[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: -update manual
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: -update manual |
Date: |
Tue, 03 Aug 2021 11:52:08 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new f1fe518 -update manual
f1fe518 is described below
commit f1fe5185be6db8a923e274a38de77d5a90bb3276
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Aug 3 11:52:05 2021 +0200
-update manual
---
taler-exchange-setup-guide.rst | 50 +++++++++++++++++++++++-------------------
1 file changed, 28 insertions(+), 22 deletions(-)
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst
index f867fed..10ac2d7 100644
--- a/taler-exchange-setup-guide.rst
+++ b/taler-exchange-setup-guide.rst
@@ -125,14 +125,14 @@ Services, users, groups and file system hierarchy
The *taler-exchange-httpd* package will create several system users
to compartmentalize different parts of the system:
- * taler-exchange-httpd: the user that runs the HTTP daemon with the core
business logic
- * taler-exchange-secmod-rsa: the user that manages the RSA private online
signing keys
- * taler-exchange-secmod-eddsa: the user that manages the EdDSA private
online signing keys
- * taler-exchange-closer: a helper process that closes reserves
- * taler-exchange-aggregator: a helper process that aggregates deposits into
larger wire transfer requests
- * taler-exchange-wire: the user that performs wire transfers with the bank
- * postgres: the user running the Postgres database (from *postgres* package)
- * www-data: the user running the frontend HTTPS service with the TLS keys
(from *nginx* package)
+ * taler-exchange-httpd: runs the HTTP daemon with the core business logic
+ * taler-exchange-secmod-rsa: manages the RSA private online signing keys
+ * taler-exchange-secmod-eddsa: manages the EdDSA private online signing keys
+ * taler-exchange-closer: closes idle reserves by triggering wire transfers
that refund the originator
+ * taler-exchange-aggregator: aggregates deposits into larger wire transfer
requests
+ * taler-exchange-wire: performs wire transfers with the bank (via
libeufin/nexus)
+ * postgres: runs the Postgres database (from *postgres* package)
+ * www-data: runs the frontend HTTPS service with the TLS keys (from *nginx*
package)
.. note::
@@ -143,28 +143,34 @@ to compartmentalize different parts of the system:
The exchange setup uses the following system groups:
* taler-exchange-db: group for all Taler users with direct database access,
specifically taler-exchange-httpd, taler-exchange-wire, taler-exchange-closer
and taler-exchange-aggregator
- * taler-exchange-secmod: FIXME: how is this used right now?
- * taler-exchange-offline: FIXME: how is this used right now?
+ * taler-exchange-secmod: group for processes with access to online signing
keys, so taler-exchange-secmod-rsa, taler-exchange-secmod-eddsa and
taler-exchange-httpd
+ * taler-exchange-offline: group for the access to the offline private key
(only used on the offline host and not used on the online system)
The package will deploy systemd service files in
``/usr/lib/systemd/system/`` for the various components:
- * taler-exchange-aggregator.service: FIXME - explain
- * taler-exchange-closer.service: FIXME - explain
- * taler-exchange-httpd.service: FIXME - explain
- * taler-exchange-httpd.socket: FIXME - explain
- * taler-exchange-secmod-eddsa.service: FIXME - explain
- * taler-exchange-secmod-rsa.service: FIXME - explain
- * taler-exchange.target: FIXME - explain
- * taler-exchange-transfer.service: FIXME - explain
- * taler-exchange-wirewatch.service: FIXME - explain
+ * taler-exchange-aggregator.service: service that schedules wire transfers
which combine multiple deposits to the same merchant
+ * taler-exchange-closer.service: service that watches for reserves that have
been abandoned and schedules wire transfers to send the money back to the
originator
+ * taler-exchange-httpd.service: main Taler exchange logic with the public
REST API
+ * taler-exchange-httpd.socket: systemd socket activation for the Taler
exchange HTTP daemon
+ * taler-exchange-secmod-eddsa.service: software security module for making
EdDSA signatures
+ * taler-exchange-secmod-rsa.service: software security module for making RSA
signatures
+ * taler-exchange-transfer.service: service that triggers outgoing wire
transfers (pays merchants)
+ * taler-exchange-wirewatch.service: service that watches for incoming wire
transfers (first step of withdraw)
+ * taler-exchange.target: Main target for the Taler exchange to be operational
-(FIXME: Explain the Debian package users, groups and locations. -- anything
missing?)
+The deployment creates the following key locations in the system:
+
+ * /etc/taler/: configuration files
+ * /var/run/taler/: contains the UNIX domain sockets for inter-process
communication (IPC)
+ * /var/lib/taler/: serves as the $HOME for all Taler users and contains
sub-directories
+ with the private keys; which keys are stored here depends on the host:
+
+ - online system: exchange-secmod-eddsa and exchange-secmod-rsa keys
+ - offline system: exchange-offline keys
-FIXME: I do not see how secmod keys are kept isolated from
-the other users!
Basic Setup: Currency and Denominations
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: -update manual,
gnunet <=