gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-grid5k] 12/48: first auditor script steps

From: gnunet
Subject: [taler-grid5k] 12/48: first auditor script steps
Date: Sat, 28 May 2022 12:11:32 +0200 
This is an automated email from the git hooks/post-receive script.

marco-boss pushed a commit to branch master
in repository grid5k.

commit 9a5b5514d47ca75751c85c06ffc71f45b5f38180
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Thu May 12 16:33:21 2022 +0200

    first auditor script steps
---
 additional/rspecs/taler.minial.rspec | 11 ++++-
 experiment/env                       |  2 +-
 experiment/scripts/auditor.sh        | 79 +++++++++++++++++++++++++++++++++++-
 experiment/scripts/createusers.sh    | 27 ++++++++++++
 experiment/scripts/helpers.sh        | 17 +++++---
 experiment/scripts/run.sh            |  4 ++
 6 files changed, 129 insertions(+), 11 deletions(-)

diff --git a/additional/rspecs/taler.minial.rspec 
b/additional/rspecs/taler.minial.rspec
index f18357b..c5e6f5e 100644
--- a/additional/rspecs/taler.minial.rspec
+++ b/additional/rspecs/taler.minial.rspec
@@ -1,5 +1,5 @@
 <?xml version='1.0'?>
-<rspec xmlns="http://www.geni.net/resources/rspec/3"; type="request" 
generated_by="jFed RSpec Editor" generated="2022-04-02T11:14:04.525+02:00" 
xmlns:emulab="http://www.protogeni.net/resources/rspec/ext/emulab/1"; 
xmlns:delay="http://www.protogeni.net/resources/rspec/ext/delay/1"; 
xmlns:jfed-command="http://jfed.iminds.be/rspec/ext/jfed-command/1"; 
xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1"; 
xmlns:jfed-ssh-keys="http://jfed.iminds.be/rspec/ext/jfed-ssh-keys/1"; xmlns: 
[...]
+<rspec xmlns="http://www.geni.net/resources/rspec/3"; type="request" 
generated_by="jFed RSpec Editor" generated="2022-05-12T16:28:28.643+02:00" 
xmlns:emulab="http://www.protogeni.net/resources/rspec/ext/emulab/1"; 
xmlns:delay="http://www.protogeni.net/resources/rspec/ext/delay/1"; 
xmlns:jfed-command="http://jfed.iminds.be/rspec/ext/jfed-command/1"; 
xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1"; 
xmlns:jfed-ssh-keys="http://jfed.iminds.be/rspec/ext/jfed-ssh-keys/1"; xmlns: 
[...]
   <node client_id="DB" exclusive="true" 
component_manager_id="urn:publicid:IDN+am.grid5000.fr+authority+am">
     <sliver_type name="raw-pc">
       <disk_image 
name="http://public.lille.grid5000.fr/~bfhch01/taler-debian11.dsc"/>
@@ -42,4 +42,11 @@
     <hardware_type name="dahu-grenoble"/>
     <location xmlns="http://jfed.iminds.be/rspec/ext/jfed/1"; x="458.0" 
y="109.5"/>
   </node>
-</rspec>
+  <node client_id="Auditor" exclusive="true" 
component_manager_id="urn:publicid:IDN+am.grid5000.fr+authority+am">
+    <sliver_type name="raw-pc">
+      <disk_image 
name="http://public.lille.grid5000.fr/~bfhch01/taler-debian11.dsc"/>
+    </sliver_type>
+    <hardware_type name="dahu-grenoble"/>
+    <location xmlns="http://jfed.iminds.be/rspec/ext/jfed/1"; x="463.5" 
y="198.5"/>
+  </node>
+</rspec>
\ No newline at end of file
diff --git a/experiment/env b/experiment/env
index 1a7f42e..82eb443 100644
--- a/experiment/env
+++ b/experiment/env
@@ -8,7 +8,7 @@
 # (used to determine which script to execute in run.sh)
 # Wallets are not needed explicitely since they can (and will be)
 # exported as a wildcard (*).
-NODES="Bank DB DNS Exchange Aggregator Closer Transfer Wirewatch Merchant 
Monitor EProxy Shard"
+NODES="Bank DB DNS Exchange Aggregator Closer Transfer Wirewatch Auditor 
Merchant Monitor EProxy Shard"
 
 # DNS Zone to setup inside the grid for the experiment
 DNS_ZONE=perf.taler
diff --git a/experiment/scripts/auditor.sh b/experiment/scripts/auditor.sh
index 850a69c..2680fe6 100644
--- a/experiment/scripts/auditor.sh
+++ b/experiment/scripts/auditor.sh
@@ -11,13 +11,88 @@ init:
   Configure and start the auditor together with its database
 "
 
+function create_users() {
+  for USER in auditor sync helper auditor-ingress auditor-wire offline; do
+    add-user --disabled-password $USER
+  done
+}
+
+function init_db() {
+  createdb -O auditor-ingress exchange-ingress
+  #createdb -O sync exchange-production
+  createdb -O auditor auditor
+  #createdb -O auditor-wire libeufin
+
+  psql -d exchange-ingress -U auditor-ingress -tAc 'GRANT ALL ON ALL TABLES IN 
SCHEMA public TO sync;'
+  #psql -d exchange-prodution -U sync -tAc 'GRANT SELECT ON ALL TABLE IN 
SCHEMA public TO auditor;'
+  #psql -d libeufin -U auditor-wire -tAc 'GRANT SELECT ON ALL TABLE IN SCHEMA 
public TO auditor;'
+
+  echo "
+  listen_address='*'
+  wal_level = logical
+  " >> /etc/postgresql/${POSTGRES_VERSION}/main/auditor.conf
+
+  systemctl restart postgresql
+}
+
+function setup_exchange_replication() {
+  sudo -u auditor-ingress << EOF
+  taler-config -s exchange -o DB -V "postgres"
+  taler-config -s exchangedb-postgres -o CONFIG -V 
"postgres:///exchange-ingress"
+  taler-exchange-dbinit
+EOF
+
+  sudo -u postgres << EOF
+  createuser --replication egress
+  psql -tAc "ALTER ROLE egress WITH PASSWORD '${DB_PASSWORD}';
+  psql -d taler-exchange -tAc "CREATE REPLICATION taler-perf FOR ALL TABLES;
+EOF
+}
+
+# Start the auditor httpd and the nginx proxy
+function enable_webservice() {
+  create_cert "${NODE_NAME}.${DNS_ZONE}" "/etc/ssl/auditor"
+  ln -sf /etc/nginx/sites-available/auditor /etc/nginx/sites-enabled/auditor
+  systemctl restart taler-auditor-httpd \
+                    nginx
+}
+
+function setup_config() {
+
+  setup_exchange_config_master_key_from_api
+
+  PUB_KEY=$(sudo -u offline taler-auditor-offline setup)
+
+  wait_for_keys ${EXCHANGE_GW_DOMAIN}
+
+  sed -i -e "s/<AUDITOR_PUB_KEY_HERE>/${PUB_KEY}/g" \
+      /etc/taler/conf.d/auditor.conf
+
+  sudo -u auditor taler-auditor-dbinit
+  sudo -u auditor taler-auditor-exchange -m $(get_exchange_masterkey) -u 
https://${EXCHANGE_GW_DOMAIN}/
+  sudo -u helper taler-auditor-offline download > input.json
+  sudo -u offline taler-auditor-offline show < input.json
+  sudo -u offline taler-audifor-offline sign < input.json > output.json
+  sudo -u helper taler-auditor-offline upload < output.json
+
+  enable_webservice
+
+  setup_exchange_replication
+}
+
 function init_auditor() {
-  echo "TBD"
+  create_users
+  init_db
+  setup_config
 }
 
 case $1 in 
   init)
-    init_auditor
+    if [[ "${PARTITION_DB}" == "true" ]];
+      init_auditor
+    else
+      echo "INFO: sharded DB not supported yet"
+    fi
     ;;
   *)
     taler_perf_help $0 "$INFO_MSG" "$OPT_MSG"
diff --git a/experiment/scripts/createusers.sh 
b/experiment/scripts/createusers.sh
index 3f8d8eb..e1f97fe 100755
--- a/experiment/scripts/createusers.sh
+++ b/experiment/scripts/createusers.sh
@@ -26,6 +26,11 @@ WIREUSERNAME=taler-exchange-wire
 MERCHUSERNAME=taler-merchant-httpd
 MERCHGROUPNAME=www-data
 
+AUDITCONFIG_FILE="/etc/default/taler-auditor"
+ADUITTALER_HOME="/var/lib/taler-auditor"
+AUDITUSERNAME=taler-auditor-httpd
+AUDITGROUPNAME=taler-auditor-httpd
+
 # Create taler groups as needed
 if ! getent group ${GROUPNAME} >/dev/null; then
   addgroup --quiet --system ${GROUPNAME}
@@ -122,3 +127,25 @@ if ! dpkg-statoverride --list 
/etc/taler/secrets/merchant-db.secret.conf >/dev/n
     ${MERCHUSERNAME} root 460 \
     /etc/taler/secrets/merchant-db.secret.conf
 fi
+
+# Auditor 
+if ! getent group ${AUDITGROUPNAME} >/dev/null; then
+  addgroup --quiet --system \
+           ${AUDITGROUPNAME}
+fi
+
+if ! getent passwd ${AUDITUSERNAME} >/dev/null; then
+  adduser --quiet --system \
+          --ingroup ${AUDITGROUPNAME} \
+         --no-create-home \
+         --home ${AUDITTALER_HOME} \
+         ${AUDITUSERNAME}
+fi
+
+if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf 
>/dev/null 2>&1; then
+  dpkg-statoverride --add --update \
+    ${AUDITUSERNAME} ${AUDITGROUPNAME} 660 \
+    /etc/taler/secrets/auditor-db.secret.conf
+fi
+
+install -d /run/taler/auditor-httpd -m 0755 -o ${AUDITUSERNAME} -g 
${AUDITGROUPNAME}
diff --git a/experiment/scripts/helpers.sh b/experiment/scripts/helpers.sh
index 2388bd1..c6c4456 100755
--- a/experiment/scripts/helpers.sh
+++ b/experiment/scripts/helpers.sh
@@ -112,6 +112,16 @@ function setup_rsyslog_for_nginx() {
           /etc/rsyslog.conf
 }
 
+# Get the exchanges master public key via the primary exchanges API
+function get_exchange_masterkey() {
+  MASTER_KEY=$(
+    curl -k -f \
+       "${PRIMARY_EXCHANGE}:10000/keys" \
+       | jq -r '.master_public_key'
+  )
+  echo "${MASTER_KEY}"
+}
+
 
 # Setup taler.conf for aggregator etc. with downloading the 
 # master public key from the exchange API 
@@ -121,12 +131,7 @@ function setup_exchange_config_master_key_from_api() {
 
   wait_for_keys "${PRIMARY_EXCHANGE}:10000"
 
-  MASTER_KEY=$(
-    curl -k -f \
-       "${PRIMARY_EXCHANGE}:10000/keys" \
-       | jq -r '.master_public_key'
-  )
-
+  MASTER_KEY=$(get_exchange_masterkey)
   sed -i -e "s/<MASTER_KEY_HERE>/${MASTER_KEY}/g" \
        /etc/taler/conf.d/exchange-business.conf
 
diff --git a/experiment/scripts/run.sh b/experiment/scripts/run.sh
index 9b181a5..c21fa77 100644
--- a/experiment/scripts/run.sh
+++ b/experiment/scripts/run.sh
@@ -69,6 +69,10 @@ elif [[ "${HOSTNAME}" =~ ${WIREWATCH_HOSTS} ]]; then
     enable_logrotate
     enable_netdelay db.${DNS_ZONE}
     exec ~/scripts/exchange-wirewatch.sh init
+elif [[ "${HOSTNAME}" =~ ${AUDITOR_HOSTS} ]]; then 
+    setup_log
+    enable_logrotate
+    exec ~/scripts/auditor.sh init
 elif [[ "${HOSTNAME}" =~ ${MERCHANT_HOSTS} ]]; then 
     setup_log
     enable_logrotate

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]