[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] branch master updated (9ecd95a -> 0d180d2)
|
From: |
gnunet |
|
Subject: |
[taler-deployment] branch master updated (9ecd95a -> 0d180d2) |
|
Date: |
Tue, 18 Oct 2022 21:15:36 +0200 |
This is an automated email from the git hooks/post-receive script.
ms pushed a change to branch master
in repository deployment.
from 9ecd95a move secrets to config file. DB TBD
new eb69f7c log rotation and db authentication
new eb402ff follow-up
new 0d180d2 remove unnecessary check
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
docker/hybrid/README | 2 +-
docker/hybrid/config/deployment.conf | 1 +
docker/hybrid/docker-compose.yml | 8 +++++++
docker/hybrid/images/base/Dockerfile | 2 +-
docker/hybrid/images/exchange/startup.sh | 38 ++++++++++++++++++++------------
docker/hybrid/images/exchange/taler.conf | 2 +-
docker/hybrid/images/libeufin/startup.sh | 14 +++++++-----
docker/hybrid/images/merchant/startup.sh | 11 +++++----
docker/hybrid/images/merchant/taler.conf | 2 +-
docker/hybrid/images/postgres/Dockerfile | 4 ++--
docker/hybrid/images/postgres/init.sh | 8 +++++++
docker/hybrid/images/postgres/init.sql | 2 --
12 files changed, 62 insertions(+), 32 deletions(-)
create mode 100644 docker/hybrid/images/postgres/init.sh
delete mode 100644 docker/hybrid/images/postgres/init.sql
diff --git a/docker/hybrid/README b/docker/hybrid/README
index dd97e86..4326c33 100644
--- a/docker/hybrid/README
+++ b/docker/hybrid/README
@@ -44,7 +44,7 @@ absolute path of a host-specific configuration file. See
config/deployment.conf for an example.
From this folder, run:
- $ docker-compose up --remove-orphans
+ $ docker-compose up --remove-orphans --abort-on-container-exit
How to test on localhost
========================
diff --git a/docker/hybrid/config/deployment.conf
b/docker/hybrid/config/deployment.conf
index 427ffb5..b506ecb 100644
--- a/docker/hybrid/config/deployment.conf
+++ b/docker/hybrid/config/deployment.conf
@@ -5,3 +5,4 @@ exchange-nexus-username = exchange-at-nexus
exchange-nexus-password = secret-at-nexus
exchange-sandbox-username = exchange-at-sandbox
exchange-sandbox-password = secret-at-sandbox
+db-password = db-secret
diff --git a/docker/hybrid/docker-compose.yml b/docker/hybrid/docker-compose.yml
index df17b16..1cb9c26 100644
--- a/docker/hybrid/docker-compose.yml
+++ b/docker/hybrid/docker-compose.yml
@@ -8,6 +8,11 @@ services:
- 8888:5432
volumes:
-
${TALER_DEPLOYMENT_DATA:-~/taler-data}/postgresql:/var/lib/postgresql/data
+ - ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
+ environment:
+ POSTGRES_USER: root
+ POSTGRES_PASSWORD: nonce # changed after init.
+ POSTGRES_HOST_AUTH_METHOD: scram-sha-256
exchange:
build: ./images/exchange
@@ -18,6 +23,7 @@ services:
volumes:
- ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
- ${TALER_DEPLOYMENT_DATA:-~/taler-data}/exchange:/data
+ - ${TALER_DEPLOYMENT_LOGS:-~/taler-logs}:/logs
merchant:
build: ./images/merchant
@@ -28,6 +34,7 @@ services:
- 5559:8080 # Blog TBD.
volumes:
- ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
+ - ${TALER_DEPLOYMENT_LOGS:-~/taler-logs}:/logs
bank:
build: ./images/libeufin
@@ -37,3 +44,4 @@ services:
volumes:
- ${TALER_DEPLOYMENT_CONFIG:?Please export
TALER_DEPLOYMENT_CONFIG}:/config/deployment.conf
- ${TALER_DEPLOYMENT_DATA:-~/taler-data}/libeufin:/data
+ - ${TALER_DEPLOYMENT_LOGS:-~/taler-logs}:/logs
diff --git a/docker/hybrid/images/base/Dockerfile
b/docker/hybrid/images/base/Dockerfile
index 7f6e3f9..227ad44 100644
--- a/docker/hybrid/images/base/Dockerfile
+++ b/docker/hybrid/images/base/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get install -y autoconf autopoint libtool texinfo \
libpq-dev postgresql libcurl4-openssl-dev libsodium-dev git \
libqrencode-dev zip jq nodejs npm openjdk-17-jre nginx procps \
curl python3-jinja2 wget curl python3-sphinx \
- socat python3-sphinx-rtd-theme
+ socat python3-sphinx-rtd-theme apache2-utils
RUN pip3 install requests click poetry uwsgi
diff --git a/docker/hybrid/images/exchange/startup.sh
b/docker/hybrid/images/exchange/startup.sh
index a586c7c..0bf71c5 100644
--- a/docker/hybrid/images/exchange/startup.sh
+++ b/docker/hybrid/images/exchange/startup.sh
@@ -11,8 +11,9 @@ EXCHANGE_NEXUS_USERNAME=`taler-config -c
/config/deployment.conf -s taler-deploy
EXCHANGE_NEXUS_PASSWORD=`taler-config -c /config/deployment.conf -s
taler-deployment -o exchange-nexus-password`
EXCHANGE_IBAN=DE159593
TALER_FACADE_NAME=taler-facade
-
+DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o
db-password`
sed -i "s;__EXCHANGE_URL__;${EXCHANGE_URL};" /config/taler.conf
+sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" /config/taler.conf
sed -i "s/__CURRENCY__/${CURRENCY}/" /config/taler.conf
sed -i "s/__EXCHANGE_NEXUS_USERNAME__/${EXCHANGE_NEXUS_USERNAME}/"
/config/taler.conf
sed -i "s/__EXCHANGE_NEXUS_PASSWORD__/${EXCHANGE_NEXUS_PASSWORD}/"
/config/taler.conf
@@ -26,38 +27,47 @@ while ! pg_isready -h talerdb -d taler; do
done
echo Now DB is ready.
-# Make sure we have the right to connect
-echo "" | psql -h talerdb -d taler
+taler-exchange-dbinit -L DEBUG -c /config/taler.conf --reset
+
+taler-exchange-secmod-eddsa -L DEBUG \
+ -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-secmod-eddsa-%Y-%m-%d 86400 &
+
+taler-exchange-secmod-rsa -L DEBUG \
+ -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-secmod-rsa-%Y-%m-%d 86400 &
-taler-exchange-dbinit -c /config/taler.conf --reset
+taler-exchange-secmod-cs -L DEBUG \
+ -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-secmod-cs-%Y-%m-%d 86400 &
-taler-exchange-secmod-eddsa -c /config/taler.conf &
-taler-exchange-secmod-rsa -c /config/taler.conf &
-taler-exchange-secmod-cs -c /config/taler.conf &
echo "Crypto helpers started.."
EXCHANGE_MASTER_PUB=$(taler-exchange-offline -c /config/taler.conf setup)
sed -i "s/__EXCHANGE_MASTER_PUB__/$EXCHANGE_MASTER_PUB/" /config/taler.conf
-taler-exchange-httpd -c /config/taler.conf &
-for n in `seq 1 80`
+taler-exchange-httpd -L DEBUG -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-httpd-%Y-%m-%d 86400 &
+for n in `seq 1 20`
do
echo "."
- sleep 0.1
+ sleep 0.4
OK=1
wget http://exchange/ -o /dev/null -O /dev/null >/dev/null && break
OK=0
done
if [ 1 != $OK ]
then
- echo "Failed to launch Exchange"
+ echo "ERROR: failed to launch Exchange"
+ exit 1
fi
echo Echange launched.
-taler-exchange-wirewatch -L DEBUG -c /config/taler.conf &
+taler-exchange-wirewatch -L DEBUG -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-exchange-wirewatch-%Y-%m-%d 86400 &
-taler-exchange-offline -c /config/taler.conf \
+taler-exchange-offline -L DEBUG -c /config/taler.conf \
download sign \
enable-account
"payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company" \
wire-fee now iban ${CURRENCY}:0.01 ${CURRENCY}:0.01 ${CURRENCY}:0.01 \
global-fee now ${CURRENCY}:0.01 ${CURRENCY}:0.01 ${CURRENCY}:0.01
${CURRENCY}:0.01 1h 1h 1year 5 \
- upload
+ upload 2>&1
wait
diff --git a/docker/hybrid/images/exchange/taler.conf
b/docker/hybrid/images/exchange/taler.conf
index 43a01d6..e905898 100644
--- a/docker/hybrid/images/exchange/taler.conf
+++ b/docker/hybrid/images/exchange/taler.conf
@@ -37,7 +37,7 @@ port = 80
# serve = unix
[exchangedb-postgres]
-config = postgres://talerdb/taler
+config = postgres://root:__DB_PASSWORD__@talerdb/taler
[coin___CURRENCY___1]
rsa_keysize = 2048
diff --git a/docker/hybrid/images/libeufin/startup.sh
b/docker/hybrid/images/libeufin/startup.sh
index 5e8b447..ea72201 100644
--- a/docker/hybrid/images/libeufin/startup.sh
+++ b/docker/hybrid/images/libeufin/startup.sh
@@ -52,7 +52,8 @@ libeufin-sandbox default-exchange \
"payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company"
echo DONE
echo -n "Launching Sandbox..."
-libeufin-sandbox serve --no-localhost-only --port $SANDBOX_PORT &
+libeufin-sandbox serve --no-localhost-only --port $SANDBOX_PORT 2>&1 | \
+ rotatelogs -e /logs/libeufin-sandbox-serve-%Y-%m-%d 86400 &
echo DONE
is_serving ${LIBEUFIN_SANDBOX_URL} Sandbox
@@ -65,10 +66,9 @@ echo -n "Create exchange EBICS subscriber at Sandbox.."
export LIBEUFIN_SANDBOX_USERNAME=admin
export LIBEUFIN_SANDBOX_PASSWORD=secret
echo -n "Create EBICS host at Sandbox.."
-libeufin-cli sandbox \
- --sandbox-url $SANDBOX_BASE_URL \
- ebicshost create --host-id talerebics
+libeufin-cli sandbox --sandbox-url $SANDBOX_BASE_URL ebicshost create
--host-id talerebics
echo DONE
+echo -n "Create exchange's EBICS subscriber at Sandbox.."
libeufin-cli sandbox \
demobank new-ebicssubscriber --host-id talerebics \
--user-id exchangeebics --partner-id talerpartner \
@@ -79,10 +79,12 @@ EXCHANGE_NEXUS_USERNAME=`taler-config -c
/config/deployment.conf -s taler-deploy
EXCHANGE_NEXUS_PASSWORD=`taler-config -c /config/deployment.conf -s
taler-deployment -o exchange-nexus-password`
export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:/data/nexus.sqlite3"
echo -n "Creating Nexus superuser..."
-libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME --password
$EXCHANGE_NEXUS_PASSWORD
+libeufin-nexus superuser $EXCHANGE_NEXUS_USERNAME \
+ --password $EXCHANGE_NEXUS_PASSWORD
echo DONE
echo -n "Launching Nexus..."
-libeufin-nexus serve --no-localhost-only --port $NEXUS_PORT &
+libeufin-nexus serve --no-localhost-only --port $NEXUS_PORT | \
+ rotatelogs -e /logs/libeufin-nexus-serve-%Y-%m-%d 86400 &
echo DONE
is_serving $LIBEUFIN_NEXUS_URL Nexus
diff --git a/docker/hybrid/images/merchant/startup.sh
b/docker/hybrid/images/merchant/startup.sh
index 0014a21..903f855 100644
--- a/docker/hybrid/images/merchant/startup.sh
+++ b/docker/hybrid/images/merchant/startup.sh
@@ -7,6 +7,7 @@ export LD_LIBRARY_PATH=/usr/local/lib
CURRENCY=`taler-config -c /config/deployment.conf -s taler-deployment -o
currency`
BACKEND_APIKEY=`taler-config -c /config/deployment.conf -s taler-deployment -o
merchant-apikey`
EXCHANGE_URL="http://exchange/";
+DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o
db-password`
while ! pg_isready -h talerdb -d taler; do
echo DB not ready yet.
@@ -23,7 +24,7 @@ echo Now DB is ready.
socat TCP-LISTEN:5555,fork,reuseaddr TCP:exchange:80 &
echo Checking exchange at: ${EXCHANGE_URL}
-for n in `seq 1 30`
+for n in `seq 1 20`
do
echo "."
sleep 0.4
@@ -33,7 +34,7 @@ for n in `seq 1 30`
done
if [ 1 != $OK ]
then
- echo "Exchange unreachable."
+ echo "ERROR: exchange unreachable."
exit 1
fi
echo Echange reachable.
@@ -44,11 +45,13 @@ sed -i "s;__EXCHANGE_URL__;${EXCHANGE_URL};"
/config/taler.conf
sed -i "s/__EXCHANGE_PUB__/${EXCHANGE_MASTER_PUB}/" /config/taler.conf
sed -i "s/__CURRENCY__/${CURRENCY}/" /config/taler.conf
sed -i "s/__BACKEND_APIKEY__/${BACKEND_APIKEY}/" /config/taler.conf
+sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" /config/taler.conf
echo -n "Reset database..."
-taler-merchant-dbinit -c /config/taler.conf --reset
+taler-merchant-dbinit -L DEBUG -c /config/taler.conf --reset
echo DONE
echo -n "Launch merchant backend..."
-taler-merchant-httpd -c /config/taler.conf &
+taler-merchant-httpd -c /config/taler.conf 2>&1 | \
+ rotatelogs -e /logs/taler-merchant-httpd-%Y-%m-%d 86400 &
echo DONE
sleep 1
echo -n "Create default instance..."
diff --git a/docker/hybrid/images/merchant/taler.conf
b/docker/hybrid/images/merchant/taler.conf
index 80dbef0..d5f6091 100644
--- a/docker/hybrid/images/merchant/taler.conf
+++ b/docker/hybrid/images/merchant/taler.conf
@@ -10,7 +10,7 @@ exchange_base_url = __EXCHANGE_URL__
master_key = __EXCHANGE_PUB__
[merchantdb-postgres]
-config = postgres://talerdb/taler
+config = postgres://root:__DB_PASSWORD__@talerdb/taler
[merchant]
default_max_deposit_fee = __CURRENCY__:0.05
diff --git a/docker/hybrid/images/postgres/Dockerfile
b/docker/hybrid/images/postgres/Dockerfile
index 6c46150..9b99dc1 100644
--- a/docker/hybrid/images/postgres/Dockerfile
+++ b/docker/hybrid/images/postgres/Dockerfile
@@ -1,4 +1,4 @@
FROM docker.io/postgres
-ENV POSTGRES_HOST_AUTH_METHOD=trust
-COPY init.sql /docker-entrypoint-initdb.d/init.sql
+COPY init.sh /docker-entrypoint-initdb.d/init.sh
+RUN chmod +x /docker-entrypoint-initdb.d/init.sh
diff --git a/docker/hybrid/images/postgres/init.sh
b/docker/hybrid/images/postgres/init.sh
new file mode 100644
index 0000000..04ac447
--- /dev/null
+++ b/docker/hybrid/images/postgres/init.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -eu
+
+createdb -U root -O root taler
+# Fixme: use taler-config.
+CUSTOM_PASSWORD=$(grep db-password < /config/deployment.conf | awk -F= '{print
$2}' | tr -d "[:space:]")
+echo "ALTER ROLE root WITH PASSWORD '"${CUSTOM_PASSWORD}"';" | psql -U root
diff --git a/docker/hybrid/images/postgres/init.sql
b/docker/hybrid/images/postgres/init.sql
deleted file mode 100644
index dec35df..0000000
--- a/docker/hybrid/images/postgres/init.sql
+++ /dev/null
@@ -1,2 +0,0 @@
-CREATE ROLE root SUPERUSER LOGIN;
-CREATE DATABASE taler WITH OWNER root;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-deployment] branch master updated (9ecd95a -> 0d180d2),
gnunet <=