From 58bc422f2bdf90eeb9eb40f05f7f737f773f5aea Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Tue, 6 Jul 2021 12:52:22 +0300 Subject: [PATCH] [#90] Added tls cert to nodes Signed-off-by: Denis Kirillov --- services/storage/artifacts.mk | 6 ++++-- services/storage/docker-compose.yml | 9 +++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/services/storage/artifacts.mk b/services/storage/artifacts.mk index 502e985..4293011 100644 --- a/services/storage/artifacts.mk +++ b/services/storage/artifacts.mk @@ -10,6 +10,8 @@ get.storage: echo "req_extensions=san"; \ echo "[san]"; \ echo "subjectAltName=DNS:s04.${LOCAL_DOMAIN}") > ${SSL_CONFIG} +ifeq ($(shell ! test -e ${STORAGE_DIR}/s04tls.key && echo -n yes),yes) @openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \ - -subj "/C=RU/ST=SPB/L=St.Petersburg/O=NSPCC/OU=NSPCC/CN=s04.${LOCAL_DOMAIN}" \ - -keyout ${STORAGE_DIR}/s04tls.key -out ${STORAGE_DIR}/s04tls.crt -extensions san -config ${SSL_CONFIG} + -subj "/C=RU/ST=SPB/L=St.Petersburg/O=NSPCC/OU=NSPCC/CN=s04.${LOCAL_DOMAIN}" \ + -keyout ${STORAGE_DIR}/s04tls.key -out ${STORAGE_DIR}/s04tls.crt -extensions san -config ${SSL_CONFIG} +endif diff --git a/services/storage/docker-compose.yml b/services/storage/docker-compose.yml index 0dbff6d..fae248c 100644 --- a/services/storage/docker-compose.yml +++ b/services/storage/docker-compose.yml @@ -18,6 +18,7 @@ services: - storage_s01:/storage - ./../../vendor/neofs-cli:/neofs-cli - ./healthcheck.sh:/healthcheck.sh + - ./s04tls.crt:/etc/ssl/certs/s04tls.crt stop_signal: SIGKILL env_file: [ ".env", ".storage.env" ] environment: @@ -50,6 +51,7 @@ services: - storage_s02:/storage - ./../../vendor/neofs-cli:/neofs-cli - ./healthcheck.sh:/healthcheck.sh + - ./s04tls.crt:/etc/ssl/certs/s04tls.crt stop_signal: SIGKILL env_file: [ ".env", ".storage.env" ] environment: @@ -82,6 +84,7 @@ services: - storage_s03:/storage - ./../../vendor/neofs-cli:/neofs-cli - ./healthcheck.sh:/healthcheck.sh + - ./s04tls.crt:/etc/ssl/certs/s04tls.crt stop_signal: SIGKILL env_file: [ ".env", ".storage.env" ] environment: @@ -120,10 +123,12 @@ services: env_file: [ ".env", ".storage.env" ] environment: - NEOFS_NODE_KEY=/04.key - - NEOFS_NODE_ADDRESSES=s04.${LOCAL_DOMAIN}:8080 - - NEOFS_GRPC_0_ENDPOINT=s04.${LOCAL_DOMAIN}:8080 + - NEOFS_NODE_ADDRESSES=grpcs://s04.${LOCAL_DOMAIN}:8080 s04.${LOCAL_DOMAIN}:8082 - NEOFS_CONTROL_GRPC_ENDPOINT=s04.${LOCAL_DOMAIN}:8081 + - NEOFS_GRPC_NUM=2 + - NEOFS_GRPC_0_ENDPOINT=s04.${LOCAL_DOMAIN}:8080 - NEOFS_GRPC_0_TLS_ENABLED=true + - NEOFS_GRPC_1_ENDPOINT=s04.${LOCAL_DOMAIN}:8082 - NEOFS_NODE_ATTRIBUTE_0=UN-LOCODE:FI HEL - NEOFS_NODE_ATTRIBUTE_1=Price:44 healthcheck: