[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-ansible-taler-exchange] branch master updated: fix syntax issues
|
From: |
gnunet |
|
Subject: |
[taler-ansible-taler-exchange] branch master updated: fix syntax issues |
|
Date: |
Sun, 24 Nov 2024 13:35:15 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository ansible-taler-exchange.
The following commit(s) were added to refs/heads/master by this push:
new ef9b1ee fix syntax issues
ef9b1ee is described below
commit ef9b1ee81183dcaa4c0cebe94c935aa986b06850
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Nov 24 13:34:21 2024 +0100
fix syntax issues
---
README | 2 +-
ansible.cfg | 2 +-
inventories/{staging/hosts.example => example} | 0
inventories/production/hosts.example | 4 ---
inventories/tops | 2 ++
playbooks/setup.yml | 44 +++++++++++++-------------
playbooks/test-secrets.yml | 25 +++++++--------
roles/challenger/tasks/main.yml | 31 ++++++++++--------
roles/common_packages/tasks/main.yml | 13 +++++---
roles/exchange/tasks/main.yml | 4 +--
roles/libeufin-nexus/tasks/main.yml | 4 +--
roles/webserver/tasks/main.yml | 38 +++++++++++-----------
12 files changed, 87 insertions(+), 82 deletions(-)
diff --git a/README b/README
index 182b3c3..f9245de 100644
--- a/README
+++ b/README
@@ -5,7 +5,7 @@
To run the main playbook (playbooks/setup.yml):
```
-$ ansible-playbook --verbose -i <host>, --user root playbooks/setup.yml
--extra-vars "@playbook/test-secrets.yml"
+$ ansible-playbook --verbose --inventory <host>, --user root
playbooks/setup.yml --extra-vars "@playbooks/test-secrets.yml"
```
Instead of specifying the host(s) as arguments (note the trailing comma!)
diff --git a/ansible.cfg b/ansible.cfg
index f292590..e97caf3 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,4 +1,4 @@
[defaults]
-inventory = inventories
+inventory = inventories/tops
roles_path = roles
remote_user = root
diff --git a/inventories/staging/hosts.example b/inventories/example
similarity index 100%
rename from inventories/staging/hosts.example
rename to inventories/example
diff --git a/inventories/production/hosts.example
b/inventories/production/hosts.example
deleted file mode 100644
index adc9225..0000000
--- a/inventories/production/hosts.example
+++ /dev/null
@@ -1,4 +0,0 @@
-[production]
-#taler-ops production server
-pixel.taler-ops.ch
-
diff --git a/inventories/tops b/inventories/tops
new file mode 100644
index 0000000..9ef6068
--- /dev/null
+++ b/inventories/tops
@@ -0,0 +1,2 @@
+[production]
+spec.taler-ops.ch ansible_port=22 ansible_user=root
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
index 564d3c4..9e072e1 100644
--- a/playbooks/setup.yml
+++ b/playbooks/setup.yml
@@ -14,46 +14,46 @@
# secrets. For secrets, test-secrets.yml contains a template.
vars:
# Our currency.
- CURRENCY = CHF
+ CURRENCY: CHF
# Smallest unit of the currency for wire transfers.
- CURRENCY_ROUND_UNIT = CHF:0.01
+ CURRENCY_ROUND_UNIT: "CHF:0.01"
# Main domain name.
- DOMAIN_NAME = taler-ops.ch
+ DOMAIN_NAME: "taler-ops.ch"
# Base URL of the exchange REST API
- EXCHANGE_BASE_URL="https://exchange.{{ $DOMAIN_NAME }}/"
+ EXCHANGE_BASE_URL: "https://exchange.{{ $DOMAIN_NAME }}/"
# Base URL of the auditor REST API
- AUDITOR_BASE_URL="https://auditor.{{ $DOMAIN_NAME }}/"
+ AUDITOR_BASE_URL: "https://auditor.{{ $DOMAIN_NAME }}/"
# Exchange offline master public key.
- EXCHANGE_MASTER_PUB=
+ EXCHANGE_MASTER_PUB:
# Auditor offline public key.
- AUDITOR_PUB=
+ AUDITOR_PUB:
# Name of Terms of service resource file
- EXCHANGE_TERMS_ETAG="exchange-tos-v0"
+ EXCHANGE_TERMS_ETAG: "exchange-tos-v0"
# Name of Privacy policy resource file
- EXCHANGE_PP_ETAG="exchange-pp-v0"
+ EXCHANGE_PP_ETAG: "exchange-pp-v0"
# Full Payto URI of exchange account (for credit and debit)
- EXCHANGE_BANK_ACCOUNT_BIC="POFICHBEXXX"
+ EXCHANGE_BANK_ACCOUNT_BIC: "POFICHBEXXX"
# Full Payto URI of exchange account (for credit and debit)
- EXCHANGE_BANK_ACCOUNT_IBAN="CH9889144237951612671"
+ EXCHANGE_BANK_ACCOUNT_IBAN: "CH9889144237951612671"
# Full Payto URI of exchange account (for credit and debit)
- EXCHANGE_BANK_ACCOUNT_PAYTO="payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN
}}?receiver-name=operator"
+ EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN
}}?receiver-name: operator"
# Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
- LIBEUFIN_PORT=8082
+ LIBEUFIN_PORT: 8082
# Name of the exchange account at libeufin-nexus
- LIBEUFIN_EXCHANGE_ACCOUNT="exchange"
+ LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
# Name of the bank dialect
- LIBEUFIN_NEXUS_BANK_DIALECT="postfinance"
+ LIBEUFIN_NEXUS_BANK_DIALECT: "postfinance"
# Business name of the exchange operator
- EXCHANGE_OPERATOR_LEGAL_NAME="Taler Exchange Operator Legal Name"
+ EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Exchange Operator Legal Name"
# Where to send people after they passed KYC.
- KYC_THANK_YOU_URL = https://taler-ops.ch/thank-you-kyc
+ KYC_THANK_YOU_URL: https://taler-ops.ch/thank-you-kyc
# Template to use for identification of individuals with KYCAID
- KYCAID_TEMPLATE_INDIVIDUAL = tmpl_xxx
+ KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx
# Template to use for identification of businesses with KYCAID
- KYCAID_TEMPLATE_BUSINESS = tmpl_xxx
+ KYCAID_TEMPLATE_BUSINESS: tmpl_xxx
# Regex specifying allowed phone numbers for the SMS check
- EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX = \+41[0-9]+
+ EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: \+41[0-9]+
# Limit to lift for withdraw upon SMS registration
- EXCHANGE_AML_PROGRAM_TOPS_SMS_WITHDRAW_THRESHOLD = CHF:200
+ EXCHANGE_AML_PROGRAM_TOPS_SMS_WITHDRAW_THRESHOLD: CHF:200
# Limit to lift for merge upon SMS registration
- EXCHANGE_AML_PROGRAM_TOPS_SMS_MERGE_THRESHOLD = CHF:0
+ EXCHANGE_AML_PROGRAM_TOPS_SMS_MERGE_THRESHOLD: CHF:0
diff --git a/playbooks/test-secrets.yml b/playbooks/test-secrets.yml
index 060eee0..177d995 100644
--- a/playbooks/test-secrets.yml
+++ b/playbooks/test-secrets.yml
@@ -1,21 +1,20 @@
-# Secret token to use to authenticate to SMS challenger service.
-EXCHANGE_SMS_CHALLENGER_TOKEN=SECRET1 => fact?
+---
# Symmetric encryption secret for KYC attribute encryption.
-EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY=SECRET2
+EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: SECRET2
# EBICS access details
-LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL =
https://isotest.postfinance.ch/ebicsweb/ebicsweb
-LIBEUFIN_NEXUS_EBICS_HOST_ID = PFEBICS
-LIBEUFIN_NEXUS_EBICS_USER_ID = PFC00664
-LIBEUFIN_NEXUS_EBICS_PARTNER_ID = PFC00664
-LIBEUFIN_NEXUS_EBICS_SYSTEM_ID = PFC00664
+LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL:
https://isotest.postfinance.ch/ebicsweb/ebicsweb
+LIBEUFIN_NEXUS_EBICS_HOST_ID: PFEBICS
+LIBEUFIN_NEXUS_EBICS_USER_ID: PFC00664
+LIBEUFIN_NEXUS_EBICS_PARTNER_ID: PFC00664
+LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: PFC00664
# Authorization token for the telesign SMS service
-SMS_CHALLENGER_TELESIGN_AUTH_TOKEN = my-auth-token
+SMS_CHALLENGER_TELESIGN_AUTH_TOKEN: my-auth-token
# Authorization data for the pingen postal service
-POSTAL_CHALLENGER_PINGEN_CLIENT_ID = myid
-POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET = mysecret
-POSTAL_CHALLENGER_PINGEN_ORG_ID = orgid
+POSTAL_CHALLENGER_PINGEN_CLIENT_ID: myid
+POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET: mysecret
+POSTAL_CHALLENGER_PINGEN_ORG_ID: orgid
# KYCaid access token
-EXCHANGE_KYCAID_ACCESS_TOKEN = FIXME
+EXCHANGE_KYCAID_ACCESS_TOKEN: FIXME
diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml
index c277a3a..43e1b72 100644
--- a/roles/challenger/tasks/main.yml
+++ b/roles/challenger/tasks/main.yml
@@ -90,13 +90,13 @@
creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact
# FIXME: these 3 can probably be combined, figure out how...
-- name: sms-challenger: force ansible to regather just created fact(s)
+- name: sms-challenger force ansible to regather just created fact(s)
setup: filter='sms-challenger-client-secret'
-- name: email-challenger: force ansible to regather just created fact(s)
+- name: email-challenger force ansible to regather just created fact(s)
setup: filter='email-challenger-client-secret'
-- name: postal-challenger: force ansible to regather just created fact(s)
+- name: postal-challenger force ansible to regather just created fact(s)
setup: filter='postal-challenger-client-secret'
- name: Setup SMS Challenger exchange account
@@ -117,7 +117,7 @@
- name: Place SMS challenger exchange config
ansible.builtin.template:
src: templates/etc/taler-exchange/config.d/sms-challenger.conf.j2
- dest: "/etc/taler-exchange/config.d/sms-challenger.conf"
+ dest: /etc/taler-exchange/config.d/sms-challenger.conf
owner: root
group: challenger-sms
mode: 0640
@@ -125,7 +125,7 @@
- name: Place email challenger exchange config
ansible.builtin.template:
src: templates/etc/taler-exchange/config.d/email-challenger.conf.j2
- dest: "/etc/taler-exchange/config.d/email-challenger.conf"
+ dest: /etc/taler-exchange/config.d/email-challenger.conf
owner: root
group: challenger-email
mode: 0640
@@ -133,7 +133,7 @@
- name: Place postal challenger exchange config
ansible.builtin.template:
src: templates/etc/taler-exchange/config.d/postal-challenger.conf.j2
- dest: "/etc/taler-exchange/config.d/postal-challenger.conf"
+ dest: /etc/taler-exchange/config.d/postal-challenger.conf
owner: root
group: challenger-postal
mode: 0640
@@ -141,7 +141,7 @@
- name: Place SMS challenger environment data
ansible.builtin.template:
src: templates/etc/challenger/sms-challenger.env.j2
- dest: "/etc/challenger/sms-challenger.env
+ dest: /etc/challenger/sms-challenger.env
owner: root
group: challenger-sms
mode: 0640
@@ -149,7 +149,7 @@
- name: Place postal challenger environment data
ansible.builtin.template:
src: templates/etc/challenger/postal-challenger.env.j2
- dest: "/etc/challenger/postal-challenger.env
+ dest: /etc/challenger/postal-challenger.env
owner: root
group: challenger-postal
mode: 0640
@@ -157,17 +157,17 @@
- name: Place sms-challenger systemd service file
copy:
src: etc/systemd/system/sms-challenger-httpd.service
- dest: "/etc/systemd/system/sms-challenger-httpd.service
+ dest: /etc/systemd/system/sms-challenger-httpd.service
- name: Place postal-challenger systemd service file
copy:
src: etc/systemd/system/poastal-challenger-httpd.service
- dest: "/etc/systemd/system/postal-challenger-httpd.service
+ dest: /etc/systemd/system/postal-challenger-httpd.service
- name: Place email-challenger systemd service file
copy:
src: etc/systemd/system/email-challenger-httpd.service
- dest: "/etc/systemd/system/email-challenger-httpd.service
+ dest: /etc/systemd/system/email-challenger-httpd.service
- name: Ensure SMS challenger service is enabled and started
ansible.builtin.systemd_service:
@@ -191,7 +191,7 @@
- name: Place SMS challenger Nginx configuration
ansible.builtin.template:
src: templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2
- dest: "/etc/nginx/sites-available/sms-challenger-nginx.conf
+ dest: /etc/nginx/sites-available/sms-challenger-nginx.conf
owner: root
group: root
mode: 0644
@@ -206,7 +206,7 @@
- name: Place email challenger Nginx configuration
ansible.builtin.template:
src: templates/etc/nginx/sites-available/email-challenger-nginx.conf.j2
- dest: "/etc/nginx/sites-available/email-challenger-nginx.conf
+ dest: /etc/nginx/sites-available/email-challenger-nginx.conf
owner: root
group: root
mode: 0644
@@ -221,7 +221,7 @@
- name: Place postal challenger Nginx configuration
ansible.builtin.template:
src: templates/etc/nginx/sites-available/postal-challenger-nginx.conf.j2
- dest: "/etc/nginx/sites-available/postal-challenger-nginx.conf
+ dest: /etc/nginx/sites-available/postal-challenger-nginx.conf
owner: root
group: root
mode: 0644
@@ -231,4 +231,7 @@
src: /etc/nginx/sites-available/postal-challenger-nginx.conf
dest: /etc/nginx/sites-enabled/postal-challenger-nginx.conf
state: link
+ owner: root
+ group: root
+ mode: 0644
notify: restart nginx
diff --git a/roles/common_packages/tasks/main.yml
b/roles/common_packages/tasks/main.yml
index b3d47a1..893c02f 100644
--- a/roles/common_packages/tasks/main.yml
+++ b/roles/common_packages/tasks/main.yml
@@ -1,11 +1,8 @@
---
# Role: Install dependencies
-- name: Install packages required by Ansible and deploy current base distro
+- name: Deploy current base distro
apt:
- name:
- - python3-debian
- - python3-psycopg2
state: latest
update_cache: true
autoclean: true
@@ -13,6 +10,14 @@
upgrade: safe
when: ansible_os_family == 'Debian'
+- name: Install packages required by Ansible
+ apt:
+ name:
+ - python3-debian
+ - python3-psycopg2
+ state: latest
+ when: ansible_os_family == 'Debian'
+
- name: Install Taler dependencies on Debian/Ubuntu
apt:
name:
diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml
index 0dceba9..19321c3 100644
--- a/roles/exchange/tasks/main.yml
+++ b/roles/exchange/tasks/main.yml
@@ -69,13 +69,13 @@
- name: Check if we have kyc-rules (depends on branch)
local_action: stat path=files/etc/taler-exchange/config.d/kyc-rules.conf
- register: kyc-rules.conf
+ register: have_kycrules
- name: Place taler-exchange KYC configuration (if exists)
copy:
src: files/etc/taler-exchange/config.d/kyc-rules.conf
dest: /etc/taler-exchange/config.d/kyc-rules.conf
- when: kyc-rules.conf.stat.exists
+ when: have_kycrules.stat.exists
- name: Setup Taler Exchange database
shell:
diff --git a/roles/libeufin-nexus/tasks/main.yml
b/roles/libeufin-nexus/tasks/main.yml
index da1a086..3d0429e 100644
--- a/roles/libeufin-nexus/tasks/main.yml
+++ b/roles/libeufin-nexus/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: Ensure libeufin-nexus service is stopped before we upgrade
service:
- deamon_reload: true
+ daemon_reload: true
name: libeufin-nexus.target
state: stopped
enabled: false
@@ -30,7 +30,7 @@
# Ensures we only run when the file does not yet exist
creates: /etc/ansible/facts.d/libeufin-nexus-access-token.fact
-- name: libeufin-nexus: force ansible to regather just created fact(s)
+- name: libeufin-nexus force ansible to regather just created fact(s)
setup: filter='libeufin-nexus-access-token'
- name: Place libeufin-nexus config
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
index e87ad79..1fd1350 100644
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -8,28 +8,28 @@
update_cache: yes
when: ansible_os_family == 'Debian'
- #- name: Install Certbot and Certbot Nginx plugin
- # package:
- # name: "{{ item }}"
- # state: present
- # with_items:
- # - certbot
- # - python3-certbot-nginx # Certbot plugin for Nginx
- #
- #- name: Obtain or renew SSL certificate using Certbot with Nginx
- # command: certbot --nginx --domain "{{ SUBDOMAIN }}.{{ DOMAIN_NAME }}"
--redirect --non-interactive --agree-tos --email "{{ ACME_EMAIL }}"
- # register: certbot_result
- # changed_when: "'Certificate not yet due for renewal' not in
certbot_result.stdout"
- #
- #- name: Reload Nginx configuration if certificates were obtained or
renewed
- # service:
- # name: nginx
- # state: restarted
- # when: certbot_result.changed
+#- name: Install Certbot and Certbot Nginx plugin
+# package:
+# name: "{{ item }}"
+# state: present
+# with_items:
+# - certbot
+# - python3-certbot-nginx # Certbot plugin for Nginx
+#
+#- name: Obtain or renew SSL certificate using Certbot with Nginx
+# command: certbot --nginx --domain "{{ SUBDOMAIN }}.{{ DOMAIN_NAME }}"
--redirect --non-interactive --agree-tos --email "{{ ACME_EMAIL }}"
+# register: certbot_result
+# changed_when: "'Certificate not yet due for renewal' not in
certbot_result.stdout"
+#
+#- name: Reload Nginx configuration if certificates were obtained or renewed
+# service:
+# name: nginx
+# state: restarted
+# when: certbot_result.changed
- name: Remove default nginx configuration
file:
- path: /etc/nginx/sites-enabled/default
+ path: /etc/nginx/sites-enabled/default
state: absent
- name: Ensure Nginx service is enabled and started
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-ansible-taler-exchange] branch master updated: fix syntax issues,
gnunet <=