projects / lp23-speaker-slides.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
versions for publication
[lp23-speaker-slides.git] / Sebastian_Marchano / walkthrough.sh
1 #!/usr/bin/env bash
2 # This file is in the public domain.
3
4 #########
5 # This is an example of the steps needed to install and run GNU Taler
6 ########
7
8 # This script assume root privileges.
9 # Use this if you know what you are doing.
10
11 export LANGUAGE=C
12 export LC_ALL=C
13 export LANG=C
14 export LC_CTYPE=C
15
16 set -e
17
18 export CURRENCY=LIBRE
19 export EXCHANGE_IBAN=DE940993
20 export MERCHANT_IBAN=DE463312
21 export ALICE_IBAN=DE474361
22 export BOB_IBAN=DE731371
23
24 read -p "Setup GNU Taler for $CURRENCY!. Press any key to start..."
25 echo ==========================================================================
26 echo ==========================================================================
27 echo ==========================================================================
28 echo "1/8 Update and install tools"
29
30 apt update
31 apt install -y gnupg less vim procps curl inetutils-ping jq net-tools man
32
33 echo ----------------------------------------
34 read -p "1/8 tools installed. Press any key to continue..."
35 echo ==========================================================================
36 echo ==========================================================================
37 echo ==========================================================================
38 echo "2/8 Setup dns config and database "
39
40 #using this hosts as alias for localhost
41 #it will be useful for nginx configuration
42 echo 127.0.0.1 bank.taler auditor.taler exchange.taler merchant.taler | tee -a /etc/hosts
43
44 #install database and create a default user for the whole setup
45 apt install -y postgresql
46 service postgresql start
47 su - postgres -c "createuser -d -l -r -s root"
48 psql postgres -c "ALTER USER root PASSWORD 'root'"
49
50 #create the database that we are going to use
51 createdb auditor
52 createdb exchange
53 createdb merchant
54 createdb sandbox
55 createdb nexus
56
57 echo ----------------------------------------
58 read -p "2/8 databases created. Press any key to continue..."
59 echo ==========================================================================
60 echo ==========================================================================
61 echo ==========================================================================
62 echo "3/8 Install GNU Taler components "
63
64 yes no | apt install -y \
65 libeufin-sandbox \
66 libeufin-nexus \
67 taler-exchange \
68 taler-auditor \
69 taler-merchant \
70 taler-harness \
71 taler-wallet-cli
72
73 echo ----------------------------------------
74 read -p "3/8 all components installed. Press any key to continue..."
75 echo ==========================================================================
76 echo ==========================================================================
77 echo ==========================================================================
78 echo "4/8 Setup NGINX reverse proxy"
79
80 apt install -y nginx
81
82 #enable sandbox and config server to http://bank.taler/
83 ln -s /etc/nginx/sites-available/libeufin-sandbox /etc/nginx/sites-enabled/
84 sed 's/server_name localhost/server_name bank.taler/' -i /etc/nginx/sites-available/libeufin-sandbox
85
86 #enable auditor and config server to http://auditor.taler/
87 ln -s /etc/nginx/sites-available/taler-auditor /etc/nginx/sites-enabled/
88 sed 's/server_name localhost/server_name auditor.taler/' -i /etc/nginx/sites-available/taler-auditor
89 sed 's_location /taler-auditor/_location /_' -i /etc/nginx/sites-available/taler-auditor
90
91 #enable exchange and config server to http://exchange.taler/
92 ln -s /etc/nginx/sites-available/taler-exchange /etc/nginx/sites-enabled/
93 sed 's/server_name localhost/server_name exchange.taler/' -i /etc/nginx/sites-available/taler-exchange
94 sed 's_location /taler-exchange/_location /_' -i /etc/nginx/sites-available/taler-exchange
95
96 #enable merchant and config server to http://merchant.taler/
97 ln -s /etc/nginx/sites-available/taler-merchant /etc/nginx/sites-enabled/
98 sed 's/server_name localhost/server_name merchant.taler/' -i /etc/nginx/sites-available/taler-merchant
99 sed 's_location /taler-merchant/_location /_' -i /etc/nginx/sites-available/taler-merchant
100
101 #set nginx user to root se we dont have problems reading sockets with root ownership
102 sed 's/^user www-data/user root/' -i /etc/nginx/nginx.conf
103
104 #notify all services that are exposed with other host
105 sed 's/X-Forwarded-Host "localhost"/X-Forwarded-Host $host/' -i /etc/nginx/sites-available/*
106
107 nginx
108
109 echo ----------------------------------------
110 read -p "4/8 web interface exposed. Press any key to continue..."
111 echo ==========================================================================
112 echo ==========================================================================
113 echo ==========================================================================
114 echo "5/8 Setup BANK instance and some accounts"
115
116 export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:postgresql://localhost:5432/sandbox?user=root&password=root"
117 export LIBEUFIN_SANDBOX_URL="http://localhost:5016/"
118 export LIBEUFIN_SANDBOX_USERNAME="admin"
119 export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="bank"
120 export LIBEUFIN_SANDBOX_PASSWORD=$LIBEUFIN_SANDBOX_ADMIN_PASSWORD
121
122 export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:postgresql://localhost:5432/nexus?user=root&password=root"
123 export LIBEUFIN_NEXUS_URL="http://localhost:5017/"
124 export LIBEUFIN_NEXUS_USERNAME="nexus_admin"
125 export LIBEUFIN_NEXUS_PASSWORD="secret_nexus"
126
127 # bank configuration
128 libeufin-sandbox config \
129 --bank-debt-limit 1000000 \
130 --users-debt-limit 10000 \
131 --with-signup-bonus \
132 --currency $CURRENCY \
133 --captcha-url http://bank.taler/ \
134 default
135
136 mkdir /etc/libeufin/
137 cat >/etc/libeufin/demobank-ui-settings.js <<EOF
138 globalThis.talerDemobankSettings = {
139 backendBaseURL: "http://bank.taler/demobanks/default/",
140 allowRegistrations: true,
141 bankName: "FSF Bank"
142 }
143 EOF
144
145 libeufin-sandbox default-exchange --demobank default http://exchange.taler/ payto://iban/$EXCHANGE_IBAN
146
147 # nexus configuration
148 libeufin-nexus superuser $LIBEUFIN_NEXUS_USERNAME --password $LIBEUFIN_NEXUS_PASSWORD
149
150 # start services
151 libeufin-sandbox serve --port 5016 --ipv4-only --no-localhost-only > log.sandbox 2> err.sandbox &
152 libeufin-nexus serve --port 5017 --ipv4-only --no-localhost-only > log.nexus 2> err.nexus &
153
154 echo "5/8 Waiting for nexus and sanbox to be ready"
155 grep -q "Application started:" <(tail -f err.sandbox -n +0)
156 grep -q "Application started:" <(tail -f err.nexus -n +0)
157
158 echo "5/8 Creating accounts"
159 LIBEUFIN_SANDBOX_USERNAME="exchange" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \
160 --iban $EXCHANGE_IBAN --name "Exchange company" --public
161 LIBEUFIN_SANDBOX_USERNAME="merchant" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \
162 --iban $MERCHANT_IBAN --name "Merchant company" --public
163 LIBEUFIN_SANDBOX_USERNAME="alice" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \
164 --iban $ALICE_IBAN --name "Alice" --no-public
165 LIBEUFIN_SANDBOX_USERNAME="bob" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \
166 --iban $BOB_IBAN --name "Bob" --no-public
167
168 echo "5/8 Creating the EBICs connection between sandbox and nexus"
169 ### open sandbox to nexus
170 libeufin-cli sandbox ebicshost create --host-id ebicHost
171 libeufin-cli sandbox demobank new-ebicssubscriber \
172 --host-id ebicHost \
173 --partner-id ebicPartner \
174 --user-id ebicExchange \
175 --bank-account exchange
176
177 ### connection nexus to sandbox
178 libeufin-cli connections new-ebics-connection \
179 --ebics-url http://localhost:5016/ebicsweb \
180 --host-id ebicHost \
181 --partner-id ebicPartner \
182 --ebics-user-id ebicExchange \
183 nexus-conn
184
185 libeufin-cli connections connect nexus-conn
186 libeufin-cli connections download-bank-accounts nexus-conn
187 libeufin-cli connections import-bank-account \
188 --offered-account-id exchange \
189 --nexus-bank-account-id nexus-exchange \
190 nexus-conn
191
192 libeufin-cli accounts task-schedule nexus-exchange \
193 --task-type=submit \
194 --task-name=submit-payments-5secs \
195 --task-cronspec='*/1 * * * *'
196
197 libeufin-cli accounts task-schedule nexus-exchange \
198 --task-type=fetch \
199 --task-name=fetch-5secs \
200 --task-cronspec='*/1 * * * *' \
201 --task-param-level=report \
202 --task-param-range-type=latest
203
204 ### configuration of nexus
205 echo "5/8 Creating nexus facade for the exchange"
206 libeufin-cli facades new-taler-wire-gateway-facade \
207 --currency $CURRENCY \
208 --facade-name taler-exchange \
209 nexus-conn nexus-exchange
210
211 libeufin-cli users create exchange-nexus --password exchange-nexus-password
212 libeufin-cli permissions grant user exchange-nexus \
213 facade taler-exchange \
214 facade.talerwiregateway.transfer
215 libeufin-cli permissions grant user exchange-nexus \
216 facade taler-exchange \
217 facade.talerwiregateway.history
218
219
220 echo ----------------------------------------
221 read -p "5/8 banking system ready. Press any key to continue..."
222 echo ==========================================================================
223 echo ==========================================================================
224 echo ==========================================================================
225 echo "6/8 Setup Exchange"
226
227 taler-config -s exchange -o master_public_key -V $(taler-exchange-offline setup)
228 taler-config -s exchange -o base_url -V http://exchange.taler/
229
230 #database location
231 taler-config -s exchangedb-postgres -o config -V postgres:///exchange
232 taler-config -s exchange-account-1 -o payto_uri -V "payto://iban/$EXCHANGE_IBAN?receiver-name=Exchanger"
233 taler-config -s exchange-account-1 -o enable_debit -V yes
234 taler-config -s exchange-account-1 -o enable_credit -V yes
235
236 #nexus connection
237 taler-config -s exchange-accountcredentials-1 -o wire_gateway_url -V http://localhost:5017/facades/taler-exchange/taler-wire-gateway/
238 taler-config -s exchange-accountcredentials-1 -o username -V exchange-nexus
239 taler-config -s exchange-accountcredentials-1 -o password -V exchange-nexus-password
240
241 #monetary policy
242 taler-config -s taler -o currency -V $CURRENCY
243 taler-config -s taler -o aml_threshold -V $CURRENCY:10000
244 taler-config -s taler -o currency_round_unit -V $CURRENCY:0.1
245
246 taler-harness deployment gen-coin-config \
247 --min-amount $CURRENCY:0.1 \
248 --max-amount $CURRENCY:20 >> /etc/taler/taler.conf
249
250
251 for coinSection in $(taler-config --list-sections | grep COIN); do
252 taler-config -s $coinSection -o duration_withdraw -V "1 year"
253 done
254
255 taler-exchange-dbinit
256
257 taler-exchange-secmod-eddsa -l log.secmod.eddsa -L debug &
258 taler-exchange-secmod-rsa -l log.secmod.rsa -L debug &
259 taler-exchange-secmod-cs -l log.secmod.cs -L debug &
260 taler-exchange-httpd -l log.exchange -L debug &
261
262 echo "6/8 Waiting for exchange HTTP service"
263 sleep 1
264 grep -q "Updating keys of denomination" <(tail -F log.secmod.rsa -n +0)
265
266 echo "6/8 Enable exchange wire transfer"
267
268 #enable account and wire fee configuration
269 taler-exchange-offline \
270 enable-account $(taler-config -s exchange-account-1 -o payto_uri) \
271 global-fee 2023 $CURRENCY:0 $CURRENCY:0 $CURRENCY:0 1year 1year 10 \
272 wire-fee 2023 iban $CURRENCY:0.1 $CURRENCY:0.1 \
273 upload;
274
275 taler-exchange-offline download sign upload
276
277 echo "6/8 Waiting for key signed"
278 curl --unix-socket /run/taler/exchange-httpd/exchange-http.sock \
279 --max-time 2 \
280 --retry-connrefused \
281 --retry-delay 1 \
282 --retry 10 \
283 http://exchange.taler/keys &> /dev/null
284
285 taler-exchange-wirewatch -l log.wirewatch -L debug &
286 taler-exchange-transfer -l log.transfer -L debug &
287 taler-exchange-aggregator -l log.aggregator -L debug &
288 taler-exchange-closer -l log.closer -L debug &
289
290
291 echo ----------------------------------------
292 read -p "6/8 exchange ready. Press any key to continue..."
293 echo ==========================================================================
294 echo ==========================================================================
295 echo ==========================================================================
296 echo "7/8 Setup auditor"
297
298 taler-config -s auditor -o base_url -V http://auditor.taler/
299 taler-config -s auditordb-postgres -o config -V postgres:///auditor
300
301 #add exchange into the auditor
302 taler-auditor-exchange -m $(taler-config -s exchange -o master_public_key) -u $(taler-config -s exchange -o base_url)
303
304 taler-auditor-dbinit
305
306 echo "7/8 Notify the exchange about the auditor"
307
308 taler-exchange-offline enable-auditor $(taler-auditor-offline setup) $(taler-config -s auditor -o base_url) the_auditor upload
309
310 taler-auditor-httpd -l log.auditor -L debug &
311
312 echo ----------------------------------------
313 read -p "7/8 auditor ready. Press any key to continue..."
314 echo ==========================================================================
315 echo ==========================================================================
316 echo ==========================================================================
317 echo "8/8 Setup merchant"
318
319 taler-config -s merchantdb-postgres -o config -V postgres:///merchant
320
321 taler-config -s merchant-exchange-fsf -o exchange_base_url -V $(taler-config -s exchange -o base_url)
322 taler-config -s merchant-exchange-fsf -o master_key -V $(taler-config -s exchange -o master_public_key)
323 taler-config -s merchant-exchange-fsf -o currency -V $CURRENCY
324
325 taler-config -s merchant-auditor-fsf -o auditor_base_url -V $(taler-config -s auditor -o base_url)
326 taler-config -s merchant-auditor-fsf -o auditor_key -V $(taler-auditor-offline setup)
327 taler-config -s merchant-auditor-fsf -o currency -V $CURRENCY
328
329 taler-merchant-dbinit
330
331 taler-merchant-httpd -a secret-token:secret -l log.merchant -L debug &
332
333 echo "8/8 creating the first instance"
334 sleep 1
335 curl 'http://merchant.taler/management/instances' \
336 --unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \
337 -X POST -H 'Authorization: Bearer secret-token:secret' \
338 --data-raw '{"id":"default","payto_uris":["payto://iban/'$MERCHANT_IBAN'?receiver-name=merchant"],"default_pay_delay":{"d_us":7200000000},"default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us":172800000000},"name":"FSF","email":"","default_max_deposit_fee":"'$CURRENCY':3","default_max_wire_fee":"'$CURRENCY':3","auth":{"method":"token","token":"secret-token:secret"},"address":{},"jurisdiction":{}}'
339
340 curl 'http://merchant.taler/instances/default/private/products' \
341 --unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \
342 -X POST -H 'Authorization: Bearer secret-token:secret' \
343 -d @shirt.json
344
345 echo ----------------------------------------
346 read -p "8/8 merchant ready. Press any key to close."
347 echo ==========================================================================
348 echo ==========================================================================
349 echo ==========================================================================
350
Unnamed repository; edit this file 'description' to name the repository.