lamassu/lamassu-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

changes cherry picked from dev to stable (#169)

Browse source 
* lamassu-update to update crontab

* lamassu update and install script to point to #stable branch

* lamassu update and install script to point to #stable branch

* removing outdated & unused script

* crontab update fix + npm rebuild path fix
This commit is contained in:
Fabio Cigliano 2018-09-22 19:45:38 +02:00 committed by Josh Harvey
parent 59cb5da61c
commit 9b7972017d
6 changed files with 15 additions and 304 deletions
Download patch file Download diff file Expand all files Collapse all files

19
bin/lamassu-hd-address
View file

@ -1,19 +0,0 @@
#!/usr/bin/env node
const HKDF = require('node-hkdf-sync')
const wallet = require('lamassu-geth')
const pify = require('pify')
const fs = pify(require('fs'))
const options = require('../lib/options')
function computeSeed (masterSeed) {
const hkdf = new HKDF('sha256', 'lamassu-server-salt', masterSeed)
return hkdf.derive('wallet-seed', 32)
}
fs.readFile(options.seedPath, 'utf8')
.then(hex => {
const masterSeed = Buffer.from(hex.trim(), 'hex')
console.log(wallet.defaultAddress({seed: computeSeed(masterSeed)}))
})

31
bin/lamassu-install-bitcoind
View file

@ -1,31 +0,0 @@
#!/usr/bin/env bash
set -e
if [ "$(whoami)" != "root" ]; then
echo -e "This script has to be run as \033[1mroot\033[0m user"
exit 3
fi
export LOG_FILE=/tmp/install.log
ufw allow 8333/tcp >> $LOG_FILE 2>&1
CONFIG_DIR=$HOME/.bitcoin
CONFIG=$CONFIG_DIR/bitcoin.conf
mkdir -p $CONFIG_DIR
PASS=$(openssl rand -hex 32)
cat > $CONFIG <<EOF
server=1
connections=40
rpcuser=lamassu
rpcpassword=$PASS
keypool=10000
prune=4000
daemon=0
EOF
pm2 start bitcoind >> $LOG_FILE 2>&1
pm2 save >> $LOG_FILE 2>&1
echo "Success."

34
bin/lamassu-install-geth
View file

@ -1,34 +0,0 @@
#!/usr/bin/env bash
set -e
if [ "$(whoami)" != "root" ]; then
echo -e "This script has to be run as \033[1mroot\033[0m user"
exit 3
fi
echo "Activating geth (Ethereum server wallet)..."
export LOG_FILE=/tmp/install.log
SEEDS_DIR=$HOME/seeds
SEED_FILE=$SEEDS_DIR/seed.txt
SEED=$(cat $SEED_FILE)
PASS_FILE=$SEEDS_DIR/geth.txt
hkdf geth-pw $SEED > $PASS_FILE
ACCOUNT_STR=$(geth --password $PASS_FILE account new)
ACCOUNT=$(echo $ACCOUNT_STR | grep -o '{.*}' | tr -d '{}')
ufw allow 30303/tcp >> $LOG_FILE 2>&1 # Ethereum
SCRIPTS_DIR=$HOME/scripts
mkdir -p $SCRIPTS_DIR
GETH_SCRIPT=$SCRIPTS_DIR/geth.sh
# NOTE: We need to combine stderr with stdout because geth prints info to stderr
echo "geth --fast --rpc --unlock $ACCOUNT --password $PASS_FILE 2>&1" > $GETH_SCRIPT
chmod 755 $GETH_SCRIPT
pm2 start $GETH_SCRIPT >> $LOG_FILE 2>&1
pm2 save >> $LOG_FILE 2>&1
echo "Success. Your main account is 0x$ACCOUNT."

12
bin/lamassu-update
View file

@ -35,10 +35,10 @@ n lts >> ${LOG_FILE} 2>&1
decho "version installed $(node -v)" decho "version installed $(node -v)"
decho "updating lamassu-server" decho "updating lamassu-server"
npm -g install lamassu/lamassu-server#v5 --unsafe-perm >> ${LOG_FILE} 2>&1 npm -g install lamassu/lamassu-server#stable --unsafe-perm >> ${LOG_FILE} 2>&1
decho "rebuilding npm deps" decho "rebuilding npm deps"
cd /usr/local/lib/node_modules/lamassu-server/ >> ${LOG_FILE} 2>&1 cd $(npm root -g)/lamassu-server/ >> ${LOG_FILE} 2>&1
npm rebuild >> ${LOG_FILE} 2>&1 npm rebuild >> ${LOG_FILE} 2>&1
decho "running migration" decho "running migration"
@ -54,4 +54,10 @@ decho "updating lamassu-server"
supervisorctl update lamassu-server >> ${LOG_FILE} 2>&1 supervisorctl update lamassu-server >> ${LOG_FILE} 2>&1
supervisorctl update lamassu-admin-server >> ${LOG_FILE} 2>&1 supervisorctl update lamassu-admin-server >> ${LOG_FILE} 2>&1
echo "Update complete!" decho "updating backups conf"
BACKUP_CMD=${NPM_BIN}/lamassu-backup-pg
BACKUP_CRON="@daily $BACKUP_CMD > /dev/null"
( (crontab -l 2>/dev/null || echo -n "") | grep -v '@daily.*lamassu-backup-pg'; echo $BACKUP_CRON ) | crontab - >> $LOG_FILE 2>&1
$BACKUP_CMD >> $LOG_FILE 2>&1
decho "Update complete!"

216
install
View file

@ -1,216 +0,0 @@
#!/usr/bin/env bash
set -e
export LOG_FILE=/tmp/install.log
NODE_MODULES=/usr/local/share/.config/yarn/global/node_modules
CERT_DIR=/etc/ssl/certs
KEY_DIR=/etc/ssl/private
CONFIG_DIR=/etc/lamassu
MIGRATE_STATE_PATH=$CONFIG_DIR/.migrate
CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
SEEDS_DIR=$HOME/seeds
SEED_FILE=$SEEDS_DIR/seed.txt
BACKUP_DIR=/var/backups/postgresql
BLOCKCHAIN_DIR=/mnt/blockchains
OFAC_DATA_DIR=/opt/lamassu-server/sanctions
# Look into http://unix.stackexchange.com/questions/140734/configure-localtime-dpkg-reconfigure-tzdata
decho () {
echo `date +"%H:%M:%S"` $1
echo `date +"%H:%M:%S"` $1 >> $LOG_FILE
}
retry() {
local -r -i max_attempts="$1"; shift
local -r cmd="$@"
local -i attempt_num=1
until $cmd
do
if (( attempt_num == max_attempts ))
then
echo
echo "****************************************************************"
echo "Attempt $attempt_num failed and there are no more attempts left!"
return 1
else
echo
echo "****************************************************************"
echo "Attempt $attempt_num failed! Trying again in $attempt_num seconds..."
sleep $(( attempt_num++ ))
fi
done
}
rm -f $LOG_FILE
cat <<'FIG'
_
| | __ _ _ __ ___ __ _ ___ ___ _ _ ___ ___ _ ____ _____ _ __
| |/ _` | '_ ` _ \ / _` / __/ __| | | |_____/ __|/ _ \ '__\ \ / / _ \ '__|
| | (_| | | | | | | (_| \__ \__ \ |_| |_____\__ \ __/ | \ V / __/ |
|_|\__,_|_| |_| |_|\__,_|___/___/\__,_| |___/\___|_| \_/ \___|_|
FIG
echo -e "\nStarting \033[1mlamassu-server\033[0m install. This will take a few minutes...\n"
if [ "$(whoami)" != "root" ]; then
echo -e "This script has to be run as \033[1mroot\033[0m user"
exit 3
fi
# So we don't run out of memory
decho "Enabling swap file for install only..."
fallocate -l 1G /swapfile >> $LOG_FILE 2>&1
chmod 600 /swapfile >> $LOG_FILE 2>&1
mkswap /swapfile >> $LOG_FILE 2>&1
swapon /swapfile >> $LOG_FILE 2>&1
IP=$(ifconfig eth0 | grep "inet addr" | awk -F: '{print $2}' | awk '{print $1}')
decho "Updating system..."
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - >> $LOG_FILE 2>&1
apt update >> $LOG_FILE 2>&1
decho "Installing necessary packages..."
apt install nodejs python-minimal build-essential postgresql libpq-dev -y -q >> $LOG_FILE 2>&1
decho "Generating seed..."
mkdir -p $SEEDS_DIR >> $LOG_FILE 2>&1
SEED=$(openssl rand -hex 32)
echo $SEED > $SEED_FILE
decho "Installing yarn package manager for node..."
npm -g --unsafe-perm install yarn >> $LOG_FILE 2>&1
decho "Installing lamassu-server..."
retry 3 yarn global add pm2 >> $LOG_FILE 2>&1
retry 3 yarn global add lamassu/lamassu-server#v5 >> $LOG_FILE 2>&1
decho "Creating postgres user..."
POSTGRES_PW=$(hkdf postgres-pw $SEED)
su -l postgres >> $LOG_FILE 2>&1 <<EOF
psql -c "CREATE ROLE lamassu_pg WITH LOGIN SUPERUSER PASSWORD '$POSTGRES_PW';"
createdb lamassu
EOF
mkdir -p $CERT_DIR >> $LOG_FILE 2>&1
mkdir -p $CONFIG_DIR >> $LOG_FILE 2>&1
decho "Generating SSL certificates..."
openssl genrsa \
-out $CA_KEY_PATH \
4096 >> $LOG_FILE 2>&1
openssl req \
-x509 \
-sha256 \
-new \
-nodes \
-key $CA_KEY_PATH \
-days 3560 \
-out $CA_PATH \
-subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is" \
>> $LOG_FILE 2>&1
openssl genrsa \
-out $SERVER_KEY_PATH \
4096 >> $LOG_FILE 2>&1
openssl req -new \
-key $SERVER_KEY_PATH \
-out /tmp/Lamassu_OP.csr.pem \
-subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=$IP" \
-reqexts SAN \
-sha256 \
-config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=IP.1:$IP")) \
>> $LOG_FILE 2>&1
openssl x509 \
-req -in /tmp/Lamassu_OP.csr.pem \
-CA $CA_PATH \
-CAkey $CA_KEY_PATH \
-CAcreateserial \
-out $SERVER_CERT_PATH \
-extfile <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=IP.1:$IP")) \
-extensions SAN \
-days 3650 >> $LOG_FILE 2>&1
rm /tmp/Lamassu_OP.csr.pem
mkdir -p $OFAC_DATA_DIR
decho "Setting up lamassu.json..."
cat <<EOF > $CONFIG_DIR/lamassu.json
{
"postgresql": "postgres://lamassu_pg:$POSTGRES_PW@localhost/lamassu",
"seedPath": "$SEED_FILE",
"caPath": "$CA_PATH",
"certPath": "$SERVER_CERT_PATH",
"keyPath": "$SERVER_KEY_PATH",
"hostname": "$IP",
"logLevel": "info",
"migrateStatePath": "$MIGRATE_STATE_PATH",
"blockchainDir": "$BLOCKCHAIN_DIR",
"ofacDataDir": "$OFAC_DATA_DIR",
"strike": {
"baseUrl": "https://api.strike.acinq.co/api/"
},
"coinAtmRadar": {
"url": "https://coinatmradar.info/api/lamassu/"
}
}
EOF
lamassu-migrate-config >> $LOG_FILE 2>&1
decho "Setting up database tables..."
lamassu-migrate >> $LOG_FILE 2>&1
decho "Setting up lamassu-admin..."
ADMIN_REGISTRATION_URL=`lamassu-register admin 2>> $LOG_FILE`
lamassu-apply-defaults >> $LOG_FILE 2>&1
decho "Starting lamassu-admin..."
pm2 start lamassu-admin-server >> $LOG_FILE 2>&1
pm2 start lamassu-server --restart-delay 3000 >> $LOG_FILE 2>&1
pm2 save >> $LOG_FILE 2>&1
pm2 startup >> $LOG_FILE 2>&1
decho "Setting up backups..."
BIN=$(yarn global bin)
BACKUP_CMD=$BIN/lamassu-backup-pg
mkdir -p $BACKUP_DIR
BACKUP_CRON="@daily $BACKUP_CMD > /dev/null"
echo $BACKUP_CRON | crontab - >> $LOG_FILE 2>&1
$BACKUP_CMD >> $LOG_FILE 2>&1
decho "Setting up firewall..."
ufw allow ssh >> $LOG_FILE 2>&1
ufw allow 443/tcp >> $LOG_FILE 2>&1 # Admin
ufw allow 3000/tcp >> $LOG_FILE 2>&1 # Server
ufw -f enable >> $LOG_FILE 2>&1
decho "Disabling swap file..."
swapoff /swapfile >> $LOG_FILE 2>&1
echo
decho "Done! Now it's time to configure Lamassu stack."
echo
echo -e "\n*** IMPORTANT ***"
echo "In a private space, run lamassu-mnemonic, write down the words"
echo "and keep them in a safe place."
echo
echo "This secret will allow you to retrieve system passwords, including "
echo "the keys to some of your crypto accounts."
echo
echo
echo "Activation URL for lamassu-admin:"
echo $ADMIN_REGISTRATION_URL

7
lib/blockchain/install.js
View file

@ -60,7 +60,12 @@ function processCryptos (codes) {
const blockchainDir = coinUtils.blockchainDir() const blockchainDir = coinUtils.blockchainDir()
const backupDir = path.resolve(os.homedir(), 'backups') const backupDir = path.resolve(os.homedir(), 'backups')
const rsyncCmd = `echo "@daily rsync -r --prune-empty-dirs --include='*/' --include='wallet.dat' --exclude='*' ${blockchainDir} ${backupDir} > /dev/null" | crontab -` const rsyncCmd = `( \
(crontab -l 2>/dev/null || echo -n "") | grep -v "@daily rsync ".*"wallet.dat"; \
echo "@daily rsync -r --prune-empty-dirs --include='*/' \
--include='wallet.dat' \
--exclude='*' ${blockchainDir} ${backupDir} > /dev/null" \
) | crontab -`
common.es(rsyncCmd) common.es(rsyncCmd)
logger.info('Installation complete.') logger.info('Installation complete.')