From 291fa7ee1327f197c13d5462dd2cb416653edd7f Mon Sep 17 00:00:00 2001 From: ameersohel45 Date: Fri, 26 Sep 2025 16:01:22 +0530 Subject: [PATCH] Issue 518 - fix: update setup.sh for simplekeymanager plugin and remove vault dependency. --- install/docker-compose-adapter2.yml | 2 +- install/setup.sh | 249 ++++++++++------------------ 2 files changed, 92 insertions(+), 159 deletions(-) diff --git a/install/docker-compose-adapter2.yml b/install/docker-compose-adapter2.yml index 41a9479..b93766d 100644 --- a/install/docker-compose-adapter2.yml +++ b/install/docker-compose-adapter2.yml @@ -2,7 +2,7 @@ version: '3.8' services: onix-adapter: - image: onix-adapter + image: fidedocker/onix-adapter container_name: onix-adapter platform: linux/amd64 networks: diff --git a/install/setup.sh b/install/setup.sh index b9be485..e7532b1 100755 --- a/install/setup.sh +++ b/install/setup.sh @@ -7,6 +7,57 @@ YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color +# UNUSED FUNCTION - Complete Vault setup kept for future reference +setup_vault_unused() { + echo -e "${YELLOW}Setting up Vault for key management...${NC}" + + if ! docker ps | grep -q "vault"; then + echo -e "${BLUE}Starting Vault container...${NC}" + docker run -d \ + --name vault \ + --cap-add=IPC_LOCK \ + -e VAULT_DEV_ROOT_TOKEN_ID=root \ + -e VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 \ + -p 8200:8200 \ + hashicorp/vault:latest > /dev/null 2>&1 + + for i in {1..30}; do + if docker exec -e VAULT_ADDR=http://127.0.0.1:8200 vault vault status > /dev/null 2>&1; then + echo -e "${GREEN}✓ Vault is ready${NC}" + break + fi + if [ $i -eq 30 ]; then + echo -e "${RED}Error: Vault failed to start${NC}" + exit 1 + fi + sleep 1 + done + fi + + # Enable AppRole authentication + docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault auth enable approle 2>/dev/null + + # Create policy for Beckn + echo 'path "beckn/*" { capabilities = ["create", "read", "update", "delete", "list"] }' | docker exec -i -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault policy write beckn-policy - > /dev/null 2>&1 + + # Create AppRole + docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault write auth/approle/role/beckn-role token_policies="beckn-policy" token_ttl=24h token_max_ttl=48h > /dev/null 2>&1 + + # Enable KV secrets engine + docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault secrets enable -path=beckn kv-v2 > /dev/null 2>&1 + + # Store BAP network keys + docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault kv put secret/keys/bap-network signingPublicKey='1ct6/Xg6gHhT9QolufThbY4mWHYkIpXzh7YxMFM8MQE=' signingPrivateKey='C2hPMyeN+1Vzn8+7F/MUHmR5jKFuSb7s6tf/U5qni8vVy3r9eDqAeFP1CiW59OFtjiZYdiQilfOHtjEwUzwxAQ==' > /dev/null 2>&1 + + # Get AppRole credentials + ROLE_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault read -field=role_id auth/approle/role/beckn-role/role-id) + SECRET_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault write -field=secret_id -f auth/approle/role/beckn-role/secret-id) + + echo -e "${GREEN}✓ Vault setup complete${NC}" + echo -e "${BLUE}Role ID: ${ROLE_ID}${NC}" + echo -e "${BLUE}Secret ID: ${SECRET_ID}${NC}" +} + echo -e "${BLUE}========================================${NC}" echo -e "${BLUE}Beckn-ONIX Complete Setup${NC}" echo -e "${BLUE}========================================${NC}" @@ -17,10 +68,12 @@ if ! docker info > /dev/null 2>&1; then exit 1 fi -# Step 1: Run the Beckn network installer -echo -e "${YELLOW}Step 1: Starting all Beckn ONIX adapter services...${NC}" +# Step 1: Start dependent services (Redis only) +echo -e "${YELLOW}Step 1: Starting dependent services...${NC}" +export COMPOSE_IGNORE_ORPHANS=1 docker compose -f ./docker-compose-adapter.yml down 2>/dev/null -docker compose -f ./docker-compose-adapter.yml up -d +docker compose -f ./docker-compose-adapter.yml up -d redis +echo "Redis installation successful" # Make the installer executable #chmod +x ./beckn-onix.sh @@ -31,132 +84,8 @@ docker compose -f ./docker-compose-adapter.yml up -d cd .. -# Wait for services to stabilize -#echo -e "${YELLOW}Waiting for services to be ready...${NC}" -#sleep 15 - -# Step 2: Configure Vault for key management -echo -e "${YELLOW}Step 2: Setting up Vault for key management...${NC}" - -# Check if Vault is running, if not start it -if ! docker ps | grep -q "vault"; then - echo -e "${BLUE}Starting Vault container...${NC}" - docker run -d \ - --name vault \ - --cap-add=IPC_LOCK \ - -e VAULT_DEV_ROOT_TOKEN_ID=root \ - -e VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 \ - -p 8200:8200 \ - hashicorp/vault:latest > /dev/null 2>&1 - - # Wait for Vault to be ready - echo -e "${BLUE}Waiting for Vault to start...${NC}" - for i in {1..30}; do - if docker exec -e VAULT_ADDR=http://127.0.0.1:8200 vault vault status > /dev/null 2>&1; then - echo -e "${GREEN}✓ Vault is ready${NC}" - break - fi - if [ $i -eq 30 ]; then - echo -e "${RED}Error: Vault failed to start${NC}" - exit 1 - fi - sleep 1 - done -fi - -# Configure Vault with error handling -echo -e "${BLUE}Configuring Vault policies...${NC}" - -# Enable AppRole auth -if ! docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault auth list 2>/dev/null | grep -q "approle"; then - docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault auth enable approle 2>/dev/null || { - echo -e "${YELLOW}AppRole already enabled or error occurred${NC}" - } -fi - -# Create policy -echo 'path "beckn/*" { capabilities = ["create", "read", "update", "delete", "list"] }' | \ - docker exec -i -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault policy write beckn-policy - > /dev/null 2>&1 || { - echo -e "${YELLOW}Policy already exists or updated${NC}" - } - -# Create role -docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault write auth/approle/role/beckn-role \ - token_policies="beckn-policy" \ - token_ttl=24h \ - token_max_ttl=48h > /dev/null 2>&1 || { - echo -e "${YELLOW}Role already exists or updated${NC}" - } - -# Get Vault credentials with error handling -echo -e "${BLUE}Getting Vault credentials...${NC}" -ROLE_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault read -field=role_id auth/approle/role/beckn-role/role-id 2>/dev/null) - -if [ -z "$ROLE_ID" ]; then - echo -e "${RED}Error: Failed to get ROLE_ID from Vault${NC}" - exit 1 -fi - -SECRET_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault write -field=secret_id -f auth/approle/role/beckn-role/secret-id 2>/dev/null) - -if [ -z "$SECRET_ID" ]; then - echo -e "${RED}Error: Failed to get SECRET_ID from Vault${NC}" - exit 1 -fi - -echo -e "${GREEN}✓ Got Vault credentials:${NC}" -echo -e " ROLE_ID: ${ROLE_ID:0:20}..." -echo -e " SECRET_ID: ${SECRET_ID:0:20}..." - -# Enable KV v2 secrets engine -docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault secrets enable -path=beckn kv-v2 > /dev/null 2>&1 || { - echo -e "${YELLOW}Secrets engine already enabled${NC}" - } - -echo -e "${GREEN}✓ Vault configured successfully${NC}" - -# Seed the keys for BAP network -echo -e "${BLUE}Seeding keys for BAP network...${NC}" -docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ - vault kv put secret/keys/bap-network \ - signingPublicKey='1ct6/Xg6gHhT9QolufThbY4mWHYkIpXzh7YxMFM8MQE=' \ - signingPrivateKey='C2hPMyeN+1Vzn8+7F/MUHmR5jKFuSb7s6tf/U5qni8vVy3r9eDqAeFP1CiW59OFtjiZYdiQilfOHtjEwUzwxAQ==' > /dev/null 2>&1 - -if [ $? -eq 0 ]; then - echo -e "${GREEN}✓ BAP network keys seeded successfully${NC}" -else - echo -e "${YELLOW}Warning: Failed to seed BAP network keys or keys already exist${NC}" -fi - -# Step 3: Check services status -echo -e "${YELLOW}Step 3: Checking services status...${NC}" - -# Check if services are running -if docker ps | grep -q "registry"; then - echo -e "${GREEN}✓ Registry is running${NC}" -fi -if docker ps | grep -q "gateway"; then - echo -e "${GREEN}✓ Gateway is running${NC}" -fi -if docker ps | grep -q "bap-client"; then - echo -e "${GREEN}✓ BAP services are running${NC}" -fi -if docker ps | grep -q "bpp-client"; then - echo -e "${GREEN}✓ BPP services are running${NC}" -fi -if docker ps | grep -q "vault"; then - echo -e "${GREEN}✓ Vault is running${NC}" -fi - -# Step 4: Create required directories -echo -e "${YELLOW}Step 4: Creating required directories...${NC}" +# Step 2: Create required directories +echo -e "${YELLOW}Step 2: Creating required directories...${NC}" # Create schemas directory for validation if [ ! -d "schemas" ]; then @@ -182,8 +111,8 @@ else echo -e "${YELLOW}plugins directory already exists${NC}" fi -# Step 5: Build adapter plugins -echo -e "${YELLOW}Step 5: Building adapter plugins...${NC}" +# Step 3: Build adapter plugins +echo -e "${YELLOW}Step 3: Building adapter plugins...${NC}" if [ -f "./install/build-plugins.sh" ]; then chmod +x ./install/build-plugins.sh @@ -199,8 +128,8 @@ else exit 1 fi -# Step 6: Build the adapter server -echo -e "${YELLOW}Step 6: Building Beckn-ONIX adapter server...${NC}" +# Step 4: Build the adapter server +echo -e "${YELLOW}Step 4: Building Beckn-ONIX adapter server...${NC}" if [ -f "go.mod" ]; then go build -o beckn-adapter cmd/adapter/main.go @@ -216,38 +145,41 @@ else exit 1 fi +# Step 5: Start ONIX Adapter +echo -e "${YELLOW}Step 5: Starting ONIX Adapter...${NC}" +cd install +docker compose -f ./docker-compose-adapter2.yml up -d +echo "ONIX Adapter installation successful" +cd .. + +# Step 6: Check services status +echo -e "${YELLOW}Step 6: Checking services status...${NC}" + +# Check if services are running +if docker ps | grep -q "redis"; then + echo -e "${GREEN}✓ Redis is running${NC}" +fi +if docker ps | grep -q "onix-adapter"; then + echo -e "${GREEN}✓ ONIX Adapter is running${NC}" +fi + # Step 7: Create environment file echo -e "${YELLOW}Step 7: Creating environment configuration...${NC}" -# Check if we have Vault credentials -if [ -z "$ROLE_ID" ] || [ -z "$SECRET_ID" ]; then - echo -e "${RED}Error: Vault credentials not available${NC}" - echo -e "${YELLOW}Please check Vault configuration and try again${NC}" - exit 1 -fi - cat > .env <.yaml${NC}" echo "" -echo -e "2. Test the endpoints:" -echo -e " ${YELLOW}./test_endpoints.sh${NC}" +echo -e "3. Test the endpoints:" +echo -e " ${YELLOW}curl -X POST http://localhost:8081/bap/caller/search${NC}" echo "" -echo -e "3. Stop all services:" -echo -e " ${YELLOW}cd install && docker compose down${NC}" +echo -e "4. Stop all services:" +echo -e " ${YELLOW}cd install && docker compose -f docker-compose-adapter.yml down && docker compose -f docker-compose-adapter2.yml down${NC}" echo "" -echo -e "4. View logs:" -echo -e " ${YELLOW}docker compose logs -f [service-name]${NC}" +echo -e "5. View logs:" +echo -e " ${YELLOW}cd install && docker compose -f docker-compose-adapter2.yml logs -f onix-adapter${NC}" echo -e "${GREEN}========================================${NC}" \ No newline at end of file