gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-grid5k] 05/141: update init scripts

From: gnunet
Subject: [taler-grid5k] 05/141: update init scripts
Date: Thu, 18 Nov 2021 14:49:06 +0100 
This is an automated email from the git hooks/post-receive script.

marco-boss pushed a commit to branch master
in repository grid5k.

commit 4cfe3dd6468593c52d29df351950659856cff066
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Sat Oct 2 21:54:04 2021 +0200

    update init scripts
---
 etc/nginx/sites-enabled/default                    |  14 ++
 etc/taler/conf.d/exchange-business.conf            |  43 ++++++
 etc/taler/conf.d/exchange-coins.conf               | 158 +++++++++++++++++++++
 etc/taler/conf.d/exchange-system.conf              |  10 ++
 etc/taler/overrides.conf                           |   1 +
 .../exchange-accountcredentials.secret.conf        |  17 +++
 etc/taler/secrets/exchange-db.secret.conf          |  10 ++
 etc/taler/taler.conf                               |  47 ++++++
 image/taler-debian11.yaml                          |  29 ++--
 scripts/database.sh                                |  13 +-
 scripts/exchange.sh                                |  25 ++++
 11 files changed, 345 insertions(+), 22 deletions(-)

diff --git a/etc/nginx/sites-enabled/default b/etc/nginx/sites-enabled/default
new file mode 100644
index 0000000..d776ca4
--- /dev/null
+++ b/etc/nginx/sites-enabled/default
@@ -0,0 +1,14 @@
+server {
+  listen 80;
+  listen [::]:80;
+
+  server_name localhost;
+
+  location / {
+     proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
+     proxy_redirect off;
+     proxy_set_header Host $host;
+     #proxy_set_header X-Forwarded-Host "example.com";
+     #proxy_set_header X-Forwarded-Proto "https";
+  }
+}
diff --git a/etc/taler/conf.d/exchange-business.conf 
b/etc/taler/conf.d/exchange-business.conf
new file mode 100755
index 0000000..4cc10a7
--- /dev/null
+++ b/etc/taler/conf.d/exchange-business.conf
@@ -0,0 +1,43 @@
+# Configuration for business-level aspects of the exchange.
+
+[exchange]
+
+# Here you MUST add the master public key of the offline system
+# which you can get using `taler-exchange-offline setup`.
+# This is just an example, your key will be different!
+# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
+MASTER_PUBLIC_KEY = <MASTER_KEY_HERE>
+
+# Publicly visible base URL of the exchange.
+# BASE_URL = https://example.com/
+BASE_URL = <BASE_URL_HERE>
+
+# For your terms of service and privacy policy, you should specify
+# an Etag that must be updated whenever there are significant
+# changes to either document.  The format is up to you, what matters
+# is that the value is updated and never re-used. See the HTTP
+# specification on Etags.
+# TERMS_ETAG =
+# PRIVACY_ETAG =
+
+[bank]
+HTTP_PORT = 8082
+SERVE = http
+MAX_DEBT = KUDOS:100000000000.0
+MAX_DEBT_BANK = KUDOS:1000000000000000.0
+
+
+# Bank accounts used by the exchange should be specified here:
+[exchange-account-1]
+
+enable_credit = yes
+enable_debit = yes
+
+# Account identifier in the form of an RFC-8905 payto:// URI.
+# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
+# Make sure to URL-encode spaces in $NAME!
+payto_uri = payto://x-taler-bank/localhost/Exchnage
+
+# Credentials to access the account are in a separate
+# config file with restricted permissions.
+@inline-secret@ exchange-accountcredentials-1 
../secrets/exchange-accountcredentials.secret.conf
diff --git a/etc/taler/conf.d/exchange-coins.conf 
b/etc/taler/conf.d/exchange-coins.conf
new file mode 100755
index 0000000..f1c6f5c
--- /dev/null
+++ b/etc/taler/conf.d/exchange-coins.conf
@@ -0,0 +1,158 @@
+# Coin configuration for the exchange.
+# Should be placed in "/etc/taler/conf.d/exchange-coins.conf".
+
+[COIN-KUDOS-n1-t1633183611]
+VALUE = KUDOS:0.01
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n2-t1633183611]
+VALUE = KUDOS:0.02
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n3-t1633183611]
+VALUE = KUDOS:0.04
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n4-t1633183611]
+VALUE = KUDOS:0.08
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n5-t1633183611]
+VALUE = KUDOS:0.16
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n6-t1633183611]
+VALUE = KUDOS:0.32
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n7-t1633183611]
+VALUE = KUDOS:0.64
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n8-t1633183611]
+VALUE = KUDOS:1.28
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n9-t1633183611]
+VALUE = KUDOS:2.56
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n10-t1633183611]
+VALUE = KUDOS:5.12
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n11-t1633183611]
+VALUE = KUDOS:10.24
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n12-t1633183611]
+VALUE = KUDOS:20.48
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n13-t1633183611]
+VALUE = KUDOS:40.96
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+[COIN-KUDOS-n14-t1633183611]
+VALUE = KUDOS:81.92
+DURATION_WITHDRAW = 7 days
+DURATION_SPEND = 2 years
+DURATION_LEGAL = 6 years
+FEE_WITHDRAW = KUDOS:0
+FEE_DEPOSIT = KUDOS:0.01
+FEE_REFRESH = KUDOS:0
+FEE_REFUND = KUDOS:0
+RSA_KEYSIZE = 2048
+
+
diff --git a/etc/taler/conf.d/exchange-system.conf 
b/etc/taler/conf.d/exchange-system.conf
new file mode 100644
index 0000000..75c670f
--- /dev/null
+++ b/etc/taler/conf.d/exchange-system.conf
@@ -0,0 +1,10 @@
+# Configuration settings for system parameters of the exchange.
+
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
+
+[exchange]
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/etc/taler/overrides.conf b/etc/taler/overrides.conf
new file mode 100644
index 0000000..60296ea
--- /dev/null
+++ b/etc/taler/overrides.conf
@@ -0,0 +1 @@
+# This configuration will be changed by tooling.  Do not touch it manually.
diff --git a/etc/taler/secrets/exchange-accountcredentials.secret.conf 
b/etc/taler/secrets/exchange-accountcredentials.secret.conf
new file mode 100755
index 0000000..5c7e6e1
--- /dev/null
+++ b/etc/taler/secrets/exchange-accountcredentials.secret.conf
@@ -0,0 +1,17 @@
+# This file contains the secret credentials
+# to access the Taler Wire Gateway API (usually
+# provided by LibEuFin) for the exchange accounts.
+#
+# Each exchange-account-* section should have a matching
+# exchange-accountcredentials-* section here.
+#
+# Each of those sections must be imported via @inline-secret@,
+# usually in conf.d/exchange-business.conf.
+
+[exchange-accountcredentials-1]
+
+wire_gateway_auth_method = basic
+password = x
+username = Exchange
+wire_gateway_url = http://localhost:8082/Exchange/
+
diff --git a/etc/taler/secrets/exchange-db.secret.conf 
b/etc/taler/secrets/exchange-db.secret.conf
new file mode 100755
index 0000000..cb52d0a
--- /dev/null
+++ b/etc/taler/secrets/exchange-db.secret.conf
@@ -0,0 +1,10 @@
+# Database configuration for the Taler exchange.
+
+[exchangedb-postgres]
+
+# Typically, there should only be a single line here, of the form:
+
+CONFIG=<DB_URL_HERE>
+
+# The details of the URI depend on where the database lives and how
+# access control was configured.
diff --git a/etc/taler/taler.conf b/etc/taler/taler.conf
old mode 100644
new mode 100755
index e69de29..111d109
--- a/etc/taler/taler.conf
+++ b/etc/taler/taler.conf
@@ -0,0 +1,47 @@
+# Main entry point for the GNU Taler configuration.
+#
+# Structure:
+# - taler.conf is the main configuration entry point
+#   used by all Taler components (the file you are currently
+#   looking at.
+# - overrides.conf contains configuration overrides that are
+#   set by some tools that help with the configuration,
+#   and should not be edited by humans.  Comments in this file
+#   are not preserved.
+# - conf.d/ contains configuration files for
+#   Taler components, which can be read by all
+#   users of the system and are included by the main
+#   configuration.
+# - secrets/ contains configuration snippets
+#   with secrets for particular services.
+#   These files should have restrictive permissions
+#   so that only users of the relevant services
+#   can read it.  All files in it should end with
+#   ".secret.conf".
+
+[taler]
+
+# Currency of the Taler deployment.  This setting applies to all Taler
+# components that only support a single currency.
+currency = KUDOS
+
+# Smallest currency unit handled by the underlying bank system.  Taler payments
+# can make payments smaller than this units, but interactions with external
+# systems is always rounded to this unit.
+currency_round_unit = KUDOS:0.01
+
+
+[paths]
+
+TALER_HOME = /var/lib/taler
+TALER_RUNTIME_DIR = /run/taler
+TALER_CACHE_HOME = /var/cache/taler
+TALER_CONFIG_HOME = /etc/taler
+TALER_DATA_HOME = /var/lib/taler
+
+
+# Inline configurations from all Taler components.
+@inline-matching@ conf.d/*.conf
+
+# Overrides from tools that help with configuration.
+@inline@ overrides.conf
diff --git a/image/taler-debian11.yaml b/image/taler-debian11.yaml
index 2dcf03b..23e29da 100644
--- a/image/taler-debian11.yaml
+++ b/image/taler-debian11.yaml
@@ -38,7 +38,7 @@ global:
   # g5k_kernel_params: ""
   ## Environment visibility
   # g5k_visibility: "shared"
-  other_packages_no_clean: nginx postgresql-13 taler-exchange taler-auditor 
taler-merchant taler-exchange-offline taler-wallet-cli sudo git zile
+  other_packages_no_clean: nginx postgresql-13 taler-exchange taler-auditor 
taler-merchant taler-exchange-offline taler-wallet-cli sudo git zile bind9 
libtalerexchange-dev
 
   ## Other parameters can be changed, see kameleon info debian10-taler.yaml
 
@@ -51,31 +51,26 @@ setup:
   ### The setup section is where customizations of the system take place.
   ## We can request steps from the extended recipe to be executed
   - "@base"
-  - taler_install:
-    - microstep1:
+  ## We add steps required by our customization after or before @base. Use
+  ## kameleon dryrun debian10_custom.yaml to see the resulting steps in the 
build.
+  ## The following is given as example only, replace with your steps.
+  - install:
+    - packages:
       - exec_in: |
          echo "deb https://deb.taler.net/apt/debian bullseye main" > 
/etc/apt/sources.list.d/taler.list
          wget -O - https://taler.net/taler-systems.gpg.key | apt-key add -
          apt-get update
          apt-upgrade
          apt-get install -y $${other_packages_no_clean}
-
-  ## We add steps required by our customization after or before @base. Use
-  ## kameleon dryrun debian10_custom.yaml to see the resulting steps in the 
build.
-  ## The following is given as example only, replace with your steps.
-  - add_g5k_repo:
-    - microstep1:
+    - disable_services:
+      - exec_in: |
+         systemctl daemon-reload
+         systemctl stop nginx postgresql bind9
+         systemctl disable nginx postgresql bind9
+    - add_g5k_repo:
       - exec_in: |
          cd /root
          git clone git://git.taler.net/grid5k.git
-         cp grid5k/gridboot.service /etc/systemd/system/gridboot.service
-         chmod 640 /etc/systemd/system/gridboot.service
-         cp grid5k/at-boot.sh /usr/local/bin/at-boot.sh
-         chmod +x /usr/local/bin/at-boot.sh
-         systemctl daemon-reload
-         systemctl enable gridboot
-         systemctl stop nginx postgresql
-         systemctl disable nginx postgresql
 
 export:
   ### The export section takes in charge the export of your customized 
Grid'5000
diff --git a/scripts/database.sh b/scripts/database.sh
index 0ad6864..0ef751c 100755
--- a/scripts/database.sh
+++ b/scripts/database.sh
@@ -2,12 +2,15 @@
 
 systemctl start postgresql
 
-su - postgres
-
-createdb "${DB_NAME}"
+su postgres << EOF
+createuser taler-exchange-httpd
+createuser taler-exchange-wire
+createuser taler-exchange-aggregator
+createuser taler-exchange-closer
+createdb -O taler-exchange-httpd ${DB_NAME}
+psql
 create user "${DB_USER}" with encrypted password "'${DB_PASSWORD}'"
 grant all privileges on database "${DB_NAME}" to user "${DB_USER}"
-
-exit
+EOF
 
 exit 0
diff --git a/scripts/exchange.sh b/scripts/exchange.sh
index a9bf588..95c42a8 100755
--- a/scripts/exchange.sh
+++ b/scripts/exchange.sh
@@ -1 +1,26 @@
 #!/bin/bash
+
+sed -i 
"s\<DB_URL_HERE>\postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}\g"
 /etc/taer/secrets/exchange-db.secret.conf
+
+su taler-exchange-httpd taler-exchange-dbinit
+
+su taler-exchange-httpd -s /bin/bash << EOF
+PGPASSWORD=${DB_PASSWORD} psql -U ${DB_USER} -h ${DB_HOST} -p ${DB_PORT} -d 
${DB_NAME}
+GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO 
"taler-exchange-aggregator";
+GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO 
"taler-exchange-closer";
+GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO 
"taler-exchange-wire";
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-aggregator";
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-closer";
+GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-wire";
+EOF
+
+MASTER_KEY=$(su taler-exchange-offline taler-exchange-offline setup)
+
+sed -i "s/<MASTER_KEY_HERE>/${MASTER_KEY}/g" 
/etc/taler/conf.d/exchange-business.conf
+sed -i "s/<BASE_URL_HERE>/http:$(hostname)/g" 
/etc/taler/conf.d/exchange-business.conf
+
+taler-fakebank-run -c /etc/taler/taler.conf &
+
+systemctl start taler-exchange.target nginx
+
+wget http://$(hostname)/management/keys

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]