Merge pull request #6 from Anh3h/master

FINCN-165: Implement bash scripts to provisioner fineract cn services
apache · Oct 1, 2019 · 4438bd6521738fb10a7852cd2db9ddfbcc164c1f · 4438bd6
2 parents f0e75ee + 8ae755b
commit 4438bd6521738fb10a7852cd2db9ddfbcc164c1f
Showing 5 changed files with 355 additions and 9 deletions.
diff --git a/README.md b/README.md
@@ -5,10 +5,25 @@ This project contains Docker Compose Scripts for running Fineract CN especially
 - Docker
 - Docker-compose
 
-## Automatic or manual provisioning
+## Deploy and provision Fineract CN
 
-You can either try to provision automatically using bash script `bash start-up.sh`
-Or you could achieve the same state by manually following the instructions below:
+You can either deploy and provision Fineract CN automatically using bash scripts or manually using postman.
+
+## 1. Deploy Fineract automtically using bash scripts
+
+ - To start up all the Fineract CN services run:
+
+    `bash start-up.sh`
+ - Then log the last Fineract CN microservice deployed by docker compose (fineract-cn-notification) to make sure all your Fineract services are now available.
+
+    `docker logs -f fineract-cn-docker-compose_notifications-ms_1`
+ - Finally provison the microservices by
+
+    `cd bash_scripts`
+
+    `bash provision.sh playground` #where playground is your tenant name
+
+## 2. Deploy Fineract manually using postman
 
 ## Perquisites
 
@@ -37,7 +52,7 @@ docker-compose up
 First only start provisioner-ms by running following in project root:
 
 ```
-docker-compose up provisioner-ms 
+docker-compose up provisioner-ms
 ```
 after it has started (and created table seshat to Postgre database) you can start rest of the services.
 This is just to make sure provisioner gets to create the database the other services require.

diff --git a/bash_scripts/provision.sh b/bash_scripts/provision.sh
@@ -0,0 +1,311 @@
+#!/bin/bash
+set -e
+
+function init-variables {
+    CASSANDRA_REPLICATION_TYPE="Simple"
+    CASSANDRA_CONTACT_POINTS="cassandra:9042"
+    CASSANDRA_CLUSTER_NAME="Datacenter1"
+    CASSANDRA_REPLICAS="1"
+
+    POSTGRES_DRIVER_CLASS="org.postgresql.Driver"
+    POSTGRES_HOST="postgres"
+    POSTGRES_PWD="postgres"
+    POSTGRESQL_PORT="5432"
+    POSTGRESQL_USER="postgres"
+
+    PROVISIONER_URL="http://provisioner-ms:2020/provisioner/v1"
+    IDENTITY_URL="http://identity-ms:2021/identity/v1"
+    RHYTHM_URL="http://rhythm-ms:2022/rhythm/v1"
+    OFFICE_URL="http://office-ms:2023/office/v1"
+    CUSTOMER_URL="http://customer-ms:2024/customer/v1"
+    ACCOUNTING_URL="http://accounting-ms:2025/accounting/v1"
+    PORTFOLIO_URL="http://portfolio-ms:2026/portfolio/v1"
+    DEPOSIT_URL="http://deposit-account-management-ms:2027/deposit/v1"
+    TELLER_URL="http://teller-ms:2028/teller/v1"
+    REPORT_URL="http://reporting-ms:2029/report/v1"
+    CHEQUES_URL="http://cheques-ms:2030/cheques/v1"
+    PAYROLL_URL="http://payroll-ms:2031/payroll/v1"
+    GROUP_URL="http://group-ms:2032/group/v1"
+    NOTIFICATIONS_URL="http://notifications-ms:2033/notification/v1"
+
+    MS_VENDOR="Apache Fineract"
+    IDENTITY_MS_NAME="identity-v1"
+    RHYTHM_MS_NAME="rhythm-v1"
+    OFFICE_MS_NAME="office-v1"
+    CUSTOMER_MS_NAME="customer-v1"
+    ACCOUNTING_MS_NAME="accounting-v1"
+    PORTFOLIO_MS_NAME="portfolio-v1"
+    DEPOSIT_MS_NAME="deposit-v1"
+    TELLER_MS_NAME="teller-v1"
+    REPORT_MS_NAME="report-v1"
+    CHEQUES_MS_NAME="cheques-v1"
+    PAYROLL_MS_NAME="payroll-v1"
+    GROUP_MS_NAME="group-v1"
+    NOTIFICATIONS_MS_NAME="notification-v1"
+}
+
+function auto-seshat {
+    TOKEN=$( curl -s -X POST -H "Content-Type: application/json" \
+        "$PROVISIONER_URL"'/auth/token?grant_type=password&client_id=service-runner&username=wepemnefret&password=oS/0IiAME/2unkN1momDrhAdNKOhGykYFH/mJN20' \
+         | jq --raw-output '.token' )
+}
+
+function login {
+    local tenant="$1"
+    local username="$2"
+    local password="$3"
+
+    ACCESS_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -H "User: guest" -H "X-Tenant-Identifier: $tenant" \
+       "${IDENTITY_URL}/token?grant_type=password&username=${username}&password=${password}" \
+        | jq --raw-output '.accessToken' )
+}
+
+function create-application {
+    local name="$1"
+    local description="$2"
+    local vendor="$3"
+    local homepage="$4"
+
+    curl -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" \
+    --data '{ "name": "'"$name"'", "description": "'"$description"'", "vendor": "'"$vendor"'", "homepage": "'"$homepage"'" }' \
+     ${PROVISIONER_URL}/applications
+    echo "Created microservice: $name"
+}
+
+function get-application {
+    echo ""
+    echo "Microservices: "
+    curl -s -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" ${PROVISIONER_URL}/applications | jq '.'
+}
+
+function delete-application {
+    local service_name="$1"
+
+    curl -X delete -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" ${PROVISIONER_URL}/applications/${service_name}
+    echo "Deleted microservice: $name"
+}
+
+function create-tenant {
+    local identifier="$1"
+    local name="$2"
+    local description="$3"
+    local database_name="$4"
+
+    curl -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" \
+    --data '{
+	"identifier": "'"$identifier"'",
+	"name": "'"$name"'",
+	"description": "'"$description"'",
+	"cassandraConnectionInfo": {
+		"clusterName": "'"$CASSANDRA_CLUSTER_NAME"'",
+		"contactPoints": "'"$CASSANDRA_CONTACT_POINTS"'",
+		"keyspace": "'"$database_name"'",
+		"replicationType": "'"$CASSANDRA_REPLICATION_TYPE"'",
+		"replicas": "'"$CASSANDRA_REPLICAS"'"
+	},
+	"databaseConnectionInfo": {
+		"driverClass": "'"$POSTGRES_DRIVER_CLASS"'",
+		"databaseName": "'"$database_name"'",
+		"host": "'"$POSTGRES_HOST"'",
+		"port": "'"$POSTGRES_PORT"'",
+		"user": "'"$POSTGRES_USER"'",
+		"password": "'"$POSTGRES_PWD"'"
+	}}' \
+    ${PROVISIONER_URL}/tenants
+    echo "Created tenant: $database_name"
+}
+
+function get-tenants {
+    echo ""
+    echo "Tenants: "
+    curl -s -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" ${PROVISIONER_URL}/tenants | jq '.'
+}
+
+function assign-identity-ms {
+    local tenant="$1"
+
+    ADMIN_PASSWORD=$( curl -s -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" -H "X-Tenant-Identifier: $tenant" \
+	--data '{ "name": "'"$IDENTITY_MS_NAME"'" }' \
+	${PROVISIONER_URL}/tenants/${tenant}/identityservice | jq --raw-output '.adminPassword')
+    echo "Assigned identity microservice for tenant $tenant"
+}
+
+function get-tenant-services {
+    local tenant="$1"
+
+    echo ""
+    echo "$tenant services: "
+    curl -s -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" -H "X-Tenant-Identifier: $tenant" ${PROVISIONER_URL}/tenants/$tenant/applications | jq '.'
+}
+
+function create-scheduler-role {
+    local tenant="$1"
+
+    curl -H "Content-Type: application/json" -H "User: antony" -H "Authorization: ${ACCESS_TOKEN}" -H "X-Tenant-Identifier: $tenant" \
+        --data '{
+                "identifier": "scheduler",
+                "permissions": [
+                        {
+                                "permittableEndpointGroupIdentifier": "identity__v1__app_self",
+                                "allowedOperations": ["CHANGE"]
+                        },
+                        {
+                                "permittableEndpointGroupIdentifier": "portfolio__v1__khepri",
+                                "allowedOperations": ["CHANGE"]
+                        }
+                ]
+        }' \
+        ${IDENTITY_URL}/roles
+    echo "Created scheduler role"
+}
+
+function create-org-admin-role {
+    local tenant="$1"
+
+    curl -H "Content-Type: application/json" -H "User: antony" -H "Authorization: ${ACCESS_TOKEN}" -H "X-Tenant-Identifier: $tenant" \
+        --data '{
+                "identifier": "orgadmin",
+                "permissions": [
+                        {
+                                "permittableEndpointGroupIdentifier": "office__v1__employees",
+                                "allowedOperations": ["READ", "CHANGE", "DELETE"]
+                        },
+                        {
+                                "permittableEndpointGroupIdentifier": "office__v1__offices",
+                                "allowedOperations": ["READ", "CHANGE", "DELETE"]
+                        },
+                        {
+                                "permittableEndpointGroupIdentifier": "identity__v1__users",
+                                "allowedOperations": ["READ", "CHANGE", "DELETE"]
+                        },
+                        {
+                                "permittableEndpointGroupIdentifier": "identity__v1__roles",
+                                "allowedOperations": ["READ", "CHANGE", "DELETE"]
+                        },
+                        {
+                                "permittableEndpointGroupIdentifier": "identity__v1__self",
+                                "allowedOperations": ["READ", "CHANGE", "DELETE"]
+                        },
+                        {
+                                "permittableEndpointGroupIdentifier": "accounting__v1__ledger",
+                                "allowedOperations": ["READ", "CHANGE", "DELETE"]
+                        },
+                        {
+                                "permittableEndpointGroupIdentifier": "accounting__v1__account",
+                                "allowedOperations": ["READ", "CHANGE", "DELETE"]
+                        }
+                ]
+        }' \
+        ${IDENTITY_URL}/roles
+    echo "Created organisation administrator role"
+}
+
+function create-user {
+    local tenant="$1"
+    local user="$2"
+    local user_identifier="$3"
+    local password="$4"
+    local role="$5"
+
+    curl -s -H "Content-Type: application/json" -H "User: $user" -H "Authorization: ${ACCESS_TOKEN}" -H "X-Tenant-Identifier: $tenant" \
+        --data '{
+                "identifier": "'"$user_identifier"'",
+                "password": "'"$password"'",
+                "role": "'"$role"'"
+        }' \
+        ${IDENTITY_URL}/users | jq '.'
+    echo "Created user: $user_identifier"
+}
+
+function get-users {
+    local tenant="$1"
+    local user="$2"
+
+    echo ""
+    echo "Users: "
+    curl -s -H "Content-Type: application/json" -H "User: $user" -H "Authorization: ${ACCESS_TOKEN}" -H "X-Tenant-Identifier: $tenant" ${IDENTITY_URL}/users | jq '.'
+}
+
+function update-password {
+    local tenant="$1"
+    local user="$2"
+    local password="$3"
+
+    curl -s -X PUT -H "Content-Type: application/json" -H "User: $user" -H "Authorization: ${ACCESS_TOKEN}" -H "X-Tenant-Identifier: $tenant" \
+        --data '{
+                "password": "'"$password"'"
+        }' \
+        ${IDENTITY_URL}/users/${user}/password | jq '.'
+    echo "Updated $user password"
+}
+
+function provision-app {
+    local tenant="$1"
+    local service="$2"
+
+    curl -s -X PUT -H "Content-Type: application/json" -H "User: wepemnefret" -H "Authorization: ${TOKEN}" \
+	--data '[{ "name": "'"$service"'" }]' \
+	${PROVISIONER_URL}/tenants/${tenant}/applications | jq '.'
+    echo "Provisioned microservice, $service for tenant, $tenant"
+}
+
+function set-application-permission-enabled-for-user {
+    local tenant="$1"
+    local service="$2"
+    local permission="$3"
+    local user="$4"
+
+    curl -s -X PUT -H "Content-Type: application/json" -H "User: $user" -H "Authorization: ${ACCESS_TOKEN}" -H "X-Tenant-Identifier: $tenant" \
+	--data 'true' \
+	${IDENTITY_URL}/applications/${service}/permissions/${permission}/users/${user}/enabled | jq '.'
+    echo "Enabled permission, $permission for service $service"
+}
+
+init-variables
+auto-seshat
+create-application "$IDENTITY_MS_NAME" "" "$MS_VENDOR" "$IDENTITY_URL"
+create-application "$RHYTHM_MS_NAME" "" "$MS_VENDOR" "$RHYTHM_URL"
+create-application "$OFFICE_MS_NAME" "" "$MS_VENDOR" "$OFFICE_URL"
+create-application "$CUSTOMER_MS_NAME" "" "$MS_VENDOR" "$CUSTOMER_URL"
+create-application "$ACCOUNTING_MS_NAME" "" "$MS_VENDOR" "$ACCOUNTING_URL"
+create-application "$PORTFOLIO_MS_NAME" "" "$MS_VENDOR" "$PORTFOLIO_URL"
+create-application "$DEPOSIT_MS_NAME" "" "$MS_VENDOR" "$DEPOSIT_URL"
+create-application "$TELLER_MS_NAME" "" "$MS_VENDOR" "$TELLER_URL"
+create-application "$REPORT_MS_NAME" "" "$MS_VENDOR" "$REPORT_URL"
+create-application "$CHEQUES_MS_NAME" "" "$MS_VENDOR" "$CHEQUES_URL"
+create-application "$PAYROLL_MS_NAME" "" "$MS_VENDOR" "$PAYROLL_URL"
+create-application "$GROUP_MS_NAME" "" "$MS_VENDOR" "$GROUP_URL"
+create-application "$NOTIFICATIONS_MS_NAME" "" "$MS_VENDOR" "$NOTIFICATIONS_URL"
+
+#Set tenant identifier
+TENANT=$1
+create-tenant ${TENANT} "${TENANT}" "All in one Demo Server" ${TENANT}
+assign-identity-ms ${TENANT}
+login ${TENANT} "antony" $ADMIN_PASSWORD
+create-scheduler-role ${TENANT}
+create-user ${TENANT} "antony" "imhotep" "p4ssw0rd" "scheduler"
+login ${TENANT} "imhotep" "p4ssw0rd"
+update-password ${TENANT} "imhotep" "p4ssw0rd"
+provision-app ${TENANT} $RHYTHM_MS_NAME
+login ${TENANT} "imhotep" "p4ssw0rd"
+# Rhythm is not available at the moment
+# set-application-permission-enabled-for-user ${TENANT} $RHYTHM_MS_NAME "identity__v1__app_self" "imhotep"
+provision-app ${TENANT} $OFFICE_MS_NAME
+provision-app ${TENANT} $ACCOUNTING_MS_NAME
+provision-app ${TENANT} $PORTFOLIO_MS_NAME
+# Rhythm is not available at the moment
+# set-application-permission-enabled-for-user ${TENANT} $RHYTHM_MS_NAME "portfolio__v1__khepri" "imhotep"
+provision-app ${TENANT} $CUSTOMER_MS_NAME
+provision-app ${TENANT} $DEPOSIT_MS_NAME
+provision-app ${TENANT} $TELLER_MS_NAME
+provision-app ${TENANT} $REPORT_MS_NAME
+provision-app ${TENANT} $CHEQUES_MS_NAME
+provision-app ${TENANT} $PAYROLL_MS_NAME
+provision-app ${TENANT} $GROUP_MS_NAME
+provision-app ${TENANT} $NOTIFICATIONS_MS_NAME
+login ${TENANT} "antony" $ADMIN_PASSWORD
+create-org-admin-role ${TENANT}
+create-user ${TENANT} "antony" "operator" "init1@l23" "orgadmin"
+login ${TENANT} "operator" "init1@l"
+
+echo "COMPLETED PROVISIONING PROCESS."
diff --git a/external_tools/docker-compose.yml b/external_tools/docker-compose.yml
@@ -39,6 +39,10 @@ services:
   postgres:
     image: postgres:11
     container_name: postgres
+    command:
+      - "postgres"
+      - "-c"
+      - "max_connections=200"
     environment:
       POSTGRES_USER: postgres
       POSTGRES_PASSWORD: postgres

diff --git a/shut-down-and-reset.sh b/shut-down-and-reset.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+docker-compose down --remove-orphans
+cd external_tools/
+docker-compose down
+cd ..
+docker volume rm external_tools_cassandra-volume
+docker volume rm external_tools_postgres-volume