[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-grid5k] 05/141: update init scripts
From: |
gnunet |
Subject: |
[taler-grid5k] 05/141: update init scripts |
Date: |
Thu, 18 Nov 2021 14:49:06 +0100 |
This is an automated email from the git hooks/post-receive script.
marco-boss pushed a commit to branch master
in repository grid5k.
commit 4cfe3dd6468593c52d29df351950659856cff066
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Sat Oct 2 21:54:04 2021 +0200
update init scripts
---
etc/nginx/sites-enabled/default | 14 ++
etc/taler/conf.d/exchange-business.conf | 43 ++++++
etc/taler/conf.d/exchange-coins.conf | 158 +++++++++++++++++++++
etc/taler/conf.d/exchange-system.conf | 10 ++
etc/taler/overrides.conf | 1 +
.../exchange-accountcredentials.secret.conf | 17 +++
etc/taler/secrets/exchange-db.secret.conf | 10 ++
etc/taler/taler.conf | 47 ++++++
image/taler-debian11.yaml | 29 ++--
scripts/database.sh | 13 +-
scripts/exchange.sh | 25 ++++
11 files changed, 345 insertions(+), 22 deletions(-)
diff --git a/etc/nginx/sites-enabled/default b/etc/nginx/sites-enabled/default
new file mode 100644
index 0000000..d776ca4
--- /dev/null
+++ b/etc/nginx/sites-enabled/default
@@ -0,0 +1,14 @@
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name localhost;
+
+ location / {
+ proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ #proxy_set_header X-Forwarded-Host "example.com";
+ #proxy_set_header X-Forwarded-Proto "https";
+ }
+}
diff --git a/etc/taler/conf.d/exchange-business.conf
b/etc/taler/conf.d/exchange-business.conf
new file mode 100755
index 0000000..4cc10a7
--- /dev/null
+++ b/etc/taler/conf.d/exchange-business.conf
@@ -0,0 +1,43 @@
+# Configuration for business-level aspects of the exchange.
+
+[exchange]
+
+# Here you MUST add the master public key of the offline system
+# which you can get using `taler-exchange-offline setup`.
+# This is just an example, your key will be different!
+# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
+MASTER_PUBLIC_KEY = <MASTER_KEY_HERE>
+
+# Publicly visible base URL of the exchange.
+# BASE_URL = https://example.com/
+BASE_URL = <BASE_URL_HERE>
+
+# For your terms of service and privacy policy, you should specify
+# an Etag that must be updated whenever there are significant
+# changes to either document. The format is up to you, what matters
+# is that the value is updated and never re-used. See the HTTP
+# specification on Etags.
+# TERMS_ETAG =
+# PRIVACY_ETAG =
+
+[bank]
+HTTP_PORT = 8082
+SERVE = http
+MAX_DEBT = KUDOS:100000000000.0
+MAX_DEBT_BANK = KUDOS:1000000000000000.0
+
+
+# Bank accounts used by the exchange should be specified here:
+[exchange-account-1]
+
+enable_credit = yes
+enable_debit = yes
+
+# Account identifier in the form of an RFC-8905 payto:// URI.
+# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
+# Make sure to URL-encode spaces in $NAME!
+payto_uri = payto://x-taler-bank/localhost/Exchnage
+
+# Credentials to access the account are in a separate
+# config file with restricted permissions.
+@inline-secret@ exchange-accountcredentials-1
../secrets/exchange-accountcredentials.secret.conf
diff --git a/etc/taler/conf.d/exchange-coins.conf
b/etc/taler/conf.d/exchange-coins.conf
new file mode 100755
index 0000000..f1c6f5c
--- /dev/null
+++ b/etc/taler/conf.d/exchange-coins.conf
@@ -0,0 +1,158 @@
+# Coin configuration for the exchange.
+# Should be placed in "/etc/taler/conf.d/exchange-coins.conf".
+
+[COIN-KUDOS-n1-t1633183611]
+VALUE = KUDOS:0.01
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n2-t1633183611]
+VALUE = KUDOS:0.02
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n3-t1633183611]
+VALUE = KUDOS:0.04
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n4-t1633183611]
+VALUE = KUDOS:0.08
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n5-t1633183611]
+VALUE = KUDOS:0.16
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n6-t1633183611]
+VALUE = KUDOS:0.32
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n7-t1633183611]
+VALUE = KUDOS:0.64
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n8-t1633183611]
+VALUE = KUDOS:1.28
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n9-t1633183611]
+VALUE = KUDOS:2.56
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n10-t1633183611]
+VALUE = KUDOS:5.12
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n11-t1633183611]
+VALUE = KUDOS:10.24
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n12-t1633183611]
+VALUE = KUDOS:20.48
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n13-t1633183611]
+VALUE = KUDOS:40.96
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n14-t1633183611]
+VALUE = KUDOS:81.92
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+
diff --git a/etc/taler/conf.d/exchange-system.conf
b/etc/taler/conf.d/exchange-system.conf
new file mode 100644
index 0000000..75c670f
--- /dev/null
+++ b/etc/taler/conf.d/exchange-system.conf
@@ -0,0 +1,10 @@
+# Configuration settings for system parameters of the exchange.
+
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
+
+[exchange]
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/etc/taler/overrides.conf b/etc/taler/overrides.conf
new file mode 100644
index 0000000..60296ea
--- /dev/null
+++ b/etc/taler/overrides.conf
@@ -0,0 +1 @@
+# This configuration will be changed by tooling. Do not touch it manually.
diff --git a/etc/taler/secrets/exchange-accountcredentials.secret.conf
b/etc/taler/secrets/exchange-accountcredentials.secret.conf
new file mode 100755
index 0000000..5c7e6e1
--- /dev/null
+++ b/etc/taler/secrets/exchange-accountcredentials.secret.conf
@@ -0,0 +1,17 @@
+# This file contains the secret credentials
+# to access the Taler Wire Gateway API (usually
+# provided by LibEuFin) for the exchange accounts.
+#
+# Each exchange-account-* section should have a matching
+# exchange-accountcredentials-* section here.
+#
+# Each of those sections must be imported via @inline-secret@,
+# usually in conf.d/exchange-business.conf.
+
+[exchange-accountcredentials-1]
+
+wire_gateway_auth_method = basic
+password = x
+username = Exchange
+wire_gateway_url = http://localhost:8082/Exchange/
+
diff --git a/etc/taler/secrets/exchange-db.secret.conf
b/etc/taler/secrets/exchange-db.secret.conf
new file mode 100755
index 0000000..cb52d0a
--- /dev/null
+++ b/etc/taler/secrets/exchange-db.secret.conf
@@ -0,0 +1,10 @@
+# Database configuration for the Taler exchange.
+
+[exchangedb-postgres]
+
+# Typically, there should only be a single line here, of the form:
+
+CONFIG=<DB_URL_HERE>
+
+# The details of the URI depend on where the database lives and how
+# access control was configured.
diff --git a/etc/taler/taler.conf b/etc/taler/taler.conf
old mode 100644
new mode 100755
index e69de29..111d109
--- a/etc/taler/taler.conf
+++ b/etc/taler/taler.conf
@@ -0,0 +1,47 @@
+# Main entry point for the GNU Taler configuration.
+#
+# Structure:
+# - taler.conf is the main configuration entry point
+# used by all Taler components (the file you are currently
+# looking at.
+# - overrides.conf contains configuration overrides that are
+# set by some tools that help with the configuration,
+# and should not be edited by humans. Comments in this file
+# are not preserved.
+# - conf.d/ contains configuration files for
+# Taler components, which can be read by all
+# users of the system and are included by the main
+# configuration.
+# - secrets/ contains configuration snippets
+# with secrets for particular services.
+# These files should have restrictive permissions
+# so that only users of the relevant services
+# can read it. All files in it should end with
+# ".secret.conf".
+
+[taler]
+
+# Currency of the Taler deployment. This setting applies to all Taler
+# components that only support a single currency.
+currency = KUDOS
+
+# Smallest currency unit handled by the underlying bank system. Taler payments
+# can make payments smaller than this units, but interactions with external
+# systems is always rounded to this unit.
+currency_round_unit = KUDOS:0.01
+
+
+[paths]
+
+TALER_HOME = /var/lib/taler
+TALER_RUNTIME_DIR = /run/taler
+TALER_CACHE_HOME = /var/cache/taler
+TALER_CONFIG_HOME = /etc/taler
+TALER_DATA_HOME = /var/lib/taler
+
+
+# Inline configurations from all Taler components.
+@inline-matching@ conf.d/*.conf
+
+# Overrides from tools that help with configuration.
+@inline@ overrides.conf
diff --git a/image/taler-debian11.yaml b/image/taler-debian11.yaml
index 2dcf03b..23e29da 100644
--- a/image/taler-debian11.yaml
+++ b/image/taler-debian11.yaml
@@ -38,7 +38,7 @@ global:
# g5k_kernel_params: ""
## Environment visibility
# g5k_visibility: "shared"
- other_packages_no_clean: nginx postgresql-13 taler-exchange taler-auditor
taler-merchant taler-exchange-offline taler-wallet-cli sudo git zile
+ other_packages_no_clean: nginx postgresql-13 taler-exchange taler-auditor
taler-merchant taler-exchange-offline taler-wallet-cli sudo git zile bind9
libtalerexchange-dev
## Other parameters can be changed, see kameleon info debian10-taler.yaml
@@ -51,31 +51,26 @@ setup:
### The setup section is where customizations of the system take place.
## We can request steps from the extended recipe to be executed
- "@base"
- - taler_install:
- - microstep1:
+ ## We add steps required by our customization after or before @base. Use
+ ## kameleon dryrun debian10_custom.yaml to see the resulting steps in the
build.
+ ## The following is given as example only, replace with your steps.
+ - install:
+ - packages:
- exec_in: |
echo "deb https://deb.taler.net/apt/debian bullseye main" >
/etc/apt/sources.list.d/taler.list
wget -O - https://taler.net/taler-systems.gpg.key | apt-key add -
apt-get update
apt-upgrade
apt-get install -y $${other_packages_no_clean}
-
- ## We add steps required by our customization after or before @base. Use
- ## kameleon dryrun debian10_custom.yaml to see the resulting steps in the
build.
- ## The following is given as example only, replace with your steps.
- - add_g5k_repo:
- - microstep1:
+ - disable_services:
+ - exec_in: |
+ systemctl daemon-reload
+ systemctl stop nginx postgresql bind9
+ systemctl disable nginx postgresql bind9
+ - add_g5k_repo:
- exec_in: |
cd /root
git clone git://git.taler.net/grid5k.git
- cp grid5k/gridboot.service /etc/systemd/system/gridboot.service
- chmod 640 /etc/systemd/system/gridboot.service
- cp grid5k/at-boot.sh /usr/local/bin/at-boot.sh
- chmod +x /usr/local/bin/at-boot.sh
- systemctl daemon-reload
- systemctl enable gridboot
- systemctl stop nginx postgresql
- systemctl disable nginx postgresql
export:
### The export section takes in charge the export of your customized
Grid'5000
diff --git a/scripts/database.sh b/scripts/database.sh
index 0ad6864..0ef751c 100755
--- a/scripts/database.sh
+++ b/scripts/database.sh
@@ -2,12 +2,15 @@
systemctl start postgresql
-su - postgres
-
-createdb "${DB_NAME}"
+su postgres << EOF
+createuser taler-exchange-httpd
+createuser taler-exchange-wire
+createuser taler-exchange-aggregator
+createuser taler-exchange-closer
+createdb -O taler-exchange-httpd ${DB_NAME}
+psql
create user "${DB_USER}" with encrypted password "'${DB_PASSWORD}'"
grant all privileges on database "${DB_NAME}" to user "${DB_USER}"
-
-exit
+EOF
exit 0
diff --git a/scripts/exchange.sh b/scripts/exchange.sh
index a9bf588..95c42a8 100755
--- a/scripts/exchange.sh
+++ b/scripts/exchange.sh
@@ -1 +1,26 @@
#!/bin/bash
+
+sed -i
"s\<DB_URL_HERE>\postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}\g"
/etc/taer/secrets/exchange-db.secret.conf
+
+su taler-exchange-httpd taler-exchange-dbinit
+
+su taler-exchange-httpd -s /bin/bash << EOF
+PGPASSWORD=${DB_PASSWORD} psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} -d
${DB_NAME}
+GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO
"taler-exchange-aggregator";
+GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO
"taler-exchange-closer";
+GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO
"taler-exchange-wire";
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-aggregator";
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-closer";
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-wire";
+EOF
+
+MASTER_KEY=$(su taler-exchange-offline taler-exchange-offline setup)
+
+sed -i "s/<MASTER_KEY_HERE>/${MASTER_KEY}/g"
/etc/taler/conf.d/exchange-business.conf
+sed -i "s/<BASE_URL_HERE>/http:$(hostname)/g"
/etc/taler/conf.d/exchange-business.conf
+
+taler-fakebank-run -c /etc/taler/taler.conf &
+
+systemctl start taler-exchange.target nginx
+
+wget http://$(hostname)/management/keys
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-grid5k] 06/141: add env variable template, (continued)
- [taler-grid5k] 06/141: add env variable template, gnunet, 2021/11/18
- [taler-grid5k] 08/141: make pq accesible, gnunet, 2021/11/18
- [taler-grid5k] 11/141: fix exch script, gnunet, 2021/11/18
- [taler-grid5k] 09/141: fix overwriting, gnunet, 2021/11/18
- [taler-grid5k] 01/141: add new version of image, gnunet, 2021/11/18
- [taler-grid5k] 02/141: rename jobs, gnunet, 2021/11/18
- [taler-grid5k] 07/141: update db script, gnunet, 2021/11/18
- [taler-grid5k] 10/141: update bank config, add dns and bank scripts, gnunet, 2021/11/18
- [taler-grid5k] 04/141: add dummy scripts and some etc files, gnunet, 2021/11/18
- [taler-grid5k] 58/141: update wallet script, gnunet, 2021/11/18
- [taler-grid5k] 05/141: update init scripts,
gnunet <=
- [taler-grid5k] 43/141: dynamically update grafana datasources, gnunet, 2021/11/18
- [taler-grid5k] 68/141: update clearing of dns, gnunet, 2021/11/18
- [taler-grid5k] 44/141: fix function name, gnunet, 2021/11/18
- [taler-grid5k] 52/141: fix dns entries for wallets, gnunet, 2021/11/18
- [taler-grid5k] 49/141: add node exporter, gnunet, 2021/11/18
- [taler-grid5k] 50/141: add node-exporters, gnunet, 2021/11/18
- [taler-grid5k] 21/141: remove default pg port, gnunet, 2021/11/18
- [taler-grid5k] 25/141: remove resolv.conf, gnunet, 2021/11/18
- [taler-grid5k] 16/141: add var for bind, gnunet, 2021/11/18
- [taler-grid5k] 30/141: add script order, gnunet, 2021/11/18