Compare commits
No commits in common. "master" and "loki" have entirely different histories.
37 changed files with 201 additions and 318 deletions
|
@ -1,4 +1,5 @@
|
|||
# Services start/stop order
|
||||
# Will start from top to bottom and stop in reverse
|
||||
nats
|
||||
ir
|
||||
storage
|
||||
|
|
34
.env
34
.env
|
@ -8,19 +8,23 @@ BASTION_VERSION=10
|
|||
BASTION_IMAGE=debian
|
||||
|
||||
# NeoGo privnet
|
||||
NEOGO_VERSION=0.104.0
|
||||
NEOGO_VERSION=0.103.0
|
||||
NEOGO_IMAGE=nspccdev/neo-go
|
||||
|
||||
# FrostFS InnerRing nodes
|
||||
IR_VERSION=0.42.9
|
||||
IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
|
||||
IR_VERSION=0.37.0-rc.1-93-g364f835b
|
||||
IR_IMAGE=truecloudlab/frostfs-ir
|
||||
|
||||
# FrostFS Storage nodes
|
||||
NODE_VERSION=0.42.9
|
||||
NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
|
||||
NODE_VERSION=0.37.0-rc.1-93-g364f835b
|
||||
NODE_IMAGE=truecloudlab/frostfs-storage
|
||||
|
||||
# NATS Server
|
||||
NATS_VERSION=2.7.2
|
||||
NATS_IMAGE=nats
|
||||
|
||||
# HTTP Gate
|
||||
HTTP_GW_VERSION=0.30.2
|
||||
HTTP_GW_VERSION=0.27.0-rc.1-15-g1776db28
|
||||
HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
|
||||
|
||||
# REST Gate
|
||||
|
@ -28,29 +32,25 @@ REST_GW_VERSION=c9c85e90
|
|||
REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
|
||||
|
||||
# S3 Gate
|
||||
S3_GW_VERSION=0.31.0-rc.4
|
||||
S3_GW_VERSION=0.27.0-rc.1-30-gce929468
|
||||
S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
|
||||
|
||||
# Lifecycler
|
||||
S3_LIFECYCLER_VERSION=0.1.3
|
||||
S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
|
||||
|
||||
# FrostFS LOCODE database
|
||||
LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
|
||||
#LOCODE_DB_PATH=/path/to/locode_db
|
||||
|
||||
# FrostFS CLI binary
|
||||
FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-cli
|
||||
FROSTFS_CLI_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/BbngJDdRJEDJTJk7qptq3SxKqrJqtvVYWU6R5AaFGbtG
|
||||
#FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary
|
||||
|
||||
# FrostFS ADM tool binary
|
||||
FROSTFS_ADM_VERSION=498f9955ea
|
||||
FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm
|
||||
FROSTFS_ADM_VERSION=eca5c210
|
||||
FROSTFS_ADM_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/2GxarAjGUb3RevxvqFGYT3hDQxNNaHzK6aFxhJCAMehq
|
||||
#FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary
|
||||
|
||||
# Compiled FrostFS Smart Contracts
|
||||
FROSTFS_CONTRACTS_VERSION=694daebb19
|
||||
FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.19.2/frostfs-contract-v0.19.2.tar.gz
|
||||
FROSTFS_CONTRACTS_VERSION=8537293e
|
||||
FROSTFS_CONTRACTS_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/6ccZoj4HxoN1G1qvJAX2Qw9p2D6qdyzAjNMaNkEKYQpA
|
||||
#FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir
|
||||
|
||||
# Jaeger tracing
|
||||
|
@ -67,4 +67,4 @@ GRAFANA_IMAGE=grafana/grafana
|
|||
|
||||
# Loki versions
|
||||
LOKI_VERSION=2.9.1
|
||||
LOKI_IMAGE=grafana/loki
|
||||
LOKI_IMAGE=grafana/loki
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -15,3 +15,4 @@ sites/*
|
|||
# Runtime generation keys
|
||||
services/storage/*tls.crt
|
||||
services/storage/*tls.key
|
||||
services/nats/*.pem
|
||||
|
|
|
@ -3,4 +3,3 @@
|
|||
http_gate
|
||||
s3_gate
|
||||
rest_gate
|
||||
s3_lifecycler
|
||||
|
|
18
Makefile
18
Makefile
|
@ -60,7 +60,6 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
|
|||
.PHONY: up
|
||||
up: up/basic
|
||||
@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
|
||||
./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
|
||||
@echo "Full FrostFS Developer Environment is ready"
|
||||
|
||||
# Build up FrostFS
|
||||
|
@ -77,25 +76,12 @@ up/bootstrap: get vendor/hosts
|
|||
@$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
|
||||
@source ./bin/helper.sh
|
||||
@./vendor/frostfs-adm --config frostfs-adm.yml morph init --contracts vendor/contracts
|
||||
echo "Set rule chain to policy contract"
|
||||
@./vendor/frostfs-adm --config frostfs-adm.yml morph \
|
||||
ape add-rule-chain --target-type namespace --target-name "" \
|
||||
--rule 'allow Container.* *' --chain-id "allow_container_ops"
|
||||
@for f in ./services/storage/wallet*.json; do \
|
||||
echo "Transfer GAS to wallet $${f}" \
|
||||
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \
|
||||
|| die "Failed to transfer GAS to alphabet wallets"; \
|
||||
done
|
||||
@echo "Create frostfsid subject for ./wallets/wallet.json"; \
|
||||
if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \
|
||||
echo "Subject already exists"; \
|
||||
else \
|
||||
subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \
|
||||
&& echo "Subject key: $${subj_key}" \
|
||||
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \
|
||||
|| die "Failed to create subject for the wallet"; \
|
||||
fi
|
||||
echo "FrostFS sidechain environment is deployed"
|
||||
@echo "FrostFS sidechain environment is deployed"
|
||||
|
||||
# Build up certain service
|
||||
.PHONY: up/%
|
||||
|
@ -150,7 +136,7 @@ hosts: vendor/hosts
|
|||
.PHONY: clean
|
||||
.ONESHELL:
|
||||
clean:
|
||||
@rm -rf vendor/* services/storage/s04tls.*
|
||||
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
|
||||
@> .int_test.env
|
||||
@for svc in $(PULL_SVCS)
|
||||
do
|
||||
|
|
59
README.md
59
README.md
|
@ -137,65 +137,6 @@ Display addresses and host names for each running service, if available.
|
|||
|
||||
Clean up `vendor` directory.
|
||||
|
||||
### s3cred
|
||||
|
||||
Registers user wallet and issues s3 credentials.
|
||||
|
||||
Usage and default parameter values:
|
||||
```sh
|
||||
make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
|
||||
```
|
||||
|
||||
As soon as the storage node is in the network map (see above) you can generate S3
|
||||
credentials:
|
||||
|
||||
``` sh
|
||||
$ make s3cred
|
||||
{
|
||||
"access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
|
||||
"secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
|
||||
"owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
|
||||
"wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
|
||||
"container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
|
||||
}
|
||||
```
|
||||
Running without any parameters will result in defaults which are based on the private key from
|
||||
`/user-wallet.json` file and `/wallet.json` contract wallet.
|
||||
|
||||
Now let's configure an S3 client (AWS CLI will be used as example):
|
||||
|
||||
``` sh
|
||||
$ aws configure
|
||||
AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
|
||||
AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
|
||||
Default region name []: us-east-1
|
||||
Default output format []: json
|
||||
```
|
||||
|
||||
If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter.
|
||||
Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
|
||||
|
||||
```sh
|
||||
$ make s3cred wallet=custom_wallet.json password=test
|
||||
{
|
||||
"access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
|
||||
"secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
|
||||
"owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
|
||||
"wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
|
||||
"container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
|
||||
}
|
||||
```
|
||||
|
||||
To get credentials from custom wallet, place it in `wallets` dir before start.
|
||||
|
||||
### cred
|
||||
|
||||
Usage and default parameter values:
|
||||
```sh
|
||||
make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
|
||||
```
|
||||
The same as `s3cred`, but it doesn't issues s3 credentials.
|
||||
|
||||
## Contributing
|
||||
|
||||
Feel free to contribute to this project after reading the [contributing
|
||||
|
|
|
@ -22,8 +22,8 @@ Image label prefix to use for containers.
|
|||
- Create a new container
|
||||
```
|
||||
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
|
||||
--wallet wallets/wallet.key \
|
||||
container create --basic-acl private --await \
|
||||
--key wallets/wallet.key \
|
||||
container create --basic-acl readonly --await \
|
||||
--policy "REP 1 SELECT 1 FROM *"
|
||||
container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
|
||||
awaiting...
|
||||
|
@ -33,7 +33,7 @@ container has been persisted on sidechain
|
|||
- Put an object into the newly created container
|
||||
```
|
||||
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
|
||||
--wallet wallets/wallet.key \
|
||||
--key wallets/wallet.key \
|
||||
object put --file /tmp/backup.jpeg \
|
||||
--cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
|
||||
[/tmp/backup.jpeg] Object successfully stored
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
|
||||
basenet:
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
version: '2.4'
|
||||
services:
|
||||
grafana:
|
||||
image: ${GRAFANA_IMAGE}:${GRAFANA_VERSION}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
http_gate:
|
||||
image: ${HTTP_GW_IMAGE}:${HTTP_GW_VERSION}
|
||||
|
|
|
@ -25,6 +25,7 @@ endif
|
|||
# Download FrostFS CLI
|
||||
.ONESHELL:
|
||||
get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli
|
||||
get.cli: FROSTFS_CLI_ARCHIVE_FILE=${FROSTFS_CLI_FILE}.tar.gz
|
||||
get.cli: FROSTFS_CLI_PATH?=
|
||||
get.cli:
|
||||
@mkdir -p ./vendor
|
||||
|
@ -33,8 +34,10 @@ ifeq (${FROSTFS_CLI_PATH},)
|
|||
@echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}"
|
||||
@curl \
|
||||
-ksSL "${FROSTFS_CLI_URL}" \
|
||||
-o ${FROSTFS_CLI_FILE}
|
||||
@chmod +x ${FROSTFS_CLI_FILE}
|
||||
-o ${FROSTFS_CLI_ARCHIVE_FILE}
|
||||
@tar -xvf ${FROSTFS_CLI_ARCHIVE_FILE} -C ./vendor | xargs -I {} \
|
||||
mv ./vendor/{} ${FROSTFS_CLI_FILE}
|
||||
@rm ${FROSTFS_CLI_ARCHIVE_FILE}
|
||||
else
|
||||
@echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}"
|
||||
@cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
|
||||
ir01:
|
||||
|
@ -12,19 +13,19 @@ services:
|
|||
ir_int:
|
||||
internet:
|
||||
ipv4_address: ${IPV4_PREFIX}.61
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
stop_signal: SIGKILL
|
||||
volumes:
|
||||
- ./az.json:/wallet.json
|
||||
- ./az.key:/wallet01.key
|
||||
- ./../../vendor/hosts:/etc/hosts
|
||||
- ./../../vendor/locode_db:/locode/db
|
||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./healthcheck.sh:/healthcheck.sh
|
||||
- ./cfg:/etc/frostfs/ir
|
||||
env_file: [ ".env", ".ir.env", ".int_test.env" ]
|
||||
command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ]
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "/frostfs-cli control ir healthcheck -q --wallet /wallet01.key --endpoint \"$$FROSTFS_IR_CONTROL_GRPC_ENDPOINT\""]
|
||||
test: ["CMD-SHELL", "/healthcheck.sh"]
|
||||
interval: 2s
|
||||
timeout: 1s
|
||||
retries: 5
|
||||
|
|
6
services/ir/healthcheck.sh
Executable file
6
services/ir/healthcheck.sh
Executable file
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
/frostfs-cli control healthcheck \
|
||||
--endpoint "$FROSTFS_IR_CONTROL_GRPC_ENDPOINT" \
|
||||
--wallet /wallet01.key --ir |
|
||||
grep "Health status: READY"
|
|
@ -1,3 +1,4 @@
|
|||
version: '2.4'
|
||||
services:
|
||||
jaeger:
|
||||
image: ${JAEGER_IMAGE}:${JAEGER_VERSION}
|
||||
|
|
|
@ -20,12 +20,15 @@ endif
|
|||
|
||||
# Download FrostFS ADM tool
|
||||
get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm
|
||||
get.adm: FROSTFS_ADM_ARCHIVE=frostfs-adm.tar.gz
|
||||
get.adm:
|
||||
|
||||
ifeq (${FROSTFS_ADM_PATH},)
|
||||
@echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}"
|
||||
@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_DEST}
|
||||
@chmod +x ${FROSTFS_ADM_DEST}
|
||||
@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_ARCHIVE}
|
||||
@tar -xvf ${FROSTFS_ADM_ARCHIVE} -C ./vendor | xargs -I {} \
|
||||
mv ./vendor/{} ${FROSTFS_ADM_DEST}
|
||||
@rm ${FROSTFS_ADM_ARCHIVE}
|
||||
else
|
||||
@echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}"
|
||||
@cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
frostfs_morph_chain:
|
||||
image: ${NEOGO_IMAGE}:${NEOGO_VERSION}
|
||||
|
@ -19,14 +20,9 @@ services:
|
|||
- ./config.yml:/wallets/config.yml
|
||||
- ./../../vendor/hosts:/etc/hosts
|
||||
- ./../../wallets/wallet.json:/wallets/wallet.json
|
||||
- ./../s3_gate/wallet.json:/wallets/s3-wallet.json
|
||||
- chains:/chains
|
||||
|
||||
networks:
|
||||
chain_int:
|
||||
internet:
|
||||
external: true
|
||||
name: basenet_internet
|
||||
|
||||
volumes:
|
||||
chains:
|
||||
|
|
|
@ -17,7 +17,7 @@ ApplicationConfiguration:
|
|||
DBConfiguration:
|
||||
Type: "boltdb"
|
||||
BoltDBOptions:
|
||||
FilePath: "/chains/morph.bolt"
|
||||
FilePath: "./db/morph.bolt"
|
||||
P2P:
|
||||
Addresses:
|
||||
- ":20333"
|
||||
|
@ -36,7 +36,7 @@ ApplicationConfiguration:
|
|||
Password: "one"
|
||||
RPC:
|
||||
Addresses:
|
||||
- ":30333"
|
||||
- "192.168.130.90:30333"
|
||||
Enabled: true
|
||||
SessionEnabled: true
|
||||
EnableCORSWorkaround: false
|
||||
|
|
1
services/nats/.hosts
Normal file
1
services/nats/.hosts
Normal file
|
@ -0,0 +1 @@
|
|||
IPV4_PREFIX.101 nats.LOCAL_DOMAIN
|
7
services/nats/artifacts.mk
Normal file
7
services/nats/artifacts.mk
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Create new TLS certs for NATS server and clients
|
||||
|
||||
NATS_DIR=$(abspath services/nats)
|
||||
|
||||
get.nats:
|
||||
@echo "⇒ Creating certs for NATS server and clients"
|
||||
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null
|
31
services/nats/docker-compose.yml
Normal file
31
services/nats/docker-compose.yml
Normal file
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
nats:
|
||||
image: ${NATS_IMAGE}:${NATS_VERSION}
|
||||
domainname: ${LOCAL_DOMAIN}
|
||||
hostname: nats
|
||||
container_name: nats
|
||||
restart: on-failure
|
||||
dns:
|
||||
- ${IPV4_PREFIX}.101
|
||||
networks:
|
||||
nats_int:
|
||||
internet:
|
||||
ipv4_address: ${IPV4_PREFIX}.101
|
||||
volumes:
|
||||
- ./../../vendor/hosts:/etc/hosts
|
||||
- ./nats.conf:/etc/nats/frostfs-nats-server.conf
|
||||
- ./server-cert.pem:/certs/server-cert.pem
|
||||
- ./server-key.pem:/certs/server-key.pem
|
||||
- ./ca-cert.pem:/certs/ca-cert.pem
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".int_test.env" ]
|
||||
command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
|
||||
|
||||
networks:
|
||||
nats_int:
|
||||
internet:
|
||||
external: true
|
||||
name: basenet_internet
|
49
services/nats/generate_cert.sh
Executable file
49
services/nats/generate_cert.sh
Executable file
|
@ -0,0 +1,49 @@
|
|||
#!/bin/bash
|
||||
|
||||
source bin/helper.sh
|
||||
|
||||
WORKDIR=$(dirname "$0")
|
||||
LOCAL_DOMAIN=$1
|
||||
|
||||
CA_KEY=$WORKDIR/ca-key.pem
|
||||
CA_CRT=$WORKDIR/ca-cert.pem
|
||||
|
||||
SRV_KEY=$WORKDIR/server-key.pem
|
||||
SRV_REQ=$WORKDIR/server-req.csr
|
||||
SRV_CRT=$WORKDIR/server-cert.pem
|
||||
|
||||
CLI_KEY=$WORKDIR/client-key.pem
|
||||
CLI_REQ=$WORKDIR/client-req.csr
|
||||
CLI_CRT=$WORKDIR/client-cert.pem
|
||||
|
||||
SUBJ="/O=TrueCloudLab"
|
||||
|
||||
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
|
||||
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
|
||||
die "CA certificate was not created"
|
||||
fi
|
||||
|
||||
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
|
||||
openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
|
||||
die "Server certificate was not created"
|
||||
|
||||
openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
|
||||
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
|
||||
rm $SRV_REQ
|
||||
die "Server certificate was not signed by CA"
|
||||
}
|
||||
|
||||
rm $SRV_REQ
|
||||
fi
|
||||
|
||||
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
|
||||
openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
|
||||
die "Client certificate was not created"
|
||||
|
||||
openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
|
||||
rm $CLI_REQ
|
||||
die "Client certificate was not signed by CA"
|
||||
}
|
||||
|
||||
rm $CLI_REQ
|
||||
fi
|
15
services/nats/nats.conf
Normal file
15
services/nats/nats.conf
Normal file
|
@ -0,0 +1,15 @@
|
|||
port: 4222
|
||||
monitor_port: 8222
|
||||
|
||||
jetstream {
|
||||
store_dir=nats
|
||||
max_memory_store: 1GB
|
||||
max_file_store: 2GB
|
||||
}
|
||||
|
||||
tls {
|
||||
cert_file: /certs/server-cert.pem
|
||||
key_file: /certs/server-key.pem
|
||||
ca_file: /certs/ca-cert.pem
|
||||
verify: true
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
version: '2.4'
|
||||
services:
|
||||
prometheus:
|
||||
image: ${PROMETHEUS_IMAGE}:${PROMETHEUS_VERSION}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
rest_gate:
|
||||
image: ${REST_GW_IMAGE}:${REST_GW_VERSION}
|
||||
|
@ -15,8 +16,7 @@ services:
|
|||
- ./wallet.json:/wallet.json
|
||||
- ./../../vendor/hosts:/etc/hosts
|
||||
- ./cfg:/etc/frostfs/rest
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".int_test.env" ]
|
||||
command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ]
|
||||
environment:
|
||||
|
|
|
@ -33,17 +33,3 @@ server:
|
|||
wallet:
|
||||
path: /wallet.json # Path to wallet
|
||||
passphrase: "s3" # Passphrase to decrypt wallet
|
||||
|
||||
features:
|
||||
md5:
|
||||
enabled: true
|
||||
|
||||
control:
|
||||
grpc:
|
||||
endpoint: localhost:16515
|
||||
|
||||
frostfsid:
|
||||
enabled: false
|
||||
|
||||
policy:
|
||||
enabled: false
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
s3_gate:
|
||||
image: ${S3_GW_IMAGE}:${S3_GW_VERSION}
|
||||
|
@ -12,19 +13,12 @@ services:
|
|||
internet:
|
||||
ipv4_address: ${IPV4_PREFIX}.82
|
||||
volumes:
|
||||
# Gate wallet
|
||||
- ./wallet.json:/wallet.json
|
||||
# Custom user wallets
|
||||
- ./wallets:/wallets
|
||||
# Default user wallet
|
||||
- ./../../wallets/wallet.json:/wallets/wallet.json
|
||||
- ./tls.key:/tls.key
|
||||
- ./tls.crt:/tls.crt
|
||||
- ./../../vendor/hosts:/etc/hosts
|
||||
- ./cfg:/etc/frostfs/s3
|
||||
- ./issue-creds.sh:/usr/bin/issue-creds.sh
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".s3.env", ".int_test.env" ]
|
||||
command: [ "frostfs-s3-gw", "--config", "/etc/frostfs/s3/config.yml" ]
|
||||
environment:
|
||||
|
@ -40,8 +34,6 @@ services:
|
|||
- S3_GW_PEERS_2_WEIGHT=0.2
|
||||
- S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
|
||||
- S3_GW_PEERS_3_WEIGHT=0.2
|
||||
- AUTHMATE_WALLET_PASSPHRASE=
|
||||
- AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
|
||||
|
||||
networks:
|
||||
s3_gate_int:
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
initUser() {
|
||||
/bin/frostfs-s3-authmate register-user \
|
||||
--wallet $WALLET_PATH \
|
||||
--rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
|
||||
--username $USERNAME \
|
||||
--contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
|
||||
}
|
||||
|
||||
issueCreds() {
|
||||
/bin/frostfs-s3-authmate issue-secret \
|
||||
--wallet $WALLET_PATH \
|
||||
--peer s01.frostfs.devenv:8080 \
|
||||
--gate-public-key $S3_GATE_PUBLIC_KEY \
|
||||
--container-placement-policy "REP 3"
|
||||
}
|
||||
|
||||
set -e
|
||||
|
||||
WALLET_PATH=/wallets/$2
|
||||
if [[ -z "$2" ]]; then
|
||||
WALLET_PATH=/wallets/wallet.json
|
||||
fi
|
||||
|
||||
S3_GATE_PUBLIC_KEY=$3
|
||||
if [[ -z "$3" ]]; then
|
||||
S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
|
||||
fi
|
||||
|
||||
WALLET_CACHE=/data/wallets
|
||||
mkdir -p $WALLET_CACHE
|
||||
|
||||
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
|
||||
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
|
||||
initUser
|
||||
fi
|
||||
|
||||
if [ $1 == "s3" ]; then
|
||||
issueCreds
|
||||
fi
|
|
@ -1,14 +0,0 @@
|
|||
.PHONY: s3cred register
|
||||
|
||||
password?=
|
||||
contract_password?=s3
|
||||
gate_public_key?=
|
||||
wallet?=
|
||||
|
||||
# Register wallet & generate S3 credentials
|
||||
s3cred:
|
||||
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
|
||||
|
||||
# Only registers user wallet
|
||||
register:
|
||||
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"
|
|
@ -1 +0,0 @@
|
|||
IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN
|
|
@ -1,42 +0,0 @@
|
|||
logger:
|
||||
level: debug
|
||||
|
||||
prometheus:
|
||||
enabled: true
|
||||
address: :9090
|
||||
|
||||
lifecycle:
|
||||
job_fetcher_buffer: 1000
|
||||
executor_pool_size: 100
|
||||
|
||||
frostfs:
|
||||
stream_timeout: 10s
|
||||
connect_timeout: 10s
|
||||
healthcheck_timeout: 15s
|
||||
rebalance_interval: 60s
|
||||
pool_error_threshold: 100
|
||||
tree_pool_max_attempts: 4
|
||||
|
||||
credential:
|
||||
use: wallets
|
||||
source:
|
||||
wallets:
|
||||
- path: /wallet.json
|
||||
address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
|
||||
passphrase: "cycle"
|
||||
- path: /user-wallet.json
|
||||
address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
|
||||
passphrase: ""
|
||||
|
||||
morph:
|
||||
reconnect_clients_interval: 30s
|
||||
dial_timeout: 5s
|
||||
contract:
|
||||
netmap: netmap.frostfs
|
||||
frostfsid: frostfsid.frostfs
|
||||
container: container.frostfs
|
||||
|
||||
# Wallet configuration
|
||||
wallet:
|
||||
path: /wallet.json # Path to wallet
|
||||
passphrase: "cycle" # Passphrase to decrypt wallet
|
|
@ -1,38 +0,0 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
s3_lifecycler:
|
||||
image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
|
||||
domainname: ${LOCAL_DOMAIN}
|
||||
hostname: s3_lifecycler
|
||||
container_name: s3_lifecycler
|
||||
restart: on-failure
|
||||
networks:
|
||||
s3_lifecycler_int:
|
||||
internet:
|
||||
ipv4_address: ${IPV4_PREFIX}.84
|
||||
volumes:
|
||||
- ./wallet.json:/wallet.json
|
||||
- ./../../vendor/hosts:/etc/hosts
|
||||
- ./cfg:/etc/frostfs/s3-lifecycler
|
||||
- ./../../wallets/wallet.json:/user-wallet.json
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".int_test.env" ]
|
||||
command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
|
||||
environment:
|
||||
- S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
|
||||
- S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
|
||||
|
||||
networks:
|
||||
s3_lifecycler_int:
|
||||
internet:
|
||||
external: true
|
||||
name: basenet_internet
|
|
@ -1,30 +0,0 @@
|
|||
{
|
||||
"version": "1.0",
|
||||
"accounts": [
|
||||
{
|
||||
"address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7",
|
||||
"key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ",
|
||||
"label": "lifecycler",
|
||||
"contract": {
|
||||
"script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==",
|
||||
"parameters": [
|
||||
{
|
||||
"name": "parameter0",
|
||||
"type": "Signature"
|
||||
}
|
||||
],
|
||||
"deployed": false
|
||||
},
|
||||
"lock": false,
|
||||
"isDefault": false
|
||||
}
|
||||
],
|
||||
"scrypt": {
|
||||
"n": 16384,
|
||||
"r": 8,
|
||||
"p": 8
|
||||
},
|
||||
"extra": {
|
||||
"Tokens": null
|
||||
}
|
||||
}
|
|
@ -32,6 +32,18 @@ morph:
|
|||
- address: ws://morph-chain:30333/ws
|
||||
priority: 1
|
||||
|
||||
# Common storage node settings
|
||||
node:
|
||||
attribute_0: "User-Agent:FrostFS/0.34"
|
||||
notification:
|
||||
enabled: true # Turn on object notification service
|
||||
endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint
|
||||
timeout: "6s" # Timeout for object notification client connection
|
||||
default_topic: "test" # Default topic for object notifications if not found in object's meta
|
||||
certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate
|
||||
key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key
|
||||
ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate
|
||||
|
||||
# Tree section
|
||||
tree:
|
||||
enabled: true
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
|
||||
version: "2.4"
|
||||
services:
|
||||
storage01:
|
||||
image: ${NODE_IMAGE}:${NODE_VERSION}
|
||||
|
@ -17,10 +18,13 @@ services:
|
|||
- storage_s01:/storage
|
||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./healthcheck.sh:/healthcheck.sh
|
||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".storage.env", ".int_test.env" ]
|
||||
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
|
||||
environment:
|
||||
|
@ -29,11 +33,10 @@ services:
|
|||
- FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
|
||||
- FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
|
||||
- FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
|
||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
|
||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:22
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
|
||||
test: ["CMD-SHELL", "/healthcheck.sh"]
|
||||
interval: 2s
|
||||
timeout: 1s
|
||||
retries: 5
|
||||
|
@ -55,10 +58,13 @@ services:
|
|||
- storage_s02:/storage
|
||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./healthcheck.sh:/healthcheck.sh
|
||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".storage.env", ".int_test.env" ]
|
||||
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
|
||||
environment:
|
||||
|
@ -67,11 +73,10 @@ services:
|
|||
- FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
|
||||
- FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
|
||||
- FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
|
||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
|
||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:33
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
|
||||
test: ["CMD-SHELL", "/healthcheck.sh"]
|
||||
interval: 2s
|
||||
timeout: 1s
|
||||
retries: 5
|
||||
|
@ -93,10 +98,13 @@ services:
|
|||
- storage_s03:/storage
|
||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./healthcheck.sh:/healthcheck.sh
|
||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".storage.env", ".int_test.env" ]
|
||||
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
|
||||
environment:
|
||||
|
@ -105,11 +113,10 @@ services:
|
|||
- FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
|
||||
- FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
|
||||
- FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
|
||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
|
||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:11
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
|
||||
test: ["CMD-SHELL", "/healthcheck.sh"]
|
||||
interval: 2s
|
||||
timeout: 1s
|
||||
retries: 5
|
||||
|
@ -131,11 +138,14 @@ services:
|
|||
- storage_s04:/storage
|
||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||
- ./cli-cfg.yml:/cli-cfg.yml
|
||||
- ./healthcheck.sh:/healthcheck.sh
|
||||
- ./s04tls.crt:/tls.crt
|
||||
- ./s04tls.key:/tls.key
|
||||
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||
- ./cfg:/etc/frostfs/storage
|
||||
stop_signal: SIGTERM
|
||||
stop_grace_period: 15s
|
||||
stop_signal: SIGKILL
|
||||
env_file: [ ".env", ".storage.env", ".int_test.env" ]
|
||||
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
|
||||
environment:
|
||||
|
@ -149,11 +159,10 @@ services:
|
|||
- FROSTFS_GRPC_1_TLS_ENABLED=true
|
||||
- FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
|
||||
- FROSTFS_GRPC_1_TLS_KEY=/tls.key
|
||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
|
||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:44
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
|
||||
test: ["CMD-SHELL", "/healthcheck.sh"]
|
||||
interval: 2s
|
||||
timeout: 1s
|
||||
retries: 5
|
||||
|
|
5
services/storage/healthcheck.sh
Executable file
5
services/storage/healthcheck.sh
Executable file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/sh
|
||||
|
||||
/frostfs-cli control healthcheck -c /cli-cfg.yml \
|
||||
--endpoint "$FROSTFS_CONTROL_GRPC_ENDPOINT" |
|
||||
grep "Health status: READY"
|
Loading…
Reference in a new issue