TrueCloudLab/frostfs-dev-env
42
0
Fork 18
Code Issues 15 Pull requests 1 Releases Activity Actions

Compare commits

base: TrueCloudLab:master
Branches Tags
TrueCloudLab:master
TrueCloudLab:feat/fidsubj_makefile
TrueCloudLab:nightly
TrueCloudLab:wallet-connect
fyrchik:try-mtls
fyrchik:pyroscope
fyrchik:dco
fyrchik:master
fyrchik:nightly
fyrchik:wallet-connect
..
compare: fyrchik:try-mtls
Branches Tags
fyrchik:try-mtls
fyrchik:pyroscope
fyrchik:dco
fyrchik:master
fyrchik:nightly
fyrchik:wallet-connect
TrueCloudLab:master
TrueCloudLab:feat/fidsubj_makefile
TrueCloudLab:nightly
TrueCloudLab:wallet-connect

2 commits
master ... try-mtls

Author SHA1 Message Date
Evgenii Stratonikov
145b65222c WIP 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-06-11 15:48:41 +03:00
Evgenii Stratonikov
70e10c509b wip: mTLS 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
 2024-06-10 15:57:25 +03:00
77 changed files with 963 additions and 330 deletions
Show stats Expand all files Collapse all files

1
.basic_services
View file

@ -1,4 +1,5 @@
# Services start/stop order # Services start/stop order
# Will start from top to bottom and stop in reverse # Will start from top to bottom and stop in reverse
nats
ir ir
storage storage

1
.dockerignore
View file

@ -1,4 +1,5 @@
.docker .docker
.github
.forgejo .forgejo
vendor vendor
tmp tmp

44
.env
View file

@ -8,45 +8,49 @@ BASTION_VERSION=10
BASTION_IMAGE=debian BASTION_IMAGE=debian
# NeoGo privnet # NeoGo privnet
NEOGO_VERSION=0.106.3 NEOGO_VERSION=0.106.1-pre-4-g39c65ab5
NEOGO_IMAGE=nspccdev/neo-go NEOGO_IMAGE=nspccdev/neo-go
# FrostFS InnerRing nodes # FrostFS InnerRing nodes
IR_VERSION=0.45.0-rc.6 IR_VERSION=0.40.0-17-ge15b545f-dirty
IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir IR_IMAGE=truecloudlab/frostfs-dirty-ir
# FrostFS Storage nodes # FrostFS Storage nodes
NODE_VERSION=0.45.0-rc.6 NODE_VERSION=0.40.0-17-ge15b545f-dirty
NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage NODE_IMAGE=truecloudlab/frostfs-dirty-storage
# NATS Server
NATS_VERSION=2.7.2
NATS_IMAGE=nats
# HTTP Gate # HTTP Gate
HTTP_GW_VERSION=0.33.0-rc.3 HTTP_GW_VERSION=0.28.0-rc.1-15-g5ae75eb9
HTTP_GW_IMAGE=git.frostfs.info/truecloudlab/frostfs-http-gw HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
# REST Gate
REST_GW_VERSION=c9c85e90
REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
# S3 Gate # S3 Gate
S3_GW_VERSION=0.33.0-rc.3 S3_GW_VERSION=0.28.0-rc.1-51-g9272f4e1
S3_GW_IMAGE=git.frostfs.info/truecloudlab/frostfs-s3-gw S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
# Lifecycler
S3_LIFECYCLER_VERSION=0.1.3
S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
# FrostFS LOCODE database # FrostFS LOCODE database
LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54 LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
#LOCODE_DB_PATH=/path/to/locode_db #LOCODE_DB_PATH=/path/to/locode_db
# FrostFS CLI binary # FrostFS CLI binary
FROSTFS_CLI_VERSION=0.45.0-rc.6 FROSTFS_CLI_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/BtA6zWLtoDuDnzxSNkKPjyN5hGuSZFxGuJD1gh8kBwkP
FROSTFS_CLI_IMAGE=git.frostfs.info/truecloudlab/frostfs-cli FROSTFS_CLI_PATH=/repo/frostfs/node/bin/frostfs-cli
#FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary
# FrostFS ADM tool binary # FrostFS ADM tool binary
FROSTFS_ADM_VERSION=0.45.0-rc.6 FROSTFS_ADM_VERSION=498f9955ea
FROSTFS_ADM_IMAGE=git.frostfs.info/truecloudlab/frostfs-adm FROSTFS_ADM_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/CjV4S6ENzo2FLK4KxXZHHNW4veR1ATtynGY6Mc1xQ6RB
#FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary FROSTFS_ADM_PATH=/repo/frostfs/node/bin/frostfs-adm
# Compiled FrostFS Smart Contracts # Compiled FrostFS Smart Contracts
FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.21.1/frostfs-contract-v0.21.1.tar.gz FROSTFS_CONTRACTS_VERSION=694daebb19
FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.19.2/frostfs-contract-v0.19.2.tar.gz
#FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir #FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir
# Jaeger tracing # Jaeger tracing

1
.github/CODEOWNERS vendored Normal file
View file

@ -0,0 +1 @@
* @alexvanin @fyrchik

0
.forgejo/ISSUE_TEMPLATE/bug_report.md → .github/ISSUE_TEMPLATE/bug_report.md vendored
View file

0
.forgejo/ISSUE_TEMPLATE/config.yml → .github/ISSUE_TEMPLATE/config.yml vendored
View file

0
.forgejo/ISSUE_TEMPLATE/feature_request.md → .github/ISSUE_TEMPLATE/feature_request.md vendored
View file

0
.forgejo/logo.svg → .github/logo.svg vendored
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.5 KiB

After

Width:  |  Height:  |  Size: 5.5 KiB

1
.gitignore vendored
View file

@ -15,3 +15,4 @@ sites/*
# Runtime generation keys # Runtime generation keys
services/storage/*tls.crt services/storage/*tls.crt
services/storage/*tls.key services/storage/*tls.key
services/nats/*.pem

2
.services
View file

@ -2,4 +2,4 @@
# Will start from top to bottom and stop in reverse # Will start from top to bottom and stop in reverse
http_gate http_gate
s3_gate s3_gate
s3_lifecycler rest_gate

3
CODEOWNERS
View file

@ -1,3 +0,0 @@
.* @alexvanin @fyrchik
.forgejo/.* @potyarkin
Makefile @potyarkin

56
Makefile
View file

@ -58,7 +58,7 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
# Start environment # Start environment
.PHONY: up .PHONY: up
up: up/basic up/pre-services up: up/basic
@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
@echo "Full FrostFS Developer Environment is ready" @echo "Full FrostFS Developer Environment is ready"
@ -72,8 +72,6 @@ up/basic: up/bootstrap
# Start bootstrap services # Start bootstrap services
.PHONY: up/bootstrap .PHONY: up/bootstrap
up/bootstrap: STORAGE_WALLETS = $(wildcard ./services/storage/wallet*.json)
up/bootstrap: STORAGE_ACCOUNTS = $(foreach wallet,$(STORAGE_WALLETS),$(shell docker container exec morph_chain neo-go wallet dump-keys -w /wallets/storage/$(notdir $(wallet)) | head -1 | awk '{print $$1}' ))
up/bootstrap: get vendor/hosts up/bootstrap: get vendor/hosts
@$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
@source ./bin/helper.sh @source ./bin/helper.sh
@ -82,48 +80,12 @@ up/bootstrap: get vendor/hosts
@./vendor/frostfs-adm --config frostfs-adm.yml morph \ @./vendor/frostfs-adm --config frostfs-adm.yml morph \
ape add-rule-chain --target-type namespace --target-name "" \ ape add-rule-chain --target-type namespace --target-name "" \
--rule 'allow Container.* *' --chain-id "allow_container_ops" --rule 'allow Container.* *' --chain-id "allow_container_ops"
@for f in ./services/storage/wallet*.json; do \
echo -e "Transfer GAS to storage wallets: $(foreach wallet,$(STORAGE_WALLETS),\n\t$(wallet))" echo "Transfer GAS to wallet $${f}" \
./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas \ && ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \
$(foreach wallet,$(STORAGE_WALLETS),--storage-wallet $(wallet)) \ || die "Failed to transfer GAS to alphabet wallets"; \
--gas 10.0 \ done
|| die "Failed to transfer GAS to alphabet wallets" @echo "FrostFS sidechain environment is deployed"
echo -e "Register storage accounts in proxy contract: $(foreach account,$(STORAGE_ACCOUNTS),\n\t$(account))"
./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml \
$(foreach account,$(STORAGE_ACCOUNTS),--account=$(account)) \
|| die "Couldn't set storage allet as proxy wallet"
@echo "Create frostfsid subject for ./wallets/wallet.json"; \
if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \
echo "Subject already exists"; \
else \
subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \
&& echo "Subject key: $${subj_key}" \
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \
|| die "Failed to create subject for the wallet"; \
fi
echo "FrostFS sidechain environment is deployed"
# Prepare to start services
.PHONY: up/pre-services
up/pre-services:
@source ./bin/helper.sh
@echo "Prepare storage for services"; \
if [ -z "$$(./vendor/frostfs-cli -c cli-cfg.yml container list)" ]; then \
subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/system-wallet.json | tail -1 | tr -d ' \r\n'` \
&& echo "Subject key: $${subj_key}" \
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name system \
|| die "Failed to create subject for system wallet"; \
proxy_acc=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | cut -d" " -f1` \
&& echo "Proxy acc: $${proxy_acc}" \
&& ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=$${proxy_acc} || die "Failed to register S3 gateway as proxy acc"; \
cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "cors" --nns-zone "container" --await | grep CID | cut -d" " -f2` \
&& echo "CORS Container: $${cid}" \
&& ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create CORS container"; \
cid=`./vendor/frostfs-cli -c cli-cfg.yml container create -p "REP 4" --nns-name "mfa" --nns-zone "container" --await | grep CID | cut -d" " -f2` \
&& echo "MFA Container: $${cid}" \
&& ./vendor/frostfs-cli -c cli-cfg.yml ape-manager add --target-type container --target-name $${cid} --rule "allow Object.* *" || die "Failed to create MFA container"
fi
@echo "Storage is prepared";
# Build up certain service # Build up certain service
.PHONY: up/% .PHONY: up/%
@ -178,14 +140,14 @@ hosts: vendor/hosts
.PHONY: clean .PHONY: clean
.ONESHELL: .ONESHELL:
clean: clean:
@rm -rf vendor/* services/storage/s04tls.* @rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
@> .int_test.env @> .int_test.env
@for svc in $(PULL_SVCS) @for svc in $(PULL_SVCS)
do do
vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes` vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes`
if [[ ! -z "$${vols}" ]]; then if [[ ! -z "$${vols}" ]]; then
for vol in $${vols}; do for vol in $${vols}; do
docker volume rm -f "$${svc}_$${vol}" docker volume rm -f "$${svc}_$${vol}" 2> /dev/null
done done
fi fi
done done

62
README.md
View file

@ -1,5 +1,5 @@
<p align="center"> <p align="center">
<img src="./.forgejo/logo.svg" width="500px" alt="FrostFS logo"> <img src="./.github/logo.svg" width="500px" alt="FrostFS logo">
</p> </p>
<p align="center"> <p align="center">
<a href="https://frostfs.info">FrostFS</a> local Development and Testing environment <a href="https://frostfs.info">FrostFS</a> local Development and Testing environment
@ -137,66 +137,6 @@ Display addresses and host names for each running service, if available.
Clean up `vendor` directory. Clean up `vendor` directory.
### s3cred
Registers user wallet and issues s3 credentials.
Usage and default parameter values:
```sh
make s3cred [password=""] [contract_password=s3] [wallet=""] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
```
As soon as the storage node is in the network map (see above) you can generate S3
credentials:
``` sh
$ make s3cred
{
"access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
"secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
"owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
"wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
"container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
}
```
Running without any parameters results in defaults which are based on the private key from
`/wallets/wallet.json` user wallet and `/wallet.json` contract wallet.
If `wallet` parameter is set, gate searches custom user wallet file in `/wallets` directory.
Now let's configure an S3 client (AWS CLI will be used as example):
``` sh
$ aws configure
AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
Default region name []: us-east-1
Default output format []: json
```
If you need to create credentials for different users, put user wallet to `wallets` dir and specify it via `wallet` parameter.
Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
```sh
$ make s3cred wallet=custom_wallet.json password=test
{
"access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
"secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
"owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
"wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
"container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
}
```
To get credentials from custom wallet, place it in `wallets` dir before start.
### cred
Usage and default parameter values:
```sh
make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
```
The same as `s3cred`, but it doesn't issues s3 credentials.
## Contributing ## Contributing
Feel free to contribute to this project after reading the [contributing Feel free to contribute to this project after reading the [contributing

3
cli-cfg.yml
View file

@ -1,3 +0,0 @@
wallet: ./wallets/system-wallet.json
password: ""
rpc-endpoint: s01.frostfs.devenv:8080

6
docs/http_gate.md
View file

@ -22,8 +22,8 @@ Image label prefix to use for containers.
- Create a new container - Create a new container
``` ```
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
--wallet wallets/wallet.key \ --key wallets/wallet.key \
container create --basic-acl private --await \ container create --basic-acl readonly --await \
--policy "REP 1 SELECT 1 FROM *" --policy "REP 1 SELECT 1 FROM *"
container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
awaiting... awaiting...
@ -33,7 +33,7 @@ container has been persisted on sidechain
- Put an object into the newly created container - Put an object into the newly created container
``` ```
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
--wallet wallets/wallet.key \ --key wallets/wallet.key \
object put --file /tmp/backup.jpeg \ object put --file /tmp/backup.jpeg \
--cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP --cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
[/tmp/backup.jpeg] Object successfully stored [/tmp/backup.jpeg] Object successfully stored

8
docs/morph.md
View file

@ -4,15 +4,13 @@ A single-node N3 privnet deployment, running on
Contracts deployed: Contracts deployed:
- Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet) - Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet)
- Audit [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/audit)
- Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance) - Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance)
- Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container) - Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container)
- FrostFS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfs)
- FrostFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfsid)
- NNS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/nns)
- Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap) - Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap)
- Policy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/policy) - NeoFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/neofsid)
- Processing [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/processing)
- Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy) - Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy)
- Reputation [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/reputation)
RPC available at `http://morph-chain.frostfs.devenv:30333`. RPC available at `http://morph-chain.frostfs.devenv:30333`.

7
frostfs-adm.yml
View file

@ -1,4 +1,9 @@
rpc-endpoint: http://morph-chain.frostfs.devenv:30333 rpc-endpoint: https://192.168.130.90:30333
tls:
root_cas:
- ./mtls/CA1_cert.pem
certificate: ./mtls/peerCA2_IR_cert.pem
key: ./mtls/peerCA2_IR_key.pem
alphabet-wallets: ./services/ir alphabet-wallets: ./services/ir
network: network:
max_object_size: 67108864 max_object_size: 67108864

12
mtls/CA.cnf Normal file
View file

@ -0,0 +1,12 @@
[ req ]
prompt = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
C = US
ST = Localzone
L = localhost
O = Neo Go Testing Certificate Authority
OU = Develop
CN = localdomain
emailAddress = root@localhost.localdomain

25
mtls/CA1_cert.pem Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgIUQXbR0CjHcyf5y4N9aSw++jijH6gwDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjkwNjEwMDgyNzQ4WjCBtzELMAkGA1UEBhMCVVMxEjAQ
BgNVBAgMCUxvY2Fsem9uZTESMBAGA1UEBwwJbG9jYWxob3N0MS0wKwYDVQQKDCRO
ZW8gR28gVGVzdGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAsMB0Rl
dmVsb3AxFDASBgNVBAMMC2xvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290
QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAJ5Kzcp7qw74MqSktDnl3ITFCOJjoFw/lwqv5ktG8pw0pV46cYhIB39e
lPJX7Po8Wi4v+P83LeMgIa0L7rvJmJyQpgdgsqKkFGYuTJJxlDsgYvcJOUK6tA4G
X0/uj4Yq+iaO9HBiU3rD9SvnbXLNRAefxBWqucbjEoP5TYL2E20+gLtb5XCG2TH7
rR0fvDoIQJ8BFpDd/D3GqEupzZ0pEC3x2zRFZ4MRFV64EFoO/CeymTUUBM3+vPTe
D1kqP6FE+lww8aEg1Y6Q5+Il9nDY/BUvwUYugRxYj4Cgh+ZlmrVYShexz+0NpVHh
VFn/B7vBuQrSWBVlMAVkLeU4t7Oy0C8CAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd
BgNVHQ4EFgQUGCmiSSj3ZXOraieVqDfYH7thN3IwDQYJKoZIhvcNAQELBQADggEB
ABO9eWnrdihGe2Pe0AmO8jCCC1u8dD0h2dX4y+A1bL+0Wocvl9aZqxs1OkhHKese
Eg16Uz2Vx95O5h9zMcH+0sazVADmLSUUzAlVE3cWVjPx5wOBBE2ym/nMqwoS1G06
IUz561WTLInh1zcAVyifdnFpdPKBBNB7iH9zmiZwxXa5XP6JL4qdUNrw7rGfADON
zCWorz0JrURC5nWj47rxUWoyFlT728Whzo5kl6Ynd4/yuwvcRKuCK7+eNIIks2Dd
VbgbnROjSeXG0MKyWa41H4/4gY0TW8QTbXX458gzTfsp9sy82Ih6cbOnDUGaab3K
+OkGsYmEUC5xVYX5e1e4CPg=
-----END CERTIFICATE-----

1
mtls/CA1_cert.srl Normal file
View file

@ -0,0 +1 @@
28484A1BD594A9F1C28B5F1E4D45010D923E9D1B

28
mtls/CA1_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCeSs3Ke6sO+DKk
pLQ55dyExQjiY6BcP5cKr+ZLRvKcNKVeOnGISAd/XpTyV+z6PFouL/j/Ny3jICGt
C+67yZickKYHYLKipBRmLkyScZQ7IGL3CTlCurQOBl9P7o+GKvomjvRwYlN6w/Ur
521yzUQHn8QVqrnG4xKD+U2C9hNtPoC7W+Vwhtkx+60dH7w6CECfARaQ3fw9xqhL
qc2dKRAt8ds0RWeDERVeuBBaDvwnspk1FATN/rz03g9ZKj+hRPpcMPGhINWOkOfi
JfZw2PwVL8FGLoEcWI+AoIfmZZq1WEoXsc/tDaVR4VRZ/we7wbkK0lgVZTAFZC3l
OLezstAvAgMBAAECgf8nUOn+VHq38jJ8gHjAJyW3lg069ZzMOh5i5tDcIBqGQXqG
lZmp4i2jJAaWHmxgN9V/feGAJNCL3f7Wt7XfLRppluGZolgy4a1nmtOoeUjOq3TW
iWE47RovpkZRHYvyobPXoXhA+xhjUveMG9ATgbAyDx8PI2s/tl71rVP9a2xVGYI8
0KgXRYu/RIk3J2IhffIDGeDZe8oqV6E1Ch3x0yAy4xM6t2raqW4lxygZIT83AgaA
fzu5bRdWDHc2SPXMZq8Gg9HT1FEE57VH4EsaiK7mcg5NKAeeyAriqzKPKb9YVboj
y9Yx8dL5F+v14lx+5r5uWVzZ05Q+1U7xzRKQNrECgYEAyxHfrKmrUVoApaQIsv/N
Szwo9pkU/GC2ogDMduN0L90aaGlPb+vt5szkO5bw5vCt+Pk+Xni8S5q+D7iW1wtK
BqTy0YLrGPh7WVfS8axVtAvN8xXwUl2cVM3+4m++JUHpeEGmHzP/tCarqZciwY8G
mHbtzYx4tIYgnFS5klGE22cCgYEAx40UQ6mWyC9wacl8UlGDnL8oseQpaJSNdi9s
rZh0w7558THsyLYksCvxvB9Zej8f11Tuk91bcLzv/hYjwKCapLefFKAQoLgNU3Z+
LCC6WCkrreskM6uo3hB99iXCzKqVOAOQcv3jJiJPn0BaJNRHLH7+zfoSIN29Kl7C
1VvSr/kCgYAP+E3g5E8GzM80N5w/h4J7ojWOfyd5WZnDT9DEoMqoYPkMsQuAP8ur
1P01+n7jipYD+IYBI/ma8IZ18gxayRZ/Q0WdWHBovFHnCtMaEnWC/VKrBVSrBZWf
zbt3z1Xi1DYqMO+BkLNRVaE2ax5enoLkRqYY/i0X9VxnLvqRGTwbjQKBgQCdcyVw
FdmQ7k1mSsI7OXH9NZ9obTx29e+ANv8rIcXPxPT2aIwJ+h2Mm7/KzXmOSUxYXP05
0kiZ9ZnvA40GKjKakP+GCJ3WEiMBndcD/nbJpQJ/4a7YzjMZtC2PEFBZqKbAYZ+R
+91Ec4Ibh20Y7h2ScEmgQBYZtJvTWJ2mNyNQEQKBgBvDhoxafVAcVaZsIBVNfJ9e
E5Oc3NSRplP8Q4L3CamLlvf28KYg4nrqvYeHkZ6JWq6VwBXv9F3g1fxn47tMWnBG
GIY0UJnKtny58Jb6MrPp7YKboMxpigIFbsFZJI7ruh0g69W6oIqBIXDgcvlkAZT6
Ianf60mgQzKmhNHHTZoW
-----END PRIVATE KEY-----

25
mtls/CA2_cert.pem Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgIUFU/P6uIwPnuxXA2smt/gcj2kF20wDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjkwNjEwMDgyNzQ4WjCBtzELMAkGA1UEBhMCVVMxEjAQ
BgNVBAgMCUxvY2Fsem9uZTESMBAGA1UEBwwJbG9jYWxob3N0MS0wKwYDVQQKDCRO
ZW8gR28gVGVzdGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAsMB0Rl
dmVsb3AxFDASBgNVBAMMC2xvY2FsZG9tYWluMSkwJwYJKoZIhvcNAQkBFhpyb290
QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALt25FN+ON6BC+Zoq/YKHtZNUpGDdbrubku+dVvJZqBKgonhvd9f5x5T
4urQTyebHHZt0J7v9iVZ0e8C4+ddReG2R/D0L1b5EKSJps7fnXRiTZ6zyheT5tXF
PjobCqdz1+tFDjs1ARCgOIpgT1/LCnGJAp95uNa63DFJVcLSwCk8XwrHWIKJpBla
LdtlBXAv6O3AqIoO1PB816aYO4kvepnoG2gj18VWzxrUA1T4d73kKE4qpEiD9+sP
xrf/ouBKXepgvvVzyH2ST+tfbc80mWdH1L9bmCOhuIr7Td/3x8CgyL6mqpp5Juul
9oW/4zR60uwO8jt2+mSAvxCnQ/rHyOkCAwEAAaMvMC0wDAYDVR0TBAUwAwEB/zAd
BgNVHQ4EFgQUdQ8u1e/E+11t2azBZbzCKYSCF3AwDQYJKoZIhvcNAQELBQADggEB
AECiiXbIIGOLYVN99VXjnIkV48GkNTpzzgM9k4tWn81rDmkJROrrevWLv+LyD/N7
hBWFwDE6C6gdlYuUc3w8SV6SrtjSqEJnKxW4ACLi7gceuToKXSJ3h9BR+0Xij1OV
7biasJs63K2ASaGl/1gxrtHMMMaRYs58/6EOvPrY7f4CdcJOaeypOllSs0Xls323
HTemYYyQJMHX0J1puUjipCw39ZpTcdB6OPscidvjJp9f3nfwbO4h9+eNlnvOv8L6
p3gyITdDnSNZzVAXxbrEy5dLPZBwuZ1iFiLw5jeTTModRry+bXPzaTlLt711ULu/
f9s6LUwv0bh6hwr0Ttq0saM=
-----END CERTIFICATE-----

1
mtls/CA2_cert.srl Normal file
View file

@ -0,0 +1 @@
2A340296D6CDD0E6A8F678126AC75B1DA2019AE2

28
mtls/CA2_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7duRTfjjegQvm
aKv2Ch7WTVKRg3W67m5LvnVbyWagSoKJ4b3fX+ceU+Lq0E8nmxx2bdCe7/YlWdHv
AuPnXUXhtkfw9C9W+RCkiabO3510Yk2es8oXk+bVxT46Gwqnc9frRQ47NQEQoDiK
YE9fywpxiQKfebjWutwxSVXC0sApPF8Kx1iCiaQZWi3bZQVwL+jtwKiKDtTwfNem
mDuJL3qZ6BtoI9fFVs8a1ANU+He95ChOKqRIg/frD8a3/6LgSl3qYL71c8h9kk/r
X23PNJlnR9S/W5gjobiK+03f98fAoMi+pqqaeSbrpfaFv+M0etLsDvI7dvpkgL8Q
p0P6x8jpAgMBAAECggEADiuHFML5iRZ+D/uHf0CPYvZTSgm2A3Xaw0G+EAl7bWnu
AuToyKxKHwiLCK7LdoK+AwgUxeUwWO04j8JLK2wce43SU39Rq/EfQrpFvP6gIaT9
ZjdqDKAyyaPWkU1r+Vf2hHBWCnNDBYuzpzOieR4y4UqDw6Q1+ZBqua40zyL5DX5c
9Mp0bXFsN+RVDh+K/9vbL+7vZaqZfe0wQDX1HbwP+u0vcDZjWS6QN09BGoJJr/PL
SoovlVuEsDxoBIadGYtzGlRcLa6k03CI/jYFMKHOnyGFu87bNA8lPy9OCmJOaLgL
Sb5aMkVoVFDZaOPtnxOTk9FRltXn1gWwyzVMJs7dRQKBgQDo/f2S58Mk4Rjudr4U
ds6uamTOazMKlsTuMn0KeiOw3iWIYtrj7DxTRFhK0GR8dAksQCRHkDcQzbofzt0B
/Qtx0bqEp7nLOLxjz/xf5i/h8394imR9IKpr02OvDjpGJ2itl2A3ADpsvrFR38ND
z+CuyZ6RnPw0uYQqHmLWmgxNTwKBgQDN+fd21SsZe0MxhSL98fIZUOenUkxrJMac
NL/JysKwfqXlJYpra8dyzQMoD3zUjIktRp45xKgJ8pUBfphmcUytJNJAW6hZ9A4t
PnxQco2WPLfPSTPjVApSZRttfmMfZk3CMkfJt3k/L+cBD6umBzNHi1Q5ISV62luo
Qh//J5YoRwKBgGjyf1W8r1ndSq2fLt9o5JALvHx+LO+IGgxxEYG2onz4k09rt80S
i9m1309Tru+gFMGp4q2ZeDRJdpz9QO+0W4NZRPqb0kSHudP7y2Im/Up5s+FH9Run
qxwGi9A+SGFxPuVyWhRsNeTlwFlwwTO6XypcBuDwJWpaZf3S0hJ4MTJhAoGACxNZ
3yXvP1uFbXA/RXBxGDNlgXXHbit4EoYzmeIxPdRRj1TJcKVHAEFN3iWXDMbRyYF2
mJyefIpywLXR9BA7k0PbmmJTVyLscDpf7ON8AYwaRiclhx/Jvkx5gRW+tr2FiN+z
RIF9H4yv2zrAfBj/BOXVDY1eupBrRUzo84tpY5kCgYACptkwcJoaBvJdsql0iH7a
0iCc+xO6rie1CRmcD/HzlWEYrsxDjmI1fdF/k52NPmgqBda38jq3ikkWe42/de0p
GfR+fasq+K5h5FNEqudPW1POi3WG5m4MXljuRt/BXLHvXsnPHwK1vkpUNzViAkjf
XCskokPNc8SDzPWgXd+VlA==
-----END PRIVATE KEY-----

39
mtls/generate Executable file
View file

@ -0,0 +1,39 @@
#!/bin/bash
outdir="${1:-./out}"
genca() {
local name="$1"
echo "Generating $name ..."
openssl req -nodes -new -x509 \
-keyout "${name}_key.pem" \
-out "${name}_cert.pem" \
-addext basicConstraints=CA:TRUE \
-days 1825 -config CA.cnf
}
gencert() {
local ca="$1"
local i="$2"
openssl req -sha256 -nodes -newkey rsa:2048 \
-keyout "peer${ca}_${i}_key.pem" \
-out "peer${i}.csr" -config "peer${i}.cnf"
openssl x509 -req -days 398 -in "peer${i}.csr" \
-CA "${ca}_cert.pem" \
-CAkey "${ca}_key.pem" \
-CAcreateserial -out "peer${ca}_${i}_cert.pem" \
-extensions req_ext \
-extfile "peer${i}.cnf"
rm "peer${i}.csr"
}
genca CA1
genca CA2
gencert CA1 X
gencert CA2 1
gencert CA2 2
gencert CA2 3
gencert CA2 4
gencert CA2 IR

23
mtls/peer1.cnf Normal file
View file

@ -0,0 +1,23 @@
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Certificate signed by my CA
commonName = peer1.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = node_one
IP.1 = 192.168.130.71

23
mtls/peer2.cnf Normal file
View file

@ -0,0 +1,23 @@
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Certificate signed by my CA
commonName = peer2.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = node_two
IP.1 = 192.168.130.72

23
mtls/peer3.cnf Normal file
View file

@ -0,0 +1,23 @@
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Certificate signed by my CA
commonName = peer3.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = node_three
IP.1 = 192.168.130.73

23
mtls/peer4.cnf Normal file
View file

@ -0,0 +1,23 @@
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Certificate signed by my CA
commonName = peer4.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = node_four
IP.1 = 192.168.130.74

24
mtls/peerCA1_1_cert.pem Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEGjCCAwKgAwIBAgIUKEhKG9WUqfHCi18eTUUBDZI+nRYwDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjEwMTI0NjE2WhcNMjUwNzEzMTI0NjE2WjB3MQswCQYDVQQGEwJVUzESMBAG
A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl
cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk
b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDbW864Uy2nmSe
pIcZw5TuPmA9t144D9t6h32E4PXdah1xon+HPszrHtPr4VHaILK+rJEdzWNa6069
0gQgezUaI9Br39JbfB89dh/o7ncGB1tz/Q0C86Cj9EGGsPeL45xd+RSD0sbB5xYi
fQqkvBHqNPmwJ1fIjIicEtQNtQmrBsBeCxLqhCzvVvqcHTclii5lG5nTRH8PzrFH
+K6S+l+GG3F4MCz/A4p7HvpkV0hXeo+VndL6TRUhIOUaB25PNW7HimAdIZaBpDpK
IPx0KVCpiAk5wIS03sDxjiqnzwdyfj6qOEs1vLFsAq6RCCBtGhNMx3P6WpnTzhTq
T/d/oDtRAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJHMB0GA1Ud
DgQWBBRp+mk7AmDNXGTHWPzJ4LHviCIjcjAfBgNVHSMEGDAWgBTpBvlB4aszHPUK
jjsgWQNvcqAOeTANBgkqhkiG9w0BAQsFAAOCAQEAgBmp8qGsD5sDj8uZpDY1y4R/
ne9xgesQejcESgxK2PoBk+iB4NSCIahMKI29q5M36C6xq4Zzj9mAETDdQgv8eJJU
DHkFY1PKsULs3W5ODF4aufNogtm68mzqVQHW+qt/GdZj0BlIui6+G6uxFaRUjzry
wl/7GXNFms8NiGRDmx0XdZHhA4aD3pprJVLNYEuZUH9N2Q4sUqxwjizh9qj5e5Vu
XpnO6TqZvFJQMs61IYzlSWXpmBpDSjbTnm7+2C1RLRpidEhTtC1N8SRghc4n6yXg
DnME009cIO9XwyAiFPrTheBZlgFJ+Z+aqTBGh0nG2AAbV6/2xh3rZMGA6QWHRw==
-----END CERTIFICATE-----

28
mtls/peerCA1_1_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDDbW864Uy2nmSe
pIcZw5TuPmA9t144D9t6h32E4PXdah1xon+HPszrHtPr4VHaILK+rJEdzWNa6069
0gQgezUaI9Br39JbfB89dh/o7ncGB1tz/Q0C86Cj9EGGsPeL45xd+RSD0sbB5xYi
fQqkvBHqNPmwJ1fIjIicEtQNtQmrBsBeCxLqhCzvVvqcHTclii5lG5nTRH8PzrFH
+K6S+l+GG3F4MCz/A4p7HvpkV0hXeo+VndL6TRUhIOUaB25PNW7HimAdIZaBpDpK
IPx0KVCpiAk5wIS03sDxjiqnzwdyfj6qOEs1vLFsAq6RCCBtGhNMx3P6WpnTzhTq
T/d/oDtRAgMBAAECggEAJnFDwNmaYU8BnIphUBJe3Mm03VcRh+Yopq755DZrbvFl
ltmgC/7wyOyAxAUH+KhXePYRusLRAUzJ6cGjEa+i18BFSr8Vzmy5aXnv1353N96h
IQ0dbt/1UOMms6Pioig1NXAelrrS4cg/HKwruJGNVZyzpDDtDfSFF+yFPagH3ZYn
laZJ/ZTiGu30ezu48QDEIzC4CKKaFIoBCpcG5kyQUx4aZInXjTDnDzjzm8+OnaKE
9pQ6ILBDprjjFhbH+gphfo32Dmt9lbZ26s7ZsmjMChgIwIyUHliu+xDPJeFAcWMl
/yNchDupx/jKVoj4I2YrICJwZLtJy6tPxdUGPsPPpQKBgQDo5v8nuS0NJm20aA1Q
YNJWkG9ziRJ+XdYJw7fe2lSkZYhsG1J+MC0FLS0xAsZzo1i7kBETEFBm0Tf+D1DZ
81Heo0Brh11qdMDhe+ENaLoswML1adbNJnDq6MW+clZcpgPKchSSEDeX9MFUL+x4
yHsLZyT1lWd+PcC2rPE7TD61vQKBgQDWzwN3bNYdeuYytFGWTPt0pIFuaSkghO61
g6+VJkwSOCbYnFddJIZSEbiPapZ3iaEMoQL7qE9Z/egkTFmxqtxW0aWruD5ETWyr
gyrmQeimewKW7PkZMWjmYI7Uy6CGaCVL9QiMxxfaLoe3rJDlYM+m3xXceLlpKTNI
Uu34zjXDJQKBgQCw5hNTprDzVgbpikbikEfy/A3LIYfsd3WFQSU9nXPA0mXGRxJn
SkxHrEKxATyexKk2/XwakL+g+LSgwh1VDh1XD4R0qAJqQ3flTGRp/Ou75kWuhc9j
TxlhM6BOwSWbhXVHpVK+hpbTUlItkaD5NL1Qse0+o1ZSarEfj0hDE+xluQKBgQCH
jSLW3etPtxpErN0/R1z2gkja76lwR/KKwIqwR/aBGMYKsr2+nSnV6DDa75v72vGy
EnjbbZ6FX2B6Z2PCZdudPbaZ4i4I1ALbSG5t1vGE/OLpcqjOaQuVNSFszwKBTn8a
q4m1rH00xWAHW/IjjS/8UZJuChCWd9VQsmRROW9bsQKBgQDnEaDlfDB9C42Ep3G5
tHfSaEsrrwyX619yDiJ52VKlzC48nDHn15Rq7iw9GTwAd5ILH+ii/uvzusAHOYyx
AIlvtD/3Qkoc6PjQY2nCfCtWggVWcg2BK7sPpjK0hEjqbERbJgYshoNOsCL+K+zc
oqDoG/GSG3nY9OSYNN6zq3m6lw==
-----END PRIVATE KEY-----

25
mtls/peerCA1_X_cert.pem Normal file
View file

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEOTCCAyGgAwIBAgIUKEhKG9WUqfHCi18eTUUBDZI+nRswDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG
A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl
cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk
b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2JVCd0TRhpsNP
pHxo9DyIGMiuHPdj18meSe0HWbHk3aMLonBmB+1RqJa/7MnwYTFVsb4hajlTCVmd
2xOGA73NWZt3VFLY0tWp3AHqmrqqC7jE1DIXnJPQNesYifKNK5e2uJQf3xkwBYz3
Gr664U9dAIDJtE3nFX7QWG5k1ozDaeeqX3kylevcgLxyZBrXPozkfggJRrvVFgct
GuLAKdApVsIiCSPRMnTYM3dLgos0gaio5KHWXE6QfpbqC12EIw0fqucmXqjtpa9B
/tIRkRMQfqJ8sMdI9XOwc3G2yGaI5HTVeiyDHnDnb10izdpN8gi3tH3r8sEN8ENs
taaKu+njAgMBAAGjfDB6MDgGA1UdEQQxMC+CGm1vcnBoLWNoYWluLmZyb3N0ZnMu
ZGV2ZW52ggttb3JwaC1jaGFpbocEwKiCWjAdBgNVHQ4EFgQUY203z9j1OaMLZSEa
FGBD6IMQVFowHwYDVR0jBBgwFoAUGCmiSSj3ZXOraieVqDfYH7thN3IwDQYJKoZI
hvcNAQELBQADggEBAACEPUGv/sd/QQDLt/AF8tBiF6O8eDgx6FIrA0GTbb7+5oGK
DxA4F5CTrLz8LnsEqujq6pSaa33WUdEnrh/FlGmdIEwHtCc8dukiff8bWvpTLIaY
TPNUh4Y0Y2dZJ8ienO4OSU9psUDCyDaNmOja/DlfYYeIdSXtrMr10fEQgeIKEYGL
yH1kHrz1aMJvLdk08U1hRlFWApn1JoSAVyWR/uyrUJ7czXEtgbKdVqnuzAGvnn/l
FHHNiQmelK/6aEAa1Cg2Q7Rz+9lszRVZPpBJvHUjeA5N6b7eEFgLdhJSmJV40OeV
6pw9IVP7CMezPBNXjMcj+COme4pK6HY9zHQCiFw=
-----END CERTIFICATE-----

28
mtls/peerCA1_X_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2JVCd0TRhpsNP
pHxo9DyIGMiuHPdj18meSe0HWbHk3aMLonBmB+1RqJa/7MnwYTFVsb4hajlTCVmd
2xOGA73NWZt3VFLY0tWp3AHqmrqqC7jE1DIXnJPQNesYifKNK5e2uJQf3xkwBYz3
Gr664U9dAIDJtE3nFX7QWG5k1ozDaeeqX3kylevcgLxyZBrXPozkfggJRrvVFgct
GuLAKdApVsIiCSPRMnTYM3dLgos0gaio5KHWXE6QfpbqC12EIw0fqucmXqjtpa9B
/tIRkRMQfqJ8sMdI9XOwc3G2yGaI5HTVeiyDHnDnb10izdpN8gi3tH3r8sEN8ENs
taaKu+njAgMBAAECggEAOxjlTKcVfz97rCn6oZTo1OFxryg/zhmz1VM4AAQGl3Kf
1YUJQdl9ktqHutKpfIAUYTDvtui/m6Tzeieb8IXjPa6+pdtqm+XgJCH5TzSPrt9p
vhb4/7cyMEJmOkp7s3j62vKNQMACbJXIdF4tlvXGaa7hmlARXJIZWKDwhHAmMLpt
z9t5bW2N/oZOC9lMwmz48FLIszrskVKX3kQTr1rb0cux3SSmDSnd9l8Zu7TMqKTt
Dja2JDYFBTuOpa7WcWLyMHM/1omnRXok1cFKgCURsl487/B6r9FZaOtEQqtElZXB
w+7cB1iG+1q0JXk/qaFtf+5Bu637AJwdELGnJm8gzQKBgQDn7gxvT2vrkQUuQfB1
URqzJl5yuFsVSeu6xFqmWJORwBhdVO7nqAMX2IGrbnmBslGUys5LlpjN0wK/xMrw
D8bRnqTlZgOG/lTrcZqsqqDOGn6k6oKaufIlt4jVwWzr1R4qFQNe5lXXqJ5Ka7LO
Gt4ej5yJz7PN//Hlrgk3bVjjLQKBgQDJDJf8Ii210W9/QjAJuCGCsbVDUMS92t7F
4GGVLAoY0PHsa8s2RRTQmrgfLa/Zzx/oAZs3tkihxGriZLk/Xvk+VaJY3wIoWCAm
6uskFBtINlt/lqdtbe8nZRONlxUYB20izYHcoQ6RVj/JmpLR8Tib9lyYItKnGltQ
eUOEuwJrTwKBgQDMK648qwEJPf/+icPBsyU7ApLwkMR2CD4Bi2t1ttIp455PQz6R
JkGa01jLbpR+jVjuEF7tAeUAhDqOURKJpInU7MCixVxjkS92mOqeCBNJfN9yFJPm
27yEYX6PFhjpvxIv35G5EDIPiHvYbdjZQaO56ZjXZMYXmbH8DGpGpfcy/QKBgQCP
wm+THKVu0zlU1/EdogpkN8oTPlfQIgcVmyJr1jfKEu5KTbHbNn5xw5BQywxpRI/e
B/gDWFaLRbXf+IH17GVwyy7xOVWDn7At4+ELxUzUz/mRPBqwRuGxW7clkZjFu9mv
/x8Ssh+GkRO/hsXhVQlTjFAdgRj73/7Xhj5fVJGgRQKBgHZzvs8er7jt0bPF5qZm
MFSy8rqgSzaDXbZQsEccIdZmiz2D8mfaj3MnjzRdV9eO+1A/rwYo7+Co740Bxx7D
24AoLhBEEStKWwenLkBq9jDUhlR9+o1E2Zg71w++QV/dmOHSNWZOjWEItFA+IZ/i
lZVCsTptAVe0khSUBYFaEAsA
-----END PRIVATE KEY-----

24
mtls/peerCA2_1_cert.pem Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmt4wDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG
A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl
cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk
b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LtYIP1mXV7pn
UIHkLXubW8Z1i/+9mxVFBUBEz8LE71AMtCjjox63sxeK9iklr3gjhgqqRDNjnexo
CEU61iS8814WiTn5gLVbLleaQ7j1u8bGFxxCwsz1trYv0Xr39j41q/j1NpRgb6+q
MhG2HkSZx+h3Fg8s2tNkoMaa5xOD547E6KJPOuQJe/JHeQW5WNmTFf99DdJ1YBum
DP2toblkOtbP/EJ970B6EdEJGmrAjMRaJcvRsgF3fWQpA94NrsfL5rxhS8mZMtXv
l/gaRA9ntsl3uUHcSBjrgBLnhTBTpeBbyEE07jiGVWg/A61f39ULgFCZ8OAA40Fd
oNAKHrDBAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqIJHMB0GA1Ud
DgQWBBSIu7uWx5liJGDXuaemGYD9HK100TAfBgNVHSMEGDAWgBR1Dy7V78T7XW3Z
rMFlvMIphIIXcDANBgkqhkiG9w0BAQsFAAOCAQEAAZzhN4+6EohtnusOiklPC2rY
063JBG+vbaPI4QpmCdg2Hu+gHquJQ7y2gXOL0VxmQzh+NpOS10c6+U1oVsEEcpE2
MYwRdVy8aUczn5lpwU1HQqoHI5/J1J9G++Zh4RbS33DZQpA34sqyMjdka951YQhu
Nsgc/j7G5QOra1/CaGQKdjF9rlQKED44V6G/Y67AKHAFfkExubo+Dc/78uVe+UL0
PPopHf+edQ3xWVB9iDUBDAdhCX0LOs0BowSlYl9rNG99zfI1NLcJC1bHdFJ7e3tW
nIiivTi870w/WCuT5Zf7lYAz3KqjUqxl4PPVyDrxBL1z+h7RoUzDKoSBfpEFhA==
-----END CERTIFICATE-----

28
mtls/peerCA2_1_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6LtYIP1mXV7pn
UIHkLXubW8Z1i/+9mxVFBUBEz8LE71AMtCjjox63sxeK9iklr3gjhgqqRDNjnexo
CEU61iS8814WiTn5gLVbLleaQ7j1u8bGFxxCwsz1trYv0Xr39j41q/j1NpRgb6+q
MhG2HkSZx+h3Fg8s2tNkoMaa5xOD547E6KJPOuQJe/JHeQW5WNmTFf99DdJ1YBum
DP2toblkOtbP/EJ970B6EdEJGmrAjMRaJcvRsgF3fWQpA94NrsfL5rxhS8mZMtXv
l/gaRA9ntsl3uUHcSBjrgBLnhTBTpeBbyEE07jiGVWg/A61f39ULgFCZ8OAA40Fd
oNAKHrDBAgMBAAECggEAAN9YQd/zhzybt2JZ3qdm+2zEpHbU6oYaW+c1KiPmwn8+
63WBSxCZVF7o7LZNwMeFE96AA0aE9xc/9Wl4SYFb4oJNU9+A1rOSIm518sujPetS
Z8TzAoSFqxw99AjWFe3Mqale9qmkixyWbKuuHYxY7atdUc9j2NU65XQDYQ00NPT0
g2GYXqi1fDam4mR/GqgnbwTYnCMRfbTp61E62n3g8UeTDX5gwLjiRiI2f7MaKQM/
OzYa3nLi2YrNbk9nm/QfWSImSX+htD7vzF11GJ90SxwnscjbJyDZ9x/GrJTsT4MU
kC26vuj86MXRD0+JnS1B89d0zp1TTqDiH1mqh13DnQKBgQD1tfnio4gJNBbxP4cG
ltljlEOTPkTnMABYAXUmK8K5cXxdzMbmBaPY6Ih27X7PsMNtN4OcWr1fJfzUSlOp
d/NbBJBWn4wUArcENmlpCD4MlhnLT54APr12R5+5UxzMRAzXomYNJLCNP3R49N5F
jiV0Qs1OaeZueRrkyLBP/4u3ZQKBgQDB+rhXDuKsnjdkFZM/M6ovQ/CIji7rqMKG
lwAB6dDWTl04Y/DO6+WF+vOYUJicq/STqPbSS8YkwGX+f4Jmx90ej+O6X/wB2zM0
ifh9+fgYSNKHgvsRdwHU2qGG+5e9uCE/3ZA0/y5f91YWRxvX5g694RDB1ViJBIhb
5KO5fnxkLQKBgQDmn8SI9mc0BEFYdQE+rQ4kSkBXDwZLXKGl+NBFYKOnvZ42yIMT
2c1dRXz465ewR0BW3dlZQ04l5Zj2hUEbeqvfDVyRAbXP/nBbstqjrAnZdHWHgBZU
Mo9QWo/PufP4whKvvw08Xuib2yhuc5/A91euVRkw9XNE08TrYnciz0ALhQKBgDnP
y1jG6u+fR8rgUz4m27WyfeF03q8FYNRT9ICdeswkFsxTnNVOoN1JaYgfnRw0c3P+
i3EpfCg/3yX2Qpr3PgN5xtko+iZjeeNSq2iAM1ypd3VDqCgQW89gSXu9SAAW/HHY
Sr5Av0WCpXmGP9ocipA0n5XlS7mqTCl2/wStmc0RAoGBAIJmrLt0TCJ1kh8b7g0w
d+Bt/4oCVDgyKt9MOnBmPXBalYvEICLQIQ3YcXD0Lx3yy5MKY5MfokMUek5NSdjK
UIBYhOhgckIrfT924zPPQqp7OnVAPIgvCZASBGmof2ithiYl/g03S0ZuN2bIcDEM
j2JMnyCeSFqln72tzeMm6M0O
-----END PRIVATE KEY-----

24
mtls/peerCA2_2_cert.pem Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmt8wDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG
A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl
cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjIubG9jYWxk
b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLpXZ2amr7CS0J
MPhf3u/xizep+xZcXOryubo+kGbkr9QWmq/lDvIUNv8Jpdb24oq4qjTOCUMMY2le
6gEmJF0/z7bZMmPEpmsLvIKQap1JpnfAmgxx7qv05S2FgTHv/nhlb55MLItA7HVO
HDfbvtgePrRIfjm+EfAFT8x4+Vhf6xPH5E+Wn8mXH+7pwloHG8/gGefo6FTpv5IX
vaRkRxeDD8usD5DdiIWruJ+BiPpOS6BkwbPGBOWh747ZXk59/afve0MnTszoO86o
zniwAfGcuNCSsJxaduReaVddE0NqRrOE60h42zBGr2yxRkC1IoKL5Ae7kDcNLfIf
bgoCWk/zAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfdHdvhwTAqIJIMB0GA1Ud
DgQWBBTCguoTciQNYyd3tCacwGxeRLvcsDAfBgNVHSMEGDAWgBR1Dy7V78T7XW3Z
rMFlvMIphIIXcDANBgkqhkiG9w0BAQsFAAOCAQEAEPHDVLCv7J+nFKkLrWcAuUlr
vtG11Z5cFowlwU+L3W2jqAcnANCAfz4FOgj6Gq0PGzKhqtHwjztvRd8zyTxpdVw4
D7cU6OQKBGw+Grcyhj/eN4zUpD30oR/vxZS1zfQl5jasw0TYQUbjbQZz1d0n9NAW
eZZ//aprE9EVbzQIirbWGC6ORKqws3k8/Pf6o5aow31puJDmOn26ISeWHLrydBHU
XjxK3w6/sY1ioTNUSuGkZzM/sDeG1CRrhc50tRtuL+p/v35CLc2cd7LXBUBxnnqH
DtsGtlUsk6WHwYXqAeREZypVTCkTcQ5OOPur080TOIrOJilRGq6yre+c6wjhow==
-----END CERTIFICATE-----

28
mtls/peerCA2_2_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLpXZ2amr7CS0J
MPhf3u/xizep+xZcXOryubo+kGbkr9QWmq/lDvIUNv8Jpdb24oq4qjTOCUMMY2le
6gEmJF0/z7bZMmPEpmsLvIKQap1JpnfAmgxx7qv05S2FgTHv/nhlb55MLItA7HVO
HDfbvtgePrRIfjm+EfAFT8x4+Vhf6xPH5E+Wn8mXH+7pwloHG8/gGefo6FTpv5IX
vaRkRxeDD8usD5DdiIWruJ+BiPpOS6BkwbPGBOWh747ZXk59/afve0MnTszoO86o
zniwAfGcuNCSsJxaduReaVddE0NqRrOE60h42zBGr2yxRkC1IoKL5Ae7kDcNLfIf
bgoCWk/zAgMBAAECggEAHUtmkJ87V3RY9acFO6lSw+Ded4XGkC/Pnm4INCLKomAG
tt+2qNEvEqhcpLMmCqrJAMp/QRpE+l28lSo9UxLNFTZYm8LrZij4Yh5Se9rSWHtp
Y5vlaWhHdTmYhEly+Q6WnCTj1RpdR9AcCcn2YRaBeUxU287ImKZ07BawF8DqrRVe
YKOEdBDHIXkmGswn00L3vbnoexVryJeIBcNKsQOJQq0SeE9YHCb52U+iifWwEK6d
hucft0cHatP2ogW2b7GfP4040M9cRn7P2Knl9ORL1VqqHRKS3QvxKfKoXaopaRFg
C32qWo0pW050kYtsA9PJRFYHRjjGFV6AP/lLBw65kQKBgQD87IhxpKwOIW/62ceu
cyEIFI7RLZf6sX9HG7aJMV6/vIaWSS1I0ICLpBOVon39kf4/8vNeEx6pY8gIeg9g
dAcaDsg/nS1gZynTOVgFTC9Z+5UwX4Azm+bXxFzR2jcOOAMXxjMFx/rliS1Lgdrv
QfWnr/DW/aKz3KEUO9imCdnU8QKBgQDOH4GVC91n5e/VG421hNU9OEse2eSC84ci
2wbBJVnsUarH/0W1z1Vk+HBEhcsNEpTCsH0A5c69xizOueL9zgEQinv2I04M1DAn
vSG9G1cSz+01dl1Pn4RFoSCl7M2Yua0kRLVb88/TP0/6fWvKsDzcKMagb4EFg6eV
af9m68ljIwKBgQDhWX5YgvgpvvEe+FtJu5p6sJZvGciHvQ5CNRb2Nd7NxxPDY3/N
mLhvsskgUZ8gBqwaHkVoVHDFS/o2U0rQDZEmTnVs+IYtlr1VTYp3beHisp3Cc9Su
JwIOzQ5Gi77yFEXtMNLVG9EYIpkQ5apD8ukFd2WGqIYG61U5yfjGN5C2gQKBgDKP
r+2rt2fhE2+nDp/UMaqOwH6U3GTy79cw+vst+lzpu4bLq4HplfzqpD9qwmA2ip8n
Q8KQnKIYlq0vE+tGOSShk77Q8jhbZGSbFEebCUToFDvlCQabDos19xg8ekJYaYxX
/lTL/dLH2QqM8YAKsyMeLXr1XyTHIriYA7pvZDsZAoGAGwU0vmfUidqcJrFuQ3hM
z0lUUpvUAIqlpE//NFQay3qA68Kt454vMDYpbPT9ZxW/yF39kNHw8PSWSBaomF3Z
6n82LiL8O+SNaHeGstNj9ATUn2qPFotqUozDKa3A3RxVzXGzCFQzrh7pWcjH7cOd
scdlOJZhh1kr0eW71OqcKJU=
-----END PRIVATE KEY-----

24
mtls/peerCA2_3_cert.pem Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEHDCCAwSgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmuAwDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG
A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl
cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjMubG9jYWxk
b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMsMLbfg9Mtgvr
K9LvlingAgU5c1XfGMkQigbShtVyiknwx7HjAX6hQLRvcIG/S9LOG48YHbI9oEmP
8goZW/umZPHnwPJpNmDaPPZMkoTNwVXrCq/fbjoiY038zGCLYzBzwBMFzu51sraF
GZnAW3az5m7l8d6xXOrhbxISGkhCVJaVEBu0eGt7bAxo8OwJmt6t8pzVWFwNq9lS
dMGqwudmzY4xMs6W2ie8BODOmXIAya5X0yGDwFA0nUIeTMjQK3PqezOTaARz1Eol
L87I63XN+bl1nYLYdPpwREqXDiIYEq/t+JmuTja3Bs90Qp6n7GWxPz5O6SHjyair
sgwxJb1BAgMBAAGjXzBdMBsGA1UdEQQUMBKCCm5vZGVfdGhyZWWHBMCogkkwHQYD
VR0OBBYEFBsOHOXvrx6XnQpEIXw3XU5XsuDHMB8GA1UdIwQYMBaAFHUPLtXvxPtd
bdmswWW8wimEghdwMA0GCSqGSIb3DQEBCwUAA4IBAQBEgeew/row9fTrpQjlDGTn
4vI21j2qjIQx9EVbSllogiWRuVLDoMvWi3cOn77jnNEDDqjxK0ocuZRvulyx/65Z
OMsXi2sHDsbM41RLAy/Jw1pbxzK2TkDkEja5kKb1YPrvZd+8h0EUJ8jtgzTEfBtH
bt32vLkg4CsznRIcdW2oeolJwS4MH7XVRF7X1EBvSO8pbRxHSCQHzkcfN+8b1CVW
xJTIcI4bbcaHTl/m4osEMGjOiQwgg6yloFQ7wqF1xP97+ArVL9FXIyVfTWFedY48
AMSCDgESHgweU4YeH9Qo5KJZU9iUOVKSmArK8xD6QSWZjfANOcP8Fwcyh9o3n/tl
-----END CERTIFICATE-----

28
mtls/peerCA2_3_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMsMLbfg9Mtgvr
K9LvlingAgU5c1XfGMkQigbShtVyiknwx7HjAX6hQLRvcIG/S9LOG48YHbI9oEmP
8goZW/umZPHnwPJpNmDaPPZMkoTNwVXrCq/fbjoiY038zGCLYzBzwBMFzu51sraF
GZnAW3az5m7l8d6xXOrhbxISGkhCVJaVEBu0eGt7bAxo8OwJmt6t8pzVWFwNq9lS
dMGqwudmzY4xMs6W2ie8BODOmXIAya5X0yGDwFA0nUIeTMjQK3PqezOTaARz1Eol
L87I63XN+bl1nYLYdPpwREqXDiIYEq/t+JmuTja3Bs90Qp6n7GWxPz5O6SHjyair
sgwxJb1BAgMBAAECggEAHjrOvwQk4KM+1bUBBTbr/p7IbxMnBU36R9yH+b3wYRGm
WOPiftBLh3zFs8hDCTb6rkt9/HBKUMqkLUOa6o2IoqrkL7dxtZ3Se6NRjBPUKYpa
P4kHr1uZRKyI1IMfO7Fi8v1UxzX9Rq7662Omrt9zLkojv7GoaLunHrMSJqVGCFwv
yB7Rd/UYUyoJgZj7k6hev4rvqNgK4zQ2mkdRg5uyU0EHPZd6c3tFSt3vU1K3LhFW
Ij3gbm2ZCW4vimAOA4ryAQLqcykcKwP1VzMl1iw+JCiUH5lIlBqJbL7C2ifYVJeD
FaWUSzEu452sZmqIL9JztLNDEQ5cRMNE8bBEMnbTBwKBgQDp/nL/HFxvRmBf2r8D
0DevasfnsBFfcYZEpBeel29RQ/kM8XRv2N+GBKJUPQ+FLDdZt1TNZ+2TGwiU/OMg
1jiELVYk0uV+CgY1qdYVdrfScXy2l5MgMTNI+Vgb/tBYOefgXkgUy7FRo26FfnAB
rnfT4Peaf7nztu4BkqZTNZKy1wKBgQDf8NAFKVZWphJ+VfoV12TAhU/j5F1ta1Kk
f4PcMD5RheVjezojpW/W9bvLF7dBSOsAYiAWw6l01bbgUCM5Yld5XYp2JTXROyq1
uPFadLz7Xr5y0+HMYjhvZkfsf+p1uZU9IOAJgSWuNmISTKP2YKPOvqbxiA8nmor/
mC7NUPYlpwKBgEs4rSctqtlquliWLYnASeZuYU0t4KfaCtvOFHm7HOH3A/0RMeky
wsiGfNivuGmLSU/iC7TskAcWTa/3i9xmgUycdnDoCzZ1aoGd02CbBYT1Tq40E+vp
ZR80aQq246s5Ej2ikXF9+cbQzxrDBqbDu2m1jGNyZAjg6ao/xpBBTKOJAoGAUIdZ
VrHRwWEA/3tNbjNBoNWPsAS78BAK7OqJ8VFL56b9oTN76buhJyzAtjy2An0FPOMM
ZQNBWalMlQdcU1Ng31za4Ldqze234xc5e2zFVKNyWvqElSmw36ZpMMui9WiiGRRM
XD6b3TTjOW9j+sIvxbXbdLmXsYcqetUv51c43LsCgYBtfAZ55PfOLON0vKeSpfEo
MwtsWK+7uCe2ybVV0ddZ3maimlR1sgAoMooDGG+9IsQMw7EYGIGG6PHjQQMb542R
Cq3rWoVsQo9VSfHI1iO+neDsK84+SyJWeytHNqBO0EHdzQl/7u9gudv4Fq1k0HF7
E+TBh+K0H35VaB2rxKyD5w==
-----END PRIVATE KEY-----

24
mtls/peerCA2_4_cert.pem Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEGzCCAwOgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmuEwDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG
A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl
cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjQubG9jYWxk
b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvSZ8q0s+y+Uzc
XPafneBvlXFoosKBva3cA3OigqOnfG7lxajte6oqFZoUSIApHKriinwbKkKLyxox
KW2ajJKFrPF5QvcJ+AqoHoMoaLU7iTcUnphxzbgSK1wR6mo2O7ocSH9IqntCTbJO
bnLZqDOlqHWwaJppaS+9ELb06VT7Cr6oiRQCP2o5g5dh0yjTYn8CFe6+ZOOQrHSw
EjaZqzHIAJcvgwqGpmFJzbVaFlmrNon5sNZZfSiUabzk+GtlEKzejNTqzjq+Y4sl
B8Mcm0tQzpeX67+bRzrcnG1oBaqJ72QqzTSe/pZH15OWBhTBRsWAExtAbiqACYdW
z4Zf3MprAgMBAAGjXjBcMBoGA1UdEQQTMBGCCW5vZGVfZm91cocEwKiCSjAdBgNV
HQ4EFgQUXmuqD1Cj9H4JcSF3rnXVArC5R8gwHwYDVR0jBBgwFoAUdQ8u1e/E+11t
2azBZbzCKYSCF3AwDQYJKoZIhvcNAQELBQADggEBAEWCIYIdiZDjbKzkjqo5aL7s
zGfBlzv53xuKalJT3Om5dOkI9z/W+FPwwFJyBvhYJ/FAG1IMA8bV7NLcbnE10QSj
AgQoucu/JJWuW4bv2HSYRFTwsGEfznz2XOdJs48OwfVZGP7cNztdLdHJUK82o628
caL9VBEbzpvSn0TJazNCNU3Q3e7PxhbQMZU+65MgwDOES1v04xCZ+vdV0Te8CGtv
bEVfmPk4XCbNRb5VDpEwuYesJ1SH8xuq4KyYdJlizwDR0K+6WaAmfIAoQd7LpRA4
xKdKNexUw0PWtNKJrUCIXLaMyxuwzxPfXnHoJhx6+6v+KAUa1qVvQKurQS6ri4k=
-----END CERTIFICATE-----

28
mtls/peerCA2_4_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCvSZ8q0s+y+Uzc
XPafneBvlXFoosKBva3cA3OigqOnfG7lxajte6oqFZoUSIApHKriinwbKkKLyxox
KW2ajJKFrPF5QvcJ+AqoHoMoaLU7iTcUnphxzbgSK1wR6mo2O7ocSH9IqntCTbJO
bnLZqDOlqHWwaJppaS+9ELb06VT7Cr6oiRQCP2o5g5dh0yjTYn8CFe6+ZOOQrHSw
EjaZqzHIAJcvgwqGpmFJzbVaFlmrNon5sNZZfSiUabzk+GtlEKzejNTqzjq+Y4sl
B8Mcm0tQzpeX67+bRzrcnG1oBaqJ72QqzTSe/pZH15OWBhTBRsWAExtAbiqACYdW
z4Zf3MprAgMBAAECggEAAMPTe/5bha5s1XFaaivoNNR0ID7FlodbYOBq+sSTLkHu
wfXw3MhzX6eken4ugP9tB3wPOpcenzmNrbU+kzQV15t/mkXeih6Y/U7Ux7JdSBs7
ME3Y4HZDXWDvD+zz9bShBUqTs5961jk8k/cLbUO8pfZsPQ7Xzan12V9fTQZPpqDN
hfE3xhgoWvryhY4Yu9Zjkudjg+rpEgErB0sJPBK5YqqTgg3y6rqSQW8Ol0hEB7NJ
S0emJ0q9K8UAq5+RKZanmnaIX73pr+TUbi4btVuery5kHymq+ippx9D1fOkBQKzV
Y7zJrRi2+w1tBySYA7tHg4GaDe5vNwlB2tA4nHusgQKBgQDhm8MTVzCy5SBavN67
0NcIKFutFGGi3RkVYBBFdSDfDnxeDW8dcmLd65W1aTZkhweoKXqxN8TabQUkJxcJ
IHdg9XY9RXh1epv0wQ6fIb7kPM5xIJQ+dlLoHVMV1dWTVWkILolWnqcJepcl4iZJ
bFixwPCdYO0X8f1JblskrYdzSwKBgQDG5oQE3T6mMv9uUg068W2OwZfeCINDdn7B
XHs0LYc6NRNIrjNHxfPc37qptQf1K/S0jSErc0VRR3Ya3eRCzNGEMl1zmIv87y1W
1EY4Jm1fM0MDD7KuDG/lVsrcKeogcVCYV2gyPqZAB/b1P9ljNVaVuo5MKkFjlpOA
FSRWUzJxYQKBgQDBRR2toODwMEcyVGB/Bx5fN6upry8hRUVqwVvPFNMvIwq5y8pn
sIkv0dTzjwlwvxh5H+eij8MM154y5WXfhLegEUfUn4HdKkcWOpjbDB6rCchUs3Mr
u1O00wJNT11ilSWgQ7WVxd4UybdYVc800SN+S2oVeGZEQCMa1/YuipXh1wKBgF2g
sVCg3RbbNsY1taijcVEb7GNGWpPtOanH4O8k510NEvDJn7YPhsXYQ0QTxZUxhdVg
Adc0QdMK8pufDA4t4Ap8suTxUCRWal9POWbBIAcKWGcegpvPmvS4MHIHAQEYljnA
G3pbZ2MI3MWBstEykHmXAdj0oydAAFrwmNRSAZLBAoGAFJtkyR8GSJ8merCLAuqC
CN1an5OcuGcYXoyt1FE6VCI/YVQ03c0NCv0FciRAqqybrKaxvJ/qTYD6//Lk2um5
aSs+PQ/wiGkH0mLI8zAkoqPEBqu+RqP3c9d80mLOwOHT7oPhkB7bSJViEwO5XZKN
ylGmE6Sq+AZ9jCztJ6Tina8=
-----END PRIVATE KEY-----

24
mtls/peerCA2_IR_cert.pem Normal file
View file

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEGjCCAwKgAwIBAgIUKjQCltbN0Oao9ngSasdbHaIBmuIwDQYJKoZIhvcNAQEL
BQAwgbcxCzAJBgNVBAYTAlVTMRIwEAYDVQQIDAlMb2NhbHpvbmUxEjAQBgNVBAcM
CWxvY2FsaG9zdDEtMCsGA1UECgwkTmVvIEdvIFRlc3RpbmcgQ2VydGlmaWNhdGUg
QXV0aG9yaXR5MRAwDgYDVQQLDAdEZXZlbG9wMRQwEgYDVQQDDAtsb2NhbGRvbWFp
bjEpMCcGCSqGSIb3DQEJARYacm9vdEBsb2NhbGhvc3QubG9jYWxkb21haW4wHhcN
MjQwNjExMDgyNzQ4WhcNMjUwNzE0MDgyNzQ4WjB3MQswCQYDVQQGEwJVUzESMBAG
A1UECAwJTG9jYWx6b25lMRIwEAYDVQQHDAlMb2NhbGhvc3QxJDAiBgNVBAoMG0Nl
cnRpZmljYXRlIHNpZ25lZCBieSBteSBDQTEaMBgGA1UEAwwRcGVlcjEubG9jYWxk
b21haW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwLU9zl6iHlDLQ
LvPKMngsxNKqK+hwoaXuiAXNIGN/MAjWE7RL2bo5Ah0x/359Pi2MWNBBmdVnuDK/
5UqK+HXli3qZhUWjMwWDYJM9jwhyx00spKfa6+9mVgMesdTix/xRDAFK27UNlJya
q4kUqinvGJaPKgbszUpEyMqOeVKU157tOzPVMWQBYfHJDbHHerd7jHPKlDvXSMkR
TtPO+OojFhXrXlo0Ljif8A6AagdMks1ozvaFCs4fBTIiDJWqLxttilf6GxkEfFqt
Oor3hraobe1OBKwHRI2r9hu7BVg8gjZ+Hcdw7tJ2HtuHfd9d1k+XW31oe6HMVdgZ
QK0hRHofAgMBAAGjXTBbMBkGA1UdEQQSMBCCCG5vZGVfb25lhwTAqII9MB0GA1Ud
DgQWBBRk8ONdkn0MuaBRHeUuM4iU8fc4pTAfBgNVHSMEGDAWgBR1Dy7V78T7XW3Z
rMFlvMIphIIXcDANBgkqhkiG9w0BAQsFAAOCAQEAZdNGSxGjZSfaZPPujYNC6ZrY
c07mRV3W+NGJZoWvDaEYy3MYZje+wghBJG9nXD4eQ/55q/k9C3AvcM31H2eBBFCW
f6Jcp414NZ52lTCoeDmmRTsggJS7IPE6kaBe3GoUJR+bs/ktv1im+ep/8/eEVf3g
FlteNDQ4kL24m8Ps1CnDLLBM3OQphD3MuQrMpZPSaSKhZr9RJrZ6jcuAcH6uhYZi
c0mevVLDahoGwrZpMnVYHgVOAmygbQv4wONAvrhNgDrKmtMczmIb2q0BIG4Jdtsm
Co1EiJ3/eHL+Vu6MhLWngLBg3Yl0bUZIw/xPu+jD8GmH+qrGcvq3hqSTFHIX5w==
-----END CERTIFICATE-----

28
mtls/peerCA2_IR_key.pem Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDwLU9zl6iHlDLQ
LvPKMngsxNKqK+hwoaXuiAXNIGN/MAjWE7RL2bo5Ah0x/359Pi2MWNBBmdVnuDK/
5UqK+HXli3qZhUWjMwWDYJM9jwhyx00spKfa6+9mVgMesdTix/xRDAFK27UNlJya
q4kUqinvGJaPKgbszUpEyMqOeVKU157tOzPVMWQBYfHJDbHHerd7jHPKlDvXSMkR
TtPO+OojFhXrXlo0Ljif8A6AagdMks1ozvaFCs4fBTIiDJWqLxttilf6GxkEfFqt
Oor3hraobe1OBKwHRI2r9hu7BVg8gjZ+Hcdw7tJ2HtuHfd9d1k+XW31oe6HMVdgZ
QK0hRHofAgMBAAECggEAPQ731OYoVRdq95wIJE5CWPdMqzBwbjnaKlLwTp6+TLZU
eMAXpPTcL+QGshBHAuYMxFJL13GZXD3qwPg0xDG4HzwfVeoYsw2kiCrEI/E575wV
VZUiizhR601Qi7wf5+t5jM0lgvdqBuLSEUwslFFSSdORayH/ErJ6ABSf0iqrwOS2
DmEAi02ZqumLrd41lY72QrROCP/B2GcedD8pq8CKHxgwUk6Gb+jLlyr7Kg2Ubiro
/elKOVdTBClInKLBxlWPXsGbnwdw1WNseh9FoQP71hgJI+HWK4gAZkl7umvLjdFo
I94vSgELmj3hpRT88ysB3dyUwG84bFlmFQAplgZ4mQKBgQD7lk27ysUTCMti1Lud
4tes7Khvx02itGwjI3/UwGcizjC1sGprvfun5btXSfeOhg8kkj+FQ7n+yBY9ISyi
8jUdmPR/DamviYcRUs3xy9XzNiR7JJ1gM/NdgU7FG+RYNMC8lHkxgePQDyYUHSAy
28DFDcG+z7WzYVPqZb8a3mw42wKBgQD0Y8Wkt9UzI6dQEtKCOA/IoZDsrwgMev9U
ZTulJBPY4mO7rS4nfaF2vs6ENwjzjCblr+mWjV13Ir+eylaD5zwc1SOKJtR1WEpN
7HWLcfI8qVerqN+uknU4fXlZmpp+StNYvCQ44QpHJE9dHpMs0htdMl2EztQVupY2
MC0B6tT1DQKBgFsWoC5Ny+yIUpsFyqfvaYcCaDmQP1uZV02hnLa6spy3aotdxCoe
Lu8rDhkcfrTrdLAZA0aMrtrANs0LJc4ZQ4HjzyHxIG6drHlpMYdJ9byI7cxoBVK/
fG1uU8apwpLtBptAZmC2VnUOBwthQDcpuTGfOXaMXY0EwA0tqXNg9G3hAoGBAIko
Was5VRlPYD5rYeOdbRZPvtNm5GCEwzntWs0y80ScwhZ5elbFhlHrgmHntUlilg4A
bVuGWTdctCh9LJL4ut7/q+OEKWb2NzWGiO3K9IWhEMgRjgAeyFT87pcgUqagff7m
EHovqqIEudnsJ/NWs+7ZLm0z2wma32ToIspZrk0dAoGBAPhIcZgmTpJmZ4lmYwF/
xZSSMW2L0P0VYiXD27l17fPL7no9VgBihhki+FxLq5UPvg5M3Nx7EUA20R3RY8tU
hZdwIiLSB4WMzbob7+esPqgs4nTJTD6rFpagt4Bw2/WpJRaogi3SvoQ0lAHRaq+z
yGlQNGg2J3DN7T6u3Ng8VNfr
-----END PRIVATE KEY-----

23
mtls/peerIR.cnf Normal file
View file

@ -0,0 +1,23 @@
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Certificate signed by my CA
commonName = peer1.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = node_one
IP.1 = 192.168.130.61

24
mtls/peerX.cnf Normal file
View file

@ -0,0 +1,24 @@
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = US
stateOrProvinceName = Localzone
localityName = Localhost
organizationName = Certificate signed by my CA
commonName = peer1.localdomain
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = morph-chain.frostfs.devenv
DNS.2 = morph-chain
IP.1 = 192.168.130.90

3
services/http_gate/cfg/config.yml
View file

@ -22,6 +22,3 @@ server:
wallet: wallet:
path: /wallet.json # Path to wallet path: /wallet.json # Path to wallet
passphrase: one # Passphrase to decrypt wallet passphrase: one # Passphrase to decrypt wallet
containers:
cors: cors.container

11
services/ir/artifacts.mk
View file

@ -25,14 +25,19 @@ endif
# Download FrostFS CLI # Download FrostFS CLI
.ONESHELL: .ONESHELL:
get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli
get.cli: FROSTFS_CLI_ARCHIVE_FILE=${FROSTFS_CLI_FILE}.tar.gz
get.cli: FROSTFS_CLI_PATH?= get.cli: FROSTFS_CLI_PATH?=
get.cli: get.cli:
@mkdir -p ./vendor @mkdir -p ./vendor
ifeq (${FROSTFS_CLI_PATH},) ifeq (${FROSTFS_CLI_PATH},)
echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_IMAGE}:${FROSTFS_CLI_VERSION}" @echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}"
$(shell docker cp `docker create --name tmp ${FROSTFS_CLI_IMAGE}:${FROSTFS_CLI_VERSION}`:/bin/frostfs-cli ${FROSTFS_CLI_FILE} && docker rm tmp >/dev/null) @curl \
chmod +x ${FROSTFS_CLI_FILE} -ksSL "${FROSTFS_CLI_URL}" \
-o ${FROSTFS_CLI_ARCHIVE_FILE}
@tar -xvf ${FROSTFS_CLI_ARCHIVE_FILE} -C ./vendor | xargs -I {} \
mv ./vendor/{} ${FROSTFS_CLI_FILE}
@rm ${FROSTFS_CLI_ARCHIVE_FILE}
else else
@echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}" @echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}"
@cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE} @cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE}

6
services/ir/cfg/config.yml
View file

@ -33,7 +33,11 @@ mainnet:
morph: morph:
endpoint: endpoint:
client: # List of websocket RPC endpoints in sidechain client: # List of websocket RPC endpoints in sidechain
- address: ws://morph-chain:30333/ws - address: wss://morph-chain:30333/ws
root_cas:
- /wallets/mtls/CA1_cert.pem
certificate: /wallets/mtls/peerCA2_IR_cert.pem
key: /wallets/mtls/peerCA2_IR_key.pem
validators: # List of hex-encoded 33-byte public keys of sidechain validators to vote for at application startup validators: # List of hex-encoded 33-byte public keys of sidechain validators to vote for at application startup
- 02b3622bf4017bdfe317c58aed5f4c753f206b7db896046fa7d774bbc4bf7f8dc2 - 02b3622bf4017bdfe317c58aed5f4c753f206b7db896046fa7d774bbc4bf7f8dc2

4
services/ir/docker-compose.yml
View file

@ -20,11 +20,13 @@ services:
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./../../vendor/locode_db:/locode/db - ./../../vendor/locode_db:/locode/db
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./healthcheck.sh:/healthcheck.sh
- ./cfg:/etc/frostfs/ir - ./cfg:/etc/frostfs/ir
- ./../../mtls:/wallets/mtls:ro
env_file: [ ".env", ".ir.env", ".int_test.env" ] env_file: [ ".env", ".ir.env", ".int_test.env" ]
command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ] command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ]
healthcheck: healthcheck:
test: ["CMD-SHELL", "/frostfs-cli control ir healthcheck -q --wallet /wallet01.key --endpoint \"$$FROSTFS_IR_CONTROL_GRPC_ENDPOINT\""] test: ["CMD-SHELL", "/healthcheck.sh"]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5

6
services/ir/healthcheck.sh Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
/frostfs-cli control ir healthcheck \
--endpoint "$FROSTFS_IR_CONTROL_GRPC_ENDPOINT" \
--wallet /wallet01.key |
grep "Health status: READY"

9
services/morph_chain/artifacts.mk
View file

@ -20,12 +20,15 @@ endif
# Download FrostFS ADM tool # Download FrostFS ADM tool
get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm
get.adm: FROSTFS_ADM_ARCHIVE=frostfs-adm.tar.gz
get.adm: get.adm:
ifeq (${FROSTFS_ADM_PATH},) ifeq (${FROSTFS_ADM_PATH},)
@echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_IMAGE}:${FROSTFS_ADM_VERSION}" @echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}"
$(shell docker cp `docker create --name tmp ${FROSTFS_ADM_IMAGE}:${FROSTFS_ADM_VERSION}`:/bin/frostfs-adm ${FROSTFS_ADM_DEST} && docker rm tmp >/dev/null) @curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_ARCHIVE}
@chmod +x ${FROSTFS_ADM_DEST} @tar -xvf ${FROSTFS_ADM_ARCHIVE} -C ./vendor | xargs -I {} \
mv ./vendor/{} ${FROSTFS_ADM_DEST}
@rm ${FROSTFS_ADM_ARCHIVE}
else else
@echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}" @echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}"
@cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST} @cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST}

11
services/morph_chain/docker-compose.yml
View file

@ -19,19 +19,10 @@ services:
- ./config.yml:/wallets/config.yml - ./config.yml:/wallets/config.yml
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./../../wallets/wallet.json:/wallets/wallet.json - ./../../wallets/wallet.json:/wallets/wallet.json
- ./../../wallets/system-wallet.json:/wallets/system-wallet.json - ./../../mtls:/wallets/mtls:ro
- ./../s3_gate/wallet.json:/wallets/s3-wallet.json
- ./../storage/wallet01.json:/wallets/storage/wallet01.json
- ./../storage/wallet02.json:/wallets/storage/wallet02.json
- ./../storage/wallet03.json:/wallets/storage/wallet03.json
- ./../storage/wallet04.json:/wallets/storage/wallet04.json
- chains:/chains
networks: networks:
chain_int: chain_int:
internet: internet:
external: true external: true
name: basenet_internet name: basenet_internet
volumes:
chains:

15
services/morph_chain/protocol.privnet.yml
View file

@ -11,14 +11,13 @@ ProtocolConfiguration:
VerifyTransactions: true VerifyTransactions: true
StateRootInHeader: true StateRootInHeader: true
P2PSigExtensions: true P2PSigExtensions: true
Hardforks: {}
ApplicationConfiguration: ApplicationConfiguration:
SkipBlockVerification: false SkipBlockVerification: false
DBConfiguration: DBConfiguration:
Type: "boltdb" Type: "boltdb"
BoltDBOptions: BoltDBOptions:
FilePath: "/chains/morph.bolt" FilePath: "./db/morph.bolt"
P2P: P2P:
Addresses: Addresses:
- ":20333" - ":20333"
@ -36,12 +35,20 @@ ApplicationConfiguration:
Path: "./wallets/node-wallet.json" Path: "./wallets/node-wallet.json"
Password: "one" Password: "one"
RPC: RPC:
Addresses: # Addresses:
- ":30333" # - "192.168.130.90:30333"
Enabled: true Enabled: true
SessionEnabled: true SessionEnabled: true
EnableCORSWorkaround: false EnableCORSWorkaround: false
MaxGasInvoke: 100 MaxGasInvoke: 100
TLSConfig:
Enabled: true
Addresses:
- "192.168.130.90:30333"
RootCAs:
- "/wallets/mtls/CA2_cert.pem"
CertFile: "/wallets/mtls/peerCA1_X_cert.pem"
KeyFile: "/wallets/mtls/peerCA1_X_key.pem"
P2PNotary: P2PNotary:
Enabled: true Enabled: true
UnlockWallet: UnlockWallet:

0
services/s3_lifecycler/.env → services/nats/.env
View file

1
services/nats/.hosts Normal file
View file

@ -0,0 +1 @@
IPV4_PREFIX.101 nats.LOCAL_DOMAIN

0
services/s3_lifecycler/.int_test.env → services/nats/.int_test.env
View file

7
services/nats/artifacts.mk Normal file
View file

@ -0,0 +1,7 @@
# Create new TLS certs for NATS server and clients
NATS_DIR=$(abspath services/nats)
get.nats:
@echo "⇒ Creating certs for NATS server and clients"
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null

30
services/nats/docker-compose.yml Normal file
View file

@ -0,0 +1,30 @@
---
services:
nats:
image: ${NATS_IMAGE}:${NATS_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: nats
container_name: nats
restart: on-failure
dns:
- ${IPV4_PREFIX}.101
networks:
nats_int:
internet:
ipv4_address: ${IPV4_PREFIX}.101
volumes:
- ./../../vendor/hosts:/etc/hosts
- ./nats.conf:/etc/nats/frostfs-nats-server.conf
- ./server-cert.pem:/certs/server-cert.pem
- ./server-key.pem:/certs/server-key.pem
- ./ca-cert.pem:/certs/ca-cert.pem
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
networks:
nats_int:
internet:
external: true
name: basenet_internet

49
services/nats/generate_cert.sh Executable file
View file

@ -0,0 +1,49 @@
#!/bin/bash
source bin/helper.sh
WORKDIR=$(dirname "$0")
LOCAL_DOMAIN=$1
CA_KEY=$WORKDIR/ca-key.pem
CA_CRT=$WORKDIR/ca-cert.pem
SRV_KEY=$WORKDIR/server-key.pem
SRV_REQ=$WORKDIR/server-req.csr
SRV_CRT=$WORKDIR/server-cert.pem
CLI_KEY=$WORKDIR/client-key.pem
CLI_REQ=$WORKDIR/client-req.csr
CLI_CRT=$WORKDIR/client-cert.pem
SUBJ="/O=TrueCloudLab"
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
die "CA certificate was not created"
fi
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
die "Server certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
rm $SRV_REQ
die "Server certificate was not signed by CA"
}
rm $SRV_REQ
fi
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
die "Client certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
rm $CLI_REQ
die "Client certificate was not signed by CA"
}
rm $CLI_REQ
fi

15
services/nats/nats.conf Normal file
View file

@ -0,0 +1,15 @@
port: 4222
monitor_port: 8222
jetstream {
store_dir=nats
max_memory_store: 1GB
max_file_store: 2GB
}
tls {
cert_file: /certs/server-cert.pem
key_file: /certs/server-key.pem
ca_file: /certs/ca-cert.pem
verify: true
}

1
services/rest_gate/.env Symbolic link
View file

@ -0,0 +1 @@
../../.env

1
services/rest_gate/.hosts Normal file
View file

@ -0,0 +1 @@
IPV4_PREFIX.83 rest.LOCAL_DOMAIN

1
services/rest_gate/.int_test.env Symbolic link
View file

@ -0,0 +1 @@
../../.int_test.env

12
services/rest_gate/cfg/config.yml Normal file
View file

@ -0,0 +1,12 @@
prometheus:
enabled: true
address: :9090
server:
# The IP and port to listen on.
listen-address: 0.0.0.0:8090
# Wallet settings
wallet:
path: /wallet.json # Path to wallet
passphrase: one # Password to decrypt wallet

32
services/rest_gate/docker-compose.yml Normal file
View file

@ -0,0 +1,32 @@
---
services:
rest_gate:
image: ${REST_GW_IMAGE}:${REST_GW_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: rest
container_name: rest_gate
restart: on-failure
networks:
rest_gate_int:
internet:
ipv4_address: ${IPV4_PREFIX}.83
volumes:
- ./wallet.json:/wallet.json
- ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/rest
stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".int_test.env" ]
command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ]
environment:
- REST_GW_POOL_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- REST_GW_POOL_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
- REST_GW_POOL_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
- REST_GW_POOL_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
networks:
rest_gate_int:
internet:
external: true
name: basenet_internet

10
services/s3_lifecycler/wallet.json → services/rest_gate/wallet.json
View file

@ -1,12 +1,12 @@
{ {
"version": "1.0", "version": "3.0",
"accounts": [ "accounts": [
{ {
"address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7", "address": "NPFCqWHfi9ixCJRu7DABRbVfXRbkSEr9Vo",
"key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ", "key": "6PYTAGjdaeicUDPqGv9mmgwb9kTwimWJJmmfNqJSDGH9qM79zSRcL9oHiB",
"label": "lifecycler", "label": "REST Gateway",
"contract": { "contract": {
"script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==", "script": "DCECcuPzZCZ2VyDsm2jKEOMnU6xEWO2bF1dvOvBWTDFYB1ZBVuezJw==",
"parameters": [ "parameters": [
{ {
"name": "parameter0", "name": "parameter0",

4
services/s3_gate/cfg/config.yml
View file

@ -47,7 +47,3 @@ frostfsid:
policy: policy:
enabled: false enabled: false
containers:
cors: cors.container
mfa: mfa.container

6
services/s3_gate/docker-compose.yml
View file

@ -12,15 +12,11 @@ services:
internet: internet:
ipv4_address: ${IPV4_PREFIX}.82 ipv4_address: ${IPV4_PREFIX}.82
volumes: volumes:
# Gate wallet
- ./wallet.json:/wallet.json - ./wallet.json:/wallet.json
# Folder for custom user wallets
- ./../../wallets/:/wallets/
- ./tls.key:/tls.key - ./tls.key:/tls.key
- ./tls.crt:/tls.crt - ./tls.crt:/tls.crt
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3 - ./cfg:/etc/frostfs/s3
- ./issue-creds.sh:/usr/bin/issue-creds.sh
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
env_file: [ ".env", ".s3.env", ".int_test.env" ] env_file: [ ".env", ".s3.env", ".int_test.env" ]
@ -38,8 +34,6 @@ services:
- S3_GW_PEERS_2_WEIGHT=0.2 - S3_GW_PEERS_2_WEIGHT=0.2
- S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080 - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_GW_PEERS_3_WEIGHT=0.2 - S3_GW_PEERS_3_WEIGHT=0.2
- AUTHMATE_WALLET_PASSPHRASE=
- AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
networks: networks:
s3_gate_int: s3_gate_int:

41
services/s3_gate/issue-creds.sh
View file

@ -1,41 +0,0 @@
#!/bin/bash
initUser() {
/bin/frostfs-s3-authmate register-user \
--wallet $WALLET_PATH \
--rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
--username $USERNAME \
--contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
}
issueCreds() {
/bin/frostfs-s3-authmate issue-secret \
--wallet $WALLET_PATH \
--peer s01.frostfs.devenv:8080 \
--gate-public-key $S3_GATE_PUBLIC_KEY \
--container-placement-policy "REP 3"
}
set -e
WALLET_PATH=/wallets/$2
if [[ -z "$2" ]]; then
WALLET_PATH=/wallets/wallet.json
fi
S3_GATE_PUBLIC_KEY=$3
if [[ -z "$3" ]]; then
S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
fi
WALLET_CACHE=/data/wallets
mkdir -p $WALLET_CACHE
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
initUser
fi
if [ $1 == "s3" ]; then
issueCreds
fi

14
services/s3_gate/prepare.mk
View file

@ -1,14 +0,0 @@
.PHONY: s3cred register
password?=
contract_password?=s3
gate_public_key?=
wallet?=
# Register wallet & generate S3 credentials
s3cred:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
# Only registers user wallet
register:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"

1
services/s3_lifecycler/.hosts
View file

@ -1 +0,0 @@
IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN

42
services/s3_lifecycler/cfg/config.yml
View file

@ -1,42 +0,0 @@
logger:
level: debug
prometheus:
enabled: true
address: :9090
lifecycle:
job_fetcher_buffer: 1000
executor_pool_size: 100
frostfs:
stream_timeout: 10s
connect_timeout: 10s
healthcheck_timeout: 15s
rebalance_interval: 60s
pool_error_threshold: 100
tree_pool_max_attempts: 4
credential:
use: wallets
source:
wallets:
- path: /wallet.json
address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
passphrase: "cycle"
- path: /user-wallet.json
address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
passphrase: ""
morph:
reconnect_clients_interval: 30s
dial_timeout: 5s
contract:
netmap: netmap.frostfs
frostfsid: frostfsid.frostfs
container: container.frostfs
# Wallet configuration
wallet:
path: /wallet.json # Path to wallet
passphrase: "cycle" # Passphrase to decrypt wallet

37
services/s3_lifecycler/docker-compose.yml
View file

@ -1,37 +0,0 @@
---
services:
s3_lifecycler:
image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: s3_lifecycler
container_name: s3_lifecycler
restart: on-failure
networks:
s3_lifecycler_int:
internet:
ipv4_address: ${IPV4_PREFIX}.84
volumes:
- ./wallet.json:/wallet.json
- ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3-lifecycler
- ./../../wallets/wallet.json:/user-wallet.json
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
environment:
- S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
- S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
networks:
s3_lifecycler_int:
internet:
external: true
name: basenet_internet

14
services/storage/cfg/config.yml
View file

@ -29,9 +29,21 @@ tracing:
morph: morph:
dial_timeout: 30s # Timeout for side chain NEO RPC client connection dial_timeout: 30s # Timeout for side chain NEO RPC client connection
rpc_endpoint: # Side chain NEO RPC endpoints rpc_endpoint: # Side chain NEO RPC endpoints
- address: ws://morph-chain:30333/ws - address: wss://morph-chain:30333/ws
priority: 1 priority: 1
# Common storage node settings
node:
attribute_0: "User-Agent:FrostFS/0.34"
notification:
enabled: true # Turn on object notification service
endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint
timeout: "6s" # Timeout for object notification client connection
default_topic: "test" # Default topic for object notifications if not found in object's meta
certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate
key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key
ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate
# Tree section # Tree section
tree: tree:
enabled: true enabled: true

44
services/storage/docker-compose.yml
View file

@ -17,8 +17,13 @@ services:
- storage_s01:/storage - storage_s01:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
- ./../../mtls:/wallets/mtls:ro
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -29,11 +34,13 @@ services:
- FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
- FROSTFS_NODE_ATTRIBUTE_2=Price:22 - FROSTFS_NODE_ATTRIBUTE_2=Price:22
- FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_1_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_1_key.pem
healthcheck: healthcheck:
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] test: ["CMD-SHELL", "/healthcheck.sh"]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -55,8 +62,13 @@ services:
- storage_s02:/storage - storage_s02:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
- ./../../mtls:/wallets/mtls:ro
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -67,11 +79,13 @@ services:
- FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
- FROSTFS_NODE_ATTRIBUTE_2=Price:33 - FROSTFS_NODE_ATTRIBUTE_2=Price:33
- FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_2_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_2_key.pem
healthcheck: healthcheck:
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] test: ["CMD-SHELL", "/healthcheck.sh"]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -93,8 +107,13 @@ services:
- storage_s03:/storage - storage_s03:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
- ./../../mtls:/wallets/mtls:ro
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -105,11 +124,13 @@ services:
- FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
- FROSTFS_NODE_ATTRIBUTE_2=Price:11 - FROSTFS_NODE_ATTRIBUTE_2=Price:11
- FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_3_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_3_key.pem
healthcheck: healthcheck:
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] test: ["CMD-SHELL", "/healthcheck.sh"]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -131,9 +152,14 @@ services:
- storage_s04:/storage - storage_s04:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/tls.crt - ./s04tls.crt:/tls.crt
- ./s04tls.key:/tls.key - ./s04tls.key:/tls.key
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
- ./../../mtls:/wallets/mtls:ro
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
@ -149,11 +175,13 @@ services:
- FROSTFS_GRPC_1_TLS_ENABLED=true - FROSTFS_GRPC_1_TLS_ENABLED=true
- FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt - FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
- FROSTFS_GRPC_1_TLS_KEY=/tls.key - FROSTFS_GRPC_1_TLS_KEY=/tls.key
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
- FROSTFS_NODE_ATTRIBUTE_2=Price:44 - FROSTFS_NODE_ATTRIBUTE_2=Price:44
- FROSTFS_MORPH_RPC_ENDPOINT_0_ROOT_CAS=/wallets/mtls/CA1_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE=/wallets/mtls/peerCA2_4_cert.pem
- FROSTFS_MORPH_RPC_ENDPOINT_0_KEY=/wallets/mtls/peerCA2_4_key.pem
healthcheck: healthcheck:
test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""] test: ["CMD-SHELL", "/healthcheck.sh"]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5

5
services/storage/healthcheck.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/sh
/frostfs-cli control healthcheck -c /cli-cfg.yml \
--endpoint "$FROSTFS_CONTROL_GRPC_ENDPOINT" |
grep "Health status: READY"

1
wallets/system-wallet.json
View file

@ -1 +0,0 @@
{"version":"1.0","accounts":[{"address":"NQijiVKHbL22PfF2AJQukv1CX75itxgzht","key":"6PYQKrpme57VqaucxuF7dDoSZRRA8d94oatHcScqhiFBauCXQvFDaYwEWa","label":"","contract":{"script":"DCEDRdLtpFIWeYyI7doTKRhIl4qYjaybGDveTyGpbqjsLZNBVuezJw==","parameters":[{"name":"parameter0","type":"Signature"}],"deployed":false},"lock":false,"isDefault":false}],"scrypt":{"n":16384,"r":8,"p":8},"extra":{"Tokens":null}}