[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-grid5k] 94/189: merchant behind nginx
From: |
gnunet |
Subject: |
[taler-grid5k] 94/189: merchant behind nginx |
Date: |
Thu, 28 Apr 2022 10:47:44 +0200 |
This is an automated email from the git hooks/post-receive script.
marco-boss pushed a commit to branch master
in repository grid5k.
commit fd716fb55b9566e5509f806704eec63e321e9ee7
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Fri Mar 18 22:15:30 2022 +0100
merchant behind nginx
---
configs/etc/monitor/prometheus.yaml | 2 +-
configs/etc/nginx/sites-available/merchant | 17 +++++++++++++++++
.../nginx/{sites-enabled => sites-available}/proxy | 5 +++++
configs/etc/taler/conf.d/merchant.conf | 4 ++--
experiment/scripts/helpers.sh | 15 ++++++++++++++-
experiment/scripts/merchant.sh | 16 ++++++++++------
experiment/scripts/monitor.sh | 11 ++++++-----
experiment/scripts/proxy.sh | 20 ++++++--------------
experiment/scripts/setup.sh | 2 +-
9 files changed, 62 insertions(+), 30 deletions(-)
diff --git a/configs/etc/monitor/prometheus.yaml
b/configs/etc/monitor/prometheus.yaml
index 45dca88..7d0ab4e 100644
--- a/configs/etc/monitor/prometheus.yaml
+++ b/configs/etc/monitor/prometheus.yaml
@@ -14,7 +14,7 @@ scrape_configs:
# DB Exporter
- job_name: 'database'
static_configs:
- - targets: ['127.0.0.1:9187'] #, '<MERCHANT_HOST_HERE>:9187']
+ - targets: ['127.0.0.1:9187']
# Exchange Proxy Exporter
- job_name: 'exchange-proxy'
diff --git a/configs/etc/nginx/sites-available/merchant
b/configs/etc/nginx/sites-available/merchant
new file mode 100644
index 0000000..7813692
--- /dev/null
+++ b/configs/etc/nginx/sites-available/merchant
@@ -0,0 +1,17 @@
+server {
+ listen 80;
+ listen 443 ssl;
+
+ ssl_certificate /etc/ssl/merchant.cert.pem;
+ ssl_certificate_key /etc/ssl/merchant.key.pem;
+
+ servername 0.0.0.0;
+
+ location / {
+ proxy_pass http://unix:/var/lib/taler/merchant.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
diff --git a/configs/etc/nginx/sites-enabled/proxy
b/configs/etc/nginx/sites-available/proxy
similarity index 96%
rename from configs/etc/nginx/sites-enabled/proxy
rename to configs/etc/nginx/sites-available/proxy
index 7cc5f22..e2fcac0 100644
--- a/configs/etc/nginx/sites-enabled/proxy
+++ b/configs/etc/nginx/sites-available/proxy
@@ -51,6 +51,11 @@ server {
proxy_redirect off;
}
+}
+
+server {
+ listen 80;
+ server_name localhost;
location /stub_status {
stub_status;
diff --git a/configs/etc/taler/conf.d/merchant.conf
b/configs/etc/taler/conf.d/merchant.conf
index 7691777..8fca35e 100644
--- a/configs/etc/taler/conf.d/merchant.conf
+++ b/configs/etc/taler/conf.d/merchant.conf
@@ -3,8 +3,8 @@
[merchant]
DATABASE = postgres
-SERVE = TCP
-PORT = 8080
+SERVE = UNIX
+UNIXPATH = /var/lib/taler/merchant.sock
[taler]
diff --git a/experiment/scripts/helpers.sh b/experiment/scripts/helpers.sh
index 369395f..98a18e4 100755
--- a/experiment/scripts/helpers.sh
+++ b/experiment/scripts/helpers.sh
@@ -221,9 +221,22 @@ function get_exchange_hosts() {
}
function get_proxy_hosts() {
- get_hosts "*.${PROXY_DOMAIN}" 1
+ get_hosts ".*.${PROXY_DOMAIN}" 1
}
+# Create a TLS certificate for $1
+# $1: domain to create cert for
+# $2: file name x to save x.key.pem and x.cert.pem
+function create_cert() {
+ openssl req -new -x509 \
+ -newkey rsa:4096 \
+ -keyout ${2}.key.pem \
+ -out ${2}.cert.pem \
+ -sha256 -days 10 -nodes \
+ -subj "/C=CH/ST=Bern/L=Biel/O=TI/CN=${1}"
+}
+
+
# Display a help message and exit
# $1: script name to display help for
# $2: info message about the script to display
diff --git a/experiment/scripts/merchant.sh b/experiment/scripts/merchant.sh
index 58e9db6..ef2d019 100755
--- a/experiment/scripts/merchant.sh
+++ b/experiment/scripts/merchant.sh
@@ -65,32 +65,36 @@ EOF
# $1: Instance name
function create_instance() {
curl -X POST \
- -H "Authorization: Bearer ${TALER_MERCHANT_TOKEN}" \
+ -H "Authorization: Bearer secret-token:${TALER_MERCHANT_TOKEN}" \
-H "Content-Type: application/json" \
-d "{
\"payto_uris\": [ \"payto://x-taler-bank/${BANK_DOMAIN}/${1}\" ],
\"id\": \"${1}\",
\"name\": \"${1}\",
\"address\": {\"country\": \"CH\"},
- \"auth\": {\"method\": \"token\", \"token\":
\"${TALER_MERCHANT_TOKEN}\",
+ \"auth\": {\"method\": \"token\", \"token\":
\"secret-token:${TALER_MERCHANT_TOKEN}\"},
\"jurisdiction\": {\"country\": \"CH\"},
\"default_max_wire_fee\": \"KUDOS:1\",
- \"default_wire_fee_amortizazion\": \"10\",
+ \"default_wire_fee_amortization\": 10,
\"default_max_deposit_fee\": \"KUDOS:1\",
\"default_wire_transfer_delay\": {\"d_ms\": 1209600000},
- \"default_pay_delay\": \{\"d_ms\": 1209600000},
+ \"default_pay_delay\": {\"d_ms\": 1209600000}
}" \
http://localhost:8080/management/instances
}
# Initialize the merchant
function init_merchant() {
+ create_cert "${MERCHANT_DOMAIN}" "/etc/ssl/merchant"
restart_rsyslog
configure_merchant
configure_db
init_db
- systemctl restart taler-merchant-httpd
- # create_instance "default"
+ mkdir /var/lib/taler || true
+ ln -sf /etc/nginx/sites-available/merchant /etc/nginx/sites-enabled/merchant
+ systemctl restart taler-merchant-httpd \
+ nginx
+ create_instance "default"
create_instance ${NODE_NAME}
}
diff --git a/experiment/scripts/monitor.sh b/experiment/scripts/monitor.sh
index 0c73e25..0c35580 100755
--- a/experiment/scripts/monitor.sh
+++ b/experiment/scripts/monitor.sh
@@ -28,11 +28,12 @@ function update_datasource() {
jq --arg url "https://$(hostname | cut -d "." -f 1,2
-).$2.proxy.grid5000.fr" \
--arg name "$1" \
'.[] | select(.name == $name) | .url = $url' \
- ds.json | tee /dev/tty | curl -X PUT -k -f -d @- \
+ ds.json | \
+ curl -X PUT -k -f -d @- \
-H "${AUTH_HEADER}" \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
- "${GRAFANA_API}/datasources/${ID}"
+ "${GRAFANA_API}/datasources/${ID}"
}
# Update the external grafana instance and tell it
@@ -96,7 +97,7 @@ function add_proxy_nodes_to_prometheus() {
for HOST in $(get_proxy_hosts); do
if ! grep -q "${HOST}.${PROXY_DOMAIN}:9100" /etc/monitor/prometheus.yaml;
then
- sed -i "/<PROXY_NODES_HERE/a \ \ \ \ \ \ -
'${HOST}.${PROXY_DOMAIN}:9100'" \
+ sed -i "/<PROXY_NODES_HERE>/a \ \ \ \ \ \ -
'${HOST}.${PROXY_DOMAIN}:9100'" \
/etc/monitor/prometheus.yaml
fi
done
@@ -108,7 +109,7 @@ function add_shard_nodes_to_prometheus() {
for SHARD in $(get_shard_hosts); do
if ! grep -q "${SHARD}" /etc/monitor/prometheus.yaml;
then
- sed -i "/<SHARD_NODES_HERE/a \ \ \ \ \ \ -
'${SHARD_DOMAIN//\*/${SHARD}}:9100'" \
+ sed -i "/<SHARD_NODES_HERE>/a \ \ \ \ \ \ -
'${SHARD_DOMAIN//\*/${SHARD}}:9100'" \
/etc/monitor/prometheus.yaml
fi
done
@@ -120,7 +121,7 @@ function add_exchange_nodes_to_prometheus() {
for EXCH in $(get_exchange_hosts); do
if ! grep -q "${EXCH}" /etc/monitor/prometheus.yaml;
then
- sed -i "/<EXCHANGE_NODES_HERE/a \ \ \ \ \ \ -
'${EXCHANGE_DOMAIN//\*/${EXCH}}:9100'" \
+ sed -i "/<EXCHANGE_NODES_HERE>/a \ \ \ \ \ \ -
'${EXCHANGE_DOMAIN//\*/${EXCH}}:9100'" \
/etc/monitor/prometheus.yaml
fi
done
diff --git a/experiment/scripts/proxy.sh b/experiment/scripts/proxy.sh
index e159278..6f6954f 100755
--- a/experiment/scripts/proxy.sh
+++ b/experiment/scripts/proxy.sh
@@ -29,25 +29,16 @@ function add_exchanges() {
for PORT in $(seq $START $END); do
for HOST in ${EXCHANGES}; do
sed -i -e "/<SERVERS_HERE>/a \ \ server
${EXCHANGE_DOMAIN//\*/${HOST}}:${PORT};" \
- /etc/nginx/sites-enabled/proxy
+ /etc/nginx/sites-available/proxy
done
done
}
-function create_cert() {
- openssl req -new -x509 \
- -newkey rsa:4096 \
- -keyout /etc/ssl/proxy.key.pem \
- -out /etc/ssl/proxy.cert.pem \
- -sha256 -days 10 -nodes \
- -subj "/C=CH/ST=Bern/L=Biel/O=TI/CN=${PROXY_DOMAIN}"
-}
-
# Setup the node and proxy configuration
function setup_config() {
sed -i -e "s/<PROXY_DOMAIN_HERE>/${PROXY_DOMAIN}/g" \
- /etc/nginx/sites-enabled/proxy
+ /etc/nginx/sites-available/proxy
add_exchanges "0" ${NUM_EXCHANGE_PROCESSES}
@@ -79,14 +70,15 @@ function setup_config() {
# Initialize and start the proxy
function init_proxy() {
- create_cert
+ create_cert "${PROXY_DOMAIN}" "/etc/ssl/proxy"
setup_config
# Setup the directory where Ngxinx will place its cache
- # configured in <g5k>/configs/etc/nginx/sites-enabledd/proxy
+ # configured in <g5k>/configs/etc/nginx/sites-availabled/proxy
mkdir -p /var/cache/proxy
restart_rsyslog
+ ln -sf /etc/nginx/sites-available/proxy /etc/nginx/sites-enabled/proxy
# Nginx does not start until the destination server is reachable - wait here
# nginx: [emerg] host not found in upstream "exch.perf.taler" ...
@@ -111,7 +103,7 @@ function remove_exchanges() {
for PORT in $(seq $START $END); do
for HOST in ${EXCHANGES}; do
sed -i "/${EXCHANGE_DOMAIN//\*/${HOST}}:${PORT};/d" \
- /etc/nginx/sites-enabled/proxy
+ /etc/nginx/sites-available/proxy
done
done
}
diff --git a/experiment/scripts/setup.sh b/experiment/scripts/setup.sh
index 290966b..9e47eb1 100644
--- a/experiment/scripts/setup.sh
+++ b/experiment/scripts/setup.sh
@@ -51,7 +51,7 @@ function parse_experiment_nodes() {
done
# Export NODE_NAME, which can be used to set log directories for example
- jq -M -r '.[] | .node, .host' ~/nodes.json | \
+ jq -r '.[] | .node, .host' ~/nodes.json | \
while read -r NODE; read -r HOST; do
if [[ "${HOSTNAME}" == "${HOST}" ]]; then
echo "NODE_NAME=\"${NODE,,}\"" >> ~/.env
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-grid5k] 103/189: add upstream response time, (continued)
- [taler-grid5k] 103/189: add upstream response time, gnunet, 2022/04/28
- [taler-grid5k] 76/189: add status label for hopefully better speed, gnunet, 2022/04/28
- [taler-grid5k] 63/189: make cipher and key size configurable, gnunet, 2022/04/28
- [taler-grid5k] 89/189: fix, gnunet, 2022/04/28
- [taler-grid5k] 110/189: install linux-perf, gnunet, 2022/04/28
- [taler-grid5k] 82/189: include secondary exchanges in prometheus, gnunet, 2022/04/28
- [taler-grid5k] 115/189: fix sharding setup, finish explain script summary, gnunet, 2022/04/28
- [taler-grid5k] 107/189: fix most time consuming, gnunet, 2022/04/28
- [taler-grid5k] 73/189: better endpoint pipeline definition, gnunet, 2022/04/28
- [taler-grid5k] 68/189: add possibility to run multiple exchange-httpd hosts - services must be run as root, since the nfs does allow to change permissions, gnunet, 2022/04/28
- [taler-grid5k] 94/189: merchant behind nginx,
gnunet <=
- [taler-grid5k] 85/189: fixes, gnunet, 2022/04/28
- [taler-grid5k] 146/189: update recovery, gnunet, 2022/04/28
- [taler-grid5k] 179/189: fix tar path of centos, gnunet, 2022/04/28
- [taler-grid5k] 181/189: centos database working, gnunet, 2022/04/28
- [taler-grid5k] 140/189: move loki data to nfs directly as lost in copy, gnunet, 2022/04/28
- [taler-grid5k] 126/189: try further with promtail metrics, gnunet, 2022/04/28
- [taler-grid5k] 27/189: include shards in monitoring, gnunet, 2022/04/28
- [taler-grid5k] 24/189: fix missing with tar, gnunet, 2022/04/28
- [taler-grid5k] 42/189: hopefully better logging of slow queries with pg_stat_statements, gnunet, 2022/04/28
- [taler-grid5k] 39/189: test do not partition wire_targets, gnunet, 2022/04/28