From 4c8bc8a0d9e6ba9cdad8d589b29d47a912736563 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 3 Aug 2021 10:53:24 +0200 Subject: -add missing database setup instructions --- taler-exchange-setup-guide.rst | 77 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 69 insertions(+), 8 deletions(-) diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst index ab8da958..1d6e0b20 100644 --- a/taler-exchange-setup-guide.rst +++ b/taler-exchange-setup-guide.rst @@ -194,7 +194,15 @@ reasonable denomination structure. taler-wallet-cli deployment gen-coin-config --currency EUR > /etc/taler/conf.d/exchange-coins.conf -You can manually review and edit the generated configuration file. +.. note:: + + FIXME: change tool to not take currency from configuration, but instead + to accept unit currency as the argument; (i.e. EUR:0.0025). Also take + another argument for how many denominations to generate (2^XX). Finally, + do use the unit currency as the default deposit fee. + +You can manually review and edit the generated configuration file. The main +change that is possibly required is updating the various fees. Wire Gateway Setup @@ -245,8 +253,12 @@ The Wire Gateway configuration can be tested with the following command: .. code-block:: shell-session - [root@exchange-online]# taler-exchange-wire-gateway-client --section exchange-account-1 --debit-history - [root@exchange-online]# taler-exchangewire-gateway-client --section exchange-account-1 --credit-history + [root@exchange-online]# taler-exchange-wire-gateway-client \ + --section exchange-account-1 --debit-history + [root@exchange-online]# taler-exchange-wire-gateway-client \ + --section exchange-account-1 --credit-history + + Exchange Database Setup ======================= @@ -262,6 +274,51 @@ The following users must have access to the exchange database: * taler-exchange-aggregator * taler-exchange-closer +These users are all in the taler-exchange-db group, and the +``exchange-db.secret.conf`` is should already be only readable by users in +this group. + +To create a database for the Taler exchange on the local system, run: + +.. code-block:: shell-session + + [root@exchange-onlie]# su - postgres + [postgres@exchange-online]# createuser taler-exchange-httpd + [postgres@exchange-online]# createuser taler-exchange-wire + [postgres@exchange-online]# createuser taler-exchange-aggregator + [postgres@exchange-online]# createuser taler-exchange-closer + [postgres@exchange-online]# createdb -O taler-exchange-httpd taler-exchange + [postgres@exchange-online]# exit + +This will create a ``taler-exchange`` database owned by the +``taler-exchange-httpd`` user. We will use that user later to perform +database maintenance operations. + +Next, we need to grant the other accounts limited access: + +.. code-block:: shell-session + + [root@exchange-onlie]# echo 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO "taler-exchange-aggregator";' \ + | sudo -u taler-exchange-httpd psql taler-exchange + [root@exchange-onlie]# echo 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO "taler-exchange-closer";' \ + | sudo -u taler-exchange-httpd psql taler-exchange + [root@exchange-onlie]# echo 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO "taler-exchange-wire";' \ + | sudo -u taler-exchange-httpd psql taler-exchange + + +Assuming the above database setup, the database credentials to configure +in the configuration file would simply be: + +.. code-block:: ini + :caption: /etc/taler/secrets/exchange-db.secret.conf + + [exchangedb-postgres] + CONFIG=postgres:///taler-exchange + + +If the database is run on a different host, please follow the instructions +from the Postgres manual for configuring remote access. + After configuring the database credentials, the exchange database needs to be initialized with the following command: @@ -302,7 +359,7 @@ Exchange Web service / API Setup ================================ By default, the ``taler-exchange-httpd`` service listens for HTTP connections -on a unix domain socket. To make the service publicly available, a reverse +on a UNIX domain socket. To make the service publicly available, a reverse proxy such as nginx should be used. We strongly recommend to configure nginx to use TLS. @@ -369,11 +426,15 @@ steps involving the offline signing machine must be completed: .. code-block:: shell-session - [root@exchange-online]# taler-exchange-offline download > sig-request.json + [root@exchange-online]# taler-exchange-offline \ + download > sig-request.json - [root@exchange-offline]# taler-exchange-offline sign > sig-response.json - [root@exchange-offline]# taler-exchange-offline enable-account payto://sepa/$IBAN > acct-response.json - [root@exchange-offline]# taler-exchange-offline enable-account wire-fee 2021 sepa EUR:0 EUR:0 > fee-response.json + [root@exchange-offline]# taler-exchange-offline \ + sign < sig-request.json > sig-response.json + [root@exchange-offline]# taler-exchange-offline \ + enable-account payto://sepa/$IBAN > acct-response.json + [root@exchange-offline]# taler-exchange-offline \ + enable-account wire-fee 2021 sepa EUR:0 EUR:0 > fee-response.json [root@exchange-online]# taler-exchange-offline upload < sig-response.json [root@exchange-online]# taler-exchange-offline upload < acct-response.json -- cgit v1.2.3