commit 1442a05fdbad965792df6e3480a0a781aae53697
parent d8f02430fddf352573e6f372b9e4be359707ad17
Author: Nils Gillmann <gillmann@infotropique.org>
Date: Thu, 14 Jun 2018 10:51:57 +0000
Merge branch 'master' of git.taler.net:deployment
Diffstat:
17 files changed, 275 insertions(+), 130 deletions(-)
diff --git a/bin/taler-deployment-config-generate b/bin/taler-deployment-config-generate
@@ -1,8 +1,11 @@
#!/bin/bash
-# (Re-)generate the taler configuration based on environment variables.
-# These variables are usually defined in ~/activate.
+# Generate the taler configuration based on environment variables.
+# These variables are usually defined in $HOME/activate.
# Some configuration files still need to be signed with taler-deployment-config-sign.
+# It overwrites previous config files.
+#
+#
set -eu
@@ -35,7 +38,7 @@ exchange_pub=$(gnunet-ecc -p $HOME/shared-data/exchange/offline-keys/master.priv
$HOME/deployment/config/generate-config \
--exchange-pub "$exchange_pub" \
--currency "$TALER_CONFIG_CURRENCY" \
- --outdir ~/.config \
- --shared-outdir ~/shared-data \
+ --outdir $HOME/.config \
+ --shared-outdir $HOME/shared-data \
--envname "$TALER_CONFIG_ENV" \
--standalone "${TALER_CONFIG_STANDALONE:-0}"
diff --git a/bin/taler-deployment-config-sign b/bin/taler-deployment-config-sign
@@ -1,15 +1,23 @@
#!/usr/bin/env bash
-set -eu
+# Get the exchange wire details signed.
+# Running this command again will produce different
+# signatures, as it generates a salt upon each invocation.
+#
+#
-base=$HOME
+set -eu
+base=$HOME
export PATH="$base/deployment":$PATH
-for f in ~/shared-data/exchange/wire/*.unsigned.json; do
- outf="${f%.unsigned.json}.json"
- taler-exchange-wire -j "$(<"$f")" > "$outf"
- # make sure both *-blue and *-green can write to it,
- # even when e.g. umask is messed up
- chmod g+w "$outf"
+for f in $HOME/shared-data/exchange/wire/*.json
+ # If this command is run by the blue-green party
+ # that did NOT create the .json file(s) then the
+ # right group permission is already set (and the
+ # 'chmod' below would also fail).
+ do chmod g+w $f || true
done
+
+# Sign wire details.
+taler-exchange-wire
diff --git a/bin/taler-deployment-keyup b/bin/taler-deployment-keyup
@@ -1,5 +1,11 @@
#!/usr/bin/env bash
+# Generate denomination keys and get them
+# signed by the auditor.
+#
+#
+#
+
set -eu
if test -z $TALER_CONFIG_ENV; then
@@ -8,20 +14,26 @@ if test -z $TALER_CONFIG_ENV; then
fi
auditor_request_dir=${HOME}/shared-data/exchange/auditor-request/
+
mkdir -p $auditor_request_dir
taler-exchange-keyup \
-m ${HOME}/shared-data/exchange/offline-keys/master.priv \
-o $auditor_request_dir/auditor_request
-taler-auditor-sign \
- -u $TALER_ENV_URL_AUDITOR \
- -m $(taler-config -s exchange -o master_public_key) \
- -r "$auditor_request_dir/auditor_request" \
- -o "$(taler-config -s exchangedb -o auditor_base_dir -f)/$(date +%s%N)" \
- -c .config/taler.conf
-
-if [[ 0 != $? ]]; then
- echo Auditor signing not accomplished.
+# Checks whether any denom key was generated, and
+# only sign it if so.
+if [[ -s $auditor_request_dir/auditor_request ]]; then
+ echo "There key material for the auditor to sign"
+ taler-auditor-sign \
+ -u $TALER_ENV_URL_AUDITOR \
+ -m $(taler-config -s exchange -o master_public_key) \
+ -r "$auditor_request_dir/auditor_request" \
+ -o "$(taler-config -s exchangedb -o auditor_base_dir -f)/$(date +%s%N)" \
+ -c ${HOME}/.config/taler.conf
fi
-chmod -fR g+rw ${HOME}/shared-data
+# Make sure the creator sets those permissions; or-ing
+# with 'true' is needed as when the other party will
+# execute this it will fail to chmod, but the permissions
+# are already right.
+chmod -R g+rw ${HOME}/shared-data || true
diff --git a/bin/taler-deployment-start b/bin/taler-deployment-start
@@ -9,16 +9,6 @@ ulimit -c $((100 * 1024)) &>/dev/null || true
cd $HOME
-if [[ ! -e ~/.config/taler.conf ]]; then
- taler-deployment-config-generate
-fi
-
-taler-deployment-config-sign
-
-taler-deployment-keyup
-
-taler-deployment-auditor-sign
-
taler-deployment-arm -s
if [ "${TALER_CONFIG_STANDALONE:-0}" = 1 ]; then
@@ -33,6 +23,7 @@ taler-deployment-arm -i taler-blog
taler-deployment-arm -i taler-survey
taler-deployment-arm -i taler-aggregator
taler-deployment-arm -i taler-exchange-wirewatch
+taler-deployment-arm -i taler-backoffice
if [[ "$TALER_ENV_NAME" = test ]]; then
taler-deployment-arm -i taler-playground
diff --git a/buildbot/config.sh b/buildbot/config.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+active=$(sudo -u test cat /home/test/active)
+nonactive="test-blue"
+echo "Active party: ${active}"
+
+if test $active = "test-blue"; then
+ nonactive="test-green"
+fi
+
+sudo -u $nonactive bash -c 'source $HOME/activate; taler-deployment-config-generate'
diff --git a/buildbot/keys.sh b/buildbot/keys.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+active=$(sudo -u test cat /home/test/active)
+nonactive="test-blue"
+echo "Active party: ${active}"
+
+if test $active = "test-blue"; then
+ nonactive="test-green"
+fi
+
+sudo -u $nonactive bash -c 'source $HOME/activate; taler-deployment-keyup'
diff --git a/buildbot/master.cfg b/buildbot/master.cfg
@@ -98,15 +98,14 @@ WALLET_SCHEDULER = schedulers.SingleBranchScheduler(
TIP_RESERVE_TOPPER_SCHEDULER = schedulers.Periodic(
name="tip-reserve-topper-scheduler",
periodicBuildTimer=60*60*24*10, # 10 days
- builderNames=["tip-reserve-topper-builder"]
-)
+ builderNames=["tip-reserve-topper-builder"])
ALL_SCHEDULER = schedulers.SingleBranchScheduler(
name="all-scheduler",
change_filter=util.ChangeFilter(
branch="master",
project_re="backoffice|wallet|bank|exchange|"
- "merchant|deployment|donations|"
+ "merchant|deployment|donations|twister|"
"blog|help|survey|landing|playground"),
treeStableTimer=None,
builderNames=["switcher-builder"])
@@ -242,13 +241,39 @@ TIP_RESERVE_TOPPER_FACTORY.addStep(ShellCommand(
SWITCHER_FACTORY = util.BuildFactory()
SWITCHER_FACTORY.addStep(git_step(
"git://git.taler.net/deployment.git"))
+
+SWITCHER_FACTORY.addStep(ShellCommand(
+ name="config",
+ description="Generating configuration file.",
+ descriptionDone="Configuration file generated.",
+ command=["./config.sh"],
+ workdir="build/buildbot",
+ haltOnFailure=True))
+
SWITCHER_FACTORY.addStep(ShellCommand(
name="build",
description="Building inactive blue-green party.",
- descriptionDone="Compile.",
+ descriptionDone="Inactive party got built.",
command=["./build.sh"],
workdir="build/buildbot",
haltOnFailure=True))
+
+SWITCHER_FACTORY.addStep(ShellCommand(
+ name="keys generation and sign",
+ description="Generating exchange keys, and auditor-sign them.",
+ descriptionDone="Exchange keys generated, and auditor-signed.",
+ command=["./keys.sh"],
+ workdir="build/buildbot",
+ haltOnFailure=True))
+
+SWITCHER_FACTORY.addStep(ShellCommand(
+ name="wire details sign",
+ description="Signing exchange wire details.",
+ descriptionDone="Exchange wire details got signed.",
+ command=["./sign.sh"],
+ workdir="build/buildbot",
+ haltOnFailure=True))
+
SWITCHER_FACTORY.addStep(ShellCommand(
name="restart services",
description="Restarting inactive blue-green party.",
@@ -256,6 +281,7 @@ SWITCHER_FACTORY.addStep(ShellCommand(
command=["./restart.sh"],
workdir="build/buildbot",
haltOnFailure=True))
+
SWITCHER_FACTORY.addStep(ShellCommand(
name="check services correctly restarted",
description="Checking services are correctly restarted.",
@@ -263,6 +289,7 @@ SWITCHER_FACTORY.addStep(ShellCommand(
command=["./checks.sh"],
workdir="build/buildbot",
haltOnFailure=True))
+
SWITCHER_FACTORY.addStep(ShellCommand(
name="switch active party",
description="Switch to the party which was inactive.",
diff --git a/buildbot/sign.sh b/buildbot/sign.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+active=$(sudo -u test cat /home/test/active)
+nonactive="test-blue"
+echo "Active party: ${active}"
+
+if test $active = "test-blue"; then
+ nonactive="test-green"
+fi
+
+sudo -u $nonactive bash -c 'source $HOME/activate; taler-deployment-config-sign'
diff --git a/config/generate-config b/config/generate-config
@@ -4,6 +4,8 @@ import sys
from collections import OrderedDict
import json
import os
+import urllib.parse
+import stat
sections = OrderedDict()
@@ -46,6 +48,7 @@ def config(currency, envname, exchange_pub, standalone):
cfg_put("paths", "TALER_DEPLOYMENT_SHARED", "${HOME}/shared-data")
cfg_put("taler", "CURRENCY", currency)
+ cfg_put("bank", "serve", "uwsgi")
cfg_put("bank", "uwsgi_serve", "unix")
cfg_put("bank", "uwsgi_unixpath", "$HOME/sockets/bank.uwsgi")
cfg_put("bank", "uwsgi_unixpath_mode", "660")
@@ -85,16 +88,20 @@ def config(currency, envname, exchange_pub, standalone):
cfg_put("playground", "uwsgi_unixpath_mode", "660")
if standalone:
- cfg_put("backoffice-blog", "backend", "https://env.taler.net/{}/merchant-backend/".format(envname))
- cfg_put("backoffice-donations", "backend", "https://env.taler.net/{}/merchant-backend/".format(envname))
+ cfg_put("backoffice-all", "backend", "https://env.taler.net/{}/merchant-backend/".format(envname))
else:
- cfg_put("backoffice-blog", "backend", "https://backend.{}.taler.net/".format(envname))
- cfg_put("backoffice-donations", "backend", "https://backend.{}.taler.net/".format(envname))
+ cfg_put("backoffice-all", "backend", "https://backend.{}.taler.net/".format(envname))
+
+ # Keep only one back-office service for all instances, for simplicity.
+ cfg_put("backoffice-all", "uwsgi_serve", "unix")
+ cfg_put("backoffice-all", "uwsgi_unixpath_mode", "660")
+ cfg_put("backoffice-all", "uwsgi_unixpath", "$HOME/sockets/backoffice.uwsgi")
+ cfg_put("backoffice-all", "instances", "FSF default Tor")
cfg_put("merchant", "wireformat", "test")
cfg_put("merchant", "serve", "unix")
cfg_put("merchant", "unixpath", "$HOME/sockets/merchant.http")
- cfg_put("merchant", "wire_transfer_delay", "1 m")
+ cfg_put("merchant", "wire_transfer_delay", "0 s")
cfg_put("merchant", "default_max_wire_fee", currency + ":" + "0.01")
cfg_put("merchant", "default_max_deposit_fee", currency + ":" + "0.05")
@@ -111,11 +118,19 @@ def config(currency, envname, exchange_pub, standalone):
cfg_put("merchant-exchange-test", "master_key", exchange_pub)
cfg_put("frontends", "backend_apikey", "sandbox".format(envname))
+
if standalone:
cfg_put("frontends", "backend", "https://env.taler.net/{}/merchant-backend/".format(envname))
else:
cfg_put("frontends", "backend", "https://backend.{}.taler.net/".format(envname))
+ cfg_put("exchange-{}".format(currency), "master_key", exchange_pub)
+ cfg_put("exchange-{}".format(currency), "currency", currency)
+ if standalone:
+ cfg_put("exchange-{}".format(currency), "base_url", "https://env.taler.net/{}/exchange".format(envname))
+ else:
+ cfg_put("exchange-{}".format(currency), "base_url", "https://exchange.{}.taler.net/".format(envname))
+
cfg_put("auditor", "auditor_priv_file", "${TALER_DEPLOYMENT_SHARED}/auditor/offline-keys/auditor.priv")
cfg_put("exchange", "base_url", "https://exchange.{}.taler.net/".format(envname))
@@ -126,50 +141,50 @@ def config(currency, envname, exchange_pub, standalone):
cfg_put("exchange", "master_priv_file", "${TALER_DEPLOYMENT_SHARED}/exchange/offline-keys/master.priv")
cfg_put("exchange", "keydir", "${TALER_DEPLOYMENT_SHARED}/exchange/live-keys/")
- cfg_put("exchange-admin", "serve", "unix")
- cfg_put("exchange-admin", "unixpath", "$HOME/sockets/exchange-admin.http")
cfg_put("exchangedb", "auditor_base_dir", "${TALER_DEPLOYMENT_SHARED}/exchange/auditors/")
cfg_put("exchangedb", "wirefee_base_dir", "${TALER_DEPLOYMENT_SHARED}/exchange/wirefees/")
if standalone:
cfg_put("exchangedb-postgres", "db_conn_str", "postgres:///taler?host={}/sockets".format(os.getenv("HOME")))
+ cfg_put("exchangedb-postgres", "config", "postgres:///taler?host={}/sockets".format(os.getenv("HOME")))
cfg_put("auditordb-postgres", "db_conn_str", "postgres:///taler?host={}/sockets".format(os.getenv("HOME")))
+ cfg_put("auditordb-postgres", "config", "postgres:///taler?host={}/sockets".format(os.getenv("HOME")))
else:
cfg_put("exchangedb-postgres", "db_conn_str", "postgres:///taler{}".format(envname))
+ cfg_put("exchangedb-postgres", "config", "postgres:///taler{}".format(envname))
cfg_put("auditordb-postgres", "db_conn_str", "postgres:///taler{}".format(envname))
+ cfg_put("auditordb-postgres", "config", "postgres:///taler{}".format(envname))
if standalone:
- cfg_put("exchange-wire-test", "bank_url", "https://env.taler.net/{}/bank/".format(envname))
+ cfg_put("account-1", "url", "payto://x-taler-bank/env.taler.net/{}/bank/2".format(envname))
else:
- cfg_put("exchange-wire-test", "bank_url", "https://bank.{}.taler.net/".format(envname))
- cfg_put("exchange-wire-test", "bank_account_number", "1")
- cfg_put("exchange-wire-test", "exchange_account_number", "2")
- cfg_put("exchange-wire-test", "enable", "yes")
- cfg_put("exchange-wire-test", "test_response_file", "${TALER_DEPLOYMENT_SHARED}/exchange/wire/test.json")
-
-
- cfg_put("exchange-wire-test", "wire-fee-2017", currency + ":" + "0.01")
- cfg_put("exchange-wire-test", "wire-fee-2018", currency + ":" + "0.02")
- cfg_put("exchange-wire-test", "wire-fee-2019", currency + ":" + "0.03")
- cfg_put("exchange-wire-test", "wire-fee-2020", currency + ":" + "0.04")
- cfg_put("exchange-wire-test", "wire-fee-2021", currency + ":" + "0.04")
- cfg_put("exchange-wire-test", "wire-fee-2022", currency + ":" + "0.05")
- cfg_put("exchange-wire-test", "wire-fee-2023", currency + ":" + "0.06")
- cfg_put("exchange-wire-test", "wire-fee-2024", currency + ":" + "0.07")
- cfg_put("exchange-wire-test", "wire-fee-2025", currency + ":" + "0.08")
-
- cfg_put("exchange-wire-test", "closing-fee-2017", currency + ":" + "0.01")
- cfg_put("exchange-wire-test", "closing-fee-2018", currency + ":" + "0.02")
- cfg_put("exchange-wire-test", "closing-fee-2019", currency + ":" + "0.03")
- cfg_put("exchange-wire-test", "closing-fee-2020", currency + ":" + "0.04")
- cfg_put("exchange-wire-test", "closing-fee-2021", currency + ":" + "0.04")
- cfg_put("exchange-wire-test", "closing-fee-2022", currency + ":" + "0.05")
- cfg_put("exchange-wire-test", "closing-fee-2023", currency + ":" + "0.06")
- cfg_put("exchange-wire-test", "closing-fee-2024", currency + ":" + "0.07")
- cfg_put("exchange-wire-test", "closing-fee-2025", currency + ":" + "0.08")
-
- cfg_put("exchange-wire-test", "username", "Exchange")
- cfg_put("exchange-wire-test", "password", "x")
+ cfg_put("account-1", "url", "payto://x-taler-bank/bank.{}.taler.net/2".format(envname))
+
+ cfg_put("account-1", "wire_response", "${TALER_DEPLOYMENT_SHARED}/exchange/wire/test.json")
+ cfg_put("account-1", "plugin", "taler_bank")
+ cfg_put("account-1", "taler_bank_auth_method", "basic")
+ cfg_put("account-1", "username", "Exchange")
+ cfg_put("account-1", "password", "x")
+ cfg_put("account-1", "enable_debit", "yes")
+ cfg_put("account-1", "enable_credit", "yes")
+
+ cfg_put("fees-x-taler-bank", "wire-fee-2018", currency + ":" + "0.02")
+ cfg_put("fees-x-taler-bank", "wire-fee-2019", currency + ":" + "0.03")
+ cfg_put("fees-x-taler-bank", "wire-fee-2020", currency + ":" + "0.04")
+ cfg_put("fees-x-taler-bank", "wire-fee-2021", currency + ":" + "0.04")
+ cfg_put("fees-x-taler-bank", "wire-fee-2022", currency + ":" + "0.05")
+ cfg_put("fees-x-taler-bank", "wire-fee-2023", currency + ":" + "0.06")
+ cfg_put("fees-x-taler-bank", "wire-fee-2024", currency + ":" + "0.07")
+ cfg_put("fees-x-taler-bank", "wire-fee-2025", currency + ":" + "0.08")
+
+ cfg_put("fees-x-taler-bank", "closing-fee-2018", currency + ":" + "0.01")
+ cfg_put("fees-x-taler-bank", "closing-fee-2019", currency + ":" + "0.01")
+ cfg_put("fees-x-taler-bank", "closing-fee-2020", currency + ":" + "0.01")
+ cfg_put("fees-x-taler-bank", "closing-fee-2021", currency + ":" + "0.01")
+ cfg_put("fees-x-taler-bank", "closing-fee-2022", currency + ":" + "0.01")
+ cfg_put("fees-x-taler-bank", "closing-fee-2023", currency + ":" + "0.01")
+ cfg_put("fees-x-taler-bank", "closing-fee-2024", currency + ":" + "0.01")
+ cfg_put("fees-x-taler-bank", "closing-fee-2025", currency + ":" + "0.01")
# how long is one signkey valid?
cfg_put("exchange_keys", "signkey_duration", "18 weeks")
@@ -184,36 +199,47 @@ def config(currency, envname, exchange_pub, standalone):
cfg_put("exchange_keys", "lookahead_provide", "4 weeks 1 day")
# instance FSF
- cfg_put("merchant-instance-FSF", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/fsf.priv")
- cfg_put("merchant-instance-FSF", "name", "Free Software Foundation")
+ cfg_put("instance-FSF", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/fsf.priv")
+ cfg_put("instance-FSF", "name", "Free Software Foundation")
cfg_put("merchant-location-FSF-address", "street", "51 Franklin Street, Fifth Floor.")
cfg_put("merchant-location-FSF-address", "city", "Boston")
cfg_put("merchant-location-FSF-address", "country", "USA")
# instance Tor
- cfg_put("merchant-instance-Tor", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/tor.priv")
- cfg_put("merchant-instance-Tor", "name", "The Tor Project")
+ cfg_put("instance-Tor", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/tor.priv")
+ cfg_put("instance-Tor", "name", "The Tor Project")
# instance GNUnet
- cfg_put("merchant-instance-GNUnet", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/gnunet.priv")
- cfg_put("merchant-instance-GNUnet", "name", "GNUnet Project")
+ cfg_put("instance-GNUnet", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/gnunet.priv")
+ cfg_put("instance-GNUnet", "name", "GNUnet Project")
# instance Taler
- cfg_put("merchant-instance-Taler", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/taler.priv")
- cfg_put("merchant-instance-Taler", "name", "Taler")
+ cfg_put("instance-Taler", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/taler.priv")
+ cfg_put("instance-Taler", "name", "Taler")
# instance default
- cfg_put("merchant-instance-default", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/default.priv")
- cfg_put("merchant-instance-default", "name", "Kudos Inc.")
+ cfg_put("instance-default", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/default.priv")
+ cfg_put("instance-default", "name", "Kudos Inc.")
cfg_put("merchant-location-default-address", "country", "Kudosland")
- cfg_put("merchant-instance-default", "tip_reserve_priv_filename", "${TALER_DEPLOYMENT_SHARED}/merchant/default-tip.priv")
- cfg_put("merchant-instance-default", "tip_exchange", "https://exchange.{}.taler.net/".format(envname))
+ cfg_put("instance-default", "tip_reserve_priv_filename", "${TALER_DEPLOYMENT_SHARED}/merchant/default-tip.priv")
+ cfg_put("instance-default", "tip_exchange", "https://exchange.{}.taler.net/".format(envname))
# instance tutorial
- cfg_put("merchant-instance-tutorial", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/tutorial.priv")
- cfg_put("merchant-instance-tutorial", "name", "Tutorial")
+ cfg_put("instance-Tutorial", "keyfile", "${TALER_DEPLOYMENT_SHARED}/merchant/tutorial.priv")
+ cfg_put("instance-Tutorial", "name", "Tutorial")
+
+ if standalone:
+ cfg_put("account-merchant", "url", "payto://x-taler-bank/env.taler.net/{}/bank/{}".format(envname, "3"))
+ else:
+ cfg_put("account-merchant", "url", "payto://x-taler-bank/bank.{}.taler.net/{}".format(envname, "3"))
- cfg_put("merchant-instance-wireformat-Tor", "test_response_file", "${TALER_DEPLOYMENT_SHARED}/merchant/wire/tor.json")
- cfg_put("merchant-instance-wireformat-GNUnet", "test_response_file", "${TALER_DEPLOYMENT_SHARED}/merchant/wire/gnunet.json")
- cfg_put("merchant-instance-wireformat-Taler", "test_response_file", "${TALER_DEPLOYMENT_SHARED}/merchant/wire/taler.json")
- cfg_put("merchant-instance-wireformat-FSF", "test_response_file", "${TALER_DEPLOYMENT_SHARED}/merchant/wire/fsf.json")
- cfg_put("merchant-instance-wireformat-default", "test_response_file", "${TALER_DEPLOYMENT_SHARED}/merchant/wire/default.json")
- cfg_put("merchant-instance-wireformat-tutorial", "test_response_file", "${TALER_DEPLOYMENT_SHARED}/merchant/wire/default.json")
+ cfg_put("account-merchant", "plugin", "taler_bank")
+ cfg_put("account-merchant", "taler_bank_auth_method", "basic")
+ cfg_put("account-merchant", "username", "user")
+ cfg_put("account-merchant", "password", "pass")
+ cfg_put("account-merchant", "wire_response", "${TALER_DEPLOYMENT_SHARED}/merchant/wire/merchant.json")
+
+ cfg_put("account-merchant", "HONOR_default", "YES")
+ cfg_put("account-merchant", "HONOR_Tor", "YES")
+ cfg_put("account-merchant", "HONOR_GNUnet", "YES")
+ cfg_put("account-merchant", "HONOR_Taler", "YES")
+ cfg_put("account-merchant", "HONOR_FSF", "YES")
+ cfg_put("account-merchant", "HONOR_Tutorial", "YES")
coin(currency, "ct_10", "0.10")
coin(currency, "1", "1")
@@ -223,36 +249,36 @@ def config(currency, envname, exchange_pub, standalone):
coin(currency, "1000", "1000")
-def merchant_wf(envname, instance_name, acct_no, standalone):
+def merchant_wf(envname, acct_no, standalone):
+
if standalone:
- bank_url = "https://env.taler.net/{}/bank/".format(envname)
+ payto_url = "payto://x-taler-bank/env.taler.net/{}/bank/{}".format(envname, acct_no)
else:
- bank_url = "https://bank.{}.taler.net/".format(envname)
+ payto_url = "payto://x-taler-bank/bank.{}.taler.net/{}".format(envname, acct_no)
+
data = OrderedDict(
- type="test",
- bank_url=bank_url,
- sig="MERCHANTSIGNATURE",
- account_number=acct_no,
+ url=payto_url,
salt="SALT"
)
- return (instance_name, json.dumps(data, indent=2))
+ return json.dumps(data, indent=2)
def exchange_wf(envname, wfname, acct_no, name, standalone):
if standalone:
bank_url = "https://env.taler.net/{}/bank/".format(envname)
else:
bank_url = "https://bank.{}.taler.net/".format(envname)
+
+ bank_host = urllib.parse.urlparse(bank_url).netloc
data = OrderedDict(
name=name,
type=wfname,
bank_url=bank_url,
- account_number=acct_no
+ account_number=acct_no,
+ url="payto://x-taler-bank/{}/{}".format(bank_host, acct_no)
)
return (wfname, json.dumps(data, indent=2))
-
-
@click.command()
@click.option("--currency", default="KUDOS")
@click.option("--envname", default="demo")
@@ -277,18 +303,14 @@ def main(currency, envname, outdir, shared_outdir, exchange_pub, standalone):
config(currency, envname, exchange_pub, standalone)
- merchant_wireformats = [
- merchant_wf(envname, "gnunet", 4, standalone),
- merchant_wf(envname, "taler", 5, standalone),
- merchant_wf(envname, "tor", 3, standalone),
- merchant_wf(envname, "fsf", 6, standalone),
- merchant_wf(envname, "default", 7, standalone),
- ]
-
exchange_wireformats = [
exchange_wf(envname, "test", 2, "The exchange", standalone)
]
+ merchant_wireformats = [
+ merchant_wf(envname, 3, standalone)
+ ]
+
if outdir:
os.makedirs(outdir, exist_ok=True)
tc = os.path.join(outdir, "taler.conf")
@@ -300,17 +322,21 @@ def main(currency, envname, outdir, shared_outdir, exchange_pub, standalone):
if shared_outdir:
d = os.path.join(shared_outdir, "merchant", "wire")
os.makedirs(d, exist_ok=True)
- for name, data in merchant_wireformats:
- f = open(os.path.join(d, name+".json"), "w")
+
+ for data in merchant_wireformats:
+ filename = os.path.join(d, "merchant.json")
+ f = open(filename, "w")
f.write(data)
f.close()
+
d = os.path.join(shared_outdir, "exchange", "wire")
os.makedirs(d, exist_ok=True)
for name, data in exchange_wireformats:
# These files must be signed by the exchange in
# a later step
- f = open(os.path.join(d, name+".unsigned.json"), "w")
+ filename = os.path.join(d, name+".json")
+ f = open(filename, "w")
f.write(data)
f.close()
else:
diff --git a/doc/onboarding.texi b/doc/onboarding.texi
@@ -399,14 +399,16 @@ $ echo $PATH
# Then we need to install GNUnet beforehand, as it provides the 'ARM'
# utility that is used to start the database service.
-$ cd deployment/taler-arm/
+$ cd deployment/taler-build/
$ make gnunet-stamp
# Now we can start the database, with ($CWD is irrelevant now):
$ taler-deployment-arm -s
$ taler-deployment-arm -i taler-postgres-standalone
-# Configuration file can be generated now.
+# Configuration file can be generated now. NOTE: this step must
+# be run before the main build, as some components (Python ones notably)
+# do require ~/.config/taler.conf to exist.
$ taler-deployment-config-generate
# If the previous commands succeeded, then we can install all the remaining
diff --git a/etc/nginx/conf.d/favicon_robots b/etc/nginx/conf.d/favicon_robots
@@ -1,7 +1,11 @@
location = /robots.txt {
- root /var/www/robots-favicon;
+ root /var/www/robots-favicon;
}
location = /favicon.ico {
- root /var/www/robots-favicon;
+ root /var/www/robots-favicon;
+}
+
+location = /static/web-common/favicon-taler.ico {
+ alias /var/www/robots-favicon/favicon.ico;
}
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
@@ -37,7 +37,7 @@ http {
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
- error_log /var/log/nginx/error.log notice;
+ error_log /var/log/nginx/error.log debug;
##
# Gzip Settings
diff --git a/etc/nginx/sites-enabled/test.site b/etc/nginx/sites-enabled/test.site
@@ -7,7 +7,8 @@ server {
donations.test.taler.net
survey.test.taler.net
auditor.test.taler.net
- exchange.test.taler.net;
+ exchange.test.taler.net
+ backoffice.test.taler.net;
# 301-based ridirects allows the user agent to *change* the
# method used in the second request. This breaks all the API
@@ -344,3 +345,35 @@ server {
include conf.d/favicon_robots;
}
+
+server {
+ server_name backoffice.test.taler.net;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ include conf.d/talerssl;
+
+ location @blue {
+ add_header X-Taler-Deployment-Color blue;
+ uwsgi_pass unix:/home/test-blue/sockets/backoffice.uwsgi;
+ include /etc/nginx/uwsgi_params;
+ }
+ location @green {
+ add_header X-Taler-Deployment-Color green;
+ uwsgi_pass unix:/home/test-green/sockets/backoffice.uwsgi;
+ include /etc/nginx/uwsgi_params;
+ }
+
+ location / {
+ # Redirection technique explainted at
+ # https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
+ error_page 418 = @blue;
+ error_page 419 = @green;
+ recursive_error_pages on;
+ if ($http_x_taler_deployment_color ~ "blue") { return 418; }
+ if ($http_x_taler_deployment_color ~ "green") { return 419; }
+ uwsgi_pass unix:/home/test/sockets/backoffice.uwsgi;
+ include /etc/nginx/uwsgi_params;
+ }
+
+ include conf.d/favicon_robots;
+}
diff --git a/etc/nginx/sites-enabled/www-ssl.site b/etc/nginx/sites-enabled/www-ssl.site
@@ -56,11 +56,4 @@ server {
location /files {
root /var/www;
}
-
- location ~* \.(png|jpg|jpeg|gif|ico|svg|js|css)$ {
- root /var/www/taler.net;
- expires 1y;
- }
-
-
}
diff --git a/taler-arm/taler-backoffice.conf b/taler-arm/taler-backoffice.conf
@@ -0,0 +1,4 @@
+[taler-backoffice]
+TYPE = simple
+BINARY = taler-log-adapter
+OPTIONS = $HOME/logs/backoffice-%Y-%m-%d.log taler-merchant-backoffice -f all serve-uwsgi
diff --git a/taler-build/Makefile b/taler-build/Makefile
@@ -17,7 +17,17 @@ deployment-stamp:
./update_deployment.sh
touch $@
-twister-stamp: gnunet-stamp exchange-stamp deployment-stamp
+# NOTE: the twister _does_ depend on the exchange;
+# in particular it depends on the testing API offered
+# by the exchange. However, putting the exchange
+# among the twister dependencies will cause circular
+# dependency. Since it is the exchange depending "more"
+# on the twister, we choose to NOT include the exchange
+# as a twister dependency, and rather manually fix
+# the situation whenever the twister will fail to
+# build due to exchange's API breaks.
+
+twister-stamp: gnunet-stamp deployment-stamp
./update_twister.sh
touch $@
diff --git a/taler-build/update_twister.sh b/taler-build/update_twister.sh
@@ -20,5 +20,4 @@ git submodule update --init --force
--with-gnunet=$HOME/local \
--with-exchange=$HOME/local \
--enable-logging=verbose
-make
make install check
