gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-grid5k] 68/189: add possibility to run multiple exchange-httpd ho

From: gnunet
Subject: [taler-grid5k] 68/189: add possibility to run multiple exchange-httpd hosts - services must be run as root, since the nfs does allow to change permissions
Date: Thu, 28 Apr 2022 10:47:18 +0200 
This is an automated email from the git hooks/post-receive script.

marco-boss pushed a commit to branch master
in repository grid5k.

commit 60757c0658680d5b50ee14beffaf0081e4cf6c14
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Sat Mar 12 10:19:10 2022 +0100

    add possibility to run multiple exchange-httpd hosts
    - services must be run as root, since the nfs does allow to change 
permissions
---
 configs/etc/taler/conf.d/exchange-business.conf    | 22 ----------------------
 configs/etc/taler/conf.d/exchange-secmod.conf      |  6 ++++++
 configs/etc/taler/conf.d/exchange-system.conf      |  5 -----
 .../systemd/system/taler-exchange-httpd@.service   |  3 ++-
 .../system/taler-exchange-secmod-cs.service        |  3 ++-
 .../system/taler-exchange-secmod-eddsa.service     |  3 ++-
 .../system/taler-exchange-secmod-rsa.service       |  3 ++-
 experiment/env                                     |  2 +-
 experiment/scripts/exchange.sh                     | 10 +++++++++-
 experiment/scripts/helpers.sh                      |  8 ++++++++
 10 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/configs/etc/taler/conf.d/exchange-business.conf 
b/configs/etc/taler/conf.d/exchange-business.conf
index fcb1e3d..ee3458a 100644
--- a/configs/etc/taler/conf.d/exchange-business.conf
+++ b/configs/etc/taler/conf.d/exchange-business.conf
@@ -1,40 +1,18 @@
-# Configuration for business-level aspects of the exchange.
-
 [exchange]
 
-# Here you MUST add the master public key of the offline system
-# which you can get using `taler-exchange-offline setup`.
-# This is just an example, your key will be different!
-# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
 MASTER_PUBLIC_KEY = <MASTER_KEY_HERE>
 
-# Publicly visible base URL of the exchange.
-# BASE_URL = https://example.com/
 BASE_URL = <BASE_URL_HERE>
 
 MAX_REQUESTS = <MAX_REQUESTS_HERE>
 
-# For your terms of service and privacy policy, you should specify
-# an Etag that must be updated whenever there are significant
-# changes to either document.  The format is up to you, what matters
-# is that the value is updated and never re-used. See the HTTP
-# specification on Etags.
-# TERMS_ETAG =
-# PRIVACY_ETAG =
-
 AGGREGATOR_SHARD_SIZE = <AGGREGATOR_SHARD_SIZE_HERE>
 
-# Bank accounts used by the exchange should be specified here:
 [exchange-account-1]
 
 enable_credit = yes
 enable_debit = yes
 
-# Account identifier in the form of an RFC-8905 payto:// URI.
-# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
-# Make sure to URL-encode spaces in $NAME!
 payto_uri = payto://x-taler-bank/<BANK_HOST_HERE>/Exchange
 
-# Credentials to access the account are in a separate
-# config file with restricted permissions.
 @inline-secret@ exchange-accountcredentials-1 
../secrets/exchange-accountcredentials.secret.conf
diff --git a/configs/etc/taler/conf.d/exchange-secmod.conf 
b/configs/etc/taler/conf.d/exchange-secmod.conf
index ce069d6..9fa8e3a 100644
--- a/configs/etc/taler/conf.d/exchange-secmod.conf
+++ b/configs/etc/taler/conf.d/exchange-secmod.conf
@@ -1,11 +1,17 @@
 [taler-exchange-secmod-rsa]
 
 LOOKAHEAD_SIGN = 2 days
+SM_RPIV_KEY = <SM_KEY_DIR_HERE>/exchange-secmod-rsa/secmod-private-key
+KEY_DIR = <SM_KEY_DIR_HERE>/exchange-secmod-rsa/keys
 
 [taler-exchange-secmod-eddsa]
 
 LOOKAHEAD_SIGN = 2 days
+SM_RPIV_KEY = <SM_KEY_DIR_HERE>/exchange-secmod-eddsa/secmod-private-key
+KEY_DIR = <SM_KEY_DIR_HERE>/exchange-secmod-eddsa/keys
 
 [taler-exchange-secmod-cs]
 
 LOOKAHEAD_SIGN = 2 days
+SM_RPIV_KEY = <SM_KEY_DIR_HERE>/exchange-secmod-cs/secmod-private-key
+KEY_DIR = <SM_KEY_DIR_HERE>/exchange-secmod-cs/keys
diff --git a/configs/etc/taler/conf.d/exchange-system.conf 
b/configs/etc/taler/conf.d/exchange-system.conf
index 75c670f..a72e368 100644
--- a/configs/etc/taler/conf.d/exchange-system.conf
+++ b/configs/etc/taler/conf.d/exchange-system.conf
@@ -1,10 +1,5 @@
-# Configuration settings for system parameters of the exchange.
-
-# Read secret sections into configuration, but only
-# if we have permission to do so.
 @inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
 
 [exchange]
 
-# Only supported database is Postgres right now.
 DATABASE = postgres
diff --git a/configs/usr/lib/systemd/system/taler-exchange-httpd@.service 
b/configs/usr/lib/systemd/system/taler-exchange-httpd@.service
index bd9ea2f..65b2a93 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-httpd@.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-httpd@.service
@@ -5,7 +5,8 @@ Requires=taler-exchange-httpd@%i.socket 
taler-exchange-secmod-rsa.service taler-
 After=postgres.service network.target taler-exchange-secmod-rsa.service 
taler-exchange-secmod-eddsa.service taler-exchange-secmod-cs.service
 
 [Service]
-User=taler-exchange-httpd
+#User=taler-exchange-httpd
+User=root
 Type=simple
 # Depending on the configuration, the service suicides and then
 # needs to be restarted.
diff --git a/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service 
b/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service
index b8df330..4284420 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-secmod-cs.service
@@ -4,7 +4,8 @@ AssertPathExists=/run/taler/exchange-secmod-cs
 PartOf=taler-exchange.target
 
 [Service]
-User=taler-exchange-secmod-cs
+#User=taler-exchange-secmod-cs
+User=root
 Type=simple
 Restart=on-failure
 EnvironmentFile=/etc/environment
diff --git a/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service 
b/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service
index f96bee3..6e98f5e 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-secmod-eddsa.service
@@ -4,7 +4,8 @@ AssertPathExists=/run/taler/exchange-secmod-eddsa
 PartOf=taler-exchange.target
 
 [Service]
-User=taler-exchange-secmod-eddsa
+#User=taler-exchange-secmod-eddsa
+User=root
 Type=simple
 Restart=on-failure
 EnvironmentFile=/etc/environment
diff --git a/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service 
b/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service
index 433fd5a..5f3a2c9 100644
--- a/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service
+++ b/configs/usr/lib/systemd/system/taler-exchange-secmod-rsa.service
@@ -4,7 +4,8 @@ AssertPathExists=/run/taler/exchange-secmod-rsa
 PartOf=taler-exchange.target
 
 [Service]
-User=taler-exchange-secmod-rsa
+#User=taler-exchange-secmod-rsa
+User=root
 Type=simple
 Restart=on-failure
 EnvironmentFile=/etc/environment
diff --git a/experiment/env b/experiment/env
index 29fdf82..ae8071d 100644
--- a/experiment/env
+++ b/experiment/env
@@ -8,7 +8,7 @@
 # (used to determine which script to execute in run.sh)
 # Wallets are not needed explicitely since they can (and will be)
 # exported as a wildcard (*).
-NODES="Bank DB DNS Exchange Aggregator Closer Transfer Wirewatch Merchant 
Monitor Proxy Shard"
+NODES="Bank DB DNS Exchange SecExch Aggregator Closer Transfer Wirewatch 
Merchant Monitor Proxy Shard"
 
 # DNS Zone to setup inside the grid for the experiment
 DNS_ZONE=perf.taler
diff --git a/experiment/scripts/exchange.sh b/experiment/scripts/exchange.sh
index 238ccd2..7151920 100755
--- a/experiment/scripts/exchange.sh
+++ b/experiment/scripts/exchange.sh
@@ -31,9 +31,10 @@ function setup_config() {
   
   sed -i -e "s/<MASTER_KEY_HERE>/${MASTER_KEY}/g" \
        /etc/taler/conf.d/exchange-business.conf
+
 }
 
-# Check if there are exchnage-* processes configured to be run
+# Check if there are exchange-* processes configured to be run
 # on external systems, if not start them here.
 function start_other_exchange_binaries() {
   if [[ "${AGGREGATOR_HOSTS}" == "none" ]]; then
@@ -52,6 +53,13 @@ function start_other_exchange_binaries() {
 
 # Setup the exchange with the taler-exchange-offline signing procedure
 function setup_exchange() {
+
+  # Setup the shared key directory when we use a secondary node
+  if [[ ${SECEXCH_HOSTS} != "none" ]]; then
+    rm -rf "/home/${G5K_USER}/taler" || true
+    mkdir -p "/home/${G5K_USER}/taler/exchange-secmod-{cs,rsa,eddsa}"
+  fi
+
   systemctl restart taler-exchange-httpd@80.service
 
   start_other_exchange_binaries
diff --git a/experiment/scripts/helpers.sh b/experiment/scripts/helpers.sh
index 7d850dc..2da6525 100755
--- a/experiment/scripts/helpers.sh
+++ b/experiment/scripts/helpers.sh
@@ -141,6 +141,14 @@ function setup_exchange_config_without_master_key() {
          -e "s/<AGGREGATOR_SHARD_SIZE_HERE>/${AGGREGATOR_SHARD_SIZE}/g" \
        /etc/taler/conf.d/exchange-business.conf
 
+  if [[ ${SECEXCH_HOSTS} != "none" ]]; then
+    # Use a shared NFS key directory when we have multiple exchange-httpd 
servers
+    sed -i "s|<SM_KEY_DIR_HERE>|/home/${G5K_USER}/taler|g"
+  else
+    # Use the default path if we have only one exchange-httpd server
+    sed -i 's/<SM_KEY_DIR_HERE>/${TALER_DATA_HOME}/g'
+  fi
+
 }
 
 # Restart (enable) the rsyslog to send the logs to the monitoring

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]