[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] 01/03: log rotation and db authentication
|
From: |
gnunet |
|
Subject: |
[taler-deployment] 01/03: log rotation and db authentication |
|
Date: |
Tue, 18 Oct 2022 21:15:37 +0200 |
This is an automated email from the git hooks/post-receive script.
ms pushed a commit to branch master
in repository deployment.
commit eb69f7cc3d664d5a9e0c2cd6784cfec68c6094a4
Author: MS <ms@taler.net>
AuthorDate: Tue Oct 18 20:57:02 2022 +0200
log rotation and db authentication
the latter still WIP.
---
docker/hybrid/README | 2 +-
docker/hybrid/config/deployment.conf | 1 +
docker/hybrid/docker-compose.yml | 8 +++++++
docker/hybrid/images/base/Dockerfile | 2 +-
docker/hybrid/images/exchange/startup.sh | 37 +++++++++++++++++++++-----------
docker/hybrid/images/exchange/taler.conf | 2 +-
docker/hybrid/images/libeufin/startup.sh | 14 ++++++------
docker/hybrid/images/merchant/startup.sh | 9 ++++----
docker/hybrid/images/postgres/Dockerfile | 4 ++--
docker/hybrid/images/postgres/init.sql | 2 --
10 files changed, 52 insertions(+), 29 deletions(-)
diff --git a/docker/hybrid/README b/docker/hybrid/README
index dd97e86..4326c33 100644
--- a/docker/hybrid/README
+++ b/docker/hybrid/README
@@ -44,7 +44,7 @@ absolute path of a host-specific configuration file. See
config/deployment.conf for an example.
From this folder, run:
- $ docker-compose up --remove-orphans
+ $ docker-compose up --remove-orphans --abort-on-container-exit
How to test on localhost
========================
diff --git a/docker/hybrid/config/deployment.conf
b/docker/hybrid/config/deployment.conf
index 427ffb5..b506ecb 100644
--- a/docker/hybrid/config/deployment.conf
+++ b/docker/hybrid/config/deployment.conf
@@ -5,3 +5,4 @@ exchange-nexus-username = exchange-at-nexus
exchange-nexus-password = secret-at-nexus
exchange-sandbox-username = exchange-at-sandbox
exchange-sandbox-password = secret-at-sandbox
+db-password = db-secret
diff --git a/docker/hybrid/docker-compose.yml b/docker/hybrid/docker-compose.yml
index df17b16..32c8c56 100644
--- a/docker/hybrid/docker-compose.yml
+++ b/docker/hybrid/docker-compose.yml
@@ -8,6 +8,11 @@ services:
- 8888:5432
volumes:
-
${TALER_DEPLOYMENT_DATA:-~/taler-data}/postgresql:/var/lib/postgresql/data
+ - ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
+ environment:
+ POSTGRES_USER: root
+ POSTGRES_PASSWORD: nonce
+ POSTGRES_HOST_AUTH_METHOD: scram-sha-256
exchange:
build: ./images/exchange
@@ -18,6 +23,7 @@ services:
volumes:
- ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
- ${TALER_DEPLOYMENT_DATA:-~/taler-data}/exchange:/data
+ - ${TALER_DEPLOYMENT_LOGS:-~/taler-logs}:/logs
merchant:
build: ./images/merchant
@@ -28,6 +34,7 @@ services:
- 5559:8080 # Blog TBD.
volumes:
- ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
+ - ${TALER_DEPLOYMENT_LOGS:-~/taler-logs}:/logs
bank:
build: ./images/libeufin
@@ -37,3 +44,4 @@ services:
volumes:
- ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
- ${TALER_DEPLOYMENT_DATA:-~/taler-data}/libeufin:/data
+ - ${TALER_DEPLOYMENT_LOGS:-~/taler-logs}:/logs
diff --git a/docker/hybrid/images/base/Dockerfile
b/docker/hybrid/images/base/Dockerfile
index 7f6e3f9..227ad44 100644
--- a/docker/hybrid/images/base/Dockerfile
+++ b/docker/hybrid/images/base/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get install -y autoconf autopoint libtool texinfo \
libpq-dev postgresql libcurl4-openssl-dev libsodium-dev git \
libqrencode-dev zip jq nodejs npm openjdk-17-jre nginx procps \
curl python3-jinja2 wget curl python3-sphinx \
- socat python3-sphinx-rtd-theme
+ socat python3-sphinx-rtd-theme apache2-utils
RUN pip3 install requests click poetry uwsgi
diff --git a/docker/hybrid/images/exchange/startup.sh
b/docker/hybrid/images/exchange/startup.sh
index a586c7c..bc4153d 100644
--- a/docker/hybrid/images/exchange/startup.sh
+++ b/docker/hybrid/images/exchange/startup.sh
@@ -11,8 +11,9 @@ EXCHANGE_NEXUS_USERNAME=`taler-config -c
/config/deployment.conf -s taler-deploy
EXCHANGE_NEXUS_PASSWORD=`taler-config -c /config/deployment.conf -s
taler-deployment -o exchange-nexus-password`
EXCHANGE_IBAN=DE159593
TALER_FACADE_NAME=taler-facade
-
+DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o
db-password`
sed -i "s;__EXCHANGE_URL__;${EXCHANGE_URL};" /config/taler.conf
+sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" /config/taler.conf
sed -i "s/__CURRENCY__/${CURRENCY}/" /config/taler.conf
sed -i "s/__EXCHANGE_NEXUS_USERNAME__/${EXCHANGE_NEXUS_USERNAME}/"
/config/taler.conf
sed -i "s/__EXCHANGE_NEXUS_PASSWORD__/${EXCHANGE_NEXUS_PASSWORD}/"
/config/taler.conf
@@ -29,35 +30,47 @@ echo Now DB is ready.
# Make sure we have the right to connect
echo "" | psql -h talerdb -d taler
-taler-exchange-dbinit -c /config/taler.conf --reset
+taler-exchange-dbinit -L DEBUG -c /config/taler.conf --reset
+
+taler-exchange-secmod-eddsa -L DEBUG \
+ -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-secmod-eddsa-%Y-%m-%d 86400 &
+
+taler-exchange-secmod-rsa -L DEBUG \
+ -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-secmod-rsa-%Y-%m-%d 86400 &
+
+taler-exchange-secmod-cs -L DEBUG \
+ -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-secmod-cs-%Y-%m-%d 86400 &
-taler-exchange-secmod-eddsa -c /config/taler.conf &
-taler-exchange-secmod-rsa -c /config/taler.conf &
-taler-exchange-secmod-cs -c /config/taler.conf &
echo "Crypto helpers started.."
EXCHANGE_MASTER_PUB=$(taler-exchange-offline -c /config/taler.conf setup)
sed -i "s/__EXCHANGE_MASTER_PUB__/$EXCHANGE_MASTER_PUB/" /config/taler.conf
-taler-exchange-httpd -c /config/taler.conf &
-for n in `seq 1 80`
+taler-exchange-httpd -L DEBUG -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-httpd-%Y-%m-%d 86400 &
+for n in `seq 1 20`
do
echo "."
- sleep 0.1
+ sleep 0.4
OK=1
wget http://exchange/ -o /dev/null -O /dev/null >/dev/null && break
OK=0
done
if [ 1 != $OK ]
then
- echo "Failed to launch Exchange"
+ echo "ERROR: failed to launch Exchange"
+ exit 1
fi
echo Echange launched.
-taler-exchange-wirewatch -L DEBUG -c /config/taler.conf &
+taler-exchange-wirewatch -L DEBUG -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-wirewatch-%Y-%m-%d 86400 &
-taler-exchange-offline -c /config/taler.conf \
+taler-exchange-offline -L DEBUG -c /config/taler.conf \
download sign \
enable-account
"payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company" \
wire-fee now iban ${CURRENCY}:0.01 ${CURRENCY}:0.01 ${CURRENCY}:0.01 \
global-fee now ${CURRENCY}:0.01 ${CURRENCY}:0.01 ${CURRENCY}:0.01
${CURRENCY}:0.01 1h 1h 1year 5 \
- upload
+ upload 2>&1
wait
diff --git a/docker/hybrid/images/exchange/taler.conf
b/docker/hybrid/images/exchange/taler.conf
index 43a01d6..e905898 100644
--- a/docker/hybrid/images/exchange/taler.conf
+++ b/docker/hybrid/images/exchange/taler.conf
@@ -37,7 +37,7 @@ port = 80
# serve = unix
[exchangedb-postgres]
-config = postgres://talerdb/taler
+config = postgres://root:__DB_PASSWORD__@talerdb/taler
[coin___CURRENCY___1]
rsa_keysize = 2048
diff --git a/docker/hybrid/images/libeufin/startup.sh
b/docker/hybrid/images/libeufin/startup.sh
index 5e8b447..ea72201 100644
--- a/docker/hybrid/images/libeufin/startup.sh
+++ b/docker/hybrid/images/libeufin/startup.sh
@@ -52,7 +52,8 @@ libeufin-sandbox default-exchange \
"payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company"
echo DONE
echo -n "Launching Sandbox..."
-libeufin-sandbox serve --no-localhost-only --port $SANDBOX_PORT &
+libeufin-sandbox serve --no-localhost-only --port $SANDBOX_PORT 2>&1 | \
+ rotatelogs -e /logs/libeufin-sandbox-serve-%Y-%m-%d 86400 &
echo DONE
is_serving ${LIBEUFIN_SANDBOX_URL} Sandbox
@@ -65,10 +66,9 @@ echo -n "Create exchange EBICS subscriber at Sandbox.."
export LIBEUFIN_SANDBOX_USERNAME=admin
export LIBEUFIN_SANDBOX_PASSWORD=secret
echo -n "Create EBICS host at Sandbox.."
-libeufin-cli sandbox \
- --sandbox-url $SANDBOX_BASE_URL \
- ebicshost create --host-id talerebics
+libeufin-cli sandbox --sandbox-url $SANDBOX_BASE_URL ebicshost create
--host-id talerebics
echo DONE
+echo -n "Create exchange's EBICS subscriber at Sandbox.."
libeufin-cli sandbox \
demobank new-ebicssubscriber --host-id talerebics \
--user-id exchangeebics --partner-id talerpartner \
@@ -79,10 +79,12 @@ EXCHANGE_NEXUS_USERNAME=`taler-config -c
/config/deployment.conf -s taler-deploy
EXCHANGE_NEXUS_PASSWORD=`taler-config -c /config/deployment.conf -s
taler-deployment -o exchange-nexus-password`
export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:/data/nexus.sqlite3"
echo -n "Creating Nexus superuser..."
-libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME --password
$EXCHANGE_NEXUS_PASSWORD
+libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME \
+ --password $EXCHANGE_NEXUS_PASSWORD
echo DONE
echo -n "Launching Nexus..."
-libeufin-nexus serve --no-localhost-only --port $NEXUS_PORT &
+libeufin-nexus serve --no-localhost-only --port $NEXUS_PORT | \
+ rotatelogs -e /logs/libeufin-nexus-serve-%Y-%m-%d 86400 &
echo DONE
is_serving $LIBEUFIN_NEXUS_URL Nexus
diff --git a/docker/hybrid/images/merchant/startup.sh
b/docker/hybrid/images/merchant/startup.sh
index 0014a21..6a64d33 100644
--- a/docker/hybrid/images/merchant/startup.sh
+++ b/docker/hybrid/images/merchant/startup.sh
@@ -23,7 +23,7 @@ echo Now DB is ready.
socat TCP-LISTEN:5555,fork,reuseaddr TCP:exchange:80 &
echo Checking exchange at: ${EXCHANGE_URL}
-for n in `seq 1 30`
+for n in `seq 1 20`
do
echo "."
sleep 0.4
@@ -33,7 +33,7 @@ for n in `seq 1 30`
done
if [ 1 != $OK ]
then
- echo "Exchange unreachable."
+ echo "ERROR: exchange unreachable."
exit 1
fi
echo Echange reachable.
@@ -45,10 +45,11 @@ sed -i "s/__EXCHANGE_PUB__/${EXCHANGE_MASTER_PUB}/"
/config/taler.conf
sed -i "s/__CURRENCY__/${CURRENCY}/" /config/taler.conf
sed -i "s/__BACKEND_APIKEY__/${BACKEND_APIKEY}/" /config/taler.conf
echo -n "Reset database..."
-taler-merchant-dbinit -c /config/taler.conf --reset
+taler-merchant-dbinit -L DEBUG -c /config/taler.conf --reset 2>&1
echo DONE
echo -n "Launch merchant backend..."
-taler-merchant-httpd -c /config/taler.conf &
+taler-merchant-httpd -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-merchant-httpd-%Y-%m-%d 86400 &
echo DONE
sleep 1
echo -n "Create default instance..."
diff --git a/docker/hybrid/images/postgres/Dockerfile
b/docker/hybrid/images/postgres/Dockerfile
index 6c46150..9b99dc1 100644
--- a/docker/hybrid/images/postgres/Dockerfile
+++ b/docker/hybrid/images/postgres/Dockerfile
@@ -1,4 +1,4 @@
FROM docker.io/postgres
-ENV POSTGRES_HOST_AUTH_METHOD=trust
-COPY init.sql /docker-entrypoint-initdb.d/init.sql
+COPY init.sh /docker-entrypoint-initdb.d/init.sh
+RUN chmod +x /docker-entrypoint-initdb.d/init.sh
diff --git a/docker/hybrid/images/postgres/init.sql
b/docker/hybrid/images/postgres/init.sql
deleted file mode 100644
index dec35df..0000000
--- a/docker/hybrid/images/postgres/init.sql
+++ /dev/null
@@ -1,2 +0,0 @@
-CREATE ROLE root SUPERUSER LOGIN;
-CREATE DATABASE taler WITH OWNER root;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.