It was removed from node in TrueCloudLab/frostfs-node#1161. Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
This commit is contained in:
parent
d0c32731f2
commit
fbed759559
13 changed files with 1 additions and 130 deletions
|
@ -1,5 +1,4 @@
|
|||
# Services start/stop order
|
||||
# Will start from top to bottom and stop in reverse
|
||||
nats
|
||||
ir
|
||||
storage
|
||||
|
|
3
.env
3
.env
|
@ -19,9 +19,6 @@ IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
|
|||
NODE_VERSION=0.42.9
|
||||
NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
|
||||
|
||||
# NATS Server
|
||||
NATS_VERSION=2.7.2
|
||||
NATS_IMAGE=nats
|
||||
|
||||
# HTTP Gate
|
||||
HTTP_GW_VERSION=0.30.2
|
||||
|
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -15,4 +15,3 @@ sites/*
|
|||
# Runtime generation keys
|
||||
services/storage/*tls.crt
|
||||
services/storage/*tls.key
|
||||
services/nats/*.pem
|
||||
|
|
2
Makefile
2
Makefile
|
@ -149,7 +149,7 @@ hosts: vendor/hosts
|
|||
.PHONY: clean
|
||||
.ONESHELL:
|
||||
clean:
|
||||
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
|
||||
@rm -rf vendor/* services/storage/s04tls.*
|
||||
@> .int_test.env
|
||||
@for svc in $(PULL_SVCS)
|
||||
do
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
../../.env
|
|
@ -1 +0,0 @@
|
|||
IPV4_PREFIX.101 nats.LOCAL_DOMAIN
|
|
@ -1 +0,0 @@
|
|||
../../.int_test.env
|
|
@ -1,7 +0,0 @@
|
|||
# Create new TLS certs for NATS server and clients
|
||||
|
||||
NATS_DIR=$(abspath services/nats)
|
||||
|
||||
get.nats:
|
||||
@echo "⇒ Creating certs for NATS server and clients"
|
||||
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null
|
|
@ -1,30 +0,0 @@
|
|||
---
|
||||
|
||||
services:
|
||||
nats:
|
||||
image: ${NATS_IMAGE}:${NATS_VERSION}
|
||||
domainname: ${LOCAL_DOMAIN}
|
||||
hostname: nats
|
||||
container_name: nats
|
||||
restart: on-failure
|
||||
dns:
|
||||
- ${IPV4_PREFIX}.101
|
||||
networks:
|
||||
nats_int:
|
||||
internet:
|
||||
ipv4_address: ${IPV4_PREFIX}.101
|
||||
volumes:
|
||||
- ./../../vendor/hosts:/etc/hosts
|
||||
- ./nats.conf:/etc/nats/frostfs-nats-server.conf
|
||||
- ./server-cert.pem:/certs/server-cert.pem
|
||||
- ./server-key.pem:/certs/server-key.pem
|
||||
- ./ca-cert.pem:/certs/ca-cert.pem
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".int_test.env" ]
|
||||
command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
|
||||
|
||||
networks:
|
||||
nats_int:
|
||||
internet:
|
||||
external: true
|
||||
name: basenet_internet
|
|
@ -1,49 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
source bin/helper.sh
|
||||
|
||||
WORKDIR=$(dirname "$0")
|
||||
LOCAL_DOMAIN=$1
|
||||
|
||||
CA_KEY=$WORKDIR/ca-key.pem
|
||||
CA_CRT=$WORKDIR/ca-cert.pem
|
||||
|
||||
SRV_KEY=$WORKDIR/server-key.pem
|
||||
SRV_REQ=$WORKDIR/server-req.csr
|
||||
SRV_CRT=$WORKDIR/server-cert.pem
|
||||
|
||||
CLI_KEY=$WORKDIR/client-key.pem
|
||||
CLI_REQ=$WORKDIR/client-req.csr
|
||||
CLI_CRT=$WORKDIR/client-cert.pem
|
||||
|
||||
SUBJ="/O=TrueCloudLab"
|
||||
|
||||
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
|
||||
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
|
||||
die "CA certificate was not created"
|
||||
fi
|
||||
|
||||
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
|
||||
openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
|
||||
die "Server certificate was not created"
|
||||
|
||||
openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
|
||||
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
|
||||
rm $SRV_REQ
|
||||
die "Server certificate was not signed by CA"
|
||||
}
|
||||
|
||||
rm $SRV_REQ
|
||||
fi
|
||||
|
||||
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
|
||||
openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
|
||||
die "Client certificate was not created"
|
||||
|
||||
openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
|
||||
rm $CLI_REQ
|
||||
die "Client certificate was not signed by CA"
|
||||
}
|
||||
|
||||
rm $CLI_REQ
|
||||
fi
|
|
@ -1,15 +0,0 @@
|
|||
port: 4222
|
||||
monitor_port: 8222
|
||||
|
||||
jetstream {
|
||||
store_dir=nats
|
||||
max_memory_store: 1GB
|
||||
max_file_store: 2GB
|
||||
}
|
||||
|
||||
tls {
|
||||
cert_file: /certs/server-cert.pem
|
||||
key_file: /certs/server-key.pem
|
||||
ca_file: /certs/ca-cert.pem
|
||||
verify: true
|
||||
}
|
|
@ -35,14 +35,6 @@ morph:
|
|||
# Common storage node settings
|
||||
node:
|
||||
attribute_0: "User-Agent:FrostFS/0.34"
|
||||
notification:
|
||||
enabled: true # Turn on object notification service
|
||||
endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint
|
||||
timeout: "6s" # Timeout for object notification client connection
|
||||
default_topic: "test" # Default topic for object notifications if not found in object's meta
|
||||
certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate
|
||||
key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key
|
||||
ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate
|
||||
|
||||
# Tree section
|
||||
tree:
|
||||
|
|
|
@ -18,9 +18,6 @@ services:
|
|||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
|
@ -58,9 +55,6 @@ services:
|
|||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
|
@ -98,9 +92,6 @@ services:
|
|||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
|
@ -139,9 +130,6 @@ services:
|
|||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./s04tls.crt:/tls.crt
|
||||
- ./s04tls.key:/tls.key
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
|
|
Loading…
Reference in a new issue