[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: dbconfig now also deals with permiss
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: dbconfig now also deals with permissions |
Date: |
Fri, 15 Sep 2023 09:51:40 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new 1f76b31e dbconfig now also deals with permissions
1f76b31e is described below
commit 1f76b31ecd250b211ed102ecda31943c49208d8b
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Fri Sep 15 09:51:31 2023 +0200
dbconfig now also deals with permissions
---
taler-exchange-manual.rst | 46 ++++++++++++++++++++++++++++++++--------------
1 file changed, 32 insertions(+), 14 deletions(-)
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst
index d84214b2..df05fbfc 100644
--- a/taler-exchange-manual.rst
+++ b/taler-exchange-manual.rst
@@ -541,7 +541,7 @@ The following users must have access to the exchange
database:
* taler-exchange-closer
These users are all in the taler-exchange-db group, and the
-``exchange-db.secret.conf`` should already be only readable by users in
+``exchange-db.secret.conf`` should be only readable by users in
this group.
.. note::
@@ -549,8 +549,8 @@ this group.
The **taler-exchange-dbconfig** tool can be used to automate the database
setup. When using the Debian/Ubuntu packages, the users should already have
been created, so you can just run the tool without any arguments and should
- have a working database configuration. Subsequently, must still grant
- access to the other users (see below). (NOTE: we should automate this.)
+ have a working database configuration. The rest of this section only
+ explains what the **taler-exchange-dbconfig** shell script fully automates.
To create a database for the Taler exchange on the local system, run:
@@ -608,17 +608,17 @@ Finally we need to grant the other accounts limited
access:
.. code-block:: shell-session
[root@exchange-online]# sudo -u taler-exchange-httpd bash
- [taler-exchange-httpd@exchange-online]# echo 'GRANT SELECT,INSERT,UPDATE ON
ALL TABLES IN SCHEMA public TO "taler-exchange-aggregator";' \
+ [taler-exchange-httpd@exchange-online]# echo 'GRANT SELECT,INSERT,UPDATE ON
ALL TABLES IN SCHEMA exchange TO "taler-exchange-aggregator";' \
| psql taler-exchange
- [taler-exchange-httpd@exchange-online]# echo 'GRANT SELECT,INSERT,UPDATE ON
ALL TABLES IN SCHEMA public TO "taler-exchange-closer";' \
+ [taler-exchange-httpd@exchange-online]# echo 'GRANT SELECT,INSERT,UPDATE ON
ALL TABLES IN SCHEMA exchange TO "taler-exchange-closer";' \
| psql taler-exchange
- [taler-exchange-httpd@exchange-online]# echo 'GRANT SELECT,INSERT,UPDATE ON
ALL TABLES IN SCHEMA public TO "taler-exchange-wire";' \
+ [taler-exchange-httpd@exchange-online]# echo 'GRANT SELECT,INSERT,UPDATE ON
ALL TABLES IN SCHEMA exchange TO "taler-exchange-wire";' \
| psql taler-exchange
- [taler-exchange-httpd@exchange-online]# echo 'GRANT USAGE ON ALL SEQUENCES
IN SCHEMA public TO "taler-exchange-aggregator";' \
+ [taler-exchange-httpd@exchange-online]# echo 'GRANT USAGE ON ALL SEQUENCES
IN SCHEMA exchange TO "taler-exchange-aggregator";' \
| psql taler-exchange
- [taler-exchange-httpd@exchange-online]# echo 'GRANT USAGE ON ALL SEQUENCES
IN SCHEMA public TO "taler-exchange-closer";' \
+ [taler-exchange-httpd@exchange-online]# echo 'GRANT USAGE ON ALL SEQUENCES
IN SCHEMA exchange TO "taler-exchange-closer";' \
| psql taler-exchange
- [taler-exchange-httpd@exchange-online]# echo 'GRANT USAGE ON ALL SEQUENCES
IN SCHEMA public TO "taler-exchange-wire";' \
+ [taler-exchange-httpd@exchange-online]# echo 'GRANT USAGE ON ALL SEQUENCES
IN SCHEMA exchange TO "taler-exchange-wire";' \
| psql taler-exchange
[taler-exchange-httpd@exchange-online]# exit
@@ -626,7 +626,7 @@ Finally we need to grant the other accounts limited access:
The above instructions for changing database permissions only work *after*
having initialized the database with ``taler-exchange-dbinit``, as
- the tables to exist before permissions can be granted on them. The
+ the tables need to exist before permissions can be granted on them. The
``taler-exchange-dbinit`` tool cannot setup these permissions, as it
does not know which users will be used for which processes.
@@ -2167,10 +2167,27 @@ The database scheme used by the exchange looks as
follows:
Database upgrades
-----------------
-Currently, there is no way to upgrade the database between Taler
-versions.
+Before installing a new exchange version, you should probably make a backup of
+the existing database and study the release notes on migration. In general,
+the way to migrate is to stop all existing Taler exchange processes and run:
-The exchange database can be re-initialized using:
+.. code-block:: console
+
+ $ taler-exchange-dbinit
+
+This will migrate the existing schema to the new schema. You also may need
+to grant Taler exchange processes the rights to the new tables (see last
+step of database setup).
+
+.. note::
+
+ The **taler-exchange-dbconfig** tool can be used to automate the database
+ migration. In general, simply invoking it again should trigger the
+ migration including **taler-exchange-dbinit** and setting the permissions.
+
+
+If you do not want to keep any data from the previous installation, the
+exchange database can be fully re-initialized using:
.. code-block:: console
@@ -2179,7 +2196,8 @@ The exchange database can be re-initialized using:
However, running this command will result in all data in the database
being lost, which may result in significant financial liabilities as the
exchange can then not detect double-spending. Hence this operation must
-not be performed in a production system.
+not be performed in a production system. You still also need to then
+grant the permissions to the other exchange processes again.
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: dbconfig now also deals with permissions,
gnunet <=