[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] branch master updated: revert Javier's patch
|
From: |
gnunet |
|
Subject: |
[taler-deployment] branch master updated: revert Javier's patch |
|
Date: |
Tue, 07 Mar 2023 17:58:56 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository deployment.
The following commit(s) were added to refs/heads/master by this push:
new 2275f14 revert Javier's patch
2275f14 is described below
commit 2275f14e815a9218685a16de8a9359daaf41913c
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Mar 7 17:58:50 2023 +0100
revert Javier's patch
---
netzbon/config_nginx.sh | 64 +++++++++--------
netzbon/functions.sh | 160 +++++++++----------------------------------
netzbon/main.sh | 159 +++++++++++++++++++++---------------------
netzbon/setup-exchange.sh | 171 +++++++++++++++++++++++++++++++++++-----------
4 files changed, 278 insertions(+), 276 deletions(-)
diff --git a/netzbon/config_nginx.sh b/netzbon/config_nginx.sh
index e318096..1d355fd 100755
--- a/netzbon/config_nginx.sh
+++ b/netzbon/config_nginx.sh
@@ -1,44 +1,54 @@
#!/bin/bash
# This file is in the public domain.
+set -eu
+
# Inputs: DOMAIN_NAME & ENABLE_TLS
source functions.sh
source config/user.conf
source config/internal.conf
-say "Configuring Nginx"
-
-systemctl start nginx
+if test -z ${DOMAIN_NAME:-}
+then
+ say "Error: config/user.conf does not specify DOMAIN_NAME"
+ exit 1
+fi
+if test -z ${ENABLE_TLS:-}
+then
+ say "Error: config/user.conf does not specify ENABLE_TLS"
+ exit 1
+fi
-# Paths of NGINX
+say "Configuring Nginx"
SITES_AVAILABLE_DIR=/etc/nginx/sites-available
SITES_ENABLED_DIR=/etc/nginx/sites-enabled
-# SED replacements - NGINX sites-available
-
-# taler-exchange
-sed -i 's/server_name localhost/server_name exchange.${DOMAIN_NAME}/g'
${SITES_AVAILABLE_DIR}/taler-exchange
-sed -i 's/"localhost"/"exchange.${DOMAIN_NAME}"/g'
${SITES_AVAILABLE_DIR}/taler-exchange
-
-# taler-merchant
-sed -i 's/server_name localhost/server_name merchant.${DOMAIN_NAME}/g'
${SITES_AVAILABLE_DIR}/taler-medrchant
-
-# libeufin-sandbox
-sed -i 's/server_name localhost/server_name bank.${DOMAIN_NAME}/g'
${SITES_AVAILABLE_DIR}/libeufin-sandbox
-
-# Sym links for NGINX sites-enabled
-
-ln -s ${SITES_AVAILABLE_DIR}/taler-exchange
${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/taler-merchant
${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox
${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
-
-# Obtain SSL certificates with Certbot
-
-# TODO: check nginx, check dns ping, first.
-
-if test ${ENABLE_TLS} = "y"
+cat ${SITES_AVAILABLE_DIR}/taler-exchange \
+ | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \
+ | sed -e "s/location \/taler-exchange\//location \//g" \
+ > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME}
+rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
+
+cat ${SITES_AVAILABLE_DIR}/taler-merchant \
+ | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \
+ | sed -e "s/location \/taler-merchant\//location \//g" \
+ > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME}
+rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
+
+cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \
+ | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \
+ > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME}
+rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME}
${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
+
+say "Restarting Nginx with new configuration"
+systemctl restart nginx
+
+if test ${ENABLE_TLS} == "y"
then
say "Obtaining TLS certificates"
diff --git a/netzbon/functions.sh b/netzbon/functions.sh
index 9820ca6..afdd12e 100755
--- a/netzbon/functions.sh
+++ b/netzbon/functions.sh
@@ -1,14 +1,15 @@
#!/bin/bash
# Message
-# -----------------------------------
+
function say()
{
echo "TALER: " "$@"
}
+
# Check user if the user is root
-# -----------------------------------
+
function check_user()
{
@@ -18,135 +19,36 @@ function check_user()
fi
}
-# Asks several questions to the user
-# -----------------------------------
-function ask()
-{
-
-# DOMAIN_NAME
-
-if [ $1 == "DOMAIN_NAME" ]; then
- read -p "Enter the domain name: " DOMAIN_NAME
-fi
-
-# ENABLE_TLS
-
-if [ $1 == "ENABLE_TLS" ]; then
- read -p "Use TLS? (y/n): " ENABLE_TLS
-fi
-
-# CURRENCY
-
-if [ $1 == "CURRENCY" ]; then
- read -p "Enter the name of the currency (e.g. 'EUR'):" CURRENCY
-fi
-
-# BANK_NAME
-
-if [ $1 == "BANK_NAME" ]; then
- read -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): "
BANK_NAME
-
-fi
-
-# DO_OFFLINE
-
-if [ $1 == "DO_OFFLINE" ]; then
- read -p "Run taler-exchange offline? (y/n): " DO_OFFLINE
-fi
-
-# MASTER_PUBLIC_KEY
-
-if [ $1 == "MASTER_PUBLIC_KEY" ]; then
- if [ $2 == "DO_OFFLINE" ] && [ $DO_OFFLINE == 'n' ]; then
- read -p "Enter the exchange-offline master public key: "
MASTER_PUBLIC_KEY
- fi
-fi
-
-# SANDBOX_ADMIN_PASSWORD
-
-if [ $1 == "SANDBOX_ADMIN_PASSWORD" ]; then
- read -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD
- echo "" # force new line
-fi
-
-# SANDBOX_EXCHANGE_PASSWORD
-
-if [ $1 == "SANDBOX_EXCHANGE_PASSWORD" ]; then
- SANDBOX_EXCHANGE_PASSWORD=`uuidgen`
-
-fi
-
-
-# NEXUS_EXCHANGE_PASSWORD
-
-if [ $1 == "NEXUS_EXCHANGE_PASSWORD" ]; then
- NEXUS_EXCHANGE_PASSWORD=`uuidgen`
-fi
-
-}
-
-
-
-function check_nexus_exchange ()
-{
-
-if test -z ${LIBEUFIN_NEXUS_USERNAME:-}
-then
- say "Failure: LIBEUFIN_NEXUS_USERNAME not set"
- exit 1
-fi
-
-if test -z ${NEXUS_EXCHANGE_PASSWORD:-}
-then
- say "Failure: NEXUS_EXCHANGE_PASSWORD not set"
- exit 1
-fi
-
-if test -z ${EXCHANGE_IBAN:-}
-then
- say "Failure: EXCHANGE_IBAN not set"
- exit 1
-fi
-if test -z ${EXCHANGE_PAYTO:-}
-then
- say "Failure: EXCHANGE_PAYTO not set"
- exit 1
-fi
-
-}
-
-
-# Ask about whether use TLS or not
-# -----------------------------------
-
-function ask_tls()
+# Create users "exchange" and "merchant"
+# Deprecated: should be done by Debian!
+function create_users()
{
-
-read -p "Use TLS? (y/n): " ENABLE_TLS
-
-if test ${ENABLE_TLS} == "y"
-then
- PROTO="https"
-else
- PROTO="http"
-fi
+ say "Creating users"
+ for n in exchange merchant
+ do
+ # Only setup use if it does not yet exist
+ if test ! -d /home/$n
+ then
+ adduser --disabled-password $n
+ fi
+ done
}
-# Check network
-# -----------------------------------
-
-check_dns()
+# Assign group and permissions to users
+# Deprecated: should be done by Debian!
+function assign_user_permissions()
{
-
-ping -c1 exchange.${DOMAIN_NAME} # &> /dev/null
-
-
-if test 0 != $?
-then
- say "Could not ping TO exchange.${DOMAIN_NAME}."
- say "Please make sure your DNS/network are working."
- exit 1
-fi
-
+ for n in exchange merchant
+ do
+ adduser www-data $n
+ mkdir -p /home/$n/.config/
+ # FIXME
+ # cp -r $n/* /home/$n/
+ # TODO: No taler.conf is provided
+ # mv /home/$n/taler.conf /home/$n/.config/taler.conf
+ chmod 600 /home/$n/.config/taler.conf
+ chown -R $n:$n /home/$n/
+ su - postgres -c "createuser $n"
+ su - postgres -c "createdb -O $n taler-$n"
+ done
}
-
diff --git a/netzbon/main.sh b/netzbon/main.sh
index f442e98..f88db95 100755
--- a/netzbon/main.sh
+++ b/netzbon/main.sh
@@ -2,109 +2,111 @@
# This file is in the public domain.
# main.sh is the main script that asks the questions and
-# puts the answers into environment variables located at
"config/internal.conf,user.conf" files
+# puts the answers into environment variables located at
"config/taler-internal.conf or config/taler.conf" files
# Nginx configuration - Reads values directly from these "config files".
set -eu
-# Include functions source file
+# include functions source file
source functions.sh
-# CHECK if user is "root", otherwise EXIT.
-
-check_user
-
-
-# INSTALLATION of Debian packages
-
-. install_debian_packages.sh
-
-
-# Create folder and configuration files
-
+# include variables from configuration
mkdir -p config/
-
-if [ -f config/user.conf ] || [ -f config/internal.conf ]; then
- cat /dev/null > config/user.conf
- cat /dev/null > config/internal.conf
-else
- touch config/user.conf
- touch config/internal.conf
-fi
-
-# Include configuration files (user and internal)
-
+touch config/user.conf config/internal.conf
+# Values supplied by user
source config/user.conf
+# Values we generated
source config/internal.conf
+# Ask questions to user
# START USER INTERACTION
-
echo "TALER: Welcome to the GNU Taler Debian setup!"
-# ASK questions
-
-ask "DOMAIN_NAME"
-ask_tls "ENABLE_TLS"
-
-ask "CURRENCY"
-ask "BANK_NAME"
-ask "DO_OFFLINE"
-
-ask "MASTER_PUBLIC_KEY" "DO_OFFLINE"
-
-ask "SANDBOX_ADMIN_PASSWORD"
-ask "SANDBOX_EXCHANGE_PASSWORD"
-
-ask "NEXUS_ADMIN_PASSWORD"
-ask "NEXUS_EXCHANGE_PASSWORD"
-
-
+if test -z "${CURRENCY:-}"
+then
+ read -p "Enter the name of the currency (e.g. 'EUR'): " CURRENCY
+ # convert to all-caps
+ CURRENCY=`echo ${CURRENCY} | tr a-z A-Z`
+ echo "CURRENCY=${CURRENCY}" >> config/user.conf
+fi
+if test -z "${BANK_NAME:-}"
+then
+ read -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): "
BANK_NAME
+ echo "BANK_NAME=\"${BANK_NAME}\"" >> config/user.conf
+fi
+if test -z "${ENABLE_TLS:-}"
+then
+ read -p "Use TLS? (y/n): " ENABLE_TLS
+ echo "ENABLE_TLS=${ENABLE_TLS}" >> config/user.conf
+fi
+if test -z "${DO_OFFLINE:-}"
+then
+ read -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE
+ echo "DO_OFFLINE=${DO_OFFLINE}" >> config/user.conf
+fi
+if test -z "${MASTER_PUBLIC_KEY:-}"
+then
+ if test ${DO_OFFLINE:-y} == n
+ then
+ read -p "Enter the exchange-offline master public key: "
MASTER_PUBLIC_KEY
+ echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >> config/user.conf
+ fi
+fi
+if test -z "${SANDBOX_ADMIN_PASSWORD:-}"
+then
+ read -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD
+ echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" >> config/user.conf
+ echo "" # force new line
+fi
+if test -z "${DOMAIN_NAME:-}"
+then
+ read -p "Enter the domain name: " DOMAIN_NAME
+ # convert to lower-case
+ DOMAIN_NAME=`echo ${DOMAIN_NAME} | tr A-Z a-z`
+ echo "DOMAIN_NAME=${DOMAIN_NAME}" >> config/user.conf
+fi
# END USER INTERACTION
+# Check DNS settings
+ping -c1 exchange.${DOMAIN_NAME} &> /dev/null
+if test 0 != $?
+then
+ say "Could not ping exchange.${DOMAIN_NAME}."
+ say "Please make sure your DNS/network are working."
+ exit 1
+fi
-# COPY values from variables -> to the configuration files.
-
-# user.conf
-
-# Please note "^^" means convert to uppercase
-echo "CURRENCY=${CURRENCY^^}" >> config/user.conf
-echo "BANK_NAME=\"${BANK_NAME}\"" >> config/user.conf
-echo "ENABLE_TLS=${ENABLE_TLS}" >> config/user.conf
-echo "DO_OFFLINE=${DO_OFFLINE}" >> config/user.conf
-echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >> config/user.conf
-echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" >> config/user.conf
-
-# Please note ",," means convert to lowercase
-echo "DOMAIN_NAME=${DOMAIN_NAME,,}" >> config/user.conf
-
-# internal.conf
-
-echo "NEXUS_EXCHANGE_PASSWORD=${NEXUS_EXCHANGE_PASSWORD}" >>
config/internal.conf
-echo "SANDBOX_EXCHANGE_PASSWORD=${SANDBOX_EXCHANGE_PASSWORD}" >>
config/internal.conf
-
-
-# CHECK DNS settings
+# Check if the user is root, otherwise EXIT.
+check_user
-check_dns
+# Installation of Debian packages required
+. install_debian_packages.sh
-# LIBEUFIN (bank)
+if test -z "${NEXUS_EXCHANGE_PASSWORD:-}"
+then
+ NEXUS_EXCHANGE_PASSWORD=`uuidgen`
+ echo "NEXUS_EXCHANGE_PASSWORD=${NEXUS_EXCHANGE_PASSWORD}" >>
config/internal.conf
+fi
+if test -z "${SANDBOX_EXCHANGE_PASSWORD:-}"
+then
+ SANDBOX_EXCHANGE_PASSWORD=`uuidgen`
+ echo "SANDBOX_EXCHANGE_PASSWORD=${SANDBOX_EXCHANGE_PASSWORD}" >>
config/internal.conf
+fi
. config_launch_libeufin.sh
-
-# EXCHANGE
-
+. config_nginx.sh
. setup-exchange.sh
-
-# MERCHANT
-
. setup-merchant.sh
-# CONFIG NGINX
-
-. config_nginx.sh
-# FINAL message to the user
+# Final message to the user
+if test ${ENABLE_TLS:-} == "y"
+then
+ PROTO="https"
+else
+ PROTO="http"
+fi
say "Congratulations, you have successfully installed GNU Taler"
say "Your bank is at ${PROTO}://bank.${DOMAIN_NAME}/"
@@ -112,5 +114,4 @@ say "A merchant is at ${PROTO}://backend.${DOMAIN_NAME}/"
say "You should set credentials for the merchant soon."
exit 0
-
# END INSTALLATION
diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
index 3491554..8881134 100755
--- a/netzbon/setup-exchange.sh
+++ b/netzbon/setup-exchange.sh
@@ -10,104 +10,193 @@ source config/internal.conf
#
# - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus)
# - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus)
+# - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus)
# - EXCHANGE_IBAN (exchange account IBAN)
# - EXCHANGE_PAYTO (exchange account PAYTO)
# - ENABLE_TLS (http or https?)
-check_nexus_exchange "LIBEUFIN_NEXUS_USERNAME"
-check_nexus_exchange "NEXUS_EXCHANGE_PASSWORD"
-
-check_nexus_exchange "EXCHANGE_IBAN"
-check_nexus_exchange "EXCHANGE_PAYTO"
+if test -z ${LIBEUFIN_NEXUS_USERNAME:-}
+then
+ say "Failure: LIBEUFIN_NEXUS_USERNAME not set"
+ exit 1
+fi
+if test -z ${NEXUS_EXCHANGE_PASSWORD:-}
+then
+ say "Failure: NEXUS_EXCHANGE_PASSWORD not set"
+ exit 1
+fi
+if test -z ${EXCHANGE_IBAN:-}
+then
+ say "Failure: EXCHANGE_IBAN not set"
+ exit 1
+fi
+if test -z ${WIRE_GATEWAY_URL:-}
+then
+ say "Failure: WIRE_GATEWAY_URL not set"
+ exit 1
+fi
+if test -z ${EXCHANGE_PAYTO:-}
+then
+ say "Failure: EXCHANGE_PAYTO not set"
+ exit 1
+fi
-# Create master key as root *unless* user already
+# Create master key as taler-exchange-offline *unless* user already
# set the MASTER_PUBLIC_KEY to some value we can use.
-
+export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys
+export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv
+export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub
if test -z ${MASTER_PUBLIC_KEY:-}
then
+ if test ${DO_OFFLINE:-y} == n
+ then
+ say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO"
+ exit 1
+ fi
say "Setting up offline key"
- mkdir -p ~/.local/share/taler/exchange/offline-keys
- MASTER_PRIV_FILE=~/.local/share/taler/exchange/offline-keys/master.priv
- gnunet-ecc -g1 ${MASTER_PRIV_FILE}
- MASTER_PUBLIC_KEY=`gnunet-ecc -p
~/.local/share/taler/exchange/offline-keys/master.priv`
+ MASTER_PUBLIC_KEY=`sudo -i -u taler-exchange-offline
taler-exchange-offline setup`
+ echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/user.conf
+ if test -z ${DO_OFFLINE:-}
+ then
+ # Set 'DO_OFFLINE'
+ DO_OFFLINE=y
+ echo "DO_OFFLINE=y" >> config/user.conf
+ fi
fi
export MASTER_PUBLIC_KEY
-echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/taler-internal.conf
+
+
+say "Setting up exchange database"
+EXCHANGE_DB=talerexchange
+# Use "|| true" to continue if these already exist.
+sudo -i -u postgres createuser -d taler-exchange-httpd || true
+sudo -i -u postgres createuser taler-exchange-wire || true
+sudo -i -u postgres createuser taler-exchange-closer || true
+sudo -i -u postgres createuser taler-exchange-aggregator || true
+sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true
+
+echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u
postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO
\"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u
postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-wire\";" |
sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+
+echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i
-u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO
\"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u
postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-closer\";" |
sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+
+echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo
-i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO
\"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u
postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO
\"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
say "Configuring exchange"
if test ${ENABLE_TLS} = "y"
then
- export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}";
+ export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}/";
else
- export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}";
+ export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}/";
fi
-# Generate /etc/taler/conf.d/setup.conf
+# Generate /etc/taler/conf.d/setup.conf
echo -e "[taler]\n"\
"CURRENCY=${CURRENCY}\n"\
"CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n"\
"AML_THRESHOLD=${CURRENCY}:1000000\n"\
- "\n"\
- "[exchange]\n"\
+ "\n[exchange]\n"\
"MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n"\
- "MASTER_PRIV_FILE=${MASTER_PUBLIC_KEY}\n"\
"BASE_URL=${EXCHANGE_BASE_URL}\n"\
- "\n"\
- "[merchant-exchange-${DOMAIN_NAME}]\n"\
+ "\n[exchange-offline]\n"\
+ "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\
+ "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\
+ "\n[merchant-exchange-${DOMAIN_NAME}]\n"\
"MASTER_KEY=${MASTER_PUBLIC_KEY}\n"\
"CURRENCY=${CURRENCY}\n"\
"EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n"\
- "\n"\
- "[exchange-account-default]\n"\
+ "\n[exchange-account-default]\n"\
"PAYTO_URI=${EXCHANGE_PAYTO}\n"\
"ENABLE_DEBIT=YES\n"\
"ENABLE_CREDIT=YES\n"\
- "@inline-secret@ exchange-accountcredentials-default
../secrets/exchange-accountcredentials-default.secret.conf\n"
+ "@inline-secret@ exchange-accountcredentials-default
../secrets/exchange-accountcredentials-default.secret.conf\n" \
> /etc/taler/conf.d/setup.conf
+echo -e "[exchangedb-postgres]\n"\
+ "CONFIG=postgres:///${EXCHANGE_DB}\n"\
+ > /etc/taler/secrets/exchange-db.secret.conf
+chmod 440 /etc/taler/secrets/exchange-db.secret.conf
+chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
+
echo -e "[exchange-accountcredentials-default]\n"\
- "WIRE_GATEWAY_URL=${CURRENCY}\n"\
+ "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n"\
"WIRE_GATEWAY_AUTH_METHOD=basic\n"\
"USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n"\
"PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n"\
> /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chown taler-exchange-wire:taler-exchange-db
/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
taler-harness deployment gen-coin-config \
--min-amount ${CURRENCY}:0.01 \
--max-amount ${CURRENCY}:100 \
| sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \
- > /etc/taler/conf.d/${CURRENCY}-coins.conf
+ > /etc/taler/conf.d/${CURRENCY}-coins.conf
+
+
+# FIXME-DOLD: this belongs with taler-harness
+for SEC in `taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -S | grep
COIN-`
+do
+ taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -s $SEC -o CIPHER
-V "RSA"
+done
+
+say "Initializing exchange database"
+sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf
say "Launching exchange"
-systemctl enable --now taler-exchange
+systemctl enable --now taler-exchange.target
-echo -n "Waiting for exchange..."
+say "Waiting for exchange HTTP service (/config)..."
curl --max-time 2 \
--retry-connrefused \
--retry-delay 1 \
--retry 10 \
- ${EXCHANGE_BASE_URL}/config &> /dev/null
-echo "DONE"
+ ${EXCHANGE_BASE_URL}config &> /dev/null
+say "DONE"
-say "Offline interaction..."
+say "Waiting for exchange management keys (this may take a while)..."
+curl --max-time 30 \
+ --retry-delay 1 \
+ --retry 60 \
+ ${EXCHANGE_BASE_URL}management/keys &> /dev/null
+say "DONE"
-taler-exchange-offline \
- -c /etc/taler/taler.conf \
- download \
- sign \
- enable-account ${EXCHANGE_PAYTO} \
- wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \
- global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6y 0 \
- upload
+say "Offline interaction..."
+if test ${DO_OFFLINE} == y
+then
+ sudo -i -u taler-exchange-offline \
+ taler-exchange-offline \
+ -c /etc/taler/taler.conf \
+ download \
+ sign \
+ upload
+
+ sudo -i -u taler-exchange-offline \
+ taler-exchange-offline \
+ enable-account ${EXCHANGE_PAYTO} \
+ wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \
+ global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6a 0 \
+ upload
+fi
-echo -n "Waiting for exchange /keys..."
+say "Waiting for exchange /keys..."
curl --max-time 2 \
--retry-connrefused \
--retry-delay 1 \
--retry 10 \
- ${EXCHANGE_BASE_URL}/keys &> /dev/null
-echo "DONE"
+ ${EXCHANGE_BASE_URL}keys &> /dev/null
+say "DONE"
+
+say "Exchange setup finished"
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-deployment] branch master updated: revert Javier's patch,
gnunet <=