blob: 8b2ce43f4836c26dad3bf65833c6e56933888a6f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
#!/bin/bash
set -eux
source ~/scripts/helpers.sh
INFO_MSG="
Setup the auditor node
(Start taler-auditor)
"
OPT_MSG="
init:
Configure and start the auditor together with its database
"
cd /tmp
function create_users() {
for USER in auditor sync auditor-ingress auditor-wire; do
adduser --quiet --home /tmp/${USER} ${USER} || true
done
}
function init_db() {
echo "
listen_addresses='*'
wal_level = logical
" > /etc/postgresql/${POSTGRES_VERSION}/main/auditor.conf
echo "
include = '/etc/postgresql/${POSTGRES_VERSION}/main/auditor.conf'
" >> /etc/postgresql/${POSTGRES_VERSION}/main/postgresql.conf
echo "
host all postgres 172.16.0.0/12 trust
" >> /etc/postgresql/${POSTGRES_VERSION}/main/pg_hba.conf
systemctl restart postgresql
su postgres << EOF
psql postgres -tAc "DROP DATABASE IF EXISTS \"taler-ingress\";"
psql postgres -tAc "DROP DATABASE IF EXISTS \"auditor\";"
psql postgres -tAc "SELECT 1 FROM pg_roles WHERE rolname='auditor-ingress'" | \
grep -q 1 || \
createuser auditor-ingress
psql postgres -tAc "SELECT 1 FROM pg_roles WHERE rolname='auditor'" | \
grep -q 1 || \
createuser auditor
createdb -O auditor-ingress "taler-ingress"
createdb -O auditor "auditor"
EOF
}
function setup_exchange_replication() {
taler-config -s exchange -o DB -V "postgres"
taler-config -s exchangedb-postgres -o CONFIG -V "postgres:///taler-ingress"
sudo -u auditor-ingress taler-exchange-dbinit -r || true
sudo -u auditor-ingress taler-exchange-dbinit -s || true
if [ "${PARTITION_DB}" = "true" ]; then
sudo -u auditor-ingress taler-exchange-dbinit -P ${NUM_PARTITIONS}
else
sudo -u auditor-infress taler-exchange-dbinit
fi
su auditor-ingress << EOF
psql -d taler-ingress -U auditor-ingress -tAc 'GRANT ALL ON ALL TABLES IN SCHEMA public TO auditor;'
EOF
DB_USER=egress wait_for_db
su postgres << EOF
psql -d taler-ingress -tAc "ALTER SUBSCRIPTION ${NODE_NAME} DISABLE;"
psql -d taler-ingress -tAc "ALTER SUBSCRIPTION ${NODE_NAME} SET (slot_name=NONE);"
psql -d taler-ingress -tAc "CREATE SUBSCRIPTION ${NODE_NAME} CONNECTION 'postgresql://egress:${DB_PASSWORD}@${DB_HOSTS}/${DB_NAME}' PUBLICATION exchange;" || true
EOF
}
# Start the auditor httpd and the nginx proxy
function enable_webservice() {
create_cert "${NODE_NAME}.${DNS_ZONE}" "/etc/ssl/auditor"
ln -sf /etc/nginx/sites-available/auditor /etc/nginx/sites-enabled/auditor
systemctl restart taler-auditor-httpd \
nginx
}
function setup_config() {
rm -rf /var/lib/taler/auditor/*
setup_exchange_config_master_key_from_api
PUB_KEY=$(sudo -u taler-auditor-offline taler-auditor-offline setup)
wait_for_keys ${EXCHANGE_GW_DOMAIN}
sed -i -e "s/<AUDITOR_PUB_KEY_HERE>/${PUB_KEY}/g" \
-e "s|<AUDITOR_URL_HERE>|http://${NODE_NAME}.${DNS_ZONE}/|g" \
/etc/taler/conf.d/auditor.conf
enable_webservice
sudo -u auditor taler-auditor-dbinit
sudo -u auditor taler-auditor-exchange -m $(get_exchange_masterkey) -u "https://${EXCHANGE_GW_DOMAIN}/"
ssh -o StrictHostKeyChecking=no ${PRIMARY_EXCHANGE} \
"/bin/bash ~/scripts/exchange.sh add-auditor '${PUB_KEY}' 'http://${NODE_NAME}.${DNS_ZONE}/' '${NODE_NAME}'"
taler-auditor-offline download > input.json
taler-auditor-offline show < input.json
taler-auditor-offline sign < input.json > output.json
taler-auditor-offline upload < output.json
setup_exchange_replication
}
function init_auditor() {
create_users
init_db
setup_config
}
case $1 in
init)
if [[ "${PARTITION_DB}" == "true" ]]; then
init_auditor
else
echo "INFO: sharded DB not supported yet"
fi
;;
*)
taler_perf_help $0 "$INFO_MSG" "$OPT_MSG"
;;
esac
exit 0
|