[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-grid5k] 14/48: various fixes for auditor
|
From: |
gnunet |
|
Subject: |
[taler-grid5k] 14/48: various fixes for auditor |
|
Date: |
Sat, 28 May 2022 12:11:34 +0200 |
This is an automated email from the git hooks/post-receive script.
marco-boss pushed a commit to branch master
in repository grid5k.
commit e54be671c3bd2e524cf00f85e582cd18f3819e9c
Author: Boss Marco <bossm8@bfh.ch>
AuthorDate: Thu May 12 17:55:25 2022 +0200
various fixes for auditor
---
configs/etc/taler/conf.d/auditor.conf | 2 +-
experiment/scripts/auditor.sh | 62 ++++++++++++++++++++++++++---------
experiment/scripts/createusers.sh | 12 +++++++
experiment/scripts/database.sh | 1 +
4 files changed, 60 insertions(+), 17 deletions(-)
diff --git a/configs/etc/taler/conf.d/auditor.conf
b/configs/etc/taler/conf.d/auditor.conf
index 7836769..c8d88b1 100644
--- a/configs/etc/taler/conf.d/auditor.conf
+++ b/configs/etc/taler/conf.d/auditor.conf
@@ -11,4 +11,4 @@ UNIXPATH = /var/run/taler/auditor-httpd/auditor.sock
[auditordb-postgres]
-CONFIG = <AUDITOR_DB_URL_HERE>
+CONFIG = postgresql://auditor
diff --git a/experiment/scripts/auditor.sh b/experiment/scripts/auditor.sh
index 2680fe6..e56b3d1 100644
--- a/experiment/scripts/auditor.sh
+++ b/experiment/scripts/auditor.sh
@@ -11,28 +11,56 @@ init:
Configure and start the auditor together with its database
"
+cd /tmp
+
function create_users() {
- for USER in auditor sync helper auditor-ingress auditor-wire offline; do
- add-user --disabled-password $USER
+ for USER in auditor sync helper auditor-ingress auditor-wire; do
+ adduser --quiet --home /tmp/${USER} ${USER} || true
done
}
function init_db() {
- createdb -O auditor-ingress exchange-ingress
- #createdb -O sync exchange-production
- createdb -O auditor auditor
- #createdb -O auditor-wire libeufin
+ echo "
+ listen_addresses='*'
+ wal_level = logical
+ " > /etc/postgresql/${POSTGRES_VERSION}/main/auditor.conf
- psql -d exchange-ingress -U auditor-ingress -tAc 'GRANT ALL ON ALL TABLES IN
SCHEMA public TO sync;'
- #psql -d exchange-prodution -U sync -tAc 'GRANT SELECT ON ALL TABLE IN
SCHEMA public TO auditor;'
- #psql -d libeufin -U auditor-wire -tAc 'GRANT SELECT ON ALL TABLE IN SCHEMA
public TO auditor;'
+ echo "
+ include = '/etc/postgresql/${POSTGRES_VERSION}/main/auditor.conf'
+ " >> /etc/postgresql/${POSTGRES_VERSION}/main/postgresql.conf
echo "
- listen_address='*'
- wal_level = logical
- " >> /etc/postgresql/${POSTGRES_VERSION}/main/auditor.conf
+ host all postgres 172.16.0.0/12 trust
+ " >> /etc/postgresql/${POSTGRES_VERSION}/main/pg_hba.conf
systemctl restart postgresql
+
+ su postgres << EOF
+psql postgres -tAc "DROP DATABASE IF EXISTS \"exchange-ingress\";"
+psql postgres -tAc "DROP DATABASE IF EXISTS \"auditor\";"
+psql postgres -tAc "SELECT 1 FROM pg_roles WHERE rolname='auditor-ingress'" | \
+ grep -q 1 || \
+ createuser auditor-ingress
+psql postgres -tAc "SELECT 1 FROM pg_roles WHERE rolname='auditor'" | \
+ grep -q 1 || \
+ createuser auditor
+psql postgres -tAc "SELECT 1 FROM pg_roles WHERE rolname='sync'" | \
+ grep -q 1 || \
+ createuser sync
+
+createdb -O auditor-ingress "exchange-ingress"
+createdb -O auditor "auditor"
+EOF
+
+ su auditor-ingress << EOF
+psql -d exchange-ingress -U auditor-ingress -tAc 'GRANT ALL ON ALL TABLES IN
SCHEMA public TO sync;'
+EOF
+
+ #createdb -O sync exchange-production
+ #createdb -O auditor-wire libeufin
+
+ #psql -d exchange-prodution -U sync -tAc 'GRANT SELECT ON ALL TABLE IN
SCHEMA public TO auditor;'
+ #psql -d libeufin -U auditor-wire -tAc 'GRANT SELECT ON ALL TABLE IN SCHEMA
public TO auditor;'
}
function setup_exchange_replication() {
@@ -59,9 +87,11 @@ function enable_webservice() {
function setup_config() {
+ rm -rf /var/lib/taler/auditor/*
+
setup_exchange_config_master_key_from_api
- PUB_KEY=$(sudo -u offline taler-auditor-offline setup)
+ PUB_KEY=$(sudo -u taler-auditor-offline taler-auditor-offline setup)
wait_for_keys ${EXCHANGE_GW_DOMAIN}
@@ -71,8 +101,8 @@ function setup_config() {
sudo -u auditor taler-auditor-dbinit
sudo -u auditor taler-auditor-exchange -m $(get_exchange_masterkey) -u
https://${EXCHANGE_GW_DOMAIN}/
sudo -u helper taler-auditor-offline download > input.json
- sudo -u offline taler-auditor-offline show < input.json
- sudo -u offline taler-audifor-offline sign < input.json > output.json
+ sudo -u taler-auditor-offline taler-auditor-offline show < input.json
+ sudo -u taler-auditor-offline taler-auditor-offline sign < input.json >
output.json
sudo -u helper taler-auditor-offline upload < output.json
enable_webservice
@@ -88,7 +118,7 @@ function init_auditor() {
case $1 in
init)
- if [[ "${PARTITION_DB}" == "true" ]];
+ if [[ "${PARTITION_DB}" == "true" ]]; then
init_auditor
else
echo "INFO: sharded DB not supported yet"
diff --git a/experiment/scripts/createusers.sh
b/experiment/scripts/createusers.sh
index 06044ed..8803356 100755
--- a/experiment/scripts/createusers.sh
+++ b/experiment/scripts/createusers.sh
@@ -30,6 +30,8 @@ AUDITCONFIG_FILE="/etc/default/taler-auditor"
AUDITTALER_HOME="/var/lib/taler-auditor"
AUDITUSERNAME=taler-auditor-httpd
AUDITGROUPNAME=taler-auditor-httpd
+AOUSERNAME=taler-auditor-offline
+AOGROUPNAME=taler-auditor-offline
# Create taler groups as needed
if ! getent group ${GROUPNAME} >/dev/null; then
@@ -133,6 +135,9 @@ if ! getent group ${AUDITGROUPNAME} >/dev/null; then
addgroup --quiet --system \
${AUDITGROUPNAME}
fi
+if ! getent group ${AOGROUPNAME} >/dev/null; then
+ addgroup --quiet --system ${AOGROUPNAME}
+fi
if ! getent passwd ${AUDITUSERNAME} >/dev/null; then
adduser --quiet --system \
@@ -147,5 +152,12 @@ if ! dpkg-statoverride --list
/etc/taler/secrets/auditor-db.secret.conf >/dev/nu
${AUDITUSERNAME} ${AUDITGROUPNAME} 660 \
/etc/taler/secrets/auditor-db.secret.conf
fi
+if ! getent passwd ${AOUSERNAME} >/dev/null; then
+ adduser --quiet --system \
+ --ingroup ${AOGROUPNAME} \
+ --no-create-home \
+ --home ${TALER_HOME} ${AOUSERNAME}
+fi
install -d /run/taler/auditor-httpd -m 0755 -o ${AUDITUSERNAME} -g
${AUDITGROUPNAME}
+install -d /var/lib/taler/auditor -m 0700 -o ${AOUSERNAME} -g ${AOGROUPNAME}
diff --git a/experiment/scripts/database.sh b/experiment/scripts/database.sh
index 3168a76..cc10e08 100755
--- a/experiment/scripts/database.sh
+++ b/experiment/scripts/database.sh
@@ -292,6 +292,7 @@ psql postgres -tAc "SELECT 1 FROM pg_roles WHERE
rolname='taler-exchange-httpd'"
createuser taler-exchange-httpd
psql -tAc "SELECT 1 FROM pg_database WHERE datname='${DB_NAME}'" | \
grep -q 1 || \
+
createdb -O taler-exchange-httpd "${DB_NAME}"
psql -tAc "CREATE EXTENSION IF NOT EXISTS pg_stat_statements"
EOF
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-grid5k] 02/48: nodejs must be installed manually, (continued)
- [taler-grid5k] 02/48: nodejs must be installed manually, gnunet, 2022/05/28
- [taler-grid5k] 01/48: add shard user and domain in taler config, gnunet, 2022/05/28
- [taler-grid5k] 05/48: bank log on different port, gnunet, 2022/05/28
- [taler-grid5k] 16/48: auditor added to exchange, gnunet, 2022/05/28
- [taler-grid5k] 04/48: fix permissions, gnunet, 2022/05/28
- [taler-grid5k] 09/48: update dashboards, gnunet, 2022/05/28
- [taler-grid5k] 19/48: logical replication implemented, gnunet, 2022/05/28
- [taler-grid5k] 06/48: fix promtail, gnunet, 2022/05/28
- [taler-grid5k] 11/48: add auditor config files, gnunet, 2022/05/28
- [taler-grid5k] 08/48: recognize bench3 in promtail, gnunet, 2022/05/28
- [taler-grid5k] 14/48: various fixes for auditor,
gnunet <=
- [taler-grid5k] 17/48: update, gnunet, 2022/05/28
- [taler-grid5k] 33/48: update bank, gnunet, 2022/05/28
- [taler-grid5k] 10/48: fix merchant, gnunet, 2022/05/28
- [taler-grid5k] 21/48: update, gnunet, 2022/05/28
- [taler-grid5k] 13/48: fix typo, gnunet, 2022/05/28
- [taler-grid5k] 07/48: drop loglines from fakebank when done, gnunet, 2022/05/28
- [taler-grid5k] 12/48: first auditor script steps, gnunet, 2022/05/28
- [taler-grid5k] 18/48: towards working replication, gnunet, 2022/05/28
- [taler-grid5k] 22/48: verified auditor, gnunet, 2022/05/28
- [taler-grid5k] 23/48: update auditor pg conf, gnunet, 2022/05/28