Issue 518 - fix: update setup.sh for simplekeymanager plugin and remove vault dependency.
This commit is contained in:
ameersohel45
@@ -2,7 +2,7 @@ version: '3.8'
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
onix-adapter:
|
onix-adapter:
|
||||||
image: onix-adapter
|
image: fidedocker/onix-adapter
|
||||||
container_name: onix-adapter
|
container_name: onix-adapter
|
||||||
platform: linux/amd64
|
platform: linux/amd64
|
||||||
networks:
|
networks:
|
||||||
|
|||||||
219
install/setup.sh
219
install/setup.sh
@@ -7,38 +7,10 @@ YELLOW='\033[1;33m'
|
|||||||
BLUE='\033[0;34m'
|
BLUE='\033[0;34m'
|
||||||
NC='\033[0m' # No Color
|
NC='\033[0m' # No Color
|
||||||
|
|
||||||
echo -e "${BLUE}========================================${NC}"
|
# UNUSED FUNCTION - Complete Vault setup kept for future reference
|
||||||
echo -e "${BLUE}Beckn-ONIX Complete Setup${NC}"
|
setup_vault_unused() {
|
||||||
echo -e "${BLUE}========================================${NC}"
|
echo -e "${YELLOW}Setting up Vault for key management...${NC}"
|
||||||
|
|
||||||
# Check if Docker is running
|
|
||||||
if ! docker info > /dev/null 2>&1; then
|
|
||||||
echo -e "${RED}Error: Docker is not running. Please start Docker first.${NC}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Step 1: Run the Beckn network installer
|
|
||||||
echo -e "${YELLOW}Step 1: Starting all Beckn ONIX adapter services...${NC}"
|
|
||||||
docker compose -f ./docker-compose-adapter.yml down 2>/dev/null
|
|
||||||
docker compose -f ./docker-compose-adapter.yml up -d
|
|
||||||
|
|
||||||
# Make the installer executable
|
|
||||||
#chmod +x ./beckn-onix.sh
|
|
||||||
|
|
||||||
# Auto-select option 3 (local setup) for the installer
|
|
||||||
#echo -e "${GREEN}Running local network setup...${NC}"
|
|
||||||
#echo "3" | ./beckn-onix.sh
|
|
||||||
|
|
||||||
cd ..
|
|
||||||
|
|
||||||
# Wait for services to stabilize
|
|
||||||
#echo -e "${YELLOW}Waiting for services to be ready...${NC}"
|
|
||||||
#sleep 15
|
|
||||||
|
|
||||||
# Step 2: Configure Vault for key management
|
|
||||||
echo -e "${YELLOW}Step 2: Setting up Vault for key management...${NC}"
|
|
||||||
|
|
||||||
# Check if Vault is running, if not start it
|
|
||||||
if ! docker ps | grep -q "vault"; then
|
if ! docker ps | grep -q "vault"; then
|
||||||
echo -e "${BLUE}Starting Vault container...${NC}"
|
echo -e "${BLUE}Starting Vault container...${NC}"
|
||||||
docker run -d \
|
docker run -d \
|
||||||
@@ -49,8 +21,6 @@ if ! docker ps | grep -q "vault"; then
|
|||||||
-p 8200:8200 \
|
-p 8200:8200 \
|
||||||
hashicorp/vault:latest > /dev/null 2>&1
|
hashicorp/vault:latest > /dev/null 2>&1
|
||||||
|
|
||||||
# Wait for Vault to be ready
|
|
||||||
echo -e "${BLUE}Waiting for Vault to start...${NC}"
|
|
||||||
for i in {1..30}; do
|
for i in {1..30}; do
|
||||||
if docker exec -e VAULT_ADDR=http://127.0.0.1:8200 vault vault status > /dev/null 2>&1; then
|
if docker exec -e VAULT_ADDR=http://127.0.0.1:8200 vault vault status > /dev/null 2>&1; then
|
||||||
echo -e "${GREEN}✓ Vault is ready${NC}"
|
echo -e "${GREEN}✓ Vault is ready${NC}"
|
||||||
@@ -64,99 +34,58 @@ if ! docker ps | grep -q "vault"; then
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Configure Vault with error handling
|
# Enable AppRole authentication
|
||||||
echo -e "${BLUE}Configuring Vault policies...${NC}"
|
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault auth enable approle 2>/dev/null
|
||||||
|
|
||||||
# Enable AppRole auth
|
# Create policy for Beckn
|
||||||
if ! docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
echo 'path "beckn/*" { capabilities = ["create", "read", "update", "delete", "list"] }' | docker exec -i -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault policy write beckn-policy - > /dev/null 2>&1
|
||||||
vault auth list 2>/dev/null | grep -q "approle"; then
|
|
||||||
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
|
||||||
vault auth enable approle 2>/dev/null || {
|
|
||||||
echo -e "${YELLOW}AppRole already enabled or error occurred${NC}"
|
|
||||||
}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create policy
|
# Create AppRole
|
||||||
echo 'path "beckn/*" { capabilities = ["create", "read", "update", "delete", "list"] }' | \
|
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault write auth/approle/role/beckn-role token_policies="beckn-policy" token_ttl=24h token_max_ttl=48h > /dev/null 2>&1
|
||||||
docker exec -i -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
|
||||||
vault policy write beckn-policy - > /dev/null 2>&1 || {
|
# Enable KV secrets engine
|
||||||
echo -e "${YELLOW}Policy already exists or updated${NC}"
|
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault secrets enable -path=beckn kv-v2 > /dev/null 2>&1
|
||||||
|
|
||||||
|
# Store BAP network keys
|
||||||
|
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault kv put secret/keys/bap-network signingPublicKey='1ct6/Xg6gHhT9QolufThbY4mWHYkIpXzh7YxMFM8MQE=' signingPrivateKey='C2hPMyeN+1Vzn8+7F/MUHmR5jKFuSb7s6tf/U5qni8vVy3r9eDqAeFP1CiW59OFtjiZYdiQilfOHtjEwUzwxAQ==' > /dev/null 2>&1
|
||||||
|
|
||||||
|
# Get AppRole credentials
|
||||||
|
ROLE_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault read -field=role_id auth/approle/role/beckn-role/role-id)
|
||||||
|
SECRET_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault vault write -field=secret_id -f auth/approle/role/beckn-role/secret-id)
|
||||||
|
|
||||||
|
echo -e "${GREEN}✓ Vault setup complete${NC}"
|
||||||
|
echo -e "${BLUE}Role ID: ${ROLE_ID}${NC}"
|
||||||
|
echo -e "${BLUE}Secret ID: ${SECRET_ID}${NC}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create role
|
echo -e "${BLUE}========================================${NC}"
|
||||||
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
echo -e "${BLUE}Beckn-ONIX Complete Setup${NC}"
|
||||||
vault write auth/approle/role/beckn-role \
|
echo -e "${BLUE}========================================${NC}"
|
||||||
token_policies="beckn-policy" \
|
|
||||||
token_ttl=24h \
|
|
||||||
token_max_ttl=48h > /dev/null 2>&1 || {
|
|
||||||
echo -e "${YELLOW}Role already exists or updated${NC}"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get Vault credentials with error handling
|
# Check if Docker is running
|
||||||
echo -e "${BLUE}Getting Vault credentials...${NC}"
|
if ! docker info > /dev/null 2>&1; then
|
||||||
ROLE_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
echo -e "${RED}Error: Docker is not running. Please start Docker first.${NC}"
|
||||||
vault read -field=role_id auth/approle/role/beckn-role/role-id 2>/dev/null)
|
|
||||||
|
|
||||||
if [ -z "$ROLE_ID" ]; then
|
|
||||||
echo -e "${RED}Error: Failed to get ROLE_ID from Vault${NC}"
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
SECRET_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
# Step 1: Start dependent services (Redis only)
|
||||||
vault write -field=secret_id -f auth/approle/role/beckn-role/secret-id 2>/dev/null)
|
echo -e "${YELLOW}Step 1: Starting dependent services...${NC}"
|
||||||
|
export COMPOSE_IGNORE_ORPHANS=1
|
||||||
|
docker compose -f ./docker-compose-adapter.yml down 2>/dev/null
|
||||||
|
docker compose -f ./docker-compose-adapter.yml up -d redis
|
||||||
|
echo "Redis installation successful"
|
||||||
|
|
||||||
if [ -z "$SECRET_ID" ]; then
|
# Make the installer executable
|
||||||
echo -e "${RED}Error: Failed to get SECRET_ID from Vault${NC}"
|
#chmod +x ./beckn-onix.sh
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo -e "${GREEN}✓ Got Vault credentials:${NC}"
|
# Auto-select option 3 (local setup) for the installer
|
||||||
echo -e " ROLE_ID: ${ROLE_ID:0:20}..."
|
#echo -e "${GREEN}Running local network setup...${NC}"
|
||||||
echo -e " SECRET_ID: ${SECRET_ID:0:20}..."
|
#echo "3" | ./beckn-onix.sh
|
||||||
|
|
||||||
# Enable KV v2 secrets engine
|
cd ..
|
||||||
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
|
||||||
vault secrets enable -path=beckn kv-v2 > /dev/null 2>&1 || {
|
|
||||||
echo -e "${YELLOW}Secrets engine already enabled${NC}"
|
|
||||||
}
|
|
||||||
|
|
||||||
echo -e "${GREEN}✓ Vault configured successfully${NC}"
|
# Step 2: Create required directories
|
||||||
|
echo -e "${YELLOW}Step 2: Creating required directories...${NC}"
|
||||||
# Seed the keys for BAP network
|
|
||||||
echo -e "${BLUE}Seeding keys for BAP network...${NC}"
|
|
||||||
docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \
|
|
||||||
vault kv put secret/keys/bap-network \
|
|
||||||
signingPublicKey='1ct6/Xg6gHhT9QolufThbY4mWHYkIpXzh7YxMFM8MQE=' \
|
|
||||||
signingPrivateKey='C2hPMyeN+1Vzn8+7F/MUHmR5jKFuSb7s6tf/U5qni8vVy3r9eDqAeFP1CiW59OFtjiZYdiQilfOHtjEwUzwxAQ==' > /dev/null 2>&1
|
|
||||||
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo -e "${GREEN}✓ BAP network keys seeded successfully${NC}"
|
|
||||||
else
|
|
||||||
echo -e "${YELLOW}Warning: Failed to seed BAP network keys or keys already exist${NC}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Step 3: Check services status
|
|
||||||
echo -e "${YELLOW}Step 3: Checking services status...${NC}"
|
|
||||||
|
|
||||||
# Check if services are running
|
|
||||||
if docker ps | grep -q "registry"; then
|
|
||||||
echo -e "${GREEN}✓ Registry is running${NC}"
|
|
||||||
fi
|
|
||||||
if docker ps | grep -q "gateway"; then
|
|
||||||
echo -e "${GREEN}✓ Gateway is running${NC}"
|
|
||||||
fi
|
|
||||||
if docker ps | grep -q "bap-client"; then
|
|
||||||
echo -e "${GREEN}✓ BAP services are running${NC}"
|
|
||||||
fi
|
|
||||||
if docker ps | grep -q "bpp-client"; then
|
|
||||||
echo -e "${GREEN}✓ BPP services are running${NC}"
|
|
||||||
fi
|
|
||||||
if docker ps | grep -q "vault"; then
|
|
||||||
echo -e "${GREEN}✓ Vault is running${NC}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Step 4: Create required directories
|
|
||||||
echo -e "${YELLOW}Step 4: Creating required directories...${NC}"
|
|
||||||
|
|
||||||
# Create schemas directory for validation
|
# Create schemas directory for validation
|
||||||
if [ ! -d "schemas" ]; then
|
if [ ! -d "schemas" ]; then
|
||||||
@@ -182,8 +111,8 @@ else
|
|||||||
echo -e "${YELLOW}plugins directory already exists${NC}"
|
echo -e "${YELLOW}plugins directory already exists${NC}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Step 5: Build adapter plugins
|
# Step 3: Build adapter plugins
|
||||||
echo -e "${YELLOW}Step 5: Building adapter plugins...${NC}"
|
echo -e "${YELLOW}Step 3: Building adapter plugins...${NC}"
|
||||||
|
|
||||||
if [ -f "./install/build-plugins.sh" ]; then
|
if [ -f "./install/build-plugins.sh" ]; then
|
||||||
chmod +x ./install/build-plugins.sh
|
chmod +x ./install/build-plugins.sh
|
||||||
@@ -199,8 +128,8 @@ else
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Step 6: Build the adapter server
|
# Step 4: Build the adapter server
|
||||||
echo -e "${YELLOW}Step 6: Building Beckn-ONIX adapter server...${NC}"
|
echo -e "${YELLOW}Step 4: Building Beckn-ONIX adapter server...${NC}"
|
||||||
|
|
||||||
if [ -f "go.mod" ]; then
|
if [ -f "go.mod" ]; then
|
||||||
go build -o beckn-adapter cmd/adapter/main.go
|
go build -o beckn-adapter cmd/adapter/main.go
|
||||||
@@ -216,38 +145,41 @@ else
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Step 5: Start ONIX Adapter
|
||||||
|
echo -e "${YELLOW}Step 5: Starting ONIX Adapter...${NC}"
|
||||||
|
cd install
|
||||||
|
docker compose -f ./docker-compose-adapter2.yml up -d
|
||||||
|
echo "ONIX Adapter installation successful"
|
||||||
|
cd ..
|
||||||
|
|
||||||
|
# Step 6: Check services status
|
||||||
|
echo -e "${YELLOW}Step 6: Checking services status...${NC}"
|
||||||
|
|
||||||
|
# Check if services are running
|
||||||
|
if docker ps | grep -q "redis"; then
|
||||||
|
echo -e "${GREEN}✓ Redis is running${NC}"
|
||||||
|
fi
|
||||||
|
if docker ps | grep -q "onix-adapter"; then
|
||||||
|
echo -e "${GREEN}✓ ONIX Adapter is running${NC}"
|
||||||
|
fi
|
||||||
|
|
||||||
# Step 7: Create environment file
|
# Step 7: Create environment file
|
||||||
echo -e "${YELLOW}Step 7: Creating environment configuration...${NC}"
|
echo -e "${YELLOW}Step 7: Creating environment configuration...${NC}"
|
||||||
|
|
||||||
# Check if we have Vault credentials
|
|
||||||
if [ -z "$ROLE_ID" ] || [ -z "$SECRET_ID" ]; then
|
|
||||||
echo -e "${RED}Error: Vault credentials not available${NC}"
|
|
||||||
echo -e "${YELLOW}Please check Vault configuration and try again${NC}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat > .env <<EOF
|
cat > .env <<EOF
|
||||||
# Beckn-ONIX Environment Configuration
|
# Beckn-ONIX Environment Configuration
|
||||||
# Generated on $(date)
|
# Generated on $(date)
|
||||||
|
|
||||||
# Service URLs
|
# Service URLs
|
||||||
export REDIS_URL=localhost:6379
|
export REDIS_URL=localhost:6379
|
||||||
export MONGO_URL=mongodb://localhost:27017
|
|
||||||
|
|
||||||
# Adapter Configuration
|
# Adapter Configuration
|
||||||
export ADAPTER_PORT=8080
|
export ADAPTER_PORT=8081
|
||||||
export ADAPTER_MODE=development
|
export ADAPTER_MODE=development
|
||||||
|
|
||||||
# Vault Configuration
|
|
||||||
export VAULT_ADDR=http://localhost:8200
|
|
||||||
export VAULT_TOKEN=root
|
|
||||||
export VAULT_ROLE_ID=$ROLE_ID
|
|
||||||
export VAULT_SECRET_ID=$SECRET_ID
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ -f ".env" ]; then
|
if [ -f ".env" ]; then
|
||||||
echo -e "${GREEN}✓ Environment file created successfully${NC}"
|
echo -e "${GREEN}✓ Environment file created successfully${NC}"
|
||||||
echo -e "${YELLOW} Vault ROLE_ID and SECRET_ID have been saved to .env${NC}"
|
|
||||||
else
|
else
|
||||||
echo -e "${RED}Error: Failed to create .env file${NC}"
|
echo -e "${RED}Error: Failed to create .env file${NC}"
|
||||||
exit 1
|
exit 1
|
||||||
@@ -261,18 +193,19 @@ echo -e "${GREEN}========================================${NC}"
|
|||||||
echo ""
|
echo ""
|
||||||
echo -e "${BLUE}Services Running:${NC}"
|
echo -e "${BLUE}Services Running:${NC}"
|
||||||
echo -e " 💾 Redis: localhost:6379"
|
echo -e " 💾 Redis: localhost:6379"
|
||||||
echo -e " 🗄️ MongoDB: localhost:27017"
|
echo -e " 🔧 ONIX Adapter: localhost:8081"
|
||||||
echo ""
|
echo ""
|
||||||
echo -e "${GREEN}Next Steps:${NC}"
|
echo -e "${GREEN}Next Steps:${NC}"
|
||||||
echo -e "1. Run the adapter:"
|
echo -e "1. Adapter is running in Docker at 8081"
|
||||||
echo -e " ${YELLOW}source .env && ./beckn-adapter --config=config/local-dev.yaml${NC}"
|
echo -e "2. Optionally, if you want to run adapter locally (update config file /config to suit to your environment ) then run below command:"
|
||||||
|
echo -e " ${YELLOW}source .env && ./beckn-adapter --config=config/<your-config>.yaml${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
echo -e "2. Test the endpoints:"
|
echo -e "3. Test the endpoints:"
|
||||||
echo -e " ${YELLOW}./test_endpoints.sh${NC}"
|
echo -e " ${YELLOW}curl -X POST http://localhost:8081/bap/caller/search${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
echo -e "3. Stop all services:"
|
echo -e "4. Stop all services:"
|
||||||
echo -e " ${YELLOW}cd install && docker compose down${NC}"
|
echo -e " ${YELLOW}cd install && docker compose -f docker-compose-adapter.yml down && docker compose -f docker-compose-adapter2.yml down${NC}"
|
||||||
echo ""
|
echo ""
|
||||||
echo -e "4. View logs:"
|
echo -e "5. View logs:"
|
||||||
echo -e " ${YELLOW}docker compose logs -f [service-name]${NC}"
|
echo -e " ${YELLOW}cd install && docker compose -f docker-compose-adapter2.yml logs -f onix-adapter${NC}"
|
||||||
echo -e "${GREEN}========================================${NC}"
|
echo -e "${GREEN}========================================${NC}"
|
||||||
Reference in New Issue
Block a user