commit 4de683aa7921a50ce58ed401a133c11eae845486
parent 2916a9f683f4a7f9f4596f6c912e91705ab0ab64
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 19 May 2019 01:58:18 +0200
Merge branch 'master' of git+ssh://git.taler.net/deployment
Diffstat:
10 files changed, 162 insertions(+), 208 deletions(-)
diff --git a/bin/taler-deployment-build b/bin/taler-deployment-build
@@ -5,12 +5,6 @@
set -eu
-cd $HOME/deployment
-
-# like "git pull", but discard local changes
-git fetch
-git reset --hard FETCH_HEAD
-
if ! test $HOME/activate; then
echo "$HOME/activate not found. Although the compilation
is not affected, testcases will fail because the database
diff --git a/buildbot/checks.sh b/buildbot/checks.sh
@@ -4,7 +4,7 @@ if test -z "${DEPLOYMENT}"; then
echo Please provide DEPLOYMENT env var: 'test' or 'demo'
exit 1
fi
-DOMAIN="wild.gv.taler.net"
+DOMAIN="taler.net"
##
# Will stay as 'dummy' for 'demo' DEPLOYMENTs since we do
@@ -30,7 +30,7 @@ error_fmt="%s (http status code: %s)/(curl exit code: %s - %s)\n"
URL="https://exchange.${DEPLOYMENT}.${DOMAIN}/"
http_status_code=$(curl \
- -H "X-Taler-Deployment-Color: ${ACTIVE_COLOR}" \
+ -H "X-Taler-Deployment-Color: ${NONACTIVE_COLOR}" \
-s "$URL" -o /dev/null \
-w "%{http_code}")
if ! test 200 = $http_status_code; then
@@ -43,7 +43,7 @@ fi
URL="http://backend.${DEPLOYMENT}.${DOMAIN}/"
http_status_code=$(curl \
- -H "X-Taler-Deployment-Color: ${ACTIVE_COLOR}" \
+ -H "X-Taler-Deployment-Color: ${NONACTIVE_COLOR}" \
-s $URL \
--header "Authorization: ApiKey sandbox" \
-o /dev/null \
@@ -59,7 +59,7 @@ fi
URL="https://shop.${DEPLOYMENT}.${DOMAIN}/"
http_status_code=$(curl \
- -H "X-Taler-Deployment-Color: ${ACTIVE_COLOR}" \
+ -H "X-Taler-Deployment-Color: ${NONACTIVE_COLOR}" \
-s $URL -o /dev/null \
-w "%{http_code}")
if ! test 200 = $http_status_code; then
@@ -72,7 +72,7 @@ fi
URL="https://survey.${DEPLOYMENT}.${DOMAIN}/"
http_status_code=$(curl \
- -H "X-Taler-Deployment-Color: ${ACTIVE_COLOR}" \
+ -H "X-Taler-Deployment-Color: ${NONACTIVE_COLOR}" \
-s $URL -o /dev/null \
-w "%{http_code}")
if ! test 200 = $http_status_code; then
@@ -85,7 +85,7 @@ fi
URL="https://donations.${DEPLOYMENT}.${DOMAIN}/"
http_status_code=$(curl \
- -H "X-Taler-Deployment-Color: ${ACTIVE_COLOR}" \
+ -H "X-Taler-Deployment-Color: ${NONACTIVE_COLOR}" \
-s $URL -o /dev/null \
-w "%{http_code}")
if ! test 200 = $http_status_code; then
@@ -98,7 +98,7 @@ fi
URL="https://bank.${DEPLOYMENT}.${DOMAIN}/"
http_status_code=$(curl \
- -H "X-Taler-Deployment-Color: ${ACTIVE_COLOR}" \
+ -H "X-Taler-Deployment-Color: ${NONACTIVE_COLOR}" \
-s $URL -o /dev/null \
-w "%{http_code}")
if ! test 302 = $http_status_code; then
@@ -111,7 +111,7 @@ fi
URL="https://${DEPLOYMENT}.${DOMAIN}/en/index.html"
http_status_code=$(curl \
- -H "X-Taler-Deployment-Color: ${ACTIVE_COLOR}" \
+ -H "X-Taler-Deployment-Color: ${NONACTIVE_COLOR}" \
-s $URL -o /dev/null \
-w "%{http_code}")
if ! test 200 = $http_status_code; then
diff --git a/buildbot/master.cfg b/buildbot/master.cfg
@@ -1,4 +1,5 @@
import re
+from getpass import getuser
from buildbot.steps.source.git import Git
from buildbot.steps.shell import ShellCommand
from buildbot.plugins import (reporters,
@@ -495,8 +496,7 @@ def pick_active_color(builder, workers_list, build_request):
print("Found active color: %s" % str(active))
for worker in workers_list:
- if re.search("^/home/%s" % active,
- worker.worker.worker_basedir):
+ if active == getuser():
f.close()
print("Scheduling worker: %s" % str(worker))
return worker
@@ -540,8 +540,7 @@ def pick_inactive_color(builder, workers_list, build_request):
print("Found nonactive color: %s" % str(nonactive))
for worker in workers_list:
- if re.search("^/home/%s" % nonactive,
- worker.worker.worker_basedir):
+ if nonactive == getuser():
f.close()
print("Scheduling worker: %s" % str(worker))
return worker
diff --git a/commit_test b/commit_test
@@ -1 +0,0 @@
-foo
diff --git a/doc/gls.txt b/doc/gls.txt
@@ -0,0 +1,69 @@
+
+https://vrkennung.de/fintshbci-allgemein/
+
+### ---- key based access. Extracted from https://www.aquamaniac.de/sites/download/download.php?package=09&release=09&file=01&dummy=aqbanking4-handbook-20091231.pdf
+
+# 1 Create local keys _container_ (so no keys are created yet).
+$ gct-tool create -t ohbci -n output.medium
+
+# 2 Create user associated with local keys. (From now on, ${UNIQUEID} points to this fresh user)
+$ aqhbci-tool4 adduser -s 'https://hbci.gad.de' -u VRK588XXXX -c VRK588XXX -N 67264051XXX -b 43060967 -t ohbci --context=1 --rdhtype=0 --hbciversion=300 -n output.medium
+
+# 3 Get keys (sign & crypt) from the bank. Didn't work.
+$ aqhbci-tool4 getkeys --user=${UNIQUEID}
+
+# 4 Show local (container) and bank's keys. No warnings reported, but neither keys hashcodes.
+$ gct-tool showkey -t ohbci -n output.medium
+
+# 5 Actually create keys now. Worked.
+$ aqhbci-tool4 createkeys --user=${USER}
+
+# 6 Send keys to the bank. Didn't work (I suspect the URL associate with the user is not right).
+$ aqhbci-tool4 sendkeys --user=${USER}
+
+# 7 Last, generate letter. Worked.
+$ aqhbci-tool4 iniletter --user=${USER} > ini.txt
+
+# 8 Pen-sign the letter and send via snail mail to the bank.
+
+============== mobile TAN method below; could not get it to work.
+
+# Add a user in the system. The user has a bank and a customer id,
+# but is _not_ active yet (see commands below).
+$ aqhbci-tool4 adduser -s 'https://hbci-pintan.gad.de/cgi-bin/hbciservlet' -u VRK588XXX -c VRK588XXX -N 6726405XXX -b 43060967 -t pintan --context=1
+
+# Then get the "sysid".
+$ aqhbci-tool4 getsysid --user=U
+
+# Finally, give the following command to "unlock" the user.
+$ aqhbci-tool4 getitanmodes --user=U
+
+# If the three commands above all worked out, then balance
+# and transactions list should be available. Try this with
+# the following commands.
+
+$ aqbanking-cli request --balance
+
+# and
+
+$ aqbanking-cli request --transactions
+
+# At this point, we need to workaround the lack of a BIC code
+# in the configuration, in order to be able to get the PIN by
+# phone. Say the BIC is BANKBIC, edit the following file adding
+# a 'bic=BANKBIC' line next to the other details in the upper part
+# of the file:
+
+~/.aqbanking/settings6/accounts/<unique-user-id>.conf
+
+# If the previous step worked, then issue a SEPA transfer with:
+
+$ aqbanking-cli sepatransfer --aid=<bank-account-id> --riban='DEXXX' --value="1,00:EUR" --rbic="REMOBIC" --rname="Remote Owner Name" --purpose="Test transfer 2" --name="Issuer Name" -E "Test 222"
+
+# NOTE: <bank-account-id> is the id number that Aqbanking gives
+# to bank accounts (not users!). It can be seen by the following
+# command:
+
+$ aqbanking-cli listaccs
+
+# <bank-account-id> is now found in the second to last field.
diff --git a/doc/onboarding.texi b/doc/onboarding.texi
@@ -51,18 +51,18 @@ Texts. A copy of the license is included in the section entitled
@menu
* Standalone deployment:: Deploy Taler in your homepage
-* Deployment on demo.taler.net:: Deploy Taler in a "blue/green" fashion
-* Testing components:: How to make and run tests.
+* Testing components:: How to make and run tests
* Releases:: Releases patterns
+* Code:: Where to find Taler code
+* Bugtracking:: How to track Taler bugs
+* Continuous integration:: How CI is currently performed
+* Code coverage:: Where to find coverage reports
+* Demo and Test:: Live Taler services
@end menu
@node Standalone deployment
@chapter Standalone deployment
-This tecnique aims to set a thorough Taler installation up on a
-machine whose nginx configuration is configured by config files
-from @emph{https://git.taler.net/deployment.git/tree/etc/nginx}.
-
This installation assumes that all the steps are run with @code{$HOME}
as @code{$CWD}.
@@ -71,7 +71,7 @@ the needed scripts.
@example
# Adapt the repository's URL to your needs.
-$ git clone /var/git/deployment.git/
+$ git clone git://git.taler.net/deployment
@end example
The next step is to fetch all the codebases from all the components.
@@ -119,30 +119,26 @@ $ source activate
# contain $HOME/local/bin.
$ echo $PATH
-# Then we need to install GNUnet beforehand, as it provides the 'ARM'
-# utility that is used to start the database service.
+# Then we need to install GNUnet, as it provides the 'ARM'
+# utility that is used to start the database service. The
+# database service is needed to let the compilation run its
+# tests.
+
$ cd deployment/taler-build/
$ make gnunet-stamp
-# Now we can start the database, with ($CWD is irrelevant now):
+# Now we can start the database
$ taler-deployment-arm -s
$ taler-deployment-arm -i taler-postgres-standalone
-# Configuration file can be generated now. NOTE: this step must
-# be run before the main build, as some components (Python ones notably)
-# do require ~/.config/taler.conf to exist.
-$ taler-deployment-config-generate
-
# If the previous commands succeeded, then we can install all the remaining
# components and run checks for them. Issue:
$ taler-deployment-build
@end example
-
-The following one will place signatures inside wireformat JSON files.
-
+Now make the configuration file @code{$@{HOME@}/.config/taler.conf}:
@example
-$ taler-deployment-config-sign
+$ taler-deployment-config-generate
@end example
The next step is to generate @cite{signkeys} and @cite{denomkeys}.
@@ -153,31 +149,19 @@ auditor.
$ taler-deployment-keyup
@end example
-@cartouche
-@quotation Note
-
-A database error about non existent auditor-related tables might be
-returned while generating keys. Fix it by running:
-
-@smallexample
-taler-auditor -m $(taler-config -s exchange -o master_public_key) -r
-@end smallexample
-
-This is likely to happen after database resets, and @code{taler-auditor}
-is responsible for creating all auditor-related tables.
-@end quotation
-@end cartouche
+The following one will place signatures inside wireformat JSON files.
+@example
+$ taler-deployment-config-sign
+@end example
@c An error of "invalid currency name" might be related to the current
@c policy of 12-chars limit for currency names; which is likely going to
@c be changed.
It may be necessary to define database tables for the exchange. The
-following command does that.
-
-Note that you have to manually start the database, with the following
-command.
+following command does that. Note that you have to manually start the
+database, with the following command.
@example
taler-deployment-arm -s
@@ -185,121 +169,22 @@ taler-deployment-arm -i taler-postrges-standalone
@end example
@example
-# Erase all the data!
-$ taler-exchange-dbinit -r
-@end example
-
-As of the merchant backend, it creates tables at launch time, so it is
-not required to define tables before launching it. @cite{However}, if some
-table's definition changed over the time, and there is a need to force
-a redefinition of tables, then the following command accomplishes that
-for the merchant:
+# Note that this command _also_ erases any previous
+# data in the database.
-@example
-# Erase all the data!
+$ taler-exchange-dbinit -r
$ taler-merchant-dbinit -r
@end example
-If all previous steps succeeded, it is now possible to launch all the
-processes. That is accomplished by the following command:
+If all previous steps succeeded, it is now possible to launch all
+the processes:
@example
$ taler-deployment-start
@end example
-@cartouche
-@quotation Note
-Please make sure your nginx works correctly with its configuration
-at @code{<DEPLOYMENT-REPO>/etc/nginx}.
-@end quotation
-@end cartouche
-
-@node Deployment on demo.taler.net
-@chapter Deployment on demo.taler.net
-
-This section describes how to upgrade the whole Taler setup on the
-@url{taler.net} Web site. Here, the deployment scripts include a
-``stable'' setup at @url{demo.taler.net} and an ``experimental'' setup
-at @url{test.taler.net}. This section documents the steps for moving
-the ``experimental'' logic to the ``stable'' site. It is mostly
-useful for administrators of @url{taler.net}, but given that all of
-the configuration files are public, it may also make a good starting
-point for others.
-
-
-@c FIXME: what does this line mean?
-First, make sure that the deployment @emph{AND} the deployment scripts work on the @cite{test.taler.net} deployment.
-
-For all repositories that have a separate stable branch (currently exchange.git,
-merchant.git, donations.git, blog.git, bank.git, landing.git) do:
-
-@example
-$ cd $REPO
-$ git pull origin master stable
-$ git checkout stable
-
-# option a: resolve conflicts resulting from hotfixes
-$ git merge master
-$ ...
-
-# option b: force stable to master
-$ git update-ref refs/heads/stable master
-
-$ git push # possibly with --force
-
-# continue development
-$ git checkout master
-@end example
-
-Log into taler.net with the account that is @emph{not} active by looking
-at the @cite{sockets} symlink of the @cite{demo} account.
-
-The following instructions wipe out the old deployment completely.
-
-@example
-$ ls -l ~demo/sockets
-
-[...] sockets -> /home/demo-green/sockets/
-@end example
-
-In this case, @cite{demo-green} is the active deployment, and @cite{demo-blue} should be updated.
-After the update is over, the @cite{/home/demo/sockets} symlink will be pointed to @cite{demo-blue}.
-
-@example
-# Remove all existing files; this won't delete dot-files.
-$ rm -fr *
-
-$ git clone /var/git/deployment.git
-# Pick color depending on which one is inactive and being rebuilt.
-$ ./deployment/bootstrap-bluegreen demo [blue|green]
-
-# set environment appropriately
-$ . activate
-$ taler-deployment-build
-
-# (re)generate configuration
-$ taler-deployment-config-generate
-
-# generate signatures
-$ taler-deployment-config-sign
-
-# upgrade the database! this process depends on the specific
-# version. However, exchange and merchant have the
-# taler-@{exchange,merchant@}-dbinit -r command that resets all
-# the tables; the bank might need a tables reset too: refer to
-# django documentation for how to apply migrations to the database.
-
-# generate denomination keys: this is OPTIONAL,
-# as the keys under ~/shared-data might be okay
-# to use.
-$ taler-deployment-keyup
-
-$ taler-deployment-start
-
-# look at the logs, verify that everything is okay
-@end example
-
-Now the symlink can be updated.
+All the services should be reachable at the following URL:
+@code{https://env.taler.net/<username>/<service>[/endopoint[?arg0=x&arg1=y]]}
@node Testing components
@chapter Testing components
@@ -412,7 +297,7 @@ git push origin v0.1.0
@section Database for tests
For tests in the exchange and merchant to run, make sure that
-a database @emph{talertest} is accessible by @emph{$USER}. Otherwise tests
+a database @emph{talercheck} is accessible by @emph{$USER}. Otherwise tests
involving the database logic are skipped.
@section Exchange, merchant
@@ -447,7 +332,6 @@ make dist
@c FIXME: selenium test cases
-
@section Upload to GNU mirrors
See @emph{https://www.gnu.org/prep/maintain/maintain.html#Automated-FTP-Uploads}
@@ -462,4 +346,54 @@ filename: taler-exchange-0.1.0.tar.gz
Upload the files in @b{binary mode} to the ftp servers.
+@node Code
+@chapter Code
+Taler code is versioned via Git. For those users without write access,
+all the codebases are found at the following URL:
+
+@example
+git://git.taler.net/<repository>
+@end example
+
+A complete list of all the existing repositories is currently found at
+@code{https://git.taler.net/}. Note: @code{<repository>} must NOT have
+the @code{.git} extension.
+
+@node Bugtracking
+@chapter Bugtracking
+Bug tracking is done with Mantis (https://www.mantisbt.org/). All the
+bugs are then showed and managed at @code{https://bugs.gnunet.org/}, under
+the "Taler" project. A registration on the Web site is needed in order to
+use the bug tracker.
+
+@node Continuous integration
+@chapter Continuous integration
+CI is done with Buildbot (https://buildbot.net/), and builds are triggered
+by the means of Git hooks. The results are published at @code{https://buildbot.wild.gv.taler.net/}.
+
+In order to avoid downtimes, CI uses a "blue/green" deployment technique.
+In detail, there are two users building code on the system, the "green" and
+the "blue" user; and at any given time, one is running Taler services and
+the other one is either building the code or waiting for that.
+
+There is also the possibility to trigger builds manually, but this is only
+reserved to "admin" users.
+
+@node Code coverage
+@chapter Code coverage
+Code coverage is done with the Gcov / Lcov (http://ltp.sourceforge.net/coverage/lcov.php)
+combo, and it is run *nightly* (once a day) by a Buildbot worker. The
+coverage results are then published at @code{https://lcov.wild.gv.taler.net/}.
+
+@node Demo and Test
+@chapter Demo and Test
+Taler code is normally kept under two Git branches: @code{master} and @code{stable}.
+The first branch keeps the latest code, therefore more experimental and
+unstable. The latter branch is usually pointing at the latest release and
+is expected to be more stable.
+
+Finally, there exist two live systems that run Taler from those two
+branches, and where any user can try the Taler experience. The 'master'
+branch is run at @code{https://test.wild.gv.taler.net/} and 'stable' at
+@code{https://demo.wild.gv.taler.net/}.
@bye
diff --git a/taler-build/invalidate.sh b/taler-build/invalidate.sh
@@ -1,7 +1,7 @@
#!/bin/bash
set -eu
-components="deployment exchange merchant bank gnurl donations blog landing gnunet libmicrohttpd survey backoffice twister"
+components="auditor deployment exchange merchant bank gnurl donations blog landing gnunet libmicrohttpd survey backoffice twister"
for component in $components ; do
cd $HOME/$component
diff --git a/taler-build/update_bank.sh b/taler-build/update_bank.sh
@@ -13,5 +13,5 @@ git reset --hard "$branch"
TALER_CHECKDB=${TALER_CHECKDB:-postgres:///talercheck}
./bootstrap
-./configure --prefix="$HOME/local"
+./configure --prefix="$HOME/local" DEBIAN_PIP3_SYSTEM=--system
TALER_BANK_ALTDB=$TALER_CHECKDB make install check
diff --git a/taler-build/update_landing.sh b/taler-build/update_landing.sh
@@ -15,3 +15,4 @@ AUTOMAKE="automake --foreign" autoreconf -fiv
./configure
cd demo/
make
+chmod -R g+rx *
diff --git a/taler.net/renew-certs.sh b/taler.net/renew-certs.sh
@@ -1,42 +0,0 @@
-#!/usr/bin/env bash
-
-set -eu
-
-systemctl stop nginx
-
-certbot certonly \
- --standalone \
- -d taler.net \
- -d www.taler.net \
- -d api.taler.net \
- -d lcov.taler.net \
- -d git.taler.net \
- -d gauger.taler.net \
- -d buildbot.taler.net \
- -d test.taler.net \
- -d playground.test.taler.net \
- -d auditor.test.taler.net \
- -d auditor.demo.taler.net \
- -d demo.taler.net \
- -d shop.test.taler.net \
- -d shop.demo.taler.net \
- -d survey.test.taler.net \
- -d survey.demo.taler.net \
- -d donations.demo.taler.net \
- -d backend.test.taler.net \
- -d backend.demo.taler.net \
- -d bank.test.taler.net \
- -d bank.demo.taler.net \
- -d www.git.taler.net \
- -d exchange.demo.taler.net \
- -d exchange.test.taler.net \
- -d env.taler.net \
- -d envs.taler.net \
- -d blog.demo.taler.net \
- -d blog.test.taler.net \
- -d donations.test.taler.net \
- -d docs.taler.net \
- -d intranet.taler.net \
- -d stage.taler.net
-
-systemctl start nginx
