diff options
Diffstat (limited to 'taler-auditor-manual.rst')
-rw-r--r-- | taler-auditor-manual.rst | 72 |
1 files changed, 44 insertions, 28 deletions
diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst index e7aecb84..94e86a8d 100644 --- a/taler-auditor-manual.rst +++ b/taler-auditor-manual.rst @@ -17,8 +17,13 @@ @author Christian Grothoff -GNU Taler Auditor Operator Manual -################################# +Auditor Operator Manual +####################### + +.. contents:: Table of Contents + :depth: 1 + :local: + Introduction ============ @@ -29,14 +34,7 @@ to become readable. About GNU Taler --------------- -GNU Taler is an open protocol for an electronic payment system with a -free software reference implementation. GNU Taler offers secure, fast -and easy payment processing using well understood cryptographic -techniques. GNU Taler allows customers to remain anonymous, while -ensuring that merchants can be held accountable by governments. Hence, -GNU Taler is compatible with anti-money-laundering (AML) and -know-your-customer (KYC) regulation, as well as data protection -regulation (such as GDPR). +.. include:: frags/about-taler.rst About this manual @@ -316,9 +314,6 @@ This section discusses configuration options related to the auditor. .. include:: frags/configuration-format.rst -.. include:: frags/using-taler-config.rst - - .. _SetupBaseUrl: Initial configuration @@ -327,10 +322,11 @@ Initial configuration You need to tell the Taler auditor configuration where the REST API of the auditor will be available to the public: -.. code-block:: console +.. code-block:: ini # Both for the 'offline' *and* the 'auditor' user: - $ taler-config -s auditor -o BASE_URL -V https://auditor.example.com/ + [auditor] + BASE_URL = https://auditor.example.com/ The ``helper`` user that is used to download information from the exchange needs to know details about the exchange. Similarly, the ``offline`` user @@ -339,11 +335,12 @@ need to obtain the ``MASTER_PUBLIC_KEY`` from the exchange operator (they need to run ``taler-exchange-offline setup``) and the REST endpoint of the exchange and configure these: -.. code-block:: console +.. code-block:: ini # As the 'helper' and 'offline' users: - $ taler-config -s exchange -o BASE_URL -V https://exchange.example.com/ - $ taler-config -s exchange -o MASTER_PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE + [exchange] + BASE_URL = https://exchange.example.com/ + MASTER_PUBLIC_KEY = $SOMELONGBASE32VALUEHERE .. _AuditorKeys: @@ -379,10 +376,11 @@ of the ``auditor`` user in the ``[auditor]]`` configuration section: You can set this configuration value using: -.. code-block:: console +.. code-block:: ini # As the 'auditor' and 'helper' users: - $ taler-config -s auditor -o PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE + [auditor] + PUBLIC_KEY = $SOMELONGBASE32VALUEHERE .. _AuditorServing: @@ -464,6 +462,12 @@ used when configuring the exchange' database: CONFIG = postgres:///exchangedemo +Legal conditions for using the service +-------------------------------------- + +.. include:: frags/legal.rst + + .. _AuditorDeployment: Deployment @@ -583,7 +587,7 @@ The next key step for the auditor is to configure replication of the *exchange*'s database in-house. This should be performed in two steps as illustrated in the following figure: -.. image:: replication.png +.. image:: images/replication.png First, the exchange should use standard PostgreSQL replication features to enable the auditor to obtain a full copy of the exchange's database. @@ -659,11 +663,17 @@ PostgreSQL configuration: Next, the ``postgres`` user of the auditor's system must first initialize the local tables: +.. code-block:: ini + + # Configure database: + [exchange] + DB = "postgres" + [exchangedb-postgres] + CONFIG = "postgres:///taler-ingress" + .. code-block:: console # As the 'ingress' user of the exchange: - $ taler-config -s exchange -o DB -V "postgres" - $ taler-config -s exchangedb-postgres -o CONFIG -V "postgres:///taler-ingress" $ taler-exchange-dbinit To complete the replication, the ``postgres`` user of the auditor's @@ -723,11 +733,17 @@ needs to be changed. To run ``taler-auditor-sync``, you must first configure two configuration files that identify the source and destination databases: -.. code-block:: console +.. code-block:: ini - # As the 'sync' user: - $ taler-config -c src.conf -s exchangedb -o CONFIG -V "postgres:///auditor-ingres/" - $ taler-config -c dst.conf -s exchangedb -o CONFIG -V "postgres:///auditor/" + # src.conf + [exchangedb] + CONFIG = "postgres:///auditor-ingres/" + +.. code-block:: ini + + # dst.conf + [exchangedb] + CONFIG = "postgres:///auditor/" Now you should be able to launch the synchronization process. You can run the process via systemd in the background. For a first one-off test, you should @@ -969,7 +985,7 @@ The auditor's database The database scheme used by the exchange looks as follows: -.. image:: auditor-db.png +.. image:: images/auditor-db.png Invariants checked by the auditor |