diff options
| author | Florian Dold <florian@dold.me> | 2023-10-16 23:25:39 +0200 |
|---|---|---|
| committer | Florian Dold <florian@dold.me> | 2023-10-16 23:25:39 +0200 |
| commit | ab0ecdcb303a4f759a0d4ffdc2723e89e0b1cdff (patch) | |
| tree | 3cdc14c8d23781ee4f1b99080212b799184ff882 | |
| parent | a44f235aaa876d02567d21535ec6831f5022c875 (diff) | |
| download | deployment-ab0ecdcb303a4f759a0d4ffdc2723e89e0b1cdff.tar.gz deployment-ab0ecdcb303a4f759a0d4ffdc2723e89e0b1cdff.tar.bz2 deployment-ab0ecdcb303a4f759a0d4ffdc2723e89e0b1cdff.zip | |
WIP
| -rw-r--r-- | sandcastle-ng/README.md | 19 | ||||
| -rwxr-xr-x | sandcastle-ng/scripts/setup-sandcastle.sh | 19 |
2 files changed, 28 insertions, 10 deletions
diff --git a/sandcastle-ng/README.md b/sandcastle-ng/README.md index f52045d..e1fb819 100644 --- a/sandcastle-ng/README.md +++ b/sandcastle-ng/README.md @@ -59,6 +59,8 @@ All persistent data is stored in a podman volume called talerdata. You can see where it is in your filesystem by running ``podman volume inspect talerdata``. +That volume also contains the postgres database files. + # Provisioning Details @@ -73,12 +75,27 @@ To run the container without any automatic provisioning, run ``./sandcastle-run You can always manually run the script inside the container as ``/scripts/setup-sandcastle.sh``. +# Neat Things That Already Work + +* Rebulding the base image is incremental, since we use layers. If the tag + of the exchange is changed, only the exchange and components that depend + on it are rebuilt. +* Inside the container, the service names resolve to localhost, + and on localhost a reverse proxy with locally signed certificates + ensures that services can talk to each other *within* the container + by using their *public* base URL. + + # Future Extensions -* more self-tests using the wallet CLI +* Do self-tests of the deployment using the wallet CLI * Running the auditor * Running a currency conversion setup with multiple libeufin-bank instances * Allow a localhost-only, non-tls setup for being able to access a non-tls Taler deployment on the podman host. * Instead of exposing HTTP ports, we could expose everything via unix domain sockets, avoiding port collision problems. +* To improve performance, allow connecting to an external database +* Make it easy to import and export the persistent data +* Extra tooling to checkpoint images/containers to revert to a previous + state quickly. diff --git a/sandcastle-ng/scripts/setup-sandcastle.sh b/sandcastle-ng/scripts/setup-sandcastle.sh index 099238f..e694875 100755 --- a/sandcastle-ng/scripts/setup-sandcastle.sh +++ b/sandcastle-ng/scripts/setup-sandcastle.sh @@ -19,12 +19,22 @@ echo "Provisioning sandcastle" # General configuration. # Might eventually be moved to an external file. + CURRENCY=KUDOS EXCHANGE_IBAN=DE159593 EXCHANGE_PLAIN_PAYTO=payto://iban/$EXCHANGE_IBAN EXCHANGE_FULL_PAYTO="payto://iban/$EXCHANGE_IBAN?receiver-name=Sandcastle+Echange+Inc" EXCHANGE_BANK_PASSWORD=sandbox +MYDOMAIN=taler.fdold.eu +LANDING_DOMAIN=$MYDOMAIN +BANK_DOMAIN=bank.$MYDOMAIN +EXCHANGE_DOMAIN=exchange.$MYDOMAIN +MERCHANT_DOMAIN=backend.$MYDOMAIN +BLOG_DOMAIN=shop.$MYDOMAIN +DONATIONS_DOMAIN=donations.$MYDOMAIN +SURVEY_DOMAIN=survey.$MYDOMAIN + # Ports of the services running inside the container. # Should be synchronized with the sandcastle-run script. PORT_INTERNAL_EXCHANGE=8201 @@ -85,15 +95,6 @@ lift_dir /var/lib/postgresql var-lib-postgresql systemctl stop caddy.service -MYDOMAIN=demo.taler.net -LANDING_DOMAIN=$MYDOMAIN -BANK_DOMAIN=bank.$MYDOMAIN -EXCHANGE_DOMAIN=exchange.$MYDOMAIN -MERCHANT_DOMAIN=backend.$MYDOMAIN -BLOG_DOMAIN=shop.$MYDOMAIN -DONATIONS_DOMAIN=donations.$MYDOMAIN -SURVEY_DOMAIN=survey.$MYDOMAIN - cat <<EOF > /etc/caddy/Caddyfile https://$BANK_DOMAIN { tls internal |