From 7f79142cbd08755cc022b83376e640c6a7c6ae04 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 26 Jun 2021 13:24:09 +0200
Subject: update auditor documentation

---
 taler-auditor-manual.rst | 55 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

(limited to 'taler-auditor-manual.rst')

diff --git a/taler-auditor-manual.rst b/taler-auditor-manual.rst
index 96c39d26..05ec782a 100644
--- a/taler-auditor-manual.rst
+++ b/taler-auditor-manual.rst
@@ -618,6 +618,61 @@ replicate schema changes), ``taler-exchange-dbinit`` can be used to migrate
 the schema(s) in both the ingres and production copies of the exchange's
 database as well.
 
+On the exchange side, a database user must be created that has the right
+to perform database replication. This is done using:
+
+.. code-block:: console
+
+   # As the 'postgres' user of the exchange:
+   $ createuser --replication egress
+   $ echo "ALTER ROLE egress WITH PASSWORD '$PASSWORD'; | psql
+   $ echo "CREATE PUBLICATION $NAME FOR ALL TABLES;" | psql taler-exchange
+
+The exchange must share the password of the publication with the auditor. A
+good ``$NAME`` relates to the auditor's buisness unit name.  A secure tunnel
+must be setup between the exchange and the auditor, for example using SSH or
+Wireguard.
+
+It is also necessary to edit ``main.cf`` of the exchange and on the auditor
+side to enable logical replication.  If an exchange has multiple auditors, it
+should setup multiple ``egress`` accounts.  The exchange must ensure that
+the following lines are in the ``main.cf`` Postgres configuaration (the port
+may differ) to enable replication over the network:
+
+.. code-block::
+
+   listen_addresses='*'
+   port = 5432
+   wal_level= logical
+
+Equally, the auditor must configure logical replication in the ``main.cf``
+Postgres configuaration:
+
+.. code-block::
+
+   wal_level= logical
+
+Next, the ``postgres`` user of the auditor's system must first initialize the
+local tables:
+
+.. code-block:: console
+
+   # As the 'ingress' user of the exchange:
+   $ taler-config -s exchange -o DB -V "postgres"
+   $ taler-config -s exchangedb-postgres -o CONFIG -V "postgres:///taler-ingress"
+   $ taler-exchange-dbinit
+
+To complete the replication, the ``postgres`` user of the auditor's
+system must subscribe:
+
+.. code-block:: console
+
+   # As the 'postgres' user of the exchange:
+   $ createuser --replication egress
+   $ echo "ALTER ROLE egress WITH PASSWORD '$PASSWORD'; | psql
+   $ echo "CREATE PUBLICATION $NAME FOR ALL TABLES;" | psql taler-exchange
+
+
 For details, we refer to the Postgres manual.
 
 .. note::
-- 
cgit v1.2.3