taler-deployment

Deployment scripts and configuration files
Log | Files | Refs | README
commit 193972baa1de6d0c98f54dd4f1420d880507c4b3
parent c65e71d23dea126a4cf24368dc7774f53cace563
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sat,  4 Mar 2023 10:56:55 +0100

quote

Diffstat:

Mnetzbon/config_launch_libeufin.sh | 112++++++++++++++++++++++++++++++++++++++++++++++---------------------------------


Anetzbon/config_nginx.sh | 21+++++++++++++++++++++


Mnetzbon/main.sh | 42++++++++++--------------------------------


3 files changed, 96 insertions(+), 79 deletions(-)

diff --git a/netzbon/config_launch_libeufin.sh b/netzbon/config_launch_libeufin.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This file is in the public domain.
-# 
+#
 # This script configure and launches Sandbox and Nexus.
 # The setup provides the admin account at Sandbox, and
 # another account for the exchange at Nexus and Sandbox.
@@ -17,9 +17,19 @@
 # - SANDBOX_EXCHANGE_PASSWORD: password of the exchange
 #     bank account hosted at Sandbox.  The related
 #     username is: exchange-at-sandbox
+#
+# OUTPUTS:
+#
+# LIBEUFIN_NEXUS_USERNAME -- username of the exchange
+# LIBEUFIN_NEXUS_PASSWORD -- password of the exchange
+#
+# FIXME: missing output!
+# LIBEUFIN_SANDBOX_EXCHANGE_IBAN -- IBAN of the exchange
 
 set -eu
 
+# FIXME: does this belong here? Or should we
+# do this globally in 'main'?
 function exit_cleanup()
 {
   echo "Running exit-cleanup"
@@ -30,83 +40,91 @@ function exit_cleanup()
     wait || true
     echo "DONE"
 }
-
 trap "exit_cleanup" EXIT
-curl --version &> /dev/null || (echo "'curl' command not found"; exit 77)
-export LIBEUFIN_SANDBOX_DB_CONNECTION=$DATABASE_CONNECTION
-CURRENCY=NB
-echo -n Configure the default demobank with $CURRENCY...
-libeufin-sandbox config --with-signup-bonus --currency $CURRENCY default
-echo DONE
-echo -n Start the bank...
-export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=$SANDBOX_ADMIN_PASSWORD
+
+# EBICS parameters that must match but are only used internally.
+EBICS_HOST_ID="TALERHOST"
+EBICS_PARTNER_ID="talerop"
+EBICS_USER_ID="exchangeebics"
+EBICS_CONNECTION_NAME="exchangeconn"
+# FIXME: "exchange-at-nexus" also should be one of these
+
+export LIBEUFIN_SANDBOX_DB_CONNECTION="${DATABASE_CONNECTION}"
+echo -n "Configure the default demobank with ${CURRENCY}..."
+libeufin-sandbox config --with-signup-bonus --currency ${CURRENCY} default
+echo "DONE"
+echo -n "Start the bank..."
+export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="${SANDBOX_ADMIN_PASSWORD}"
 libeufin-sandbox serve &> sandbox.log &
 SANDBOX_PID=$!
-echo DONE
-echo -n Wait for the bank...
+echo "DONE"
+echo -n "Wait for the bank..."
 curl --max-time 2 --retry-connrefused --retry-delay 1 --retry 10 http://localhost:5000/ &> /dev/null
-echo DONE
-echo -n Make one superuser at Nexus...
+echo "DONE"
+echo -n "Make one superuser at Nexus..."
 export LIBEUFIN_NEXUS_DB_CONNECTION=$DATABASE_CONNECTION
 libeufin-nexus superuser \
   exchange-at-nexus \
   --password $NEXUS_EXCHANGE_PASSWORD
-echo DONE
-echo -n Launching Nexus...
+echo "DONE"
+echo -n "Launching Nexus..."
 libeufin-nexus serve &> nexus.log &
 NEXUS_PID=$!
-echo DONE
-echo -n Waiting for Nexus...
+echo "DONE"
+echo -n "Waiting for Nexus..."
 curl --max-time 2 --retry-connrefused --retry-delay 1 --retry 10 http://localhost:5001/ &> /dev/null
-echo DONE
+echo "DONE"
 
 echo -n "Register the exchange Sandbox account..."
-export LIBEUFIN_SANDBOX_USERNAME=exchange-at-sandbox
+export LIBEUFIN_SANDBOX_USERNAME="exchange-at-sandbox"
 export LIBEUFIN_SANDBOX_PASSWORD=$SANDBOX_EXCHANGE_PASSWORD
 libeufin-cli \
   sandbox --sandbox-url http://localhost:5000/ \
   demobank register
-echo DONE
-export LIBEUFIN_SANDBOX_USERNAME=admin
+echo "DONE"
+export LIBEUFIN_SANDBOX_USERNAME="admin"
 export LIBEUFIN_SANDBOX_PASSWORD=$SANDBOX_ADMIN_PASSWORD
 echo -n "Create EBICS host at Sandbox..."
 libeufin-cli sandbox \
   --sandbox-url http://localhost:5000 \
-  ebicshost create --host-id NBHOST
-echo OK
+  ebicshost create --host-id ${EBICS_HOST_ID}
+echo "OK"
 echo -n "Create exchange EBICS subscriber at Sandbox..."
 libeufin-cli sandbox \
   --sandbox-url http://localhost:5000 \
-  demobank new-ebicssubscriber --host-id NBHOST \
-  --user-id exchangeebics --partner-id talerop \
+  demobank new-ebicssubscriber --host-id ${EBICS_HOST_ID} \
+  --user-id ${EBICS_USER_ID} --partner-id ${EBICS_PARTNER_ID} \
   --bank-account exchange-at-sandbox
-echo OK
-export LIBEUFIN_NEXUS_USERNAME=exchange-at-nexus
+echo "OK"
+export LIBEUFIN_NEXUS_USERNAME="exchange-at-nexus"
 export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_EXCHANGE_PASSWORD
-export LIBEUFIN_NEXUS_URL=http://localhost:5001
-echo -n Creating the EBICS connection at Nexus...
+export LIBEUFIN_NEXUS_URL="http://localhost:5001"
+echo -n "Creating the EBICS connection at Nexus..."
 libeufin-cli connections new-ebics-connection \
   --ebics-url "http://localhost:5000/ebicsweb" \
-  --host-id NBHOST \
-  --partner-id talerop \
-  --ebics-user-id exchangeebics \
-  netzbonconn
-echo DONE
-echo -n Setup EBICS keying...
-libeufin-cli connections connect netzbonconn > /dev/null
-echo OK
-echo -n Download bank account name from Sandbox...
-libeufin-cli connections download-bank-accounts netzbonconn
-echo OK
-echo -n Importing bank account info into Nexus...
+  --host-id ${EBICS_HOST_ID} \
+  --partner-id ${EBICS_PARTNER_ID} \
+  --ebics-user-id ${EBICS_USER_ID} \
+  ${EBICS_CONNECTION_NAME}
+echo "DONE"
+echo -n "Setup EBICS keying..."
+libeufin-cli connections connect ${EBICS_CONNECTION_NAME} > /dev/null
+echo "OK"
+echo -n "Download bank account name from Sandbox..."
+libeufin-cli connections download-bank-accounts ${EBICS_CONNECTION_NAME}
+echo "OK"
+echo -n "Importing bank account info into Nexus..."
 libeufin-cli connections import-bank-account \
   --offered-account-id exchange-at-sandbox \
   --nexus-bank-account-id exchange-at-nexus \
-  netzbonconn
-echo OK
-echo -n Create the Taler facade at Nexus...
+  ${EBICS_CONNECTION_NAME}
+echo "OK"
+echo -n "Create the Taler facade at Nexus..."
 libeufin-cli facades \
   new-taler-wire-gateway-facade \
   --currency $CURRENCY --facade-name netzbon-facade \
-  netzbonconn exchange-at-nexus
-echo OK
+  ${EBICS_CONNECTION_NAME} exchange-at-nexus
+echo "OK"
+
+systemctl enable --now libeufin-sandbox
+systemctl enable --now libeufin-nexus
diff --git a/netzbon/config_nginx.sh b/netzbon/config_nginx.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# This file is in the public domain.
+
+# Inputs: DOMAIN_NAME
+
+systemctl stop nginx
+
+SITES_AVAILABLE_DIR=/etc/nginx/sites-available
+SITES_ENABLED_DIR=/etc/nginx/sites-enabled
+
+sed -i 's/#server_name example.com/server_name exchange.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-exchange.conf
+sed -i 's/server_name localhost/server_name merchant.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-merchant.conf
+ln -s ${SITES_AVAILABLE_DIR}/taler-merchant ${SITES_ENABLED_DIR}/taler-merchant.conf
+ln -s ${SITES_AVAILABLE_DIR}/taler-exchange ${SITES_ENABLED_DIR}/taler-exchange.conf
+
+letsencrypt certonly -d \
+   backend.${DOMAIN_NAME} \
+   bank.${DOMAIN_NAME} \
+   exchange.${DOMAIN_NAME}
+
+systemctl start nginx
diff --git a/netzbon/main.sh b/netzbon/main.sh
@@ -72,47 +72,25 @@ check_user
 # create_users
 # assign_user_permissions
 
-. setup-exchange.sh
-. setup-merchant.sh
-
 # ENABLE LIBEUFIN
 
 # Please take into account if something fails in this section, the NGINX configuration won't be created.
 # Recall all the scripts have the set -eu header.
 
-. config_launch_libeufin.sh
-
-systemctl enable --now libeufin-sandbox
-systemctl enable --now libeufin-nexus
-
-#  NGINX configuration
-
-read -p "Domain name: " DOMAIN_NAME
-
-SITES_AVAILABLE_DIR=/etc/nginx/sites-available
-SITES_ENABLED_DIR=/etc/nginx/sites-enabled
+# FIXME: should source this from the Debian package
+# which should dump a configuration file!
+DATABASE_CONNECTION="jdbc:postgresql://localhost:5432/nexus?user=nexus"
 
-sed -i 's/#server_name example.com/server_name exchange.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-exchange.conf
-sed -i 's/server_name localhost/server_name merchant.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-merchant.conf
-
-ln -s ${SITES_AVAILABLE_DIR}/taler-merchant ${SITES_ENABLED_DIR}/taler-merchant.conf
-ln -s ${SITES_AVAILABLE_DIR}/taler-exchange ${SITES_ENABLED_DIR}/taler-exchange.conf
-
-systemctl reload nginx
-
-# Get SSL certificate for https - Certbot ???
-
-# letsencrypt certonly -d
+. config_launch_libeufin.sh
+. config_nginx.sh
+. setup-exchange.sh
+. setup-merchant.sh
 
-# taler.ti.bfh.ch
-# bank.chf.taler.net
-# exchange.chf.taler.net
-# backend.chf.taler.net
-# auditor.chf.taler.net
 
 # Final message to the user
 
-echo "Congratulations, you have successfully installed GNU Taler"
-echo "Please check your browser now at http://localhost:80"
+say "Congratulations, you have successfully installed GNU Taler"
+say "Please check your browser now at http://localhost:80"
 
+exit 0
 # END INSTALLATION