[taler-deployment] branch master updated: work on exchange DB setup

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository deployment.

The following commit(s) were added to refs/heads/master by this push:
     new e8d59be  work on exchange DB setup
e8d59be is described below

commit e8d59be7f8749cdb01608a4d2f170ef2663382e3
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Mar 4 20:06:22 2023 +0100

    work on exchange DB setup
---
 netzbon/setup-exchange.sh | 32 +++++++++++++++++++++++++++-----
 1 file changed, 27 insertions(+), 5 deletions(-)

diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
index a437d6e..a4c9c8d 100755
--- a/netzbon/setup-exchange.sh
+++ b/netzbon/setup-exchange.sh
@@ -41,21 +41,32 @@ then
     exit 1
 fi
 
-# Create master key as root *unless* user already
+# Create master key as taler-exchange-offline *unless* user already
 # set the MASTER_PUBLIC_KEY to some value we can use.
 if test -z ${MASTER_PUBLIC_KEY:-}
 then
     say "Setting up offline key"
-    mkdir -p ~/.local/share/taler/exchange/offline-keys
-    MASTER_PRIV_FILE=~/.local/share/taler/exchange/offline-keys/master.priv
-    gnunet-ecc -g1 ${MASTER_PRIV_FILE}
-    MASTER_PUBLIC_KEY=`gnunet-ecc -p 
~/.local/share/taler/exchange/offline-keys/master.priv`
+    sudo -u taler-exchange-offline mkdir -p 
~/.local/share/taler/exchange/offline-keys
+    sudo -u taler-exchange-offline gnunet-ecc -g1 
~/.local/share/taler/exchange/offline-keys/master.priv
+    MASTER_PUBLIC_KEY=`sudo -u taler-exchange-offline gnunet-ecc -p 
~/.local/share/taler/exchange/offline-keys/master.priv`
 fi
 
 export MASTER_PUBLIC_KEY
 echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/taler-internal.conf
 
 
+say "Setting up exchange database"
+EXCHANGE_DB=talerexchange
+sudo -u postgres | createuser -d taler-exchange-httpd
+sudo -u postgres | createuser -d taler-exchange-wire
+sudo -u postgres | createuser -d taler-exchange-closer
+sudo -u postgres | createuser -d taler-exchange-aggregator
+sudo -u postgres | createdb -O taler-exchange-httpd $EXCHANGE_DB
+
+echo "GRANT CREATE ON DATABASE \"${EXCHANGE_DB}\" TO \"taler-exchange-wire\";" 
| sudo -u postgres psql -f -
+echo "GRANT CREATE ON DATABASE \"${EXCHANGE_DB}\" TO 
\"taler-exchange-closer\";" | sudo -u postgres psql -f -
+echo "GRANT CREATE ON DATABASE \"${EXCHANGE_DB}\" TO 
\"taler-exchange-aggregator\";" | sudo -u postgres psql -f -
+
 say "Configuring exchange"
 
 if test ${ENABLE_TLS} = "y"
@@ -88,12 +99,20 @@ echo -e "[taler]\n"\
         "@inline-secret@ exchange-accountcredentials-default 
../secrets/exchange-accountcredentials-default.secret.conf\n"
      > /etc/taler/conf.d/setup.conf
 
+echo -e "[exchangedb-postgres]\n"\
+        "CONFIG=postgres:///${EXCHANGE_DB}\n"\
+        > /etc/taler/secrets/exchange-db.secret.conf
+chmod 400 /etc/taler/secrets/exchange-db.secret.conf
+chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
+
 echo -e "[exchange-accountcredentials-default]\n"\
         "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n"\
         "WIRE_GATEWAY_AUTH_METHOD=basic\n"\
         "USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n"\
         "PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n"\
      > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chown taler-exchange-wire:taler-exchange-db 
/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
 
 taler-harness deployment gen-coin-config \
               --min-amount ${CURRENCY}:0.01 \
@@ -101,6 +120,9 @@ taler-harness deployment gen-coin-config \
     | sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \
     > /etc/taler/conf.d/${CURRENCY}-coins.conf
 
+say "Initializing exchange database"
+sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf
+
 say "Launching exchange"
 systemctl enable --now taler-exchange
 

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.