From 70e10c509b0425e27509a48dfd80a06e4fe4e3f3 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Mon, 10 Jun 2024 15:57:25 +0300 Subject: [PATCH 01/37] wip: mTLS Signed-off-by: Evgenii Stratonikov --- .env | 12 +++---- mtls/CA.cnf | 12 +++++++ mtls/CA1_cert.pem | 25 +++++++++++++++ mtls/CA1_cert.srl | 1 + mtls/CA1_key.pem | 28 +++++++++++++++++ mtls/CA2_cert.pem | 25 +++++++++++++++ mtls/CA2_cert.srl | 1 + mtls/CA2_key.pem | 28 +++++++++++++++++ mtls/generate | 38 +++++++++++++++++++++++ mtls/peer1.cnf | 23 ++++++++++++++ mtls/peer2.cnf | 23 ++++++++++++++ mtls/peer3.cnf | 23 ++++++++++++++ mtls/peer4.cnf | 23 ++++++++++++++ mtls/peerCA1_1_cert.pem | 24 ++++++++++++++ mtls/peerCA1_1_key.pem | 28 +++++++++++++++++ mtls/peerCA1_X_cert.pem | 24 ++++++++++++++ mtls/peerCA1_X_key.pem | 28 +++++++++++++++++ mtls/peerCA2_1_cert.pem | 24 ++++++++++++++ mtls/peerCA2_1_key.pem | 28 +++++++++++++++++ mtls/peerCA2_2_cert.pem | 24 ++++++++++++++ mtls/peerCA2_2_key.pem | 28 +++++++++++++++++ mtls/peerCA2_3_cert.pem | 24 ++++++++++++++ mtls/peerCA2_3_key.pem | 28 +++++++++++++++++ mtls/peerCA2_4_cert.pem | 24 ++++++++++++++ mtls/peerCA2_4_key.pem | 28 +++++++++++++++++ mtls/peerX.cnf | 23 ++++++++++++++ services/morph_chain/docker-compose.yml | 1 + services/morph_chain/protocol.privnet.yml | 12 +++++-- services/storage/docker-compose.yml | 16 ++++++++++ 29 files changed, 618 insertions(+), 8 deletions(-) create mode 100644 mtls/CA.cnf create mode 100644 mtls/CA1_cert.pem create mode 100644 mtls/CA1_cert.srl create mode 100644 mtls/CA1_key.pem create mode 100644 mtls/CA2_cert.pem create mode 100644 mtls/CA2_cert.srl create mode 100644 mtls/CA2_key.pem create mode 100755 mtls/generate create mode 100644 mtls/peer1.cnf create mode 100644 mtls/peer2.cnf create mode 100644 mtls/peer3.cnf create mode 100644 mtls/peer4.cnf create mode 100644 mtls/peerCA1_1_cert.pem create mode 100644 mtls/peerCA1_1_key.pem create mode 100644 mtls/peerCA1_X_cert.pem create mode 100644 mtls/peerCA1_X_key.pem create mode 100644 mtls/peerCA2_1_cert.pem create mode 100644 mtls/peerCA2_1_key.pem create mode 100644 mtls/peerCA2_2_cert.pem create mode 100644 mtls/peerCA2_2_key.pem create mode 100644 mtls/peerCA2_3_cert.pem create mode 100644 mtls/peerCA2_3_key.pem create mode 100644 mtls/peerCA2_4_cert.pem create mode 100644 mtls/peerCA2_4_key.pem create mode 100644 mtls/peerX.cnf diff --git a/.env b/.env index ad96218..081a8d0 100644 --- a/.env +++ b/.env @@ -12,12 +12,12 @@ NEOGO_VERSION=0.104.0 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes -IR_VERSION=0.38.5 -IR_IMAGE=truecloudlab/frostfs-ir +IR_VERSION=0.40.0-7-gc1cdd5d4 +IR_IMAGE=truecloudlab/frostfs-dirty-ir # FrostFS Storage nodes -NODE_VERSION=0.38.5 -NODE_IMAGE=truecloudlab/frostfs-storage +NODE_VERSION=0.40.0-7-gc1cdd5d4 +NODE_IMAGE=truecloudlab/frostfs-dirty-storage # NATS Server NATS_VERSION=2.7.2 @@ -41,12 +41,12 @@ LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a0567 # FrostFS CLI binary FROSTFS_CLI_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/BtA6zWLtoDuDnzxSNkKPjyN5hGuSZFxGuJD1gh8kBwkP -#FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary +FROSTFS_CLI_PATH=/repo/frostfs/node/bin/frostfs-cli # FrostFS ADM tool binary FROSTFS_ADM_VERSION=498f9955ea FROSTFS_ADM_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/CjV4S6ENzo2FLK4KxXZHHNW4veR1ATtynGY6Mc1xQ6RB -#FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary +FROSTFS_ADM_PATH=/repo/frostfs/node/bin/frostfs-adm # Compiled FrostFS Smart Contracts FROSTFS_CONTRACTS_VERSION=694daebb19 diff --git a/mtls/CA.cnf b/mtls/CA.cnf new file mode 100644 index 0000000..da40d99 --- /dev/null +++ b/mtls/CA.cnf @@ -0,0 +1,12 @@ +[ req ] +prompt = no +distinguished_name = req_distinguished_name + +[ req_distinguished_name ] +C = US +ST = Localzone +L = localhost +O = Neo Go Testing Certificate Authority +OU = Develop +CN = localdomain +emailAddress = root@localhost.localdomain diff --git a/mtls/CA1_cert.pem b/mtls/CA1_cert.pem new file mode 100644 index 0000000..b278f13 --- /dev/null +++ b/mtls/CA1_cert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELTCCAxWgAwIBAgIUAl4u/vkkFmeCbVpk8qMZFDW33rUwDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI1NjQ3WhcNMjkwNjA5MTI1NjQ3WjCBtzELMAkGA1UEBhMCVVMxEjAQ +BgNVBAgMCUxvY2Fsem9uZTESMBAGA1UEBwwJbG9jYWxob3N0MS0wKwYDVQQKDCRO +ZW8gR28gVGVzdGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAsMB0Rl +dmVsb3AxFDASBgNVBAMMC2xvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290 +QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMVyBc7NiwqjG9fWBv2oObgPWtEdN4a5vBvSzV1f/eQTLGoFwjk9A0gY +PgAExUSmgTgfsIwHr1nSstMwGHh3/TEAKTGFOU3ifDT102XlKf8qKoCFASBe5nRo +WRmCi+SUTLBe3170ZCwMTGNpg4oq7jJVi0jccXFzr6qPRpq97FjxSUZYRCjB/o7j +H+tdrwkUMCwhkMYcs5Vm5pvvdCp+j/AwOvo4fcxDqlXptR5WIOLknWZ1sMvJoS4T +q33M1FhpQ0BANhZrgV2kzSyb6t6MzfDVORPpmE+oGaYbeT3azAYyX1UNsl2UZf2A +QbjB50nbl7A+eCVp8rTRcARn/BFeo/ECAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd +BgNVHQ4EFgQU+0bqFVosQLCN5mK4JVlLv7ZfU44wDQYJKoZIhvcNAQELBQADggEB +AJglNSyga1zX+JLRbTJRch8wW3TM5iwf9FbwgLhEPu4i1ZXFVTjT/roJ1r765YLW +34tzk+SeK0G9VPdz4RS7NigE8hjfPpIN6n+LWZ7Cfs3okqmd6klRplIaQNbptWbc +wRuByGFKUu+AxOW0/QRoYa+qxNwJkeI1/ZbaNhDlHFNOdmuDujcQLdH8C4eWK3rS +juDDRlXKmrGNi09E7n7JI4mHcEVIBJWFxE1J9MTkT9sWJCqTnHyEVzxDHC4Guwhd +8+4bDeHpt/s5wYjtwJObNbZXplvrsZ6o3BMUnU8SJYpwNyTDrn2QDkDEvTbjQHGF +WM/mcBKQM3uekzpp/BDTvok= +-----END CERTIFICATE----- diff --git a/mtls/CA1_cert.srl b/mtls/CA1_cert.srl new file mode 100644 index 0000000..8c9b607 --- /dev/null +++ b/mtls/CA1_cert.srl @@ -0,0 +1 @@ +28484A1BD594A9F1C28B5F1E4D45010D923E9D17 diff --git a/mtls/CA1_key.pem b/mtls/CA1_key.pem new file mode 100644 index 0000000..e298a9e --- /dev/null +++ b/mtls/CA1_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFcgXOzYsKoxvX +1gb9qDm4D1rRHTeGubwb0s1dX/3kEyxqBcI5PQNIGD4ABMVEpoE4H7CMB69Z0rLT +MBh4d/0xACkxhTlN4nw09dNl5Sn/KiqAhQEgXuZ0aFkZgovklEywXt9e9GQsDExj +aYOKKu4yVYtI3HFxc6+qj0aavexY8UlGWEQowf6O4x/rXa8JFDAsIZDGHLOVZuab +73Qqfo/wMDr6OH3MQ6pV6bUeViDi5J1mdbDLyaEuE6t9zNRYaUNAQDYWa4FdpM0s +m+rejM3w1TkT6ZhPqBmmG3k92swGMl9VDbJdlGX9gEG4wedJ25ewPnglafK00XAE +Z/wRXqPxAgMBAAECggEAAm+9axDfI9p8DFQnPfkgnQu+9hdGmp3HLgnM7Wzdoniw +WXlWAoxFF+jZLIQX41ihk0se++ENJgDh19XHSobIB9iUZDicYBCQ50YnOvyFRyFg +A4Sd/UEAi5GSqRF9kec41vZqanF+J4s/ZCdpXLKk4c0A5lKhPtTjselkAJfiWegF +oAmbIGKHMzaIQX47lawwzmEqvolzVfHAn5ERB/N4bG/LCCwHcQHcXexVvKO6dkEu +ZlaV6E6UF82SuZQ9V4dpy9GTnsfXRe4/u1FKDTikMn05TKmE+dMvax5wUuE9non9 +Q/6Fhv1Ex/GKRXkjMq8ZQhXL6oSqpW/2jQnFnn4OoQKBgQDg+cTEBicbrU4U58IX +WpsMeS21uBTD/6EkJOaZ9FN/GKDV5Dr9H4sFGhTLrYgko5hDb2gVBwDH+6bz3W2O +MH0qH9cMSd5TkHFwrnN6kALICAz9Kuht8wsZ0o7KQ67l8aBKll85xcBXSUdFP0Qa +jag/iycbmQoDumjAjIMJWK1tIQKBgQDgrF0bs16JnjWscc1pI8CIrL4EUA4Od+dO +JuorU9m9bbgRWcp5+DUiT7eAZs+72UW4lhvmjBFjkKnJ5EuzGDtXv8QalzS7wk/2 +wvXkYH6qmpL54xZKcQhB/LTHF5cA8cMpTkawnkbP5r+fKW1xhVnNnhtMVMt0T1+f +FICPUksM0QKBgE/e/MdnM800qurrGNI3vaIhB2RjdSPchnYRj7kKr/YIZVlqjLK+ +1xk5mDZzZkkzt2QBkl8cvF9DbZNYgoOfnWAuK6fWNdNPDacmmCLkK8ieaxYafKhE +SCWjxkPy4Y4LSZARcL9PAKk8f8wK2P/gWOIuYfT/UTnfnT7247KWxANhAoGAezLp +B4SPJYWExx/MVIgPTqLyu2iunI5xXvCF3eZn8rDUi2ciWUma0UrHQ/icltRon/Ro +Lj7GVkOAZz3xqK5z9AUq4q3hc8f0k0qLDYVAUArc53v3wDBFJ/ILq1SrMBBiRScw +Ki9QgzZ0AzHzWpmWCeNV8sBYpFnWBGR4rp6gmtECgYAQd7BM8vVZYrr7xxe4P7Mc +NqaHeMpQIMwxz+jHYUhdD/3x+b+CUuJSbhgHRfJDzflFWta/uU7yvJFS+f7m5qY7 +cm7r0kpgqDY2Xxxc0HhwKH+P910O/t2GiGyiMQ7L718N07bzvGoPpfZ0/uCYkuCZ +IRv6ALK/ouAnK0WH8XhPqw== +-----END PRIVATE KEY----- diff --git a/mtls/CA2_cert.pem b/mtls/CA2_cert.pem new file mode 100644 index 0000000..59e67da --- /dev/null +++ b/mtls/CA2_cert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIELTCCAxWgAwIBAgIURsb3aadMNs6EbRHLMc4CLL8+VK8wDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI1NjQ3WhcNMjkwNjA5MTI1NjQ3WjCBtzELMAkGA1UEBhMCVVMxEjAQ +BgNVBAgMCUxvY2Fsem9uZTESMBAGA1UEBwwJbG9jYWxob3N0MS0wKwYDVQQKDCRO +ZW8gR28gVGVzdGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAsMB0Rl +dmVsb3AxFDASBgNVBAMMC2xvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290 +QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALuspJrObn4Y77sVYy662fsX6iZEx5bqVU/QTI3EiVN30D8MI3bXiJhv +JwhTGmKib0ItbnKitiBSEnoqH8BJ5ov91f1vxY86/b7+2KMGj9LYIxGW/kQbfp54 +Vd5Y+ift38BTIQsgQo6P2FNLj7x3ioO075uVW+SYK8/qG9XyLoCZ06ZXe5qR+E6m +7dz9Vd2y0M7QAE7bBN/0qcxcUcxoPW7/VCNyv29lQHp4tJpoQouSWecXaZ2a4a4S +kDpwfyvPmWUu5hmbSux+H7YKKE9ON0cE5D/Z5N1CbdvmBeV9hj9NxzTGPubgFUsW +hPjSdxjpN1O5AKW24v7GcNC3UA9UKb8CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd +BgNVHQ4EFgQU0+kGQFiWIDP03GME25h0Nek19MgwDQYJKoZIhvcNAQELBQADggEB +AHrXaLIyeaD7lO7siru7Zc5PPt4XnVhiWULeK6i/rWosEx9I1/i5lpBq4vI+MKAO +wBcdEpVtce0aUiBN3ia8HicHDkABQTRktEkKz/qqgRsfLi5jscvplcy/+k/xnNhL ++dCaZDFC1+TpH3enhL6y2Qfyj58sUwQDZmN4n5fQEfWnD0LH7g+SHFczR3Bqapop +RGGfMtexCivXbbYiYOBHN3JWrd8/OFhLlW2JN/o8kdpNE2ERj/B4bMPZQl/gG9tP +A3ugvQKuu2Abbf723+2dDDIrMsf0A3Bq3+EZQVrYBXaT2LkLypa+ulDH5UGRyc3e +D1vqIH16LN5VWd0p0hsJDhw= +-----END CERTIFICATE----- diff --git a/mtls/CA2_cert.srl b/mtls/CA2_cert.srl new file mode 100644 index 0000000..7106df0 --- /dev/null +++ b/mtls/CA2_cert.srl @@ -0,0 +1 @@ +2A340296D6CDD0E6A8F678126AC75B1DA2019ACE diff --git a/mtls/CA2_key.pem b/mtls/CA2_key.pem new file mode 100644 index 0000000..b848e83 --- /dev/null +++ b/mtls/CA2_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7rKSazm5+GO+7 +FWMuutn7F+omRMeW6lVP0EyNxIlTd9A/DCN214iYbycIUxpiom9CLW5yorYgUhJ6 +Kh/ASeaL/dX9b8WPOv2+/tijBo/S2CMRlv5EG36eeFXeWPon7d/AUyELIEKOj9hT +S4+8d4qDtO+blVvkmCvP6hvV8i6AmdOmV3uakfhOpu3c/VXdstDO0ABO2wTf9KnM +XFHMaD1u/1Qjcr9vZUB6eLSaaEKLklnnF2mdmuGuEpA6cH8rz5llLuYZm0rsfh+2 +CihPTjdHBOQ/2eTdQm3b5gXlfYY/Tcc0xj7m4BVLFoT40ncY6TdTuQCltuL+xnDQ +t1APVCm/AgMBAAECggEABhiCHYfITaQ1tS0+qXfm40xQOKn8lEmhjRQbnccycVma +PqdVnOM8oTw1rQQ1/oTUJEwheEESCqlfxu6zVVA72B7d4nt3k+1l7Ibj4SJcwuEY +/StFsE9MT41iYfR15kdzAGYy0+UFBGhmWF5DRECFvpK+mEkY+6si+9UuI5wtfSke +U/hEHyl0pUPPZ3wENYHazsSjVoetx+AfM7iELgUlIlwAvleBZFl8CqPrcbgGeqnm +opYRFgvJvjt+7Vz50No8mJ169RjRix7j/LpTGpLBxzs1y+C6QvvmihYf2oaMmxot +Lpw3EKxu2pDz1KOM1Giby7kTERFkGUr75NQakWYWYQKBgQDocEaRPHBcIbxM+uIA +VphmhqhskZu3AwjlVKDqmurKybeFzihaqa1IaMSCFj4/W6UHfA5UjOT/SZj+bO0I +yLiTo5UVX94bnLHHia6caIcQJNzI8KDHprLkfyfsQAUFMIqtE3C7+qz4xAUCHGmw +7BSyIMIzME6uWVamns/sEDCZlwKBgQDOsr9duotN6vUhkcKybZmJExCiWd4spM9W +AURGQcRDpGwSrmpqZu0UCQyzZs207vBz8/iGf/gN7N1UH/IK+QL2+1FjYIffED9D +SxuBsP87vWrt9a8yF+oIHwIEFMkvUhh0ZKx16FTXiWqy2uFXdTdFlINV0d/Y7GwK +CX7qHBVmGQKBgHcDJd6vZ4iE7Xks7BLoQ9gbEpmkZGpsb12c21fEQnvalNE6IYdq +YYM1wYgqA21Fa1ZNurin+4iLEn8THrrkqz1NAMSU9ZCFxrE4WeNT0fP+K93m9yvC +us4sHTDmBqwFkrvTvGFDlNU66KWQDr2740zhYQ38qgyzSZ6+qg9gqsG5AoGAJogJ +xnY068SGB8j9S3fE7FmiezFXimj6waSgzpwJ8zYec2kSK12eimKZfIQIitcT+fmb +9a67VhU2uSzvWP5MgDAfXvAqw/lqYagJq6aMHd3UpiFrlGIC3ZqyLIKXcnvSVThD +MgOqdTeHrWnCIiSWtiDWTtQ971k7Vq+oegncL1kCgYAG+YRcn8df60u42p9h31bh +JZwROIUK0XJgo3iEAf3SNpZ6tbEd99zn94Wo3w9uTzW/EaxvCsC+WhN9w2M4jDYS +mF1qhF/YsVvge6UML3MMMmM340eIPXA51h/kBPK2b9ShDdYtvGOyk7HAuZB6VEJl +xS3FSzRLPJ6XvlzD7CC/ng== +-----END PRIVATE KEY----- diff --git a/mtls/generate b/mtls/generate new file mode 100755 index 0000000..153e9b6 --- /dev/null +++ b/mtls/generate @@ -0,0 +1,38 @@ +#!/bin/bash + +outdir="${1:-./out}" + +genca() { + local name="$1" + + echo "Generating $name ..." + openssl req -nodes -new -x509 \ + -keyout "${name}_key.pem" \ + -out "${name}_cert.pem" \ + -addext basicConstraints=CA:TRUE \ + -days 1825 -config CA.cnf +} + +gencert() { + local ca="$1" + local i="$2" + + openssl req -sha256 -nodes -newkey rsa:2048 \ + -keyout "peer${ca}_${i}_key.pem" \ + -out "peer${i}.csr" -config "peer${i}.cnf" + openssl x509 -req -days 398 -in "peer${i}.csr" \ + -CA "${ca}_cert.pem" \ + -CAkey "${ca}_key.pem" \ + -CAcreateserial -out "peer${ca}_${i}_cert.pem" \ + -extensions req_ext \ + -extfile "peer${i}.cnf" + rm "peer${i}.csr" +} + +genca CA1 +genca CA2 +gencert CA1 X +gencert CA2 1 +gencert CA2 2 +gencert CA2 3 +gencert CA2 4 diff --git a/mtls/peer1.cnf b/mtls/peer1.cnf new file mode 100644 index 0000000..e3e05f8 --- /dev/null +++ b/mtls/peer1.cnf @@ -0,0 +1,23 @@ +[req] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] +countryName = US +stateOrProvinceName = Localzone +localityName = Localhost +organizationName = Certificate signed by my CA +commonName = peer1.localdomain + +[req_ext] +subjectAltName = @alt_names + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = node_one +IP.1 = 192.168.130.71 diff --git a/mtls/peer2.cnf b/mtls/peer2.cnf new file mode 100644 index 0000000..93b6fcd --- /dev/null +++ b/mtls/peer2.cnf @@ -0,0 +1,23 @@ +[req] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] +countryName = US +stateOrProvinceName = Localzone +localityName = Localhost +organizationName = Certificate signed by my CA +commonName = peer2.localdomain + +[req_ext] +subjectAltName = @alt_names + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = node_two +IP.1 = 192.168.130.72 diff --git a/mtls/peer3.cnf b/mtls/peer3.cnf new file mode 100644 index 0000000..9de96c4 --- /dev/null +++ b/mtls/peer3.cnf @@ -0,0 +1,23 @@ +[req] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] +countryName = US +stateOrProvinceName = Localzone +localityName = Localhost +organizationName = Certificate signed by my CA +commonName = peer3.localdomain + +[req_ext] +subjectAltName = @alt_names + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = node_three +IP.1 = 192.168.130.73 diff --git a/mtls/peer4.cnf b/mtls/peer4.cnf new file mode 100644 index 0000000..0f2c511 --- /dev/null +++ b/mtls/peer4.cnf @@ -0,0 +1,23 @@ +[req] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] +countryName = US +stateOrProvinceName = Localzone +localityName = Localhost +organizationName = Certificate signed by my CA +commonName = peer4.localdomain + +[req_ext] +subjectAltName = @alt_names + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = node_four +IP.1 = 192.168.130.74 diff --git a/mtls/peerCA1_1_cert.pem b/mtls/peerCA1_1_cert.pem new file mode 100644 index 0000000..178b9b1 --- /dev/null +++ b/mtls/peerCA1_1_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwKgAwIBAgIUKEhKG9WUqfHCi18eTUUBDZI+nRYwDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI0NjE2WhcNMjUwNzEzMTI0NjE2WjB3MQswCQYDVQQGEwJVUzESMBAG +A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl +cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDbW864Uy2nmSe +pIcZw5TuPmA9t144D9t6h32E4PXdah1xon+HPszrHtPr4VHaILK+rJEdzWNa6069 +0gQgezUaI9Br39JbfB89dh/o7ncGB1tz/Q0C86Cj9EGGsPeL45xd+RSD0sbB5xYi +fQqkvBHqNPmwJ1fIjIicEtQNtQmrBsBeCxLqhCzvVvqcHTclii5lG5nTRH8PzrFH ++K6S+l+GG3F4MCz/A4p7HvpkV0hXeo+VndL6TRUhIOUaB25PNW7HimAdIZaBpDpK +IPx0KVCpiAk5wIS03sDxjiqnzwdyfj6qOEs1vLFsAq6RCCBtGhNMx3P6WpnTzhTq +T/d/oDtRAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJHMB0GA1Ud +DgQWBBRp+mk7AmDNXGTHWPzJ4LHviCIjcjAfBgNVHSMEGDAWgBTpBvlB4aszHPUK +jjsgWQNvcqAOeTANBgkqhkiG9w0BAQsFAAOCAQEAgBmp8qGsD5sDj8uZpDY1y4R/ +ne9xgesQejcESgxK2PoBk+iB4NSCIahMKI29q5M36C6xq4Zzj9mAETDdQgv8eJJU +DHkFY1PKsULs3W5ODF4aufNogtm68mzqVQHW+qt/GdZj0BlIui6+G6uxFaRUjzry +wl/7GXNFms8NiGRDmx0XdZHhA4aD3pprJVLNYEuZUH9N2Q4sUqxwjizh9qj5e5Vu +XpnO6TqZvFJQMs61IYzlSWXpmBpDSjbTnm7+2C1RLRpidEhTtC1N8SRghc4n6yXg +DnME009cIO9XwyAiFPrTheBZlgFJ+Z+aqTBGh0nG2AAbV6/2xh3rZMGA6QWHRw== +-----END CERTIFICATE----- diff --git a/mtls/peerCA1_1_key.pem b/mtls/peerCA1_1_key.pem new file mode 100644 index 0000000..612d796 --- /dev/null +++ b/mtls/peerCA1_1_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDDbW864Uy2nmSe +pIcZw5TuPmA9t144D9t6h32E4PXdah1xon+HPszrHtPr4VHaILK+rJEdzWNa6069 +0gQgezUaI9Br39JbfB89dh/o7ncGB1tz/Q0C86Cj9EGGsPeL45xd+RSD0sbB5xYi +fQqkvBHqNPmwJ1fIjIicEtQNtQmrBsBeCxLqhCzvVvqcHTclii5lG5nTRH8PzrFH ++K6S+l+GG3F4MCz/A4p7HvpkV0hXeo+VndL6TRUhIOUaB25PNW7HimAdIZaBpDpK +IPx0KVCpiAk5wIS03sDxjiqnzwdyfj6qOEs1vLFsAq6RCCBtGhNMx3P6WpnTzhTq +T/d/oDtRAgMBAAECggEAJnFDwNmaYU8BnIphUBJe3Mm03VcRh+Yopq755DZrbvFl +ltmgC/7wyOyAxAUH+KhXePYRusLRAUzJ6cGjEa+i18BFSr8Vzmy5aXnv1353N96h +IQ0dbt/1UOMms6Pioig1NXAelrrS4cg/HKwruJGNVZyzpDDtDfSFF+yFPagH3ZYn +laZJ/ZTiGu30ezu48QDEIzC4CKKaFIoBCpcG5kyQUx4aZInXjTDnDzjzm8+OnaKE +9pQ6ILBDprjjFhbH+gphfo32Dmt9lbZ26s7ZsmjMChgIwIyUHliu+xDPJeFAcWMl +/yNchDupx/jKVoj4I2YrICJwZLtJy6tPxdUGPsPPpQKBgQDo5v8nuS0NJm20aA1Q +YNJWkG9ziRJ+XdYJw7fe2lSkZYhsG1J+MC0FLS0xAsZzo1i7kBETEFBm0Tf+D1DZ +81Heo0Brh11qdMDhe+ENaLoswML1adbNJnDq6MW+clZcpgPKchSSEDeX9MFUL+x4 +yHsLZyT1lWd+PcC2rPE7TD61vQKBgQDWzwN3bNYdeuYytFGWTPt0pIFuaSkghO61 +g6+VJkwSOCbYnFddJIZSEbiPapZ3iaEMoQL7qE9Z/egkTFmxqtxW0aWruD5ETWyr +gyrmQeimewKW7PkZMWjmYI7Uy6CGaCVL9QiMxxfaLoe3rJDlYM+m3xXceLlpKTNI +Uu34zjXDJQKBgQCw5hNTprDzVgbpikbikEfy/A3LIYfsd3WFQSU9nXPA0mXGRxJn +SkxHrEKxATyexKk2/XwakL+g+LSgwh1VDh1XD4R0qAJqQ3flTGRp/Ou75kWuhc9j +TxlhM6BOwSWbhXVHpVK+hpbTUlItkaD5NL1Qse0+o1ZSarEfj0hDE+xluQKBgQCH +jSLW3etPtxpErN0/R1z2gkja76lwR/KKwIqwR/aBGMYKsr2+nSnV6DDa75v72vGy +EnjbbZ6FX2B6Z2PCZdudPbaZ4i4I1ALbSG5t1vGE/OLpcqjOaQuVNSFszwKBTn8a +q4m1rH00xWAHW/IjjS/8UZJuChCWd9VQsmRROW9bsQKBgQDnEaDlfDB9C42Ep3G5 +tHfSaEsrrwyX619yDiJ52VKlzC48nDHn15Rq7iw9GTwAd5ILH+ii/uvzusAHOYyx +AIlvtD/3Qkoc6PjQY2nCfCtWggVWcg2BK7sPpjK0hEjqbERbJgYshoNOsCL+K+zc +oqDoG/GSG3nY9OSYNN6zq3m6lw== +-----END PRIVATE KEY----- diff --git a/mtls/peerCA1_X_cert.pem b/mtls/peerCA1_X_cert.pem new file mode 100644 index 0000000..d58685a --- /dev/null +++ b/mtls/peerCA1_X_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwKgAwIBAgIUKEhKG9WUqfHCi18eTUUBDZI+nRcwDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl +cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgXdKU6buWmlZe +PSXfcZQEUp6oxynIKlWTRuoP9NriplfiAcJgpOF39kgjbX4A4qSnkmzo8IgE6kKS +ON/wE78Tl8Ge5f+ZOGM/5enhCPa357ZYC8xQZu41OzrC/h8WFjQG3MdbswJmU0mC +iQPtmhfE94/0uAKKe1Y95Lw9tM55gCxknVm+NlfVYv8H4aywhCuYvBLPf01ET6dd +dE27ngMxKrCtWlBOfIOLbdRykBC7aJ3AJaxvYDx+UniuOwKAKWENcJiNtFaFJXJs +QETtVSh/TqbB5GhOyAMhVWJVQjy1ZtX5hJIIu14oP++oy+Pbw34CDberyxzN220e +FQLUjo+/AgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJaMB0GA1Ud +DgQWBBTb5mXh4pE40a749tShcXo0mfo8QzAfBgNVHSMEGDAWgBT7RuoVWixAsI3m +YrglWUu/tl9TjjANBgkqhkiG9w0BAQsFAAOCAQEAMmGuXuZUerGE00zlB0LY/BRo +xe46u//Tsr00Q75/pSL5nWhuIxDyH/46o0Ud3gX9L1YT+HrN9vRddp0z66mU1ibC +xR+pkqEDoV7UciH0eJPXhmG29dxbxrmfTDLUyrl7b9g/6w4401aeUcoYAvTro6wF +QjS6t5OMHPWs6KTwGxSqVVFKQTPaP6LUFNIDM8gBf+ltbHC6lPp2BsdN8oZm1/BK +qDcdPSCax3XdANpENyyDwTGoqphVpCAd6GCSC9x7arc8HQmKG9xc8loRIWUA7ji3 +z3fKhaq/oFwIpJ3jt9P0m5SnMayFXC/d9tpyab5SAnkFk4fpcrq/RToBShhwQw== +-----END CERTIFICATE----- diff --git a/mtls/peerCA1_X_key.pem b/mtls/peerCA1_X_key.pem new file mode 100644 index 0000000..9f980cc --- /dev/null +++ b/mtls/peerCA1_X_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgXdKU6buWmlZe +PSXfcZQEUp6oxynIKlWTRuoP9NriplfiAcJgpOF39kgjbX4A4qSnkmzo8IgE6kKS +ON/wE78Tl8Ge5f+ZOGM/5enhCPa357ZYC8xQZu41OzrC/h8WFjQG3MdbswJmU0mC +iQPtmhfE94/0uAKKe1Y95Lw9tM55gCxknVm+NlfVYv8H4aywhCuYvBLPf01ET6dd +dE27ngMxKrCtWlBOfIOLbdRykBC7aJ3AJaxvYDx+UniuOwKAKWENcJiNtFaFJXJs +QETtVSh/TqbB5GhOyAMhVWJVQjy1ZtX5hJIIu14oP++oy+Pbw34CDberyxzN220e +FQLUjo+/AgMBAAECggEAC0i+zhqqR/0hMa1k0lW4IBu+LUsiXgLYla3qP2gv1L32 +tiEAj/NaKCpMxi1oreBEzMPJZRSzxYDEYWyeGVMSYWsOxUMS2rG0jiT78YlDbwpf +cs+Vt1yey2EZD+p4voGedJMpdgLhGtkmdYh1ncz3ejUfTI18JElsdpt3QXJNCxCE +v+vTMRcSRTpPK9diuxIRQecMg5dtQaIvHfY3VexrHz17q4cokmkBsFdewEvWrrnO +sLOyr0pgO2XYbjgLQECmLYDetSZVd+Ud1VWC2lsWWb+RBCefQjscXgKP063JH8U5 +ajbespa4yTMk2HNJiwguigWSom4ukVn+cnIYuoPxtQKBgQDWTP2DQqeftiIjo9e8 +w51WW9/mf72H8Tju5DZd+pGz1LxjnwCh9KMMU7EjMi0SJVjKyOYvon66T1bEJCyY +Xp06Rf/E8dVgdH2ZgdoML/SCOQEXfS7F7fkv9TRvYojh1PUK0pQgeIfmIPTfPhoW +lb6v01tN7hgCL9mASfpAk1E3fQKBgQC/kjGcFleL8c+ruWMy4IFygkM16Fa4v1fa +BfpG5wFQ2eKiYSh2gC1XRzjXy9vue9URXMKsA90Q8uK71fHMkU0s56LG5SyP9pZg +LT79tWoomfdcRF5mWTzRuOojezKNOWnC96BCaC4sni641tPGwr6wI2vnAb3Rct7E +wE/DsSUg6wKBgDoysm5hPbCL//150276GNKJJOcuLcSrZ/DInVMsZ0FVNsw/NCbH +jzgbynFqgP76kYCQyqKJGK10OnYN9OZ0W3Kl6+4KVw5Y1HtJ3nOM2nQ7EubUIk2y +cQfrKZBOTCo4cUu9IGkpEo8WyCmQbflQNXb+iT9Ct9ZwNDs42/OJjnbpAoGACxoX +0enhjPSoilUmEI6+Mbqm1nrue6prFvF9vZopk1vtLGfhBm0LM6GnA6qGxl1azbTI +e1uF9jN9PFF7v9Uz2cRaxJgHaxhpQo2ctutKiavSkABOUDQfuC+1MfUzysdm/6uG +GBMdiexo3MFmaIBkuKR03mBVdcvoaRKUDM05T50CgYAciaSVQBBi1w3jnFsOGmV6 +OeGApLL5gn64tqvP5CorfrqrWksFsdpfBTBuzYoKmWqUdBFtv4kVKdalMyFAa/T6 +o6/rxApbavawj2AACda62K3S6vxHaeVoI0MM22LMVHyJyfM3GWV/KCSY5Rl6W5MM +lX3X+o2/5zBwm06mjXYi1A== +-----END PRIVATE KEY----- diff --git a/mtls/peerCA2_1_cert.pem b/mtls/peerCA2_1_cert.pem new file mode 100644 index 0000000..240bda6 --- /dev/null +++ b/mtls/peerCA2_1_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmsswDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl +cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8xcYfOImxhiUy +irOfnmUmDo9NMLceMsxGj+t+hNkmYZWIRVk9j5ugot7+Wbdd+Ct5rtwezvzSW9eg +XvcyI8hjfdhntl9IxKFCtWtr8Iwjp/bt76//SSnlb0HNp6Ap2IJ9MP758HQivLWQ +Kn3Xu0ps4c+jE6LoFck//bg534NkMWqqsoYpZM5Vdhd2ZEr4i7BFsAW6gPDEr8P8 +wkydXYIsAEaHT4/bRUU/c7NyFcoYRUEfw+7/lxD/0mUZt+nE3EHgMpAP+QmVzhOn +zOQ322muTAWkr758f01Lvsfm/hwPXJ1/9GjRc1Yx7iSrZ8zzRLHXXzSlR5036oLR +MCJL5UYhAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJHMB0GA1Ud +DgQWBBTwfMVj6jdaTRLb/mzemwJb9tz28TAfBgNVHSMEGDAWgBTT6QZAWJYgM/Tc +YwTbmHQ16TX0yDANBgkqhkiG9w0BAQsFAAOCAQEAs/hgu1CJiQblHAT5MtSsMXci +B/Prc02XfFycdMr4HA8z7D4mvJnKtQNp11anEB9xg4UmZzqFj/M+AHv/NLTr92jt +HagtoV1heQuzblLI7kkPwJMFubdjNSRPN45HGH+wzQja1scAgvGZQs2KeM/MyGD2 +PoEYThRFSfxmOFiu198jNhrOl6eDt18eFhDASOySuuUey87fSkqr2QYAqjGNP53A +zo4C9NTBKwQ1o69XXsDOh2wF/TpE9mOGpLcsNYH7Pg/k5asuFHc1CEHqzIFLtjvm +wC01ORlpX+OCjFWa9vyrlkBPdmqv5mmg6tQhaJjjNsRFD8pGkoagP3qAXSrxdw== +-----END CERTIFICATE----- diff --git a/mtls/peerCA2_1_key.pem b/mtls/peerCA2_1_key.pem new file mode 100644 index 0000000..f07ffc6 --- /dev/null +++ b/mtls/peerCA2_1_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8xcYfOImxhiUy +irOfnmUmDo9NMLceMsxGj+t+hNkmYZWIRVk9j5ugot7+Wbdd+Ct5rtwezvzSW9eg +XvcyI8hjfdhntl9IxKFCtWtr8Iwjp/bt76//SSnlb0HNp6Ap2IJ9MP758HQivLWQ +Kn3Xu0ps4c+jE6LoFck//bg534NkMWqqsoYpZM5Vdhd2ZEr4i7BFsAW6gPDEr8P8 +wkydXYIsAEaHT4/bRUU/c7NyFcoYRUEfw+7/lxD/0mUZt+nE3EHgMpAP+QmVzhOn +zOQ322muTAWkr758f01Lvsfm/hwPXJ1/9GjRc1Yx7iSrZ8zzRLHXXzSlR5036oLR +MCJL5UYhAgMBAAECggEABHt57ZmN7XG9VhKkje/FjS6JBdpx0q0xzzzq6NVpnMdy +G0SYSDjhFC9uqS5crZ+VreOllU0X0Ql+WHzAx/qnbxm/IHe1+GUED9cw21gghiOe +hNftTCjC1N0vYqoUoigifkU1gx5L4UJG8zFX5rfRnj2+mV7ycV1vd3R3e72CrqEr +4fg8JVR9Xj6Zg5A0/FWkFHbrWJu/Ds+BLYs7jYNW02/ajWI0f8T5jiL06vkZfRA/ +WdXupWnw95XZs+JAxqUbXWfEY2jMmeIb0supp4r0wk93zOsLoHEBC2Jizfh+Za0k +bZkE7ebjgwvs9y5SGtFDr/9znB8UP96EMUy7LjuWtQKBgQDvS8LZMTQ6YjdDxnOK +XFULeqCQ1dZMcxnwkuoXFs+1odKz8ybpnrPXMrwwkAv3E60NaZst6UBIebYbBLE3 +CUGsyQkbERNujgiPuzqHI5s81a94RDW32INEm9ageNfRMZV/tpkl9h/Fc6gM9bhi +uPGU4K526+y3lL1d5zMAz48DRQKBgQDJ8yfR5BbVJ95oNBYz8tTAIjV7I9bPS6DE +fibDMV9ozVmnh+9BUrDH+fX9qtF2NVMD+2/AO4MDueL+NqBIIbFEOWpjvABk4p+3 +6HpN4KrTZm4PcqW2R8GFQ14I0oZWfEzLl2ub3myoroH4w7pweymdc3a1nkMnrf17 +77fPZMSXLQKBgATSyR2poTzgB+8ky+VpEQnHMf9ZYBVwaIBx5agLfKpTlbSs3Qbu +fP+EdUihTqxvSBiyHT+iqPoNAf+va4cJd7ps3vMdt/+Ne1yyUG6y6Akk4YGSFmcb +RSIX5g6cAPWlgzbszk92k5NeTm/ccBgFVFFE6h9ZiA73P43qABwvEtnlAoGBAKic +ifymkaG6vekGxBrvfk5EwZ5kl+9P15T3Nun2CRD5kwdbaZmCrvLockgvHN+zOfKz +NeSsS4EK7MkPVteiudyai4dl6nZQ+MWWJrdrA3Wpqe7f7Be65YqcaqC3FU6UTZIW +hNQI63QS75WB5eIQEvjQ9KZC0xMIJAIcbb2NBs6pAoGBAK1IwIVp4hcf1OyCvm/S +r2aUTgiV0dZv0p0QU5H8XTaUWIrNUosOQk0Tv0Vo6l8JTS72kl2aw+fhwYsWL48n +HFI+owm+gxC7BveEyypnJm63Yjj7BJflZdxKFdLoKV+aUdQrSsLVYgsWIeJhB6Ol +VsGEydVIUOnoDDtmLB8TYnmQ +-----END PRIVATE KEY----- diff --git a/mtls/peerCA2_2_cert.pem b/mtls/peerCA2_2_cert.pem new file mode 100644 index 0000000..94c5d8c --- /dev/null +++ b/mtls/peerCA2_2_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmswwDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl +cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjIubG9jYWxk +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzyQARfBnOBJwd +EuyhraTu8QfncRFT8GGsqLQPY+M4xllGrbNjMhE/nRPBtPGzAVHHspgLddGh2+pu +CBqSLt/ts/pvOlmaXL4yxlUaXwTlpSQ1stqtuBMIAhgAsknwGngKYJUQWmj1UdI9 +76F99cY4WENuqRNji/tyyPcx6om224VQoe4T14HiuenuZb0b2uadDIRpw0cQnoRF +Qaj7A88aXQenj+69h2YcFqiXYYFUHQsMRXm4rq9OGynHTCTxmHg28kBhJFp+ADk0 +mVzurellU/Fx+I91eQw+AeRZ4NtPW+WmRvdP/NsKUCUD+wkS926p/wXOxrUI+0sd +SWwgNs19AgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfdHdvhwTAqIJIMB0GA1Ud +DgQWBBTlq+XQt0tw0n3v6qd4Fk7rsl49EjAfBgNVHSMEGDAWgBTT6QZAWJYgM/Tc +YwTbmHQ16TX0yDANBgkqhkiG9w0BAQsFAAOCAQEAHQfWlOo9xxiFHCHyjyheFjV+ +EKuayAWyw4yAqH2rdULnzDD6kJtZ2RNb+NZy7XjT7xdhS5CibhyslQeNH8h9SSc3 +7UZvU8UbnolU5kGAs+d9AprOyakl3805ftU2fDuU/oTyQwUvI5wezz6UiZq7PXKv +OnKQWoZX4IWntOFUiaBG72Af+AfCXPOhVWsNV+b/o3h2xeS5UTUPpNo+O5TycTBc +HUlnHcUU7HVttNeY4hEw850L9eaMwT5ZQH+rEyy2zbRxhJmT7uxbva7ZJm9nbkJL +XZI+d2MCCzdtL6l9iLd+CRDRWECLft5uQx0NEUItcVVK2i8fy9bSugegXImR5Q== +-----END CERTIFICATE----- diff --git a/mtls/peerCA2_2_key.pem b/mtls/peerCA2_2_key.pem new file mode 100644 index 0000000..e83ae39 --- /dev/null +++ b/mtls/peerCA2_2_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzyQARfBnOBJwd +EuyhraTu8QfncRFT8GGsqLQPY+M4xllGrbNjMhE/nRPBtPGzAVHHspgLddGh2+pu +CBqSLt/ts/pvOlmaXL4yxlUaXwTlpSQ1stqtuBMIAhgAsknwGngKYJUQWmj1UdI9 +76F99cY4WENuqRNji/tyyPcx6om224VQoe4T14HiuenuZb0b2uadDIRpw0cQnoRF +Qaj7A88aXQenj+69h2YcFqiXYYFUHQsMRXm4rq9OGynHTCTxmHg28kBhJFp+ADk0 +mVzurellU/Fx+I91eQw+AeRZ4NtPW+WmRvdP/NsKUCUD+wkS926p/wXOxrUI+0sd +SWwgNs19AgMBAAECggEACG6wLGHFLKxhYLXrXkTwkRpCHBkDSBjXxMGjGmKwvMNS +DiM/bSX8xZ6AMSwKHX99frYrdMQmQwCqoCKmRMt8I/nDg5wf9kImoJqJUZ1gM5L/ +xDrOKdFrp34NP3RQf/mGpLpb23wmFpvrfMCxZiDhygqnwdG3z70FAocwnIlLEF+E +1JiJxXsf4EbWP4B7oUS6p779yKE3SGC4l0fEE8rYCn1h686CDYksQpCpJq8BaGHJ +KNr0ABe8Mmsn4t//GtggTCbQdmYDv0t3TdRA4yUU0UF59wMOJb6EEJCJBXne4+7h +6N08oSjoqmV0lu3wdIvotZkYhA9W8tC7+0bx67R42QKBgQDcXX+/Jx8yY+26mISK +1ixmClWfV2RILLffv2C14TnugvSyz7xOIYETAcNmUvXC5XRzZNVieA0PaJOqJ9xA +tpficqarY+Jk8dbYAX+Nzv+NgNN+Dp/o5YaBvIjJx1uOPWv5TGIXtTa6qT7kY5NJ +3zwWrF/2bxfKYlSmYlgx+32hWQKBgQDQ25muRGnPtrziO5r8asEgZUVwmCUL0xtI +zqe3fojTgk5IoFdLCmoXAseDMxBpfzhPi0dcWDOiJAmJVuHYbQUDILWd8PAUZRJS +pXKwAVCCogE75K7yqH55AnQnXix5WOWQPG7TAQ4SnK4DbVzeAWtUM2N2Idp29S4a +lENsc15ExQKBgF4EgjFTBqtgGRhIZBw7/ltWw2slRQLKGXUb2K4gtq+9LZtwp/2J +q+EpGm34rSQG86Ub+zJ019WgH4g0U3NEtA6ILfXnurqot6oXEY22KC/+K72XjcA2 +1Sla/91e8gAA0qVdYmiNBxmihdO5bCjTVnax+otQoIzXYRhP0yMYEmSZAoGAMV/I +u+bWcNFNY9odcJC4KTVnrg95qor0h0i7Y2iZZg8G/KpTGJ1UqS3yBnUa6yW1JTDS +5OTBCBKm4n3UlDppley0oqrjxp6CL2GHdE5LPyaXThZouVrV0zueQ/RCZUl7s5Zl +yKIWNpYtmQfQjXcebWBcof+syrR5erUUH15CqdUCgYBhCqvXFs/LQXkDu/Ef8eSZ +Xn1SpAdwZ2bN/xfHI/QdqjcElKzkygjOpmqbqG1zHDJzFm2jkaQLDLoiJEtYwEyz +xnKPFhJFcveUuERtL24WFLXfCoclFZ2LC0gdCsFH77fWS4Hy1T2ushdZIs2N7GNs +VDT/nJdGB4MKGJ1M3pD12w== +-----END PRIVATE KEY----- diff --git a/mtls/peerCA2_3_cert.pem b/mtls/peerCA2_3_cert.pem new file mode 100644 index 0000000..85e790b --- /dev/null +++ b/mtls/peerCA2_3_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEHDCCAwSgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBms0wDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl +cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjMubG9jYWxk +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtB+aHfuEp1Vf3 +ud7QJElg9o9X3E5x/dX1IE8aom17ZLuqSP6Pjfh2nSaNlbO9pGZKHsUWcNwTCobI +gcrfacAlF5OQsr9PQ6EA1ocfgTwnmrWxQlVahdRTHSccVpr6ApIhCaydhl8ljf9p +p0HhBJY9s4zPsNTYDMe6gKqGi9paWX2xDhEzNKSv10kjEefN0vu2WVD/qVV8dM/o +AZqX86RCsx18vLZuMJbrgHty0fl/kXzxCcwJQ9RZCcdSuqYMclZJ2Vhi1vGnTmoR +VuyuMmPaJczHlAmpCilFRGX/iF0bHqmgPv/e32MlFlp6+hYuIipNugkeNZAfOdcX +pL2rn4THAgMBAAGjXzBdMBsGA1UdEQQUMBKCCm5vZGVfdGhyZWWHBMCogkkwHQYD +VR0OBBYEFCRlGMdTEqC5eOYQ9I84naLiwTzrMB8GA1UdIwQYMBaAFNPpBkBYliAz +9NxjBNuYdDXpNfTIMA0GCSqGSIb3DQEBCwUAA4IBAQAKDSQ2f6gsoFHaGeq0Szro +gXL4E/vHRDoNeBu2NcwWnzbPOlZmHRoG8UgBcU4zBbwzt2w/TOw5s7eTTIwfveMi +X0NHW8ElMmEHpGyF7KE70rKuxcl/BIDabX26ZG3u5luP9GwmgWhgJ/OrzRnI6cnO +GT85l0Q7crEyhRjPegmvSZFJ+2d0R5KXQVTtxOtp3XY6+EBfyzukJhn8/7RRXSg+ +RFWP9yz52jTJG3JO0jGo/9btQoWzQkDpb70scRRUxKXJdGPWRZboy+3aaVyBn8LC +La7Fhg/BMEKXWKH2icKI6/KUFjpcQ1JRBcO0TeRKbrOW8lSjefUSRfDAhpYNFqSn +-----END CERTIFICATE----- diff --git a/mtls/peerCA2_3_key.pem b/mtls/peerCA2_3_key.pem new file mode 100644 index 0000000..e972c40 --- /dev/null +++ b/mtls/peerCA2_3_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDtB+aHfuEp1Vf3 +ud7QJElg9o9X3E5x/dX1IE8aom17ZLuqSP6Pjfh2nSaNlbO9pGZKHsUWcNwTCobI +gcrfacAlF5OQsr9PQ6EA1ocfgTwnmrWxQlVahdRTHSccVpr6ApIhCaydhl8ljf9p +p0HhBJY9s4zPsNTYDMe6gKqGi9paWX2xDhEzNKSv10kjEefN0vu2WVD/qVV8dM/o +AZqX86RCsx18vLZuMJbrgHty0fl/kXzxCcwJQ9RZCcdSuqYMclZJ2Vhi1vGnTmoR +VuyuMmPaJczHlAmpCilFRGX/iF0bHqmgPv/e32MlFlp6+hYuIipNugkeNZAfOdcX +pL2rn4THAgMBAAECggEAHzBkcZzM5PPJJPQksO+tZiBbYTzAZ7h2YFBViFQqIsvw +86myMVKFiJoKGiRCJ+iLeyJMXbURCEJg1N5bQwWHvnm5NZeHm9byxwjzc75OG4n8 +cWwgjg5BD4StAkoVD2OqNcWvnHSzbV4fZxgWj5TKbikDlMqYXytjVpOanKSnYS7X +ighflNa+gbLq2sEOJEOv0i5yXvM8SARnVeIwMLKSLDjdHWnBtG+VYrs7EEbcigkw +9TuflxuYyU96gTrUNP0Bw6SKO6x/57UTgxuDab4NNNadExo+NO8KQ2c3+kgghfUm +j2+sjbq51TGUnDjC1FiX5UV5zvAXU/c3eWnT9LQnJQKBgQD46Qw6JV2iNm6CfjME +dBm8emasCs8sLv39CAIUXEERYQYdA/lPyR8ObULi4JSYOGDBr1uJPXDRgr6YZhzO +KICYP0RrHz2L2CkFjc1WhUUm7sdkxLcY4yzLC4hH5qUOXMoW4FHBiS7naau54KDn +qE+xRQQyoPa2NXUtA4polkyCfQKBgQDzyDuAmee2ep0kGzfFo8vMZYP8rr6qOQjT +T8+bwljSLc4mxhH980S/VEpWZnRk6u7qxZMaanotiyoiEF0k0/Ot5wItGSBCo7r5 +ugaju9hqHr8Nfb16irjkf5olJdAuODedG4+7XI2wabFQ+aj97E0382Y7Sq2HXl/w +wf8RwPejkwKBgQCa/jsv5d6VSMGtnjnUdxsjgzB1xtFUmPptWlQ5K20VDk6JONVA ++mLNT/oLXn8I/mo5kSE1pz2eKITYTxV2xj+1Dghjj/N6JiL9I1yOmLQD10HwHJJK +/AMDeG3nH9b9x4fLkOk3012Smfll6FsphWQCZZCEmjimI0mQuxivoY+I3QKBgBzz +b5WTMYBrSVQrY1E2ZZKNj8InYn9GrLSjqs0dpHy5cd0K8sIM7OIn+XgPTM1bVSpO +cmzVrlLQTx2igd1IyoyhfZGrhThEx4S2wekZ+taHdjr87s6pwNFqEf1NY07J4Fjp +GAWxNSZ5NtSeAaK+OGFnp4FtGfSUkaI+97K9Duu/AoGBANTNJE6RkzkrsKsG/hm1 +xAdXKV01pwR/L0ZlGOV+2bzgS1mLSbe857FVMsHvWip3ZRMowRURo9kCnhVVO6yJ +m8ytBT2yP3wtCpD914VDkblFKsccpw/RaHByyE0DKrrE5fSl4MOznL738fDW0vHI +HzJb9XiJK+LOOspawwUPWu6s +-----END PRIVATE KEY----- diff --git a/mtls/peerCA2_4_cert.pem b/mtls/peerCA2_4_cert.pem new file mode 100644 index 0000000..e3d6a41 --- /dev/null +++ b/mtls/peerCA2_4_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGzCCAwOgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBms4wDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl +cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjQubG9jYWxk +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCPvxs2WnHh2X+ +VIN2hiQb9cwLfWAUVaZdTqfXEg8VwDukoi63Cn7jk5ZfDqQtMseprcW085R2Bn7S +Doli+Ama2tpVZIGJ5g2iezztzEE3TXLAEXrB7MTV13HdOSmwlCe9fWhUiv64pqmo +dedBu9fFV78/QTjN3zey5eNSDRwHO6sccMktLwdl0Az4X1Tp7kuYcwwLclWuzeg2 +MAbv8TtxS+nbqJ+1yXWOTpolF8lDnctWpRaeOC2b3ySAbfZhks210S3oJchYx/Q5 +cZ2FGXFOR0Rvey6Tt1k+LmefjfNcFzqB9Y3MvdEWeIKvupS11EVVHi4kovCklWM3 +1l97Tm3ZAgMBAAGjXjBcMBoGA1UdEQQTMBGCCW5vZGVfZm91cocEwKiCSjAdBgNV +HQ4EFgQU/f/Y/hdGTmRlOD5UxQCJz16UnnwwHwYDVR0jBBgwFoAU0+kGQFiWIDP0 +3GME25h0Nek19MgwDQYJKoZIhvcNAQELBQADggEBAABp4Qv0YNPKNyFdho4tlC9R +1o+TACyGxQJKAOvHbNQhdLS0vt8jxDYM0bND9CoNa5A2iegOA87JKAR8d4rpQBk2 +qndxgpPTs9U2nBXz9I2R0BFV9Ayf/mlsMDI2IDbjZEUF1wn/32knPl3X4DtJ4TUt +nwWnWkzGe2IXxI/S9CXmq2RPcAS63Q7w6Ocm0AcPVVQf6LbGA+Gyr2v0x+cGPjfI +/U193cEyd/MrjQp/DhQ1LPV3Ci6+BqkPmwhqE2AREMkq6ts3nXTxB5TpB69Z92L1 +ZBRf0fl6rqIONJLdGtQqoe7w/JZ22Mv6kWOMAv/smt2PjZ+ZuJPQQTPPikCmc/o= +-----END CERTIFICATE----- diff --git a/mtls/peerCA2_4_key.pem b/mtls/peerCA2_4_key.pem new file mode 100644 index 0000000..b157e54 --- /dev/null +++ b/mtls/peerCA2_4_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCPvxs2WnHh2X+ +VIN2hiQb9cwLfWAUVaZdTqfXEg8VwDukoi63Cn7jk5ZfDqQtMseprcW085R2Bn7S +Doli+Ama2tpVZIGJ5g2iezztzEE3TXLAEXrB7MTV13HdOSmwlCe9fWhUiv64pqmo +dedBu9fFV78/QTjN3zey5eNSDRwHO6sccMktLwdl0Az4X1Tp7kuYcwwLclWuzeg2 +MAbv8TtxS+nbqJ+1yXWOTpolF8lDnctWpRaeOC2b3ySAbfZhks210S3oJchYx/Q5 +cZ2FGXFOR0Rvey6Tt1k+LmefjfNcFzqB9Y3MvdEWeIKvupS11EVVHi4kovCklWM3 +1l97Tm3ZAgMBAAECggEAAq8PGsvoN78JrDlrtZQF5LMBNjltveovCcP/8qtHtRO6 +Xzx0a8gD184eukKABzXX52LExArHhtfxIaLcyBbIPzD96kcguRCKKLAON/TmA8cY +qkmzigFk+NVot9dF2bA6WlZkviJLga6f0nmKj/Bx+0KKnGugxstqQBkICoau1/S3 +bs9SmEiTS9ps2ZLU+Dx5pDU8nhEA7uzitLZKw8Z/HQmgkYg723648hS2HcLcP1Dt +ldU3TG4DeRoVhzTSYjEeVcy02MnJIglo/LjqXP4w0YMgANOV45KV7podV3wB4y+P +Vq00DiHvFZAjkgIcpwIvYAi2ZA8aNcOi6Npiikhy7wKBgQDltMYZcYt1888GHNMh +uU9CvjLjsTfR56E1mGH7XdwZ704Ir/IltOs3TzHO+51StDi1mmfqt0oNbq2Syc/m +blxl3SzSQHd4tAgI2jQP8deJ8JZdZwAj+F31ScCJDVvwHiUWMeYCY+II9addOlOz +xuhJZmSDv3qbsWXZquZr3HbWDwKBgQDYexoakePdF50HbGN5/b9wsvzHb65JjvcV +9rhIVe5uHUbKXfNu6amss/ixBLtYHkIyf6cDAh/FG+6HT+Ru8GKAdzv+gFiHY5JA +/21O1oddM5UM7k3jH4bD4lJ2OHm3s7ZXIogOxyXK0JqLVhwyLierlDsrzXtf30wv +FYwuzVollwKBgQDb0Kk90e1uO5kiNVVJ0WZq7U4PnBhZszoO6rrg7Anje6CGKbEk +qkPpEs0MULZVXYdjKdZFw46G2iIZ9SwRTAz5obTxoqVxiX6i0gS+OWVUaDnMOfPl +eBiZ0TEBNhqD5qUA31FHekPk5Qd67IUK5c6F5wlLFmKDOTjJGoUUNM43uwKBgCK2 +krgB/uT8HV0MX2M3clRTDz+3w93dw/dMqb5HsUUNAsX+jMOTSnb8IPvZw2Tc7UaF +u7U6yPdlhDlEcV/swg7Rj9g+onOLXu93RgLnWatzUwpQyEKMUqLkjs6QPcxcT/fm +/KRKAOBl1PJU646MYiYcTeS3PXphJylBrknu+e6fAoGBALNdw0bX5ZcuAU5thdsY +16Jun0XzDdgg+VNjHV2OA2nQqBjXxvxbsH1a0IMhjGbZJ5+FBAPqQzQAhYinaFKU +1OAx7+sqZ7pe6x41bq0M8TrtRCaRx6E8pTCL5ttCwEpDSAo2lxxRWJ6buYjGoRof +mk+YbCDDAyXD7C0dSqzSiey+ +-----END PRIVATE KEY----- diff --git a/mtls/peerX.cnf b/mtls/peerX.cnf new file mode 100644 index 0000000..fc19884 --- /dev/null +++ b/mtls/peerX.cnf @@ -0,0 +1,23 @@ +[req] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] +countryName = US +stateOrProvinceName = Localzone +localityName = Localhost +organizationName = Certificate signed by my CA +commonName = peer1.localdomain + +[req_ext] +subjectAltName = @alt_names + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = node_one +IP.1 = 192.168.130.90 diff --git a/services/morph_chain/docker-compose.yml b/services/morph_chain/docker-compose.yml index dd44b2c..14d24e0 100644 --- a/services/morph_chain/docker-compose.yml +++ b/services/morph_chain/docker-compose.yml @@ -19,6 +19,7 @@ services: - ./config.yml:/wallets/config.yml - ./../../vendor/hosts:/etc/hosts - ./../../wallets/wallet.json:/wallets/wallet.json + - ./../../mtls:/wallets/mtls:ro networks: chain_int: diff --git a/services/morph_chain/protocol.privnet.yml b/services/morph_chain/protocol.privnet.yml index 560730a..3af804e 100644 --- a/services/morph_chain/protocol.privnet.yml +++ b/services/morph_chain/protocol.privnet.yml @@ -35,12 +35,20 @@ ApplicationConfiguration: Path: "./wallets/node-wallet.json" Password: "one" RPC: - Addresses: - - "192.168.130.90:30333" + # Addresses: + # - "192.168.130.90:30333" Enabled: true SessionEnabled: true EnableCORSWorkaround: false MaxGasInvoke: 100 + TLS: + Enabled: true + Addresses: + - "192.168.130.90:30333" + RootCAs: + - "/wallets/mtls/CA2_cert.pem" + CertFile: "/wallets/mtls/peerCA1_X_cert.pem" + KeyFile: "/wallets/mtls/peerCA1_X_key.pem" P2PNotary: Enabled: true UnlockWallet: diff --git a/services/storage/docker-compose.yml b/services/storage/docker-compose.yml index 8a8698e..cf297fc 100644 --- a/services/storage/docker-compose.yml +++ b/services/storage/docker-compose.yml @@ -23,6 +23,7 @@ services: - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage + - ./../../mtls:/wallets/mtls:ro stop_signal: SIGTERM stop_grace_period: 15s env_file: [ ".env", ".storage.env", ".int_test.env" ] @@ -35,6 +36,9 @@ services: - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081 - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_2=Price:22 + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_1_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s @@ -64,6 +68,7 @@ services: - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage + - ./../../mtls:/wallets/mtls:ro stop_signal: SIGTERM stop_grace_period: 15s env_file: [ ".env", ".storage.env", ".int_test.env" ] @@ -76,6 +81,9 @@ services: - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081 - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_2=Price:33 + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_2_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_2_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s @@ -105,6 +113,7 @@ services: - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage + - ./../../mtls:/wallets/mtls:ro stop_signal: SIGTERM stop_grace_period: 15s env_file: [ ".env", ".storage.env", ".int_test.env" ] @@ -117,6 +126,9 @@ services: - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081 - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_2=Price:11 + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_3_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_3_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s @@ -147,6 +159,7 @@ services: - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage + - ./../../mtls:/wallets/mtls:ro stop_signal: SIGTERM stop_grace_period: 15s env_file: [ ".env", ".storage.env", ".int_test.env" ] @@ -164,6 +177,9 @@ services: - FROSTFS_GRPC_1_TLS_KEY=/tls.key - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_2=Price:44 + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_4_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_4_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s From 145b65222ce965eab8ebcb5141a256acaa60c86f Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Tue, 11 Jun 2024 15:48:41 +0300 Subject: [PATCH 02/37] WIP Signed-off-by: Evgenii Stratonikov --- .env | 6 +-- frostfs-adm.yml | 7 ++- mtls/CA1_cert.pem | 30 ++++++------- mtls/CA1_cert.srl | 2 +- mtls/CA1_key.pem | 52 +++++++++++------------ mtls/CA2_cert.pem | 30 ++++++------- mtls/CA2_cert.srl | 2 +- mtls/CA2_key.pem | 52 +++++++++++------------ mtls/generate | 1 + mtls/peerCA1_X_cert.pem | 33 +++++++------- mtls/peerCA1_X_key.pem | 52 +++++++++++------------ mtls/peerCA2_1_cert.pem | 32 +++++++------- mtls/peerCA2_1_key.pem | 52 +++++++++++------------ mtls/peerCA2_2_cert.pem | 32 +++++++------- mtls/peerCA2_2_key.pem | 52 +++++++++++------------ mtls/peerCA2_3_cert.pem | 32 +++++++------- mtls/peerCA2_3_key.pem | 52 +++++++++++------------ mtls/peerCA2_4_cert.pem | 32 +++++++------- mtls/peerCA2_4_key.pem | 52 +++++++++++------------ mtls/peerCA2_IR_cert.pem | 24 +++++++++++ mtls/peerCA2_IR_key.pem | 28 ++++++++++++ mtls/peerIR.cnf | 23 ++++++++++ mtls/peerX.cnf | 3 +- services/ir/cfg/config.yml | 6 ++- services/ir/docker-compose.yml | 1 + services/morph_chain/protocol.privnet.yml | 2 +- services/storage/cfg/config.yml | 2 +- services/storage/docker-compose.yml | 24 +++++------ 28 files changed, 402 insertions(+), 314 deletions(-) create mode 100644 mtls/peerCA2_IR_cert.pem create mode 100644 mtls/peerCA2_IR_key.pem create mode 100644 mtls/peerIR.cnf diff --git a/.env b/.env index 081a8d0..775afc1 100644 --- a/.env +++ b/.env @@ -8,15 +8,15 @@ BASTION_VERSION=10 BASTION_IMAGE=debian # NeoGo privnet -NEOGO_VERSION=0.104.0 +NEOGO_VERSION=0.106.1-pre-4-g39c65ab5 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes -IR_VERSION=0.40.0-7-gc1cdd5d4 +IR_VERSION=0.40.0-17-ge15b545f-dirty IR_IMAGE=truecloudlab/frostfs-dirty-ir # FrostFS Storage nodes -NODE_VERSION=0.40.0-7-gc1cdd5d4 +NODE_VERSION=0.40.0-17-ge15b545f-dirty NODE_IMAGE=truecloudlab/frostfs-dirty-storage # NATS Server diff --git a/frostfs-adm.yml b/frostfs-adm.yml index 5077431..c8b4e6c 100644 --- a/frostfs-adm.yml +++ b/frostfs-adm.yml @@ -1,4 +1,9 @@ -rpc-endpoint: http://morph-chain.frostfs.devenv:30333 +rpc-endpoint: https://192.168.130.90:30333 +tls: + root_cas: + - ./mtls/CA1_cert.pem + certificate: ./mtls/peerCA2_IR_cert.pem + key: ./mtls/peerCA2_IR_key.pem alphabet-wallets: ./services/ir network: max_object_size: 67108864 diff --git a/mtls/CA1_cert.pem b/mtls/CA1_cert.pem index b278f13..df8672f 100644 --- a/mtls/CA1_cert.pem +++ b/mtls/CA1_cert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELTCCAxWgAwIBAgIUAl4u/vkkFmeCbVpk8qMZFDW33rUwDQYJKoZIhvcNAQEL +MIIELTCCAxWgAwIBAgIUQXbR0CjHcyf5y4N9aSw++jijH6gwDQYJKoZIhvcNAQEL BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN -MjQwNjEwMTI1NjQ3WhcNMjkwNjA5MTI1NjQ3WjCBtzELMAkGA1UEBhMCVVMxEjAQ +MjQwNjExMDgyNzQ4WhcNMjkwNjEwMDgyNzQ4WjCBtzELMAkGA1UEBhMCVVMxEjAQ BgNVBAgMCUxvY2Fsem9uZTESMBAGA1UEBwwJbG9jYWxob3N0MS0wKwYDVQQKDCRO ZW8gR28gVGVzdGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAsMB0Rl dmVsb3AxFDASBgNVBAMMC2xvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290 QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAMVyBc7NiwqjG9fWBv2oObgPWtEdN4a5vBvSzV1f/eQTLGoFwjk9A0gY -PgAExUSmgTgfsIwHr1nSstMwGHh3/TEAKTGFOU3ifDT102XlKf8qKoCFASBe5nRo -WRmCi+SUTLBe3170ZCwMTGNpg4oq7jJVi0jccXFzr6qPRpq97FjxSUZYRCjB/o7j -H+tdrwkUMCwhkMYcs5Vm5pvvdCp+j/AwOvo4fcxDqlXptR5WIOLknWZ1sMvJoS4T -q33M1FhpQ0BANhZrgV2kzSyb6t6MzfDVORPpmE+oGaYbeT3azAYyX1UNsl2UZf2A -QbjB50nbl7A+eCVp8rTRcARn/BFeo/ECAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd -BgNVHQ4EFgQU+0bqFVosQLCN5mK4JVlLv7ZfU44wDQYJKoZIhvcNAQELBQADggEB -AJglNSyga1zX+JLRbTJRch8wW3TM5iwf9FbwgLhEPu4i1ZXFVTjT/roJ1r765YLW -34tzk+SeK0G9VPdz4RS7NigE8hjfPpIN6n+LWZ7Cfs3okqmd6klRplIaQNbptWbc -wRuByGFKUu+AxOW0/QRoYa+qxNwJkeI1/ZbaNhDlHFNOdmuDujcQLdH8C4eWK3rS -juDDRlXKmrGNi09E7n7JI4mHcEVIBJWFxE1J9MTkT9sWJCqTnHyEVzxDHC4Guwhd -8+4bDeHpt/s5wYjtwJObNbZXplvrsZ6o3BMUnU8SJYpwNyTDrn2QDkDEvTbjQHGF -WM/mcBKQM3uekzpp/BDTvok= +AQoCggEBAJ5Kzcp7qw74MqSktDnl3ITFCOJjoFw/lwqv5ktG8pw0pV46cYhIB39e +lPJX7Po8Wi4v+P83LeMgIa0L7rvJmJyQpgdgsqKkFGYuTJJxlDsgYvcJOUK6tA4G +X0/uj4Yq+iaO9HBiU3rD9SvnbXLNRAefxBWqucbjEoP5TYL2E20+gLtb5XCG2TH7 +rR0fvDoIQJ8BFpDd/D3GqEupzZ0pEC3x2zRFZ4MRFV64EFoO/CeymTUUBM3+vPTe +D1kqP6FE+lww8aEg1Y6Q5+Il9nDY/BUvwUYugRxYj4Cgh+ZlmrVYShexz+0NpVHh +VFn/B7vBuQrSWBVlMAVkLeU4t7Oy0C8CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd +BgNVHQ4EFgQUGCmiSSj3ZXOraieVqDfYH7thN3IwDQYJKoZIhvcNAQELBQADggEB +ABO9eWnrdihGe2Pe0AmO8jCCC1u8dD0h2dX4y+A1bL+0Wocvl9aZqxs1OkhHKese +Eg16Uz2Vx95O5h9zMcH+0sazVADmLSUUzAlVE3cWVjPx5wOBBE2ym/nMqwoS1G06 +IUz561WTLInh1zcAVyifdnFpdPKBBNB7iH9zmiZwxXa5XP6JL4qdUNrw7rGfADON +zCWorz0JrURC5nWj47rxUWoyFlT728Whzo5kl6Ynd4/yuwvcRKuCK7+eNIIks2Dd +VbgbnROjSeXG0MKyWa41H4/4gY0TW8QTbXX458gzTfsp9sy82Ih6cbOnDUGaab3K ++OkGsYmEUC5xVYX5e1e4CPg= -----END CERTIFICATE----- diff --git a/mtls/CA1_cert.srl b/mtls/CA1_cert.srl index 8c9b607..f09a4a6 100644 --- a/mtls/CA1_cert.srl +++ b/mtls/CA1_cert.srl @@ -1 +1 @@ -28484A1BD594A9F1C28B5F1E4D45010D923E9D17 +28484A1BD594A9F1C28B5F1E4D45010D923E9D1B diff --git a/mtls/CA1_key.pem b/mtls/CA1_key.pem index e298a9e..faeb035 100644 --- a/mtls/CA1_key.pem +++ b/mtls/CA1_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFcgXOzYsKoxvX -1gb9qDm4D1rRHTeGubwb0s1dX/3kEyxqBcI5PQNIGD4ABMVEpoE4H7CMB69Z0rLT -MBh4d/0xACkxhTlN4nw09dNl5Sn/KiqAhQEgXuZ0aFkZgovklEywXt9e9GQsDExj -aYOKKu4yVYtI3HFxc6+qj0aavexY8UlGWEQowf6O4x/rXa8JFDAsIZDGHLOVZuab -73Qqfo/wMDr6OH3MQ6pV6bUeViDi5J1mdbDLyaEuE6t9zNRYaUNAQDYWa4FdpM0s -m+rejM3w1TkT6ZhPqBmmG3k92swGMl9VDbJdlGX9gEG4wedJ25ewPnglafK00XAE -Z/wRXqPxAgMBAAECggEAAm+9axDfI9p8DFQnPfkgnQu+9hdGmp3HLgnM7Wzdoniw -WXlWAoxFF+jZLIQX41ihk0se++ENJgDh19XHSobIB9iUZDicYBCQ50YnOvyFRyFg -A4Sd/UEAi5GSqRF9kec41vZqanF+J4s/ZCdpXLKk4c0A5lKhPtTjselkAJfiWegF -oAmbIGKHMzaIQX47lawwzmEqvolzVfHAn5ERB/N4bG/LCCwHcQHcXexVvKO6dkEu -ZlaV6E6UF82SuZQ9V4dpy9GTnsfXRe4/u1FKDTikMn05TKmE+dMvax5wUuE9non9 -Q/6Fhv1Ex/GKRXkjMq8ZQhXL6oSqpW/2jQnFnn4OoQKBgQDg+cTEBicbrU4U58IX -WpsMeS21uBTD/6EkJOaZ9FN/GKDV5Dr9H4sFGhTLrYgko5hDb2gVBwDH+6bz3W2O -MH0qH9cMSd5TkHFwrnN6kALICAz9Kuht8wsZ0o7KQ67l8aBKll85xcBXSUdFP0Qa -jag/iycbmQoDumjAjIMJWK1tIQKBgQDgrF0bs16JnjWscc1pI8CIrL4EUA4Od+dO -JuorU9m9bbgRWcp5+DUiT7eAZs+72UW4lhvmjBFjkKnJ5EuzGDtXv8QalzS7wk/2 -wvXkYH6qmpL54xZKcQhB/LTHF5cA8cMpTkawnkbP5r+fKW1xhVnNnhtMVMt0T1+f -FICPUksM0QKBgE/e/MdnM800qurrGNI3vaIhB2RjdSPchnYRj7kKr/YIZVlqjLK+ -1xk5mDZzZkkzt2QBkl8cvF9DbZNYgoOfnWAuK6fWNdNPDacmmCLkK8ieaxYafKhE -SCWjxkPy4Y4LSZARcL9PAKk8f8wK2P/gWOIuYfT/UTnfnT7247KWxANhAoGAezLp -B4SPJYWExx/MVIgPTqLyu2iunI5xXvCF3eZn8rDUi2ciWUma0UrHQ/icltRon/Ro -Lj7GVkOAZz3xqK5z9AUq4q3hc8f0k0qLDYVAUArc53v3wDBFJ/ILq1SrMBBiRScw -Ki9QgzZ0AzHzWpmWCeNV8sBYpFnWBGR4rp6gmtECgYAQd7BM8vVZYrr7xxe4P7Mc -NqaHeMpQIMwxz+jHYUhdD/3x+b+CUuJSbhgHRfJDzflFWta/uU7yvJFS+f7m5qY7 -cm7r0kpgqDY2Xxxc0HhwKH+P910O/t2GiGyiMQ7L718N07bzvGoPpfZ0/uCYkuCZ -IRv6ALK/ouAnK0WH8XhPqw== +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCeSs3Ke6sO+DKk +pLQ55dyExQjiY6BcP5cKr+ZLRvKcNKVeOnGISAd/XpTyV+z6PFouL/j/Ny3jICGt +C+67yZickKYHYLKipBRmLkyScZQ7IGL3CTlCurQOBl9P7o+GKvomjvRwYlN6w/Ur +521yzUQHn8QVqrnG4xKD+U2C9hNtPoC7W+Vwhtkx+60dH7w6CECfARaQ3fw9xqhL +qc2dKRAt8ds0RWeDERVeuBBaDvwnspk1FATN/rz03g9ZKj+hRPpcMPGhINWOkOfi +JfZw2PwVL8FGLoEcWI+AoIfmZZq1WEoXsc/tDaVR4VRZ/we7wbkK0lgVZTAFZC3l +OLezstAvAgMBAAECgf8nUOn+VHq38jJ8gHjAJyW3lg069ZzMOh5i5tDcIBqGQXqG +lZmp4i2jJAaWHmxgN9V/feGAJNCL3f7Wt7XfLRppluGZolgy4a1nmtOoeUjOq3TW +iWE47RovpkZRHYvyobPXoXhA+xhjUveMG9ATgbAyDx8PI2s/tl71rVP9a2xVGYI8 +0KgXRYu/RIk3J2IhffIDGeDZe8oqV6E1Ch3x0yAy4xM6t2raqW4lxygZIT83AgaA +fzu5bRdWDHc2SPXMZq8Gg9HT1FEE57VH4EsaiK7mcg5NKAeeyAriqzKPKb9YVboj +y9Yx8dL5F+v14lx+5r5uWVzZ05Q+1U7xzRKQNrECgYEAyxHfrKmrUVoApaQIsv/N +Szwo9pkU/GC2ogDMduN0L90aaGlPb+vt5szkO5bw5vCt+Pk+Xni8S5q+D7iW1wtK +BqTy0YLrGPh7WVfS8axVtAvN8xXwUl2cVM3+4m++JUHpeEGmHzP/tCarqZciwY8G +mHbtzYx4tIYgnFS5klGE22cCgYEAx40UQ6mWyC9wacl8UlGDnL8oseQpaJSNdi9s +rZh0w7558THsyLYksCvxvB9Zej8f11Tuk91bcLzv/hYjwKCapLefFKAQoLgNU3Z+ +LCC6WCkrreskM6uo3hB99iXCzKqVOAOQcv3jJiJPn0BaJNRHLH7+zfoSIN29Kl7C +1VvSr/kCgYAP+E3g5E8GzM80N5w/h4J7ojWOfyd5WZnDT9DEoMqoYPkMsQuAP8ur +1P01+n7jipYD+IYBI/ma8IZ18gxayRZ/Q0WdWHBovFHnCtMaEnWC/VKrBVSrBZWf +zbt3z1Xi1DYqMO+BkLNRVaE2ax5enoLkRqYY/i0X9VxnLvqRGTwbjQKBgQCdcyVw +FdmQ7k1mSsI7OXH9NZ9obTx29e+ANv8rIcXPxPT2aIwJ+h2Mm7/KzXmOSUxYXP05 +0kiZ9ZnvA40GKjKakP+GCJ3WEiMBndcD/nbJpQJ/4a7YzjMZtC2PEFBZqKbAYZ+R ++91Ec4Ibh20Y7h2ScEmgQBYZtJvTWJ2mNyNQEQKBgBvDhoxafVAcVaZsIBVNfJ9e +E5Oc3NSRplP8Q4L3CamLlvf28KYg4nrqvYeHkZ6JWq6VwBXv9F3g1fxn47tMWnBG +GIY0UJnKtny58Jb6MrPp7YKboMxpigIFbsFZJI7ruh0g69W6oIqBIXDgcvlkAZT6 +Ianf60mgQzKmhNHHTZoW -----END PRIVATE KEY----- diff --git a/mtls/CA2_cert.pem b/mtls/CA2_cert.pem index 59e67da..84194d6 100644 --- a/mtls/CA2_cert.pem +++ b/mtls/CA2_cert.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIELTCCAxWgAwIBAgIURsb3aadMNs6EbRHLMc4CLL8+VK8wDQYJKoZIhvcNAQEL +MIIELTCCAxWgAwIBAgIUFU/P6uIwPnuxXA2smt/gcj2kF20wDQYJKoZIhvcNAQEL BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN -MjQwNjEwMTI1NjQ3WhcNMjkwNjA5MTI1NjQ3WjCBtzELMAkGA1UEBhMCVVMxEjAQ +MjQwNjExMDgyNzQ4WhcNMjkwNjEwMDgyNzQ4WjCBtzELMAkGA1UEBhMCVVMxEjAQ BgNVBAgMCUxvY2Fsem9uZTESMBAGA1UEBwwJbG9jYWxob3N0MS0wKwYDVQQKDCRO ZW8gR28gVGVzdGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAsMB0Rl dmVsb3AxFDASBgNVBAMMC2xvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290 QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBALuspJrObn4Y77sVYy662fsX6iZEx5bqVU/QTI3EiVN30D8MI3bXiJhv -JwhTGmKib0ItbnKitiBSEnoqH8BJ5ov91f1vxY86/b7+2KMGj9LYIxGW/kQbfp54 -Vd5Y+ift38BTIQsgQo6P2FNLj7x3ioO075uVW+SYK8/qG9XyLoCZ06ZXe5qR+E6m -7dz9Vd2y0M7QAE7bBN/0qcxcUcxoPW7/VCNyv29lQHp4tJpoQouSWecXaZ2a4a4S -kDpwfyvPmWUu5hmbSux+H7YKKE9ON0cE5D/Z5N1CbdvmBeV9hj9NxzTGPubgFUsW -hPjSdxjpN1O5AKW24v7GcNC3UA9UKb8CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd -BgNVHQ4EFgQU0+kGQFiWIDP03GME25h0Nek19MgwDQYJKoZIhvcNAQELBQADggEB -AHrXaLIyeaD7lO7siru7Zc5PPt4XnVhiWULeK6i/rWosEx9I1/i5lpBq4vI+MKAO -wBcdEpVtce0aUiBN3ia8HicHDkABQTRktEkKz/qqgRsfLi5jscvplcy/+k/xnNhL -+dCaZDFC1+TpH3enhL6y2Qfyj58sUwQDZmN4n5fQEfWnD0LH7g+SHFczR3Bqapop -RGGfMtexCivXbbYiYOBHN3JWrd8/OFhLlW2JN/o8kdpNE2ERj/B4bMPZQl/gG9tP -A3ugvQKuu2Abbf723+2dDDIrMsf0A3Bq3+EZQVrYBXaT2LkLypa+ulDH5UGRyc3e -D1vqIH16LN5VWd0p0hsJDhw= +AQoCggEBALt25FN+ON6BC+Zoq/YKHtZNUpGDdbrubku+dVvJZqBKgonhvd9f5x5T +4urQTyebHHZt0J7v9iVZ0e8C4+ddReG2R/D0L1b5EKSJps7fnXRiTZ6zyheT5tXF +PjobCqdz1+tFDjs1ARCgOIpgT1/LCnGJAp95uNa63DFJVcLSwCk8XwrHWIKJpBla +LdtlBXAv6O3AqIoO1PB816aYO4kvepnoG2gj18VWzxrUA1T4d73kKE4qpEiD9+sP +xrf/ouBKXepgvvVzyH2ST+tfbc80mWdH1L9bmCOhuIr7Td/3x8CgyL6mqpp5Juul +9oW/4zR60uwO8jt2+mSAvxCnQ/rHyOkCAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd +BgNVHQ4EFgQUdQ8u1e/E+11t2azBZbzCKYSCF3AwDQYJKoZIhvcNAQELBQADggEB +AECiiXbIIGOLYVN99VXjnIkV48GkNTpzzgM9k4tWn81rDmkJROrrevWLv+LyD/N7 +hBWFwDE6C6gdlYuUc3w8SV6SrtjSqEJnKxW4ACLi7gceuToKXSJ3h9BR+0Xij1OV +7biasJs63K2ASaGl/1gxrtHMMMaRYs58/6EOvPrY7f4CdcJOaeypOllSs0Xls323 +HTemYYyQJMHX0J1puUjipCw39ZpTcdB6OPscidvjJp9f3nfwbO4h9+eNlnvOv8L6 +p3gyITdDnSNZzVAXxbrEy5dLPZBwuZ1iFiLw5jeTTModRry+bXPzaTlLt711ULu/ +f9s6LUwv0bh6hwr0Ttq0saM= -----END CERTIFICATE----- diff --git a/mtls/CA2_cert.srl b/mtls/CA2_cert.srl index 7106df0..2318482 100644 --- a/mtls/CA2_cert.srl +++ b/mtls/CA2_cert.srl @@ -1 +1 @@ -2A340296D6CDD0E6A8F678126AC75B1DA2019ACE +2A340296D6CDD0E6A8F678126AC75B1DA2019AE2 diff --git a/mtls/CA2_key.pem b/mtls/CA2_key.pem index b848e83..a6f0a13 100644 --- a/mtls/CA2_key.pem +++ b/mtls/CA2_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7rKSazm5+GO+7 -FWMuutn7F+omRMeW6lVP0EyNxIlTd9A/DCN214iYbycIUxpiom9CLW5yorYgUhJ6 -Kh/ASeaL/dX9b8WPOv2+/tijBo/S2CMRlv5EG36eeFXeWPon7d/AUyELIEKOj9hT -S4+8d4qDtO+blVvkmCvP6hvV8i6AmdOmV3uakfhOpu3c/VXdstDO0ABO2wTf9KnM -XFHMaD1u/1Qjcr9vZUB6eLSaaEKLklnnF2mdmuGuEpA6cH8rz5llLuYZm0rsfh+2 -CihPTjdHBOQ/2eTdQm3b5gXlfYY/Tcc0xj7m4BVLFoT40ncY6TdTuQCltuL+xnDQ -t1APVCm/AgMBAAECggEABhiCHYfITaQ1tS0+qXfm40xQOKn8lEmhjRQbnccycVma -PqdVnOM8oTw1rQQ1/oTUJEwheEESCqlfxu6zVVA72B7d4nt3k+1l7Ibj4SJcwuEY -/StFsE9MT41iYfR15kdzAGYy0+UFBGhmWF5DRECFvpK+mEkY+6si+9UuI5wtfSke -U/hEHyl0pUPPZ3wENYHazsSjVoetx+AfM7iELgUlIlwAvleBZFl8CqPrcbgGeqnm -opYRFgvJvjt+7Vz50No8mJ169RjRix7j/LpTGpLBxzs1y+C6QvvmihYf2oaMmxot -Lpw3EKxu2pDz1KOM1Giby7kTERFkGUr75NQakWYWYQKBgQDocEaRPHBcIbxM+uIA -VphmhqhskZu3AwjlVKDqmurKybeFzihaqa1IaMSCFj4/W6UHfA5UjOT/SZj+bO0I -yLiTo5UVX94bnLHHia6caIcQJNzI8KDHprLkfyfsQAUFMIqtE3C7+qz4xAUCHGmw -7BSyIMIzME6uWVamns/sEDCZlwKBgQDOsr9duotN6vUhkcKybZmJExCiWd4spM9W -AURGQcRDpGwSrmpqZu0UCQyzZs207vBz8/iGf/gN7N1UH/IK+QL2+1FjYIffED9D -SxuBsP87vWrt9a8yF+oIHwIEFMkvUhh0ZKx16FTXiWqy2uFXdTdFlINV0d/Y7GwK -CX7qHBVmGQKBgHcDJd6vZ4iE7Xks7BLoQ9gbEpmkZGpsb12c21fEQnvalNE6IYdq -YYM1wYgqA21Fa1ZNurin+4iLEn8THrrkqz1NAMSU9ZCFxrE4WeNT0fP+K93m9yvC -us4sHTDmBqwFkrvTvGFDlNU66KWQDr2740zhYQ38qgyzSZ6+qg9gqsG5AoGAJogJ -xnY068SGB8j9S3fE7FmiezFXimj6waSgzpwJ8zYec2kSK12eimKZfIQIitcT+fmb -9a67VhU2uSzvWP5MgDAfXvAqw/lqYagJq6aMHd3UpiFrlGIC3ZqyLIKXcnvSVThD -MgOqdTeHrWnCIiSWtiDWTtQ971k7Vq+oegncL1kCgYAG+YRcn8df60u42p9h31bh -JZwROIUK0XJgo3iEAf3SNpZ6tbEd99zn94Wo3w9uTzW/EaxvCsC+WhN9w2M4jDYS -mF1qhF/YsVvge6UML3MMMmM340eIPXA51h/kBPK2b9ShDdYtvGOyk7HAuZB6VEJl -xS3FSzRLPJ6XvlzD7CC/ng== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7duRTfjjegQvm +aKv2Ch7WTVKRg3W67m5LvnVbyWagSoKJ4b3fX+ceU+Lq0E8nmxx2bdCe7/YlWdHv +AuPnXUXhtkfw9C9W+RCkiabO3510Yk2es8oXk+bVxT46Gwqnc9frRQ47NQEQoDiK +YE9fywpxiQKfebjWutwxSVXC0sApPF8Kx1iCiaQZWi3bZQVwL+jtwKiKDtTwfNem +mDuJL3qZ6BtoI9fFVs8a1ANU+He95ChOKqRIg/frD8a3/6LgSl3qYL71c8h9kk/r +X23PNJlnR9S/W5gjobiK+03f98fAoMi+pqqaeSbrpfaFv+M0etLsDvI7dvpkgL8Q +p0P6x8jpAgMBAAECggEADiuHFML5iRZ+D/uHf0CPYvZTSgm2A3Xaw0G+EAl7bWnu +AuToyKxKHwiLCK7LdoK+AwgUxeUwWO04j8JLK2wce43SU39Rq/EfQrpFvP6gIaT9 +ZjdqDKAyyaPWkU1r+Vf2hHBWCnNDBYuzpzOieR4y4UqDw6Q1+ZBqua40zyL5DX5c +9Mp0bXFsN+RVDh+K/9vbL+7vZaqZfe0wQDX1HbwP+u0vcDZjWS6QN09BGoJJr/PL +SoovlVuEsDxoBIadGYtzGlRcLa6k03CI/jYFMKHOnyGFu87bNA8lPy9OCmJOaLgL +Sb5aMkVoVFDZaOPtnxOTk9FRltXn1gWwyzVMJs7dRQKBgQDo/f2S58Mk4Rjudr4U +ds6uamTOazMKlsTuMn0KeiOw3iWIYtrj7DxTRFhK0GR8dAksQCRHkDcQzbofzt0B +/Qtx0bqEp7nLOLxjz/xf5i/h8394imR9IKpr02OvDjpGJ2itl2A3ADpsvrFR38ND +z+CuyZ6RnPw0uYQqHmLWmgxNTwKBgQDN+fd21SsZe0MxhSL98fIZUOenUkxrJMac +NL/JysKwfqXlJYpra8dyzQMoD3zUjIktRp45xKgJ8pUBfphmcUytJNJAW6hZ9A4t +PnxQco2WPLfPSTPjVApSZRttfmMfZk3CMkfJt3k/L+cBD6umBzNHi1Q5ISV62luo +Qh//J5YoRwKBgGjyf1W8r1ndSq2fLt9o5JALvHx+LO+IGgxxEYG2onz4k09rt80S +i9m1309Tru+gFMGp4q2ZeDRJdpz9QO+0W4NZRPqb0kSHudP7y2Im/Up5s+FH9Run +qxwGi9A+SGFxPuVyWhRsNeTlwFlwwTO6XypcBuDwJWpaZf3S0hJ4MTJhAoGACxNZ +3yXvP1uFbXA/RXBxGDNlgXXHbit4EoYzmeIxPdRRj1TJcKVHAEFN3iWXDMbRyYF2 +mJyefIpywLXR9BA7k0PbmmJTVyLscDpf7ON8AYwaRiclhx/Jvkx5gRW+tr2FiN+z +RIF9H4yv2zrAfBj/BOXVDY1eupBrRUzo84tpY5kCgYACptkwcJoaBvJdsql0iH7a +0iCc+xO6rie1CRmcD/HzlWEYrsxDjmI1fdF/k52NPmgqBda38jq3ikkWe42/de0p +GfR+fasq+K5h5FNEqudPW1POi3WG5m4MXljuRt/BXLHvXsnPHwK1vkpUNzViAkjf +XCskokPNc8SDzPWgXd+VlA== -----END PRIVATE KEY----- diff --git a/mtls/generate b/mtls/generate index 153e9b6..2ce8752 100755 --- a/mtls/generate +++ b/mtls/generate @@ -36,3 +36,4 @@ gencert CA2 1 gencert CA2 2 gencert CA2 3 gencert CA2 4 +gencert CA2 IR diff --git a/mtls/peerCA1_X_cert.pem b/mtls/peerCA1_X_cert.pem index d58685a..782db22 100644 --- a/mtls/peerCA1_X_cert.pem +++ b/mtls/peerCA1_X_cert.pem @@ -1,24 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIEGjCCAwKgAwIBAgIUKEhKG9WUqfHCi18eTUUBDZI+nRcwDQYJKoZIhvcNAQEL +MIIEOTCCAyGgAwIBAgIUKEhKG9WUqfHCi18eTUUBDZI+nRswDQYJKoZIhvcNAQEL BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN -MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgXdKU6buWmlZe -PSXfcZQEUp6oxynIKlWTRuoP9NriplfiAcJgpOF39kgjbX4A4qSnkmzo8IgE6kKS -ON/wE78Tl8Ge5f+ZOGM/5enhCPa357ZYC8xQZu41OzrC/h8WFjQG3MdbswJmU0mC -iQPtmhfE94/0uAKKe1Y95Lw9tM55gCxknVm+NlfVYv8H4aywhCuYvBLPf01ET6dd -dE27ngMxKrCtWlBOfIOLbdRykBC7aJ3AJaxvYDx+UniuOwKAKWENcJiNtFaFJXJs -QETtVSh/TqbB5GhOyAMhVWJVQjy1ZtX5hJIIu14oP++oy+Pbw34CDberyxzN220e -FQLUjo+/AgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJaMB0GA1Ud -DgQWBBTb5mXh4pE40a749tShcXo0mfo8QzAfBgNVHSMEGDAWgBT7RuoVWixAsI3m -YrglWUu/tl9TjjANBgkqhkiG9w0BAQsFAAOCAQEAMmGuXuZUerGE00zlB0LY/BRo -xe46u//Tsr00Q75/pSL5nWhuIxDyH/46o0Ud3gX9L1YT+HrN9vRddp0z66mU1ibC -xR+pkqEDoV7UciH0eJPXhmG29dxbxrmfTDLUyrl7b9g/6w4401aeUcoYAvTro6wF -QjS6t5OMHPWs6KTwGxSqVVFKQTPaP6LUFNIDM8gBf+ltbHC6lPp2BsdN8oZm1/BK -qDcdPSCax3XdANpENyyDwTGoqphVpCAd6GCSC9x7arc8HQmKG9xc8loRIWUA7ji3 -z3fKhaq/oFwIpJ3jt9P0m5SnMayFXC/d9tpyab5SAnkFk4fpcrq/RToBShhwQw== +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2JVCd0TRhpsNP +pHxo9DyIGMiuHPdj18meSe0HWbHk3aMLonBmB+1RqJa/7MnwYTFVsb4hajlTCVmd +2xOGA73NWZt3VFLY0tWp3AHqmrqqC7jE1DIXnJPQNesYifKNK5e2uJQf3xkwBYz3 +Gr664U9dAIDJtE3nFX7QWG5k1ozDaeeqX3kylevcgLxyZBrXPozkfggJRrvVFgct +GuLAKdApVsIiCSPRMnTYM3dLgos0gaio5KHWXE6QfpbqC12EIw0fqucmXqjtpa9B +/tIRkRMQfqJ8sMdI9XOwc3G2yGaI5HTVeiyDHnDnb10izdpN8gi3tH3r8sEN8ENs +taaKu+njAgMBAAGjfDB6MDgGA1UdEQQxMC+CGm1vcnBoLWNoYWluLmZyb3N0ZnMu +ZGV2ZW52ggttb3JwaC1jaGFpbocEwKiCWjAdBgNVHQ4EFgQUY203z9j1OaMLZSEa +FGBD6IMQVFowHwYDVR0jBBgwFoAUGCmiSSj3ZXOraieVqDfYH7thN3IwDQYJKoZI +hvcNAQELBQADggEBAACEPUGv/sd/QQDLt/AF8tBiF6O8eDgx6FIrA0GTbb7+5oGK +DxA4F5CTrLz8LnsEqujq6pSaa33WUdEnrh/FlGmdIEwHtCc8dukiff8bWvpTLIaY +TPNUh4Y0Y2dZJ8ienO4OSU9psUDCyDaNmOja/DlfYYeIdSXtrMr10fEQgeIKEYGL +yH1kHrz1aMJvLdk08U1hRlFWApn1JoSAVyWR/uyrUJ7czXEtgbKdVqnuzAGvnn/l +FHHNiQmelK/6aEAa1Cg2Q7Rz+9lszRVZPpBJvHUjeA5N6b7eEFgLdhJSmJV40OeV +6pw9IVP7CMezPBNXjMcj+COme4pK6HY9zHQCiFw= -----END CERTIFICATE----- diff --git a/mtls/peerCA1_X_key.pem b/mtls/peerCA1_X_key.pem index 9f980cc..5cd7caa 100644 --- a/mtls/peerCA1_X_key.pem +++ b/mtls/peerCA1_X_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCgXdKU6buWmlZe -PSXfcZQEUp6oxynIKlWTRuoP9NriplfiAcJgpOF39kgjbX4A4qSnkmzo8IgE6kKS -ON/wE78Tl8Ge5f+ZOGM/5enhCPa357ZYC8xQZu41OzrC/h8WFjQG3MdbswJmU0mC -iQPtmhfE94/0uAKKe1Y95Lw9tM55gCxknVm+NlfVYv8H4aywhCuYvBLPf01ET6dd -dE27ngMxKrCtWlBOfIOLbdRykBC7aJ3AJaxvYDx+UniuOwKAKWENcJiNtFaFJXJs -QETtVSh/TqbB5GhOyAMhVWJVQjy1ZtX5hJIIu14oP++oy+Pbw34CDberyxzN220e -FQLUjo+/AgMBAAECggEAC0i+zhqqR/0hMa1k0lW4IBu+LUsiXgLYla3qP2gv1L32 -tiEAj/NaKCpMxi1oreBEzMPJZRSzxYDEYWyeGVMSYWsOxUMS2rG0jiT78YlDbwpf -cs+Vt1yey2EZD+p4voGedJMpdgLhGtkmdYh1ncz3ejUfTI18JElsdpt3QXJNCxCE -v+vTMRcSRTpPK9diuxIRQecMg5dtQaIvHfY3VexrHz17q4cokmkBsFdewEvWrrnO -sLOyr0pgO2XYbjgLQECmLYDetSZVd+Ud1VWC2lsWWb+RBCefQjscXgKP063JH8U5 -ajbespa4yTMk2HNJiwguigWSom4ukVn+cnIYuoPxtQKBgQDWTP2DQqeftiIjo9e8 -w51WW9/mf72H8Tju5DZd+pGz1LxjnwCh9KMMU7EjMi0SJVjKyOYvon66T1bEJCyY -Xp06Rf/E8dVgdH2ZgdoML/SCOQEXfS7F7fkv9TRvYojh1PUK0pQgeIfmIPTfPhoW -lb6v01tN7hgCL9mASfpAk1E3fQKBgQC/kjGcFleL8c+ruWMy4IFygkM16Fa4v1fa -BfpG5wFQ2eKiYSh2gC1XRzjXy9vue9URXMKsA90Q8uK71fHMkU0s56LG5SyP9pZg -LT79tWoomfdcRF5mWTzRuOojezKNOWnC96BCaC4sni641tPGwr6wI2vnAb3Rct7E -wE/DsSUg6wKBgDoysm5hPbCL//150276GNKJJOcuLcSrZ/DInVMsZ0FVNsw/NCbH -jzgbynFqgP76kYCQyqKJGK10OnYN9OZ0W3Kl6+4KVw5Y1HtJ3nOM2nQ7EubUIk2y -cQfrKZBOTCo4cUu9IGkpEo8WyCmQbflQNXb+iT9Ct9ZwNDs42/OJjnbpAoGACxoX -0enhjPSoilUmEI6+Mbqm1nrue6prFvF9vZopk1vtLGfhBm0LM6GnA6qGxl1azbTI -e1uF9jN9PFF7v9Uz2cRaxJgHaxhpQo2ctutKiavSkABOUDQfuC+1MfUzysdm/6uG -GBMdiexo3MFmaIBkuKR03mBVdcvoaRKUDM05T50CgYAciaSVQBBi1w3jnFsOGmV6 -OeGApLL5gn64tqvP5CorfrqrWksFsdpfBTBuzYoKmWqUdBFtv4kVKdalMyFAa/T6 -o6/rxApbavawj2AACda62K3S6vxHaeVoI0MM22LMVHyJyfM3GWV/KCSY5Rl6W5MM -lX3X+o2/5zBwm06mjXYi1A== +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2JVCd0TRhpsNP +pHxo9DyIGMiuHPdj18meSe0HWbHk3aMLonBmB+1RqJa/7MnwYTFVsb4hajlTCVmd +2xOGA73NWZt3VFLY0tWp3AHqmrqqC7jE1DIXnJPQNesYifKNK5e2uJQf3xkwBYz3 +Gr664U9dAIDJtE3nFX7QWG5k1ozDaeeqX3kylevcgLxyZBrXPozkfggJRrvVFgct +GuLAKdApVsIiCSPRMnTYM3dLgos0gaio5KHWXE6QfpbqC12EIw0fqucmXqjtpa9B +/tIRkRMQfqJ8sMdI9XOwc3G2yGaI5HTVeiyDHnDnb10izdpN8gi3tH3r8sEN8ENs +taaKu+njAgMBAAECggEAOxjlTKcVfz97rCn6oZTo1OFxryg/zhmz1VM4AAQGl3Kf +1YUJQdl9ktqHutKpfIAUYTDvtui/m6Tzeieb8IXjPa6+pdtqm+XgJCH5TzSPrt9p +vhb4/7cyMEJmOkp7s3j62vKNQMACbJXIdF4tlvXGaa7hmlARXJIZWKDwhHAmMLpt +z9t5bW2N/oZOC9lMwmz48FLIszrskVKX3kQTr1rb0cux3SSmDSnd9l8Zu7TMqKTt +Dja2JDYFBTuOpa7WcWLyMHM/1omnRXok1cFKgCURsl487/B6r9FZaOtEQqtElZXB +w+7cB1iG+1q0JXk/qaFtf+5Bu637AJwdELGnJm8gzQKBgQDn7gxvT2vrkQUuQfB1 +URqzJl5yuFsVSeu6xFqmWJORwBhdVO7nqAMX2IGrbnmBslGUys5LlpjN0wK/xMrw +D8bRnqTlZgOG/lTrcZqsqqDOGn6k6oKaufIlt4jVwWzr1R4qFQNe5lXXqJ5Ka7LO +Gt4ej5yJz7PN//Hlrgk3bVjjLQKBgQDJDJf8Ii210W9/QjAJuCGCsbVDUMS92t7F +4GGVLAoY0PHsa8s2RRTQmrgfLa/Zzx/oAZs3tkihxGriZLk/Xvk+VaJY3wIoWCAm +6uskFBtINlt/lqdtbe8nZRONlxUYB20izYHcoQ6RVj/JmpLR8Tib9lyYItKnGltQ +eUOEuwJrTwKBgQDMK648qwEJPf/+icPBsyU7ApLwkMR2CD4Bi2t1ttIp455PQz6R +JkGa01jLbpR+jVjuEF7tAeUAhDqOURKJpInU7MCixVxjkS92mOqeCBNJfN9yFJPm +27yEYX6PFhjpvxIv35G5EDIPiHvYbdjZQaO56ZjXZMYXmbH8DGpGpfcy/QKBgQCP +wm+THKVu0zlU1/EdogpkN8oTPlfQIgcVmyJr1jfKEu5KTbHbNn5xw5BQywxpRI/e +B/gDWFaLRbXf+IH17GVwyy7xOVWDn7At4+ELxUzUz/mRPBqwRuGxW7clkZjFu9mv +/x8Ssh+GkRO/hsXhVQlTjFAdgRj73/7Xhj5fVJGgRQKBgHZzvs8er7jt0bPF5qZm +MFSy8rqgSzaDXbZQsEccIdZmiz2D8mfaj3MnjzRdV9eO+1A/rwYo7+Co740Bxx7D +24AoLhBEEStKWwenLkBq9jDUhlR9+o1E2Zg71w++QV/dmOHSNWZOjWEItFA+IZ/i +lZVCsTptAVe0khSUBYFaEAsA -----END PRIVATE KEY----- diff --git a/mtls/peerCA2_1_cert.pem b/mtls/peerCA2_1_cert.pem index 240bda6..7ed8150 100644 --- a/mtls/peerCA2_1_cert.pem +++ b/mtls/peerCA2_1_cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmsswDQYJKoZIhvcNAQEL +MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmt4wDQYJKoZIhvcNAQEL BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN -MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8xcYfOImxhiUy -irOfnmUmDo9NMLceMsxGj+t+hNkmYZWIRVk9j5ugot7+Wbdd+Ct5rtwezvzSW9eg -XvcyI8hjfdhntl9IxKFCtWtr8Iwjp/bt76//SSnlb0HNp6Ap2IJ9MP758HQivLWQ -Kn3Xu0ps4c+jE6LoFck//bg534NkMWqqsoYpZM5Vdhd2ZEr4i7BFsAW6gPDEr8P8 -wkydXYIsAEaHT4/bRUU/c7NyFcoYRUEfw+7/lxD/0mUZt+nE3EHgMpAP+QmVzhOn -zOQ322muTAWkr758f01Lvsfm/hwPXJ1/9GjRc1Yx7iSrZ8zzRLHXXzSlR5036oLR -MCJL5UYhAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJHMB0GA1Ud -DgQWBBTwfMVj6jdaTRLb/mzemwJb9tz28TAfBgNVHSMEGDAWgBTT6QZAWJYgM/Tc -YwTbmHQ16TX0yDANBgkqhkiG9w0BAQsFAAOCAQEAs/hgu1CJiQblHAT5MtSsMXci -B/Prc02XfFycdMr4HA8z7D4mvJnKtQNp11anEB9xg4UmZzqFj/M+AHv/NLTr92jt -HagtoV1heQuzblLI7kkPwJMFubdjNSRPN45HGH+wzQja1scAgvGZQs2KeM/MyGD2 -PoEYThRFSfxmOFiu198jNhrOl6eDt18eFhDASOySuuUey87fSkqr2QYAqjGNP53A -zo4C9NTBKwQ1o69XXsDOh2wF/TpE9mOGpLcsNYH7Pg/k5asuFHc1CEHqzIFLtjvm -wC01ORlpX+OCjFWa9vyrlkBPdmqv5mmg6tQhaJjjNsRFD8pGkoagP3qAXSrxdw== +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LtYIP1mXV7pn +UIHkLXubW8Z1i/+9mxVFBUBEz8LE71AMtCjjox63sxeK9iklr3gjhgqqRDNjnexo +CEU61iS8814WiTn5gLVbLleaQ7j1u8bGFxxCwsz1trYv0Xr39j41q/j1NpRgb6+q +MhG2HkSZx+h3Fg8s2tNkoMaa5xOD547E6KJPOuQJe/JHeQW5WNmTFf99DdJ1YBum +DP2toblkOtbP/EJ970B6EdEJGmrAjMRaJcvRsgF3fWQpA94NrsfL5rxhS8mZMtXv +l/gaRA9ntsl3uUHcSBjrgBLnhTBTpeBbyEE07jiGVWg/A61f39ULgFCZ8OAA40Fd +oNAKHrDBAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJHMB0GA1Ud +DgQWBBSIu7uWx5liJGDXuaemGYD9HK100TAfBgNVHSMEGDAWgBR1Dy7V78T7XW3Z +rMFlvMIphIIXcDANBgkqhkiG9w0BAQsFAAOCAQEAAZzhN4+6EohtnusOiklPC2rY +063JBG+vbaPI4QpmCdg2Hu+gHquJQ7y2gXOL0VxmQzh+NpOS10c6+U1oVsEEcpE2 +MYwRdVy8aUczn5lpwU1HQqoHI5/J1J9G++Zh4RbS33DZQpA34sqyMjdka951YQhu +Nsgc/j7G5QOra1/CaGQKdjF9rlQKED44V6G/Y67AKHAFfkExubo+Dc/78uVe+UL0 +PPopHf+edQ3xWVB9iDUBDAdhCX0LOs0BowSlYl9rNG99zfI1NLcJC1bHdFJ7e3tW +nIiivTi870w/WCuT5Zf7lYAz3KqjUqxl4PPVyDrxBL1z+h7RoUzDKoSBfpEFhA== -----END CERTIFICATE----- diff --git a/mtls/peerCA2_1_key.pem b/mtls/peerCA2_1_key.pem index f07ffc6..9d7cb63 100644 --- a/mtls/peerCA2_1_key.pem +++ b/mtls/peerCA2_1_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8xcYfOImxhiUy -irOfnmUmDo9NMLceMsxGj+t+hNkmYZWIRVk9j5ugot7+Wbdd+Ct5rtwezvzSW9eg -XvcyI8hjfdhntl9IxKFCtWtr8Iwjp/bt76//SSnlb0HNp6Ap2IJ9MP758HQivLWQ -Kn3Xu0ps4c+jE6LoFck//bg534NkMWqqsoYpZM5Vdhd2ZEr4i7BFsAW6gPDEr8P8 -wkydXYIsAEaHT4/bRUU/c7NyFcoYRUEfw+7/lxD/0mUZt+nE3EHgMpAP+QmVzhOn -zOQ322muTAWkr758f01Lvsfm/hwPXJ1/9GjRc1Yx7iSrZ8zzRLHXXzSlR5036oLR -MCJL5UYhAgMBAAECggEABHt57ZmN7XG9VhKkje/FjS6JBdpx0q0xzzzq6NVpnMdy -G0SYSDjhFC9uqS5crZ+VreOllU0X0Ql+WHzAx/qnbxm/IHe1+GUED9cw21gghiOe -hNftTCjC1N0vYqoUoigifkU1gx5L4UJG8zFX5rfRnj2+mV7ycV1vd3R3e72CrqEr -4fg8JVR9Xj6Zg5A0/FWkFHbrWJu/Ds+BLYs7jYNW02/ajWI0f8T5jiL06vkZfRA/ -WdXupWnw95XZs+JAxqUbXWfEY2jMmeIb0supp4r0wk93zOsLoHEBC2Jizfh+Za0k -bZkE7ebjgwvs9y5SGtFDr/9znB8UP96EMUy7LjuWtQKBgQDvS8LZMTQ6YjdDxnOK -XFULeqCQ1dZMcxnwkuoXFs+1odKz8ybpnrPXMrwwkAv3E60NaZst6UBIebYbBLE3 -CUGsyQkbERNujgiPuzqHI5s81a94RDW32INEm9ageNfRMZV/tpkl9h/Fc6gM9bhi -uPGU4K526+y3lL1d5zMAz48DRQKBgQDJ8yfR5BbVJ95oNBYz8tTAIjV7I9bPS6DE -fibDMV9ozVmnh+9BUrDH+fX9qtF2NVMD+2/AO4MDueL+NqBIIbFEOWpjvABk4p+3 -6HpN4KrTZm4PcqW2R8GFQ14I0oZWfEzLl2ub3myoroH4w7pweymdc3a1nkMnrf17 -77fPZMSXLQKBgATSyR2poTzgB+8ky+VpEQnHMf9ZYBVwaIBx5agLfKpTlbSs3Qbu -fP+EdUihTqxvSBiyHT+iqPoNAf+va4cJd7ps3vMdt/+Ne1yyUG6y6Akk4YGSFmcb -RSIX5g6cAPWlgzbszk92k5NeTm/ccBgFVFFE6h9ZiA73P43qABwvEtnlAoGBAKic -ifymkaG6vekGxBrvfk5EwZ5kl+9P15T3Nun2CRD5kwdbaZmCrvLockgvHN+zOfKz -NeSsS4EK7MkPVteiudyai4dl6nZQ+MWWJrdrA3Wpqe7f7Be65YqcaqC3FU6UTZIW -hNQI63QS75WB5eIQEvjQ9KZC0xMIJAIcbb2NBs6pAoGBAK1IwIVp4hcf1OyCvm/S -r2aUTgiV0dZv0p0QU5H8XTaUWIrNUosOQk0Tv0Vo6l8JTS72kl2aw+fhwYsWL48n -HFI+owm+gxC7BveEyypnJm63Yjj7BJflZdxKFdLoKV+aUdQrSsLVYgsWIeJhB6Ol -VsGEydVIUOnoDDtmLB8TYnmQ +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6LtYIP1mXV7pn +UIHkLXubW8Z1i/+9mxVFBUBEz8LE71AMtCjjox63sxeK9iklr3gjhgqqRDNjnexo +CEU61iS8814WiTn5gLVbLleaQ7j1u8bGFxxCwsz1trYv0Xr39j41q/j1NpRgb6+q +MhG2HkSZx+h3Fg8s2tNkoMaa5xOD547E6KJPOuQJe/JHeQW5WNmTFf99DdJ1YBum +DP2toblkOtbP/EJ970B6EdEJGmrAjMRaJcvRsgF3fWQpA94NrsfL5rxhS8mZMtXv +l/gaRA9ntsl3uUHcSBjrgBLnhTBTpeBbyEE07jiGVWg/A61f39ULgFCZ8OAA40Fd +oNAKHrDBAgMBAAECggEAAN9YQd/zhzybt2JZ3qdm+2zEpHbU6oYaW+c1KiPmwn8+ +63WBSxCZVF7o7LZNwMeFE96AA0aE9xc/9Wl4SYFb4oJNU9+A1rOSIm518sujPetS +Z8TzAoSFqxw99AjWFe3Mqale9qmkixyWbKuuHYxY7atdUc9j2NU65XQDYQ00NPT0 +g2GYXqi1fDam4mR/GqgnbwTYnCMRfbTp61E62n3g8UeTDX5gwLjiRiI2f7MaKQM/ +OzYa3nLi2YrNbk9nm/QfWSImSX+htD7vzF11GJ90SxwnscjbJyDZ9x/GrJTsT4MU +kC26vuj86MXRD0+JnS1B89d0zp1TTqDiH1mqh13DnQKBgQD1tfnio4gJNBbxP4cG +ltljlEOTPkTnMABYAXUmK8K5cXxdzMbmBaPY6Ih27X7PsMNtN4OcWr1fJfzUSlOp +d/NbBJBWn4wUArcENmlpCD4MlhnLT54APr12R5+5UxzMRAzXomYNJLCNP3R49N5F +jiV0Qs1OaeZueRrkyLBP/4u3ZQKBgQDB+rhXDuKsnjdkFZM/M6ovQ/CIji7rqMKG +lwAB6dDWTl04Y/DO6+WF+vOYUJicq/STqPbSS8YkwGX+f4Jmx90ej+O6X/wB2zM0 +ifh9+fgYSNKHgvsRdwHU2qGG+5e9uCE/3ZA0/y5f91YWRxvX5g694RDB1ViJBIhb +5KO5fnxkLQKBgQDmn8SI9mc0BEFYdQE+rQ4kSkBXDwZLXKGl+NBFYKOnvZ42yIMT +2c1dRXz465ewR0BW3dlZQ04l5Zj2hUEbeqvfDVyRAbXP/nBbstqjrAnZdHWHgBZU +Mo9QWo/PufP4whKvvw08Xuib2yhuc5/A91euVRkw9XNE08TrYnciz0ALhQKBgDnP +y1jG6u+fR8rgUz4m27WyfeF03q8FYNRT9ICdeswkFsxTnNVOoN1JaYgfnRw0c3P+ +i3EpfCg/3yX2Qpr3PgN5xtko+iZjeeNSq2iAM1ypd3VDqCgQW89gSXu9SAAW/HHY +Sr5Av0WCpXmGP9ocipA0n5XlS7mqTCl2/wStmc0RAoGBAIJmrLt0TCJ1kh8b7g0w +d+Bt/4oCVDgyKt9MOnBmPXBalYvEICLQIQ3YcXD0Lx3yy5MKY5MfokMUek5NSdjK +UIBYhOhgckIrfT924zPPQqp7OnVAPIgvCZASBGmof2ithiYl/g03S0ZuN2bIcDEM +j2JMnyCeSFqln72tzeMm6M0O -----END PRIVATE KEY----- diff --git a/mtls/peerCA2_2_cert.pem b/mtls/peerCA2_2_cert.pem index 94c5d8c..e82cb71 100644 --- a/mtls/peerCA2_2_cert.pem +++ b/mtls/peerCA2_2_cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmswwDQYJKoZIhvcNAQEL +MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmt8wDQYJKoZIhvcNAQEL BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN -MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjIubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzyQARfBnOBJwd -EuyhraTu8QfncRFT8GGsqLQPY+M4xllGrbNjMhE/nRPBtPGzAVHHspgLddGh2+pu -CBqSLt/ts/pvOlmaXL4yxlUaXwTlpSQ1stqtuBMIAhgAsknwGngKYJUQWmj1UdI9 -76F99cY4WENuqRNji/tyyPcx6om224VQoe4T14HiuenuZb0b2uadDIRpw0cQnoRF -Qaj7A88aXQenj+69h2YcFqiXYYFUHQsMRXm4rq9OGynHTCTxmHg28kBhJFp+ADk0 -mVzurellU/Fx+I91eQw+AeRZ4NtPW+WmRvdP/NsKUCUD+wkS926p/wXOxrUI+0sd -SWwgNs19AgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfdHdvhwTAqIJIMB0GA1Ud -DgQWBBTlq+XQt0tw0n3v6qd4Fk7rsl49EjAfBgNVHSMEGDAWgBTT6QZAWJYgM/Tc -YwTbmHQ16TX0yDANBgkqhkiG9w0BAQsFAAOCAQEAHQfWlOo9xxiFHCHyjyheFjV+ -EKuayAWyw4yAqH2rdULnzDD6kJtZ2RNb+NZy7XjT7xdhS5CibhyslQeNH8h9SSc3 -7UZvU8UbnolU5kGAs+d9AprOyakl3805ftU2fDuU/oTyQwUvI5wezz6UiZq7PXKv -OnKQWoZX4IWntOFUiaBG72Af+AfCXPOhVWsNV+b/o3h2xeS5UTUPpNo+O5TycTBc -HUlnHcUU7HVttNeY4hEw850L9eaMwT5ZQH+rEyy2zbRxhJmT7uxbva7ZJm9nbkJL -XZI+d2MCCzdtL6l9iLd+CRDRWECLft5uQx0NEUItcVVK2i8fy9bSugegXImR5Q== +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLpXZ2amr7CS0J +MPhf3u/xizep+xZcXOryubo+kGbkr9QWmq/lDvIUNv8Jpdb24oq4qjTOCUMMY2le +6gEmJF0/z7bZMmPEpmsLvIKQap1JpnfAmgxx7qv05S2FgTHv/nhlb55MLItA7HVO +HDfbvtgePrRIfjm+EfAFT8x4+Vhf6xPH5E+Wn8mXH+7pwloHG8/gGefo6FTpv5IX +vaRkRxeDD8usD5DdiIWruJ+BiPpOS6BkwbPGBOWh747ZXk59/afve0MnTszoO86o +zniwAfGcuNCSsJxaduReaVddE0NqRrOE60h42zBGr2yxRkC1IoKL5Ae7kDcNLfIf +bgoCWk/zAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfdHdvhwTAqIJIMB0GA1Ud +DgQWBBTCguoTciQNYyd3tCacwGxeRLvcsDAfBgNVHSMEGDAWgBR1Dy7V78T7XW3Z +rMFlvMIphIIXcDANBgkqhkiG9w0BAQsFAAOCAQEAEPHDVLCv7J+nFKkLrWcAuUlr +vtG11Z5cFowlwU+L3W2jqAcnANCAfz4FOgj6Gq0PGzKhqtHwjztvRd8zyTxpdVw4 +D7cU6OQKBGw+Grcyhj/eN4zUpD30oR/vxZS1zfQl5jasw0TYQUbjbQZz1d0n9NAW +eZZ//aprE9EVbzQIirbWGC6ORKqws3k8/Pf6o5aow31puJDmOn26ISeWHLrydBHU +XjxK3w6/sY1ioTNUSuGkZzM/sDeG1CRrhc50tRtuL+p/v35CLc2cd7LXBUBxnnqH +DtsGtlUsk6WHwYXqAeREZypVTCkTcQ5OOPur080TOIrOJilRGq6yre+c6wjhow== -----END CERTIFICATE----- diff --git a/mtls/peerCA2_2_key.pem b/mtls/peerCA2_2_key.pem index e83ae39..81ac27f 100644 --- a/mtls/peerCA2_2_key.pem +++ b/mtls/peerCA2_2_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzyQARfBnOBJwd -EuyhraTu8QfncRFT8GGsqLQPY+M4xllGrbNjMhE/nRPBtPGzAVHHspgLddGh2+pu -CBqSLt/ts/pvOlmaXL4yxlUaXwTlpSQ1stqtuBMIAhgAsknwGngKYJUQWmj1UdI9 -76F99cY4WENuqRNji/tyyPcx6om224VQoe4T14HiuenuZb0b2uadDIRpw0cQnoRF -Qaj7A88aXQenj+69h2YcFqiXYYFUHQsMRXm4rq9OGynHTCTxmHg28kBhJFp+ADk0 -mVzurellU/Fx+I91eQw+AeRZ4NtPW+WmRvdP/NsKUCUD+wkS926p/wXOxrUI+0sd -SWwgNs19AgMBAAECggEACG6wLGHFLKxhYLXrXkTwkRpCHBkDSBjXxMGjGmKwvMNS -DiM/bSX8xZ6AMSwKHX99frYrdMQmQwCqoCKmRMt8I/nDg5wf9kImoJqJUZ1gM5L/ -xDrOKdFrp34NP3RQf/mGpLpb23wmFpvrfMCxZiDhygqnwdG3z70FAocwnIlLEF+E -1JiJxXsf4EbWP4B7oUS6p779yKE3SGC4l0fEE8rYCn1h686CDYksQpCpJq8BaGHJ -KNr0ABe8Mmsn4t//GtggTCbQdmYDv0t3TdRA4yUU0UF59wMOJb6EEJCJBXne4+7h -6N08oSjoqmV0lu3wdIvotZkYhA9W8tC7+0bx67R42QKBgQDcXX+/Jx8yY+26mISK -1ixmClWfV2RILLffv2C14TnugvSyz7xOIYETAcNmUvXC5XRzZNVieA0PaJOqJ9xA -tpficqarY+Jk8dbYAX+Nzv+NgNN+Dp/o5YaBvIjJx1uOPWv5TGIXtTa6qT7kY5NJ -3zwWrF/2bxfKYlSmYlgx+32hWQKBgQDQ25muRGnPtrziO5r8asEgZUVwmCUL0xtI -zqe3fojTgk5IoFdLCmoXAseDMxBpfzhPi0dcWDOiJAmJVuHYbQUDILWd8PAUZRJS -pXKwAVCCogE75K7yqH55AnQnXix5WOWQPG7TAQ4SnK4DbVzeAWtUM2N2Idp29S4a -lENsc15ExQKBgF4EgjFTBqtgGRhIZBw7/ltWw2slRQLKGXUb2K4gtq+9LZtwp/2J -q+EpGm34rSQG86Ub+zJ019WgH4g0U3NEtA6ILfXnurqot6oXEY22KC/+K72XjcA2 -1Sla/91e8gAA0qVdYmiNBxmihdO5bCjTVnax+otQoIzXYRhP0yMYEmSZAoGAMV/I -u+bWcNFNY9odcJC4KTVnrg95qor0h0i7Y2iZZg8G/KpTGJ1UqS3yBnUa6yW1JTDS -5OTBCBKm4n3UlDppley0oqrjxp6CL2GHdE5LPyaXThZouVrV0zueQ/RCZUl7s5Zl -yKIWNpYtmQfQjXcebWBcof+syrR5erUUH15CqdUCgYBhCqvXFs/LQXkDu/Ef8eSZ -Xn1SpAdwZ2bN/xfHI/QdqjcElKzkygjOpmqbqG1zHDJzFm2jkaQLDLoiJEtYwEyz -xnKPFhJFcveUuERtL24WFLXfCoclFZ2LC0gdCsFH77fWS4Hy1T2ushdZIs2N7GNs -VDT/nJdGB4MKGJ1M3pD12w== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLpXZ2amr7CS0J +MPhf3u/xizep+xZcXOryubo+kGbkr9QWmq/lDvIUNv8Jpdb24oq4qjTOCUMMY2le +6gEmJF0/z7bZMmPEpmsLvIKQap1JpnfAmgxx7qv05S2FgTHv/nhlb55MLItA7HVO +HDfbvtgePrRIfjm+EfAFT8x4+Vhf6xPH5E+Wn8mXH+7pwloHG8/gGefo6FTpv5IX +vaRkRxeDD8usD5DdiIWruJ+BiPpOS6BkwbPGBOWh747ZXk59/afve0MnTszoO86o +zniwAfGcuNCSsJxaduReaVddE0NqRrOE60h42zBGr2yxRkC1IoKL5Ae7kDcNLfIf +bgoCWk/zAgMBAAECggEAHUtmkJ87V3RY9acFO6lSw+Ded4XGkC/Pnm4INCLKomAG +tt+2qNEvEqhcpLMmCqrJAMp/QRpE+l28lSo9UxLNFTZYm8LrZij4Yh5Se9rSWHtp +Y5vlaWhHdTmYhEly+Q6WnCTj1RpdR9AcCcn2YRaBeUxU287ImKZ07BawF8DqrRVe +YKOEdBDHIXkmGswn00L3vbnoexVryJeIBcNKsQOJQq0SeE9YHCb52U+iifWwEK6d +hucft0cHatP2ogW2b7GfP4040M9cRn7P2Knl9ORL1VqqHRKS3QvxKfKoXaopaRFg +C32qWo0pW050kYtsA9PJRFYHRjjGFV6AP/lLBw65kQKBgQD87IhxpKwOIW/62ceu +cyEIFI7RLZf6sX9HG7aJMV6/vIaWSS1I0ICLpBOVon39kf4/8vNeEx6pY8gIeg9g +dAcaDsg/nS1gZynTOVgFTC9Z+5UwX4Azm+bXxFzR2jcOOAMXxjMFx/rliS1Lgdrv +QfWnr/DW/aKz3KEUO9imCdnU8QKBgQDOH4GVC91n5e/VG421hNU9OEse2eSC84ci +2wbBJVnsUarH/0W1z1Vk+HBEhcsNEpTCsH0A5c69xizOueL9zgEQinv2I04M1DAn +vSG9G1cSz+01dl1Pn4RFoSCl7M2Yua0kRLVb88/TP0/6fWvKsDzcKMagb4EFg6eV +af9m68ljIwKBgQDhWX5YgvgpvvEe+FtJu5p6sJZvGciHvQ5CNRb2Nd7NxxPDY3/N +mLhvsskgUZ8gBqwaHkVoVHDFS/o2U0rQDZEmTnVs+IYtlr1VTYp3beHisp3Cc9Su +JwIOzQ5Gi77yFEXtMNLVG9EYIpkQ5apD8ukFd2WGqIYG61U5yfjGN5C2gQKBgDKP +r+2rt2fhE2+nDp/UMaqOwH6U3GTy79cw+vst+lzpu4bLq4HplfzqpD9qwmA2ip8n +Q8KQnKIYlq0vE+tGOSShk77Q8jhbZGSbFEebCUToFDvlCQabDos19xg8ekJYaYxX +/lTL/dLH2QqM8YAKsyMeLXr1XyTHIriYA7pvZDsZAoGAGwU0vmfUidqcJrFuQ3hM +z0lUUpvUAIqlpE//NFQay3qA68Kt454vMDYpbPT9ZxW/yF39kNHw8PSWSBaomF3Z +6n82LiL8O+SNaHeGstNj9ATUn2qPFotqUozDKa3A3RxVzXGzCFQzrh7pWcjH7cOd +scdlOJZhh1kr0eW71OqcKJU= -----END PRIVATE KEY----- diff --git a/mtls/peerCA2_3_cert.pem b/mtls/peerCA2_3_cert.pem index 85e790b..8e6053d 100644 --- a/mtls/peerCA2_3_cert.pem +++ b/mtls/peerCA2_3_cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEHDCCAwSgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBms0wDQYJKoZIhvcNAQEL +MIIEHDCCAwSgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmuAwDQYJKoZIhvcNAQEL BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN -MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjMubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtB+aHfuEp1Vf3 -ud7QJElg9o9X3E5x/dX1IE8aom17ZLuqSP6Pjfh2nSaNlbO9pGZKHsUWcNwTCobI -gcrfacAlF5OQsr9PQ6EA1ocfgTwnmrWxQlVahdRTHSccVpr6ApIhCaydhl8ljf9p -p0HhBJY9s4zPsNTYDMe6gKqGi9paWX2xDhEzNKSv10kjEefN0vu2WVD/qVV8dM/o -AZqX86RCsx18vLZuMJbrgHty0fl/kXzxCcwJQ9RZCcdSuqYMclZJ2Vhi1vGnTmoR -VuyuMmPaJczHlAmpCilFRGX/iF0bHqmgPv/e32MlFlp6+hYuIipNugkeNZAfOdcX -pL2rn4THAgMBAAGjXzBdMBsGA1UdEQQUMBKCCm5vZGVfdGhyZWWHBMCogkkwHQYD -VR0OBBYEFCRlGMdTEqC5eOYQ9I84naLiwTzrMB8GA1UdIwQYMBaAFNPpBkBYliAz -9NxjBNuYdDXpNfTIMA0GCSqGSIb3DQEBCwUAA4IBAQAKDSQ2f6gsoFHaGeq0Szro -gXL4E/vHRDoNeBu2NcwWnzbPOlZmHRoG8UgBcU4zBbwzt2w/TOw5s7eTTIwfveMi -X0NHW8ElMmEHpGyF7KE70rKuxcl/BIDabX26ZG3u5luP9GwmgWhgJ/OrzRnI6cnO -GT85l0Q7crEyhRjPegmvSZFJ+2d0R5KXQVTtxOtp3XY6+EBfyzukJhn8/7RRXSg+ -RFWP9yz52jTJG3JO0jGo/9btQoWzQkDpb70scRRUxKXJdGPWRZboy+3aaVyBn8LC -La7Fhg/BMEKXWKH2icKI6/KUFjpcQ1JRBcO0TeRKbrOW8lSjefUSRfDAhpYNFqSn +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMsMLbfg9Mtgvr +K9LvlingAgU5c1XfGMkQigbShtVyiknwx7HjAX6hQLRvcIG/S9LOG48YHbI9oEmP +8goZW/umZPHnwPJpNmDaPPZMkoTNwVXrCq/fbjoiY038zGCLYzBzwBMFzu51sraF +GZnAW3az5m7l8d6xXOrhbxISGkhCVJaVEBu0eGt7bAxo8OwJmt6t8pzVWFwNq9lS +dMGqwudmzY4xMs6W2ie8BODOmXIAya5X0yGDwFA0nUIeTMjQK3PqezOTaARz1Eol +L87I63XN+bl1nYLYdPpwREqXDiIYEq/t+JmuTja3Bs90Qp6n7GWxPz5O6SHjyair +sgwxJb1BAgMBAAGjXzBdMBsGA1UdEQQUMBKCCm5vZGVfdGhyZWWHBMCogkkwHQYD +VR0OBBYEFBsOHOXvrx6XnQpEIXw3XU5XsuDHMB8GA1UdIwQYMBaAFHUPLtXvxPtd +bdmswWW8wimEghdwMA0GCSqGSIb3DQEBCwUAA4IBAQBEgeew/row9fTrpQjlDGTn +4vI21j2qjIQx9EVbSllogiWRuVLDoMvWi3cOn77jnNEDDqjxK0ocuZRvulyx/65Z +OMsXi2sHDsbM41RLAy/Jw1pbxzK2TkDkEja5kKb1YPrvZd+8h0EUJ8jtgzTEfBtH +bt32vLkg4CsznRIcdW2oeolJwS4MH7XVRF7X1EBvSO8pbRxHSCQHzkcfN+8b1CVW +xJTIcI4bbcaHTl/m4osEMGjOiQwgg6yloFQ7wqF1xP97+ArVL9FXIyVfTWFedY48 +AMSCDgESHgweU4YeH9Qo5KJZU9iUOVKSmArK8xD6QSWZjfANOcP8Fwcyh9o3n/tl -----END CERTIFICATE----- diff --git a/mtls/peerCA2_3_key.pem b/mtls/peerCA2_3_key.pem index e972c40..6e5637f 100644 --- a/mtls/peerCA2_3_key.pem +++ b/mtls/peerCA2_3_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDtB+aHfuEp1Vf3 -ud7QJElg9o9X3E5x/dX1IE8aom17ZLuqSP6Pjfh2nSaNlbO9pGZKHsUWcNwTCobI -gcrfacAlF5OQsr9PQ6EA1ocfgTwnmrWxQlVahdRTHSccVpr6ApIhCaydhl8ljf9p -p0HhBJY9s4zPsNTYDMe6gKqGi9paWX2xDhEzNKSv10kjEefN0vu2WVD/qVV8dM/o -AZqX86RCsx18vLZuMJbrgHty0fl/kXzxCcwJQ9RZCcdSuqYMclZJ2Vhi1vGnTmoR -VuyuMmPaJczHlAmpCilFRGX/iF0bHqmgPv/e32MlFlp6+hYuIipNugkeNZAfOdcX -pL2rn4THAgMBAAECggEAHzBkcZzM5PPJJPQksO+tZiBbYTzAZ7h2YFBViFQqIsvw -86myMVKFiJoKGiRCJ+iLeyJMXbURCEJg1N5bQwWHvnm5NZeHm9byxwjzc75OG4n8 -cWwgjg5BD4StAkoVD2OqNcWvnHSzbV4fZxgWj5TKbikDlMqYXytjVpOanKSnYS7X -ighflNa+gbLq2sEOJEOv0i5yXvM8SARnVeIwMLKSLDjdHWnBtG+VYrs7EEbcigkw -9TuflxuYyU96gTrUNP0Bw6SKO6x/57UTgxuDab4NNNadExo+NO8KQ2c3+kgghfUm -j2+sjbq51TGUnDjC1FiX5UV5zvAXU/c3eWnT9LQnJQKBgQD46Qw6JV2iNm6CfjME -dBm8emasCs8sLv39CAIUXEERYQYdA/lPyR8ObULi4JSYOGDBr1uJPXDRgr6YZhzO -KICYP0RrHz2L2CkFjc1WhUUm7sdkxLcY4yzLC4hH5qUOXMoW4FHBiS7naau54KDn -qE+xRQQyoPa2NXUtA4polkyCfQKBgQDzyDuAmee2ep0kGzfFo8vMZYP8rr6qOQjT -T8+bwljSLc4mxhH980S/VEpWZnRk6u7qxZMaanotiyoiEF0k0/Ot5wItGSBCo7r5 -ugaju9hqHr8Nfb16irjkf5olJdAuODedG4+7XI2wabFQ+aj97E0382Y7Sq2HXl/w -wf8RwPejkwKBgQCa/jsv5d6VSMGtnjnUdxsjgzB1xtFUmPptWlQ5K20VDk6JONVA -+mLNT/oLXn8I/mo5kSE1pz2eKITYTxV2xj+1Dghjj/N6JiL9I1yOmLQD10HwHJJK -/AMDeG3nH9b9x4fLkOk3012Smfll6FsphWQCZZCEmjimI0mQuxivoY+I3QKBgBzz -b5WTMYBrSVQrY1E2ZZKNj8InYn9GrLSjqs0dpHy5cd0K8sIM7OIn+XgPTM1bVSpO -cmzVrlLQTx2igd1IyoyhfZGrhThEx4S2wekZ+taHdjr87s6pwNFqEf1NY07J4Fjp -GAWxNSZ5NtSeAaK+OGFnp4FtGfSUkaI+97K9Duu/AoGBANTNJE6RkzkrsKsG/hm1 -xAdXKV01pwR/L0ZlGOV+2bzgS1mLSbe857FVMsHvWip3ZRMowRURo9kCnhVVO6yJ -m8ytBT2yP3wtCpD914VDkblFKsccpw/RaHByyE0DKrrE5fSl4MOznL738fDW0vHI -HzJb9XiJK+LOOspawwUPWu6s +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMsMLbfg9Mtgvr +K9LvlingAgU5c1XfGMkQigbShtVyiknwx7HjAX6hQLRvcIG/S9LOG48YHbI9oEmP +8goZW/umZPHnwPJpNmDaPPZMkoTNwVXrCq/fbjoiY038zGCLYzBzwBMFzu51sraF +GZnAW3az5m7l8d6xXOrhbxISGkhCVJaVEBu0eGt7bAxo8OwJmt6t8pzVWFwNq9lS +dMGqwudmzY4xMs6W2ie8BODOmXIAya5X0yGDwFA0nUIeTMjQK3PqezOTaARz1Eol +L87I63XN+bl1nYLYdPpwREqXDiIYEq/t+JmuTja3Bs90Qp6n7GWxPz5O6SHjyair +sgwxJb1BAgMBAAECggEAHjrOvwQk4KM+1bUBBTbr/p7IbxMnBU36R9yH+b3wYRGm +WOPiftBLh3zFs8hDCTb6rkt9/HBKUMqkLUOa6o2IoqrkL7dxtZ3Se6NRjBPUKYpa +P4kHr1uZRKyI1IMfO7Fi8v1UxzX9Rq7662Omrt9zLkojv7GoaLunHrMSJqVGCFwv +yB7Rd/UYUyoJgZj7k6hev4rvqNgK4zQ2mkdRg5uyU0EHPZd6c3tFSt3vU1K3LhFW +Ij3gbm2ZCW4vimAOA4ryAQLqcykcKwP1VzMl1iw+JCiUH5lIlBqJbL7C2ifYVJeD +FaWUSzEu452sZmqIL9JztLNDEQ5cRMNE8bBEMnbTBwKBgQDp/nL/HFxvRmBf2r8D +0DevasfnsBFfcYZEpBeel29RQ/kM8XRv2N+GBKJUPQ+FLDdZt1TNZ+2TGwiU/OMg +1jiELVYk0uV+CgY1qdYVdrfScXy2l5MgMTNI+Vgb/tBYOefgXkgUy7FRo26FfnAB +rnfT4Peaf7nztu4BkqZTNZKy1wKBgQDf8NAFKVZWphJ+VfoV12TAhU/j5F1ta1Kk +f4PcMD5RheVjezojpW/W9bvLF7dBSOsAYiAWw6l01bbgUCM5Yld5XYp2JTXROyq1 +uPFadLz7Xr5y0+HMYjhvZkfsf+p1uZU9IOAJgSWuNmISTKP2YKPOvqbxiA8nmor/ +mC7NUPYlpwKBgEs4rSctqtlquliWLYnASeZuYU0t4KfaCtvOFHm7HOH3A/0RMeky +wsiGfNivuGmLSU/iC7TskAcWTa/3i9xmgUycdnDoCzZ1aoGd02CbBYT1Tq40E+vp +ZR80aQq246s5Ej2ikXF9+cbQzxrDBqbDu2m1jGNyZAjg6ao/xpBBTKOJAoGAUIdZ +VrHRwWEA/3tNbjNBoNWPsAS78BAK7OqJ8VFL56b9oTN76buhJyzAtjy2An0FPOMM +ZQNBWalMlQdcU1Ng31za4Ldqze234xc5e2zFVKNyWvqElSmw36ZpMMui9WiiGRRM +XD6b3TTjOW9j+sIvxbXbdLmXsYcqetUv51c43LsCgYBtfAZ55PfOLON0vKeSpfEo +MwtsWK+7uCe2ybVV0ddZ3maimlR1sgAoMooDGG+9IsQMw7EYGIGG6PHjQQMb542R +Cq3rWoVsQo9VSfHI1iO+neDsK84+SyJWeytHNqBO0EHdzQl/7u9gudv4Fq1k0HF7 +E+TBh+K0H35VaB2rxKyD5w== -----END PRIVATE KEY----- diff --git a/mtls/peerCA2_4_cert.pem b/mtls/peerCA2_4_cert.pem index e3d6a41..a861476 100644 --- a/mtls/peerCA2_4_cert.pem +++ b/mtls/peerCA2_4_cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEGzCCAwOgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBms4wDQYJKoZIhvcNAQEL +MIIEGzCCAwOgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmuEwDQYJKoZIhvcNAQEL BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN -MjQwNjEwMTI1NjQ3WhcNMjUwNzEzMTI1NjQ3WjB3MQswCQYDVQQGEwJVUzESMBAG +MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjQubG9jYWxk -b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCPvxs2WnHh2X+ -VIN2hiQb9cwLfWAUVaZdTqfXEg8VwDukoi63Cn7jk5ZfDqQtMseprcW085R2Bn7S -Doli+Ama2tpVZIGJ5g2iezztzEE3TXLAEXrB7MTV13HdOSmwlCe9fWhUiv64pqmo -dedBu9fFV78/QTjN3zey5eNSDRwHO6sccMktLwdl0Az4X1Tp7kuYcwwLclWuzeg2 -MAbv8TtxS+nbqJ+1yXWOTpolF8lDnctWpRaeOC2b3ySAbfZhks210S3oJchYx/Q5 -cZ2FGXFOR0Rvey6Tt1k+LmefjfNcFzqB9Y3MvdEWeIKvupS11EVVHi4kovCklWM3 -1l97Tm3ZAgMBAAGjXjBcMBoGA1UdEQQTMBGCCW5vZGVfZm91cocEwKiCSjAdBgNV -HQ4EFgQU/f/Y/hdGTmRlOD5UxQCJz16UnnwwHwYDVR0jBBgwFoAU0+kGQFiWIDP0 -3GME25h0Nek19MgwDQYJKoZIhvcNAQELBQADggEBAABp4Qv0YNPKNyFdho4tlC9R -1o+TACyGxQJKAOvHbNQhdLS0vt8jxDYM0bND9CoNa5A2iegOA87JKAR8d4rpQBk2 -qndxgpPTs9U2nBXz9I2R0BFV9Ayf/mlsMDI2IDbjZEUF1wn/32knPl3X4DtJ4TUt -nwWnWkzGe2IXxI/S9CXmq2RPcAS63Q7w6Ocm0AcPVVQf6LbGA+Gyr2v0x+cGPjfI -/U193cEyd/MrjQp/DhQ1LPV3Ci6+BqkPmwhqE2AREMkq6ts3nXTxB5TpB69Z92L1 -ZBRf0fl6rqIONJLdGtQqoe7w/JZ22Mv6kWOMAv/smt2PjZ+ZuJPQQTPPikCmc/o= +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvSZ8q0s+y+Uzc +XPafneBvlXFoosKBva3cA3OigqOnfG7lxajte6oqFZoUSIApHKriinwbKkKLyxox +KW2ajJKFrPF5QvcJ+AqoHoMoaLU7iTcUnphxzbgSK1wR6mo2O7ocSH9IqntCTbJO +bnLZqDOlqHWwaJppaS+9ELb06VT7Cr6oiRQCP2o5g5dh0yjTYn8CFe6+ZOOQrHSw +EjaZqzHIAJcvgwqGpmFJzbVaFlmrNon5sNZZfSiUabzk+GtlEKzejNTqzjq+Y4sl +B8Mcm0tQzpeX67+bRzrcnG1oBaqJ72QqzTSe/pZH15OWBhTBRsWAExtAbiqACYdW +z4Zf3MprAgMBAAGjXjBcMBoGA1UdEQQTMBGCCW5vZGVfZm91cocEwKiCSjAdBgNV +HQ4EFgQUXmuqD1Cj9H4JcSF3rnXVArC5R8gwHwYDVR0jBBgwFoAUdQ8u1e/E+11t +2azBZbzCKYSCF3AwDQYJKoZIhvcNAQELBQADggEBAEWCIYIdiZDjbKzkjqo5aL7s +zGfBlzv53xuKalJT3Om5dOkI9z/W+FPwwFJyBvhYJ/FAG1IMA8bV7NLcbnE10QSj +AgQoucu/JJWuW4bv2HSYRFTwsGEfznz2XOdJs48OwfVZGP7cNztdLdHJUK82o628 +caL9VBEbzpvSn0TJazNCNU3Q3e7PxhbQMZU+65MgwDOES1v04xCZ+vdV0Te8CGtv +bEVfmPk4XCbNRb5VDpEwuYesJ1SH8xuq4KyYdJlizwDR0K+6WaAmfIAoQd7LpRA4 +xKdKNexUw0PWtNKJrUCIXLaMyxuwzxPfXnHoJhx6+6v+KAUa1qVvQKurQS6ri4k= -----END CERTIFICATE----- diff --git a/mtls/peerCA2_4_key.pem b/mtls/peerCA2_4_key.pem index b157e54..c052b8f 100644 --- a/mtls/peerCA2_4_key.pem +++ b/mtls/peerCA2_4_key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCPvxs2WnHh2X+ -VIN2hiQb9cwLfWAUVaZdTqfXEg8VwDukoi63Cn7jk5ZfDqQtMseprcW085R2Bn7S -Doli+Ama2tpVZIGJ5g2iezztzEE3TXLAEXrB7MTV13HdOSmwlCe9fWhUiv64pqmo -dedBu9fFV78/QTjN3zey5eNSDRwHO6sccMktLwdl0Az4X1Tp7kuYcwwLclWuzeg2 -MAbv8TtxS+nbqJ+1yXWOTpolF8lDnctWpRaeOC2b3ySAbfZhks210S3oJchYx/Q5 -cZ2FGXFOR0Rvey6Tt1k+LmefjfNcFzqB9Y3MvdEWeIKvupS11EVVHi4kovCklWM3 -1l97Tm3ZAgMBAAECggEAAq8PGsvoN78JrDlrtZQF5LMBNjltveovCcP/8qtHtRO6 -Xzx0a8gD184eukKABzXX52LExArHhtfxIaLcyBbIPzD96kcguRCKKLAON/TmA8cY -qkmzigFk+NVot9dF2bA6WlZkviJLga6f0nmKj/Bx+0KKnGugxstqQBkICoau1/S3 -bs9SmEiTS9ps2ZLU+Dx5pDU8nhEA7uzitLZKw8Z/HQmgkYg723648hS2HcLcP1Dt -ldU3TG4DeRoVhzTSYjEeVcy02MnJIglo/LjqXP4w0YMgANOV45KV7podV3wB4y+P -Vq00DiHvFZAjkgIcpwIvYAi2ZA8aNcOi6Npiikhy7wKBgQDltMYZcYt1888GHNMh -uU9CvjLjsTfR56E1mGH7XdwZ704Ir/IltOs3TzHO+51StDi1mmfqt0oNbq2Syc/m -blxl3SzSQHd4tAgI2jQP8deJ8JZdZwAj+F31ScCJDVvwHiUWMeYCY+II9addOlOz -xuhJZmSDv3qbsWXZquZr3HbWDwKBgQDYexoakePdF50HbGN5/b9wsvzHb65JjvcV -9rhIVe5uHUbKXfNu6amss/ixBLtYHkIyf6cDAh/FG+6HT+Ru8GKAdzv+gFiHY5JA -/21O1oddM5UM7k3jH4bD4lJ2OHm3s7ZXIogOxyXK0JqLVhwyLierlDsrzXtf30wv -FYwuzVollwKBgQDb0Kk90e1uO5kiNVVJ0WZq7U4PnBhZszoO6rrg7Anje6CGKbEk -qkPpEs0MULZVXYdjKdZFw46G2iIZ9SwRTAz5obTxoqVxiX6i0gS+OWVUaDnMOfPl -eBiZ0TEBNhqD5qUA31FHekPk5Qd67IUK5c6F5wlLFmKDOTjJGoUUNM43uwKBgCK2 -krgB/uT8HV0MX2M3clRTDz+3w93dw/dMqb5HsUUNAsX+jMOTSnb8IPvZw2Tc7UaF -u7U6yPdlhDlEcV/swg7Rj9g+onOLXu93RgLnWatzUwpQyEKMUqLkjs6QPcxcT/fm -/KRKAOBl1PJU646MYiYcTeS3PXphJylBrknu+e6fAoGBALNdw0bX5ZcuAU5thdsY -16Jun0XzDdgg+VNjHV2OA2nQqBjXxvxbsH1a0IMhjGbZJ5+FBAPqQzQAhYinaFKU -1OAx7+sqZ7pe6x41bq0M8TrtRCaRx6E8pTCL5ttCwEpDSAo2lxxRWJ6buYjGoRof -mk+YbCDDAyXD7C0dSqzSiey+ +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvSZ8q0s+y+Uzc +XPafneBvlXFoosKBva3cA3OigqOnfG7lxajte6oqFZoUSIApHKriinwbKkKLyxox +KW2ajJKFrPF5QvcJ+AqoHoMoaLU7iTcUnphxzbgSK1wR6mo2O7ocSH9IqntCTbJO +bnLZqDOlqHWwaJppaS+9ELb06VT7Cr6oiRQCP2o5g5dh0yjTYn8CFe6+ZOOQrHSw +EjaZqzHIAJcvgwqGpmFJzbVaFlmrNon5sNZZfSiUabzk+GtlEKzejNTqzjq+Y4sl +B8Mcm0tQzpeX67+bRzrcnG1oBaqJ72QqzTSe/pZH15OWBhTBRsWAExtAbiqACYdW +z4Zf3MprAgMBAAECggEAAMPTe/5bha5s1XFaaivoNNR0ID7FlodbYOBq+sSTLkHu +wfXw3MhzX6eken4ugP9tB3wPOpcenzmNrbU+kzQV15t/mkXeih6Y/U7Ux7JdSBs7 +ME3Y4HZDXWDvD+zz9bShBUqTs5961jk8k/cLbUO8pfZsPQ7Xzan12V9fTQZPpqDN +hfE3xhgoWvryhY4Yu9Zjkudjg+rpEgErB0sJPBK5YqqTgg3y6rqSQW8Ol0hEB7NJ +S0emJ0q9K8UAq5+RKZanmnaIX73pr+TUbi4btVuery5kHymq+ippx9D1fOkBQKzV +Y7zJrRi2+w1tBySYA7tHg4GaDe5vNwlB2tA4nHusgQKBgQDhm8MTVzCy5SBavN67 +0NcIKFutFGGi3RkVYBBFdSDfDnxeDW8dcmLd65W1aTZkhweoKXqxN8TabQUkJxcJ +IHdg9XY9RXh1epv0wQ6fIb7kPM5xIJQ+dlLoHVMV1dWTVWkILolWnqcJepcl4iZJ +bFixwPCdYO0X8f1JblskrYdzSwKBgQDG5oQE3T6mMv9uUg068W2OwZfeCINDdn7B +XHs0LYc6NRNIrjNHxfPc37qptQf1K/S0jSErc0VRR3Ya3eRCzNGEMl1zmIv87y1W +1EY4Jm1fM0MDD7KuDG/lVsrcKeogcVCYV2gyPqZAB/b1P9ljNVaVuo5MKkFjlpOA +FSRWUzJxYQKBgQDBRR2toODwMEcyVGB/Bx5fN6upry8hRUVqwVvPFNMvIwq5y8pn +sIkv0dTzjwlwvxh5H+eij8MM154y5WXfhLegEUfUn4HdKkcWOpjbDB6rCchUs3Mr +u1O00wJNT11ilSWgQ7WVxd4UybdYVc800SN+S2oVeGZEQCMa1/YuipXh1wKBgF2g +sVCg3RbbNsY1taijcVEb7GNGWpPtOanH4O8k510NEvDJn7YPhsXYQ0QTxZUxhdVg +Adc0QdMK8pufDA4t4Ap8suTxUCRWal9POWbBIAcKWGcegpvPmvS4MHIHAQEYljnA +G3pbZ2MI3MWBstEykHmXAdj0oydAAFrwmNRSAZLBAoGAFJtkyR8GSJ8merCLAuqC +CN1an5OcuGcYXoyt1FE6VCI/YVQ03c0NCv0FciRAqqybrKaxvJ/qTYD6//Lk2um5 +aSs+PQ/wiGkH0mLI8zAkoqPEBqu+RqP3c9d80mLOwOHT7oPhkB7bSJViEwO5XZKN +ylGmE6Sq+AZ9jCztJ6Tina8= -----END PRIVATE KEY----- diff --git a/mtls/peerCA2_IR_cert.pem b/mtls/peerCA2_IR_cert.pem new file mode 100644 index 0000000..c800ee4 --- /dev/null +++ b/mtls/peerCA2_IR_cert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmuIwDQYJKoZIhvcNAQEL +BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM +CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp +bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN +MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG +A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl +cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk +b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLU9zl6iHlDLQ +LvPKMngsxNKqK+hwoaXuiAXNIGN/MAjWE7RL2bo5Ah0x/359Pi2MWNBBmdVnuDK/ +5UqK+HXli3qZhUWjMwWDYJM9jwhyx00spKfa6+9mVgMesdTix/xRDAFK27UNlJya +q4kUqinvGJaPKgbszUpEyMqOeVKU157tOzPVMWQBYfHJDbHHerd7jHPKlDvXSMkR +TtPO+OojFhXrXlo0Ljif8A6AagdMks1ozvaFCs4fBTIiDJWqLxttilf6GxkEfFqt +Oor3hraobe1OBKwHRI2r9hu7BVg8gjZ+Hcdw7tJ2HtuHfd9d1k+XW31oe6HMVdgZ +QK0hRHofAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqII9MB0GA1Ud +DgQWBBRk8ONdkn0MuaBRHeUuM4iU8fc4pTAfBgNVHSMEGDAWgBR1Dy7V78T7XW3Z +rMFlvMIphIIXcDANBgkqhkiG9w0BAQsFAAOCAQEAZdNGSxGjZSfaZPPujYNC6ZrY +c07mRV3W+NGJZoWvDaEYy3MYZje+wghBJG9nXD4eQ/55q/k9C3AvcM31H2eBBFCW +f6Jcp414NZ52lTCoeDmmRTsggJS7IPE6kaBe3GoUJR+bs/ktv1im+ep/8/eEVf3g +FlteNDQ4kL24m8Ps1CnDLLBM3OQphD3MuQrMpZPSaSKhZr9RJrZ6jcuAcH6uhYZi +c0mevVLDahoGwrZpMnVYHgVOAmygbQv4wONAvrhNgDrKmtMczmIb2q0BIG4Jdtsm +Co1EiJ3/eHL+Vu6MhLWngLBg3Yl0bUZIw/xPu+jD8GmH+qrGcvq3hqSTFHIX5w== +-----END CERTIFICATE----- diff --git a/mtls/peerCA2_IR_key.pem b/mtls/peerCA2_IR_key.pem new file mode 100644 index 0000000..239e6e0 --- /dev/null +++ b/mtls/peerCA2_IR_key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDwLU9zl6iHlDLQ +LvPKMngsxNKqK+hwoaXuiAXNIGN/MAjWE7RL2bo5Ah0x/359Pi2MWNBBmdVnuDK/ +5UqK+HXli3qZhUWjMwWDYJM9jwhyx00spKfa6+9mVgMesdTix/xRDAFK27UNlJya +q4kUqinvGJaPKgbszUpEyMqOeVKU157tOzPVMWQBYfHJDbHHerd7jHPKlDvXSMkR +TtPO+OojFhXrXlo0Ljif8A6AagdMks1ozvaFCs4fBTIiDJWqLxttilf6GxkEfFqt +Oor3hraobe1OBKwHRI2r9hu7BVg8gjZ+Hcdw7tJ2HtuHfd9d1k+XW31oe6HMVdgZ +QK0hRHofAgMBAAECggEAPQ731OYoVRdq95wIJE5CWPdMqzBwbjnaKlLwTp6+TLZU +eMAXpPTcL+QGshBHAuYMxFJL13GZXD3qwPg0xDG4HzwfVeoYsw2kiCrEI/E575wV +VZUiizhR601Qi7wf5+t5jM0lgvdqBuLSEUwslFFSSdORayH/ErJ6ABSf0iqrwOS2 +DmEAi02ZqumLrd41lY72QrROCP/B2GcedD8pq8CKHxgwUk6Gb+jLlyr7Kg2Ubiro +/elKOVdTBClInKLBxlWPXsGbnwdw1WNseh9FoQP71hgJI+HWK4gAZkl7umvLjdFo +I94vSgELmj3hpRT88ysB3dyUwG84bFlmFQAplgZ4mQKBgQD7lk27ysUTCMti1Lud +4tes7Khvx02itGwjI3/UwGcizjC1sGprvfun5btXSfeOhg8kkj+FQ7n+yBY9ISyi +8jUdmPR/DamviYcRUs3xy9XzNiR7JJ1gM/NdgU7FG+RYNMC8lHkxgePQDyYUHSAy +28DFDcG+z7WzYVPqZb8a3mw42wKBgQD0Y8Wkt9UzI6dQEtKCOA/IoZDsrwgMev9U +ZTulJBPY4mO7rS4nfaF2vs6ENwjzjCblr+mWjV13Ir+eylaD5zwc1SOKJtR1WEpN +7HWLcfI8qVerqN+uknU4fXlZmpp+StNYvCQ44QpHJE9dHpMs0htdMl2EztQVupY2 +MC0B6tT1DQKBgFsWoC5Ny+yIUpsFyqfvaYcCaDmQP1uZV02hnLa6spy3aotdxCoe +Lu8rDhkcfrTrdLAZA0aMrtrANs0LJc4ZQ4HjzyHxIG6drHlpMYdJ9byI7cxoBVK/ +fG1uU8apwpLtBptAZmC2VnUOBwthQDcpuTGfOXaMXY0EwA0tqXNg9G3hAoGBAIko +Was5VRlPYD5rYeOdbRZPvtNm5GCEwzntWs0y80ScwhZ5elbFhlHrgmHntUlilg4A +bVuGWTdctCh9LJL4ut7/q+OEKWb2NzWGiO3K9IWhEMgRjgAeyFT87pcgUqagff7m +EHovqqIEudnsJ/NWs+7ZLm0z2wma32ToIspZrk0dAoGBAPhIcZgmTpJmZ4lmYwF/ +xZSSMW2L0P0VYiXD27l17fPL7no9VgBihhki+FxLq5UPvg5M3Nx7EUA20R3RY8tU +hZdwIiLSB4WMzbob7+esPqgs4nTJTD6rFpagt4Bw2/WpJRaogi3SvoQ0lAHRaq+z +yGlQNGg2J3DN7T6u3Ng8VNfr +-----END PRIVATE KEY----- diff --git a/mtls/peerIR.cnf b/mtls/peerIR.cnf new file mode 100644 index 0000000..7699804 --- /dev/null +++ b/mtls/peerIR.cnf @@ -0,0 +1,23 @@ +[req] +default_bits = 2048 +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_req +prompt = no + +[req_distinguished_name] +countryName = US +stateOrProvinceName = Localzone +localityName = Localhost +organizationName = Certificate signed by my CA +commonName = peer1.localdomain + +[req_ext] +subjectAltName = @alt_names + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = node_one +IP.1 = 192.168.130.61 diff --git a/mtls/peerX.cnf b/mtls/peerX.cnf index fc19884..80a80c1 100644 --- a/mtls/peerX.cnf +++ b/mtls/peerX.cnf @@ -19,5 +19,6 @@ subjectAltName = @alt_names subjectAltName = @alt_names [alt_names] -DNS.1 = node_one +DNS.1 = morph-chain.frostfs.devenv +DNS.2 = morph-chain IP.1 = 192.168.130.90 diff --git a/services/ir/cfg/config.yml b/services/ir/cfg/config.yml index bb15b3b..d77d4c1 100644 --- a/services/ir/cfg/config.yml +++ b/services/ir/cfg/config.yml @@ -33,7 +33,11 @@ mainnet: morph: endpoint: client: # List of websocket RPC endpoints in sidechain - - address: ws://morph-chain:30333/ws + - address: wss://morph-chain:30333/ws + root_cas: + - /wallets/mtls/CA1_cert.pem + certificate: /wallets/mtls/peerCA2_IR_cert.pem + key: /wallets/mtls/peerCA2_IR_key.pem validators: # List of hex-encoded 33-byte public keys of sidechain validators to vote for at application startup - 02b3622bf4017bdfe317c58aed5f4c753f206b7db896046fa7d774bbc4bf7f8dc2 diff --git a/services/ir/docker-compose.yml b/services/ir/docker-compose.yml index 048651b..5a62958 100644 --- a/services/ir/docker-compose.yml +++ b/services/ir/docker-compose.yml @@ -22,6 +22,7 @@ services: - ./../../vendor/frostfs-cli:/frostfs-cli - ./healthcheck.sh:/healthcheck.sh - ./cfg:/etc/frostfs/ir + - ./../../mtls:/wallets/mtls:ro env_file: [ ".env", ".ir.env", ".int_test.env" ] command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ] healthcheck: diff --git a/services/morph_chain/protocol.privnet.yml b/services/morph_chain/protocol.privnet.yml index 3af804e..86357ab 100644 --- a/services/morph_chain/protocol.privnet.yml +++ b/services/morph_chain/protocol.privnet.yml @@ -41,7 +41,7 @@ ApplicationConfiguration: SessionEnabled: true EnableCORSWorkaround: false MaxGasInvoke: 100 - TLS: + TLSConfig: Enabled: true Addresses: - "192.168.130.90:30333" diff --git a/services/storage/cfg/config.yml b/services/storage/cfg/config.yml index 6b3e7a8..388bed2 100644 --- a/services/storage/cfg/config.yml +++ b/services/storage/cfg/config.yml @@ -29,7 +29,7 @@ tracing: morph: dial_timeout: 30s # Timeout for side chain NEO RPC client connection rpc_endpoint: # Side chain NEO RPC endpoints - - address: ws://morph-chain:30333/ws + - address: wss://morph-chain:30333/ws priority: 1 # Common storage node settings diff --git a/services/storage/docker-compose.yml b/services/storage/docker-compose.yml index cf297fc..4617256 100644 --- a/services/storage/docker-compose.yml +++ b/services/storage/docker-compose.yml @@ -36,9 +36,9 @@ services: - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081 - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_2=Price:22 - - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_1_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_1_key.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_1_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s @@ -81,9 +81,9 @@ services: - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081 - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_2=Price:33 - - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_2_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_2_key.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_2_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_2_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s @@ -126,9 +126,9 @@ services: - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081 - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_2=Price:11 - - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_3_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_3_key.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_3_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_3_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s @@ -177,9 +177,9 @@ services: - FROSTFS_GRPC_1_TLS_KEY=/tls.key - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_2=Price:44 - - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS_0: /wallet/mtls/CA1_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE: /wallet/mtls/peerCA2_4_cert.pem - - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY: /wallet/mtls/peerCA2_4_key.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_4_cert.pem + - FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_4_key.pem healthcheck: test: ["CMD-SHELL", "/healthcheck.sh"] interval: 2s From 0be22a937536ae5ef425b338caa676ea0711bbde Mon Sep 17 00:00:00 2001 From: Alexey Savchuk Date: Mon, 8 Jul 2024 10:34:28 +0300 Subject: [PATCH 03/37] [#73] Update HTTP gate docs Signed-off-by: Aleksey Savchuk --- docs/http_gate.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/http_gate.md b/docs/http_gate.md index e2159ad..b6b2591 100644 --- a/docs/http_gate.md +++ b/docs/http_gate.md @@ -22,8 +22,8 @@ Image label prefix to use for containers. - Create a new container ``` $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ - --key wallets/wallet.key \ - container create --basic-acl readonly --await \ + --wallet wallets/wallet.key \ + container create --basic-acl private --await \ --policy "REP 1 SELECT 1 FROM *" container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP awaiting... @@ -33,7 +33,7 @@ container has been persisted on sidechain - Put an object into the newly created container ``` $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ - --key wallets/wallet.key \ + --wallet wallets/wallet.key \ object put --file /tmp/backup.jpeg \ --cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP [/tmp/backup.jpeg] Object successfully stored From d03be14312da6b1bd2f5bcbb113c4594eeaff258 Mon Sep 17 00:00:00 2001 From: Airat Arifullin Date: Thu, 8 Aug 2024 13:18:13 +0300 Subject: [PATCH 04/37] [#75] Makefile: Add subjects for storage and client wallets to FrostfsID Signed-off-by: Airat Arifullin --- Makefile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 051aa7d..9483dc7 100644 --- a/Makefile +++ b/Makefile @@ -85,7 +85,12 @@ up/bootstrap: get vendor/hosts && ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \ || die "Failed to transfer GAS to alphabet wallets"; \ done - @echo "FrostFS sidechain environment is deployed" + @echo "Create frostfsid subject for ./wallets/wallet.json" \ + && subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \ + && echo "Subject key: $${subj_key}" \ + && ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \ + || die "Failed to create subject for the wallet"; \ + echo "FrostFS sidechain environment is deployed" # Build up certain service .PHONY: up/% From f94fa284ece87feb5c6dd9bf18b664da916b2656 Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Sat, 17 Aug 2024 05:50:27 +0300 Subject: [PATCH 05/37] [#76] Update frostfs-core components to v0.42.9 Signed-off-by: Alexander Chuprov --- .env | 12 ++++++------ services/ir/artifacts.mk | 7 ++----- services/morph_chain/artifacts.mk | 7 ++----- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/.env b/.env index ad96218..b414b0d 100644 --- a/.env +++ b/.env @@ -12,12 +12,12 @@ NEOGO_VERSION=0.104.0 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes -IR_VERSION=0.38.5 -IR_IMAGE=truecloudlab/frostfs-ir +IR_VERSION=v0.42.9 +IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir # FrostFS Storage nodes -NODE_VERSION=0.38.5 -NODE_IMAGE=truecloudlab/frostfs-storage +NODE_VERSION=v0.42.9 +NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage # NATS Server NATS_VERSION=2.7.2 @@ -40,12 +40,12 @@ LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a0567 #LOCODE_DB_PATH=/path/to/locode_db # FrostFS CLI binary -FROSTFS_CLI_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/BtA6zWLtoDuDnzxSNkKPjyN5hGuSZFxGuJD1gh8kBwkP +FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/${NODE_VERSION}//frostfs-cli #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary # FrostFS ADM tool binary FROSTFS_ADM_VERSION=498f9955ea -FROSTFS_ADM_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/CjV4S6ENzo2FLK4KxXZHHNW4veR1ATtynGY6Mc1xQ6RB +FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/${NODE_VERSION}/frostfs-adm #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary # Compiled FrostFS Smart Contracts diff --git a/services/ir/artifacts.mk b/services/ir/artifacts.mk index 95b2c22..0cdbdbb 100644 --- a/services/ir/artifacts.mk +++ b/services/ir/artifacts.mk @@ -25,7 +25,6 @@ endif # Download FrostFS CLI .ONESHELL: get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli -get.cli: FROSTFS_CLI_ARCHIVE_FILE=${FROSTFS_CLI_FILE}.tar.gz get.cli: FROSTFS_CLI_PATH?= get.cli: @mkdir -p ./vendor @@ -34,10 +33,8 @@ ifeq (${FROSTFS_CLI_PATH},) @echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}" @curl \ -ksSL "${FROSTFS_CLI_URL}" \ - -o ${FROSTFS_CLI_ARCHIVE_FILE} - @tar -xvf ${FROSTFS_CLI_ARCHIVE_FILE} -C ./vendor | xargs -I {} \ - mv ./vendor/{} ${FROSTFS_CLI_FILE} - @rm ${FROSTFS_CLI_ARCHIVE_FILE} + -o ${FROSTFS_CLI_FILE} + @chmod +x ${FROSTFS_CLI_FILE} else @echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}" @cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE} diff --git a/services/morph_chain/artifacts.mk b/services/morph_chain/artifacts.mk index 3572e69..77a7ae3 100644 --- a/services/morph_chain/artifacts.mk +++ b/services/morph_chain/artifacts.mk @@ -20,15 +20,12 @@ endif # Download FrostFS ADM tool get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm -get.adm: FROSTFS_ADM_ARCHIVE=frostfs-adm.tar.gz get.adm: ifeq (${FROSTFS_ADM_PATH},) @echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}" - @curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_ARCHIVE} - @tar -xvf ${FROSTFS_ADM_ARCHIVE} -C ./vendor | xargs -I {} \ - mv ./vendor/{} ${FROSTFS_ADM_DEST} - @rm ${FROSTFS_ADM_ARCHIVE} + @curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_DEST} + @chmod +x ${FROSTFS_ADM_DEST} else @echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}" @cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST} From 155042343b40c94507af61d0cbc7598dfed995a0 Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Sat, 17 Aug 2024 06:25:11 +0300 Subject: [PATCH 06/37] [#69] service/storage: Add support -q flag in healthcheck Signed-off-by: Alexander Chuprov --- services/storage/docker-compose.yml | 12 ++++-------- services/storage/healthcheck.sh | 5 ----- 2 files changed, 4 insertions(+), 13 deletions(-) delete mode 100755 services/storage/healthcheck.sh diff --git a/services/storage/docker-compose.yml b/services/storage/docker-compose.yml index 8a8698e..fb10974 100644 --- a/services/storage/docker-compose.yml +++ b/services/storage/docker-compose.yml @@ -17,7 +17,6 @@ services: - storage_s01:/storage - ./../../vendor/frostfs-cli:/frostfs-cli - ./cli-cfg.yml:/cli-cfg.yml - - ./healthcheck.sh:/healthcheck.sh - ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key @@ -36,7 +35,7 @@ services: - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_2=Price:22 healthcheck: - test: ["CMD-SHELL", "/healthcheck.sh"] + test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] interval: 2s timeout: 1s retries: 5 @@ -58,7 +57,6 @@ services: - storage_s02:/storage - ./../../vendor/frostfs-cli:/frostfs-cli - ./cli-cfg.yml:/cli-cfg.yml - - ./healthcheck.sh:/healthcheck.sh - ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key @@ -77,7 +75,7 @@ services: - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_2=Price:33 healthcheck: - test: ["CMD-SHELL", "/healthcheck.sh"] + test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] interval: 2s timeout: 1s retries: 5 @@ -99,7 +97,6 @@ services: - storage_s03:/storage - ./../../vendor/frostfs-cli:/frostfs-cli - ./cli-cfg.yml:/cli-cfg.yml - - ./healthcheck.sh:/healthcheck.sh - ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key @@ -118,7 +115,7 @@ services: - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_2=Price:11 healthcheck: - test: ["CMD-SHELL", "/healthcheck.sh"] + test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] interval: 2s timeout: 1s retries: 5 @@ -140,7 +137,6 @@ services: - storage_s04:/storage - ./../../vendor/frostfs-cli:/frostfs-cli - ./cli-cfg.yml:/cli-cfg.yml - - ./healthcheck.sh:/healthcheck.sh - ./s04tls.crt:/tls.crt - ./s04tls.key:/tls.key - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert @@ -165,7 +161,7 @@ services: - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_2=Price:44 healthcheck: - test: ["CMD-SHELL", "/healthcheck.sh"] + test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] interval: 2s timeout: 1s retries: 5 diff --git a/services/storage/healthcheck.sh b/services/storage/healthcheck.sh deleted file mode 100755 index 792d2ad..0000000 --- a/services/storage/healthcheck.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -/frostfs-cli control healthcheck -c /cli-cfg.yml \ - --endpoint "$FROSTFS_CONTROL_GRPC_ENDPOINT" | - grep "Health status: READY" From ae658469a5d44191e51df539054b3f0367bfdb73 Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Sat, 17 Aug 2024 06:25:24 +0300 Subject: [PATCH 07/37] [#69] service/ir: Add support -q flag in healthcheck Signed-off-by: Alexander Chuprov --- services/ir/docker-compose.yml | 3 +-- services/ir/healthcheck.sh | 6 ------ 2 files changed, 1 insertion(+), 8 deletions(-) delete mode 100755 services/ir/healthcheck.sh diff --git a/services/ir/docker-compose.yml b/services/ir/docker-compose.yml index 048651b..4e671b2 100644 --- a/services/ir/docker-compose.yml +++ b/services/ir/docker-compose.yml @@ -20,12 +20,11 @@ services: - ./../../vendor/hosts:/etc/hosts - ./../../vendor/locode_db:/locode/db - ./../../vendor/frostfs-cli:/frostfs-cli - - ./healthcheck.sh:/healthcheck.sh - ./cfg:/etc/frostfs/ir env_file: [ ".env", ".ir.env", ".int_test.env" ] command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ] healthcheck: - test: ["CMD-SHELL", "/healthcheck.sh"] + test: ["CMD-SHELL", "/frostfs-cli control ir healthcheck -q --wallet /wallet01.key --endpoint \"$$FROSTFS_IR_CONTROL_GRPC_ENDPOINT\""] interval: 2s timeout: 1s retries: 5 diff --git a/services/ir/healthcheck.sh b/services/ir/healthcheck.sh deleted file mode 100755 index 88fcdaa..0000000 --- a/services/ir/healthcheck.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -/frostfs-cli control ir healthcheck \ - --endpoint "$FROSTFS_IR_CONTROL_GRPC_ENDPOINT" \ - --wallet /wallet01.key | - grep "Health status: READY" From 044cf99e8dae647abb3706b498b27d00b58b6edc Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Sat, 17 Aug 2024 08:08:24 +0300 Subject: [PATCH 08/37] [#70] Makefile: Make bootstrap idempotent Signed-off-by: Alexander Chuprov --- Makefile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 9483dc7..2f505a9 100644 --- a/Makefile +++ b/Makefile @@ -85,11 +85,15 @@ up/bootstrap: get vendor/hosts && ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \ || die "Failed to transfer GAS to alphabet wallets"; \ done - @echo "Create frostfsid subject for ./wallets/wallet.json" \ - && subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \ + @echo "Create frostfsid subject for ./wallets/wallet.json"; \ + if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \ + echo "Subject already exists"; \ + else \ + subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \ && echo "Subject key: $${subj_key}" \ && ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \ || die "Failed to create subject for the wallet"; \ + fi echo "FrostFS sidechain environment is deployed" # Build up certain service From dd382f8ce048d9e0880f43471d7896de000c0843 Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Sat, 17 Aug 2024 08:08:55 +0300 Subject: [PATCH 09/37] [#68] service/morph: Add volume for morph_chain Signed-off-by: Alexander Chuprov --- services/morph_chain/docker-compose.yml | 4 ++++ services/morph_chain/protocol.privnet.yml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/services/morph_chain/docker-compose.yml b/services/morph_chain/docker-compose.yml index dd44b2c..68535ea 100644 --- a/services/morph_chain/docker-compose.yml +++ b/services/morph_chain/docker-compose.yml @@ -19,9 +19,13 @@ services: - ./config.yml:/wallets/config.yml - ./../../vendor/hosts:/etc/hosts - ./../../wallets/wallet.json:/wallets/wallet.json + - chains:/chains networks: chain_int: internet: external: true name: basenet_internet + +volumes: + chains: diff --git a/services/morph_chain/protocol.privnet.yml b/services/morph_chain/protocol.privnet.yml index 560730a..2066029 100644 --- a/services/morph_chain/protocol.privnet.yml +++ b/services/morph_chain/protocol.privnet.yml @@ -17,7 +17,7 @@ ApplicationConfiguration: DBConfiguration: Type: "boltdb" BoltDBOptions: - FilePath: "./db/morph.bolt" + FilePath: "/chains/morph.bolt" P2P: Addresses: - ":20333" From 439a9e71cfaf3837f16d9c501385c8ed2ff67dbc Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Fri, 6 Sep 2024 14:09:08 +0300 Subject: [PATCH 10/37] [#81] env: Fix typo Signed-off-by: Alexander Chuprov --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index b414b0d..c62cf17 100644 --- a/.env +++ b/.env @@ -40,7 +40,7 @@ LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a0567 #LOCODE_DB_PATH=/path/to/locode_db # FrostFS CLI binary -FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/${NODE_VERSION}//frostfs-cli +FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/${NODE_VERSION}/frostfs-cli #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary # FrostFS ADM tool binary From 2e67acbcb2af952933b87856083a6a926b840723 Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Fri, 6 Sep 2024 14:37:48 +0300 Subject: [PATCH 11/37] [#78] env: Restore version format Signed-off-by: Alexander Chuprov --- .env | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.env b/.env index c62cf17..dea5726 100644 --- a/.env +++ b/.env @@ -12,11 +12,11 @@ NEOGO_VERSION=0.104.0 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes -IR_VERSION=v0.42.9 +IR_VERSION=0.42.9 IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir # FrostFS Storage nodes -NODE_VERSION=v0.42.9 +NODE_VERSION=0.42.9 NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage # NATS Server @@ -40,12 +40,12 @@ LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a0567 #LOCODE_DB_PATH=/path/to/locode_db # FrostFS CLI binary -FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/${NODE_VERSION}/frostfs-cli +FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-cli #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary # FrostFS ADM tool binary FROSTFS_ADM_VERSION=498f9955ea -FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/${NODE_VERSION}/frostfs-adm +FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary # Compiled FrostFS Smart Contracts From 7538bd9b171409fc5eeb5c08d074efe5792db133 Mon Sep 17 00:00:00 2001 From: Vitaliy Potyarkin Date: Tue, 10 Sep 2024 16:45:06 +0300 Subject: [PATCH 12/37] [#83] Honor IPV4_PREFIX in morph_chain config Signed-off-by: Vitaliy Potyarkin --- services/morph_chain/protocol.privnet.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/morph_chain/protocol.privnet.yml b/services/morph_chain/protocol.privnet.yml index 2066029..f1cc754 100644 --- a/services/morph_chain/protocol.privnet.yml +++ b/services/morph_chain/protocol.privnet.yml @@ -36,7 +36,7 @@ ApplicationConfiguration: Password: "one" RPC: Addresses: - - "192.168.130.90:30333" + - ":30333" Enabled: true SessionEnabled: true EnableCORSWorkaround: false From d0c32731f2c468dafd979337ad04af1075d2bca2 Mon Sep 17 00:00:00 2001 From: Alexander Chuprov Date: Mon, 9 Sep 2024 18:59:33 +0300 Subject: [PATCH 13/37] [#80] Update frostfs-service components to v0.30.* Signed-off-by: Alexander Chuprov --- .env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env b/.env index dea5726..17697f6 100644 --- a/.env +++ b/.env @@ -24,7 +24,7 @@ NATS_VERSION=2.7.2 NATS_IMAGE=nats # HTTP Gate -HTTP_GW_VERSION=0.28.0-rc.1-15-g5ae75eb9 +HTTP_GW_VERSION=0.30.2 HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw # REST Gate @@ -32,7 +32,7 @@ REST_GW_VERSION=c9c85e90 REST_GW_IMAGE=truecloudlab/frostfs-rest-gw # S3 Gate -S3_GW_VERSION=0.28.0-rc.1-51-g9272f4e1 +S3_GW_VERSION=0.30.4 S3_GW_IMAGE=truecloudlab/frostfs-s3-gw # FrostFS LOCODE database From 636be7352ebf5221ed66b02a8df85cead7c3633e Mon Sep 17 00:00:00 2001 From: Nikita Zinkevich Date: Mon, 30 Sep 2024 17:04:11 +0300 Subject: [PATCH 14/37] [#84] Make targets for issuing credentials Signed-off-by: Nikita Zinkevich --- Makefile | 1 + README.md | 59 +++++++++++++++++++++++++ services/morph_chain/docker-compose.yml | 1 + services/s3_gate/docker-compose.yml | 8 ++++ services/s3_gate/issue-creds.sh | 41 +++++++++++++++++ services/s3_gate/prepare.mk | 14 ++++++ 6 files changed, 124 insertions(+) create mode 100755 services/s3_gate/issue-creds.sh create mode 100644 services/s3_gate/prepare.mk diff --git a/Makefile b/Makefile index 2f505a9..dff81df 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,7 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC)) .PHONY: up up: up/basic @$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) + ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet" @echo "Full FrostFS Developer Environment is ready" # Build up FrostFS diff --git a/README.md b/README.md index aa07a08..ad57655 100644 --- a/README.md +++ b/README.md @@ -137,6 +137,65 @@ Display addresses and host names for each running service, if available. Clean up `vendor` directory. +### s3cred + +Registers user wallet and issues s3 credentials. + +Usage and default parameter values: +```sh +make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf] +``` + +As soon as the storage node is in the network map (see above) you can generate S3 +credentials: + +``` sh +$ make s3cred +{ + "access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p", + "secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f", + "owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad", + "wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6", + "container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT" +} +``` +Running without any parameters will result in defaults which are based on the private key from +`/user-wallet.json` file and `/wallet.json` contract wallet. + +Now let's configure an S3 client (AWS CLI will be used as example): + +``` sh +$ aws configure +AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p +AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f +Default region name []: us-east-1 +Default output format []: json +``` + +If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter. +Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params. + +```sh +$ make s3cred wallet=custom_wallet.json password=test +{ + "access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi", + "secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440", + "owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39", + "wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70", + "container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9" +} +``` + +To get credentials from custom wallet, place it in `wallets` dir before start. + +### cred + +Usage and default parameter values: +```sh +make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] +``` +The same as `s3cred`, but it doesn't issues s3 credentials. + ## Contributing Feel free to contribute to this project after reading the [contributing diff --git a/services/morph_chain/docker-compose.yml b/services/morph_chain/docker-compose.yml index 68535ea..2c2facb 100644 --- a/services/morph_chain/docker-compose.yml +++ b/services/morph_chain/docker-compose.yml @@ -19,6 +19,7 @@ services: - ./config.yml:/wallets/config.yml - ./../../vendor/hosts:/etc/hosts - ./../../wallets/wallet.json:/wallets/wallet.json + - ./../s3_gate/wallet.json:/wallets/s3-wallet.json - chains:/chains networks: diff --git a/services/s3_gate/docker-compose.yml b/services/s3_gate/docker-compose.yml index 6b43a0b..f7fc28d 100644 --- a/services/s3_gate/docker-compose.yml +++ b/services/s3_gate/docker-compose.yml @@ -12,11 +12,17 @@ services: internet: ipv4_address: ${IPV4_PREFIX}.82 volumes: + # Gate wallet - ./wallet.json:/wallet.json + # Custom user wallets + - ./wallets:/wallets + # Default user wallet + - ./../../wallets/wallet.json:/wallets/wallet.json - ./tls.key:/tls.key - ./tls.crt:/tls.crt - ./../../vendor/hosts:/etc/hosts - ./cfg:/etc/frostfs/s3 + - ./issue-creds.sh:/usr/bin/issue-creds.sh stop_signal: SIGTERM stop_grace_period: 15s env_file: [ ".env", ".s3.env", ".int_test.env" ] @@ -34,6 +40,8 @@ services: - S3_GW_PEERS_2_WEIGHT=0.2 - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080 - S3_GW_PEERS_3_WEIGHT=0.2 + - AUTHMATE_WALLET_PASSPHRASE= + - AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3 networks: s3_gate_int: diff --git a/services/s3_gate/issue-creds.sh b/services/s3_gate/issue-creds.sh new file mode 100755 index 0000000..e2355f8 --- /dev/null +++ b/services/s3_gate/issue-creds.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +initUser() { + /bin/frostfs-s3-authmate register-user \ + --wallet $WALLET_PATH \ + --rpc-endpoint http://morph-chain.frostfs.devenv:30333 \ + --username $USERNAME \ + --contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME +} + +issueCreds() { + /bin/frostfs-s3-authmate issue-secret \ + --wallet $WALLET_PATH \ + --peer s01.frostfs.devenv:8080 \ + --gate-public-key $S3_GATE_PUBLIC_KEY \ + --container-placement-policy "REP 3" +} + +set -e + +WALLET_PATH=/wallets/$2 +if [[ -z "$2" ]]; then + WALLET_PATH=/wallets/wallet.json +fi + +S3_GATE_PUBLIC_KEY=$3 +if [[ -z "$3" ]]; then + S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf +fi + +WALLET_CACHE=/data/wallets +mkdir -p $WALLET_CACHE + +USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1) +if [ ! -e $WALLET_CACHE/$USERNAME ]; then + initUser +fi + +if [ $1 == "s3" ]; then + issueCreds +fi diff --git a/services/s3_gate/prepare.mk b/services/s3_gate/prepare.mk new file mode 100644 index 0000000..c97add8 --- /dev/null +++ b/services/s3_gate/prepare.mk @@ -0,0 +1,14 @@ +.PHONY: s3cred register + +password?= +contract_password?=s3 +gate_public_key?= +wallet?= + +# Register wallet & generate S3 credentials +s3cred: + @docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)" + +# Only registers user wallet +register: + @docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)" From 7152f59232ac5ac763cbb6433331d161f64c56d0 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Thu, 31 Oct 2024 10:24:30 +0300 Subject: [PATCH 15/37] [#88] Remove nats service It was removed from node in TrueCloudLab/frostfs-node#1161. Signed-off-by: Evgenii Stratonikov --- .basic_services | 1 - .env | 4 --- .gitignore | 1 - Makefile | 2 +- services/nats/.env | 1 - services/nats/.hosts | 1 - services/nats/.int_test.env | 1 - services/nats/artifacts.mk | 7 ----- services/nats/docker-compose.yml | 30 ------------------ services/nats/generate_cert.sh | 49 ----------------------------- services/nats/nats.conf | 15 --------- services/storage/cfg/config.yml | 8 ----- services/storage/docker-compose.yml | 12 ------- 13 files changed, 1 insertion(+), 131 deletions(-) delete mode 120000 services/nats/.env delete mode 100644 services/nats/.hosts delete mode 120000 services/nats/.int_test.env delete mode 100644 services/nats/artifacts.mk delete mode 100644 services/nats/docker-compose.yml delete mode 100755 services/nats/generate_cert.sh delete mode 100644 services/nats/nats.conf diff --git a/.basic_services b/.basic_services index 201ea70..845c731 100644 --- a/.basic_services +++ b/.basic_services @@ -1,5 +1,4 @@ # Services start/stop order # Will start from top to bottom and stop in reverse -nats ir storage diff --git a/.env b/.env index 17697f6..6bb3728 100644 --- a/.env +++ b/.env @@ -19,10 +19,6 @@ IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir NODE_VERSION=0.42.9 NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage -# NATS Server -NATS_VERSION=2.7.2 -NATS_IMAGE=nats - # HTTP Gate HTTP_GW_VERSION=0.30.2 HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw diff --git a/.gitignore b/.gitignore index 36e495d..a672692 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,3 @@ sites/* # Runtime generation keys services/storage/*tls.crt services/storage/*tls.key -services/nats/*.pem diff --git a/Makefile b/Makefile index dff81df..c4a6c48 100644 --- a/Makefile +++ b/Makefile @@ -150,7 +150,7 @@ hosts: vendor/hosts .PHONY: clean .ONESHELL: clean: - @rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem + @rm -rf vendor/* services/storage/s04tls.* @> .int_test.env @for svc in $(PULL_SVCS) do diff --git a/services/nats/.env b/services/nats/.env deleted file mode 120000 index c7360fb..0000000 --- a/services/nats/.env +++ /dev/null @@ -1 +0,0 @@ -../../.env \ No newline at end of file diff --git a/services/nats/.hosts b/services/nats/.hosts deleted file mode 100644 index 6ed5417..0000000 --- a/services/nats/.hosts +++ /dev/null @@ -1 +0,0 @@ -IPV4_PREFIX.101 nats.LOCAL_DOMAIN diff --git a/services/nats/.int_test.env b/services/nats/.int_test.env deleted file mode 120000 index 582b6a2..0000000 --- a/services/nats/.int_test.env +++ /dev/null @@ -1 +0,0 @@ -../../.int_test.env \ No newline at end of file diff --git a/services/nats/artifacts.mk b/services/nats/artifacts.mk deleted file mode 100644 index b66cebf..0000000 --- a/services/nats/artifacts.mk +++ /dev/null @@ -1,7 +0,0 @@ -# Create new TLS certs for NATS server and clients - -NATS_DIR=$(abspath services/nats) - -get.nats: - @echo "⇒ Creating certs for NATS server and clients" - ${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null diff --git a/services/nats/docker-compose.yml b/services/nats/docker-compose.yml deleted file mode 100644 index cb89948..0000000 --- a/services/nats/docker-compose.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- - -services: - nats: - image: ${NATS_IMAGE}:${NATS_VERSION} - domainname: ${LOCAL_DOMAIN} - hostname: nats - container_name: nats - restart: on-failure - dns: - - ${IPV4_PREFIX}.101 - networks: - nats_int: - internet: - ipv4_address: ${IPV4_PREFIX}.101 - volumes: - - ./../../vendor/hosts:/etc/hosts - - ./nats.conf:/etc/nats/frostfs-nats-server.conf - - ./server-cert.pem:/certs/server-cert.pem - - ./server-key.pem:/certs/server-key.pem - - ./ca-cert.pem:/certs/ca-cert.pem - stop_signal: SIGKILL - env_file: [ ".env", ".int_test.env" ] - command: ["-c", "/etc/nats/frostfs-nats-server.conf"] - -networks: - nats_int: - internet: - external: true - name: basenet_internet diff --git a/services/nats/generate_cert.sh b/services/nats/generate_cert.sh deleted file mode 100755 index 4c4dd0b..0000000 --- a/services/nats/generate_cert.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -source bin/helper.sh - -WORKDIR=$(dirname "$0") -LOCAL_DOMAIN=$1 - -CA_KEY=$WORKDIR/ca-key.pem -CA_CRT=$WORKDIR/ca-cert.pem - -SRV_KEY=$WORKDIR/server-key.pem -SRV_REQ=$WORKDIR/server-req.csr -SRV_CRT=$WORKDIR/server-cert.pem - -CLI_KEY=$WORKDIR/client-key.pem -CLI_REQ=$WORKDIR/client-req.csr -CLI_CRT=$WORKDIR/client-cert.pem - -SUBJ="/O=TrueCloudLab" - -if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then - openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 || - die "CA certificate was not created" -fi - -if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then - openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 || - die "Server certificate was not created" - - openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \ - -extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || { - rm $SRV_REQ - die "Server certificate was not signed by CA" - } - - rm $SRV_REQ -fi - -if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then - openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 || - die "Client certificate was not created" - - openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || { - rm $CLI_REQ - die "Client certificate was not signed by CA" - } - - rm $CLI_REQ -fi diff --git a/services/nats/nats.conf b/services/nats/nats.conf deleted file mode 100644 index 0c7af0a..0000000 --- a/services/nats/nats.conf +++ /dev/null @@ -1,15 +0,0 @@ -port: 4222 -monitor_port: 8222 - -jetstream { - store_dir=nats - max_memory_store: 1GB - max_file_store: 2GB -} - -tls { - cert_file: /certs/server-cert.pem - key_file: /certs/server-key.pem - ca_file: /certs/ca-cert.pem - verify: true -} diff --git a/services/storage/cfg/config.yml b/services/storage/cfg/config.yml index 6b3e7a8..8672069 100644 --- a/services/storage/cfg/config.yml +++ b/services/storage/cfg/config.yml @@ -35,14 +35,6 @@ morph: # Common storage node settings node: attribute_0: "User-Agent:FrostFS/0.34" - notification: - enabled: true # Turn on object notification service - endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint - timeout: "6s" # Timeout for object notification client connection - default_topic: "test" # Default topic for object notifications if not found in object's meta - certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate - key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key - ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate # Tree section tree: diff --git a/services/storage/docker-compose.yml b/services/storage/docker-compose.yml index fb10974..6a070be 100644 --- a/services/storage/docker-compose.yml +++ b/services/storage/docker-compose.yml @@ -18,9 +18,6 @@ services: - ./../../vendor/frostfs-cli:/frostfs-cli - ./cli-cfg.yml:/cli-cfg.yml - ./s04tls.crt:/etc/ssl/certs/s04tls.crt - - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert - - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage stop_signal: SIGTERM stop_grace_period: 15s @@ -58,9 +55,6 @@ services: - ./../../vendor/frostfs-cli:/frostfs-cli - ./cli-cfg.yml:/cli-cfg.yml - ./s04tls.crt:/etc/ssl/certs/s04tls.crt - - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert - - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage stop_signal: SIGTERM stop_grace_period: 15s @@ -98,9 +92,6 @@ services: - ./../../vendor/frostfs-cli:/frostfs-cli - ./cli-cfg.yml:/cli-cfg.yml - ./s04tls.crt:/etc/ssl/certs/s04tls.crt - - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert - - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage stop_signal: SIGTERM stop_grace_period: 15s @@ -139,9 +130,6 @@ services: - ./cli-cfg.yml:/cli-cfg.yml - ./s04tls.crt:/tls.crt - ./s04tls.key:/tls.key - - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert - - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key - - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt - ./cfg:/etc/frostfs/storage stop_signal: SIGTERM stop_grace_period: 15s From 10e5bed2afec13cd9803f012360c1bd7dcd184c7 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Thu, 31 Oct 2024 10:38:09 +0300 Subject: [PATCH 16/37] [#79] storage: Take User-Agent from NODE_VERSION Signed-off-by: Evgenii Stratonikov --- services/storage/cfg/config.yml | 4 ---- services/storage/docker-compose.yml | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/services/storage/cfg/config.yml b/services/storage/cfg/config.yml index 8672069..0e2526d 100644 --- a/services/storage/cfg/config.yml +++ b/services/storage/cfg/config.yml @@ -32,10 +32,6 @@ morph: - address: ws://morph-chain:30333/ws priority: 1 -# Common storage node settings -node: - attribute_0: "User-Agent:FrostFS/0.34" - # Tree section tree: enabled: true diff --git a/services/storage/docker-compose.yml b/services/storage/docker-compose.yml index 6a070be..785ce79 100644 --- a/services/storage/docker-compose.yml +++ b/services/storage/docker-compose.yml @@ -29,6 +29,7 @@ services: - FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081 + - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION} - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_2=Price:22 healthcheck: @@ -66,6 +67,7 @@ services: - FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081 + - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION} - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_2=Price:33 healthcheck: @@ -103,6 +105,7 @@ services: - FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081 + - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION} - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_2=Price:11 healthcheck: @@ -146,6 +149,7 @@ services: - FROSTFS_GRPC_1_TLS_ENABLED=true - FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt - FROSTFS_GRPC_1_TLS_KEY=/tls.key + - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION} - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_2=Price:44 healthcheck: From a0fdaebbf41d847badeac4e39961ef4cf95df3d0 Mon Sep 17 00:00:00 2001 From: Pavel Pogodaev Date: Fri, 25 Oct 2024 16:24:26 +0300 Subject: [PATCH 17/37] [#85] Add s3 lifecycler Signed-off-by: Pavel Pogodaev --- .env | 6 +++- .services | 1 + services/s3_lifecycler/.env | 1 + services/s3_lifecycler/.hosts | 1 + services/s3_lifecycler/.int_test.env | 1 + services/s3_lifecycler/cfg/config.yml | 42 +++++++++++++++++++++++ services/s3_lifecycler/docker-compose.yml | 38 ++++++++++++++++++++ services/s3_lifecycler/wallet.json | 30 ++++++++++++++++ 8 files changed, 119 insertions(+), 1 deletion(-) create mode 120000 services/s3_lifecycler/.env create mode 100644 services/s3_lifecycler/.hosts create mode 120000 services/s3_lifecycler/.int_test.env create mode 100644 services/s3_lifecycler/cfg/config.yml create mode 100644 services/s3_lifecycler/docker-compose.yml create mode 100644 services/s3_lifecycler/wallet.json diff --git a/.env b/.env index 6bb3728..a1a1586 100644 --- a/.env +++ b/.env @@ -28,9 +28,13 @@ REST_GW_VERSION=c9c85e90 REST_GW_IMAGE=truecloudlab/frostfs-rest-gw # S3 Gate -S3_GW_VERSION=0.30.4 +S3_GW_VERSION=0.31.0-rc.4 S3_GW_IMAGE=truecloudlab/frostfs-s3-gw +# Lifecycler +S3_LIFECYCLER_VERSION=0.1.3 +S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler + # FrostFS LOCODE database LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54 #LOCODE_DB_PATH=/path/to/locode_db diff --git a/.services b/.services index d9f34c7..d165241 100644 --- a/.services +++ b/.services @@ -3,3 +3,4 @@ http_gate s3_gate rest_gate +s3_lifecycler diff --git a/services/s3_lifecycler/.env b/services/s3_lifecycler/.env new file mode 120000 index 0000000..c7360fb --- /dev/null +++ b/services/s3_lifecycler/.env @@ -0,0 +1 @@ +../../.env \ No newline at end of file diff --git a/services/s3_lifecycler/.hosts b/services/s3_lifecycler/.hosts new file mode 100644 index 0000000..8eb1796 --- /dev/null +++ b/services/s3_lifecycler/.hosts @@ -0,0 +1 @@ +IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN diff --git a/services/s3_lifecycler/.int_test.env b/services/s3_lifecycler/.int_test.env new file mode 120000 index 0000000..582b6a2 --- /dev/null +++ b/services/s3_lifecycler/.int_test.env @@ -0,0 +1 @@ +../../.int_test.env \ No newline at end of file diff --git a/services/s3_lifecycler/cfg/config.yml b/services/s3_lifecycler/cfg/config.yml new file mode 100644 index 0000000..2555980 --- /dev/null +++ b/services/s3_lifecycler/cfg/config.yml @@ -0,0 +1,42 @@ +logger: + level: debug + +prometheus: + enabled: true + address: :9090 + +lifecycle: + job_fetcher_buffer: 1000 + executor_pool_size: 100 + +frostfs: + stream_timeout: 10s + connect_timeout: 10s + healthcheck_timeout: 15s + rebalance_interval: 60s + pool_error_threshold: 100 + tree_pool_max_attempts: 4 + +credential: + use: wallets + source: + wallets: + - path: /wallet.json + address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7 + passphrase: "cycle" + - path: /user-wallet.json + address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM + passphrase: "" + +morph: + reconnect_clients_interval: 30s + dial_timeout: 5s + contract: + netmap: netmap.frostfs + frostfsid: frostfsid.frostfs + container: container.frostfs + +# Wallet configuration +wallet: + path: /wallet.json # Path to wallet + passphrase: "cycle" # Passphrase to decrypt wallet diff --git a/services/s3_lifecycler/docker-compose.yml b/services/s3_lifecycler/docker-compose.yml new file mode 100644 index 0000000..3456d0c --- /dev/null +++ b/services/s3_lifecycler/docker-compose.yml @@ -0,0 +1,38 @@ +--- + +version: "2.4" +services: + s3_lifecycler: + image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION} + domainname: ${LOCAL_DOMAIN} + hostname: s3_lifecycler + container_name: s3_lifecycler + restart: on-failure + networks: + s3_lifecycler_int: + internet: + ipv4_address: ${IPV4_PREFIX}.84 + volumes: + - ./wallet.json:/wallet.json + - ./../../vendor/hosts:/etc/hosts + - ./cfg:/etc/frostfs/s3-lifecycler + - ./../../wallets/wallet.json:/user-wallet.json + stop_signal: SIGKILL + env_file: [ ".env", ".int_test.env" ] + command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ] + environment: + - S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws + - S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080 + - S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2 + - S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080 + - S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2 + - S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080 + - S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2 + - S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080 + - S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2 + +networks: + s3_lifecycler_int: + internet: + external: true + name: basenet_internet diff --git a/services/s3_lifecycler/wallet.json b/services/s3_lifecycler/wallet.json new file mode 100644 index 0000000..ff8f34e --- /dev/null +++ b/services/s3_lifecycler/wallet.json @@ -0,0 +1,30 @@ +{ + "version": "1.0", + "accounts": [ + { + "address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7", + "key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ", + "label": "lifecycler", + "contract": { + "script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==", + "parameters": [ + { + "name": "parameter0", + "type": "Signature" + } + ], + "deployed": false + }, + "lock": false, + "isDefault": false + } + ], + "scrypt": { + "n": 16384, + "r": 8, + "p": 8 + }, + "extra": { + "Tokens": null + } +} From 326578f0ab2ead1423e137b012ed7dd0e3707f33 Mon Sep 17 00:00:00 2001 From: Vitaliy Potyarkin Date: Wed, 6 Nov 2024 11:31:27 +0300 Subject: [PATCH 18/37] [#90] Stop using obsolete .github directory This commit is a part of multi-repo cleanup effort: https://git.frostfs.info/TrueCloudLab/frostfs-infra/issues/136 Signed-off-by: Vitaliy Potyarkin --- .dockerignore | 1 - {.github => .forgejo}/ISSUE_TEMPLATE/bug_report.md | 0 {.github => .forgejo}/ISSUE_TEMPLATE/config.yml | 0 {.github => .forgejo}/ISSUE_TEMPLATE/feature_request.md | 0 {.github => .forgejo}/logo.svg | 0 .github/CODEOWNERS | 1 - CODEOWNERS | 1 + README.md | 2 +- 8 files changed, 2 insertions(+), 3 deletions(-) rename {.github => .forgejo}/ISSUE_TEMPLATE/bug_report.md (100%) rename {.github => .forgejo}/ISSUE_TEMPLATE/config.yml (100%) rename {.github => .forgejo}/ISSUE_TEMPLATE/feature_request.md (100%) rename {.github => .forgejo}/logo.svg (100%) delete mode 100644 .github/CODEOWNERS create mode 100644 CODEOWNERS diff --git a/.dockerignore b/.dockerignore index 2f9d4b4..3867906 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,5 +1,4 @@ .docker -.github .forgejo vendor tmp diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.forgejo/ISSUE_TEMPLATE/bug_report.md similarity index 100% rename from .github/ISSUE_TEMPLATE/bug_report.md rename to .forgejo/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.forgejo/ISSUE_TEMPLATE/config.yml similarity index 100% rename from .github/ISSUE_TEMPLATE/config.yml rename to .forgejo/ISSUE_TEMPLATE/config.yml diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.forgejo/ISSUE_TEMPLATE/feature_request.md similarity index 100% rename from .github/ISSUE_TEMPLATE/feature_request.md rename to .forgejo/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/logo.svg b/.forgejo/logo.svg similarity index 100% rename from .github/logo.svg rename to .forgejo/logo.svg diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS deleted file mode 100644 index a4413b0..0000000 --- a/.github/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -* @alexvanin @fyrchik diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..d28053e --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +.* @alexvanin @fyrchik diff --git a/README.md b/README.md index ad57655..8e4b714 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@

-FrostFS logo +FrostFS logo

FrostFS local Development and Testing environment From df6859d2463d768691d0d65d85961748e2309802 Mon Sep 17 00:00:00 2001 From: Vitaliy Potyarkin Date: Fri, 13 Dec 2024 18:10:57 +0300 Subject: [PATCH 19/37] [#92] docs: Update contract list Contract list got outdated: it was mentioning NeoFS, Audit and Reputation Signed-off-by: Vitaliy Potyarkin --- docs/morph.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/morph.md b/docs/morph.md index 56edfbc..d713bf9 100644 --- a/docs/morph.md +++ b/docs/morph.md @@ -4,14 +4,16 @@ A single-node N3 privnet deployment, running on Contracts deployed: - Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet) -- Audit [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/audit) - Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance) - Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container) +- FrostFS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfs) +- FrostFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfsid) +- NNS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/nns) - Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap) -- NeoFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/neofsid) +- Policy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/policy) +- Processing [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/processing) - Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy) -- Reputation [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/reputation) - + RPC available at `http://morph-chain.frostfs.devenv:30333`. ## .env settings From 0f9000bce6aedc9f1f376275ced6bc6a38cf6994 Mon Sep 17 00:00:00 2001 From: Vitaliy Potyarkin Date: Tue, 10 Dec 2024 15:42:13 +0300 Subject: [PATCH 20/37] [#91] Refine CODEOWNERS settings Signed-off-by: Vitaliy Potyarkin --- CODEOWNERS | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index d28053e..3b080ce 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1,3 @@ -.* @alexvanin @fyrchik +.* @alexvanin @fyrchik +.forgejo/.* @potyarkin +Makefile @potyarkin From 98484b97396d71d5cad90cc4ba504a743e9ba843 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 20 Dec 2024 14:58:00 +0300 Subject: [PATCH 21/37] [#93] Update neo-go to the latest version used by frostfs-node Signed-off-by: Alex Vanin --- .env | 2 +- services/morph_chain/protocol.privnet.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.env b/.env index a1a1586..4727fb1 100644 --- a/.env +++ b/.env @@ -8,7 +8,7 @@ BASTION_VERSION=10 BASTION_IMAGE=debian # NeoGo privnet -NEOGO_VERSION=0.104.0 +NEOGO_VERSION=0.106.3 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes diff --git a/services/morph_chain/protocol.privnet.yml b/services/morph_chain/protocol.privnet.yml index f1cc754..7cea631 100644 --- a/services/morph_chain/protocol.privnet.yml +++ b/services/morph_chain/protocol.privnet.yml @@ -11,6 +11,7 @@ ProtocolConfiguration: VerifyTransactions: true StateRootInHeader: true P2PSigExtensions: true + Hardforks: {} ApplicationConfiguration: SkipBlockVerification: false From e1b8fe791902f87b1347b3f2e948e4fc0fc583f1 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 20 Dec 2024 15:17:21 +0300 Subject: [PATCH 22/37] [#93] Update frostfs-node to the latest version Signed-off-by: Alex Vanin --- .env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env b/.env index 4727fb1..a94341c 100644 --- a/.env +++ b/.env @@ -12,11 +12,11 @@ NEOGO_VERSION=0.106.3 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes -IR_VERSION=0.42.9 +IR_VERSION=0.44.4 IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir # FrostFS Storage nodes -NODE_VERSION=0.42.9 +NODE_VERSION=0.44.4 NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage # HTTP Gate From 4db8ca356d5ebe8490ddfad69892da46b80e0ab6 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 20 Dec 2024 15:17:54 +0300 Subject: [PATCH 23/37] [#93] Remove unused env variables These variables were used when binaries were available in public storage network Signed-off-by: Alex Vanin --- .env | 2 -- 1 file changed, 2 deletions(-) diff --git a/.env b/.env index a94341c..aa96d95 100644 --- a/.env +++ b/.env @@ -44,12 +44,10 @@ FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/down #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary # FrostFS ADM tool binary -FROSTFS_ADM_VERSION=498f9955ea FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary # Compiled FrostFS Smart Contracts -FROSTFS_CONTRACTS_VERSION=694daebb19 FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.19.2/frostfs-contract-v0.19.2.tar.gz #FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir From 6a5817e15c1031b1aa06ebcb77dd8086be3079ee Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 20 Dec 2024 16:08:25 +0300 Subject: [PATCH 24/37] [#93] Register storage nodes in proxy contract during bootstrap This allows to send APE requests to the nodes right after `make up` command Signed-off-by: Alex Vanin --- Makefile | 2 ++ services/morph_chain/docker-compose.yml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/Makefile b/Makefile index c4a6c48..58a12e0 100644 --- a/Makefile +++ b/Makefile @@ -85,6 +85,8 @@ up/bootstrap: get vendor/hosts echo "Transfer GAS to wallet $${f}" \ && ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \ || die "Failed to transfer GAS to alphabet wallets"; \ + echo "Register storage wallet $${f} in proxy contract" \ + && ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/storage/$${f##*/} | head -1 | awk '{print $1}'` || die "Couldn't set storage allet as proxy wallet" done @echo "Create frostfsid subject for ./wallets/wallet.json"; \ if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \ diff --git a/services/morph_chain/docker-compose.yml b/services/morph_chain/docker-compose.yml index 2c2facb..6b83716 100644 --- a/services/morph_chain/docker-compose.yml +++ b/services/morph_chain/docker-compose.yml @@ -20,6 +20,10 @@ services: - ./../../vendor/hosts:/etc/hosts - ./../../wallets/wallet.json:/wallets/wallet.json - ./../s3_gate/wallet.json:/wallets/s3-wallet.json + - ./../storage/wallet01.json:/wallets/storage/wallet01.json + - ./../storage/wallet02.json:/wallets/storage/wallet02.json + - ./../storage/wallet03.json:/wallets/storage/wallet03.json + - ./../storage/wallet04.json:/wallets/storage/wallet04.json - chains:/chains networks: From d29d50a002c672a9ddfc6f6950dcba97e45344bc Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 20 Dec 2024 16:12:06 +0300 Subject: [PATCH 25/37] [#93] Update frostfs-contract to the latest version Signed-off-by: Alex Vanin --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index aa96d95..fe484c6 100644 --- a/.env +++ b/.env @@ -48,7 +48,7 @@ FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/down #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary # Compiled FrostFS Smart Contracts -FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.19.2/frostfs-contract-v0.19.2.tar.gz +FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.21.1/frostfs-contract-v0.21.1.tar.gz #FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir # Jaeger tracing From b08bb663f93b0aca97905e6bf8d4796cd8570328 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 20 Dec 2024 16:28:55 +0300 Subject: [PATCH 26/37] [#93] Update gateway components Signed-off-by: Alex Vanin --- .env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.env b/.env index fe484c6..7a58e35 100644 --- a/.env +++ b/.env @@ -20,7 +20,7 @@ NODE_VERSION=0.44.4 NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage # HTTP Gate -HTTP_GW_VERSION=0.30.2 +HTTP_GW_VERSION=0.32.0 HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw # REST Gate @@ -28,7 +28,7 @@ REST_GW_VERSION=c9c85e90 REST_GW_IMAGE=truecloudlab/frostfs-rest-gw # S3 Gate -S3_GW_VERSION=0.31.0-rc.4 +S3_GW_VERSION=0.32.0 S3_GW_IMAGE=truecloudlab/frostfs-s3-gw # Lifecycler From d34d842700821a4eb8bcfb650734acb196957c64 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 20 Dec 2024 16:38:39 +0300 Subject: [PATCH 27/37] [#93] Remove frostfs-rest-gw from dev-env This repo is being archived and not maintained at the moment. Signed-off-by: Alex Vanin --- .env | 4 ---- .services | 1 - services/rest_gate/.env | 1 - services/rest_gate/.hosts | 1 - services/rest_gate/.int_test.env | 1 - services/rest_gate/cfg/config.yml | 12 ---------- services/rest_gate/docker-compose.yml | 32 --------------------------- services/rest_gate/wallet.json | 30 ------------------------- 8 files changed, 82 deletions(-) delete mode 120000 services/rest_gate/.env delete mode 100644 services/rest_gate/.hosts delete mode 120000 services/rest_gate/.int_test.env delete mode 100644 services/rest_gate/cfg/config.yml delete mode 100644 services/rest_gate/docker-compose.yml delete mode 100644 services/rest_gate/wallet.json diff --git a/.env b/.env index 7a58e35..824a4db 100644 --- a/.env +++ b/.env @@ -23,10 +23,6 @@ NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage HTTP_GW_VERSION=0.32.0 HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw -# REST Gate -REST_GW_VERSION=c9c85e90 -REST_GW_IMAGE=truecloudlab/frostfs-rest-gw - # S3 Gate S3_GW_VERSION=0.32.0 S3_GW_IMAGE=truecloudlab/frostfs-s3-gw diff --git a/.services b/.services index d165241..ccc96f8 100644 --- a/.services +++ b/.services @@ -2,5 +2,4 @@ # Will start from top to bottom and stop in reverse http_gate s3_gate -rest_gate s3_lifecycler diff --git a/services/rest_gate/.env b/services/rest_gate/.env deleted file mode 120000 index c7360fb..0000000 --- a/services/rest_gate/.env +++ /dev/null @@ -1 +0,0 @@ -../../.env \ No newline at end of file diff --git a/services/rest_gate/.hosts b/services/rest_gate/.hosts deleted file mode 100644 index ee7578e..0000000 --- a/services/rest_gate/.hosts +++ /dev/null @@ -1 +0,0 @@ -IPV4_PREFIX.83 rest.LOCAL_DOMAIN diff --git a/services/rest_gate/.int_test.env b/services/rest_gate/.int_test.env deleted file mode 120000 index 582b6a2..0000000 --- a/services/rest_gate/.int_test.env +++ /dev/null @@ -1 +0,0 @@ -../../.int_test.env \ No newline at end of file diff --git a/services/rest_gate/cfg/config.yml b/services/rest_gate/cfg/config.yml deleted file mode 100644 index 0acdad3..0000000 --- a/services/rest_gate/cfg/config.yml +++ /dev/null @@ -1,12 +0,0 @@ -prometheus: - enabled: true - address: :9090 - -server: - # The IP and port to listen on. - listen-address: 0.0.0.0:8090 - -# Wallet settings -wallet: - path: /wallet.json # Path to wallet - passphrase: one # Password to decrypt wallet diff --git a/services/rest_gate/docker-compose.yml b/services/rest_gate/docker-compose.yml deleted file mode 100644 index 09cfe38..0000000 --- a/services/rest_gate/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- - -services: - rest_gate: - image: ${REST_GW_IMAGE}:${REST_GW_VERSION} - domainname: ${LOCAL_DOMAIN} - hostname: rest - container_name: rest_gate - restart: on-failure - networks: - rest_gate_int: - internet: - ipv4_address: ${IPV4_PREFIX}.83 - volumes: - - ./wallet.json:/wallet.json - - ./../../vendor/hosts:/etc/hosts - - ./cfg:/etc/frostfs/rest - stop_signal: SIGTERM - stop_grace_period: 15s - env_file: [ ".env", ".int_test.env" ] - command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ] - environment: - - REST_GW_POOL_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080 - - REST_GW_POOL_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080 - - REST_GW_POOL_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080 - - REST_GW_POOL_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080 - -networks: - rest_gate_int: - internet: - external: true - name: basenet_internet diff --git a/services/rest_gate/wallet.json b/services/rest_gate/wallet.json deleted file mode 100644 index 2b60501..0000000 --- a/services/rest_gate/wallet.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "version": "3.0", - "accounts": [ - { - "address": "NPFCqWHfi9ixCJRu7DABRbVfXRbkSEr9Vo", - "key": "6PYTAGjdaeicUDPqGv9mmgwb9kTwimWJJmmfNqJSDGH9qM79zSRcL9oHiB", - "label": "REST Gateway", - "contract": { - "script": "DCECcuPzZCZ2VyDsm2jKEOMnU6xEWO2bF1dvOvBWTDFYB1ZBVuezJw==", - "parameters": [ - { - "name": "parameter0", - "type": "Signature" - } - ], - "deployed": false - }, - "lock": false, - "isDefault": false - } - ], - "scrypt": { - "n": 16384, - "r": 8, - "p": 8 - }, - "extra": { - "Tokens": null - } -} From c4d4fecb89ee1fbd2f7f02254f2ebf8264b47553 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Fri, 27 Dec 2024 10:42:19 +0300 Subject: [PATCH 28/37] [#96] s3_lifecycler: Fix docker-compose warnings Signed-off-by: Evgenii Stratonikov --- services/s3_lifecycler/docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/services/s3_lifecycler/docker-compose.yml b/services/s3_lifecycler/docker-compose.yml index 3456d0c..2fffa50 100644 --- a/services/s3_lifecycler/docker-compose.yml +++ b/services/s3_lifecycler/docker-compose.yml @@ -1,6 +1,5 @@ --- -version: "2.4" services: s3_lifecycler: image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION} From 90147c71081361e4348f0a041848e7ccf08d1235 Mon Sep 17 00:00:00 2001 From: Nikita Zinkevich Date: Fri, 27 Dec 2024 09:33:04 +0300 Subject: [PATCH 29/37] [#95] Output errors during `make clean` It happens that a volume may not be deleted during `make clean`. For example, if the volume is being used by a container. If this happens, there are no errors printed to stdout. And old volumes may cause errors during subsequent `make up` Signed-off-by: Nikita Zinkevich --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 58a12e0..f24ec9d 100644 --- a/Makefile +++ b/Makefile @@ -159,7 +159,7 @@ clean: vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes` if [[ ! -z "$${vols}" ]]; then for vol in $${vols}; do - docker volume rm -f "$${svc}_$${vol}" 2> /dev/null + docker volume rm -f "$${svc}_$${vol}" done fi done From 5471dbfc0e57babdc5f95c1c788fbd3a61c9e9d7 Mon Sep 17 00:00:00 2001 From: Nikita Zinkevich Date: Thu, 9 Jan 2025 11:23:42 +0300 Subject: [PATCH 30/37] [#98] s3_gate: Fix custom user wallets folder creation during compose up Make custom wallets volume to point to the `wallets` directory in the project's root. Signed-off-by: Nikita Zinkevich --- README.md | 9 +++++---- services/s3_gate/docker-compose.yml | 6 ++---- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 8e4b714..415885e 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ Registers user wallet and issues s3 credentials. Usage and default parameter values: ```sh -make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf] +make s3cred [password=""] [contract_password=s3] [wallet=""] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf] ``` As soon as the storage node is in the network map (see above) you can generate S3 @@ -159,8 +159,9 @@ $ make s3cred "container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT" } ``` -Running without any parameters will result in defaults which are based on the private key from -`/user-wallet.json` file and `/wallet.json` contract wallet. +Running without any parameters results in defaults which are based on the private key from +`/wallets/wallet.json` user wallet and `/wallet.json` contract wallet. +If `wallet` parameter is set, gate searches custom user wallet file in `/wallets` directory. Now let's configure an S3 client (AWS CLI will be used as example): @@ -172,7 +173,7 @@ Default region name []: us-east-1 Default output format []: json ``` -If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter. +If you need to create credentials for different users, put user wallet to `wallets` dir and specify it via `wallet` parameter. Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params. ```sh diff --git a/services/s3_gate/docker-compose.yml b/services/s3_gate/docker-compose.yml index f7fc28d..3c1f9f6 100644 --- a/services/s3_gate/docker-compose.yml +++ b/services/s3_gate/docker-compose.yml @@ -14,10 +14,8 @@ services: volumes: # Gate wallet - ./wallet.json:/wallet.json - # Custom user wallets - - ./wallets:/wallets - # Default user wallet - - ./../../wallets/wallet.json:/wallets/wallet.json + # Folder for custom user wallets + - ./../../wallets/:/wallets/ - ./tls.key:/tls.key - ./tls.crt:/tls.crt - ./../../vendor/hosts:/etc/hosts From 0981202d6bcc0c454d55cfb1cb5c9b355e217170 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 21 Mar 2025 18:47:17 +0300 Subject: [PATCH 31/37] [#100] Use docker images as vendor binary source Signed-off-by: Alex Vanin --- .env | 6 ++++-- services/ir/artifacts.mk | 8 +++----- services/morph_chain/artifacts.mk | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.env b/.env index 824a4db..053f179 100644 --- a/.env +++ b/.env @@ -36,11 +36,13 @@ LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a0567 #LOCODE_DB_PATH=/path/to/locode_db # FrostFS CLI binary -FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-cli +FROSTFS_CLI_VERSION=0.44.4 +FROSTFS_CLI_IMAGE=git.frostfs.info/truecloudlab/frostfs-cli #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary # FrostFS ADM tool binary -FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm +FROSTFS_ADM_VERSION=0.44.4 +FROSTFS_ADM_IMAGE=git.frostfs.info/truecloudlab/frostfs-adm #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary # Compiled FrostFS Smart Contracts diff --git a/services/ir/artifacts.mk b/services/ir/artifacts.mk index 0cdbdbb..1c2cf5d 100644 --- a/services/ir/artifacts.mk +++ b/services/ir/artifacts.mk @@ -30,11 +30,9 @@ get.cli: @mkdir -p ./vendor ifeq (${FROSTFS_CLI_PATH},) - @echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}" - @curl \ - -ksSL "${FROSTFS_CLI_URL}" \ - -o ${FROSTFS_CLI_FILE} - @chmod +x ${FROSTFS_CLI_FILE} + echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_IMAGE}:${FROSTFS_CLI_VERSION}" + $(shell docker cp `docker create --name tmp ${FROSTFS_CLI_IMAGE}:${FROSTFS_CLI_VERSION}`:/bin/frostfs-cli ${FROSTFS_CLI_FILE} && docker rm tmp >/dev/null) + chmod +x ${FROSTFS_CLI_FILE} else @echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}" @cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE} diff --git a/services/morph_chain/artifacts.mk b/services/morph_chain/artifacts.mk index 77a7ae3..4a4504a 100644 --- a/services/morph_chain/artifacts.mk +++ b/services/morph_chain/artifacts.mk @@ -23,8 +23,8 @@ get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm get.adm: ifeq (${FROSTFS_ADM_PATH},) - @echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}" - @curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_DEST} + @echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_IMAGE}:${FROSTFS_ADM_VERSION}" + $(shell docker cp `docker create --name tmp ${FROSTFS_ADM_IMAGE}:${FROSTFS_ADM_VERSION}`:/bin/frostfs-adm ${FROSTFS_ADM_DEST} && docker rm tmp >/dev/null) @chmod +x ${FROSTFS_ADM_DEST} else @echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}" From ea91d8823274fa5eac9bd86a49369c6267a3fc6f Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 21 Mar 2025 18:54:24 +0300 Subject: [PATCH 32/37] [#100] Add target to prepare storage for service components Signed-off-by: Alex Vanin --- Makefile | 22 ++++++++++++++++++++-- cli-cfg.yml | 3 +++ services/morph_chain/docker-compose.yml | 1 + wallets/system-wallet.json | 1 + 4 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 cli-cfg.yml create mode 100644 wallets/system-wallet.json diff --git a/Makefile b/Makefile index f24ec9d..b3b342d 100644 --- a/Makefile +++ b/Makefile @@ -58,9 +58,8 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC)) # Start environment .PHONY: up -up: up/basic +up: up/basic up/pre-services @$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) - ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet" @echo "Full FrostFS Developer Environment is ready" # Build up FrostFS @@ -98,6 +97,25 @@ up/bootstrap: get vendor/hosts || die "Failed to create subject for the wallet"; \ fi echo "FrostFS sidechain environment is deployed" + +# Prepare to start services +.PHONY: up/pre-services +up/pre-services: + @source ./bin/helper.sh + @echo "Prepare storage for services"; \ + if [ -z "$$(./vendor/frostfs-cli -c cli-cfg.yml container list)" ]; then \ + subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/system-wallet.json | tail -1 | tr -d ' \r\n'` \ + && echo "Subject key: $${subj_key}" \ + && ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name system \ + || die "Failed to create subject for system wallet"; \ + proxy_acc=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/system-wallet.json | head -1 | cut -d" " -f1` \ + && echo "Proxy acc: $${proxy_acc}" \ + && ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=$${proxy_acc} || die "Failed to register S3 gateway as proxy acc"; \ + cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "cors" --nns-zone "container" --await | grep CID | cut -d" " -f2` \ + && echo "CORS Container: $${cid}" \ + && ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create CORS container" + fi + @echo "Storage is prepared"; # Build up certain service .PHONY: up/% diff --git a/cli-cfg.yml b/cli-cfg.yml new file mode 100644 index 0000000..9a5c7eb --- /dev/null +++ b/cli-cfg.yml @@ -0,0 +1,3 @@ +wallet: ./wallets/system-wallet.json +password: "" +rpc-endpoint: s01.frostfs.devenv:8080 diff --git a/services/morph_chain/docker-compose.yml b/services/morph_chain/docker-compose.yml index 6b83716..c3a1481 100644 --- a/services/morph_chain/docker-compose.yml +++ b/services/morph_chain/docker-compose.yml @@ -19,6 +19,7 @@ services: - ./config.yml:/wallets/config.yml - ./../../vendor/hosts:/etc/hosts - ./../../wallets/wallet.json:/wallets/wallet.json + - ./../../wallets/system-wallet.json:/wallets/system-wallet.json - ./../s3_gate/wallet.json:/wallets/s3-wallet.json - ./../storage/wallet01.json:/wallets/storage/wallet01.json - ./../storage/wallet02.json:/wallets/storage/wallet02.json diff --git a/wallets/system-wallet.json b/wallets/system-wallet.json new file mode 100644 index 0000000..2f57db1 --- /dev/null +++ b/wallets/system-wallet.json @@ -0,0 +1 @@ +{"version":"1.0","accounts":[{"address":"NQijiVKHbL22PfF2AJQukv1CX75itxgzht","key":"6PYQKrpme57VqaucxuF7dDoSZRRA8d94oatHcScqhiFBauCXQvFDaYwEWa","label":"","contract":{"script":"DCEDRdLtpFIWeYyI7doTKRhIl4qYjaybGDveTyGpbqjsLZNBVuezJw==","parameters":[{"name":"parameter0","type":"Signature"}],"deployed":false},"lock":false,"isDefault":false}],"scrypt":{"n":16384,"r":8,"p":8},"extra":{"Tokens":null}} \ No newline at end of file From e0141c11545ecf107bf50fe5da293a1390ba2695 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Fri, 21 Mar 2025 18:55:43 +0300 Subject: [PATCH 33/37] [#100] Update components to the latest versions Signed-off-by: Alex Vanin --- .env | 16 ++++++++-------- services/http_gate/cfg/config.yml | 3 +++ services/s3_gate/cfg/config.yml | 3 +++ 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.env b/.env index 053f179..dec29ce 100644 --- a/.env +++ b/.env @@ -12,20 +12,20 @@ NEOGO_VERSION=0.106.3 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes -IR_VERSION=0.44.4 +IR_VERSION=0.45.0-rc.3 IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir # FrostFS Storage nodes -NODE_VERSION=0.44.4 +NODE_VERSION=0.45.0-rc.3 NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage # HTTP Gate -HTTP_GW_VERSION=0.32.0 -HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw +HTTP_GW_VERSION=0.33.0-rc.2 +HTTP_GW_IMAGE=git.frostfs.info/truecloudlab/frostfs-http-gw # S3 Gate -S3_GW_VERSION=0.32.0 -S3_GW_IMAGE=truecloudlab/frostfs-s3-gw +S3_GW_VERSION=0.33.0-rc.2 +S3_GW_IMAGE=git.frostfs.info/truecloudlab/frostfs-s3-gw # Lifecycler S3_LIFECYCLER_VERSION=0.1.3 @@ -36,12 +36,12 @@ LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a0567 #LOCODE_DB_PATH=/path/to/locode_db # FrostFS CLI binary -FROSTFS_CLI_VERSION=0.44.4 +FROSTFS_CLI_VERSION=0.45.0-rc.3 FROSTFS_CLI_IMAGE=git.frostfs.info/truecloudlab/frostfs-cli #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary # FrostFS ADM tool binary -FROSTFS_ADM_VERSION=0.44.4 +FROSTFS_ADM_VERSION=0.45.0-rc.3 FROSTFS_ADM_IMAGE=git.frostfs.info/truecloudlab/frostfs-adm #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary diff --git a/services/http_gate/cfg/config.yml b/services/http_gate/cfg/config.yml index 1684c58..2f15e44 100644 --- a/services/http_gate/cfg/config.yml +++ b/services/http_gate/cfg/config.yml @@ -22,3 +22,6 @@ server: wallet: path: /wallet.json # Path to wallet passphrase: one # Passphrase to decrypt wallet + +containers: + cors: cors.container diff --git a/services/s3_gate/cfg/config.yml b/services/s3_gate/cfg/config.yml index 03e84e0..3d8e400 100644 --- a/services/s3_gate/cfg/config.yml +++ b/services/s3_gate/cfg/config.yml @@ -47,3 +47,6 @@ frostfsid: policy: enabled: false + +containers: + cors: cors.container From 018e33c1f9048df8e6c580bde535df535a297838 Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Thu, 27 Mar 2025 17:34:37 +0300 Subject: [PATCH 34/37] [#101] Fix s3 gateway initialization Was broken in #100 Signed-off-by: Alex Vanin --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b3b342d..fcc09a3 100644 --- a/Makefile +++ b/Makefile @@ -108,7 +108,7 @@ up/pre-services: && echo "Subject key: $${subj_key}" \ && ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name system \ || die "Failed to create subject for system wallet"; \ - proxy_acc=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/system-wallet.json | head -1 | cut -d" " -f1` \ + proxy_acc=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | cut -d" " -f1` \ && echo "Proxy acc: $${proxy_acc}" \ && ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=$${proxy_acc} || die "Failed to register S3 gateway as proxy acc"; \ cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "cors" --nns-zone "container" --await | grep CID | cut -d" " -f2` \ From 6ef4d4aa0ad7f99f948c0cf19bda4f0faa191c37 Mon Sep 17 00:00:00 2001 From: Evgenii Stratonikov Date: Fri, 28 Mar 2025 14:07:50 +0300 Subject: [PATCH 35/37] [#102] Makefile: Parallelize GAS transfer The last version of the `frostfs-adm` allows to work with multiple wallets in `refill-gas` and `proxy-add-account` commands. This makes `up/bootstrap` target take ~6s less time. The Makefile stuff is not obvious, but it seem to work as expected. Refs TrueCloudLab/frostfs-node#1590, TrueCloudLab/frostfs-node#1578 Signed-off-by: Evgenii Stratonikov --- Makefile | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index fcc09a3..911d168 100644 --- a/Makefile +++ b/Makefile @@ -72,6 +72,8 @@ up/basic: up/bootstrap # Start bootstrap services .PHONY: up/bootstrap +up/bootstrap: STORAGE_WALLETS = $(wildcard ./services/storage/wallet*.json) +up/bootstrap: STORAGE_ACCOUNTS = $(foreach wallet,$(STORAGE_WALLETS),$(shell docker container exec morph_chain neo-go wallet dump-keys -w /wallets/storage/$(notdir $(wallet)) | head -1 | awk '{print $$1}' )) up/bootstrap: get vendor/hosts @$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @source ./bin/helper.sh @@ -80,13 +82,16 @@ up/bootstrap: get vendor/hosts @./vendor/frostfs-adm --config frostfs-adm.yml morph \ ape add-rule-chain --target-type namespace --target-name "" \ --rule 'allow Container.* *' --chain-id "allow_container_ops" - @for f in ./services/storage/wallet*.json; do \ - echo "Transfer GAS to wallet $${f}" \ - && ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \ - || die "Failed to transfer GAS to alphabet wallets"; \ - echo "Register storage wallet $${f} in proxy contract" \ - && ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/storage/$${f##*/} | head -1 | awk '{print $1}'` || die "Couldn't set storage allet as proxy wallet" - done + + echo -e "Transfer GAS to storage wallets: $(foreach wallet,$(STORAGE_WALLETS),\n\t$(wallet))" + ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas \ + $(foreach wallet,$(STORAGE_WALLETS),--storage-wallet $(wallet)) \ + --gas 10.0 \ + || die "Failed to transfer GAS to alphabet wallets" + echo -e "Register storage accounts in proxy contract: $(foreach account,$(STORAGE_ACCOUNTS),\n\t$(account))" + ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml \ + $(foreach account,$(STORAGE_ACCOUNTS),--account=$(account)) \ + || die "Couldn't set storage allet as proxy wallet" @echo "Create frostfsid subject for ./wallets/wallet.json"; \ if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \ echo "Subject already exists"; \ From 8608ba46ff2b6bc07a3d662ce0ace00bd137a31e Mon Sep 17 00:00:00 2001 From: Alex Vanin Date: Tue, 8 Apr 2025 14:51:37 +0300 Subject: [PATCH 36/37] [#104] Update components to the latest versions New S3 gateway version supports MFADelete feature that requires container with MFA objects. Signed-off-by: Alex Vanin --- .env | 12 ++++++------ Makefile | 5 ++++- services/s3_gate/cfg/config.yml | 1 + 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/.env b/.env index dec29ce..9c4531d 100644 --- a/.env +++ b/.env @@ -12,19 +12,19 @@ NEOGO_VERSION=0.106.3 NEOGO_IMAGE=nspccdev/neo-go # FrostFS InnerRing nodes -IR_VERSION=0.45.0-rc.3 +IR_VERSION=0.45.0-rc.6 IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir # FrostFS Storage nodes -NODE_VERSION=0.45.0-rc.3 +NODE_VERSION=0.45.0-rc.6 NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage # HTTP Gate -HTTP_GW_VERSION=0.33.0-rc.2 +HTTP_GW_VERSION=0.33.0-rc.3 HTTP_GW_IMAGE=git.frostfs.info/truecloudlab/frostfs-http-gw # S3 Gate -S3_GW_VERSION=0.33.0-rc.2 +S3_GW_VERSION=0.33.0-rc.3 S3_GW_IMAGE=git.frostfs.info/truecloudlab/frostfs-s3-gw # Lifecycler @@ -36,12 +36,12 @@ LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a0567 #LOCODE_DB_PATH=/path/to/locode_db # FrostFS CLI binary -FROSTFS_CLI_VERSION=0.45.0-rc.3 +FROSTFS_CLI_VERSION=0.45.0-rc.6 FROSTFS_CLI_IMAGE=git.frostfs.info/truecloudlab/frostfs-cli #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary # FrostFS ADM tool binary -FROSTFS_ADM_VERSION=0.45.0-rc.3 +FROSTFS_ADM_VERSION=0.45.0-rc.6 FROSTFS_ADM_IMAGE=git.frostfs.info/truecloudlab/frostfs-adm #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary diff --git a/Makefile b/Makefile index 911d168..56e5f7c 100644 --- a/Makefile +++ b/Makefile @@ -118,7 +118,10 @@ up/pre-services: && ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=$${proxy_acc} || die "Failed to register S3 gateway as proxy acc"; \ cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "cors" --nns-zone "container" --await | grep CID | cut -d" " -f2` \ && echo "CORS Container: $${cid}" \ - && ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create CORS container" + && ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create CORS container"; \ + cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "mfa" --nns-zone "container" --await | grep CID | cut -d" " -f2` \ + && echo "MFA Container: $${cid}" \ + && ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create MFA container" fi @echo "Storage is prepared"; diff --git a/services/s3_gate/cfg/config.yml b/services/s3_gate/cfg/config.yml index 3d8e400..369325c 100644 --- a/services/s3_gate/cfg/config.yml +++ b/services/s3_gate/cfg/config.yml @@ -50,3 +50,4 @@ policy: containers: cors: cors.container + mfa: mfa.container From df8249f2aeabbbe8caab4229e42321027269cb74 Mon Sep 17 00:00:00 2001 From: Nikita Zinkevich Date: Fri, 11 Apr 2025 15:49:20 +0300 Subject: [PATCH 37/37] [#105] Add website container creation Signed-off-by: Nikita Zinkevich --- Makefile | 3 +++ services/s3_gate/cfg/config.yml | 1 + 2 files changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 56e5f7c..1f97c5f 100644 --- a/Makefile +++ b/Makefile @@ -122,6 +122,9 @@ up/pre-services: cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "mfa" --nns-zone "container" --await | grep CID | cut -d" " -f2` \ && echo "MFA Container: $${cid}" \ && ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create MFA container" + cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "website" --nns-zone "container" --await | grep CID | cut -d" " -f2` \ + && echo "Website configuration Container: $${cid}" \ + && ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create Website configuration container" fi @echo "Storage is prepared"; diff --git a/services/s3_gate/cfg/config.yml b/services/s3_gate/cfg/config.yml index 369325c..e5c0b53 100644 --- a/services/s3_gate/cfg/config.yml +++ b/services/s3_gate/cfg/config.yml @@ -51,3 +51,4 @@ policy: containers: cors: cors.container mfa: mfa.container + website: website.container