[#44 ] grafana: Add Client dashboard

Client dashboard shows outgoing requests. Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-11 15:51:01 +03:00
54 changed files with 214 additions and 368 deletions
--- a/.basic_services
+++ b/.basic_services
@ -1,4 +1,5 @@
 # Services start/stop order
 # Will start from top to bottom and stop in reverse
 nats
 ir
 storage
--- a/.env
+++ b/.env
@ -8,19 +8,23 @@ BASTION_VERSION=10
 BASTION_IMAGE=debian
 # NeoGo privnet
-NEOGO_VERSION=0.104.0
+NEOGO_VERSION=0.101.1
 NEOGO_IMAGE=nspccdev/neo-go
 # FrostFS InnerRing nodes
-IR_VERSION=0.42.9
+IR_VERSION=365a7ca0
-IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
+IR_IMAGE=truecloudlab/frostfs-ir
 # FrostFS Storage nodes
-NODE_VERSION=0.42.9
+NODE_VERSION=365a7ca0
-NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
+NODE_IMAGE=truecloudlab/frostfs-storage
 # NATS Server
 NATS_VERSION=2.7.2
 NATS_IMAGE=nats
 # HTTP Gate
-HTTP_GW_VERSION=0.30.2
+HTTP_GW_VERSION=0.27.0-rc.1-15-g1776db28
 HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
 # REST Gate
@ -28,29 +32,25 @@ REST_GW_VERSION=c9c85e90
 REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
 # S3 Gate
-S3_GW_VERSION=0.31.0-rc.4
+S3_GW_VERSION=0.27.0-rc.1-30-gce929468
 S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
 # Lifecycler
 S3_LIFECYCLER_VERSION=0.1.3
 S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
 # FrostFS LOCODE database
 LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
 #LOCODE_DB_PATH=/path/to/locode_db
 # FrostFS CLI binary
-FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-cli
+FROSTFS_CLI_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/BbngJDdRJEDJTJk7qptq3SxKqrJqtvVYWU6R5AaFGbtG
 #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary
 # FrostFS ADM tool binary
-FROSTFS_ADM_VERSION=498f9955ea
+FROSTFS_ADM_VERSION=eca5c210
-FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm
+FROSTFS_ADM_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/2GxarAjGUb3RevxvqFGYT3hDQxNNaHzK6aFxhJCAMehq
 #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary
 # Compiled FrostFS Smart Contracts
-FROSTFS_CONTRACTS_VERSION=694daebb19
+FROSTFS_CONTRACTS_VERSION=8537293e
-FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.19.2/frostfs-contract-v0.19.2.tar.gz
+FROSTFS_CONTRACTS_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/6ccZoj4HxoN1G1qvJAX2Qw9p2D6qdyzAjNMaNkEKYQpA
 #FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir
 # Jaeger tracing
@ -64,7 +64,3 @@ PROMETHEUS_IMAGE=prom/prometheus
 # Grafana versions
 GRAFANA_VERSION=9.5.6
 GRAFANA_IMAGE=grafana/grafana
 # Loki versions
 LOKI_VERSION=2.9.1
 LOKI_IMAGE=grafana/loki
--- a/.forgejo/workflows/dco.yml
+++ b/.forgejo/workflows/dco.yml
@ -1,4 +1,3 @@
 name: DCO action
 on: [pull_request]
 jobs:
@ -13,9 +12,9 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.21'
+          go-version: '1.20'
      - name: Run commit format checker
-        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v2
+        uses: https://git.alexvan.in/alexvanin/dco-go@v1
        with:
-          from: 'origin/${{ github.event.pull_request.base.ref }}'
+          from: dca6ff62
--- a/.gitignore
+++ b/.gitignore
@ -15,3 +15,4 @@ sites/*
 # Runtime generation keys
 services/storage/*tls.crt
 services/storage/*tls.key
 services/nats/*.pem
--- a/.services
+++ b/.services
@ -3,4 +3,3 @@
 http_gate
 s3_gate
 rest_gate
 s3_lifecycler
--- a/18
+++ b/18
@ -60,7 +60,6 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
 .PHONY: up
 up: up/basic
 	@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
 	./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
 	@echo "Full FrostFS Developer Environment is ready"
 # Build up FrostFS
@ -77,25 +76,12 @@ up/bootstrap: get vendor/hosts
 	@$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
 	@source ./bin/helper.sh
 	@./vendor/frostfs-adm --config frostfs-adm.yml morph init --contracts vendor/contracts
 	echo "Set rule chain to policy contract" 
 	@./vendor/frostfs-adm --config frostfs-adm.yml morph \
 		ape add-rule-chain --target-type namespace --target-name "" \
 		--rule 'allow Container.* *' --chain-id "allow_container_ops"
 	@for f in ./services/storage/wallet*.json; do \
 		echo "Transfer GAS to wallet $${f}" \
 		&& ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \
 		|| die "Failed to transfer GAS to alphabet wallets"; \
 		done
-	@echo "Create frostfsid subject for ./wallets/wallet.json"; \
+	@echo "FrostFS sidechain environment is deployed"
 	if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \
 		echo "Subject already exists"; \
 	else \
 		subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \
 		&& echo "Subject key: $${subj_key}" \
 		&& ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \
 		|| die "Failed to create subject for the wallet"; \
 	fi
 	echo "FrostFS sidechain environment is deployed"
 # Build up certain service
 .PHONY: up/%
@ -150,7 +136,7 @@ hosts: vendor/hosts
 .PHONY: clean
 .ONESHELL:
 clean:
-	@rm -rf vendor/* services/storage/s04tls.*
+	@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
 	@> .int_test.env
 	@for svc in $(PULL_SVCS)
 	do
--- a/README.md
+++ b/README.md
@ -137,65 +137,6 @@ Display addresses and host names for each running service, if available.
 Clean up `vendor` directory.
 ### s3cred
 Registers user wallet and issues s3 credentials.
 Usage and default parameter values:
 ```sh
 make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
 ```
 As soon as the storage node is in the network map (see above) you can generate S3
 credentials:
 ``` sh
 $ make s3cred
 {
  "access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
  "secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
  "owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
  "wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
  "container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
 }                   
 ```
 Running without any parameters will result in defaults which are based on the private key from
 `/user-wallet.json` file and `/wallet.json` contract wallet.
 Now let's configure an S3 client (AWS CLI will be used as example):
 ``` sh
 $ aws configure
 AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
 AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
 Default region name []: us-east-1
 Default output format []: json
 ```
 If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter.
 Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
 ```sh
 $ make s3cred wallet=custom_wallet.json password=test
 {
  "access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
  "secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
  "owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
  "wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
  "container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
 }
 ```
 To get credentials from custom wallet, place it in `wallets` dir before start.
 ### cred
 Usage and default parameter values:
 ```sh
 make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
 ```
 The same as `s3cred`, but it doesn't issues s3 credentials.
 ## Contributing
 Feel free to contribute to this project after reading the [contributing
--- a/configs/s01-cli.yml
+++ b/configs/s01-cli.yml
@ -1,4 +0,0 @@
 wallet: services/storage/wallet01.json
 password: ""
 rpc-endpoint: s01.frostfs.devenv:8080
 endpoint: s01.frostfs.devenv:8081
--- a/configs/s02-cli.yml
+++ b/configs/s02-cli.yml
@ -1,4 +0,0 @@
 wallet: services/storage/wallet02.json
 password: ""
 rpc-endpoint: s02.frostfs.devenv:8080
 endpoint: s02.frostfs.devenv:8081
--- a/configs/s03-cli.yml
+++ b/configs/s03-cli.yml
@ -1,4 +0,0 @@
 wallet: services/storage/wallet03.json
 password: ""
 rpc-endpoint: s03.frostfs.devenv:8080
 endpoint: s03.frostfs.devenv:8081
--- a/configs/s04-cli.yml
+++ b/configs/s04-cli.yml
@ -1,4 +0,0 @@
 wallet: services/storage/wallet04.json
 password: ""
 rpc-endpoint: s04.frostfs.devenv:8080
 endpoint: s04.frostfs.devenv:8081
--- a/docs/http_gate.md
+++ b/docs/http_gate.md
@ -22,8 +22,8 @@ Image label prefix to use for containers.
 - Create a new container
 ```
 $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
-            --wallet wallets/wallet.key \
+            --key wallets/wallet.key \
-            container create --basic-acl private --await \
+            container create --basic-acl readonly --await \
            --policy "REP 1 SELECT 1 FROM *"
 container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
 awaiting...
@ -33,7 +33,7 @@ container has been persisted on sidechain
 - Put an object into the newly created container
 ```
 $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
-            --wallet wallets/wallet.key \
+            --key wallets/wallet.key \
            object put --file /tmp/backup.jpeg \
            --cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
 [/tmp/backup.jpeg] Object successfully stored
--- a/frostfs-adm.yml
+++ b/frostfs-adm.yml
@ -5,7 +5,6 @@ network:
  epoch_duration: 240
  basic_income_rate: 100000000
  homomorphic_hash_disabled: false
  maintenance_mode_allowed: true
  fee:
    audit: 10000
    candidate: 10000000000
--- a/services/basenet/docker-compose.yml
+++ b/services/basenet/docker-compose.yml
@ -1,5 +1,6 @@
 ---
 version: "2.4"
 services:
  basenet:
--- a/services/grafana/.hosts
+++ b/services/grafana/.hosts
@ -1,2 +1 @@
 IPV4_PREFIX.122 grafana.LOCAL_DOMAIN
 IPV4_PREFIX.123 loki.LOCAL_DOMAIN
--- a/services/grafana/docker-compose.yml
+++ b/services/grafana/docker-compose.yml
@ -1,3 +1,4 @@
 version: '2.4'
 services:
  grafana:
    image: ${GRAFANA_IMAGE}:${GRAFANA_VERSION}
@ -13,17 +14,11 @@ services:
      - ./../../vendor/hosts:/etc/hosts
      - ./grafana.ini:/etc/grafana/grafana.ini
      - ./provisioning:/etc/grafana/provisioning
    ports:
      - '3000:3000'
    stop_signal: SIGKILL
    env_file: [ ".env", ".int_test.env" ]
  loki:
    image: ${LOKI_IMAGE}:${LOKI_VERSION}
    command: -config.file=/etc/loki/local-config.yaml
    networks:
      grafana_int:
      internet:
        ipv4_address: ${IPV4_PREFIX}.123
 networks:
  grafana_int:
  internet:
--- a/services/grafana/provisioning/dashboards/blobovnicza-buckets.json
+++ b/services/grafana/provisioning/dashboards/blobovnicza-buckets.json
--- a/services/grafana/provisioning/dashboards/engine-buckets.json
+++ b/services/grafana/provisioning/dashboards/engine-buckets.json
--- a/services/grafana/provisioning/dashboards/fstree-buckets.json
+++ b/services/grafana/provisioning/dashboards/fstree-buckets.json
--- a/services/grafana/provisioning/dashboards/grpc-buckets.json
+++ b/services/grafana/provisioning/dashboards/grpc-buckets.json
--- a/services/grafana/provisioning/dashboards/metabase-buckets.json
+++ b/services/grafana/provisioning/dashboards/metabase-buckets.json
--- a/services/grafana/provisioning/dashboards/storage-node-logs.json
+++ b/services/grafana/provisioning/dashboards/storage-node-logs.json
--- a/services/grafana/provisioning/dashboards/storage-node.json
+++ b/services/grafana/provisioning/dashboards/storage-node.json
--- a/services/grafana/provisioning/dashboards/writecache-buckets.json
+++ b/services/grafana/provisioning/dashboards/writecache-buckets.json
--- a/services/grafana/provisioning/datasources/datasource.yml
+++ b/services/grafana/provisioning/datasources/datasource.yml
@ -6,8 +6,3 @@ datasources:
  access: proxy
  orgId: 1
  url: http://prometheus:9090
 - name: Loki
  type: loki
  access: proxy
  orgId: 1
  url: http://loki:3100
--- a/services/http_gate/docker-compose.yml
+++ b/services/http_gate/docker-compose.yml
@ -1,5 +1,6 @@
 ---
 version: "2.4"
 services:
  http_gate:
    image: ${HTTP_GW_IMAGE}:${HTTP_GW_VERSION}
--- a/services/ir/.ir.env
+++ b/services/ir/.ir.env
@ -1 +1,3 @@
 FROSTFS_IR_CONTRACTS_FROSTFSID=27407c76feabc407908f3d09a3d845d45e7c981a
 FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512
--- a/services/ir/artifacts.mk
+++ b/services/ir/artifacts.mk
@ -25,6 +25,7 @@ endif
 # Download FrostFS CLI 
 .ONESHELL:
 get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli
 get.cli: FROSTFS_CLI_ARCHIVE_FILE=${FROSTFS_CLI_FILE}.tar.gz
 get.cli: FROSTFS_CLI_PATH?=
 get.cli:
 	@mkdir -p ./vendor
@ -33,8 +34,10 @@ ifeq (${FROSTFS_CLI_PATH},)
 	@echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}"
 	@curl \
 		-ksSL "${FROSTFS_CLI_URL}" \
-		-o ${FROSTFS_CLI_FILE} 
+		-o ${FROSTFS_CLI_ARCHIVE_FILE} 
-	@chmod +x ${FROSTFS_CLI_FILE}
+	@tar -xvf ${FROSTFS_CLI_ARCHIVE_FILE} -C ./vendor | xargs -I {} \
 		mv ./vendor/{} ${FROSTFS_CLI_FILE}
 	@rm ${FROSTFS_CLI_ARCHIVE_FILE}
 else
 	@echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}"
 	@cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE}
--- a/services/ir/docker-compose.yml
+++ b/services/ir/docker-compose.yml
@ -1,5 +1,6 @@
 ---
 version: "2.4"
 services:
  ir01:
@ -12,19 +13,19 @@ services:
      ir_int:
      internet:
        ipv4_address: ${IPV4_PREFIX}.61
-    stop_signal: SIGTERM
+    stop_signal: SIGKILL
    stop_grace_period: 15s
    volumes:
      - ./az.json:/wallet.json
      - ./az.key:/wallet01.key
      - ./../../vendor/hosts:/etc/hosts
      - ./../../vendor/locode_db:/locode/db
      - ./../../vendor/frostfs-cli:/frostfs-cli
      - ./healthcheck.sh:/healthcheck.sh
      - ./cfg:/etc/frostfs/ir
    env_file: [ ".env", ".ir.env", ".int_test.env" ]
    command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ]
    healthcheck:
-      test: ["CMD-SHELL", "/frostfs-cli control ir healthcheck -q --wallet /wallet01.key  --endpoint \"$$FROSTFS_IR_CONTROL_GRPC_ENDPOINT\""]
+      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
      timeout: 1s
      retries: 5
--- a/services/ir/healthcheck.sh
+++ b/services/ir/healthcheck.sh
@ -0,0 +1,6 @@
 #!/bin/sh
 /frostfs-cli control healthcheck \
 	--endpoint "$FROSTFS_IR_CONTROL_GRPC_ENDPOINT" \
 	--wallet /wallet01.key --ir |
 	grep "Health status: READY"
--- a/services/jaeger/docker-compose.yml
+++ b/services/jaeger/docker-compose.yml
@ -1,3 +1,4 @@
 version: '2.4'
 services:
  jaeger:
    image: ${JAEGER_IMAGE}:${JAEGER_VERSION}
--- a/services/morph_chain/artifacts.mk
+++ b/services/morph_chain/artifacts.mk
@ -20,12 +20,15 @@ endif
 # Download FrostFS ADM tool 
 get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm
 get.adm: FROSTFS_ADM_ARCHIVE=frostfs-adm.tar.gz
 get.adm:
 ifeq (${FROSTFS_ADM_PATH},)
 	@echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}"
-	@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_DEST}
+	@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_ARCHIVE}
-	@chmod +x ${FROSTFS_ADM_DEST}
+	@tar -xvf ${FROSTFS_ADM_ARCHIVE} -C ./vendor | xargs -I {} \
 		mv ./vendor/{} ${FROSTFS_ADM_DEST}
 	@rm ${FROSTFS_ADM_ARCHIVE}
 else
 	@echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}"
 	@cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST}
--- a/services/morph_chain/docker-compose.yml
+++ b/services/morph_chain/docker-compose.yml
@ -1,5 +1,6 @@
 ---
 version: "2.4"
 services:
  frostfs_morph_chain:
    image: ${NEOGO_IMAGE}:${NEOGO_VERSION}
@ -19,14 +20,9 @@ services:
    - ./config.yml:/wallets/config.yml
    - ./../../vendor/hosts:/etc/hosts
    - ./../../wallets/wallet.json:/wallets/wallet.json
    - ./../s3_gate/wallet.json:/wallets/s3-wallet.json
    - chains:/chains
 networks:
  chain_int:
  internet:
    external: true
    name: basenet_internet
 volumes:
  chains:
--- a/services/morph_chain/protocol.privnet.yml
+++ b/services/morph_chain/protocol.privnet.yml
@ -17,7 +17,7 @@ ApplicationConfiguration:
  DBConfiguration:
    Type: "boltdb"
    BoltDBOptions:
-      FilePath: "/chains/morph.bolt"
+      FilePath: "./db/morph.bolt"
  P2P:
    Addresses:
      - ":20333"
@ -29,14 +29,9 @@ ApplicationConfiguration:
    AttemptConnPeers: 5
    MinPeers: 0
  Relay: true
  Consensus:
    Enabled: true
    UnlockWallet:
      Path: "./wallets/node-wallet.json"
      Password: "one"
  RPC:
    Addresses:
-      - ":30333"
+      - "192.168.130.90:30333"
    Enabled: true
    SessionEnabled: true
    EnableCORSWorkaround: false
@ -54,3 +49,6 @@ ApplicationConfiguration:
    Addresses:
      - ":20011"
    Enabled: true
  UnlockWallet:
    Path: "./wallets/node-wallet.json"
    Password: "one"
--- a/services/s3_lifecycler/.env
+++ b/services/s3_lifecycler/.env
--- a/services/nats/.hosts
+++ b/services/nats/.hosts
@ -0,0 +1 @@
 IPV4_PREFIX.101 nats.LOCAL_DOMAIN
--- a/services/s3_lifecycler/.int_test.env
+++ b/services/s3_lifecycler/.int_test.env
--- a/services/nats/artifacts.mk
+++ b/services/nats/artifacts.mk
@ -0,0 +1,7 @@
 # Create new TLS certs for NATS server and clients
 NATS_DIR=$(abspath services/nats)
 get.nats:
 	@echo "⇒ Creating certs for NATS server and clients"
 	${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null
--- a/services/nats/docker-compose.yml
+++ b/services/nats/docker-compose.yml
@ -0,0 +1,31 @@
 ---
 version: "2.4"
 services:
  nats:
    image: ${NATS_IMAGE}:${NATS_VERSION}
    domainname: ${LOCAL_DOMAIN}
    hostname: nats
    container_name: nats
    restart: on-failure
    dns: 
      - ${IPV4_PREFIX}.101
    networks:
      nats_int:
      internet:
        ipv4_address: ${IPV4_PREFIX}.101
    volumes:
      - ./../../vendor/hosts:/etc/hosts
      - ./nats.conf:/etc/nats/frostfs-nats-server.conf
      - ./server-cert.pem:/certs/server-cert.pem
      - ./server-key.pem:/certs/server-key.pem
      - ./ca-cert.pem:/certs/ca-cert.pem
    stop_signal: SIGKILL
    env_file: [ ".env", ".int_test.env" ]
    command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
 networks:
  nats_int:
  internet:
    external: true
    name: basenet_internet
--- a/services/nats/generate_cert.sh
+++ b/services/nats/generate_cert.sh
@ -0,0 +1,49 @@
 #!/bin/bash
 source bin/helper.sh
 WORKDIR=$(dirname "$0")
 LOCAL_DOMAIN=$1
 CA_KEY=$WORKDIR/ca-key.pem
 CA_CRT=$WORKDIR/ca-cert.pem
 SRV_KEY=$WORKDIR/server-key.pem
 SRV_REQ=$WORKDIR/server-req.csr
 SRV_CRT=$WORKDIR/server-cert.pem
 CLI_KEY=$WORKDIR/client-key.pem
 CLI_REQ=$WORKDIR/client-req.csr
 CLI_CRT=$WORKDIR/client-cert.pem
 SUBJ="/O=TrueCloudLab"
 if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
 	openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
 		die "CA certificate was not created"
 fi
 if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
 	openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
 		die "Server certificate was not created"
 	openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
 		-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
 		rm $SRV_REQ
 		die "Server certificate was not signed by CA"
 	}
 	rm $SRV_REQ
 fi
 if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
 	openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
 		die "Client certificate was not created"
 	openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
 		rm $CLI_REQ
 		die "Client certificate was not signed by CA"
 	}
 	rm $CLI_REQ
 fi
--- a/services/nats/nats.conf
+++ b/services/nats/nats.conf
@ -0,0 +1,15 @@
 port: 4222
 monitor_port: 8222
 jetstream {
   store_dir=nats
   max_memory_store: 1GB
   max_file_store: 2GB
 }
 tls {
  cert_file: /certs/server-cert.pem
  key_file:  /certs/server-key.pem
  ca_file:   /certs/ca-cert.pem 
  verify:    true
 }
--- a/services/prometheus/docker-compose.yml
+++ b/services/prometheus/docker-compose.yml
@ -1,3 +1,4 @@
 version: '2.4'
 services:
  prometheus:
    image: ${PROMETHEUS_IMAGE}:${PROMETHEUS_VERSION}
@ -14,6 +15,8 @@ services:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
    command:
      - --config.file=/etc/prometheus/prometheus.yml
    ports:
      - '9090:9090'
    stop_signal: SIGKILL
    env_file: [ ".env", ".prometheus.env", ".int_test.env" ]
--- a/services/rest_gate/docker-compose.yml
+++ b/services/rest_gate/docker-compose.yml
@ -1,5 +1,6 @@
 ---
 version: "2.4"
 services:
  rest_gate:
    image: ${REST_GW_IMAGE}:${REST_GW_VERSION}
@ -15,8 +16,7 @@ services:
      - ./wallet.json:/wallet.json
      - ./../../vendor/hosts:/etc/hosts
      - ./cfg:/etc/frostfs/rest
-    stop_signal: SIGTERM
+    stop_signal: SIGKILL
    stop_grace_period: 15s
    env_file: [ ".env", ".int_test.env" ]
    command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ]
    environment:
--- a/services/s3_gate/cfg/config.yml
+++ b/services/s3_gate/cfg/config.yml
@ -33,17 +33,3 @@ server:
 wallet:
  path: /wallet.json # Path to wallet
  passphrase: "s3" # Passphrase to decrypt wallet
 features:
  md5:
    enabled: true
 control:
  grpc:
    endpoint: localhost:16515
 frostfsid:
  enabled: false
 policy:
  enabled: false
--- a/services/s3_gate/docker-compose.yml
+++ b/services/s3_gate/docker-compose.yml
@ -1,5 +1,6 @@
 ---
 version: "2.4"
 services:
  s3_gate:
    image: ${S3_GW_IMAGE}:${S3_GW_VERSION}
@ -12,19 +13,12 @@ services:
      internet:
        ipv4_address: ${IPV4_PREFIX}.82
    volumes:
      # Gate wallet
      - ./wallet.json:/wallet.json
      # Custom user wallets
      - ./wallets:/wallets
      # Default user wallet
      - ./../../wallets/wallet.json:/wallets/wallet.json
      - ./tls.key:/tls.key
      - ./tls.crt:/tls.crt
      - ./../../vendor/hosts:/etc/hosts
      - ./cfg:/etc/frostfs/s3
-      - ./issue-creds.sh:/usr/bin/issue-creds.sh
+    stop_signal: SIGKILL
    stop_signal: SIGTERM
    stop_grace_period: 15s
    env_file: [ ".env", ".s3.env", ".int_test.env" ]
    command: [ "frostfs-s3-gw", "--config", "/etc/frostfs/s3/config.yml" ]
    environment:
@ -40,8 +34,6 @@ services:
      - S3_GW_PEERS_2_WEIGHT=0.2
      - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
      - S3_GW_PEERS_3_WEIGHT=0.2
      - AUTHMATE_WALLET_PASSPHRASE=
      - AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
 networks:
  s3_gate_int:
--- a/services/s3_gate/issue-creds.sh
+++ b/services/s3_gate/issue-creds.sh
@ -1,41 +0,0 @@
 #!/bin/bash
 initUser() {
  /bin/frostfs-s3-authmate register-user \
    --wallet $WALLET_PATH \
    --rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
    --username $USERNAME \
    --contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
 }
 issueCreds() {
  /bin/frostfs-s3-authmate issue-secret \
    --wallet $WALLET_PATH \
    --peer s01.frostfs.devenv:8080 \
    --gate-public-key $S3_GATE_PUBLIC_KEY \
    --container-placement-policy "REP 3"
 }
 set -e
 WALLET_PATH=/wallets/$2
 if [[ -z "$2" ]]; then
  WALLET_PATH=/wallets/wallet.json
 fi
 S3_GATE_PUBLIC_KEY=$3
 if [[ -z "$3" ]]; then
  S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
 fi 
 WALLET_CACHE=/data/wallets
 mkdir -p $WALLET_CACHE
 USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
 if [ ! -e $WALLET_CACHE/$USERNAME ]; then
  initUser
 fi
 if [ $1 == "s3" ]; then
  issueCreds
 fi
--- a/services/s3_gate/prepare.mk
+++ b/services/s3_gate/prepare.mk
@ -1,14 +0,0 @@
 .PHONY: s3cred register
 password?=
 contract_password?=s3
 gate_public_key?=
 wallet?=
 # Register wallet & generate S3 credentials
 s3cred:
 	@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
 # Only registers user wallet
 register:
 	@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"
--- a/services/s3_lifecycler/.hosts
+++ b/services/s3_lifecycler/.hosts
@ -1 +0,0 @@
 IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN
--- a/services/s3_lifecycler/cfg/config.yml
+++ b/services/s3_lifecycler/cfg/config.yml
@ -1,42 +0,0 @@
 logger:
  level: debug
 prometheus:
  enabled: true
  address: :9090
 lifecycle:
  job_fetcher_buffer: 1000
  executor_pool_size: 100  
 frostfs:
  stream_timeout: 10s
  connect_timeout: 10s
  healthcheck_timeout: 15s
  rebalance_interval: 60s
  pool_error_threshold: 100
  tree_pool_max_attempts: 4
 credential:
  use: wallets
  source:
    wallets:
      - path: /wallet.json
        address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
        passphrase: "cycle"
      - path: /user-wallet.json
        address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
        passphrase: ""
 morph:
  reconnect_clients_interval: 30s
  dial_timeout: 5s
  contract:
    netmap: netmap.frostfs
    frostfsid: frostfsid.frostfs
    container: container.frostfs
 # Wallet configuration
 wallet:
  path: /wallet.json # Path to wallet
  passphrase: "cycle" # Passphrase to decrypt wallet
--- a/services/s3_lifecycler/docker-compose.yml
+++ b/services/s3_lifecycler/docker-compose.yml
@ -1,38 +0,0 @@
 ---
 version: "2.4"
 services:
  s3_lifecycler:
    image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
    domainname: ${LOCAL_DOMAIN}
    hostname: s3_lifecycler
    container_name: s3_lifecycler
    restart: on-failure
    networks:
      s3_lifecycler_int:
      internet:
        ipv4_address: ${IPV4_PREFIX}.84
    volumes:
      - ./wallet.json:/wallet.json
      - ./../../vendor/hosts:/etc/hosts
      - ./cfg:/etc/frostfs/s3-lifecycler
      - ./../../wallets/wallet.json:/user-wallet.json
    stop_signal: SIGKILL
    env_file: [ ".env", ".int_test.env" ]
    command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
    environment:
      - S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
      - S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
      - S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
      - S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
      - S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
      - S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
      - S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
      - S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
      - S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
 networks:
  s3_lifecycler_int:
  internet:
    external: true
    name: basenet_internet
--- a/services/s3_lifecycler/wallet.json
+++ b/services/s3_lifecycler/wallet.json
@ -1,30 +0,0 @@
 {
  "version": "1.0",
  "accounts": [
    {
      "address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7",
      "key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ",
      "label": "lifecycler",
      "contract": {
        "script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==",
        "parameters": [
          {
            "name": "parameter0",
            "type": "Signature"
          }
        ],
        "deployed": false
      },
      "lock": false,
      "isDefault": false
    }
  ],
  "scrypt": {
    "n": 16384,
    "r": 8,
    "p": 8
  },
  "extra": {
    "Tokens": null
  }
 }
--- a/services/storage/cfg/config.yml
+++ b/services/storage/cfg/config.yml
@ -1,11 +1,6 @@
 # Logger section
 logger:
  level: debug # Minimum enabled logging level
  loki:
    enabled: true
    endpoint: "loki.frostfs.devenv:3100/api/prom/push"
    max_batch_delay: 1s
    max_batch_size: 200
 # Profiler section
 pprof:
@ -32,6 +27,18 @@ morph:
    - address: ws://morph-chain:30333/ws
      priority: 1
 # Common storage node settings
 node:
  attribute_0: "User-Agent:FrostFS/0.34"
  notification:
    enabled: true  # Turn on object notification service
    endpoint: "tls://nats.frostfs.devenv:4222"  # Notification server endpoint
    timeout: "6s"  # Timeout for object notification client connection
    default_topic: "test"  # Default topic for object notifications if not found in object's meta
    certificate: "/etc/frostfs-node/nats.tls.cert"  # Path to TLS certificate
    key: "/etc/frostfs-node/nats.tls.key"  # Path to TLS key
    ca: "/etc/frostfs-node/nats.ca.crt"  # Path to optional CA certificate
 # Tree section
 tree:
  enabled: true
--- a/services/storage/docker-compose.yml
+++ b/services/storage/docker-compose.yml
@ -1,5 +1,6 @@
 ---
 version: "2.4"
 services:
  storage01:
    image: ${NODE_IMAGE}:${NODE_VERSION}
@ -17,10 +18,13 @@ services:
      - storage_s01:/storage
      - ./../../vendor/frostfs-cli:/frostfs-cli
      - ./cli-cfg.yml:/cli-cfg.yml
      - ./healthcheck.sh:/healthcheck.sh
      - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGTERM
+    stop_signal: SIGKILL
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
    command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
    environment:
@ -29,11 +33,10 @@ services:
      - FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
      - FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
      - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
      - FROSTFS_NODE_ATTRIBUTE_2=Price:22
    healthcheck:
-      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
+      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
      timeout: 1s
      retries: 5
@ -55,10 +58,13 @@ services:
      - storage_s02:/storage
      - ./../../vendor/frostfs-cli:/frostfs-cli
      - ./cli-cfg.yml:/cli-cfg.yml
      - ./healthcheck.sh:/healthcheck.sh
      - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGTERM
+    stop_signal: SIGKILL
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
    command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
    environment:
@ -67,11 +73,10 @@ services:
      - FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
      - FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
      - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
      - FROSTFS_NODE_ATTRIBUTE_2=Price:33
    healthcheck:
-      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
+      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
      timeout: 1s
      retries: 5
@ -93,10 +98,13 @@ services:
      - storage_s03:/storage
      - ./../../vendor/frostfs-cli:/frostfs-cli
      - ./cli-cfg.yml:/cli-cfg.yml
      - ./healthcheck.sh:/healthcheck.sh
      - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGTERM
+    stop_signal: SIGKILL
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
    command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
    environment:
@ -105,11 +113,10 @@ services:
      - FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
      - FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
      - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
      - FROSTFS_NODE_ATTRIBUTE_2=Price:11
    healthcheck:
-      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
+      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
      timeout: 1s
      retries: 5
@ -131,11 +138,14 @@ services:
      - storage_s04:/storage
      - ./../../vendor/frostfs-cli:/frostfs-cli
      - ./cli-cfg.yml:/cli-cfg.yml
      - ./healthcheck.sh:/healthcheck.sh
      - ./s04tls.crt:/tls.crt
      - ./s04tls.key:/tls.key
      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
      - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGTERM
+    stop_signal: SIGKILL
    stop_grace_period: 15s
    env_file: [ ".env", ".storage.env", ".int_test.env" ]
    command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
    environment:
@ -149,11 +159,10 @@ services:
      - FROSTFS_GRPC_1_TLS_ENABLED=true
      - FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
      - FROSTFS_GRPC_1_TLS_KEY=/tls.key
      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
      - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
      - FROSTFS_NODE_ATTRIBUTE_2=Price:44
    healthcheck:
-      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
+      test: ["CMD-SHELL", "/healthcheck.sh"]
      interval: 2s
      timeout: 1s
      retries: 5
--- a/services/storage/healthcheck.sh
+++ b/services/storage/healthcheck.sh
@ -0,0 +1,5 @@
 #!/bin/sh
 /frostfs-cli control healthcheck -c /cli-cfg.yml \
 	--endpoint "$FROSTFS_CONTROL_GRPC_ENDPOINT" |
 	grep "Health status: READY"
`@ -1,2 +1 @@`
	`IPV4_PREFIX.122 grafana.LOCAL_DOMAIN`	`IPV4_PREFIX.122 grafana.LOCAL_DOMAIN`
	`IPV4_PREFIX.123 loki.LOCAL_DOMAIN`
`@ -1 +1,3 @@`
		`FROSTFS_IR_CONTRACTS_FROSTFSID=27407c76feabc407908f3d09a3d845d45e7c981a`

	`FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512`	`FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512`