diff options
author | MS <ms@taler.net> | 2021-08-05 02:31:43 -1100 |
---|---|---|
committer | MS <ms@taler.net> | 2021-08-05 02:31:43 -1100 |
commit | 906a900c0ac8ab32ce2b238315da017c34fe27dd (patch) | |
tree | 156a9d168be2c502a71fae02024d0f9732de0b80 | |
parent | fc5c254a18869fd112aaf8ae950caf24c4bbc4d4 (diff) | |
download | docs-906a900c0ac8ab32ce2b238315da017c34fe27dd.tar.gz docs-906a900c0ac8ab32ce2b238315da017c34fe27dd.tar.bz2 docs-906a900c0ac8ab32ce2b238315da017c34fe27dd.zip |
FIXMEs to exchange setup guide.
-rw-r--r-- | taler-exchange-setup-guide.rst | 41 |
1 files changed, 34 insertions, 7 deletions
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst index da970d68..b50a2f80 100644 --- a/taler-exchange-setup-guide.rst +++ b/taler-exchange-setup-guide.rst @@ -69,6 +69,10 @@ and that the ``gnupg`` package has been installed. [root@exchange-online]# apt-get upgrade [root@exchange-online]# apt-get install -y gnupg +.. + FIXME: gnupg is a Ubuntu 20.04 default package. The third command above + might be removed then. + Next, add the ``focal-fossa`` apt repository provided by Taler Systems S.A. to your package sources: @@ -86,6 +90,10 @@ signing key to your list of trusted keys and update the package index: [root@exchange-online]# wget -O - https://taler.net/taler-systems.gpg.key | apt-key add - [root@exchange-online]# apt-get update +.. + FIXME: this happens after the update. + N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://deb.taler.net/apt/ubuntu focal-fossa InRelease' doesn't support architecture 'i386' + Finally, the required packages can be installed: @@ -127,6 +135,10 @@ directive and should end with ``.secret.conf``. To view the entire configuration annotated with the source of each configuration option, you can use the ``taler-config`` helper: +.. + FIXME: mostly all the configuration files are owned root:root. Is that wanted? + Wasn't taler-exchange-httpd supposed to own those? + .. code-block:: shell-session [root@exchange-online]# taler-config --diagnostics @@ -166,6 +178,10 @@ The exchange setup uses the following system groups: * taler-exchange-secmod: group for processes with access to online signing keys, so taler-exchange-secmod-rsa, taler-exchange-secmod-eddsa and taler-exchange-httpd * taler-exchange-offline: group for the access to the offline private key (only used on the offline host and not used on the online system) +.. + FIXME: "taler-exchange-secmod: group for processes with access to online signing keys, so taler-exchange-secmod-rsa, taler-exchange-secmod-eddsa and taler-exchange-httpd .... what?" Seems that this sentence lacks conclusion. + + The package will deploy systemd service files in ``/usr/lib/systemd/system/`` for the various components: @@ -252,10 +268,13 @@ Wire Gateway Setup The Taler Wire Gateway is an API that connects the Taler exchange to the underlying core banking system. -LibEuFin is an implementation of the Wire Gateway API for the EBICS. +LibEuFin is an implementation of the Wire Gateway API for the EBICS protocol. Please follow the setup instructions in ??? to set up a Taler Wire Gateway with LibEuFin for an EBICS bank account. +.. + FIXME: replace ??? above with actual link. + The exchange must be configured with the right settings to access the Taler Wire Gateway. An exchange can be configured to use multiple bank accounts by using multiple Wire Gateways. @@ -328,7 +347,7 @@ The following users must have access to the exchange database: * taler-exchange-closer These users are all in the taler-exchange-db group, and the -``exchange-db.secret.conf`` is should already be only readable by users in +``exchange-db.secret.conf`` should already be only readable by users in this group. To create a database for the Taler exchange on the local system, run: @@ -364,6 +383,11 @@ Next, we need to grant the other accounts limited access: [root@exchange-onlie]# echo 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-wire";' \ | sudo -u taler-exchange-httpd psql taler-exchange +.. + FIXME: the above commands do work, except that they produce a eye-unfriendly "cannot change to /root directory" + message after the execution. This might be avoided by first getting a shell as the taler-exchange-httpd user + and then run the SQL statements. + Assuming the above database setup, the database credentials to configure in the configuration file would simply be: @@ -402,7 +426,7 @@ The responsibilities of this offline signing machine are: [root@exchange-offline]# sudo -u taler-exchange-offline taler-exchange-offline setup < ... prints the exchange master public key > -The public key printed as the output of this command should must be put into the configuration +The public key printed as the output of this command must be put into the configuration of the online machine: .. code-block:: ini @@ -456,10 +480,10 @@ The exchange HTTP service can now be started: .. note:: - At this point, the exchange service not yet fully operational. + At this point, the exchange service is not yet fully operational. -To check whether the exchange is running correctly under the advertise +To check whether the exchange is running correctly under the advertised base URL, run: .. code-block:: shell-session @@ -481,7 +505,7 @@ steps involving the offline signing machine must be completed: Additionally, the offline signing system signs policy messages to configure the exchange's bank accounts and associated fees. 3. The messages generated by the offline signing system are uploaded - to via the management API of the exchange HTTP service. + via the management API of the exchange HTTP service. .. code-block:: shell-session @@ -495,7 +519,7 @@ steps involving the offline signing machine must be completed: enable-account payto://sepa/$IBAN > acct-response.json [root@exchange-offline]# taler-exchange-offline \ enable-account wire-fee 2021 sepa EUR:0 EUR:0 > fee-response.json - + # FIXME: 'enable-account' above seems wrong. [root@exchange-online]# taler-exchange-offline upload < sig-response.json [root@exchange-online]# taler-exchange-offline upload < acct-response.json [root@exchange-online]# taler-exchange-offline upload < fee-response.json @@ -528,6 +552,9 @@ a merchant backend is not required, as the wallet acts as a merchant. # Check whether the exchange received an incoming bank transfer [root@exchange-online]# taler-exchangewire-gateway-client --section exchange-account-1 --credit-history + # FIXME: this one above fails, complaining that the section's name doesn't begin with `exchange-accountcredentials-` + # Blocks also the further steps from being taken. Should the include in line 33 point inside the "secrets" directory? + # https://git.taler.net/exchange.git/tree/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf?id=289b816e1cd1a56a0b82582b69bff22c55e6b8a0 # Once the transfer has been made, try completing the withdrawal $ taler-wallet-cli run-pending |