parent
99b65b9fa1
commit
aabb1eaf86
9 changed files with 121 additions and 1 deletions
|
@ -3,5 +3,6 @@
|
||||||
basenet
|
basenet
|
||||||
chain
|
chain
|
||||||
morph_chain
|
morph_chain
|
||||||
|
nats
|
||||||
ir
|
ir
|
||||||
storage
|
storage
|
||||||
|
|
4
.env
4
.env
|
@ -18,6 +18,10 @@ IR_IMAGE=nspccdev/neofs-ir
|
||||||
NODE_VERSION=0.27.5
|
NODE_VERSION=0.27.5
|
||||||
NODE_IMAGE=nspccdev/neofs-storage
|
NODE_IMAGE=nspccdev/neofs-storage
|
||||||
|
|
||||||
|
# NATS Server
|
||||||
|
NATS_VERSION=2.7.2
|
||||||
|
NATS_IMAGE=nats
|
||||||
|
|
||||||
# HTTP Gate
|
# HTTP Gate
|
||||||
HTTP_GW_VERSION=0.18.0
|
HTTP_GW_VERSION=0.18.0
|
||||||
HTTP_GW_IMAGE=nspccdev/neofs-http-gw
|
HTTP_GW_IMAGE=nspccdev/neofs-http-gw
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -113,7 +113,7 @@ hosts: vendor/hosts
|
||||||
.PHONY: clean
|
.PHONY: clean
|
||||||
.ONESHELL:
|
.ONESHELL:
|
||||||
clean:
|
clean:
|
||||||
@rm -rf vendor/* services/storage/s04tls.*
|
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
|
||||||
@for svc in $(START_SVCS)
|
@for svc in $(START_SVCS)
|
||||||
do
|
do
|
||||||
vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes`
|
vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes`
|
||||||
|
|
1
services/nats/.env
Symbolic link
1
services/nats/.env
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../.env
|
1
services/nats/.hosts
Normal file
1
services/nats/.hosts
Normal file
|
@ -0,0 +1 @@
|
||||||
|
IPV4_PREFIX.101 nats.LOCAL_DOMAIN
|
7
services/nats/artifacts.mk
Normal file
7
services/nats/artifacts.mk
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# Create new tls certs
|
||||||
|
|
||||||
|
NATS_DIR=$(abspath services/nats)
|
||||||
|
|
||||||
|
get.nats:
|
||||||
|
@echo "⇒ Creating certs for NATS server and clients"
|
||||||
|
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN}
|
31
services/nats/docker-compose.yml
Normal file
31
services/nats/docker-compose.yml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
version: "2.4"
|
||||||
|
services:
|
||||||
|
nats:
|
||||||
|
image: ${NATS_IMAGE}:${NATS_VERSION}
|
||||||
|
domainname: ${LOCAL_DOMAIN}
|
||||||
|
hostname: nats
|
||||||
|
container_name: nats
|
||||||
|
restart: on-failure
|
||||||
|
dns:
|
||||||
|
- ${IPV4_PREFIX}.101
|
||||||
|
networks:
|
||||||
|
nats_int:
|
||||||
|
internet:
|
||||||
|
ipv4_address: ${IPV4_PREFIX}.101
|
||||||
|
volumes:
|
||||||
|
- ./../../vendor/hosts:/etc/hosts
|
||||||
|
- ./nats.conf:/etc/nats/neofs-nats-server.conf
|
||||||
|
- ./server-cert.pem:/certs/server-cert.pem
|
||||||
|
- ./server-key.pem:/certs/server-key.pem
|
||||||
|
- ./ca-cert.pem:/certs/ca-cert.pem
|
||||||
|
stop_signal: SIGKILL
|
||||||
|
env_file: [ ".env" ]
|
||||||
|
command: ["-c", "/etc/nats/neofs-nats-server.conf"]
|
||||||
|
|
||||||
|
networks:
|
||||||
|
nats_int:
|
||||||
|
internet:
|
||||||
|
external: true
|
||||||
|
name: basenet_internet
|
60
services/nats/generate_cert.sh
Executable file
60
services/nats/generate_cert.sh
Executable file
|
@ -0,0 +1,60 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
WORKDIR=$(dirname "$0")
|
||||||
|
LOCAL_DOMAIN=$1
|
||||||
|
|
||||||
|
CA_KEY=$WORKDIR/ca-key.pem
|
||||||
|
CA_CRT=$WORKDIR/ca-cert.pem
|
||||||
|
|
||||||
|
SRV_KEY=$WORKDIR/server-key.pem
|
||||||
|
SRV_REQ=$WORKDIR/server-req.csr
|
||||||
|
SRV_CRT=$WORKDIR/server-cert.pem
|
||||||
|
|
||||||
|
CLI_KEY=$WORKDIR/client-key.pem
|
||||||
|
CLI_REQ=$WORKDIR/client-req.csr
|
||||||
|
CLI_CRT=$WORKDIR/client-cert.pem
|
||||||
|
|
||||||
|
SUBJ="/O=NSPCC"
|
||||||
|
|
||||||
|
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
|
||||||
|
OUT=$(openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1) || {
|
||||||
|
echo "CA certificate was not created"
|
||||||
|
echo $OUT
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
|
||||||
|
OUT=$(openssl req -newkey rsa:4096 -nodes --keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ) || {
|
||||||
|
echo "Server certificate was not created"
|
||||||
|
echo $OUT
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
OUT=$(openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
|
||||||
|
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1)|| {
|
||||||
|
echo "Server certificate was not signed by CA"
|
||||||
|
echo $OUT
|
||||||
|
rm $SRV_REQ
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
rm $SRV_REQ
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
|
||||||
|
OUT=$(openssl req -newkey rsa:4096 -nodes --keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1) || {
|
||||||
|
echo "Client certificate was not created"
|
||||||
|
echo $OUT
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
OUT=$(openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1) || {
|
||||||
|
echo "Client certificate was not signed by CA"
|
||||||
|
echo $OUT
|
||||||
|
rm $CLI_REQ
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
rm $CLI_REQ
|
||||||
|
fi
|
15
services/nats/nats.conf
Normal file
15
services/nats/nats.conf
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
port: 4222
|
||||||
|
monitor_port: 8222
|
||||||
|
|
||||||
|
jetstream {
|
||||||
|
store_dir=nats
|
||||||
|
max_memory_store: 1GB
|
||||||
|
max_file_store: 2GB
|
||||||
|
}
|
||||||
|
|
||||||
|
tls {
|
||||||
|
cert_file: /certs/server-cert.pem
|
||||||
|
key_file: /certs/server-key.pem
|
||||||
|
ca_file: /certs/ca-cert.pem
|
||||||
|
verify: true
|
||||||
|
}
|
Loading…
Reference in a new issue