commit 8f2973b543a805f54f3c25c59e471c24d82fa8f5
parent f27dd4b9f746ab51f28f6a67da37872c84a1fb1c
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 3 Aug 2021 21:11:02 +0200
-update documentation for modified configuration structure
Diffstat:
2 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst
@@ -270,8 +270,7 @@ EXCHANGE ACCOUNT OPTIONS
An exchange (or merchant) can have multiple bank accounts. The following
options are for sections named “[exchange-account-SOMETHING]”. The ``SOMETHING`` is
arbitrary and should be chosen to uniquely identify the bank account for
-the operator. These options are used by the **taler-exchange-transfer**
-and **taler-exchange-wirewatch** tools.
+the operator. These options are used by the **taler-exchange-aggregator**, **taler-exchange-closer**, **taler-exchange-transfer** and **taler-exchange-wirewatch** tools.
PAYTO_URI
Specifies the payto://-URL of the account. The general format is
@@ -281,6 +280,18 @@ PAYTO_URI
``payto://iban/DE67830654080004822650/`` (providing the BIC is optional).
Note: only the wire-method is actually used from the URI.
+ENABLE_DEBIT
+ Must be set to ``YES`` for the accounts that the
+ **taler-exchange-aggregator** and **taler-exchange-closer** should debit.
+
+ENABLE_CREDIT
+ Must be set to ``YES`` for the accounts that the **taler-exchange-wirewatch**
+ should check for credits. It is yet uncertain if the merchant
+ implementation may check this flag as well.
+
+
+Additionally, for each enabled account there MUST be another matching section named “[exchange-accountcredentials-SOMETHING]”. This section SHOULD be in a ``secret/`` configuration file that is only readable for the **taler-exchange-wirewatch** and **taler-exchange-transfer** processes. It contains the credentials to access the bank account:
+
WIRE_GATEWAY_URL
URL of the wire gateway. Typically of the form
``https://$HOSTNAME[:$PORT]/taler-wire-gateway/$USERNAME/``
@@ -300,14 +311,6 @@ USERNAME
PASSWORD
Password for ``basic`` authentication with the wire gateway.
-ENABLE_DEBIT
- Must be set to ``YES`` for the accounts that the
- **taler-exchange-aggregator** and **taler-exchange-closer** should debit.
-
-ENABLE_CREDIT
- Must be set to ``YES`` for the accounts that the **taler-exchange-wirewatch**
- should check for credits. It is yet uncertain if the merchant
- implementation may check this flag as well.
EXCHANGE COIN OPTIONS
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst
@@ -333,6 +333,12 @@ Next, we need to grant the other accounts limited access:
| sudo -u taler-exchange-httpd psql taler-exchange
[root@exchange-onlie]# echo 'GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA public TO "taler-exchange-wire";' \
| sudo -u taler-exchange-httpd psql taler-exchange
+ [root@exchange-onlie]# echo 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-aggregator";' \
+ | sudo -u taler-exchange-httpd psql taler-exchange
+ [root@exchange-onlie]# echo 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-closer";' \
+ | sudo -u taler-exchange-httpd psql taler-exchange
+ [root@exchange-onlie]# echo 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO "taler-exchange-wire";' \
+ | sudo -u taler-exchange-httpd psql taler-exchange
Assuming the above database setup, the database credentials to configure
@@ -419,7 +425,7 @@ The exchange HTTP service can now be started:
.. code-block:: shell-session
- [root@exchange-online]# systemctl start taler-exchange.service
+ [root@exchange-online]# systemctl start taler-exchange.target
[root@exchange-online]# export BASE_URL=$(taler-config -s exchange -o base_url)
[root@exchange-online]# curl ${BASE_URL}management/keys
