diff options
author | Christian Grothoff <christian@grothoff.org> | 2021-06-26 13:24:09 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2021-06-26 13:24:09 +0200 |
commit | 7f79142cbd08755cc022b83376e640c6a7c6ae04 (patch) | |
tree | ead5d2d1ee967f375dc2cb491a9347a4d5affdaf /taler-auditor-manual.rst | |
parent | d091e0ffd6f3847b2391f77ebf5cec6711d027c4 (diff) | |
download | docs-7f79142cbd08755cc022b83376e640c6a7c6ae04.tar.gz docs-7f79142cbd08755cc022b83376e640c6a7c6ae04.tar.bz2 docs-7f79142cbd08755cc022b83376e640c6a7c6ae04.zip |
update auditor documentation
Diffstat (limited to 'taler-auditor-manual.rst')
-rw-r--r-- | taler-auditor-manual.rst | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst index 96c39d26..05ec782a 100644 --- a/taler-auditor-manual.rst +++ b/taler-auditor-manual.rst @@ -618,6 +618,61 @@ replicate schema changes), ``taler-exchange-dbinit`` can be used to migrate the schema(s) in both the ingres and production copies of the exchange's database as well. +On the exchange side, a database user must be created that has the right +to perform database replication. This is done using: + +.. code-block:: console + + # As the 'postgres' user of the exchange: + $ createuser --replication egress + $ echo "ALTER ROLE egress WITH PASSWORD '$PASSWORD'; | psql + $ echo "CREATE PUBLICATION $NAME FOR ALL TABLES;" | psql taler-exchange + +The exchange must share the password of the publication with the auditor. A +good ``$NAME`` relates to the auditor's buisness unit name. A secure tunnel +must be setup between the exchange and the auditor, for example using SSH or +Wireguard. + +It is also necessary to edit ``main.cf`` of the exchange and on the auditor +side to enable logical replication. If an exchange has multiple auditors, it +should setup multiple ``egress`` accounts. The exchange must ensure that +the following lines are in the ``main.cf`` Postgres configuaration (the port +may differ) to enable replication over the network: + +.. code-block:: + + listen_addresses='*' + port = 5432 + wal_level= logical + +Equally, the auditor must configure logical replication in the ``main.cf`` +Postgres configuaration: + +.. code-block:: + + wal_level= logical + +Next, the ``postgres`` user of the auditor's system must first initialize the +local tables: + +.. code-block:: console + + # As the 'ingress' user of the exchange: + $ taler-config -s exchange -o DB -V "postgres" + $ taler-config -s exchangedb-postgres -o CONFIG -V "postgres:///taler-ingress" + $ taler-exchange-dbinit + +To complete the replication, the ``postgres`` user of the auditor's +system must subscribe: + +.. code-block:: console + + # As the 'postgres' user of the exchange: + $ createuser --replication egress + $ echo "ALTER ROLE egress WITH PASSWORD '$PASSWORD'; | psql + $ echo "CREATE PUBLICATION $NAME FOR ALL TABLES;" | psql taler-exchange + + For details, we refer to the Postgres manual. .. note:: |