[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-grid5k] 68/189: add possibility to run multiple exchange-httpd ho
From: |
gnunet |
Subject: |
[taler-grid5k] 68/189: add possibility to run multiple exchange-httpd hosts - services must be run as root, since the nfs does allow to change permissions |
Date: |
Thu, 28 Apr 2022 10:47:18 +0200 |
This is an automated email from the git hooks/post-receive script.
marco-boss pushed a commit to branch master
in repository grid5k.
commit 60757c0658680d5b50ee14beffaf0081e4cf6c14
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Sat Mar 12 10:19:10 2022 +0100
add possibility to run multiple exchange-httpd hosts
- services must be run as root, since the nfs does allow to change
permissions
---
configs/etc/taler/conf.d/exchange-business.conf | 22 ----------------------
configs/etc/taler/conf.d/exchange-secmod.conf | 6 ++++++
configs/etc/taler/conf.d/exchange-system.conf | 5 -----
.../systemd/system/taler-exchange-httpd@.service | 3 ++-
.../system/taler-exchange-secmod-cs.service | 3 ++-
.../system/taler-exchange-secmod-eddsa.service | 3 ++-
.../system/taler-exchange-secmod-rsa.service | 3 ++-
experiment/env | 2 +-
experiment/scripts/exchange.sh | 10 +++++++++-
experiment/scripts/helpers.sh | 8 ++++++++
10 files changed, 32 insertions(+), 33 deletions(-)
diff --git a/configs/etc/taler/conf.d/exchange-business.conf
b/configs/etc/taler/conf.d/exchange-business.conf
index fcb1e3d..ee3458a 100644
--- a/configs/etc/taler/conf.d/exchange-business.conf
+++ b/configs/etc/taler/conf.d/exchange-business.conf
@@ -1,40 +1,18 @@
-# Configuration for business-level aspects of the exchange.
-
[exchange]
-# Here you MUST add the master public key of the offline system
-# which you can get using `taler-exchange-offline setup`.
-# This is just an example, your key will be different!
-# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
MASTER_PUBLIC_KEY = <MASTER_KEY_HERE>
-# Publicly visible base URL of the exchange.
-# BASE_URL = https://example.com/
BASE_URL = <BASE_URL_HERE>
MAX_REQUESTS = <MAX_REQUESTS_HERE>
-# For your terms of service and privacy policy, you should specify
-# an Etag that must be updated whenever there are significant
-# changes to either document. The format is up to you, what matters
-# is that the value is updated and never re-used. See the HTTP
-# specification on Etags.
-# TERMS_ETAG =
-# PRIVACY_ETAG =
-
AGGREGATOR_SHARD_SIZE = <AGGREGATOR_SHARD_SIZE_HERE>
-# Bank accounts used by the exchange should be specified here:
[exchange-account-1]
enable_credit = yes
enable_debit = yes
-# Account identifier in the form of an RFC-8905 payto:// URI.
-# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
-# Make sure to URL-encode spaces in $NAME!
payto_uri = payto://x-taler-bank/<BANK_HOST_HERE>/Exchange
-# Credentials to access the account are in a separate
-# config file with restricted permissions.
@inline-secret@ exchange-accountcredentials-1
../secrets/exchange-accountcredentials.secret.conf
diff --git a/configs/etc/taler/conf.d/exchange-secmod.conf
b/configs/etc/taler/conf.d/exchange-secmod.conf
index ce069d6..9fa8e3a 100644
--- a/configs/etc/taler/conf.d/exchange-secmod.conf
+++ b/configs/etc/taler/conf.d/exchange-secmod.conf
@@ -1,11 +1,17 @@
[taler-exchange-secmod-rsa]
LOOKAHEAD_SIGN = 2 days
+SM_RPIV_KEY = <SM_KEY_DIR_HERE>/exchange-secmod-rsa/secmod-private-key
+KEY_DIR = <SM_KEY_DIR_HERE>/exchange-secmod-rsa/keys
[taler-exchange-secmod-eddsa]
LOOKAHEAD_SIGN = 2 days
+SM_RPIV_KEY = <SM_KEY_DIR_HERE>/exchange-secmod-eddsa/secmod-private-key
+KEY_DIR = <SM_KEY_DIR_HERE>/exchange-secmod-eddsa/keys
[taler-exchange-secmod-cs]
LOOKAHEAD_SIGN = 2 days
+SM_RPIV_KEY = <SM_KEY_DIR_HERE>/exchange-secmod-cs/secmod-private-key
+KEY_DIR = <SM_KEY_DIR_HERE>/exchange-secmod-cs/keys
diff --git a/configs/etc/taler/conf.d/exchange-system.conf
b/configs/etc/taler/conf.d/exchange-system.conf
index 75c670f..a72e368 100644
--- a/configs/etc/taler/conf.d/exchange-system.conf
+++ b/configs/etc/taler/conf.d/exchange-system.conf
@@ -1,10 +1,5 @@
-# Configuration settings for system parameters of the exchange.
-
-# Read secret sections into configuration, but only
-# if we have permission to do so.
@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
[exchange]
-# Only supported database is Postgres right now.
DATABASE = postgres
diff --git a/configs/usr/lib/systemd/system/taler-exchange-httpd@.service
b/configs/usr/lib/systemd/system/taler-exchange-httpd@.service
index bd9ea2f..65b2a93 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-httpd@.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-httpd@.service
@@ -5,7 +5,8 @@ Requires=taler-exchange-httpd@%i.socket
taler-exchange-secmod-rsa.service taler-
After=postgres.service network.target taler-exchange-secmod-rsa.service
taler-exchange-secmod-eddsa.service taler-exchange-secmod-cs.service
[Service]
-User=taler-exchange-httpd
+#User=taler-exchange-httpd
+User=root
Type=simple
# Depending on the configuration, the service suicides and then
# needs to be restarted.
diff --git a/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service
b/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service
index b8df330..4284420 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service
@@ -4,7 +4,8 @@ AssertPathExists=/run/taler/exchange-secmod-cs
PartOf=taler-exchange.target
[Service]
-User=taler-exchange-secmod-cs
+#User=taler-exchange-secmod-cs
+User=root
Type=simple
Restart=on-failure
EnvironmentFile=/etc/environment
diff --git a/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service
b/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service
index f96bee3..6e98f5e 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service
@@ -4,7 +4,8 @@ AssertPathExists=/run/taler/exchange-secmod-eddsa
PartOf=taler-exchange.target
[Service]
-User=taler-exchange-secmod-eddsa
+#User=taler-exchange-secmod-eddsa
+User=root
Type=simple
Restart=on-failure
EnvironmentFile=/etc/environment
diff --git a/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service
b/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service
index 433fd5a..5f3a2c9 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service
@@ -4,7 +4,8 @@ AssertPathExists=/run/taler/exchange-secmod-rsa
PartOf=taler-exchange.target
[Service]
-User=taler-exchange-secmod-rsa
+#User=taler-exchange-secmod-rsa
+User=root
Type=simple
Restart=on-failure
EnvironmentFile=/etc/environment
diff --git a/experiment/env b/experiment/env
index 29fdf82..ae8071d 100644
--- a/experiment/env
+++ b/experiment/env
@@ -8,7 +8,7 @@
# (used to determine which script to execute in run.sh)
# Wallets are not needed explicitely since they can (and will be)
# exported as a wildcard (*).
-NODES="Bank DB DNS Exchange Aggregator Closer Transfer Wirewatch Merchant
Monitor Proxy Shard"
+NODES="Bank DB DNS Exchange SecExch Aggregator Closer Transfer Wirewatch
Merchant Monitor Proxy Shard"
# DNS Zone to setup inside the grid for the experiment
DNS_ZONE=perf.taler
diff --git a/experiment/scripts/exchange.sh b/experiment/scripts/exchange.sh
index 238ccd2..7151920 100755
--- a/experiment/scripts/exchange.sh
+++ b/experiment/scripts/exchange.sh
@@ -31,9 +31,10 @@ function setup_config() {
sed -i -e "s/<MASTER_KEY_HERE>/${MASTER_KEY}/g" \
/etc/taler/conf.d/exchange-business.conf
+
}
-# Check if there are exchnage-* processes configured to be run
+# Check if there are exchange-* processes configured to be run
# on external systems, if not start them here.
function start_other_exchange_binaries() {
if [[ "${AGGREGATOR_HOSTS}" == "none" ]]; then
@@ -52,6 +53,13 @@ function start_other_exchange_binaries() {
# Setup the exchange with the taler-exchange-offline signing procedure
function setup_exchange() {
+
+ # Setup the shared key directory when we use a secondary node
+ if [[ ${SECEXCH_HOSTS} != "none" ]]; then
+ rm -rf "/home/${G5K_USER}/taler" || true
+ mkdir -p "/home/${G5K_USER}/taler/exchange-secmod-{cs,rsa,eddsa}"
+ fi
+
systemctl restart taler-exchange-httpd@80.service
start_other_exchange_binaries
diff --git a/experiment/scripts/helpers.sh b/experiment/scripts/helpers.sh
index 7d850dc..2da6525 100755
--- a/experiment/scripts/helpers.sh
+++ b/experiment/scripts/helpers.sh
@@ -141,6 +141,14 @@ function setup_exchange_config_without_master_key() {
-e "s/<AGGREGATOR_SHARD_SIZE_HERE>/${AGGREGATOR_SHARD_SIZE}/g" \
/etc/taler/conf.d/exchange-business.conf
+ if [[ ${SECEXCH_HOSTS} != "none" ]]; then
+ # Use a shared NFS key directory when we have multiple exchange-httpd
servers
+ sed -i "s|<SM_KEY_DIR_HERE>|/home/${G5K_USER}/taler|g"
+ else
+ # Use the default path if we have only one exchange-httpd server
+ sed -i 's/<SM_KEY_DIR_HERE>/${TALER_DATA_HOME}/g'
+ fi
+
}
# Restart (enable) the rsyslog to send the logs to the monitoring
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-grid5k] 67/189: set lookahead sign to two days as we get much better client performance, (continued)
- [taler-grid5k] 67/189: set lookahead sign to two days as we get much better client performance, gnunet, 2022/04/28
- [taler-grid5k] 103/189: add upstream response time, gnunet, 2022/04/28
- [taler-grid5k] 76/189: add status label for hopefully better speed, gnunet, 2022/04/28
- [taler-grid5k] 63/189: make cipher and key size configurable, gnunet, 2022/04/28
- [taler-grid5k] 89/189: fix, gnunet, 2022/04/28
- [taler-grid5k] 110/189: install linux-perf, gnunet, 2022/04/28
- [taler-grid5k] 82/189: include secondary exchanges in prometheus, gnunet, 2022/04/28
- [taler-grid5k] 115/189: fix sharding setup, finish explain script summary, gnunet, 2022/04/28
- [taler-grid5k] 107/189: fix most time consuming, gnunet, 2022/04/28
- [taler-grid5k] 73/189: better endpoint pipeline definition, gnunet, 2022/04/28
- [taler-grid5k] 68/189: add possibility to run multiple exchange-httpd hosts - services must be run as root, since the nfs does allow to change permissions,
gnunet <=
- [taler-grid5k] 94/189: merchant behind nginx, gnunet, 2022/04/28
- [taler-grid5k] 85/189: fixes, gnunet, 2022/04/28
- [taler-grid5k] 146/189: update recovery, gnunet, 2022/04/28
- [taler-grid5k] 179/189: fix tar path of centos, gnunet, 2022/04/28
- [taler-grid5k] 181/189: centos database working, gnunet, 2022/04/28
- [taler-grid5k] 140/189: move loki data to nfs directly as lost in copy, gnunet, 2022/04/28
- [taler-grid5k] 126/189: try further with promtail metrics, gnunet, 2022/04/28
- [taler-grid5k] 27/189: include shards in monitoring, gnunet, 2022/04/28
- [taler-grid5k] 24/189: fix missing with tar, gnunet, 2022/04/28
- [taler-grid5k] 42/189: hopefully better logging of slow queries with pg_stat_statements, gnunet, 2022/04/28