[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-grid5k] 12/48: first auditor script steps
From: |
gnunet |
Subject: |
[taler-grid5k] 12/48: first auditor script steps |
Date: |
Sat, 28 May 2022 12:11:32 +0200 |
This is an automated email from the git hooks/post-receive script.
marco-boss pushed a commit to branch master
in repository grid5k.
commit 9a5b5514d47ca75751c85c06ffc71f45b5f38180
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Thu May 12 16:33:21 2022 +0200
first auditor script steps
---
additional/rspecs/taler.minial.rspec | 11 ++++-
experiment/env | 2 +-
experiment/scripts/auditor.sh | 79 +++++++++++++++++++++++++++++++++++-
experiment/scripts/createusers.sh | 27 ++++++++++++
experiment/scripts/helpers.sh | 17 +++++---
experiment/scripts/run.sh | 4 ++
6 files changed, 129 insertions(+), 11 deletions(-)
diff --git a/additional/rspecs/taler.minial.rspec
b/additional/rspecs/taler.minial.rspec
index f18357b..c5e6f5e 100644
--- a/additional/rspecs/taler.minial.rspec
+++ b/additional/rspecs/taler.minial.rspec
@@ -1,5 +1,5 @@
<?xml version='1.0'?>
-<rspec xmlns="http://www.geni.net/resources/rspec/3" type="request"
generated_by="jFed RSpec Editor" generated="2022-04-02T11:14:04.525+02:00"
xmlns:emulab="http://www.protogeni.net/resources/rspec/ext/emulab/1"
xmlns:delay="http://www.protogeni.net/resources/rspec/ext/delay/1"
xmlns:jfed-command="http://jfed.iminds.be/rspec/ext/jfed-command/1"
xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1"
xmlns:jfed-ssh-keys="http://jfed.iminds.be/rspec/ext/jfed-ssh-keys/1" xmlns:
[...]
+<rspec xmlns="http://www.geni.net/resources/rspec/3" type="request"
generated_by="jFed RSpec Editor" generated="2022-05-12T16:28:28.643+02:00"
xmlns:emulab="http://www.protogeni.net/resources/rspec/ext/emulab/1"
xmlns:delay="http://www.protogeni.net/resources/rspec/ext/delay/1"
xmlns:jfed-command="http://jfed.iminds.be/rspec/ext/jfed-command/1"
xmlns:client="http://www.protogeni.net/resources/rspec/ext/client/1"
xmlns:jfed-ssh-keys="http://jfed.iminds.be/rspec/ext/jfed-ssh-keys/1" xmlns:
[...]
<node client_id="DB" exclusive="true"
component_manager_id="urn:publicid:IDN+am.grid5000.fr+authority+am">
<sliver_type name="raw-pc">
<disk_image
name="http://public.lille.grid5000.fr/~bfhch01/taler-debian11.dsc"/>
@@ -42,4 +42,11 @@
<hardware_type name="dahu-grenoble"/>
<location xmlns="http://jfed.iminds.be/rspec/ext/jfed/1" x="458.0"
y="109.5"/>
</node>
-</rspec>
+ <node client_id="Auditor" exclusive="true"
component_manager_id="urn:publicid:IDN+am.grid5000.fr+authority+am">
+ <sliver_type name="raw-pc">
+ <disk_image
name="http://public.lille.grid5000.fr/~bfhch01/taler-debian11.dsc"/>
+ </sliver_type>
+ <hardware_type name="dahu-grenoble"/>
+ <location xmlns="http://jfed.iminds.be/rspec/ext/jfed/1" x="463.5"
y="198.5"/>
+ </node>
+</rspec>
\ No newline at end of file
diff --git a/experiment/env b/experiment/env
index 1a7f42e..82eb443 100644
--- a/experiment/env
+++ b/experiment/env
@@ -8,7 +8,7 @@
# (used to determine which script to execute in run.sh)
# Wallets are not needed explicitely since they can (and will be)
# exported as a wildcard (*).
-NODES="Bank DB DNS Exchange Aggregator Closer Transfer Wirewatch Merchant
Monitor EProxy Shard"
+NODES="Bank DB DNS Exchange Aggregator Closer Transfer Wirewatch Auditor
Merchant Monitor EProxy Shard"
# DNS Zone to setup inside the grid for the experiment
DNS_ZONE=perf.taler
diff --git a/experiment/scripts/auditor.sh b/experiment/scripts/auditor.sh
index 850a69c..2680fe6 100644
--- a/experiment/scripts/auditor.sh
+++ b/experiment/scripts/auditor.sh
@@ -11,13 +11,88 @@ init:
Configure and start the auditor together with its database
"
+function create_users() {
+ for USER in auditor sync helper auditor-ingress auditor-wire offline; do
+ add-user --disabled-password $USER
+ done
+}
+
+function init_db() {
+ createdb -O auditor-ingress exchange-ingress
+ #createdb -O sync exchange-production
+ createdb -O auditor auditor
+ #createdb -O auditor-wire libeufin
+
+ psql -d exchange-ingress -U auditor-ingress -tAc 'GRANT ALL ON ALL TABLES IN
SCHEMA public TO sync;'
+ #psql -d exchange-prodution -U sync -tAc 'GRANT SELECT ON ALL TABLE IN
SCHEMA public TO auditor;'
+ #psql -d libeufin -U auditor-wire -tAc 'GRANT SELECT ON ALL TABLE IN SCHEMA
public TO auditor;'
+
+ echo "
+ listen_address='*'
+ wal_level = logical
+ " >> /etc/postgresql/${POSTGRES_VERSION}/main/auditor.conf
+
+ systemctl restart postgresql
+}
+
+function setup_exchange_replication() {
+ sudo -u auditor-ingress << EOF
+ taler-config -s exchange -o DB -V "postgres"
+ taler-config -s exchangedb-postgres -o CONFIG -V
"postgres:///exchange-ingress"
+ taler-exchange-dbinit
+EOF
+
+ sudo -u postgres << EOF
+ createuser --replication egress
+ psql -tAc "ALTER ROLE egress WITH PASSWORD '${DB_PASSWORD}';
+ psql -d taler-exchange -tAc "CREATE REPLICATION taler-perf FOR ALL TABLES;
+EOF
+}
+
+# Start the auditor httpd and the nginx proxy
+function enable_webservice() {
+ create_cert "${NODE_NAME}.${DNS_ZONE}" "/etc/ssl/auditor"
+ ln -sf /etc/nginx/sites-available/auditor /etc/nginx/sites-enabled/auditor
+ systemctl restart taler-auditor-httpd \
+ nginx
+}
+
+function setup_config() {
+
+ setup_exchange_config_master_key_from_api
+
+ PUB_KEY=$(sudo -u offline taler-auditor-offline setup)
+
+ wait_for_keys ${EXCHANGE_GW_DOMAIN}
+
+ sed -i -e "s/<AUDITOR_PUB_KEY_HERE>/${PUB_KEY}/g" \
+ /etc/taler/conf.d/auditor.conf
+
+ sudo -u auditor taler-auditor-dbinit
+ sudo -u auditor taler-auditor-exchange -m $(get_exchange_masterkey) -u
https://${EXCHANGE_GW_DOMAIN}/
+ sudo -u helper taler-auditor-offline download > input.json
+ sudo -u offline taler-auditor-offline show < input.json
+ sudo -u offline taler-audifor-offline sign < input.json > output.json
+ sudo -u helper taler-auditor-offline upload < output.json
+
+ enable_webservice
+
+ setup_exchange_replication
+}
+
function init_auditor() {
- echo "TBD"
+ create_users
+ init_db
+ setup_config
}
case $1 in
init)
- init_auditor
+ if [[ "${PARTITION_DB}" == "true" ]];
+ init_auditor
+ else
+ echo "INFO: sharded DB not supported yet"
+ fi
;;
*)
taler_perf_help $0 "$INFO_MSG" "$OPT_MSG"
diff --git a/experiment/scripts/createusers.sh
b/experiment/scripts/createusers.sh
index 3f8d8eb..e1f97fe 100755
--- a/experiment/scripts/createusers.sh
+++ b/experiment/scripts/createusers.sh
@@ -26,6 +26,11 @@ WIREUSERNAME=taler-exchange-wire
MERCHUSERNAME=taler-merchant-httpd
MERCHGROUPNAME=www-data
+AUDITCONFIG_FILE="/etc/default/taler-auditor"
+ADUITTALER_HOME="/var/lib/taler-auditor"
+AUDITUSERNAME=taler-auditor-httpd
+AUDITGROUPNAME=taler-auditor-httpd
+
# Create taler groups as needed
if ! getent group ${GROUPNAME} >/dev/null; then
addgroup --quiet --system ${GROUPNAME}
@@ -122,3 +127,25 @@ if ! dpkg-statoverride --list
/etc/taler/secrets/merchant-db.secret.conf >/dev/n
${MERCHUSERNAME} root 460 \
/etc/taler/secrets/merchant-db.secret.conf
fi
+
+# Auditor
+if ! getent group ${AUDITGROUPNAME} >/dev/null; then
+ addgroup --quiet --system \
+ ${AUDITGROUPNAME}
+fi
+
+if ! getent passwd ${AUDITUSERNAME} >/dev/null; then
+ adduser --quiet --system \
+ --ingroup ${AUDITGROUPNAME} \
+ --no-create-home \
+ --home ${AUDITTALER_HOME} \
+ ${AUDITUSERNAME}
+fi
+
+if ! dpkg-statoverride --list /etc/taler/secrets/auditor-db.secret.conf
>/dev/null 2>&1; then
+ dpkg-statoverride --add --update \
+ ${AUDITUSERNAME} ${AUDITGROUPNAME} 660 \
+ /etc/taler/secrets/auditor-db.secret.conf
+fi
+
+install -d /run/taler/auditor-httpd -m 0755 -o ${AUDITUSERNAME} -g
${AUDITGROUPNAME}
diff --git a/experiment/scripts/helpers.sh b/experiment/scripts/helpers.sh
index 2388bd1..c6c4456 100755
--- a/experiment/scripts/helpers.sh
+++ b/experiment/scripts/helpers.sh
@@ -112,6 +112,16 @@ function setup_rsyslog_for_nginx() {
/etc/rsyslog.conf
}
+# Get the exchanges master public key via the primary exchanges API
+function get_exchange_masterkey() {
+ MASTER_KEY=$(
+ curl -k -f \
+ "${PRIMARY_EXCHANGE}:10000/keys" \
+ | jq -r '.master_public_key'
+ )
+ echo "${MASTER_KEY}"
+}
+
# Setup taler.conf for aggregator etc. with downloading the
# master public key from the exchange API
@@ -121,12 +131,7 @@ function setup_exchange_config_master_key_from_api() {
wait_for_keys "${PRIMARY_EXCHANGE}:10000"
- MASTER_KEY=$(
- curl -k -f \
- "${PRIMARY_EXCHANGE}:10000/keys" \
- | jq -r '.master_public_key'
- )
-
+ MASTER_KEY=$(get_exchange_masterkey)
sed -i -e "s/<MASTER_KEY_HERE>/${MASTER_KEY}/g" \
/etc/taler/conf.d/exchange-business.conf
diff --git a/experiment/scripts/run.sh b/experiment/scripts/run.sh
index 9b181a5..c21fa77 100644
--- a/experiment/scripts/run.sh
+++ b/experiment/scripts/run.sh
@@ -69,6 +69,10 @@ elif [[ "${HOSTNAME}" =~ ${WIREWATCH_HOSTS} ]]; then
enable_logrotate
enable_netdelay db.${DNS_ZONE}
exec ~/scripts/exchange-wirewatch.sh init
+elif [[ "${HOSTNAME}" =~ ${AUDITOR_HOSTS} ]]; then
+ setup_log
+ enable_logrotate
+ exec ~/scripts/auditor.sh init
elif [[ "${HOSTNAME}" =~ ${MERCHANT_HOSTS} ]]; then
setup_log
enable_logrotate
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-grid5k] 06/48: fix promtail, (continued)
- [taler-grid5k] 06/48: fix promtail, gnunet, 2022/05/28
- [taler-grid5k] 11/48: add auditor config files, gnunet, 2022/05/28
- [taler-grid5k] 08/48: recognize bench3 in promtail, gnunet, 2022/05/28
- [taler-grid5k] 14/48: various fixes for auditor, gnunet, 2022/05/28
- [taler-grid5k] 17/48: update, gnunet, 2022/05/28
- [taler-grid5k] 33/48: update bank, gnunet, 2022/05/28
- [taler-grid5k] 10/48: fix merchant, gnunet, 2022/05/28
- [taler-grid5k] 21/48: update, gnunet, 2022/05/28
- [taler-grid5k] 13/48: fix typo, gnunet, 2022/05/28
- [taler-grid5k] 07/48: drop loglines from fakebank when done, gnunet, 2022/05/28
- [taler-grid5k] 12/48: first auditor script steps,
gnunet <=
- [taler-grid5k] 18/48: towards working replication, gnunet, 2022/05/28
- [taler-grid5k] 22/48: verified auditor, gnunet, 2022/05/28
- [taler-grid5k] 23/48: update auditor pg conf, gnunet, 2022/05/28
- [taler-grid5k] 15/48: further changes, gnunet, 2022/05/28
- [taler-grid5k] 20/48: add auditor in db monitoring, gnunet, 2022/05/28
- [taler-grid5k] 37/48: custom metrics of postgres exporter only work when selecting a db in the url, gnunet, 2022/05/28
- [taler-grid5k] 45/48: update dashboards, gnunet, 2022/05/28
- [taler-grid5k] 38/48: add relabel to prometheus, gnunet, 2022/05/28
- [taler-grid5k] 35/48: wallet build broken, gnunet, 2022/05/28
- [taler-grid5k] 48/48: integrate final changes from setup, gnunet, 2022/05/28