ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE
commit 1ed8ded3e3fa9a6c25a7fd783b1a297a2b586fb9
parent c25162ee525504182801f1e6850a44234033bcbc
Author: Christian Grothoff <christian@grothoff.org>
Date:   Mon, 17 Feb 2025 08:54:36 +0100

-deployment fixes

Diffstat:

Mplaybooks/tops-public.yml | 2++


Mroles/exchange/tasks/main.yml | 8++++----


Mroles/libeufin-nexus/tasks/main.yml | 18+++++++++++++++++-


3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/playbooks/tops-public.yml b/playbooks/tops-public.yml
@@ -1,6 +1,8 @@
 # Public variables for the Taler Operations AG (TOPS) deployment
 # Deploy challenger?
 DEPLOY_CHALLENGER: true
+# Use EBICS? (starts libeufin-nexus-fetch/submit services)
+USE_EBICS: false
 # Main domain name.
 DOMAIN_NAME: "taler-ops.ch"
 # Our internal hostname
diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml
@@ -113,16 +113,16 @@
     src: templates/etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2
     dest: /etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf
     owner: taler-exchange-httpd
-    group: root
-    mode: 0400
+    group: taler-exchange-kyc
+    mode: 0440
 
 - name: Place taler-exchange external KYC provider configuration
   ansible.builtin.template:
     src: templates/etc/taler-exchange/secrets/exchange-kyc-provider-business.secret.conf.j2
     dest: /etc/taler-exchange/secrets/exchange-kyc-provider-business.secret.conf
     owner: taler-exchange-httpd
-    group: root
-    mode: 0400
+    group: taler-exchange-kyc
+    mode: 0440
 
 - name: Place taler-exchange AML program environment
   ansible.builtin.template:
diff --git a/roles/libeufin-nexus/tasks/main.yml b/roles/libeufin-nexus/tasks/main.yml
@@ -9,6 +9,13 @@
     enabled: false
   when: "'libeufin-nexus.target' in services"
 
+- name: Ensure libeufin-nexus-httpd service is stopped before we upgrade
+  service:
+    name: libeufin-nexus-httpd.service
+    state: stopped
+    enabled: false
+  when: "'libeufin-nexus-httpd.service' in services"
+
 - name: Install libeufin-nexus package
   apt:
     name:
@@ -70,9 +77,18 @@
     cmd: libeufin-nexus ebics-setup
   when: use_ebics
 
-- name: Ensure libeufin-nexus service is enabled and started
+- name: Ensure libeufin-nexus target is enabled and started
   service:
     daemon_reload: true
     name: libeufin-nexus.target
     state: started
     enabled: true
+  when: use_ebics
+
+- name: Ensure libeufin-nexus-httpd service is enabled and started
+  service:
+    daemon_reload: true
+    name: libeufin-nexus-httpd.service
+    state: started
+    enabled: true
+  when: ! use_ebics