_CHALLENGER=${SANDCASTLE_PORT_CHALLENGER:-127.0.0.1:16010}
     17 SANDCASTLE_PORT_AUDITOR=${SANDCASTLE_PORT_AUDITOR:-127.0.0.1:16011}
     18 SANDCASTLE_PORT_DONAU=${SANDCASTLE_PORT_DONAU:-127.0.0.1:16012}
     19 SANDCASTLE_PORT_DRUPAL=${SANDCASTLE_PORT_DRUPAL:-127.0.0.1:16013}
     20 
     21 # Container-internal ports, should by synced with scripts/setup-sandcastle.sh
     22 PORT_INTERNAL_EXCHANGE=8201
     23 PORT_INTERNAL_MERCHANT=8301
     24 PORT_INTERNAL_LIBEUFIN_BANK=8080
     25 PORT_INTERNAL_LANDING=8501
     26 PORT_INTERNAL_BLOG=8502
     27 PORT_INTERNAL_DONATIONS=8503
     28 PORT_INTERNAL_PROVISION=8504
     29 PORT_INTERNAL_BANK_SPA=8505
     30 PORT_INTERNAL_CHALLENGER=8506
     31 PORT_INTERNAL_AUDITOR=8507
     32 PORT_INTERNAL_DONAU=8508
     33 PORT_INTERNAL_DRUPAL=8509
     34 
     35 SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
     36 cd $SCRIPT_DIR
     37 
     38 existing_id=$(podman ps -q -a -f=name=taler-sandcastle)
     39 
     40 if [[ -n $existing_id ]]; then
     41   echo "removing existing taler-sandcastle container $existing_id"
     42   podman rm "$existing_id"
     43 fi
     44 
     45 # We need to be careful with SELinux when using volume mounts, relabel!
     46 
     47 EXTERNAL_IP4=
     48 EXTERNAL_IP6=
     49 
     50 SETUP_NAME=${SANDCASTLE_SETUP_NAME:-demo}
     51 if [[ -n ${SANDCASTLE_OVERRIDE_NAME:-} ]]; then
     52   OVERRIDES="-v $PWD/overrides/${SANDCASTLE_OVERRIDE_NAME}:/overrides:Z"
     53   EXTERNAL_PORT=$(source $PWD/overrides/${SANDCASTLE_OVERRIDE_NAME}; echo ${EXTERNAL_PORT:-})
     54   EXTERNAL_IP4=$(source $PWD/overrides/${SANDCASTLE_OVERRIDE_NAME}; echo ${EXTERNAL_IP:-127.0.0.1})
     55   EXTERNAL_IP6=$(source $PWD/overrides/${SANDCASTLE_OVERRIDE_NAME}; echo ${EXTERNAL_IP:-[::1]})
     56   if [[ $EXTERNAL_PORT =~ ^[0-9]+$ ]]; then
     57     echo Serving via port $EXTERNAL_PORT
     58     PUBLISH_EXTERNAL_PORT4="-p=${EXTERNAL_IP4}${EXTERNAL_IP4:+:}${EXTERNAL_PORT}:${EXTERNAL_PORT}"
     59     PUBLISH_EXTERNAL_PORT6="-p=${EXTERNAL_IP6}${EXTERNAL_IP6:+:}${EXTERNAL_PORT}:${EXTERNAL_PORT}"
     60   fi
     61 else
     62   OVERRIDES=""
     63 fi
     64 
     65 # Will be mounted inside the container
     66 mkdir -p credentials
     67 mkdir -p exported
     68 
     69 # Beware: It is futile to pass environment variables to the container here,
     70 # as they will not be available in the systemd unit that provisions the
     71 # services in the container.
     72 # That's why we mount the right start-up script and override
     73 # to a well-known location.
     74 
     75 # We use slirp4netns because pasta does not allow us to bind ipv4 and ipv6
     76 # localhost
     77 # FIXME: Pasta *should* work with binding to ipv6 [::1] due to dual stack
     78 # support, as long as /proc/sys/net/ipv6/bindv6only is 0.
     79 NETWORK="--network slirp4netns"
     80 
     81 exec podman run \
     82   -d \
     83   -p=$SANDCASTLE_PORT_MERCHANT:$PORT_INTERNAL_MERCHANT \
     84   -p=$SANDCASTLE_PORT_EXCHANGE:$PORT_INTERNAL_EXCHANGE \
     85   -p=$SANDCASTLE_PORT_LIBEUFIN_BANK:$PORT_INTERNAL_LIBEUFIN_BANK \
     86   -p=$SANDCASTLE_PORT_LANDING:$PORT_INTERNAL_LANDING \
     87   -p=$SANDCASTLE_PORT_BLOG:$PORT_INTERNAL_BLOG \
     88   -p=$SANDCASTLE_PORT_DONATIONS:$PORT_INTERNAL_DONATIONS \
     89   -p=$SANDCASTLE_PORT_PROVISION:$PORT_INTERNAL_PROVISION \
     90   -p=$SANDCASTLE_PORT_BANK_SPA:$PORT_INTERNAL_BANK_SPA \
     91   -p=$SANDCASTLE_PORT_CHALLENGER:$PORT_INTERNAL_CHALLENGER \
     92   -p=$SANDCASTLE_PORT_AUDITOR:$PORT_INTERNAL_AUDITOR \
     93   -p=$SANDCASTLE_PORT_DONAU:$PORT_INTERNAL_DONAU \
     94   -p=$SANDCASTLE_PORT_DRUPAL:$PORT_INTERNAL_DRUPAL \
     95   --privileged \
     96   --name taler-sandcastle \
     97   --systemd=always \
     98   $NETWORK \
     99   -v talerdata:/talerdata:Z \
    100   -v talerdata_persistent:/talerdata_persistent:Z \
    101   $OVERRIDES \
    102   ${PUBLISH_EXTERNAL_PORT4:-} \
    103   -v $PWD/credentials:/credentials:Z \
    104   -v $PWD/data:/data:Z \
    105   -v $PWD/scripts:/scripts:Z \
    106   -v $PWD/scripts/$SETUP_NAME:/provision:Z \
    107   -v $PWD/exported:/exported:z \
    108   --entrypoint /sbin/init \
    109   --sdnotify=conmon \
    110   "$@" \
    111   taler-base-all