summaryrefslogtreecommitdiff
path: root/taler-auditor-manual.rst
diff options
context:
space:
mode:
Diffstat (limited to 'taler-auditor-manual.rst')
-rw-r--r--taler-auditor-manual.rst72
1 files changed, 44 insertions, 28 deletions
diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst
index e7aecb84..94e86a8d 100644
--- a/taler-auditor-manual.rst
+++ b/taler-auditor-manual.rst
@@ -17,8 +17,13 @@
@author Christian Grothoff
-GNU Taler Auditor Operator Manual
-#################################
+Auditor Operator Manual
+#######################
+
+.. contents:: Table of Contents
+ :depth: 1
+ :local:
+
Introduction
============
@@ -29,14 +34,7 @@ to become readable.
About GNU Taler
---------------
-GNU Taler is an open protocol for an electronic payment system with a
-free software reference implementation. GNU Taler offers secure, fast
-and easy payment processing using well understood cryptographic
-techniques. GNU Taler allows customers to remain anonymous, while
-ensuring that merchants can be held accountable by governments. Hence,
-GNU Taler is compatible with anti-money-laundering (AML) and
-know-your-customer (KYC) regulation, as well as data protection
-regulation (such as GDPR).
+.. include:: frags/about-taler.rst
About this manual
@@ -316,9 +314,6 @@ This section discusses configuration options related to the auditor.
.. include:: frags/configuration-format.rst
-.. include:: frags/using-taler-config.rst
-
-
.. _SetupBaseUrl:
Initial configuration
@@ -327,10 +322,11 @@ Initial configuration
You need to tell the Taler auditor configuration where the
REST API of the auditor will be available to the public:
-.. code-block:: console
+.. code-block:: ini
# Both for the 'offline' *and* the 'auditor' user:
- $ taler-config -s auditor -o BASE_URL -V https://auditor.example.com/
+ [auditor]
+ BASE_URL = https://auditor.example.com/
The ``helper`` user that is used to download information from the exchange
needs to know details about the exchange. Similarly, the ``offline`` user
@@ -339,11 +335,12 @@ need to obtain the ``MASTER_PUBLIC_KEY`` from the exchange operator (they need
to run ``taler-exchange-offline setup``) and the REST endpoint of the exchange
and configure these:
-.. code-block:: console
+.. code-block:: ini
# As the 'helper' and 'offline' users:
- $ taler-config -s exchange -o BASE_URL -V https://exchange.example.com/
- $ taler-config -s exchange -o MASTER_PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE
+ [exchange]
+ BASE_URL = https://exchange.example.com/
+ MASTER_PUBLIC_KEY = $SOMELONGBASE32VALUEHERE
.. _AuditorKeys:
@@ -379,10 +376,11 @@ of the ``auditor`` user in the ``[auditor]]`` configuration section:
You can set this configuration value using:
-.. code-block:: console
+.. code-block:: ini
# As the 'auditor' and 'helper' users:
- $ taler-config -s auditor -o PUBLIC_KEY -V $SOMELONGBASE32VALUEHERE
+ [auditor]
+ PUBLIC_KEY = $SOMELONGBASE32VALUEHERE
.. _AuditorServing:
@@ -464,6 +462,12 @@ used when configuring the exchange' database:
CONFIG = postgres:///exchangedemo
+Legal conditions for using the service
+--------------------------------------
+
+.. include:: frags/legal.rst
+
+
.. _AuditorDeployment:
Deployment
@@ -583,7 +587,7 @@ The next key step for the auditor is to configure replication of the
*exchange*'s database in-house. This should be performed in two steps
as illustrated in the following figure:
-.. image:: replication.png
+.. image:: images/replication.png
First, the exchange should use standard PostgreSQL replication features to
enable the auditor to obtain a full copy of the exchange's database.
@@ -659,11 +663,17 @@ PostgreSQL configuration:
Next, the ``postgres`` user of the auditor's system must first initialize the
local tables:
+.. code-block:: ini
+
+ # Configure database:
+ [exchange]
+ DB = "postgres"
+ [exchangedb-postgres]
+ CONFIG = "postgres:///taler-ingress"
+
.. code-block:: console
# As the 'ingress' user of the exchange:
- $ taler-config -s exchange -o DB -V "postgres"
- $ taler-config -s exchangedb-postgres -o CONFIG -V "postgres:///taler-ingress"
$ taler-exchange-dbinit
To complete the replication, the ``postgres`` user of the auditor's
@@ -723,11 +733,17 @@ needs to be changed.
To run ``taler-auditor-sync``, you must first configure two configuration
files that identify the source and destination databases:
-.. code-block:: console
+.. code-block:: ini
- # As the 'sync' user:
- $ taler-config -c src.conf -s exchangedb -o CONFIG -V "postgres:///auditor-ingres/"
- $ taler-config -c dst.conf -s exchangedb -o CONFIG -V "postgres:///auditor/"
+ # src.conf
+ [exchangedb]
+ CONFIG = "postgres:///auditor-ingres/"
+
+.. code-block:: ini
+
+ # dst.conf
+ [exchangedb]
+ CONFIG = "postgres:///auditor/"
Now you should be able to launch the synchronization process. You can run
the process via systemd in the background. For a first one-off test, you should
@@ -969,7 +985,7 @@ The auditor's database
The database scheme used by the exchange looks as follows:
-.. image:: auditor-db.png
+.. image:: images/auditor-db.png
Invariants checked by the auditor
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-10 20:02:08 +0000