Compare commits
1 commit
master
...
bug/storag
Author | SHA1 | Date | |
---|---|---|---|
8b08f8c171 |
36 changed files with 272 additions and 254 deletions
|
@ -1,4 +1,5 @@
|
||||||
# Services start/stop order
|
# Services start/stop order
|
||||||
# Will start from top to bottom and stop in reverse
|
# Will start from top to bottom and stop in reverse
|
||||||
|
nats
|
||||||
ir
|
ir
|
||||||
storage
|
storage
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
.docker
|
.docker
|
||||||
|
.github
|
||||||
.forgejo
|
.forgejo
|
||||||
vendor
|
vendor
|
||||||
tmp
|
tmp
|
||||||
|
|
10
.env
10
.env
|
@ -19,6 +19,10 @@ IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
|
||||||
NODE_VERSION=0.42.9
|
NODE_VERSION=0.42.9
|
||||||
NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
|
NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
|
||||||
|
|
||||||
|
# NATS Server
|
||||||
|
NATS_VERSION=2.7.2
|
||||||
|
NATS_IMAGE=nats
|
||||||
|
|
||||||
# HTTP Gate
|
# HTTP Gate
|
||||||
HTTP_GW_VERSION=0.30.2
|
HTTP_GW_VERSION=0.30.2
|
||||||
HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
|
HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
|
||||||
|
@ -28,13 +32,9 @@ REST_GW_VERSION=c9c85e90
|
||||||
REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
|
REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
|
||||||
|
|
||||||
# S3 Gate
|
# S3 Gate
|
||||||
S3_GW_VERSION=0.31.0-rc.4
|
S3_GW_VERSION=0.30.4
|
||||||
S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
|
S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
|
||||||
|
|
||||||
# Lifecycler
|
|
||||||
S3_LIFECYCLER_VERSION=0.1.3
|
|
||||||
S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
|
|
||||||
|
|
||||||
# FrostFS LOCODE database
|
# FrostFS LOCODE database
|
||||||
LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
|
LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
|
||||||
#LOCODE_DB_PATH=/path/to/locode_db
|
#LOCODE_DB_PATH=/path/to/locode_db
|
||||||
|
|
1
.github/CODEOWNERS
vendored
Normal file
1
.github/CODEOWNERS
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
* @alexvanin @fyrchik
|
0
.forgejo/logo.svg → .github/logo.svg
vendored
0
.forgejo/logo.svg → .github/logo.svg
vendored
Before Width: | Height: | Size: 5.5 KiB After Width: | Height: | Size: 5.5 KiB |
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -15,3 +15,4 @@ sites/*
|
||||||
# Runtime generation keys
|
# Runtime generation keys
|
||||||
services/storage/*tls.crt
|
services/storage/*tls.crt
|
||||||
services/storage/*tls.key
|
services/storage/*tls.key
|
||||||
|
services/nats/*.pem
|
||||||
|
|
|
@ -3,4 +3,3 @@
|
||||||
http_gate
|
http_gate
|
||||||
s3_gate
|
s3_gate
|
||||||
rest_gate
|
rest_gate
|
||||||
s3_lifecycler
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
.* @alexvanin @fyrchik
|
|
3
Makefile
3
Makefile
|
@ -60,7 +60,6 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
|
||||||
.PHONY: up
|
.PHONY: up
|
||||||
up: up/basic
|
up: up/basic
|
||||||
@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
|
@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
|
||||||
./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
|
|
||||||
@echo "Full FrostFS Developer Environment is ready"
|
@echo "Full FrostFS Developer Environment is ready"
|
||||||
|
|
||||||
# Build up FrostFS
|
# Build up FrostFS
|
||||||
|
@ -150,7 +149,7 @@ hosts: vendor/hosts
|
||||||
.PHONY: clean
|
.PHONY: clean
|
||||||
.ONESHELL:
|
.ONESHELL:
|
||||||
clean:
|
clean:
|
||||||
@rm -rf vendor/* services/storage/s04tls.*
|
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
|
||||||
@> .int_test.env
|
@> .int_test.env
|
||||||
@for svc in $(PULL_SVCS)
|
@for svc in $(PULL_SVCS)
|
||||||
do
|
do
|
||||||
|
|
61
README.md
61
README.md
|
@ -1,5 +1,5 @@
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<img src="./.forgejo/logo.svg" width="500px" alt="FrostFS logo">
|
<img src="./.github/logo.svg" width="500px" alt="FrostFS logo">
|
||||||
</p>
|
</p>
|
||||||
<p align="center">
|
<p align="center">
|
||||||
<a href="https://frostfs.info">FrostFS</a> local Development and Testing environment
|
<a href="https://frostfs.info">FrostFS</a> local Development and Testing environment
|
||||||
|
@ -137,65 +137,6 @@ Display addresses and host names for each running service, if available.
|
||||||
|
|
||||||
Clean up `vendor` directory.
|
Clean up `vendor` directory.
|
||||||
|
|
||||||
### s3cred
|
|
||||||
|
|
||||||
Registers user wallet and issues s3 credentials.
|
|
||||||
|
|
||||||
Usage and default parameter values:
|
|
||||||
```sh
|
|
||||||
make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
|
|
||||||
```
|
|
||||||
|
|
||||||
As soon as the storage node is in the network map (see above) you can generate S3
|
|
||||||
credentials:
|
|
||||||
|
|
||||||
``` sh
|
|
||||||
$ make s3cred
|
|
||||||
{
|
|
||||||
"access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
|
|
||||||
"secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
|
|
||||||
"owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
|
|
||||||
"wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
|
|
||||||
"container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
Running without any parameters will result in defaults which are based on the private key from
|
|
||||||
`/user-wallet.json` file and `/wallet.json` contract wallet.
|
|
||||||
|
|
||||||
Now let's configure an S3 client (AWS CLI will be used as example):
|
|
||||||
|
|
||||||
``` sh
|
|
||||||
$ aws configure
|
|
||||||
AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
|
|
||||||
AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
|
|
||||||
Default region name []: us-east-1
|
|
||||||
Default output format []: json
|
|
||||||
```
|
|
||||||
|
|
||||||
If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter.
|
|
||||||
Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
|
|
||||||
|
|
||||||
```sh
|
|
||||||
$ make s3cred wallet=custom_wallet.json password=test
|
|
||||||
{
|
|
||||||
"access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
|
|
||||||
"secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
|
|
||||||
"owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
|
|
||||||
"wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
|
|
||||||
"container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
To get credentials from custom wallet, place it in `wallets` dir before start.
|
|
||||||
|
|
||||||
### cred
|
|
||||||
|
|
||||||
Usage and default parameter values:
|
|
||||||
```sh
|
|
||||||
make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
|
|
||||||
```
|
|
||||||
The same as `s3cred`, but it doesn't issues s3 credentials.
|
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
Feel free to contribute to this project after reading the [contributing
|
Feel free to contribute to this project after reading the [contributing
|
||||||
|
|
|
@ -4,15 +4,13 @@ A single-node N3 privnet deployment, running on
|
||||||
|
|
||||||
Contracts deployed:
|
Contracts deployed:
|
||||||
- Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet)
|
- Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet)
|
||||||
|
- Audit [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/audit)
|
||||||
- Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance)
|
- Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance)
|
||||||
- Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container)
|
- Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container)
|
||||||
- FrostFS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfs)
|
|
||||||
- FrostFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfsid)
|
|
||||||
- NNS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/nns)
|
|
||||||
- Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap)
|
- Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap)
|
||||||
- Policy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/policy)
|
- NeoFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/neofsid)
|
||||||
- Processing [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/processing)
|
|
||||||
- Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy)
|
- Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy)
|
||||||
|
- Reputation [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/reputation)
|
||||||
|
|
||||||
RPC available at `http://morph-chain.frostfs.devenv:30333`.
|
RPC available at `http://morph-chain.frostfs.devenv:30333`.
|
||||||
|
|
||||||
|
|
4
extra/.gitignore
vendored
Normal file
4
extra/.gitignore
vendored
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
bin
|
||||||
|
storage
|
||||||
|
.frostfs-storage-state
|
||||||
|
new_storage_wallet.json
|
47
extra/Makefile
Normal file
47
extra/Makefile
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
WALLET=new_storage_wallet.json
|
||||||
|
GAS?=1000
|
||||||
|
|
||||||
|
INNERRING_IP?=$(call docker_ip,ir01)
|
||||||
|
MORPH_IP?=$(call docker_ip,morph_chain)
|
||||||
|
MORPH_ENDPOINT=http://$(MORPH_IP):30333
|
||||||
|
|
||||||
|
ADM=../vendor/frostfs-adm
|
||||||
|
CLI=../vendor/frostfs-cli
|
||||||
|
NEO=./bin/neo-go
|
||||||
|
NODE=./bin/frostfs-node
|
||||||
|
|
||||||
|
.PHONY: up
|
||||||
|
up: wallet | $(NEO) $(NODE)
|
||||||
|
$(NEO) wallet nep17 balance -r $(MORPH_ENDPOINT) -w $(WALLET)
|
||||||
|
$(ADM) morph refill-gas --storage-wallet $(WALLET) --gas $(GAS) \
|
||||||
|
--rpc-endpoint $(MORPH_ENDPOINT) --alphabet-wallets ../services/ir \
|
||||||
|
--config ../frostfs-adm.yml
|
||||||
|
$(NEO) wallet nep17 balance -r $(MORPH_ENDPOINT) -w $(WALLET)
|
||||||
|
$(NODE) --config-dir config &
|
||||||
|
NODE_PID=$$!
|
||||||
|
sleep 10
|
||||||
|
kill $$NODE_PID
|
||||||
|
$(NEO) wallet nep17 balance -r $(MORPH_ENDPOINT) -w $(WALLET)
|
||||||
|
|
||||||
|
.PHONY: wallet
|
||||||
|
wallet: | $(NEO)
|
||||||
|
rm $(WALLET) || true
|
||||||
|
$(NEO) wallet init --account --wallet-config new_storage_wallet.template
|
||||||
|
|
||||||
|
$(NEO):
|
||||||
|
mkdir -p $(dir $@)
|
||||||
|
curl -o $@ -sSL https://github.com/nspcc-dev/neo-go/releases/download/v0.106.3/neo-go-linux-amd64
|
||||||
|
chmod +x $@
|
||||||
|
|
||||||
|
$(NODE):
|
||||||
|
mkdir -p $(dir $@)
|
||||||
|
curl -o $@ -sSL https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v0.42.9/frostfs-node
|
||||||
|
chmod +x $@
|
||||||
|
|
||||||
|
define docker_ip
|
||||||
|
$(firstword $(shell docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}} {{end}}' $(1)))
|
||||||
|
endef
|
||||||
|
|
||||||
|
SHELL=/bin/bash
|
||||||
|
.SHELLFLAGS=-euo pipefail -c
|
||||||
|
.ONESHELL:
|
1
extra/config/devenv.yml
Symbolic link
1
extra/config/devenv.yml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../../services/storage/cfg/config.yml
|
77
extra/config/extra.yml
Normal file
77
extra/config/extra.yml
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
logger:
|
||||||
|
loki:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
pprof:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
prometheus:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
tracing:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
morph:
|
||||||
|
rpc_endpoint: # Side chain NEO RPC endpoints
|
||||||
|
- address: ws://morph-chain.frostfs.devenv:30333/ws
|
||||||
|
priority: 1
|
||||||
|
|
||||||
|
# Common storage node settings
|
||||||
|
node:
|
||||||
|
wallet:
|
||||||
|
path: new_storage_wallet.json
|
||||||
|
password: ""
|
||||||
|
addresses:
|
||||||
|
- grpc://s01.frostfs.devenv:8080
|
||||||
|
notification:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
grpc:
|
||||||
|
- endpoint: 127.0.88.1:8802
|
||||||
|
tls:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
tree:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
storage:
|
||||||
|
shard:
|
||||||
|
0:
|
||||||
|
writecache:
|
||||||
|
enabled: true
|
||||||
|
path: storage/wc0 # Write-cache root directory
|
||||||
|
|
||||||
|
metabase:
|
||||||
|
path: storage/meta0 # Path to the metabase
|
||||||
|
|
||||||
|
blobstor:
|
||||||
|
- type: blobovnicza
|
||||||
|
path: storage/blobovnicza0 # Blobovnicza root directory
|
||||||
|
depth: 2
|
||||||
|
width: 4
|
||||||
|
- type: fstree
|
||||||
|
path: storage/fstree0 # FSTree root directory
|
||||||
|
depth: 2
|
||||||
|
|
||||||
|
pilorama:
|
||||||
|
path: storage/pilorama0 # Path to the pilorama database
|
||||||
|
|
||||||
|
1:
|
||||||
|
writecache:
|
||||||
|
enabled: true
|
||||||
|
path: storage/wc1 # Write-cache root directory
|
||||||
|
|
||||||
|
metabase:
|
||||||
|
path: storage/meta1 # Path to the metabase
|
||||||
|
|
||||||
|
blobstor:
|
||||||
|
- type: blobovnicza
|
||||||
|
path: storage/blobovnicza1 # Blobovnicza root directory
|
||||||
|
depth: 2
|
||||||
|
width: 4
|
||||||
|
- type: fstree
|
||||||
|
path: storage/fstree1 # FSTree root directory
|
||||||
|
depth: 2
|
||||||
|
|
||||||
|
pilorama:
|
||||||
|
path: storage/pilorama1 # Path to the pilorama database
|
2
extra/new_storage_wallet.template
Normal file
2
extra/new_storage_wallet.template
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
Path: new_storage_wallet.json
|
||||||
|
Password: ""
|
|
@ -19,7 +19,6 @@ services:
|
||||||
- ./config.yml:/wallets/config.yml
|
- ./config.yml:/wallets/config.yml
|
||||||
- ./../../vendor/hosts:/etc/hosts
|
- ./../../vendor/hosts:/etc/hosts
|
||||||
- ./../../wallets/wallet.json:/wallets/wallet.json
|
- ./../../wallets/wallet.json:/wallets/wallet.json
|
||||||
- ./../s3_gate/wallet.json:/wallets/s3-wallet.json
|
|
||||||
- chains:/chains
|
- chains:/chains
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
|
|
1
services/nats/.hosts
Normal file
1
services/nats/.hosts
Normal file
|
@ -0,0 +1 @@
|
||||||
|
IPV4_PREFIX.101 nats.LOCAL_DOMAIN
|
7
services/nats/artifacts.mk
Normal file
7
services/nats/artifacts.mk
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# Create new TLS certs for NATS server and clients
|
||||||
|
|
||||||
|
NATS_DIR=$(abspath services/nats)
|
||||||
|
|
||||||
|
get.nats:
|
||||||
|
@echo "⇒ Creating certs for NATS server and clients"
|
||||||
|
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null
|
30
services/nats/docker-compose.yml
Normal file
30
services/nats/docker-compose.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
services:
|
||||||
|
nats:
|
||||||
|
image: ${NATS_IMAGE}:${NATS_VERSION}
|
||||||
|
domainname: ${LOCAL_DOMAIN}
|
||||||
|
hostname: nats
|
||||||
|
container_name: nats
|
||||||
|
restart: on-failure
|
||||||
|
dns:
|
||||||
|
- ${IPV4_PREFIX}.101
|
||||||
|
networks:
|
||||||
|
nats_int:
|
||||||
|
internet:
|
||||||
|
ipv4_address: ${IPV4_PREFIX}.101
|
||||||
|
volumes:
|
||||||
|
- ./../../vendor/hosts:/etc/hosts
|
||||||
|
- ./nats.conf:/etc/nats/frostfs-nats-server.conf
|
||||||
|
- ./server-cert.pem:/certs/server-cert.pem
|
||||||
|
- ./server-key.pem:/certs/server-key.pem
|
||||||
|
- ./ca-cert.pem:/certs/ca-cert.pem
|
||||||
|
stop_signal: SIGKILL
|
||||||
|
env_file: [ ".env", ".int_test.env" ]
|
||||||
|
command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
|
||||||
|
|
||||||
|
networks:
|
||||||
|
nats_int:
|
||||||
|
internet:
|
||||||
|
external: true
|
||||||
|
name: basenet_internet
|
49
services/nats/generate_cert.sh
Executable file
49
services/nats/generate_cert.sh
Executable file
|
@ -0,0 +1,49 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
source bin/helper.sh
|
||||||
|
|
||||||
|
WORKDIR=$(dirname "$0")
|
||||||
|
LOCAL_DOMAIN=$1
|
||||||
|
|
||||||
|
CA_KEY=$WORKDIR/ca-key.pem
|
||||||
|
CA_CRT=$WORKDIR/ca-cert.pem
|
||||||
|
|
||||||
|
SRV_KEY=$WORKDIR/server-key.pem
|
||||||
|
SRV_REQ=$WORKDIR/server-req.csr
|
||||||
|
SRV_CRT=$WORKDIR/server-cert.pem
|
||||||
|
|
||||||
|
CLI_KEY=$WORKDIR/client-key.pem
|
||||||
|
CLI_REQ=$WORKDIR/client-req.csr
|
||||||
|
CLI_CRT=$WORKDIR/client-cert.pem
|
||||||
|
|
||||||
|
SUBJ="/O=TrueCloudLab"
|
||||||
|
|
||||||
|
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
|
||||||
|
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
|
||||||
|
die "CA certificate was not created"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
|
||||||
|
openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
|
||||||
|
die "Server certificate was not created"
|
||||||
|
|
||||||
|
openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
|
||||||
|
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
|
||||||
|
rm $SRV_REQ
|
||||||
|
die "Server certificate was not signed by CA"
|
||||||
|
}
|
||||||
|
|
||||||
|
rm $SRV_REQ
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
|
||||||
|
openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
|
||||||
|
die "Client certificate was not created"
|
||||||
|
|
||||||
|
openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
|
||||||
|
rm $CLI_REQ
|
||||||
|
die "Client certificate was not signed by CA"
|
||||||
|
}
|
||||||
|
|
||||||
|
rm $CLI_REQ
|
||||||
|
fi
|
15
services/nats/nats.conf
Normal file
15
services/nats/nats.conf
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
port: 4222
|
||||||
|
monitor_port: 8222
|
||||||
|
|
||||||
|
jetstream {
|
||||||
|
store_dir=nats
|
||||||
|
max_memory_store: 1GB
|
||||||
|
max_file_store: 2GB
|
||||||
|
}
|
||||||
|
|
||||||
|
tls {
|
||||||
|
cert_file: /certs/server-cert.pem
|
||||||
|
key_file: /certs/server-key.pem
|
||||||
|
ca_file: /certs/ca-cert.pem
|
||||||
|
verify: true
|
||||||
|
}
|
|
@ -12,17 +12,11 @@ services:
|
||||||
internet:
|
internet:
|
||||||
ipv4_address: ${IPV4_PREFIX}.82
|
ipv4_address: ${IPV4_PREFIX}.82
|
||||||
volumes:
|
volumes:
|
||||||
# Gate wallet
|
|
||||||
- ./wallet.json:/wallet.json
|
- ./wallet.json:/wallet.json
|
||||||
# Custom user wallets
|
|
||||||
- ./wallets:/wallets
|
|
||||||
# Default user wallet
|
|
||||||
- ./../../wallets/wallet.json:/wallets/wallet.json
|
|
||||||
- ./tls.key:/tls.key
|
- ./tls.key:/tls.key
|
||||||
- ./tls.crt:/tls.crt
|
- ./tls.crt:/tls.crt
|
||||||
- ./../../vendor/hosts:/etc/hosts
|
- ./../../vendor/hosts:/etc/hosts
|
||||||
- ./cfg:/etc/frostfs/s3
|
- ./cfg:/etc/frostfs/s3
|
||||||
- ./issue-creds.sh:/usr/bin/issue-creds.sh
|
|
||||||
stop_signal: SIGTERM
|
stop_signal: SIGTERM
|
||||||
stop_grace_period: 15s
|
stop_grace_period: 15s
|
||||||
env_file: [ ".env", ".s3.env", ".int_test.env" ]
|
env_file: [ ".env", ".s3.env", ".int_test.env" ]
|
||||||
|
@ -40,8 +34,6 @@ services:
|
||||||
- S3_GW_PEERS_2_WEIGHT=0.2
|
- S3_GW_PEERS_2_WEIGHT=0.2
|
||||||
- S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
|
- S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
|
||||||
- S3_GW_PEERS_3_WEIGHT=0.2
|
- S3_GW_PEERS_3_WEIGHT=0.2
|
||||||
- AUTHMATE_WALLET_PASSPHRASE=
|
|
||||||
- AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
s3_gate_int:
|
s3_gate_int:
|
||||||
|
|
|
@ -1,41 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
initUser() {
|
|
||||||
/bin/frostfs-s3-authmate register-user \
|
|
||||||
--wallet $WALLET_PATH \
|
|
||||||
--rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
|
|
||||||
--username $USERNAME \
|
|
||||||
--contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
|
|
||||||
}
|
|
||||||
|
|
||||||
issueCreds() {
|
|
||||||
/bin/frostfs-s3-authmate issue-secret \
|
|
||||||
--wallet $WALLET_PATH \
|
|
||||||
--peer s01.frostfs.devenv:8080 \
|
|
||||||
--gate-public-key $S3_GATE_PUBLIC_KEY \
|
|
||||||
--container-placement-policy "REP 3"
|
|
||||||
}
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
WALLET_PATH=/wallets/$2
|
|
||||||
if [[ -z "$2" ]]; then
|
|
||||||
WALLET_PATH=/wallets/wallet.json
|
|
||||||
fi
|
|
||||||
|
|
||||||
S3_GATE_PUBLIC_KEY=$3
|
|
||||||
if [[ -z "$3" ]]; then
|
|
||||||
S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
|
|
||||||
fi
|
|
||||||
|
|
||||||
WALLET_CACHE=/data/wallets
|
|
||||||
mkdir -p $WALLET_CACHE
|
|
||||||
|
|
||||||
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
|
|
||||||
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
|
|
||||||
initUser
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $1 == "s3" ]; then
|
|
||||||
issueCreds
|
|
||||||
fi
|
|
|
@ -1,14 +0,0 @@
|
||||||
.PHONY: s3cred register
|
|
||||||
|
|
||||||
password?=
|
|
||||||
contract_password?=s3
|
|
||||||
gate_public_key?=
|
|
||||||
wallet?=
|
|
||||||
|
|
||||||
# Register wallet & generate S3 credentials
|
|
||||||
s3cred:
|
|
||||||
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
|
|
||||||
|
|
||||||
# Only registers user wallet
|
|
||||||
register:
|
|
||||||
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"
|
|
|
@ -1 +0,0 @@
|
||||||
IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN
|
|
|
@ -1,42 +0,0 @@
|
||||||
logger:
|
|
||||||
level: debug
|
|
||||||
|
|
||||||
prometheus:
|
|
||||||
enabled: true
|
|
||||||
address: :9090
|
|
||||||
|
|
||||||
lifecycle:
|
|
||||||
job_fetcher_buffer: 1000
|
|
||||||
executor_pool_size: 100
|
|
||||||
|
|
||||||
frostfs:
|
|
||||||
stream_timeout: 10s
|
|
||||||
connect_timeout: 10s
|
|
||||||
healthcheck_timeout: 15s
|
|
||||||
rebalance_interval: 60s
|
|
||||||
pool_error_threshold: 100
|
|
||||||
tree_pool_max_attempts: 4
|
|
||||||
|
|
||||||
credential:
|
|
||||||
use: wallets
|
|
||||||
source:
|
|
||||||
wallets:
|
|
||||||
- path: /wallet.json
|
|
||||||
address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
|
|
||||||
passphrase: "cycle"
|
|
||||||
- path: /user-wallet.json
|
|
||||||
address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
|
|
||||||
passphrase: ""
|
|
||||||
|
|
||||||
morph:
|
|
||||||
reconnect_clients_interval: 30s
|
|
||||||
dial_timeout: 5s
|
|
||||||
contract:
|
|
||||||
netmap: netmap.frostfs
|
|
||||||
frostfsid: frostfsid.frostfs
|
|
||||||
container: container.frostfs
|
|
||||||
|
|
||||||
# Wallet configuration
|
|
||||||
wallet:
|
|
||||||
path: /wallet.json # Path to wallet
|
|
||||||
passphrase: "cycle" # Passphrase to decrypt wallet
|
|
|
@ -1,38 +0,0 @@
|
||||||
---
|
|
||||||
|
|
||||||
version: "2.4"
|
|
||||||
services:
|
|
||||||
s3_lifecycler:
|
|
||||||
image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
|
|
||||||
domainname: ${LOCAL_DOMAIN}
|
|
||||||
hostname: s3_lifecycler
|
|
||||||
container_name: s3_lifecycler
|
|
||||||
restart: on-failure
|
|
||||||
networks:
|
|
||||||
s3_lifecycler_int:
|
|
||||||
internet:
|
|
||||||
ipv4_address: ${IPV4_PREFIX}.84
|
|
||||||
volumes:
|
|
||||||
- ./wallet.json:/wallet.json
|
|
||||||
- ./../../vendor/hosts:/etc/hosts
|
|
||||||
- ./cfg:/etc/frostfs/s3-lifecycler
|
|
||||||
- ./../../wallets/wallet.json:/user-wallet.json
|
|
||||||
stop_signal: SIGKILL
|
|
||||||
env_file: [ ".env", ".int_test.env" ]
|
|
||||||
command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
|
|
||||||
environment:
|
|
||||||
- S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
|
|
||||||
- S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
|
|
||||||
|
|
||||||
networks:
|
|
||||||
s3_lifecycler_int:
|
|
||||||
internet:
|
|
||||||
external: true
|
|
||||||
name: basenet_internet
|
|
|
@ -1,30 +0,0 @@
|
||||||
{
|
|
||||||
"version": "1.0",
|
|
||||||
"accounts": [
|
|
||||||
{
|
|
||||||
"address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7",
|
|
||||||
"key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ",
|
|
||||||
"label": "lifecycler",
|
|
||||||
"contract": {
|
|
||||||
"script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==",
|
|
||||||
"parameters": [
|
|
||||||
{
|
|
||||||
"name": "parameter0",
|
|
||||||
"type": "Signature"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"deployed": false
|
|
||||||
},
|
|
||||||
"lock": false,
|
|
||||||
"isDefault": false
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"scrypt": {
|
|
||||||
"n": 16384,
|
|
||||||
"r": 8,
|
|
||||||
"p": 8
|
|
||||||
},
|
|
||||||
"extra": {
|
|
||||||
"Tokens": null
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -32,6 +32,18 @@ morph:
|
||||||
- address: ws://morph-chain:30333/ws
|
- address: ws://morph-chain:30333/ws
|
||||||
priority: 1
|
priority: 1
|
||||||
|
|
||||||
|
# Common storage node settings
|
||||||
|
node:
|
||||||
|
attribute_0: "User-Agent:FrostFS/0.34"
|
||||||
|
notification:
|
||||||
|
enabled: true # Turn on object notification service
|
||||||
|
endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint
|
||||||
|
timeout: "6s" # Timeout for object notification client connection
|
||||||
|
default_topic: "test" # Default topic for object notifications if not found in object's meta
|
||||||
|
certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate
|
||||||
|
key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key
|
||||||
|
ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate
|
||||||
|
|
||||||
# Tree section
|
# Tree section
|
||||||
tree:
|
tree:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -18,6 +18,9 @@ services:
|
||||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||||
- ./cli-cfg.yml:/cli-cfg.yml
|
- ./cli-cfg.yml:/cli-cfg.yml
|
||||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||||
|
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||||
|
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||||
|
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||||
- ./cfg:/etc/frostfs/storage
|
- ./cfg:/etc/frostfs/storage
|
||||||
stop_signal: SIGTERM
|
stop_signal: SIGTERM
|
||||||
stop_grace_period: 15s
|
stop_grace_period: 15s
|
||||||
|
@ -29,7 +32,6 @@ services:
|
||||||
- FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
|
- FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
|
||||||
- FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
|
- FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
|
||||||
- FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
|
- FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
|
||||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
|
||||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
|
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
|
||||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:22
|
- FROSTFS_NODE_ATTRIBUTE_2=Price:22
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
@ -56,6 +58,9 @@ services:
|
||||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||||
- ./cli-cfg.yml:/cli-cfg.yml
|
- ./cli-cfg.yml:/cli-cfg.yml
|
||||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||||
|
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||||
|
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||||
|
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||||
- ./cfg:/etc/frostfs/storage
|
- ./cfg:/etc/frostfs/storage
|
||||||
stop_signal: SIGTERM
|
stop_signal: SIGTERM
|
||||||
stop_grace_period: 15s
|
stop_grace_period: 15s
|
||||||
|
@ -67,7 +72,6 @@ services:
|
||||||
- FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
|
- FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
|
||||||
- FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
|
- FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
|
||||||
- FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
|
- FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
|
||||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
|
||||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
|
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
|
||||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:33
|
- FROSTFS_NODE_ATTRIBUTE_2=Price:33
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
@ -94,6 +98,9 @@ services:
|
||||||
- ./../../vendor/frostfs-cli:/frostfs-cli
|
- ./../../vendor/frostfs-cli:/frostfs-cli
|
||||||
- ./cli-cfg.yml:/cli-cfg.yml
|
- ./cli-cfg.yml:/cli-cfg.yml
|
||||||
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt
|
||||||
|
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||||
|
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||||
|
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||||
- ./cfg:/etc/frostfs/storage
|
- ./cfg:/etc/frostfs/storage
|
||||||
stop_signal: SIGTERM
|
stop_signal: SIGTERM
|
||||||
stop_grace_period: 15s
|
stop_grace_period: 15s
|
||||||
|
@ -105,7 +112,6 @@ services:
|
||||||
- FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
|
- FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
|
||||||
- FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
|
- FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
|
||||||
- FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
|
- FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
|
||||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
|
||||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
|
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
|
||||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:11
|
- FROSTFS_NODE_ATTRIBUTE_2=Price:11
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
@ -133,6 +139,9 @@ services:
|
||||||
- ./cli-cfg.yml:/cli-cfg.yml
|
- ./cli-cfg.yml:/cli-cfg.yml
|
||||||
- ./s04tls.crt:/tls.crt
|
- ./s04tls.crt:/tls.crt
|
||||||
- ./s04tls.key:/tls.key
|
- ./s04tls.key:/tls.key
|
||||||
|
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
|
||||||
|
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
|
||||||
|
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
|
||||||
- ./cfg:/etc/frostfs/storage
|
- ./cfg:/etc/frostfs/storage
|
||||||
stop_signal: SIGTERM
|
stop_signal: SIGTERM
|
||||||
stop_grace_period: 15s
|
stop_grace_period: 15s
|
||||||
|
@ -149,7 +158,6 @@ services:
|
||||||
- FROSTFS_GRPC_1_TLS_ENABLED=true
|
- FROSTFS_GRPC_1_TLS_ENABLED=true
|
||||||
- FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
|
- FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
|
||||||
- FROSTFS_GRPC_1_TLS_KEY=/tls.key
|
- FROSTFS_GRPC_1_TLS_KEY=/tls.key
|
||||||
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
|
|
||||||
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
|
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
|
||||||
- FROSTFS_NODE_ATTRIBUTE_2=Price:44
|
- FROSTFS_NODE_ATTRIBUTE_2=Price:44
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|
Loading…
Reference in a new issue