Merge pull request #2 from MayurWitsLab/fix/setup_process

fix: setup process
2025-08-18 15:56:59 +05:30
parent 60bf2dd111 2eadd8ca58
commit 0ee017519c
4 changed files with 552 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -139,3 +139,6 @@ coverage.html
 # Ignore the schema directory used for testing
 /schemas/
 # Generated files
 .env.vault
 server
--- a/SETUP.md
+++ b/SETUP.md
@@ -59,7 +59,45 @@ redis-cli --version
 ---
-## Development Setup
+## Quick Start (Recommended)
 For a complete Beckn network setup with all services, use our automated setup:
 ```bash
 # Clone the repository
 git clone https://github.com/beckn/beckn-onix.git
 cd beckn-onix
 # Run the complete setup (includes all services)
 chmod +x setup.sh
 ./setup.sh
 # Start the Beckn-ONIX server
 source .env.vault && ./server --config=config/local-dev.yaml
 ```
 This will automatically:
 - Start all Beckn network services (Registry, Gateway, BAP, BPP)
 - Configure Redis and Vault
 - Build all plugins
 - Set up authentication
 - Create environment variables
 **Services Started:**
 - Registry: http://localhost:3000
 - Gateway: http://localhost:4000  
 - BAP Client: http://localhost:5001
 - BPP Client: http://localhost:6001
 - Vault: http://localhost:8200
 - Redis: localhost:6379
 - Beckn-ONIX: http://localhost:8081
 **To stop all services:** `docker compose down`
 **To view logs:** `docker compose logs -f [service-name]`
 ---
 ## Development Setup (Manual)
 ### Step 1: Clone the Repository
@@ -184,6 +222,13 @@ modules:
      role: bap
      registryUrl: http://localhost:8080/reg
      plugins:
        keyManager:
          id: keymanager
          config:
            projectID: beckn-onix-local
            vaultAddr: http://localhost:8200
            kvVersion: v2
            mountPath: beckn
        cache:
          id: cache
          config:
@@ -194,6 +239,8 @@ modules:
            schemaDir: ./schemas
        signValidator:
          id: signvalidator
          config:
            publicKeyPath: beckn/keys
        router:
          id: router
          config:
@@ -204,6 +251,7 @@ modules:
              uuidKeys: transaction_id,message_id
              role: bap
      steps:
        - validateSign
        - addRoute
        - validateSchema
@@ -214,6 +262,13 @@ modules:
      role: bap
      registryUrl: http://localhost:8080/reg
      plugins:
        keyManager:
          id: keymanager
          config:
            projectID: beckn-onix-local
            vaultAddr: http://localhost:8200
            kvVersion: v2
            mountPath: beckn
        cache:
          id: cache
          config:
@@ -240,6 +295,13 @@ modules:
      role: bpp
      registryUrl: http://localhost:8080/reg
      plugins:
        keyManager:
          id: keymanager
          config:
            projectID: beckn-onix-local
            vaultAddr: http://localhost:8200
            kvVersion: v2
            mountPath: beckn
        cache:
          id: cache
          config:
@@ -250,6 +312,8 @@ modules:
            schemaDir: ./schemas
        signValidator:
          id: signvalidator
          config:
            publicKeyPath: beckn/keys
        router:
          id: router
          config:
@@ -266,6 +330,13 @@ modules:
      role: bpp
      registryUrl: http://localhost:8080/reg
      plugins:
        keyManager:
          id: keymanager
          config:
            projectID: beckn-onix-local
            vaultAddr: http://localhost:8200
            kvVersion: v2
            mountPath: beckn
        cache:
          id: cache
          config:
@@ -322,16 +393,154 @@ routingRules:
      - support
 ```
-### Step 9: Run the Application
+### Step 9: Run the Application with HashiCorp Vault
 Since the configuration now includes the keyManager plugin for signing capabilities, you need to set up Vault:
 #### Quick Setup (Recommended)
 **Note:** Make sure Redis is already running from Step 5.
 ```bash
-# Run with local configuration
+# Make the script executable
 chmod +x start-vault.sh
 # Run the automated setup script
 ./start-vault.sh
 # This creates a .env.vault file with your credentials
 # Source it and run the server
 source .env.vault && ./server --config=config/local-dev.yaml
 ```
 That's it! The script handles everything automatically.
 #### Manual Setup (Advanced)
 If you prefer to set up Vault manually or need custom configuration:
 ```bash
 # 1. Start Vault container
 docker run -d \
  --name vault-dev \
  --cap-add=IPC_LOCK \
  -p 8200:8200 \
  -e 'VAULT_DEV_ROOT_TOKEN_ID=root' \
  hashicorp/vault:latest
 # 2. Configure Vault (run the setup script)
 chmod +x config/setup-vault.sh
 ./config/setup-vault.sh
 # 3. Export the displayed credentials
 export VAULT_ROLE_ID=<displayed-role-id>
 export VAULT_SECRET_ID=<displayed-secret-id>
 # 4. Run the server
 ./server --config=config/local-dev.yaml
 ```
 #### What the Setup Does
 - Starts Vault in development mode on port 8200
 - Enables AppRole authentication
 - Creates necessary policies and roles  
 - Sets up the KV secrets engine at path `beckn`
 - Stores sample keys for both BAP and BPP
 - Generates and saves credentials to `.env.vault`
 #### Accessing Vault UI
 - **URL:** http://localhost:8200
 - **Token:** root
 #### Troubleshooting
 If you get "invalid role or secret ID" error, the SECRET_ID has expired. Simply run:
 ```bash
 ./start-vault.sh
 source .env.vault
 ```
 **Alternative: Simple Docker Run Command**
 ```bash
 # Start Vault in dev mode with initial setup
 docker run -d \
  --name vault-dev \
  --cap-add=IPC_LOCK \
  -p 8200:8200 \
  -e 'VAULT_DEV_ROOT_TOKEN_ID=root' \
  -e 'VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200' \
  hashicorp/vault:latest
 # Wait for Vault to be ready
 sleep 3
 # Setup Vault using a single command
 docker exec vault-dev sh -c "
  export VAULT_ADDR='http://127.0.0.1:8200' &&
  export VAULT_TOKEN='root' &&
  vault secrets enable -path=beckn kv-v2 &&
  vault kv put beckn/keys/bap private_key='sample_bap_private_key' public_key='sample_bap_public_key' &&
  vault kv put beckn/keys/bpp private_key='sample_bpp_private_key' public_key='sample_bpp_public_key'
 "
 ```
 **Step 9b: Set Environment Variables and Run**
 ```bash
 # Get the AppRole credentials from Vault container logs
 docker logs vault-dev | grep "VAULT_ROLE_ID\|VAULT_SECRET_ID"
 # Copy the displayed credentials and export them
 # They will look something like this:
 export VAULT_ROLE_ID='<role-id-from-logs>'
 export VAULT_SECRET_ID='<secret-id-from-logs>'
 # Run the server
 ./server --config=config/local-dev.yaml
 # Or using go run
 go run cmd/adapter/main.go --config=config/local-dev.yaml
 ```
 **Note:** The Vault address is already configured in `config/local-dev.yaml` as `http://localhost:8200`. The docker-compose automatically sets up AppRole authentication and displays the credentials in the logs.
 **Alternative: Create a startup script**
 Create `run-with-vault.sh`:
 ```bash
 #!/bin/bash
 # Set Vault environment variables
 export VAULT_ADDR=${VAULT_ADDR:-"http://localhost:8200"}
 export VAULT_TOKEN=${VAULT_TOKEN:-"root"}  # For dev mode
 # Or use AppRole auth for production-like setup
 # export VAULT_ROLE_ID=${VAULT_ROLE_ID:-"beckn-role-id"}
 # export VAULT_SECRET_ID=${VAULT_SECRET_ID:-"beckn-secret-id"}
 echo "Starting Beckn-ONIX with Vault key management..."
 echo "Vault Address: $VAULT_ADDR"
 # Check if Vault is accessible
 if ! curl -s "$VAULT_ADDR/v1/sys/health" > /dev/null 2>&1; then
    echo "Error: Cannot reach Vault at $VAULT_ADDR"
    echo "Please start Vault first with: vault server -dev -dev-root-token-id='root'"
    exit 1
 fi
 # Run the server
 ./server --config=config/local-dev.yaml
 ```
 Make it executable and run:
 ```bash
 chmod +x run-with-vault.sh
 ./run-with-vault.sh
 ```
 The server will start on `http://localhost:8081`
 ### Step 10: Verify Setup
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,211 @@
 version: '3.8'
 networks:
  beckn_network:
    driver: bridge
    name: beckn_network
 volumes:
  # BAP volumes
  bap_client_config_volume:
  bap_client_schemas_volume:
  bap_client_logs_volume:
  bap_network_config_volume:
  bap_network_schemas_volume:
  bap_network_logs_volume:
  # BPP volumes
  bpp_client_config_volume:
  bpp_client_schemas_volume:
  bpp_client_logs_volume:
  bpp_network_config_volume:
  bpp_network_schemas_volume:
  bpp_network_logs_volume:
  # Gateway and Registry volumes
  gateway_data_volume:
  registry_data_volume:
 services:
  # ============================================
  # Core Infrastructure Services
  # ============================================
  # Redis - Caching Service
  redis:
    image: redis:alpine
    container_name: redis
    ports:
      - "6379:6379"
    networks:
      - beckn_network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 5
  # Vault - Key Management Service
  vault:
    image: hashicorp/vault:latest
    container_name: vault
    cap_add:
      - IPC_LOCK
    ports:
      - "8200:8200"
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: root
      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
    command: server -dev -dev-root-token-id=root
    networks:
      - beckn_network
    healthcheck:
      test: ["CMD", "vault", "status"]
      interval: 5s
      timeout: 3s
      retries: 5
  # ============================================
  # Beckn Network Services
  # ============================================
  # Registry - Central registry for network participants
  registry:
    image: fidedocker/registry:latest
    container_name: registry
    ports:
      - "3000:3000"  # Main registry port
      - "3030:3030"  # Admin/monitoring port
    volumes:
      - registry_data_volume:/usr/src/app/data
    networks:
      - beckn_network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
  # Gateway - Network gateway for routing
  gateway:
    image: fidedocker/gateway:latest
    container_name: gateway
    ports:
      - "4000:4000"  # Main gateway port
      - "4030:4030"  # Admin/monitoring port
    volumes:
      - gateway_data_volume:/usr/src/app/data
    networks:
      - beckn_network
    depends_on:
      - registry
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:4000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
  # ============================================
  # BAP Services (Buyer App)
  # ============================================
  # BAP Client - Buyer App Client
  bap-client:
    image: fidedocker/protocol-server:latest
    container_name: bap-client
    ports:
      - "5001:5001"
    volumes:
      - bap_client_config_volume:/usr/src/app/config
      - bap_client_schemas_volume:/usr/src/app/schemas
      - bap_client_logs_volume:/usr/src/app/logs
    networks:
      - beckn_network
    depends_on:
      - registry
      - gateway
    environment:
      - NODE_ENV=development
      - PORT=5001
      - REGISTRY_URL=http://registry:3000
      - GATEWAY_URL=http://gateway:4000
  # BAP Network - Buyer App Network Layer
  bap-network:
    image: fidedocker/protocol-server:latest
    container_name: bap-network
    ports:
      - "5002:5002"
    volumes:
      - bap_network_config_volume:/usr/src/app/config
      - bap_network_schemas_volume:/usr/src/app/schemas
      - bap_network_logs_volume:/usr/src/app/logs
    networks:
      - beckn_network
    depends_on:
      - registry
      - gateway
      - bap-client
    environment:
      - NODE_ENV=development
      - PORT=5002
      - REGISTRY_URL=http://registry:3000
      - GATEWAY_URL=http://gateway:4000
  # ============================================
  # BPP Services (Seller App)
  # ============================================
  # BPP Client - Seller App Client
  bpp-client:
    image: fidedocker/protocol-server:latest
    container_name: bpp-client
    ports:
      - "6001:6001"
    volumes:
      - bpp_client_config_volume:/usr/src/app/config
      - bpp_client_schemas_volume:/usr/src/app/schemas
      - bpp_client_logs_volume:/usr/src/app/logs
    networks:
      - beckn_network
    depends_on:
      - registry
      - gateway
    environment:
      - NODE_ENV=development
      - PORT=6001
      - REGISTRY_URL=http://registry:3000
      - GATEWAY_URL=http://gateway:4000
  # BPP Network - Seller App Network Layer
  bpp-network:
    image: fidedocker/protocol-server:latest
    container_name: bpp-network
    ports:
      - "6002:6002"
    volumes:
      - bpp_network_config_volume:/usr/src/app/config
      - bpp_network_schemas_volume:/usr/src/app/schemas
      - bpp_network_logs_volume:/usr/src/app/logs
    networks:
      - beckn_network
    depends_on:
      - registry
      - gateway
      - bpp-client
    environment:
      - NODE_ENV=development
      - PORT=6002
      - REGISTRY_URL=http://registry:3000
      - GATEWAY_URL=http://gateway:4000
 # Port Summary:
 # - 3000: Registry (Main)
 # - 3030: Registry (Admin)
 # - 4000: Gateway (Main)
 # - 4030: Gateway (Admin)
 # - 5001: BAP Client
 # - 5002: BAP Network
 # - 6001: BPP Client
 # - 6002: BPP Network
 # - 6379: Redis
 # - 8200: Vault
 # - 8081: Beckn-ONIX Server (run separately)
--- a/setup.sh
+++ b/setup.sh
@@ -0,0 +1,125 @@
 #!/bin/bash
 # Colors for output
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color
 echo -e "${BLUE}========================================${NC}"
 echo -e "${BLUE}Beckn-ONIX Complete Setup${NC}"
 echo -e "${BLUE}========================================${NC}"
 # Check if Docker is running
 if ! docker info > /dev/null 2>&1; then
    echo -e "${RED}Error: Docker is not running. Please start Docker first.${NC}"
    exit 1
 fi
 # Step 1: Start all services with docker-compose
 echo -e "${YELLOW}Step 1: Starting all Beckn network services...${NC}"
 docker compose down 2>/dev/null
 docker compose up -d
 # Wait for services to be ready
 echo -e "${YELLOW}Waiting for services to be ready...${NC}"
 sleep 10
 # Step 2: Configure Vault
 echo -e "${YELLOW}Step 2: Configuring Vault for key management...${NC}"
 # Wait for Vault to be ready
 for i in {1..30}; do
    if docker exec -e VAULT_ADDR=http://127.0.0.1:8200 vault vault status > /dev/null 2>&1; then
        echo -e "${GREEN}Vault is ready!${NC}"
        break
    fi
    if [ $i -eq 30 ]; then
        echo -e "${RED}Error: Vault failed to start${NC}"
        exit 1
    fi
    sleep 1
 done
 # Configure Vault
 docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault auth enable approle > /dev/null 2>&1 || true
 echo 'path "beckn/*" { capabilities = ["create", "read", "update", "delete", "list"] }' | \
    docker exec -i -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault policy write beckn-policy - > /dev/null 2>&1
 docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault write auth/approle/role/beckn-role \
    token_policies="beckn-policy" \
    token_ttl=24h \
    token_max_ttl=48h > /dev/null 2>&1
 # Get credentials
 ROLE_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault read -field=role_id auth/approle/role/beckn-role/role-id 2>/dev/null)
 SECRET_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault write -field=secret_id -f auth/approle/role/beckn-role/secret-id 2>/dev/null)
 # Enable KV v2 secrets engine
 docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault secrets enable -path=beckn kv-v2 > /dev/null 2>&1 || true
 # Store sample keys
 docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault kv put beckn/keys/bap \
    private_key='sample_bap_private_key' \
    public_key='sample_bap_public_key' > /dev/null 2>&1
 docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
    vault kv put beckn/keys/bpp \
    private_key='sample_bpp_private_key' \
    public_key='sample_bpp_public_key' > /dev/null 2>&1
 # Step 3: Build plugins
 echo -e "${YELLOW}Step 3: Building plugins...${NC}"
 if [ -f "./build-plugins.sh" ]; then
    chmod +x ./build-plugins.sh
    ./build-plugins.sh
 else
    echo -e "${RED}Warning: build-plugins.sh not found. Please build plugins manually.${NC}"
 fi
 # Step 4: Build server
 echo -e "${YELLOW}Step 4: Building Beckn-ONIX server...${NC}"
 go build -o server cmd/adapter/main.go
 # Create .env.vault file
 echo -e "${YELLOW}Step 5: Creating environment file...${NC}"
 cat > .env.vault <<EOF
 # Vault Credentials for Beckn-ONIX
 # Generated on $(date)
 export VAULT_ROLE_ID=$ROLE_ID
 export VAULT_SECRET_ID=$SECRET_ID
 EOF
 # Display status
 echo -e "${GREEN}========================================${NC}"
 echo -e "${GREEN}✅ Setup Complete!${NC}"
 echo -e "${GREEN}========================================${NC}"
 echo ""
 echo -e "${BLUE}Services Running:${NC}"
 echo -e "  📦 Registry:     http://localhost:3000"
 echo -e "  🌐 Gateway:      http://localhost:4000"
 echo -e "  🛒 BAP Client:   http://localhost:5001"
 echo -e "  🛒 BAP Network:  http://localhost:5002"
 echo -e "  🏪 BPP Client:   http://localhost:6001"
 echo -e "  🏪 BPP Network:  http://localhost:6002"
 echo -e "  🔐 Vault UI:     http://localhost:8200 (token: root)"
 echo -e "  💾 Redis:        localhost:6379"
 echo ""
 echo -e "${GREEN}To run the Beckn-ONIX server:${NC}"
 echo "  source .env.vault && ./server --config=config/local-dev.yaml"
 echo ""
 echo -e "${GREEN}To stop all services:${NC}"
 echo "  docker compose down"
 echo ""
 echo -e "${GREEN}To view logs:${NC}"
 echo "  docker compose logs -f [service-name]"
 echo -e "${GREEN}========================================${NC}"