summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2021-08-03 10:53:24 +0200
committerChristian Grothoff <christian@grothoff.org>2021-08-03 10:53:24 +0200
commit4c8bc8a0d9e6ba9cdad8d589b29d47a912736563 (patch)
treefead1ca4cb4fb2a3fc3a5fa56dbb5d3fb4af1a5b
parentacc9e957e23083d3fd5b5b1630b6701308699f88 (diff)
downloaddocs-4c8bc8a0d9e6ba9cdad8d589b29d47a912736563.tar.gz
docs-4c8bc8a0d9e6ba9cdad8d589b29d47a912736563.tar.bz2
docs-4c8bc8a0d9e6ba9cdad8d589b29d47a912736563.zip
-add missing database setup instructions
-rw-r--r--taler-exchange-setup-guide.rst77
1 files changed, 69 insertions, 8 deletions
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst
index ab8da95..1d6e0b2 100644
--- a/taler-exchange-setup-guide.rst
+++ b/taler-exchange-setup-guide.rst
@@ -194,7 +194,15 @@ reasonable denomination structure.
taler-wallet-cli deployment gen-coin-config --currency EUR > /etc/taler/conf.d/exchange-coins.conf
-You can manually review and edit the generated configuration file.
+.. note::
+
+ FIXME: change tool to not take currency from configuration, but instead
+ to accept unit currency as the argument; (i.e. EUR:0.0025). Also take
+ another argument for how many denominations to generate (2^XX). Finally,
+ do use the unit currency as the default deposit fee.
+
+You can manually review and edit the generated configuration file. The main
+change that is possibly required is updating the various fees.
Wire Gateway Setup
@@ -245,8 +253,12 @@ The Wire Gateway configuration can be tested with the following command:
.. code-block:: shell-session
- [root@exchange-online]# taler-exchange-wire-gateway-client --section exchange-account-1 --debit-history
- [root@exchange-online]# taler-exchangewire-gateway-client --section exchange-account-1 --credit-history
+ [root@exchange-online]# taler-exchange-wire-gateway-client \
+ --section exchange-account-1 --debit-history
+ [root@exchange-online]# taler-exchange-wire-gateway-client \
+ --section exchange-account-1 --credit-history
+
+
Exchange Database Setup
=======================
@@ -262,6 +274,51 @@ The following users must have access to the exchange database:
* taler-exchange-aggregator
* taler-exchange-closer
+These users are all in the taler-exchange-db group, and the
+``exchange-db.secret.conf`` is should already be only readable by users in
+this group.
+
+To create a database for the Taler exchange on the local system, run:
+
+.. code-block:: shell-session
+
+ [root@exchange-onlie]# su - postgres
+ [postgres@exchange-online]# createuser taler-exchange-httpd
+ [postgres@exchange-online]# createuser taler-exchange-wire
+ [postgres@exchange-online]# createuser taler-exchange-aggregator
+ [postgres@exchange-online]# createuser taler-exchange-closer
+ [postgres@exchange-online]# createdb -O taler-exchange-httpd taler-exchange
+ [postgres@exchange-online]# exit
+
+This will create a ``taler-exchange`` database owned by the
+``taler-exchange-httpd`` user. We will use that user later to perform
+database maintenance operations.
+
+Next, we need to grant the other accounts limited access:
+
+.. code-block:: shell-session
+
+ [root@exchange-onlie]# echo 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO "taler-exchange-aggregator";' \
+ | sudo -u taler-exchange-httpd psql taler-exchange
+ [root@exchange-onlie]# echo 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO "taler-exchange-closer";' \
+ | sudo -u taler-exchange-httpd psql taler-exchange
+ [root@exchange-onlie]# echo 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO "taler-exchange-wire";' \
+ | sudo -u taler-exchange-httpd psql taler-exchange
+
+
+Assuming the above database setup, the database credentials to configure
+in the configuration file would simply be:
+
+.. code-block:: ini
+ :caption: /etc/taler/secrets/exchange-db.secret.conf
+
+ [exchangedb-postgres]
+ CONFIG=postgres:///taler-exchange
+
+
+If the database is run on a different host, please follow the instructions
+from the Postgres manual for configuring remote access.
+
After configuring the database credentials, the exchange database needs
to be initialized with the following command:
@@ -302,7 +359,7 @@ Exchange Web service / API Setup
================================
By default, the ``taler-exchange-httpd`` service listens for HTTP connections
-on a unix domain socket. To make the service publicly available, a reverse
+on a UNIX domain socket. To make the service publicly available, a reverse
proxy such as nginx should be used. We strongly recommend to configure nginx
to use TLS.
@@ -369,11 +426,15 @@ steps involving the offline signing machine must be completed:
.. code-block:: shell-session
- [root@exchange-online]# taler-exchange-offline download > sig-request.json
+ [root@exchange-online]# taler-exchange-offline \
+ download > sig-request.json
- [root@exchange-offline]# taler-exchange-offline sign > sig-response.json
- [root@exchange-offline]# taler-exchange-offline enable-account payto://sepa/$IBAN > acct-response.json
- [root@exchange-offline]# taler-exchange-offline enable-account wire-fee 2021 sepa EUR:0 EUR:0 > fee-response.json
+ [root@exchange-offline]# taler-exchange-offline \
+ sign < sig-request.json > sig-response.json
+ [root@exchange-offline]# taler-exchange-offline \
+ enable-account payto://sepa/$IBAN > acct-response.json
+ [root@exchange-offline]# taler-exchange-offline \
+ enable-account wire-fee 2021 sepa EUR:0 EUR:0 > fee-response.json
[root@exchange-online]# taler-exchange-offline upload < sig-response.json
[root@exchange-online]# taler-exchange-offline upload < acct-response.json