merchant: start/health + certbot_renew (container nginx TLS :8081, ACME :8082)
This commit is contained in:
parent
ad85a60c62
commit
4823c8f602
13 changed files with 795 additions and 0 deletions
56
scripts/taler-merchant/README.md
Normal file
56
scripts/taler-merchant/README.md
Normal file
|
|
@ -0,0 +1,56 @@
|
|||
# taler-merchant scripts
|
||||
|
||||
Mirrored from podman `taler-hacktivism`.
|
||||
|
||||
| File | Location in container | User |
|
||||
|------|----------------------|------|
|
||||
| `start_base_services_for_taler.sh` | `/root/` | root |
|
||||
| `start_merchant.sh` | `/usr/local/bin/` | `taler-merchant-httpd` |
|
||||
| `ensure_merchant_helpers.sh` | `/usr/local/bin/` | root → `taler-merchant-httpd` |
|
||||
| `setup_credit_facade.sh` | host root (`/root/koopa-admin-log/…`) | root on koopa |
|
||||
| `check_merchant-health.sh` | `/usr/local/bin/` | any |
|
||||
| `certbot_renew.sh` | `/root/scripts/` | root (bg from base) |
|
||||
| `stats--merchant-payments.sh` | `/usr/local/bin/` | ops |
|
||||
| `taler-hacktivism-email-helper.sh` | `/usr/local/bin/` | merchant (SMTP password via env in git mirror) |
|
||||
| `taler-hacktivism-sms-helper-wrapper.sh` | `/usr/local/bin/` | merchant |
|
||||
|
||||
### Settlement (wired / transfers)
|
||||
|
||||
Automatic import needs:
|
||||
|
||||
1. **`credit_facade_url`** = `…/accounts/$BANK_USER/taler-revenue/` (not `taler-wire-gateway/`)
|
||||
2. **Bearer** bank token in `credit_facade_credentials` (Basic fails on history)
|
||||
3. Running **`taler-merchant-wirewatch`** + **`taler-merchant-depositcheck`**
|
||||
|
||||
```bash
|
||||
# on koopa as root
|
||||
./setup_credit_facade.sh
|
||||
./ensure_merchant_helpers.sh # inside container or via start_merchant
|
||||
```
|
||||
|
||||
SMS backends are symlinks into `/var/taler-src/...` (not copied).
|
||||
|
||||
## Usage
|
||||
|
||||
```bash
|
||||
# root in container
|
||||
./start_base_services_for_taler.sh
|
||||
# then as taler-merchant-httpd in /usr/local/bin:
|
||||
./start_merchant.sh --restart
|
||||
# nginx (TLS frontend) if not already up — root:
|
||||
# /etc/init.d/nginx start
|
||||
./check_merchant-health.sh
|
||||
```
|
||||
|
||||
### `check_merchant-health.sh`
|
||||
|
||||
| Check | Severity |
|
||||
|-------|----------|
|
||||
| socket + listener + httpd + nginx | FAIL |
|
||||
| merchant `/config` (unix sock or `:9010`) | FAIL |
|
||||
| each enabled `[merchant-exchange-*]`: `GET …/keys` | FAIL |
|
||||
| `MASTER_KEY` matches `master_public_key` in `/keys` | FAIL |
|
||||
| helpers (webhook, exchangekeyupdate, depositcheck) | WARN |
|
||||
|
||||
Disabled exchanges (`DISABLED = YES`) are skipped.
|
||||
If public exchange URL is unreachable from the container, falls back to `http://127.0.0.1:9011/keys` (and pasta host IPs).
|
||||
Loading…
Add table
Add a link
Reference in a new issue