From 2eadd8ca588fc739b6ca4aecd712f99aa1a1561f Mon Sep 17 00:00:00 2001 From: "mayur.popli" Date: Mon, 18 Aug 2025 15:13:05 +0530 Subject: [PATCH] fix: setup process --- .gitignore | 5 +- SETUP.md | 215 ++++++++++++++++++++++++++++++++++++++++++++- docker-compose.yml | 211 ++++++++++++++++++++++++++++++++++++++++++++ setup.sh | 125 ++++++++++++++++++++++++++ 4 files changed, 552 insertions(+), 4 deletions(-) create mode 100644 docker-compose.yml create mode 100755 setup.sh diff --git a/.gitignore b/.gitignore index 12018c1..f6adaa9 100644 --- a/.gitignore +++ b/.gitignore @@ -138,4 +138,7 @@ coverage.out coverage.html # Ignore the schema directory used for testing -/schemas/ \ No newline at end of file +/schemas/ +# Generated files +.env.vault +server diff --git a/SETUP.md b/SETUP.md index a402531..30601f3 100644 --- a/SETUP.md +++ b/SETUP.md @@ -59,7 +59,45 @@ redis-cli --version --- -## Development Setup +## Quick Start (Recommended) + +For a complete Beckn network setup with all services, use our automated setup: + +```bash +# Clone the repository +git clone https://github.com/beckn/beckn-onix.git +cd beckn-onix + +# Run the complete setup (includes all services) +chmod +x setup.sh +./setup.sh + +# Start the Beckn-ONIX server +source .env.vault && ./server --config=config/local-dev.yaml +``` + +This will automatically: +- Start all Beckn network services (Registry, Gateway, BAP, BPP) +- Configure Redis and Vault +- Build all plugins +- Set up authentication +- Create environment variables + +**Services Started:** +- Registry: http://localhost:3000 +- Gateway: http://localhost:4000 +- BAP Client: http://localhost:5001 +- BPP Client: http://localhost:6001 +- Vault: http://localhost:8200 +- Redis: localhost:6379 +- Beckn-ONIX: http://localhost:8081 + +**To stop all services:** `docker compose down` +**To view logs:** `docker compose logs -f [service-name]` + +--- + +## Development Setup (Manual) ### Step 1: Clone the Repository @@ -184,6 +222,13 @@ modules: role: bap registryUrl: http://localhost:8080/reg plugins: + keyManager: + id: keymanager + config: + projectID: beckn-onix-local + vaultAddr: http://localhost:8200 + kvVersion: v2 + mountPath: beckn cache: id: cache config: @@ -194,6 +239,8 @@ modules: schemaDir: ./schemas signValidator: id: signvalidator + config: + publicKeyPath: beckn/keys router: id: router config: @@ -204,6 +251,7 @@ modules: uuidKeys: transaction_id,message_id role: bap steps: + - validateSign - addRoute - validateSchema @@ -214,6 +262,13 @@ modules: role: bap registryUrl: http://localhost:8080/reg plugins: + keyManager: + id: keymanager + config: + projectID: beckn-onix-local + vaultAddr: http://localhost:8200 + kvVersion: v2 + mountPath: beckn cache: id: cache config: @@ -240,6 +295,13 @@ modules: role: bpp registryUrl: http://localhost:8080/reg plugins: + keyManager: + id: keymanager + config: + projectID: beckn-onix-local + vaultAddr: http://localhost:8200 + kvVersion: v2 + mountPath: beckn cache: id: cache config: @@ -250,6 +312,8 @@ modules: schemaDir: ./schemas signValidator: id: signvalidator + config: + publicKeyPath: beckn/keys router: id: router config: @@ -266,6 +330,13 @@ modules: role: bpp registryUrl: http://localhost:8080/reg plugins: + keyManager: + id: keymanager + config: + projectID: beckn-onix-local + vaultAddr: http://localhost:8200 + kvVersion: v2 + mountPath: beckn cache: id: cache config: @@ -322,16 +393,154 @@ routingRules: - support ``` -### Step 9: Run the Application +### Step 9: Run the Application with HashiCorp Vault + +Since the configuration now includes the keyManager plugin for signing capabilities, you need to set up Vault: + +#### Quick Setup (Recommended) + +**Note:** Make sure Redis is already running from Step 5. ```bash -# Run with local configuration +# Make the script executable +chmod +x start-vault.sh + +# Run the automated setup script +./start-vault.sh + +# This creates a .env.vault file with your credentials +# Source it and run the server +source .env.vault && ./server --config=config/local-dev.yaml +``` + +That's it! The script handles everything automatically. + +#### Manual Setup (Advanced) + +If you prefer to set up Vault manually or need custom configuration: + +```bash +# 1. Start Vault container +docker run -d \ + --name vault-dev \ + --cap-add=IPC_LOCK \ + -p 8200:8200 \ + -e 'VAULT_DEV_ROOT_TOKEN_ID=root' \ + hashicorp/vault:latest + +# 2. Configure Vault (run the setup script) +chmod +x config/setup-vault.sh +./config/setup-vault.sh + +# 3. Export the displayed credentials +export VAULT_ROLE_ID= +export VAULT_SECRET_ID= + +# 4. Run the server +./server --config=config/local-dev.yaml +``` + +#### What the Setup Does + +- Starts Vault in development mode on port 8200 +- Enables AppRole authentication +- Creates necessary policies and roles +- Sets up the KV secrets engine at path `beckn` +- Stores sample keys for both BAP and BPP +- Generates and saves credentials to `.env.vault` + +#### Accessing Vault UI + +- **URL:** http://localhost:8200 +- **Token:** root + +#### Troubleshooting + +If you get "invalid role or secret ID" error, the SECRET_ID has expired. Simply run: +```bash +./start-vault.sh +source .env.vault +``` + +**Alternative: Simple Docker Run Command** + +```bash +# Start Vault in dev mode with initial setup +docker run -d \ + --name vault-dev \ + --cap-add=IPC_LOCK \ + -p 8200:8200 \ + -e 'VAULT_DEV_ROOT_TOKEN_ID=root' \ + -e 'VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200' \ + hashicorp/vault:latest + +# Wait for Vault to be ready +sleep 3 + +# Setup Vault using a single command +docker exec vault-dev sh -c " + export VAULT_ADDR='http://127.0.0.1:8200' && + export VAULT_TOKEN='root' && + vault secrets enable -path=beckn kv-v2 && + vault kv put beckn/keys/bap private_key='sample_bap_private_key' public_key='sample_bap_public_key' && + vault kv put beckn/keys/bpp private_key='sample_bpp_private_key' public_key='sample_bpp_public_key' +" +``` + +**Step 9b: Set Environment Variables and Run** + +```bash +# Get the AppRole credentials from Vault container logs +docker logs vault-dev | grep "VAULT_ROLE_ID\|VAULT_SECRET_ID" + +# Copy the displayed credentials and export them +# They will look something like this: +export VAULT_ROLE_ID='' +export VAULT_SECRET_ID='' + +# Run the server ./server --config=config/local-dev.yaml # Or using go run go run cmd/adapter/main.go --config=config/local-dev.yaml ``` +**Note:** The Vault address is already configured in `config/local-dev.yaml` as `http://localhost:8200`. The docker-compose automatically sets up AppRole authentication and displays the credentials in the logs. + +**Alternative: Create a startup script** + +Create `run-with-vault.sh`: + +```bash +#!/bin/bash +# Set Vault environment variables +export VAULT_ADDR=${VAULT_ADDR:-"http://localhost:8200"} +export VAULT_TOKEN=${VAULT_TOKEN:-"root"} # For dev mode + +# Or use AppRole auth for production-like setup +# export VAULT_ROLE_ID=${VAULT_ROLE_ID:-"beckn-role-id"} +# export VAULT_SECRET_ID=${VAULT_SECRET_ID:-"beckn-secret-id"} + +echo "Starting Beckn-ONIX with Vault key management..." +echo "Vault Address: $VAULT_ADDR" + +# Check if Vault is accessible +if ! curl -s "$VAULT_ADDR/v1/sys/health" > /dev/null 2>&1; then + echo "Error: Cannot reach Vault at $VAULT_ADDR" + echo "Please start Vault first with: vault server -dev -dev-root-token-id='root'" + exit 1 +fi + +# Run the server +./server --config=config/local-dev.yaml +``` + +Make it executable and run: +```bash +chmod +x run-with-vault.sh +./run-with-vault.sh +``` + The server will start on `http://localhost:8081` ### Step 10: Verify Setup diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..aa96cb2 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,211 @@ +version: '3.8' + +networks: + beckn_network: + driver: bridge + name: beckn_network + +volumes: + # BAP volumes + bap_client_config_volume: + bap_client_schemas_volume: + bap_client_logs_volume: + bap_network_config_volume: + bap_network_schemas_volume: + bap_network_logs_volume: + # BPP volumes + bpp_client_config_volume: + bpp_client_schemas_volume: + bpp_client_logs_volume: + bpp_network_config_volume: + bpp_network_schemas_volume: + bpp_network_logs_volume: + # Gateway and Registry volumes + gateway_data_volume: + registry_data_volume: + +services: + # ============================================ + # Core Infrastructure Services + # ============================================ + + # Redis - Caching Service + redis: + image: redis:alpine + container_name: redis + ports: + - "6379:6379" + networks: + - beckn_network + healthcheck: + test: ["CMD", "redis-cli", "ping"] + interval: 5s + timeout: 3s + retries: 5 + + # Vault - Key Management Service + vault: + image: hashicorp/vault:latest + container_name: vault + cap_add: + - IPC_LOCK + ports: + - "8200:8200" + environment: + VAULT_DEV_ROOT_TOKEN_ID: root + VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200 + command: server -dev -dev-root-token-id=root + networks: + - beckn_network + healthcheck: + test: ["CMD", "vault", "status"] + interval: 5s + timeout: 3s + retries: 5 + + # ============================================ + # Beckn Network Services + # ============================================ + + # Registry - Central registry for network participants + registry: + image: fidedocker/registry:latest + container_name: registry + ports: + - "3000:3000" # Main registry port + - "3030:3030" # Admin/monitoring port + volumes: + - registry_data_volume:/usr/src/app/data + networks: + - beckn_network + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 30s + timeout: 10s + retries: 3 + + # Gateway - Network gateway for routing + gateway: + image: fidedocker/gateway:latest + container_name: gateway + ports: + - "4000:4000" # Main gateway port + - "4030:4030" # Admin/monitoring port + volumes: + - gateway_data_volume:/usr/src/app/data + networks: + - beckn_network + depends_on: + - registry + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:4000/health"] + interval: 30s + timeout: 10s + retries: 3 + + # ============================================ + # BAP Services (Buyer App) + # ============================================ + + # BAP Client - Buyer App Client + bap-client: + image: fidedocker/protocol-server:latest + container_name: bap-client + ports: + - "5001:5001" + volumes: + - bap_client_config_volume:/usr/src/app/config + - bap_client_schemas_volume:/usr/src/app/schemas + - bap_client_logs_volume:/usr/src/app/logs + networks: + - beckn_network + depends_on: + - registry + - gateway + environment: + - NODE_ENV=development + - PORT=5001 + - REGISTRY_URL=http://registry:3000 + - GATEWAY_URL=http://gateway:4000 + + # BAP Network - Buyer App Network Layer + bap-network: + image: fidedocker/protocol-server:latest + container_name: bap-network + ports: + - "5002:5002" + volumes: + - bap_network_config_volume:/usr/src/app/config + - bap_network_schemas_volume:/usr/src/app/schemas + - bap_network_logs_volume:/usr/src/app/logs + networks: + - beckn_network + depends_on: + - registry + - gateway + - bap-client + environment: + - NODE_ENV=development + - PORT=5002 + - REGISTRY_URL=http://registry:3000 + - GATEWAY_URL=http://gateway:4000 + + # ============================================ + # BPP Services (Seller App) + # ============================================ + + # BPP Client - Seller App Client + bpp-client: + image: fidedocker/protocol-server:latest + container_name: bpp-client + ports: + - "6001:6001" + volumes: + - bpp_client_config_volume:/usr/src/app/config + - bpp_client_schemas_volume:/usr/src/app/schemas + - bpp_client_logs_volume:/usr/src/app/logs + networks: + - beckn_network + depends_on: + - registry + - gateway + environment: + - NODE_ENV=development + - PORT=6001 + - REGISTRY_URL=http://registry:3000 + - GATEWAY_URL=http://gateway:4000 + + # BPP Network - Seller App Network Layer + bpp-network: + image: fidedocker/protocol-server:latest + container_name: bpp-network + ports: + - "6002:6002" + volumes: + - bpp_network_config_volume:/usr/src/app/config + - bpp_network_schemas_volume:/usr/src/app/schemas + - bpp_network_logs_volume:/usr/src/app/logs + networks: + - beckn_network + depends_on: + - registry + - gateway + - bpp-client + environment: + - NODE_ENV=development + - PORT=6002 + - REGISTRY_URL=http://registry:3000 + - GATEWAY_URL=http://gateway:4000 + +# Port Summary: +# - 3000: Registry (Main) +# - 3030: Registry (Admin) +# - 4000: Gateway (Main) +# - 4030: Gateway (Admin) +# - 5001: BAP Client +# - 5002: BAP Network +# - 6001: BPP Client +# - 6002: BPP Network +# - 6379: Redis +# - 8200: Vault +# - 8081: Beckn-ONIX Server (run separately) \ No newline at end of file diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..cd002fb --- /dev/null +++ b/setup.sh @@ -0,0 +1,125 @@ +#!/bin/bash + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +BLUE='\033[0;34m' +NC='\033[0m' # No Color + +echo -e "${BLUE}========================================${NC}" +echo -e "${BLUE}Beckn-ONIX Complete Setup${NC}" +echo -e "${BLUE}========================================${NC}" + +# Check if Docker is running +if ! docker info > /dev/null 2>&1; then + echo -e "${RED}Error: Docker is not running. Please start Docker first.${NC}" + exit 1 +fi + +# Step 1: Start all services with docker-compose +echo -e "${YELLOW}Step 1: Starting all Beckn network services...${NC}" +docker compose down 2>/dev/null +docker compose up -d + +# Wait for services to be ready +echo -e "${YELLOW}Waiting for services to be ready...${NC}" +sleep 10 + +# Step 2: Configure Vault +echo -e "${YELLOW}Step 2: Configuring Vault for key management...${NC}" + +# Wait for Vault to be ready +for i in {1..30}; do + if docker exec -e VAULT_ADDR=http://127.0.0.1:8200 vault vault status > /dev/null 2>&1; then + echo -e "${GREEN}Vault is ready!${NC}" + break + fi + if [ $i -eq 30 ]; then + echo -e "${RED}Error: Vault failed to start${NC}" + exit 1 + fi + sleep 1 +done + +# Configure Vault +docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault auth enable approle > /dev/null 2>&1 || true + +echo 'path "beckn/*" { capabilities = ["create", "read", "update", "delete", "list"] }' | \ + docker exec -i -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault policy write beckn-policy - > /dev/null 2>&1 + +docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault write auth/approle/role/beckn-role \ + token_policies="beckn-policy" \ + token_ttl=24h \ + token_max_ttl=48h > /dev/null 2>&1 + +# Get credentials +ROLE_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault read -field=role_id auth/approle/role/beckn-role/role-id 2>/dev/null) +SECRET_ID=$(docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault write -field=secret_id -f auth/approle/role/beckn-role/secret-id 2>/dev/null) + +# Enable KV v2 secrets engine +docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault secrets enable -path=beckn kv-v2 > /dev/null 2>&1 || true + +# Store sample keys +docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault kv put beckn/keys/bap \ + private_key='sample_bap_private_key' \ + public_key='sample_bap_public_key' > /dev/null 2>&1 + +docker exec -e VAULT_ADDR=http://127.0.0.1:8200 -e VAULT_TOKEN=root vault \ + vault kv put beckn/keys/bpp \ + private_key='sample_bpp_private_key' \ + public_key='sample_bpp_public_key' > /dev/null 2>&1 + +# Step 3: Build plugins +echo -e "${YELLOW}Step 3: Building plugins...${NC}" +if [ -f "./build-plugins.sh" ]; then + chmod +x ./build-plugins.sh + ./build-plugins.sh +else + echo -e "${RED}Warning: build-plugins.sh not found. Please build plugins manually.${NC}" +fi + +# Step 4: Build server +echo -e "${YELLOW}Step 4: Building Beckn-ONIX server...${NC}" +go build -o server cmd/adapter/main.go + +# Create .env.vault file +echo -e "${YELLOW}Step 5: Creating environment file...${NC}" +cat > .env.vault <