[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-ansible-taler-exchange] branch master updated: work on challenger
|
From: |
gnunet |
|
Subject: |
[taler-ansible-taler-exchange] branch master updated: work on challenger setup |
|
Date: |
Sat, 23 Nov 2024 23:13:12 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository ansible-taler-exchange.
The following commit(s) were added to refs/heads/master by this push:
new 5033ad0 work on challenger setup
5033ad0 is described below
commit 5033ad04c2a81b2aaff91f0f9147a141bc9b26df
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Nov 23 23:13:09 2024 +0100
work on challenger setup
---
playbooks/test-secrets.yml | 5 +
.../systemd/system/email-challenger-httpd.service | 17 +++
.../systemd/system/postal-challenger-httpd.service | 19 ++++
.../systemd/system/sms-challenger-httpd.service | 2 +-
roles/challenger/tasks/main.yml | 123 ++++++++++++++++++++-
.../etc/challenger/postal-challenger.env.j2 | 6 +
.../{sms-challenger.env => sms-challenger.env.j2} | 0
7 files changed, 167 insertions(+), 5 deletions(-)
diff --git a/playbooks/test-secrets.yml b/playbooks/test-secrets.yml
index d6a5309..060eee0 100644
--- a/playbooks/test-secrets.yml
+++ b/playbooks/test-secrets.yml
@@ -12,5 +12,10 @@ LIBEUFIN_NEXUS_EBICS_SYSTEM_ID = PFC00664
# Authorization token for the telesign SMS service
SMS_CHALLENGER_TELESIGN_AUTH_TOKEN = my-auth-token
+# Authorization data for the pingen postal service
+POSTAL_CHALLENGER_PINGEN_CLIENT_ID = myid
+POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET = mysecret
+POSTAL_CHALLENGER_PINGEN_ORG_ID = orgid
+
# KYCaid access token
EXCHANGE_KYCAID_ACCESS_TOKEN = FIXME
diff --git
a/roles/challenger/files/etc/systemd/system/email-challenger-httpd.service
b/roles/challenger/files/etc/systemd/system/email-challenger-httpd.service
new file mode 100644
index 0000000..40f7f61
--- /dev/null
+++ b/roles/challenger/files/etc/systemd/system/email-challenger-httpd.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Email Challenger backend
+
+[Service]
+User=challenger-httpd
+Group=challenger-email
+Type=simple
+Restart=always
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+RuntimeMaxSec=3600s
+ExecStart=/usr/bin/challenger-httpd -c /etc/challenger/email-challenger.conf
-L INFO
+
+
+[Install]
+WantedBy=multi-user.target
diff --git
a/roles/challenger/files/etc/systemd/system/postal-challenger-httpd.service
b/roles/challenger/files/etc/systemd/system/postal-challenger-httpd.service
new file mode 100644
index 0000000..0b11958
--- /dev/null
+++ b/roles/challenger/files/etc/systemd/system/postal-challenger-httpd.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Postal challenger backend
+
+[Service]
+User=challenger-httpd
+Group=challenger-postal
+Type=simple
+Restart=always
+RestartMode=direct
+RestartSec=1s
+RestartPreventExitStatus=2 3 4 5 6 9
+RuntimeMaxSec=3600s
+ExecStart=/usr/bin/challenger-httpd -c /etc/challenger/postal-challenger.conf
-L INFO
+# Used to set the credentials for the challenger-send-post.sh script.
+EnvironmentFile=/etc/challenger/postal-challenger.env
+
+
+[Install]
+WantedBy=multi-user.target
diff --git
a/roles/challenger/files/etc/systemd/system/sms-challenger-httpd.service
b/roles/challenger/files/etc/systemd/system/sms-challenger-httpd.service
index 8879157..8a4b15b 100644
--- a/roles/challenger/files/etc/systemd/system/sms-challenger-httpd.service
+++ b/roles/challenger/files/etc/systemd/system/sms-challenger-httpd.service
@@ -1,5 +1,5 @@
[Unit]
-Description=Challenger backend
+Description=SMS Challenger backend
[Service]
User=challenger-httpd
diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml
index bbd5416..c277a3a 100644
--- a/roles/challenger/tasks/main.yml
+++ b/roles/challenger/tasks/main.yml
@@ -5,6 +5,18 @@
state: stopped
enabled: false
+- name: Ensure email challenger service is stopped before we upgrade
+ ansible.builtin.systemd_service:
+ name: email-challenger
+ state: stopped
+ enabled: false
+
+- name: Ensure postal challenger service is stopped before we upgrade
+ ansible.builtin.systemd_service:
+ name: postal-challenger
+ state: stopped
+ enabled: false
+
- name: Install Challenger package
apt:
name:
@@ -17,6 +29,16 @@
name: challenger-sms
state: present
+- name: Ensure group "challenger-postal" exists
+ ansible.builtin.group:
+ name: challenger-postal
+ state: present
+
+- name: Ensure group "challenger-email" exists
+ ansible.builtin.group:
+ name: challenger-email
+ state: present
+
- name: Place SMS challenger config
ansible.builtin.template:
src: templates/etc/challenger/challenger-sms.conf.j2
@@ -43,17 +65,17 @@
- name: Setup SMS Challenger database
shell:
- cmd: challenger-dbconfig -c /etc/challenger/sms-challenger.conf
+ cmd: challenger-dbconfig -c /etc/challenger/sms-challenger.conf -u
challenger-sms -n challenger-sms
chdir: /tmp
- name: Setup Postal Challenger database
shell:
- cmd: challenger-dbconfig -c /etc/challenger/postal-challenger.conf
+ cmd: challenger-dbconfig -c /etc/challenger/postal-challenger.conf -u
challenger-postal -n challenger-postal
chdir: /tmp
- name: Setup email Challenger database
shell:
- cmd: challenger-dbconfig -c /etc/challenger/email-challenger.conf
+ cmd: challenger-dbconfig -c /etc/challenger/email-challenger.conf -u
challenger-email -n challenger-email
chdir: /tmp
- name: Ensure Ansible facts directory dir exists
@@ -67,12 +89,29 @@
# Ensures we only run when the file does not yet exist
creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact
+# FIXME: these 3 can probably be combined, figure out how...
- name: sms-challenger: force ansible to regather just created fact(s)
setup: filter='sms-challenger-client-secret'
+- name: email-challenger: force ansible to regather just created fact(s)
+ setup: filter='email-challenger-client-secret'
+
+- name: postal-challenger: force ansible to regather just created fact(s)
+ setup: filter='postal-challenger-client-secret'
+
- name: Setup SMS Challenger exchange account
shell:
- cmd: challenger-admin -c /etc/challenger/sms-challenger.conf --quiet
--add={{
ansible_local['sms-challenger-client-secret']['sms-challenger']['CLIENT_SECRET']
}} {{ EXCHANGE_BASE_URL }}kyc-proof | awk '{print
"[sms-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/sms-challenger-client-id.fact
+ cmd: challenger-admin -c /etc/challenger/sms-challenger.conf --quiet
--add={{
ansible_local['sms-challenger-client-secret']['sms-challenger']['CLIENT_SECRET']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/sms-challenger | awk '{print
"[sms-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/sms-challenger-client-id.fact
+ chdir: /tmp
+
+- name: Setup Email Challenger exchange account
+ shell:
+ cmd: challenger-admin -c /etc/challenger/email-challenger.conf --quiet
--add={{
ansible_local['email-challenger-client-secret']['email-challenger']['CLIENT_SECRET']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/email-challenger | awk '{print
"[email-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/email-challenger-client-id.fact
+ chdir: /tmp
+
+- name: Setup Postal Challenger exchange account
+ shell:
+ cmd: challenger-admin -c /etc/challenger/postal-challenger.conf --quiet
--add={{
ansible_local['postal-challenger-client-secret']['postal-challenger']['CLIENT_SECRET']
}} {{ EXCHANGE_BASE_URL }}kyc-proof/postal-challenger | awk '{print
"[postal-challenger]\nCLIENT_ID="$1"\n\n"}' >
/etc/ansible/facts.d/postal-challenger-client-id.fact
chdir: /tmp
- name: Place SMS challenger exchange config
@@ -83,6 +122,22 @@
group: challenger-sms
mode: 0640
+- name: Place email challenger exchange config
+ ansible.builtin.template:
+ src: templates/etc/taler-exchange/config.d/email-challenger.conf.j2
+ dest: "/etc/taler-exchange/config.d/email-challenger.conf"
+ owner: root
+ group: challenger-email
+ mode: 0640
+
+- name: Place postal challenger exchange config
+ ansible.builtin.template:
+ src: templates/etc/taler-exchange/config.d/postal-challenger.conf.j2
+ dest: "/etc/taler-exchange/config.d/postal-challenger.conf"
+ owner: root
+ group: challenger-postal
+ mode: 0640
+
- name: Place SMS challenger environment data
ansible.builtin.template:
src: templates/etc/challenger/sms-challenger.env.j2
@@ -91,11 +146,29 @@
group: challenger-sms
mode: 0640
+- name: Place postal challenger environment data
+ ansible.builtin.template:
+ src: templates/etc/challenger/postal-challenger.env.j2
+ dest: "/etc/challenger/postal-challenger.env
+ owner: root
+ group: challenger-postal
+ mode: 0640
+
- name: Place sms-challenger systemd service file
copy:
src: etc/systemd/system/sms-challenger-httpd.service
dest: "/etc/systemd/system/sms-challenger-httpd.service
+- name: Place postal-challenger systemd service file
+ copy:
+ src: etc/systemd/system/poastal-challenger-httpd.service
+ dest: "/etc/systemd/system/postal-challenger-httpd.service
+
+- name: Place email-challenger systemd service file
+ copy:
+ src: etc/systemd/system/email-challenger-httpd.service
+ dest: "/etc/systemd/system/email-challenger-httpd.service
+
- name: Ensure SMS challenger service is enabled and started
ansible.builtin.systemd_service:
deamon_reload: true
@@ -103,6 +176,18 @@
state: started
enabled: true
+- name: Ensure email challenger service is enabled and started
+ ansible.builtin.systemd_service:
+ name: email-challenger
+ state: started
+ enabled: true
+
+- name: Ensure postal challenger service is enabled and started
+ ansible.builtin.systemd_service:
+ name: postal-challenger
+ state: started
+ enabled: true
+
- name: Place SMS challenger Nginx configuration
ansible.builtin.template:
src: templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2
@@ -117,3 +202,33 @@
dest: /etc/nginx/sites-enabled/sms-challenger-nginx.conf
state: link
notify: restart nginx
+
+- name: Place email challenger Nginx configuration
+ ansible.builtin.template:
+ src: templates/etc/nginx/sites-available/email-challenger-nginx.conf.j2
+ dest: "/etc/nginx/sites-available/email-challenger-nginx.conf
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Enable email challenger reverse proxy configuration
+ file:
+ src: /etc/nginx/sites-available/email-challenger-nginx.conf
+ dest: /etc/nginx/sites-enabled/email-challenger-nginx.conf
+ state: link
+ notify: restart nginx
+
+- name: Place postal challenger Nginx configuration
+ ansible.builtin.template:
+ src: templates/etc/nginx/sites-available/postal-challenger-nginx.conf.j2
+ dest: "/etc/nginx/sites-available/postal-challenger-nginx.conf
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Enable postal challenger reverse proxy configuration
+ file:
+ src: /etc/nginx/sites-available/postal-challenger-nginx.conf
+ dest: /etc/nginx/sites-enabled/postal-challenger-nginx.conf
+ state: link
+ notify: restart nginx
diff --git a/roles/challenger/templates/etc/challenger/postal-challenger.env.j2
b/roles/challenger/templates/etc/challenger/postal-challenger.env.j2
new file mode 100644
index 0000000..8512df5
--- /dev/null
+++ b/roles/challenger/templates/etc/challenger/postal-challenger.env.j2
@@ -0,0 +1,6 @@
+# systemd environment file for challenger-httpd
+# Provides secrets needed.
+# Set to pingen.ch auth token!
+CLIENT_ID={{ POSTAL_CHALLENGER_PINGEN_CLIENT_ID }}
+CLIENT_SECRET={{ POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET }}
+ORG_ID={{ POSTAL_CHALLENGER_PINGEN_ORG_ID }}
diff --git a/roles/challenger/templates/etc/challenger/sms-challenger.env
b/roles/challenger/templates/etc/challenger/sms-challenger.env.j2
similarity index 100%
rename from roles/challenger/templates/etc/challenger/sms-challenger.env
rename to roles/challenger/templates/etc/challenger/sms-challenger.env.j2
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.