Compare commits

...

90 commits

Author SHA1 Message Date
a0fdaebbf4 [#85] Add s3 lifecycler
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-11-06 22:54:58 +03:00
10e5bed2af
[#79] storage: Take User-Agent from NODE_VERSION
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-10-31 10:39:00 +03:00
7152f59232 [#88] Remove nats service
It was removed from node in TrueCloudLab/frostfs-node#1161.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-10-31 07:38:50 +00:00
636be7352e [#84] Make targets for issuing credentials
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-10-17 12:37:26 +03:00
d0c32731f2 [#80] Update frostfs-service components to v0.30.*
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-09-16 08:18:01 +00:00
7538bd9b17 [#83] Honor IPV4_PREFIX in morph_chain config
Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-09-10 16:45:06 +03:00
2e67acbcb2 [#78] env: Restore version format
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-09-06 14:37:48 +03:00
439a9e71cf [#81] env: Fix typo
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-09-06 14:09:08 +03:00
dd382f8ce0 [#68] service/morph: Add volume for morph_chain
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 11:54:57 +00:00
044cf99e8d [#70] Makefile: Make bootstrap idempotent
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 11:54:57 +00:00
ae658469a5 [#69] service/ir: Add support -q flag in healthcheck
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 06:25:04 +00:00
155042343b [#69] service/storage: Add support -q flag in healthcheck
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 06:25:04 +00:00
f94fa284ec [#76] Update frostfs-core components to v0.42.9
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-17 05:51:34 +03:00
d03be14312 [#75] Makefile: Add subjects for storage and client wallets to FrostfsID
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-08-16 10:41:57 +03:00
0be22a9375
[#73] Update HTTP gate docs
Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
2024-07-08 10:56:42 +03:00
2b6122192a [#67] services/ir: Remove deprecated flag in healthcheck
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-08 11:35:37 +03:00
773ea2339b [#66] Update frostfs-* to v0.38.5
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-04-15 20:16:51 +03:00
47b4917e7b [#65] services: Fix docker-compose warnings
There were multiple warning like this one.
```
WARN[0000] /secret/services/rest_gate/docker-compose.yml: `version` is obsolete
```

According to docker-compose spec, the parameter is indeed purely informative:
https://github.com/compose-spec/compose-spec/blob/master/spec.md#version-and-name-top-level-elements

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-04-04 11:47:33 +03:00
Airat Arifullin
8edfcb364d [#64] adm: Create default Allow policy for root namespace
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-02-26 08:03:13 +00:00
19e5cec49f [#63] Use SIGTERM to stop Go services
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-02-20 15:54:23 +03:00
0f6f2722c2 [#61] Update frostfs-s3-gw
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-12-14 17:30:01 +03:00
9654b77236 [#61] Update frostfs-http-gw
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-12-14 17:11:58 +03:00
dfad34fdea [#61] Update frostfs-node components with contracts
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-12-14 17:11:52 +03:00
1077c9d358 [#59] .env: Update neo-go to v0.104.0
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-12-06 14:09:11 +03:00
40454b5507 [#56] Add loki
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2023-11-15 16:08:15 +03:00
9c9ec639f0 [#58] Update neo-go to v0.103.0
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-10-25 13:15:07 +03:00
de8b58911e [#47] prometheus: Don't bind port to localhost
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-10-06 10:37:41 +03:00
c2e2b6442c [#47] grafana: Don't bind port to localhost
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-10-06 10:37:41 +03:00
4413251994 [#20] Add frostfs-cli configurations
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2023-09-13 16:28:48 +03:00
e254eba6a8 [#52] frostfs-adm.yml: Allow maintenance mode by default
It is a DEV-env after all.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-08-25 14:10:54 +03:00
90bd39d717 [#43] grafana: FSTree bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:49 +03:00
fdcf71d5b6 [#49] grafana: Add metabase bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:45 +03:00
f0c3c02943 [#49] grafana: Blobovnicza bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:42 +03:00
4a6b481618 [#49] grafana: Writecache bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:39 +03:00
42e6349276 [#49] grafana: Storage engine bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:35 +03:00
eba763ff79 [#49] grafana: Server bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:31 +03:00
b7ac6f30cf [#50] services/ir: Take all contract hashes from NNS
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-08-21 10:22:19 +03:00
6eedab3d83 [#48] grafana: Fix blobovnicza board
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-18 13:40:03 +03:00
731976cc57 [#44] grafana: Add Client dashboard
Client dashboard shows outgoing requests.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-14 12:33:18 +00:00
51053e3317 [#46] .forgejo: Update DCO action
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-08-11 13:48:36 +00:00
04260ad0d8 [#38] grafana: Fix writecache boards
Stack count and size dashborads.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-07 13:59:42 +03:00
9bb0385b85 [#38] grafana: Add morph dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-06 15:15:54 +03:00
b6f47cb2c2 [#38] grafana: Add GC dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-06 13:44:37 +03:00
d8df46b4d1 [#38] grafana: Add engine dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-05 21:16:47 +03:00
cc963b78b5 [#38] grafana: Add fstree dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 15:03:48 +03:00
acd32cb877 [#38] grafana: Add blobovnizca dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 14:50:04 +03:00
0231b2bbf0 [#38] grafana: Add blobstore dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 14:34:54 +03:00
1408558631 [#38] grafana: Fix units
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 13:59:12 +03:00
8218440525 [#38] grafana: Add metabase dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 16:11:35 +03:00
201855e729 [#38] grafana: Add epoch dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 15:57:07 +03:00
74d43f48f2 [#38] grafana: Add object service dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 15:48:53 +03:00
d76cc2e48a [#38] grafana: Add replicator dashbords
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 15:31:19 +03:00
d5ee290740 [#38] grafana: Add node instance state
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-02 16:14:29 +03:00
4f9285251f [#38] grafana: Add writecache boards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-02 15:06:03 +03:00
f749581c4e [#38] grafana: Add tree service row
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-01 18:11:57 +03:00
2efc0442f1 [#38] grafana: Add instance to panels
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-01 16:14:18 +03:00
7de23fe789 [#38] grafana: Fix config
Allow to acces grafana anonymous.
Change home page.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:06:51 +03:00
3abb217d30 [#38] grafana: Change start order
Start grafana right after prometheus.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:06:15 +03:00
584fa43ca7 [#38] grafana: Add overview board
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:05:40 +03:00
2744f675aa [#38] grafana: Add storage dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:05:23 +03:00
3400bb5736 [#37] Add grafana service to visualize prometheus metrics
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-07-24 15:47:25 +03:00
d08b338e06 [#36] prometheus: Add IR metrics
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-06-14 12:39:48 +03:00
c31b7d9c84 [#1] Update README
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
8eca14f331 [#1] Update CONTRIBUTING
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
463521d511 [#1] Update S3 gateway description
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
656833d37e [#1] Update REST gateway description
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
aded88f09a [#1] Update HTTP gateway description
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
5050dff55a [#1] Update morph service description
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
e551fac84d [#1] Update notary service description
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
6b0ce07808 [#1] Update cert generation scripts
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
80dc0faae9 [#1] Use frostfs.info hosted locode URL
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
c50ea0ea5c [#1] Add DCO check for forgejo runner
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-06-07 17:27:28 +03:00
dc2a2862d4 [#34] Bump FrostFS versions
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-05-30 15:55:23 +03:00
ee4d5ee6a6 [#32] storage: Enable writecache by default
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-05-25 07:30:54 +00:00
5534204706 [#33] s3: Use all storage nodes as tree service
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-05-25 07:30:38 +00:00
26e290efcb [#31] jaeger: Use badger as storage backend
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-05-23 13:25:17 +03:00
2452e4469b [#29] Remove prepare.ir make target
Signed-off-by: Alejandro Lopez <a.lopez@yadro.com>
2023-05-16 11:58:23 +03:00
cbed3ce798 [#27] Fix step make prepare.ir
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2023-05-10 12:31:06 +03:00
45b98196cc [#24] Update frostfsid id
Signed-off-by: Anton Nikiforov <an.nikiforov@yadro.com>
2023-05-04 17:42:48 +03:00
7171e152e0 [#22] morph_chain: Do not use deprecated config fields
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-05-03 12:34:46 +03:00
53007be047 [#22] Makefile: Remove unneeded escape
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-05-03 12:34:44 +03:00
f57a739c3f [#22] .env: Update neo-go to v0.101.1
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-05-03 12:34:41 +03:00
1b6b2d1259 [#21] Update FrostFS Core components to the latest master
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-05-03 08:16:00 +00:00
045b55250a [#18] bin: Remove passwd.exp
It was here from older times

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-05-02 17:01:46 +00:00
6d6aaefaec [#18] bin: Replace some commands with frostfs-adm
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-05-02 17:01:46 +00:00
db0ebb7349 [#18] Makefile: Split long for line
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-05-02 17:01:46 +00:00
976f16803d [#18] frostfs-adm.yml: Add alphabet-wallets
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-05-02 17:01:46 +00:00
c7b4a8eb01 [#17] storage: Enable tracing
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-11 16:31:35 +03:00
11ff8a81cc [#16] dev-env: Enable metrics for services.
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-10 09:40:41 +03:00
dca6ff620a [#16] dev-env: Add prometheus
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-04-10 09:40:33 +03:00
83 changed files with 590 additions and 556 deletions

View file

@ -1,5 +1,4 @@
# Services start/stop order # Services start/stop order
# Will start from top to bottom and stop in reverse # Will start from top to bottom and stop in reverse
nats
ir ir
storage storage

View file

@ -3,3 +3,5 @@
basenet basenet
morph_chain morph_chain
jaeger jaeger
prometheus
grafana

View file

@ -1,5 +1,6 @@
.docker .docker
.github .github
.forgejo
vendor vendor
tmp tmp
.secrets .secrets

46
.env
View file

@ -8,23 +8,19 @@ BASTION_VERSION=10
BASTION_IMAGE=debian BASTION_IMAGE=debian
# NeoGo privnet # NeoGo privnet
NEOGO_VERSION=0.100.1 NEOGO_VERSION=0.104.0
NEOGO_IMAGE=nspccdev/neo-go NEOGO_IMAGE=nspccdev/neo-go
# FrostFS InnerRing nodes # FrostFS InnerRing nodes
IR_VERSION=5ffa8268 IR_VERSION=0.42.9
IR_IMAGE=truecloudlab/frostfs-ir IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
# FrostFS Storage nodes # FrostFS Storage nodes
NODE_VERSION=5ffa8268 NODE_VERSION=0.42.9
NODE_IMAGE=truecloudlab/frostfs-storage NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
# NATS Server
NATS_VERSION=2.7.2
NATS_IMAGE=nats
# HTTP Gate # HTTP Gate
HTTP_GW_VERSION=6abd500b HTTP_GW_VERSION=0.30.2
HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
# REST Gate # REST Gate
@ -32,27 +28,43 @@ REST_GW_VERSION=c9c85e90
REST_GW_IMAGE=truecloudlab/frostfs-rest-gw REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
# S3 Gate # S3 Gate
S3_GW_VERSION=000d9ed4 S3_GW_VERSION=0.31.0-rc.4
S3_GW_IMAGE=truecloudlab/frostfs-s3-gw S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
# Lifecycler
S3_LIFECYCLER_VERSION=0.1.3
S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
# FrostFS LOCODE database # FrostFS LOCODE database
LOCODE_DB_URL=https://github.com/nspcc-dev/neofs-locode-db/releases/download/v0.3.0/locode_db.gz LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
#LOCODE_DB_PATH=/path/to/locode_db #LOCODE_DB_PATH=/path/to/locode_db
# FrostFS CLI binary # FrostFS CLI binary
FROSTFS_CLI_URL=https://http.t5.fs.neo.org/AQgse8bPCZx4zScMuAKxowJdZPbKHp8NDcp15o6VUNmk/C6BNLpYg5gWLHp3DrXozSxxGLDahBuSBCyJoYSSR1M3Q FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-cli
#FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary
# FrostFS ADM tool binary # FrostFS ADM tool binary
FROSTFS_ADM_VERSION=e3554425 FROSTFS_ADM_VERSION=498f9955ea
FROSTFS_ADM_URL=https://http.t5.fs.neo.org/AQgse8bPCZx4zScMuAKxowJdZPbKHp8NDcp15o6VUNmk/sXZxy9vbFyJiLhN9qTSXozXK7SN9H8ZC6dpvAt59Zaj FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm
#FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary
# Compiled FrostFS Smart Contracts # Compiled FrostFS Smart Contracts
FROSTFS_CONTRACTS_VERSION=4f3c08f5 FROSTFS_CONTRACTS_VERSION=694daebb19
FROSTFS_CONTRACTS_URL=https://http.t5.fs.neo.org/AQgse8bPCZx4zScMuAKxowJdZPbKHp8NDcp15o6VUNmk/c1nGtturFrSeygYP3AyNHDDLNbs7HhJiH2BQkgZxEmZ FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.19.2/frostfs-contract-v0.19.2.tar.gz
#FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir #FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir
# Jaeger tracing # Jaeger tracing
JAEGER_VERSION=1.42.0 JAEGER_VERSION=1.42.0
JAEGER_IMAGE=jaegertracing/all-in-one JAEGER_IMAGE=jaegertracing/all-in-one
# Prometheus monitoring
PROMETHEUS_VERSION=v2.43.0
PROMETHEUS_IMAGE=prom/prometheus
# Grafana versions
GRAFANA_VERSION=9.5.6
GRAFANA_IMAGE=grafana/grafana
# Loki versions
LOKI_VERSION=2.9.1
LOKI_IMAGE=grafana/loki

View file

@ -0,0 +1,21 @@
name: DCO action
on: [pull_request]
jobs:
dco:
name: DCO
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@v3
with:
go-version: '1.21'
- name: Run commit format checker
uses: https://git.frostfs.info/TrueCloudLab/dco-go@v2
with:
from: 'origin/${{ github.event.pull_request.base.ref }}'

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
/services/grafana/provisioning/dashboards/* -diff -merge

View file

@ -1,21 +0,0 @@
name: DCO check
on:
pull_request:
branches:
- master
jobs:
commits_check_job:
runs-on: ubuntu-latest
name: Commits Check
steps:
- name: Get PR Commits
id: 'get-pr-commits'
uses: tim-actions/get-pr-commits@master
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: DCO Check
uses: tim-actions/dco@master
with:
commits: ${{ steps.get-pr-commits.outputs.commits }}

1
.gitignore vendored
View file

@ -15,4 +15,3 @@ sites/*
# Runtime generation keys # Runtime generation keys
services/storage/*tls.crt services/storage/*tls.crt
services/storage/*tls.key services/storage/*tls.key
services/nats/*.pem

View file

@ -3,3 +3,4 @@
http_gate http_gate
s3_gate s3_gate
rest_gate rest_gate
s3_lifecycler

View file

@ -3,8 +3,8 @@
First, thank you for contributing! We love and encourage pull requests from First, thank you for contributing! We love and encourage pull requests from
everyone. Please follow the guidelines: everyone. Please follow the guidelines:
- Check the open [issues](https://github.com/TrueCloudLab/frostfs-dev-env/issues) and - Check the open [issues](https://git.frostfs.info/TrueCloudLab/frostfs-dev-env/issues) and
[pull requests](https://github.com/TrueCloudLab/frostfs-dev-env/pulls) for existing [pull requests](https://git.frostfs.info/TrueCloudLab/frostfs-dev-env/pulls) for existing
discussions. discussions.
- Open an issue first, to discuss a new feature or enhancement. - Open an issue first, to discuss a new feature or enhancement.
@ -25,19 +25,19 @@ Start by forking the `frostfs-dev-env` repository, make changes in a branch and
send a pull request. We encourage pull requests to discuss code changes. Here send a pull request. We encourage pull requests to discuss code changes. Here
are the steps in details: are the steps in details:
### Set up your GitHub Repository ### Set up your git repository
Fork [FrostFS node upstream](https://github.com/TrueCloudLab/frostfs-dev-env/fork) source Fork [FrostFS node upstream](https://git.frostfs.info/repo/fork/24) source
repository to your own personal repository. Copy the URL of your fork (you will repository to your own personal repository. Copy the URL of your fork (you will
need it for the `git clone` command below). need it for the `git clone` command below).
```sh ```sh
$ git clone https://github.com/TrueCloudLab/frostfs-dev-env $ git clone https://git.frostfs.info/<username>/frostfs-dev-env.git
``` ```
### Set up git remote as ``upstream`` ### Set up git remote as ``upstream``
```sh ```sh
$ cd frostfs-dev-env $ cd frostfs-dev-env
$ git remote add upstream https://github.com/TrueCloudLab/frostfs-dev-env $ git remote add upstream https://git.frostfs.info/TrueCloudLab/frostfs-dev-env.git
$ git fetch upstream $ git fetch upstream
$ git merge upstream/master $ git merge upstream/master
... ...
@ -55,8 +55,7 @@ $ git checkout -b feature/123-something_awesome
### Test your changes ### Test your changes
After your code changes, make sure After your code changes, make sure
- To add test cases for the new code. - To run `make up` to check dev-env is not broken.
- To run `make lint`
- To squash your commits into a single commit or a series of logically separated - To squash your commits into a single commit or a series of logically separated
commits run `git rebase -i`. It's okay to force update your pull request. commits run `git rebase -i`. It's okay to force update your pull request.
@ -86,8 +85,8 @@ $ git push origin feature/123-something_awesome
``` ```
### Create a Pull Request ### Create a Pull Request
Pull requests can be created via GitHub. Refer to [this Pull requests can be created via Forgejo. Refer to [this
document](https://help.github.com/articles/creating-a-pull-request/) for document](https://docs.codeberg.org/collaborating/pull-requests-and-git-flow/) for
detailed steps on how to create a pull request. After a Pull Request gets peer detailed steps on how to create a pull request. After a Pull Request gets peer
reviewed and approved, it will be merged. reviewed and approved, it will be merged.

View file

@ -43,7 +43,7 @@ HOSTS_LINES = $(shell grep -Rl IPV4_PREFIX ./services/* | grep .hosts)
MORPH_CHAIN_PROTOCOL = './services/morph_chain/protocol.privnet.yml' MORPH_CHAIN_PROTOCOL = './services/morph_chain/protocol.privnet.yml'
# List of grepped environment variables from *.env # List of grepped environment variables from *.env
GREP_DOTENV = $(shell find . -name '*.env' -exec grep -rhv -e '^\#' -e '^$$' {} + | sort -u ) GREP_DOTENV = $(shell find . -name '*.env' -exec grep -rhv -e '^#' -e '^$$' {} + | sort -u )
# Pull all required Docker images # Pull all required Docker images
.PHONY: pull .PHONY: pull
@ -60,14 +60,15 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
.PHONY: up .PHONY: up
up: up/basic up: up/basic
@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
@echo "Full FrostFS Developer Environment is ready" @echo "Full FrostFS Developer Environment is ready"
# Build up FrostFS # Build up FrostFS
.PHONY: up/basic .PHONY: up/basic
up/basic: up/bootstrap up/basic: up/bootstrap
@$(foreach SVC, $(START_BASIC), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_BASIC), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
@./bin/tick.sh @./vendor/frostfs-adm -c ./frostfs-adm.yml morph force-new-epoch
@./bin/config.sh string SystemDNS container @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config SystemDNS=container --force
@echo "Basic FrostFS Developer Environment is ready" @echo "Basic FrostFS Developer Environment is ready"
# Start bootstrap services # Start bootstrap services
@ -75,9 +76,26 @@ up/basic: up/bootstrap
up/bootstrap: get vendor/hosts up/bootstrap: get vendor/hosts
@$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
@source ./bin/helper.sh @source ./bin/helper.sh
@./vendor/frostfs-adm --config frostfs-adm.yml morph init --alphabet-wallets ./services/ir --contracts vendor/contracts || die "Failed to initialize Alphabet wallets" @./vendor/frostfs-adm --config frostfs-adm.yml morph init --contracts vendor/contracts
@for f in ./services/storage/wallet*.json; do echo "Transfer GAS to wallet $${f}" && ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 --alphabet-wallets services/ir || die "Failed to transfer GAS to alphabet wallets"; done echo "Set rule chain to policy contract"
@echo "FrostFS sidechain environment is deployed" @./vendor/frostfs-adm --config frostfs-adm.yml morph \
ape add-rule-chain --target-type namespace --target-name "" \
--rule 'allow Container.* *' --chain-id "allow_container_ops"
@for f in ./services/storage/wallet*.json; do \
echo "Transfer GAS to wallet $${f}" \
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \
|| die "Failed to transfer GAS to alphabet wallets"; \
done
@echo "Create frostfsid subject for ./wallets/wallet.json"; \
if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \
echo "Subject already exists"; \
else \
subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \
&& echo "Subject key: $${subj_key}" \
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \
|| die "Failed to create subject for the wallet"; \
fi
echo "FrostFS sidechain environment is deployed"
# Build up certain service # Build up certain service
.PHONY: up/% .PHONY: up/%
@ -132,7 +150,7 @@ hosts: vendor/hosts
.PHONY: clean .PHONY: clean
.ONESHELL: .ONESHELL:
clean: clean:
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem @rm -rf vendor/* services/storage/s04tls.*
@> .int_test.env @> .int_test.env
@for svc in $(PULL_SVCS) @for svc in $(PULL_SVCS)
do do
@ -148,7 +166,7 @@ clean:
.PHONY: env .PHONY: env
env: env:
@$(foreach envvar,$(GREP_DOTENV),echo $(envvar);) @$(foreach envvar,$(GREP_DOTENV),echo $(envvar);)
@echo MORPH_BLOCK_TIME=$(shell grep 'SecondsPerBlock' $(MORPH_CHAIN_PROTOCOL) | awk '{print $$2}')s @echo MORPH_BLOCK_TIME=$(shell grep 'TimePerBlock' $(MORPH_CHAIN_PROTOCOL) | awk '{print $$2}')s
@echo MORPH_MAGIC=$(shell grep 'Magic' $(MORPH_CHAIN_PROTOCOL) | awk '{print $$2}') @echo MORPH_MAGIC=$(shell grep 'Magic' $(MORPH_CHAIN_PROTOCOL) | awk '{print $$2}')
# Restart storage nodes with clean volumes # Restart storage nodes with clean volumes

View file

@ -27,7 +27,7 @@ Make sure you have installed all of the following prerequisites on your machine:
Clone repo: Clone repo:
``` ```
$ git clone https://github.com/TrueCloudLab/frostfs-dev-env.git $ git clone https://git.frostfs.info/TrueCloudLab/frostfs-dev-env.git
``` ```
Run next commands from project's root: Run next commands from project's root:
@ -57,17 +57,6 @@ Run all services with command:
$ make up $ make up
``` ```
When all services are up, you need to make GAS deposit for test wallet to be
able to pay for FrostFS operations. Test wallet is located in
`wallets/wallet.json` with the corresponding key in `wallets/wallet.key`. The
password is empty.
```
$ make prepare.ir
password >
fa6ba62bffb04030d303dcc95bda7413e03aa3c7e6ca9c2f999d65db9ec9b82c
```
Also, you should add self-signed node (`s04.frostfs.devenv`) certificate to trusted Also, you should add self-signed node (`s04.frostfs.devenv`) certificate to trusted
store (default location might be changed using `CA_CERTS_TRUSTED_STORE` store (default location might be changed using `CA_CERTS_TRUSTED_STORE`
variable). This step is required for client services (frostfs-http-gw, variable). This step is required for client services (frostfs-http-gw,
@ -82,12 +71,7 @@ password of inner ring wallet is `one`. See examples in `make help`.
``` ```
$ make update.epoch_duration val=30 $ make update.epoch_duration val=30
Changing EpochDuration configration value to 30 Waiting for transactions to persist...
Enter account NNudMSGzEoktFzdYGYoNb3bzHzbmM1genF password >
Sent invocation transaction dbb8c1145b6d10f150135630e13bb0dc282023163f5956c6945a60db0cb45cb0
Updating FrostFS epoch to 2
Enter account NNudMSGzEoktFzdYGYoNb3bzHzbmM1genF password >
Sent invocation transaction 0e6eb5e190f36332e5e5f4e866c7e100826e285fd949e11c085e15224f343ba6
``` ```
For instructions on how to set up DevEnv on macOS, please refer [the For instructions on how to set up DevEnv on macOS, please refer [the
@ -123,7 +107,7 @@ Maybe you will find the answer for your question in [F.A.Q.](docs/faq.md)
## Using FrostFS Admin Tool in `dev-env` ## Using FrostFS Admin Tool in `dev-env`
Devenv supports FrostFS network management via [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/tree/master/cmd/frostfs-adm). Devenv supports FrostFS network management via [frostfs-adm](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/branch/master/cmd/frostfs-adm).
`services/ir` contains the Alphabet wallet in a proper format, specify it `services/ir` contains the Alphabet wallet in a proper format, specify it
with `--alphabet-wallets` flag. with `--alphabet-wallets` flag.
@ -153,6 +137,65 @@ Display addresses and host names for each running service, if available.
Clean up `vendor` directory. Clean up `vendor` directory.
### s3cred
Registers user wallet and issues s3 credentials.
Usage and default parameter values:
```sh
make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
```
As soon as the storage node is in the network map (see above) you can generate S3
credentials:
``` sh
$ make s3cred
{
"access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
"secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
"owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
"wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
"container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
}
```
Running without any parameters will result in defaults which are based on the private key from
`/user-wallet.json` file and `/wallet.json` contract wallet.
Now let's configure an S3 client (AWS CLI will be used as example):
``` sh
$ aws configure
AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
Default region name []: us-east-1
Default output format []: json
```
If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter.
Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
```sh
$ make s3cred wallet=custom_wallet.json password=test
{
"access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
"secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
"owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
"wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
"container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
}
```
To get credentials from custom wallet, place it in `wallets` dir before start.
### cred
Usage and default parameter values:
```sh
make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
```
The same as `s3cred`, but it doesn't issues s3 credentials.
## Contributing ## Contributing
Feel free to contribute to this project after reading the [contributing Feel free to contribute to this project after reading the [contributing

View file

@ -1,50 +0,0 @@
#!/usr/bin/env bash
echo "Running bin/config.sh"
# Source env settings
. .env
. services/ir/.ir.env
source bin/helper.sh
# NeoGo binary path.
NEOGO="${NEOGO:-docker exec morph_chain neo-go}"
# Wallet files to change config value
WALLET="${WALLET:-services/morph_chain/node-wallet.json}"
CONFIG_IMG="${CONFIG_IMG:-/wallets/config.yml}"
NETMAP_ADDR=$(bin/resolve.sh netmap.frostfs) || die "Failed to resolve 'netmap.frostfs' domain name"
# FrostFS configuration record: variable type [string|int|etc],
# key is a string and value is a constant of given type
TYPE=${1}
KEY=${2}
VALUE="${3}"
[ -z "$TYPE" ] && echo "Empty config value type" && exit 1
[ -z "$KEY" ] && echo "Empty config key" && exit 1
[ -z "$VALUE" ] && echo "Empty config value" && exit 1
# Internal variables
if [[ -z "${FROSTFS_NOTARY_DISABLED}" ]]; then
ADDR=$(jq -r .accounts[2].address < "${WALLET}" || die "Cannot get address from ${WALLET}")
else
ADDR=$(jq -r .accounts[0].address < "${WALLET}" || die "Cannot get address from ${WALLET}")
fi
# Change config value in side chain
echo "Changing ${KEY} configration value to ${VALUE}"
# shellcheck disable=SC2086
${NEOGO} contract invokefunction \
--wallet-config ${CONFIG_IMG} \
-a ${ADDR} --force \
-r http://morph-chain.${LOCAL_DOMAIN}:30333 \
${NETMAP_ADDR} \
setConfig bytes:beefcafe \
string:${KEY} \
${TYPE}:${VALUE} -- ${ADDR} || exit 1
# Update epoch to apply new configuration value
./bin/tick.sh

View file

@ -1,23 +0,0 @@
#!/usr/bin/expect
set passwd [lindex $argv 0]
set args [lrange $argv 1 end]
spawn -noecho {*}$args
expect -re {^.*assword.*$}
if { $passwd == "-"} {
send -- "\r"
} else {
send -- "$passwd\r"
}
expect {
"Relay transaction" {
send "y\r"
exp_continue
}
EOF
}
lassign [wait] pid spawnid os_error_flag value
exit $value

View file

@ -1,22 +0,0 @@
#!/usr/bin/env bash
# Source env settings
. .env
source bin/helper.sh
# NeoGo binary path.
NEOGO="${NEOGO:-docker exec morph_chain neo-go}"
# NNS contract script hash
output=$(curl -s --data '{ "id": 1, "jsonrpc": "2.0", "method": "getcontractstate", "params": [1] }' \
"http://morph-chain.${LOCAL_DOMAIN}:30333/") \
|| die "Cannot fetch NNS contract state"
NNS_ADDR=$(jq -r '.result.hash' <<< "$output") \
|| die "Cannot parse NNS contract hash: $NNS_ADDR"
${NEOGO} contract testinvokefunction \
-r "http://morph-chain.${LOCAL_DOMAIN}:30333" \
"${NNS_ADDR}" resolve string:"${1}" int:16 \
| jq -r '.stack[0].value | if type=="array" then .[0].value else . end' \
| base64 -d \
|| die "Cannot invoke 'NNS.resolve' $output"

View file

@ -1,49 +0,0 @@
#!/usr/bin/env bash
echo "Running bin/tick.sh"
# Source env settings
. .env
. services/ir/.ir.env
source bin/helper.sh
# NeoGo binary path.
NEOGO="${NEOGO:-docker exec morph_chain neo-go}"
# Wallet files to change config value
WALLET="${WALLET:-services/morph_chain/node-wallet.json}"
CONFIG_IMG="${CONFIG_IMG:-/wallets/config.yml}"
# Internal variables
if [[ -z "${FROSTFS_NOTARY_DISABLED}" ]]; then
ADDR=$(jq -r .accounts[2].address < "${WALLET}" || die "Cannot get address from ${WALLET}")
else
ADDR=$(jq -r .accounts[0].address < "${WALLET}" || die "Cannot get address from ${WALLET}")
fi
# Grep Morph block time
SIDECHAIN_PROTO="${SIDECHAIN_PROTO:-services/morph_chain/protocol.privnet.yml}"
BLOCK_DURATION=$(grep SecondsPerBlock < "$SIDECHAIN_PROTO" | awk '{print $2}') \
|| die "Cannot fetch block duration"
NETMAP_ADDR=$(bin/resolve.sh netmap.frostfs) || die "Cannot resolve netmap.frostfs"
# Fetch current epoch value
EPOCH=$(${NEOGO} contract testinvokefunction \
-r "http://morph-chain.${LOCAL_DOMAIN}:30333" "${NETMAP_ADDR}" epoch \
| grep 'value' | awk -F'"' '{ print $4 }') \
|| die "Cannot fetch epoch from netmap contract"
echo "Updating FrostFS epoch to $((EPOCH+1))"
# shellcheck disable=SC2086
${NEOGO} contract invokefunction \
--wallet-config ${CONFIG_IMG} \
-a ${ADDR} --force \
-r http://morph-chain.${LOCAL_DOMAIN}:30333 \
${NETMAP_ADDR} \
newEpoch int:$((EPOCH+1)) -- ${ADDR}:Global \
|| die "Cannot increment an epoch"
# Wait one Morph block to ensure the transaction broadcasted
# shellcheck disable=SC2086
sleep $BLOCK_DURATION

4
configs/s01-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet01.json
password: ""
rpc-endpoint: s01.frostfs.devenv:8080
endpoint: s01.frostfs.devenv:8081

4
configs/s02-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet02.json
password: ""
rpc-endpoint: s02.frostfs.devenv:8080
endpoint: s02.frostfs.devenv:8081

4
configs/s03-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet03.json
password: ""
rpc-endpoint: s03.frostfs.devenv:8080
endpoint: s03.frostfs.devenv:8081

4
configs/s04-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet04.json
password: ""
rpc-endpoint: s04.frostfs.devenv:8080
endpoint: s04.frostfs.devenv:8081

View file

@ -2,7 +2,7 @@
Protocol Gateway to access data in FrostFS using HTTP protocol. Protocol Gateway to access data in FrostFS using HTTP protocol.
Source code and more information can be found in [project's GitHub repository](https://github.com/TrueCloudLab/frostfs-http-gate) Source code and more information can be found in [project's repository](https://git.frostfs.info/TrueCloudLab/frostfs-http-gw)
## .env settings ## .env settings
@ -22,8 +22,8 @@ Image label prefix to use for containers.
- Create a new container - Create a new container
``` ```
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
--key wallets/wallet.key \ --wallet wallets/wallet.key \
container create --basic-acl readonly --await \ container create --basic-acl private --await \
--policy "REP 1 SELECT 1 FROM *" --policy "REP 1 SELECT 1 FROM *"
container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
awaiting... awaiting...
@ -33,7 +33,7 @@ container has been persisted on sidechain
- Put an object into the newly created container - Put an object into the newly created container
``` ```
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
--key wallets/wallet.key \ --wallet wallets/wallet.key \
object put --file /tmp/backup.jpeg \ object put --file /tmp/backup.jpeg \
--cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP --cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
[/tmp/backup.jpeg] Object successfully stored [/tmp/backup.jpeg] Object successfully stored

View file

@ -3,52 +3,23 @@ A single-node N3 privnet deployment, running on
[neo-go](https://github.com/nspcc-dev/neo-go). Represents N3 FrostFS SideChain. [neo-go](https://github.com/nspcc-dev/neo-go). Represents N3 FrostFS SideChain.
Contracts deployed: Contracts deployed:
- Alphabet (AZ) [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/alphabet) - Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet)
- Audit [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/audit) - Audit [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/audit)
- Balance [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/balance) - Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance)
- Container [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/container) - Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container)
- Netmap [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/netmap) - Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap)
- NeoFSID [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/neofsid) - NeoFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/neofsid)
- Proxy [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/proxy) - Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy)
- Reputation [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/reputation) - Reputation [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/reputation)
RPC available at `http://morph-chain.frostfs.devenv:30333`. RPC available at `http://morph-chain.frostfs.devenv:30333`.
## .env settings ## .env settings
### MORPH_CHAIN_URL
URL to get side chain dump. Used on artifact get stage.
### MORPH_CHAIN_PATH
Path to get side chain dump. If set, overrides `CHAIN_URL`.
### NEOGO_VERSION ### NEOGO_VERSION
Version of neo-go docker container for side chain deployment. Version of neo-go docker container for side chain deployment.
## Side chain wallets
There is a wallet with GAS that used for contract deployment:
`wallets/wallet.json`. This wallet has one account with **empty password**.
```
$ neo-go wallet nep17 balance \
-w wallets/wallet.json \
-r http://morph-chain.frostfs.devenv:30333
Account NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
GAS: GasToken (d2a4cff31913016155e38e474a2c06d08be276cf)
Amount : 189826.0515316
Updated: 3909
FROSTFS: FrostFS Balance (69550190e740b93f92dbd5dea52246f550391057)
Amount : 50
Updated: 3909
```
This way you can also monitor FrostFS internal balance of your account.
## FrostFS global config ## FrostFS global config
FrostFS uses global configuration to store epoch duration, maximum object size, FrostFS uses global configuration to store epoch duration, maximum object size,
@ -57,16 +28,10 @@ netmap contract and managed by Inner Ring (Alphabet) nodes.
To change these parameters use `make update.*` commands. Command down below To change these parameters use `make update.*` commands. Command down below
changes epoch duration from 300 blocks (about 300 seconds with 1bps) to 30. changes epoch duration from 300 blocks (about 300 seconds with 1bps) to 30.
Script enters passwords automatically with `expect` utility.
``` ```
$ make update.epoch_duration val=30 $ make update.epoch_duration val=30
Changing EpochDuration configration value to 30 Waiting for transactions to persist...
Enter account NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP password >
Sent invocation transaction bdc0fa88cd6719ef6df2b9c82de423ddec6141ca24255c2d0072688083b1de9d
Updating FrostFS epoch to 20
Enter account NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP password >
Sent invocation transaction 12296e1ce24dd6c04edb9c56d0a1d0e26d3226adefb0333c74a28788f44a8d0f
``` ```
Read more about available configuration in Makefile help. Read more about available configuration in Makefile help.
@ -78,8 +43,12 @@ $ make help
... ...
update.audit_fee Update audit fee per result in fixed 12 (make update.audit_fee val=100) update.audit_fee Update audit fee per result in fixed 12 (make update.audit_fee val=100)
update.basic_income_rate Update basic income rate in fixed 12 (make update.basic_income_rate val=1000) update.basic_income_rate Update basic income rate in fixed 12 (make update.basic_income_rate val=1000)
update.container_alias_fee Update container alias fee per alphabet node in fixed 12 (make update.container_alias_fee val=100)
update.container_fee Update container fee per alphabet node in fixed 12 (make update.container_fee val=500) update.container_fee Update container fee per alphabet node in fixed 12 (make update.container_fee val=500)
update.eigen_trust_alpha Update alpha parameter of EigenTrust algorithm in 0 <= f <= 1.0 (make update.eigen_trust_alpha val=0.2)
update.eigen_trust_iterations Update amount of EigenTrust iterations (make update.eigen_trust_iterations val=2) update.eigen_trust_iterations Update amount of EigenTrust iterations (make update.eigen_trust_iterations val=2)
update.epoch_duration Update epoch duration in side chain blocks (make update.epoch_duration val=30) update.epoch_duration Update epoch duration in side chain blocks (make update.epoch_duration val=30)
update.homomorphic_hashing_disable Update homomorphic hashing disabled flag (make update.homomorphic_hashing_disable val=true)
update.max_object_size Update max object size in bytes (make update.max_object_size val=1000) update.max_object_size Update max object size in bytes (make update.max_object_size val=1000)
update.system_dns Update system dns to resolve container names (make update.system_dns val=container)
``` ```

View file

@ -9,64 +9,10 @@ to do these operations. Notary service calculates the exact amount of GAS
to execute transaction, therefore operations are cheaper (withdraw fee **with** to execute transaction, therefore operations are cheaper (withdraw fee **with**
notary is less than 0.5 GAS; withdraw fee **without** notary is up to 7.0 GAS). notary is less than 0.5 GAS; withdraw fee **without** notary is up to 7.0 GAS).
By default, main chain service is running without notary service, and side chain Currently, frostfs-dev-env contains single chain (see morph service) and it
running with notary service. However, you can change that in configuration. enables notary service from the genesis block.
# Disable notary service in side chain To enable notary service, use neo-go configuration below.
To disable notary service in side chain do these steps.
1. Update `.env` and choose notary disabled chain dump for side chain.
```
MORPH_CHAIN_URL="https://github.com/nspcc-dev/neofs-contract/releases/download/v0.9.0/devenv_sidechain_notary_disabled.gz"
```
Make sure to update chain dump files with `make get` target.
2. Update `service/morph_chain/protocol.privnet.yml` and disable notary settings
and state root in header.
```yaml
ProtocolConfiguration:
StateRootInHeader: false
P2PSigExtensions: false
ApplicationConfiguration:
P2PNotary:
Enabled: false
```
Chain dump without notary service does not have predefined network map.
Therefore, you need to wait about 5 minutes until new epoch tick with updated
network map.
3. Enable helper commands
To enable helper commands such as `make tick.epoch` or `make update.epoch_duration`
make sure to export non-empty `FROSTFS_NOTARY_DISABLED` environment variable.
```
$ export FROSTFS_NOTARY_DISABLED=1
```
Use `unset` command to return it back.
```
$ unset FROSTFS_NOTARY_DISABLED
```
# Enable notary service in main chain
To enable notary service in main chain do these steps.
1. Update `.env` and choose notary enabled chain dump for main chain.
```
CHAIN_URL="https://github.com/nspcc-dev/neofs-contract/releases/download/v0.9.0/devenv_mainchain.gz"
```
Make sure to update chain dump files with `make get` target.
2. Update `service/chain/protocol.privnet.yml` and enable notary settings.
```yaml ```yaml
ProtocolConfiguration: ProtocolConfiguration:
@ -75,7 +21,3 @@ ApplicationConfiguration:
P2PNotary: P2PNotary:
Enabled: true Enabled: true
``` ```
Main chain generates a block once per 15 seconds, so Inner Ring takes about
15-30 seconds to make a notary deposit in main chain after startup. Then
frostfs-dev-env is ready to work.

View file

@ -2,7 +2,7 @@
REST Gateway to access data in FrostFS using REST. REST Gateway to access data in FrostFS using REST.
Source code and more information can be found in [project's GitHub repository](https://github.com/TrueCloudLab/frostfs-rest-gw) Source code and more information can be found in [project's repository](https://git.frostfs.info/TrueCloudLab/frostfs-rest-gw)
## .env settings ## .env settings

View file

@ -2,7 +2,7 @@
Protocol Gateway to access data in FrostFS using AWS S3 protocol Protocol Gateway to access data in FrostFS using AWS S3 protocol
Source code and more information can be found in [project's GitHub repository](https://github.com/TrueCloudLab/frostfs-s3-gw) Source code and more information can be found in [project's repository](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw)
## .env settings ## .env settings

View file

@ -1,9 +1,11 @@
rpc-endpoint: http://morph-chain.frostfs.devenv:30333 rpc-endpoint: http://morph-chain.frostfs.devenv:30333
alphabet-wallets: ./services/ir
network: network:
max_object_size: 67108864 max_object_size: 67108864
epoch_duration: 240 epoch_duration: 240
basic_income_rate: 100000000 basic_income_rate: 100000000
homomorphic_hash_disabled: false homomorphic_hash_disabled: false
maintenance_mode_allowed: true
fee: fee:
audit: 10000 audit: 10000
candidate: 10000000000 candidate: 10000000000

View file

@ -1,44 +1,40 @@
# Update epoch duration in side chain blocks (make update.epoch_duration val=30) # Update epoch duration in side chain blocks (make update.epoch_duration val=30)
update.epoch_duration: update.epoch_duration:
@./bin/config.sh int EpochDuration $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config EpochDuration=$(val)
# Update max object size in bytes (make update.max_object_size val=1000) # Update max object size in bytes (make update.max_object_size val=1000)
update.max_object_size: update.max_object_size:
@./bin/config.sh int MaxObjectSize $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config MaxObjectSize=$(val)
# Update audit fee per result in fixed 12 (make update.audit_fee val=100) # Update audit fee per result in fixed 12 (make update.audit_fee val=100)
update.audit_fee: update.audit_fee:
@./bin/config.sh int AuditFee $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config AuditFee=$(val)
# Update container fee per alphabet node in fixed 12 (make update.container_fee val=500) # Update container fee per alphabet node in fixed 12 (make update.container_fee val=500)
update.container_fee: update.container_fee:
@./bin/config.sh int ContainerFee $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config ContainerFee=$(val)
# Update container alias fee per alphabet node in fixed 12 (make update.container_alias_fee val=100) # Update container alias fee per alphabet node in fixed 12 (make update.container_alias_fee val=100)
update.container_alias_fee: update.container_alias_fee:
@./bin/config.sh int ContainerAliasFee $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config ContainerAliasFee=$(val)
# Update amount of EigenTrust iterations (make update.eigen_trust_iterations val=2) # Update amount of EigenTrust iterations (make update.eigen_trust_iterations val=2)
update.eigen_trust_iterations: update.eigen_trust_iterations:
@./bin/config.sh int EigenTrustIterations $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config EigenTrustIterations=$(val)
# Update system dns to resolve container names (make update.system_dns val=container) # Update system dns to resolve container names (make update.system_dns val=container)
update.system_dns: update.system_dns:
@./bin/config.sh string SystemDNS $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config SystemDNS=$(val) --force
# Update alpha parameter of EigenTrust algorithm in 0 <= f <= 1.0 (make update.eigen_trust_alpha val=0.2) # Update alpha parameter of EigenTrust algorithm in 0 <= f <= 1.0 (make update.eigen_trust_alpha val=0.2)
update.eigen_trust_alpha: update.eigen_trust_alpha:
@./bin/config.sh string EigenTrustAlpha $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config EigenTrustAlpha=$(val)
# Update basic income rate in fixed 12 (make update.basic_income_rate val=1000) # Update basic income rate in fixed 12 (make update.basic_income_rate val=1000)
update.basic_income_rate: update.basic_income_rate:
@./bin/config.sh int BasicIncomeRate $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config BasicIncomeRate=$(val)
# Update homomorphic hashing disabled flag (make update.homomorphic_hashing_disable val=true) # Update homomorphic hashing disabled flag (make update.homomorphic_hashing_disable val=true)
update.homomorphic_hashing_disable: update.homomorphic_hashing_disable:
@./bin/config.sh bool HomomorphicHashingDisabled $(val) @./vendor/frostfs-adm -c ./frostfs-adm.yml morph set-config HomomorphicHashingDisabled=$(val)
# Tick new epoch in side chain
tick.epoch:
@./bin/tick.sh

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
basenet: basenet:

2
services/grafana/.hosts Normal file
View file

@ -0,0 +1,2 @@
IPV4_PREFIX.122 grafana.LOCAL_DOMAIN
IPV4_PREFIX.123 loki.LOCAL_DOMAIN

View file

@ -0,0 +1,31 @@
services:
grafana:
image: ${GRAFANA_IMAGE}:${GRAFANA_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: grafana
container_name: grafana
restart: on-failure
networks:
grafana_int:
internet:
ipv4_address: ${IPV4_PREFIX}.122
volumes:
- ./../../vendor/hosts:/etc/hosts
- ./grafana.ini:/etc/grafana/grafana.ini
- ./provisioning:/etc/grafana/provisioning
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
loki:
image: ${LOKI_IMAGE}:${LOKI_VERSION}
command: -config.file=/etc/loki/local-config.yaml
networks:
grafana_int:
internet:
ipv4_address: ${IPV4_PREFIX}.123
networks:
grafana_int:
internet:
external: true
name: basenet_internet

View file

@ -0,0 +1,7 @@
[auth.anonymous]
enabled = true
org_name = Main Org.
org_role = Editor
[dashboards]
default_home_dashboard_path= /etc/grafana/provisioning/dashboards/overview.json

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,13 @@
apiVersion: 1
datasources:
- name: Prometheus
type: prometheus
access: proxy
orgId: 1
url: http://prometheus:9090
- name: Loki
type: loki
access: proxy
orgId: 1
url: http://loki:3100

View file

@ -1,6 +1,10 @@
logger: logger:
level: debug level: debug
prometheus:
enabled: true
address: :9090
rebalance_timer: 5m # Interval to check nodes health rebalance_timer: 5m # Interval to check nodes health
connect_timeout: 60s # Timeout to dial node connect_timeout: 60s # Timeout to dial node

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
http_gate: http_gate:
image: ${HTTP_GW_IMAGE}:${HTTP_GW_VERSION} image: ${HTTP_GW_IMAGE}:${HTTP_GW_VERSION}
@ -21,6 +20,7 @@ services:
command: [ "frostfs-http-gw", "--config", "/etc/frostfs/http/config.yml" ] command: [ "frostfs-http-gw", "--config", "/etc/frostfs/http/config.yml" ]
environment: environment:
- HTTP_GW_RPC_ENDPOINT=http://morph-chain.${LOCAL_DOMAIN}:30333 - HTTP_GW_RPC_ENDPOINT=http://morph-chain.${LOCAL_DOMAIN}:30333
- HTTP_GW_TREE_SERVICE=s01.${LOCAL_DOMAIN}:8080
- HTTP_GW_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080 - HTTP_GW_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- HTTP_GW_PEERS_0_WEIGHT=0.2 - HTTP_GW_PEERS_0_WEIGHT=0.2
- HTTP_GW_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080 - HTTP_GW_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080

View file

@ -1,3 +1 @@
FROSTFS_IR_CONTRACTS_FROSTFSID=1943e9bb78a0fe2fe0c95fd2677eec2da6aa4aa5
FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512 FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512

View file

@ -25,7 +25,6 @@ endif
# Download FrostFS CLI # Download FrostFS CLI
.ONESHELL: .ONESHELL:
get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli
get.cli: FROSTFS_CLI_ARCHIVE_FILE=${FROSTFS_CLI_FILE}.tar.gz
get.cli: FROSTFS_CLI_PATH?= get.cli: FROSTFS_CLI_PATH?=
get.cli: get.cli:
@mkdir -p ./vendor @mkdir -p ./vendor
@ -34,10 +33,8 @@ ifeq (${FROSTFS_CLI_PATH},)
@echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}" @echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}"
@curl \ @curl \
-ksSL "${FROSTFS_CLI_URL}" \ -ksSL "${FROSTFS_CLI_URL}" \
-o ${FROSTFS_CLI_ARCHIVE_FILE} -o ${FROSTFS_CLI_FILE}
@tar -xvf ${FROSTFS_CLI_ARCHIVE_FILE} -C ./vendor | xargs -I {} \ @chmod +x ${FROSTFS_CLI_FILE}
mv ./vendor/{} ${FROSTFS_CLI_FILE}
@rm ${FROSTFS_CLI_ARCHIVE_FILE}
else else
@echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}" @echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}"
@cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE} @cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE}

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
ir01: ir01:
@ -13,19 +12,19 @@ services:
ir_int: ir_int:
internet: internet:
ipv4_address: ${IPV4_PREFIX}.61 ipv4_address: ${IPV4_PREFIX}.61
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
volumes: volumes:
- ./az.json:/wallet.json - ./az.json:/wallet.json
- ./az.key:/wallet01.key - ./az.key:/wallet01.key
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./../../vendor/locode_db:/locode/db - ./../../vendor/locode_db:/locode/db
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./healthcheck.sh:/healthcheck.sh
- ./cfg:/etc/frostfs/ir - ./cfg:/etc/frostfs/ir
env_file: [ ".env", ".ir.env", ".int_test.env" ] env_file: [ ".env", ".ir.env", ".int_test.env" ]
command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ] command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ]
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control ir healthcheck -q --wallet /wallet01.key --endpoint \"$$FROSTFS_IR_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5

View file

@ -1,6 +0,0 @@
#!/bin/sh
/frostfs-cli control healthcheck \
--endpoint "$FROSTFS_IR_CONTROL_GRPC_ENDPOINT" \
--wallet /wallet01.key --ir |
grep "Health status: READY"

View file

@ -1,4 +0,0 @@
# Deposit GAS from default wallet to FrostFS privnet contract
prepare.ir:
@./bin/config.sh int ContainerFee 0
@./bin/config.sh int ContainerAliasFee 0

View file

@ -1,4 +1,3 @@
version: '2.4'
services: services:
jaeger: jaeger:
image: ${JAEGER_IMAGE}:${JAEGER_VERSION} image: ${JAEGER_IMAGE}:${JAEGER_VERSION}
@ -20,7 +19,10 @@ services:
env_file: [ ".env", ".jaeger.env", ".int_test.env" ] env_file: [ ".env", ".jaeger.env", ".int_test.env" ]
environment: environment:
- COLLECTOR_OTLP_ENABLED=true - COLLECTOR_OTLP_ENABLED=true
- MEMORY_MAX_TRACES=100000 - SPAN_STORAGE_TYPE=badger
- BADGER_EPHEMERAL=false
- BADGER_DIRECTORY_VALUE=/badger/data
- BADGER_DIRECTORY_KEY=/badger/key
networks: networks:
jaeger_int: jaeger_int:

View file

@ -20,15 +20,12 @@ endif
# Download FrostFS ADM tool # Download FrostFS ADM tool
get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm
get.adm: FROSTFS_ADM_ARCHIVE=frostfs-adm.tar.gz
get.adm: get.adm:
ifeq (${FROSTFS_ADM_PATH},) ifeq (${FROSTFS_ADM_PATH},)
@echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}" @echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}"
@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_ARCHIVE} @curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_DEST}
@tar -xvf ${FROSTFS_ADM_ARCHIVE} -C ./vendor | xargs -I {} \ @chmod +x ${FROSTFS_ADM_DEST}
mv ./vendor/{} ${FROSTFS_ADM_DEST}
@rm ${FROSTFS_ADM_ARCHIVE}
else else
@echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}" @echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}"
@cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST} @cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST}

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
frostfs_morph_chain: frostfs_morph_chain:
image: ${NEOGO_IMAGE}:${NEOGO_VERSION} image: ${NEOGO_IMAGE}:${NEOGO_VERSION}
@ -20,9 +19,14 @@ services:
- ./config.yml:/wallets/config.yml - ./config.yml:/wallets/config.yml
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./../../wallets/wallet.json:/wallets/wallet.json - ./../../wallets/wallet.json:/wallets/wallet.json
- ./../s3_gate/wallet.json:/wallets/s3-wallet.json
- chains:/chains
networks: networks:
chain_int: chain_int:
internet: internet:
external: true external: true
name: basenet_internet name: basenet_internet
volumes:
chains:

View file

@ -1,50 +1,56 @@
ProtocolConfiguration: ProtocolConfiguration:
Magic: 15405 Magic: 15405
MaxTraceableBlocks: 200000 MaxTraceableBlocks: 200000
SecondsPerBlock: 1 TimePerBlock: 1s
MemPoolSize: 50000 MemPoolSize: 50000
StandbyCommittee: StandbyCommittee:
- 02b3622bf4017bdfe317c58aed5f4c753f206b7db896046fa7d774bbc4bf7f8dc2 - 02b3622bf4017bdfe317c58aed5f4c753f206b7db896046fa7d774bbc4bf7f8dc2
ValidatorsCount: 1 ValidatorsCount: 1
SeedList: SeedList:
- 172.200.0.1:20333 - 172.200.0.1:20333
VerifyBlocks: true
VerifyTransactions: true VerifyTransactions: true
StateRootInHeader: true StateRootInHeader: true
P2PSigExtensions: true P2PSigExtensions: true
ApplicationConfiguration: ApplicationConfiguration:
SkipBlockVerification: false
DBConfiguration: DBConfiguration:
Type: "boltdb" Type: "boltdb"
BoltDBOptions: BoltDBOptions:
FilePath: "./db/morph.bolt" FilePath: "/chains/morph.bolt"
NodePort: 20333 P2P:
Relay: true Addresses:
DialTimeout: 3 - ":20333"
ProtoTickInterval: 2 DialTimeout: 3s
PingInterval: 30 ProtoTickInterval: 2s
PingTimeout: 90 PingInterval: 30s
PingTimeout: 90s
MaxPeers: 10 MaxPeers: 10
AttemptConnPeers: 5 AttemptConnPeers: 5
MinPeers: 0 MinPeers: 0
Relay: true
Consensus:
Enabled: true
UnlockWallet:
Path: "./wallets/node-wallet.json"
Password: "one"
RPC: RPC:
Address: 192.168.130.90 Addresses:
- ":30333"
Enabled: true Enabled: true
SessionEnabled: true SessionEnabled: true
EnableCORSWorkaround: false EnableCORSWorkaround: false
MaxGasInvoke: 100 MaxGasInvoke: 100
Port: 30333
P2PNotary: P2PNotary:
Enabled: true Enabled: true
UnlockWallet: UnlockWallet:
Path: "./wallets/node-wallet.json" Path: "./wallets/node-wallet.json"
Password: "one" Password: "one"
Prometheus: Prometheus:
Addresses:
- ":20001"
Enabled: true Enabled: true
Port: 20001
Pprof: Pprof:
Addresses:
- ":20011"
Enabled: true Enabled: true
Port: 20011
UnlockWallet:
Path: "./wallets/node-wallet.json"
Password: "one"

View file

@ -1 +0,0 @@
IPV4_PREFIX.101 nats.LOCAL_DOMAIN

View file

@ -1,7 +0,0 @@
# Create new TLS certs for NATS server and clients
NATS_DIR=$(abspath services/nats)
get.nats:
@echo "⇒ Creating certs for NATS server and clients"
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null

View file

@ -1,31 +0,0 @@
---
version: "2.4"
services:
nats:
image: ${NATS_IMAGE}:${NATS_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: nats
container_name: nats
restart: on-failure
dns:
- ${IPV4_PREFIX}.101
networks:
nats_int:
internet:
ipv4_address: ${IPV4_PREFIX}.101
volumes:
- ./../../vendor/hosts:/etc/hosts
- ./nats.conf:/etc/nats/frostfs-nats-server.conf
- ./server-cert.pem:/certs/server-cert.pem
- ./server-key.pem:/certs/server-key.pem
- ./ca-cert.pem:/certs/ca-cert.pem
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
networks:
nats_int:
internet:
external: true
name: basenet_internet

View file

@ -1,49 +0,0 @@
#!/bin/bash
source bin/helper.sh
WORKDIR=$(dirname "$0")
LOCAL_DOMAIN=$1
CA_KEY=$WORKDIR/ca-key.pem
CA_CRT=$WORKDIR/ca-cert.pem
SRV_KEY=$WORKDIR/server-key.pem
SRV_REQ=$WORKDIR/server-req.csr
SRV_CRT=$WORKDIR/server-cert.pem
CLI_KEY=$WORKDIR/client-key.pem
CLI_REQ=$WORKDIR/client-req.csr
CLI_CRT=$WORKDIR/client-cert.pem
SUBJ="/O=NSPCC"
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
die "CA certificate was not created"
fi
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
die "Server certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
rm $SRV_REQ
die "Server certificate was not signed by CA"
}
rm $SRV_REQ
fi
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
die "Client certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
rm $CLI_REQ
die "Client certificate was not signed by CA"
}
rm $CLI_REQ
fi

View file

@ -1,15 +0,0 @@
port: 4222
monitor_port: 8222
jetstream {
store_dir=nats
max_memory_store: 1GB
max_file_store: 2GB
}
tls {
cert_file: /certs/server-cert.pem
key_file: /certs/server-key.pem
ca_file: /certs/ca-cert.pem
verify: true
}

1
services/prometheus/.env Symbolic link
View file

@ -0,0 +1 @@
../../.env

View file

@ -0,0 +1 @@
IPV4_PREFIX.121 prometheus.LOCAL_DOMAIN

View file

@ -0,0 +1 @@
../../.int_test.env

View file

View file

@ -0,0 +1,24 @@
services:
prometheus:
image: ${PROMETHEUS_IMAGE}:${PROMETHEUS_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: prometheus
container_name: prometheus
restart: on-failure
networks:
prometheus_int:
internet:
ipv4_address: ${IPV4_PREFIX}.121
volumes:
- ./../../vendor/hosts:/etc/hosts
- ./prometheus.yml:/etc/prometheus/prometheus.yml
command:
- --config.file=/etc/prometheus/prometheus.yml
stop_signal: SIGKILL
env_file: [ ".env", ".prometheus.env", ".int_test.env" ]
networks:
prometheus_int:
internet:
external: true
name: basenet_internet

View file

@ -0,0 +1,22 @@
global:
scrape_interval: 15s
scrape_configs:
- job_name: 'node'
static_configs:
- targets: ['s01.frostfs.devenv:9090', 's02.frostfs.devenv:9090', 's03.frostfs.devenv:9090', 's04.frostfs.devenv:9090']
- job_name: 'http-gw'
static_configs:
- targets: ['http.frostfs.devenv:9090']
- job_name: 'rest-gw'
static_configs:
- targets: ['rest.frostfs.devenv:9090']
- job_name: 's3-gw'
static_configs:
- targets: ['s3.frostfs.devenv:9090']
- job_name: 'neo-go'
static_configs:
- targets: ['morph-chain.frostfs.devenv:20001']
- job_name: 'inner-ring'
static_configs:
- targets: ['ir01.frostfs.devenv:9090']

View file

@ -1,3 +1,7 @@
prometheus:
enabled: true
address: :9090
server: server:
# The IP and port to listen on. # The IP and port to listen on.
listen-address: 0.0.0.0:8090 listen-address: 0.0.0.0:8090

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
rest_gate: rest_gate:
image: ${REST_GW_IMAGE}:${REST_GW_VERSION} image: ${REST_GW_IMAGE}:${REST_GW_VERSION}
@ -16,7 +15,8 @@ services:
- ./wallet.json:/wallet.json - ./wallet.json:/wallet.json
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/rest - ./cfg:/etc/frostfs/rest
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".int_test.env" ] env_file: [ ".env", ".int_test.env" ]
command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ] command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ]
environment: environment:

View file

@ -1,6 +1,10 @@
logger: logger:
level: debug level: debug
prometheus:
enabled: true
address: :9090
# Interval to check node health # Interval to check node health
rebalance_interval: 30s rebalance_interval: 30s
@ -29,3 +33,17 @@ server:
wallet: wallet:
path: /wallet.json # Path to wallet path: /wallet.json # Path to wallet
passphrase: "s3" # Passphrase to decrypt wallet passphrase: "s3" # Passphrase to decrypt wallet
features:
md5:
enabled: true
control:
grpc:
endpoint: localhost:16515
frostfsid:
enabled: false
policy:
enabled: false

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
s3_gate: s3_gate:
image: ${S3_GW_IMAGE}:${S3_GW_VERSION} image: ${S3_GW_IMAGE}:${S3_GW_VERSION}
@ -13,19 +12,26 @@ services:
internet: internet:
ipv4_address: ${IPV4_PREFIX}.82 ipv4_address: ${IPV4_PREFIX}.82
volumes: volumes:
# Gate wallet
- ./wallet.json:/wallet.json - ./wallet.json:/wallet.json
# Custom user wallets
- ./wallets:/wallets
# Default user wallet
- ./../../wallets/wallet.json:/wallets/wallet.json
- ./tls.key:/tls.key - ./tls.key:/tls.key
- ./tls.crt:/tls.crt - ./tls.crt:/tls.crt
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3 - ./cfg:/etc/frostfs/s3
stop_signal: SIGKILL - ./issue-creds.sh:/usr/bin/issue-creds.sh
stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".s3.env", ".int_test.env" ] env_file: [ ".env", ".s3.env", ".int_test.env" ]
command: [ "frostfs-s3-gw", "--config", "/etc/frostfs/s3/config.yml" ] command: [ "frostfs-s3-gw", "--config", "/etc/frostfs/s3/config.yml" ]
environment: environment:
- S3_GW_RPC_ENDPOINT=http://morph-chain.${LOCAL_DOMAIN}:30333 - S3_GW_RPC_ENDPOINT=http://morph-chain.${LOCAL_DOMAIN}:30333
- S3_GW_SERVER_0_ADDRESS=s3.${LOCAL_DOMAIN}:8080 - S3_GW_SERVER_0_ADDRESS=s3.${LOCAL_DOMAIN}:8080
- S3_GW_LISTEN_DOMAINS=s3.${LOCAL_DOMAIN} - S3_GW_LISTEN_DOMAINS=s3.${LOCAL_DOMAIN}
- S3_GW_TREE_SERVICE=s01.${LOCAL_DOMAIN}:8080 - S3_GW_TREE_SERVICE=s01.${LOCAL_DOMAIN}:8080 s02.${LOCAL_DOMAIN}:8080 s03.${LOCAL_DOMAIN}:8080 s04.${LOCAL_DOMAIN}:8080
- S3_GW_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080 - S3_GW_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- S3_GW_PEERS_0_WEIGHT=0.2 - S3_GW_PEERS_0_WEIGHT=0.2
- S3_GW_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080 - S3_GW_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
@ -34,6 +40,8 @@ services:
- S3_GW_PEERS_2_WEIGHT=0.2 - S3_GW_PEERS_2_WEIGHT=0.2
- S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080 - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_GW_PEERS_3_WEIGHT=0.2 - S3_GW_PEERS_3_WEIGHT=0.2
- AUTHMATE_WALLET_PASSPHRASE=
- AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
networks: networks:
s3_gate_int: s3_gate_int:

41
services/s3_gate/issue-creds.sh Executable file
View file

@ -0,0 +1,41 @@
#!/bin/bash
initUser() {
/bin/frostfs-s3-authmate register-user \
--wallet $WALLET_PATH \
--rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
--username $USERNAME \
--contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
}
issueCreds() {
/bin/frostfs-s3-authmate issue-secret \
--wallet $WALLET_PATH \
--peer s01.frostfs.devenv:8080 \
--gate-public-key $S3_GATE_PUBLIC_KEY \
--container-placement-policy "REP 3"
}
set -e
WALLET_PATH=/wallets/$2
if [[ -z "$2" ]]; then
WALLET_PATH=/wallets/wallet.json
fi
S3_GATE_PUBLIC_KEY=$3
if [[ -z "$3" ]]; then
S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
fi
WALLET_CACHE=/data/wallets
mkdir -p $WALLET_CACHE
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
initUser
fi
if [ $1 == "s3" ]; then
issueCreds
fi

View file

@ -0,0 +1,14 @@
.PHONY: s3cred register
password?=
contract_password?=s3
gate_public_key?=
wallet?=
# Register wallet & generate S3 credentials
s3cred:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
# Only registers user wallet
register:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"

1
services/s3_lifecycler/.env Symbolic link
View file

@ -0,0 +1 @@
../../.env

View file

@ -0,0 +1 @@
IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN

View file

@ -0,0 +1 @@
../../.int_test.env

View file

@ -0,0 +1,42 @@
logger:
level: debug
prometheus:
enabled: true
address: :9090
lifecycle:
job_fetcher_buffer: 1000
executor_pool_size: 100
frostfs:
stream_timeout: 10s
connect_timeout: 10s
healthcheck_timeout: 15s
rebalance_interval: 60s
pool_error_threshold: 100
tree_pool_max_attempts: 4
credential:
use: wallets
source:
wallets:
- path: /wallet.json
address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
passphrase: "cycle"
- path: /user-wallet.json
address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
passphrase: ""
morph:
reconnect_clients_interval: 30s
dial_timeout: 5s
contract:
netmap: netmap.frostfs
frostfsid: frostfsid.frostfs
container: container.frostfs
# Wallet configuration
wallet:
path: /wallet.json # Path to wallet
passphrase: "cycle" # Passphrase to decrypt wallet

View file

@ -0,0 +1,38 @@
---
version: "2.4"
services:
s3_lifecycler:
image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: s3_lifecycler
container_name: s3_lifecycler
restart: on-failure
networks:
s3_lifecycler_int:
internet:
ipv4_address: ${IPV4_PREFIX}.84
volumes:
- ./wallet.json:/wallet.json
- ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3-lifecycler
- ./../../wallets/wallet.json:/user-wallet.json
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
environment:
- S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
- S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
networks:
s3_lifecycler_int:
internet:
external: true
name: basenet_internet

View file

@ -0,0 +1,30 @@
{
"version": "1.0",
"accounts": [
{
"address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7",
"key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ",
"label": "lifecycler",
"contract": {
"script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==",
"parameters": [
{
"name": "parameter0",
"type": "Signature"
}
],
"deployed": false
},
"lock": false,
"isDefault": false
}
],
"scrypt": {
"n": 16384,
"r": 8,
"p": 8
},
"extra": {
"Tokens": null
}
}

View file

@ -1,6 +1,11 @@
# Logger section # Logger section
logger: logger:
level: debug # Minimum enabled logging level level: debug # Minimum enabled logging level
loki:
enabled: true
endpoint: "loki.frostfs.devenv:3100/api/prom/push"
max_batch_delay: 1s
max_batch_size: 200
# Profiler section # Profiler section
pprof: pprof:
@ -14,6 +19,12 @@ prometheus:
address: :9090 # Server address address: :9090 # Server address
shutdown_timeout: 15s # Timeout for metrics HTTP server graceful shutdown shutdown_timeout: 15s # Timeout for metrics HTTP server graceful shutdown
# Application tracing section
tracing:
enabled: true
exporter: otlp_grpc
endpoint: "jaeger.frostfs.devenv:4317"
# Morph section # Morph section
morph: morph:
dial_timeout: 30s # Timeout for side chain NEO RPC client connection dial_timeout: 30s # Timeout for side chain NEO RPC client connection
@ -21,18 +32,6 @@ morph:
- address: ws://morph-chain:30333/ws - address: ws://morph-chain:30333/ws
priority: 1 priority: 1
# Common storage node settings
node:
attribute_0: "User-Agent:FrostFS/0.34"
notification:
enabled: true # Turn on object notification service
endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint
timeout: "6s" # Timeout for object notification client connection
default_topic: "test" # Default topic for object notifications if not found in object's meta
certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate
key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key
ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate
# Tree section # Tree section
tree: tree:
enabled: true enabled: true
@ -42,7 +41,7 @@ storage:
shard: shard:
0: 0:
writecache: writecache:
enabled: false enabled: true
path: /storage/wc0 # Write-cache root directory path: /storage/wc0 # Write-cache root directory
metabase: metabase:
@ -62,7 +61,7 @@ storage:
1: 1:
writecache: writecache:
enabled: false enabled: true
path: /storage/wc1 # Write-cache root directory path: /storage/wc1 # Write-cache root directory
metabase: metabase:

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
storage01: storage01:
image: ${NODE_IMAGE}:${NODE_VERSION} image: ${NODE_IMAGE}:${NODE_VERSION}
@ -18,13 +17,10 @@ services:
- storage_s01:/storage - storage_s01:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -33,10 +29,11 @@ services:
- FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
- FROSTFS_NODE_ATTRIBUTE_2=Price:22 - FROSTFS_NODE_ATTRIBUTE_2=Price:22
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -58,13 +55,10 @@ services:
- storage_s02:/storage - storage_s02:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -73,10 +67,11 @@ services:
- FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
- FROSTFS_NODE_ATTRIBUTE_2=Price:33 - FROSTFS_NODE_ATTRIBUTE_2=Price:33
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -98,13 +93,10 @@ services:
- storage_s03:/storage - storage_s03:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -113,10 +105,11 @@ services:
- FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
- FROSTFS_NODE_ATTRIBUTE_2=Price:11 - FROSTFS_NODE_ATTRIBUTE_2=Price:11
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -138,14 +131,11 @@ services:
- storage_s04:/storage - storage_s04:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/tls.crt - ./s04tls.crt:/tls.crt
- ./s04tls.key:/tls.key - ./s04tls.key:/tls.key
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -159,10 +149,11 @@ services:
- FROSTFS_GRPC_1_TLS_ENABLED=true - FROSTFS_GRPC_1_TLS_ENABLED=true
- FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt - FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
- FROSTFS_GRPC_1_TLS_KEY=/tls.key - FROSTFS_GRPC_1_TLS_KEY=/tls.key
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
- FROSTFS_NODE_ATTRIBUTE_2=Price:44 - FROSTFS_NODE_ATTRIBUTE_2=Price:44
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5

View file

@ -19,7 +19,7 @@ if [[ ! -f ${CERT} ]]; then
) > ${SSL_CONFIG} ) > ${SSL_CONFIG}
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \ openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \
-subj "/C=RU/ST=SPB/L=St.Petersburg/O=NSPCC/OU=NSPCC/CN=s04.${LOCAL_DOMAIN}" \ -subj "/C=RU/ST=SPB/L=St.Petersburg/O=TrueCloudLab/OU=TrueCloudLab/CN=s04.${LOCAL_DOMAIN}" \
-keyout "${KEY}" -out "${CERT}" -extensions san -config "${SSL_CONFIG}" &> /dev/null || { -keyout "${KEY}" -out "${CERT}" -extensions san -config "${SSL_CONFIG}" &> /dev/null || {
die "Failed to generate SSL certificate for s04" die "Failed to generate SSL certificate for s04"
} }

View file

@ -1,5 +0,0 @@
#!/bin/sh
/frostfs-cli control healthcheck -c /cli-cfg.yml \
--endpoint "$FROSTFS_CONTROL_GRPC_ENDPOINT" |
grep "Health status: READY"