ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE
commit dc1063d44d9a458ef9c71aca5dd14c3e12d81b2e
parent 0c3536bc3dec15d653a3d0213e71d9a37ca3191e
Author: Christian Grothoff <christian@grothoff.org>
Date:   Thu, 30 Jan 2025 13:40:59 +0100

-fix monitoring deployment

Diffstat:

MTODO | 8--------


Mroles/challenger/tasks/main.yml | 6+++---


Mroles/monitoring/files/etc/default/prometheus | 2+-


3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/TODO b/TODO
@@ -2,11 +2,3 @@
 - setup postfix role (needed for email-challenger)
   => https://github.com/FoxyRoles/ansible-dkim seems about right!
 - playbooks/libeufin-export.yml: see FIXME, can you please fix that? ;-)
-
-@TBD (#9352)
-- setup loki log aggregator      => TEST!
-- setup HTTPS reverse proxy loki => TEST!
-- check limit access using basic auth to prometheus exporters
-  => right now uses Bearer token. Is that OK? => TEST!
-- setup deltoid's grafana to query those with access control
-  (grafana supports basic auth!)
diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml
@@ -189,7 +189,7 @@
     src: templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2
     dest: /etc/taler-exchange/secrets/challenger-sms.secret.conf
     owner: taler-exchange-httpd
-    group: root
+    group: taler-exchange-kyc
     mode: 0440
 
 - name: Place email challenger exchange config
@@ -197,7 +197,7 @@
     src: templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2
     dest: /etc/taler-exchange/secrets/challenger-email.secret.conf
     owner: taler-exchange-httpd
-    group: root
+    group: taler-exchange-kyc
     mode: 0440
 
 - name: Place postal challenger exchange config
@@ -205,7 +205,7 @@
     src: templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2
     dest: /etc/taler-exchange/secrets/challenger-postal.secret.conf
     owner: taler-exchange-httpd
-    group: root
+    group: taler-exchange-kyc
     mode: 0440
 
 - name: Place postal challenger exchange config
diff --git a/roles/monitoring/files/etc/default/prometheus b/roles/monitoring/files/etc/default/prometheus
@@ -2,4 +2,4 @@
 # Due to shell escaping, to pass backslashes for regexes, you need to double
 # them (\\d for \d). If running under systemd, you need to double them again
 # (\\\\d to mean \d), and escape newlines too.
-ARGS="--web.listen-address=127.0.0.1:9090 --enable-feature=remote-write-receiver"
+ARGS="--web.listen-address=127.0.0.1:9090 --web.enable-remote-write-receiver"