wip: mTLS

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-06-10 15:57:25 +03:00 · 2024-06-10 15:57:25 +03:00 · 70e10c509b
commit 70e10c509b
parent 2b6122192a
29 changed files with 618 additions and 8 deletions
--- a/services/storage/docker-compose.yml
+++ b/services/storage/docker-compose.yml
@ -23,6 +23,7 @@ services:
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
+      - ./../../mtls:/wallets/mtls:ro
    stop_signal: SIGTERM
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -35,6 +36,9 @@ services:
      - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
      - FROSTFS_NODE_ATTRIBUTE_2=Price:22
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_1_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_1_key.pem
    healthcheck:
      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
@ -64,6 +68,7 @@ services:
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
+      - ./../../mtls:/wallets/mtls:ro
    stop_signal: SIGTERM
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -76,6 +81,9 @@ services:
      - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
      - FROSTFS_NODE_ATTRIBUTE_2=Price:33
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_2_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_2_key.pem
    healthcheck:
      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
@ -105,6 +113,7 @@ services:
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
+      - ./../../mtls:/wallets/mtls:ro
    stop_signal: SIGTERM
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -117,6 +126,9 @@ services:
      - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
      - FROSTFS_NODE_ATTRIBUTE_2=Price:11
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_3_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_3_key.pem
    healthcheck:
      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
@ -147,6 +159,7 @@ services:
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
+      - ./../../mtls:/wallets/mtls:ro
    stop_signal: SIGTERM
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -164,6 +177,9 @@ services:
      - FROSTFS_GRPC_1_TLS_KEY=/tls.key
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
      - FROSTFS_NODE_ATTRIBUTE_2=Price:44
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_4_cert.pem
+      - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_4_key.pem
    healthcheck:
      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s