Compare commits

...

20 commits

Author SHA1 Message Date
cac77b7c5e
Release v1.6.5
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-11-08 15:07:39 +03:00
66273f8790
[#40] Move component versions to .env
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-11-08 15:07:39 +03:00
6e4817101d [#52] Support TLS for s3-gw
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-11-08 13:39:36 +03:00
fcc4b84805 Release v1.6.4
Update s3-gw to fix aws-chunked encoding

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-10-03 15:46:39 +03:00
52c5fb042d [#47] Add Makefile helpers for wallet management
Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-09-20 14:10:44 +00:00
539faea51e [#45] Update to the latest component releases
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-17 14:40:43 +03:00
0438608a3e [#45] Add Makefile targets to register wallet files in FrostFS ID
This is required in frostfs-node since AIO 1.6.0

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-17 14:40:43 +03:00
e1b048c013 [#44] Update binaries copy in Dockerfile.local
issue-creds.sh was not copied in Dockerfile.local
Thus `make s3cred` don't work
2024-09-11 15:06:43 +03:00
d83d797cef [#43] Support up to 1000 concurrent S3 requests
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-09 12:50:47 +03:00
00986aed8b [#42] Add region mapping for S3
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-05 14:21:02 +03:00
a75b1b66eb [#41] Bump image version
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:20:05 +03:00
abf918111f [#41] Update smart-contracts up to v0.19.3
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:20:00 +03:00
1b8a25d247 [#41] Update neo-go component
Now it requires explicit hardfork section

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:19:54 +03:00
4dcffdd5b5 [#41] Update component versions
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:19:48 +03:00
af1d79510a [#41] Fix docker warning
FromAsCasing: 'as' and 'FROM' keywords' casing do not match
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:19:41 +03:00
b35b347b3e [#41] Update credential issue process
* Register wallet key in FrostFS ID before issuing secret
* Use issue-creds script instead of Makefile command

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:19:35 +03:00
e350f078fd [#41] Add new env for new authmate command
Contains password of s3-gw service to update
policy contract data.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:19:29 +03:00
d395ac9596 [#41] Update service configs
* Revert storage chain cache disabling due to fix in s3-gw
* Enable frostfsid validation in s3-gw by default
* Bypass content encoding checks to support minio integrations

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-09-04 17:19:17 +03:00
b36cf66356 [#41] Allow storage to use proxy wallet 2024-09-04 17:19:11 +03:00
89ecc28f2e [#30] Rework logging in the container
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
2024-09-03 10:57:32 +03:00
26 changed files with 316 additions and 63 deletions

7
.env
View file

@ -1,3 +1,8 @@
FROSTFS_HUB_IMAGE=truecloudlab/frostfs
AIO_IMAGE=truecloudlab/frostfs-aio
AIO_VERSION=1.5.0
AIO_VERSION=1.6.5
FROSTFS_CORE_TAG=0.42.15
FROSTFS_HTTP_GATE_TAG=0.30.2
FROSTFS_S3_GATE_TAG=0.30.7
NEOGO_TAG=0.106.0

View file

@ -1,18 +1,18 @@
ARG FROSTFS_HUB_IMAGE=truecloudlab/frostfs
ARG NEOGO_HUB_IMAGE=nspccdev/neo-go
ARG FROSTFS_CORE_TAG=0.38.6
ARG FROSTFS_HTTP_GATE_TAG=0.29.0
ARG FROSTFS_S3_GATE_TAG=0.29.0
ARG NEOGO_TAG=0.104.0
ARG FROSTFS_CORE_TAG=dev
ARG FROSTFS_HTTP_GATE_TAG=dev
ARG FROSTFS_S3_GATE_TAG=dev
ARG NEOGO_TAG=dev
FROM ${NEOGO_HUB_IMAGE}:${NEOGO_TAG} as neo-go
FROM ${FROSTFS_HUB_IMAGE}-adm:${FROSTFS_CORE_TAG} as frostfs-adm
FROM ${FROSTFS_HUB_IMAGE}-cli:${FROSTFS_CORE_TAG} as frostfs-cli
FROM ${FROSTFS_HUB_IMAGE}-ir:${FROSTFS_CORE_TAG} as frostfs-ir
FROM ${FROSTFS_HUB_IMAGE}-storage:${FROSTFS_CORE_TAG} as frostfs-storage
FROM ${FROSTFS_HUB_IMAGE}-s3-gw:${FROSTFS_S3_GATE_TAG} as frostfs-s3-gw
FROM ${FROSTFS_HUB_IMAGE}-http-gw:${FROSTFS_HTTP_GATE_TAG} as frostfs-http-gw
FROM ${NEOGO_HUB_IMAGE}:${NEOGO_TAG} AS neo-go
FROM ${FROSTFS_HUB_IMAGE}-adm:${FROSTFS_CORE_TAG} AS frostfs-adm
FROM ${FROSTFS_HUB_IMAGE}-cli:${FROSTFS_CORE_TAG} AS frostfs-cli
FROM ${FROSTFS_HUB_IMAGE}-ir:${FROSTFS_CORE_TAG} AS frostfs-ir
FROM ${FROSTFS_HUB_IMAGE}-storage:${FROSTFS_CORE_TAG} AS frostfs-storage
FROM ${FROSTFS_HUB_IMAGE}-s3-gw:${FROSTFS_S3_GATE_TAG} AS frostfs-s3-gw
FROM ${FROSTFS_HUB_IMAGE}-http-gw:${FROSTFS_HTTP_GATE_TAG} AS frostfs-http-gw
# Executable image
FROM alpine AS frostfs-aio
@ -46,8 +46,11 @@ COPY ./morph/node-config.yaml /config/node-config.yaml
COPY ./http-gw/http-gw-config.yaml /config/http-gw-config.yaml
COPY ./http-gw/http-gw-wallet.json /config/http-gw-wallet.json
COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json
@ -56,7 +59,9 @@ COPY ./vendor/locode_db /config/locode.db
COPY ./vendor/contracts/ /config/contracts
COPY ./bin/init-aio.sh /usr/bin/init-aio.sh
COPY ./bin/issue-creds.sh /usr/bin/issue-creds.sh
ENV AUTHMATE_WALLET_PASSPHRASE=""
ENV AUTHMATE_WALLET_CONTRACT_PASSPHRASE=""
ENTRYPOINT ["/usr/bin/init-aio.sh"]

View file

@ -1,18 +1,18 @@
ARG FROSTFS_HUB_IMAGE=truecloudlab/frostfs
ARG NEOGO_HUB_IMAGE=nspccdev/neo-go
ARG FROSTFS_CORE_TAG=0.38.6
ARG FROSTFS_HTTP_GATE_TAG=0.29.0
ARG FROSTFS_S3_GATE_TAG=0.29.0
ARG NEOGO_TAG=0.104.0
ARG FROSTFS_CORE_TAG
ARG FROSTFS_HTTP_GATE_TAG
ARG FROSTFS_S3_GATE_TAG
ARG NEOGO_TAG
FROM ${NEOGO_HUB_IMAGE}:${NEOGO_TAG} as neo-go
FROM ${FROSTFS_HUB_IMAGE}-adm:${FROSTFS_CORE_TAG} as frostfs-adm
FROM ${FROSTFS_HUB_IMAGE}-cli:${FROSTFS_CORE_TAG} as frostfs-cli
FROM ${FROSTFS_HUB_IMAGE}-ir:${FROSTFS_CORE_TAG} as frostfs-ir
FROM ${FROSTFS_HUB_IMAGE}-storage:${FROSTFS_CORE_TAG} as frostfs-storage
FROM ${FROSTFS_HUB_IMAGE}-s3-gw:${FROSTFS_S3_GATE_TAG} as frostfs-s3-gw
FROM ${FROSTFS_HUB_IMAGE}-http-gw:${FROSTFS_HTTP_GATE_TAG} as frostfs-http-gw
FROM ${NEOGO_HUB_IMAGE}:${NEOGO_TAG} AS neo-go
FROM ${FROSTFS_HUB_IMAGE}-adm:${FROSTFS_CORE_TAG} AS frostfs-adm
FROM ${FROSTFS_HUB_IMAGE}-cli:${FROSTFS_CORE_TAG} AS frostfs-cli
FROM ${FROSTFS_HUB_IMAGE}-ir:${FROSTFS_CORE_TAG} AS frostfs-ir
FROM ${FROSTFS_HUB_IMAGE}-storage:${FROSTFS_CORE_TAG} AS frostfs-storage
FROM ${FROSTFS_HUB_IMAGE}-s3-gw:${FROSTFS_S3_GATE_TAG} AS frostfs-s3-gw
FROM ${FROSTFS_HUB_IMAGE}-http-gw:${FROSTFS_HTTP_GATE_TAG} AS frostfs-http-gw
# Executable image
FROM alpine AS frostfs-aio
@ -46,8 +46,11 @@ COPY ./morph/node-config.yaml /config/node-config.yaml
COPY ./http-gw/http-gw-config.yaml /config/http-gw-config.yaml
COPY ./http-gw/http-gw-wallet.json /config/http-gw-wallet.json
COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json
@ -58,5 +61,6 @@ COPY ./vendor/contracts/ /config/contracts
COPY ./bin/* /usr/bin/
ENV AUTHMATE_WALLET_PASSPHRASE=""
ENV AUTHMATE_WALLET_CONTRACT_PASSPHRASE=""
ENTRYPOINT ["/usr/bin/init-aio.sh"]

View file

@ -18,6 +18,7 @@ COPY ./bin/frostfs-node /usr/bin/frostfs-node
COPY ./bin/frostfs-s3-gw /usr/bin/frostfs-s3-gw
COPY ./bin/frostfs-s3-authmate /usr/bin/frostfs-s3-authmate
COPY ./bin/frostfs-http-gw /usr/bin/frostfs-http-gw
COPY ./bin/issue-creds.sh /usr/bin/issue-creds.sh
COPY ./adm/frostfs-adm.yml /config/frostfs-adm.yml
COPY ./ir/cli-cfg.yaml /config/cli-cfg-ir.yaml
@ -30,8 +31,11 @@ COPY ./morph/node-config.yaml /config/node-config.yaml
COPY ./http-gw/http-gw-config.yaml /config/http-gw-config.yaml
COPY ./http-gw/http-gw-wallet.json /config/http-gw-wallet.json
COPY ./s3-gw/rules.json /config/bearer-rules.json
COPY ./s3-gw/regions.json /config/regions.json
COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
COPY ./s3-gw/s3-gw-tls.crt /config/s3-gw-tls.crt
COPY ./s3-gw/s3-gw-tls.key /config/s3-gw-tls.key
COPY ./s3-gw/user-wallet.json /config/user-wallet.json
COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
COPY ./sn/wallet.json /config/wallet-sn.json
@ -42,5 +46,6 @@ COPY ./vendor/contracts/ /config/contracts
COPY ./bin/init-aio.sh /usr/bin/init-aio.sh
ENV AUTHMATE_WALLET_PASSPHRASE=""
ENV AUTHMATE_WALLET_CONTRACT_PASSPHRASE=""
ENTRYPOINT ["/usr/bin/init-aio.sh"]

View file

@ -9,6 +9,7 @@ VERSION ?= "$(shell git describe --tags --match "v*" 2>/dev/null || git rev-pars
# Variables for docker
AIO_IMAGE ?= "truecloudlab/frostfs-aio"
LOG_DIR ?= "/var/log"
# Variables for compose
COMPOSE_CMD_UP ?= docker-compose up -d
@ -30,6 +31,10 @@ image-aio:
@docker build \
--rm \
-f Dockerfile \
--build-arg FROSTFS_CORE_TAG=$(FROSTFS_CORE_TAG) \
--build-arg FROSTFS_HTTP_GATE_TAG=$(FROSTFS_HTTP_GATE_TAG) \
--build-arg FROSTFS_S3_GATE_TAG=$(FROSTFS_S3_GATE_TAG) \
--build-arg NEOGO_TAG=$(NEOGO_TAG) \
-t $(AIO_IMAGE):$(AIO_VERSION) .
# Build aio Docker image from all local pre-built binaries
@ -38,6 +43,10 @@ image-aio-local:
@docker build \
--rm \
-f Dockerfile.local \
--build-arg FROSTFS_CORE_TAG=$(FROSTFS_CORE_TAG) \
--build-arg FROSTFS_HTTP_GATE_TAG=$(FROSTFS_HTTP_GATE_TAG) \
--build-arg FROSTFS_S3_GATE_TAG=$(FROSTFS_S3_GATE_TAG) \
--build-arg NEOGO_TAG=$(NEOGO_TAG) \
-t $(AIO_IMAGE):$(AIO_VERSION) .
# Build aio Docker image with custom binaries
@ -46,6 +55,10 @@ image-aio-custom:
@docker build \
--rm \
-f Dockerfile.custom \
--build-arg FROSTFS_CORE_TAG=$(FROSTFS_CORE_TAG) \
--build-arg FROSTFS_HTTP_GATE_TAG=$(FROSTFS_HTTP_GATE_TAG) \
--build-arg FROSTFS_S3_GATE_TAG=$(FROSTFS_S3_GATE_TAG) \
--build-arg NEOGO_TAG=$(NEOGO_TAG) \
-t $(AIO_IMAGE):$(AIO_VERSION) .
# Start AIO
@ -62,19 +75,19 @@ clean: down
# Generate S3 credentials
s3cred:
@docker exec aio /usr/bin/frostfs-s3-authmate issue-secret \
--wallet /config/user-wallet.json \
--peer localhost:8080 \
--gate-public-key $(S3_GATE_PUBLIC_KEY) \
--container-placement-policy "REP 1"
@docker exec aio /usr/bin/issue-creds.sh s3
# Generate S3 credentials based on imported wallets
s3cred-custom:
@docker exec aio /usr/bin/frostfs-s3-authmate issue-secret \
--wallet /wallets/$(wallet) \
--peer localhost:8080 \
--gate-public-key $(S3_GATE_PUBLIC_KEY) \
--container-placement-policy "REP 1"
@docker exec aio /usr/bin/issue-creds.sh s3 $(wallet)
# Register user-wallet.json in FrostFS ID contract
cred:
@docker exec aio /usr/bin/issue-creds.sh native
# Register custom wallet in FrostFS ID contract
cred-custom:
@docker exec aio /usr/bin/issue-creds.sh native $(wallet)
enable-oracle:
@docker exec aio neo-go contract invokefunction -r http://localhost:30333 \
@ -91,8 +104,39 @@ enable-oracle:
tick.epoch:
@docker exec aio /usr/bin/frostfs-adm --config /config/frostfs-adm.yml morph force-new-epoch
# Create new wallet
WALLET?=wallets/wallet1.json
.PHONY: wallet
wallet:
@! test -f "$(WALLET)" || { echo "File exists: $(WALLET)"; exit 1; }
@docker exec -it aio /usr/bin/neo-go wallet init -a -w "$(WALLET)"
# Refill GAS in arbitrary WALLET (must be under wallets/ directory)
GAS?=50.0
.PHONY: refill
refill:
@docker exec aio /usr/bin/frostfs-adm --config /config/frostfs-adm.yml \
morph refill-gas --storage-wallet=/$(WALLET) --gas=$(GAS)
@$(MAKE) --no-print-directory balance
# Show wallet balance
.PHONY: balance
balance:
@echo "Balance for $(WALLET)"
@docker exec aio /usr/bin/neo-go wallet nep17 balance -r http://localhost:30333 -w "$(WALLET)"
# Show current version
version:
@echo $(VERSION)
@echo "frostfs-node: $(AIO_VERSION)"
@echo "neo-go: $(NEOGO_VERSION)"
@echo "aio:" $(VERSION)
@echo "frostfs-node: $(FROSTFS_CORE_TAG)"
@echo "frostfs-s3-gw: $(FROSTFS_S3_GATE_TAG)"
@echo "frostfs-http-gw: $(FROSTFS_HTTP_GATE_TAG)"
@echo "neo-go: $(NEOGO_TAG)"
# Show all logs of the FrostFS service
logs/%:
@docker exec aio cat ${LOG_DIR}/$*
# Streaming of the frostFS service logs
logs-stream/%:
@docker exec aio tail -f ${LOG_DIR}/$*

View file

@ -15,13 +15,13 @@ files for:
Entrypoint script starts blockchain, inner ring, storage, s3, and http gateway
services and configures it in the initial start.
| Service | Port |
|-----------------------------|-------|
| neo-go RPC | 30333 |
| FrostFS Storage gRPC API | 8080 |
| FrostFS Storage Control API | 16513 |
| FrostFS HTTP Gateway | 8081 |
| FrostFS S3 Gateway | 8084 |
| Service | Port |
|-----------------------------|------------------|
| neo-go RPC | 30333 |
| FrostFS Storage gRPC API | 8080 |
| FrostFS Storage Control API | 16513 |
| FrostFS HTTP Gateway | 8081 |
| FrostFS S3 Gateway | 8084, 8184 (TLS) |
# Limitations
@ -62,7 +62,8 @@ Data and the system configuration is stored in container's volume.
Next time container is started, it will take less time to initialize.
Before updating image version, reset `frostfs-aio` by clearing its local volume
before starting container.
before starting container. Update may contain incompatible changes, e.g. neo-go
database format update. This repository does not provide any migration tools.
```
$ make clean
@ -287,16 +288,55 @@ If everything is rigth, the stdout will show a pretty-printed contents of the wa
wallet successfully created, file location is /wallets/new-wallet.json
```
You can use `make wallet WALLET=wallets/new-wallet.json`
to execute the steps listed above a little faster.
### Transfering GAS tokens to wallet
To add GAS to a new wallet use `make refill`
```console
$ make refill GAS=12.3 WALLET=wallets/new-wallet.json
Waiting for transactions to persist...
Balance for wallets/new-wallet.json
Account NgB6jnyVsMg6E3gQQLXoccZ3JBMLsgiut3
GAS: GasToken (d2a4cff31913016155e38e474a2c06d08be276cf)
Amount : 12.3
Updated: 25069
```
### Checking wallet balance
```console
$ make balance WALLET=wallets/new-wallet.json
Balance for wallets/new-wallet.json
Account NgB6jnyVsMg6E3gQQLXoccZ3JBMLsgiut3
GAS: GasToken (d2a4cff31913016155e38e474a2c06d08be276cf)
Amount : 12.3
Updated: 25069
```
## frostfs-cli interface
### Native credentials
To use wallet file, it should be register in FrostFS ID contract and have
policies to perform FrostFS operations.
Use `make cred` to register `s3-gw/user-wallet.json`. For custom wallets from
`wallet` dir, use `make cred-custom wallet=wallet1.json`.
These commands are similar to `make s3cred` and `make s3cred-custom`.
### Create container with frostfs-cli
``` sh
$ frostfs-cli -r localhost:8080 -w /config/user-wallet.json \
$ frostfs-cli -r localhost:8080 -w s3-gw/user-wallet.json \
--address NWeByJPgNC97F83hTUnSbnZSBKaFvk5HNw \
container create \
--policy "REP 1" --basic-acl public-read-write --await
--policy "REP 1" --await
container ID: GfWw35kHds7gKWmSvW7Zi4U39K7NMLK8EfXBQ5FPJA46
awaiting...
container has been persisted on sidechain
@ -305,7 +345,7 @@ container has been persisted on sidechain
### Put an object with frostfs-cli
``` sh
$ frostfs-cli -r localhost:8080 -w /config/user-wallet.json \
$ frostfs-cli -r localhost:8080 -w s3-gw/user-wallet.json \
--address NWeByJPgNC97F83hTUnSbnZSBKaFvk5HNw \
object put \
--cid GfWw35kHds7gKWmSvW7Zi4U39K7NMLK8EfXBQ5FPJA46 \
@ -318,9 +358,25 @@ $ frostfs-cli -r localhost:8080 -w /config/user-wallet.json \
### Get and object with frostfs-cli
``` sh
$ frostfs-cli -r localhost:8080 -w /config/user-wallet.json \
$ frostfs-cli -r localhost:8080 -w s3-gw/user-wallet.json \
--address NWeByJPgNC97F83hTUnSbnZSBKaFvk5HNw \
object get \
--cid GfWw35kHds7gKWmSvW7Zi4U39K7NMLK8EfXBQ5FPJA46 \
--oid HByVC9A34i22BnzW3n83z9vEMxuYZoC7nNu11ZvGeCTe > new_cat.jpg
```
## Viewing logs
There are two targets for viewing logs.
You can view all the logs by replacing the desired service name:
``` sh
make logs/frostfs-node
```
You can also make a continuous stream of logs by replacing the desired service name:
``` sh
make stream-logs/frostfs-node
```

View file

@ -14,7 +14,7 @@ die() {
runBlockchain() {
stage "Starting the blockchain"
/usr/bin/neo-go node --config-path /config --privnet &
/usr/bin/neo-go node --config-path /config --privnet |& tee -a ${LOG_DIR}/neo-go &
while [[ "$(curl -s -o /dev/null -w %{http_code} localhost:30333)" != "422" ]];
do
@ -31,13 +31,15 @@ configure() {
/usr/bin/frostfs-adm morph refill-gas --config /config/frostfs-adm.yml --storage-wallet /config/wallet-sn.json --gas 10.0 || die "Failed to transfer GAS to alphabet wallets"
/usr/bin/frostfs-adm morph proxy-add-account --config /config/frostfs-adm.yml --account NejLbQpojKJWec4NQRMBhzsrmCyhXfGJJe || die "Failed to set storage wallet as proxy wallet"
/usr/bin/frostfs-adm morph proxy-add-account --config /config/frostfs-adm.yml --account NN1RQ3qwnvDMVNsQw4WPkKi7BrjxdVTDZp || die "Failed to set s3 gateway wallet as proxy wallet"
}
runServices() {
stage "Running services"
/usr/bin/frostfs-ir --config /config/config-ir.yaml &
/usr/bin/frostfs-ir --config /config/config-ir.yaml |& tee -a ${LOG_DIR}/frostfs-ir &
while [[ -z "$(/usr/bin/frostfs-cli control ir healthcheck --endpoint localhost:16512 -c /config/cli-cfg-ir.yaml | grep 'Health status: READY')" ]];
do
@ -45,7 +47,7 @@ runServices() {
done
set -m
/usr/bin/frostfs-node --config /config/config-sn.yaml &
/usr/bin/frostfs-node --config /config/config-sn.yaml |& tee -a ${LOG_DIR}/frostfs-node &
while [[ -z "$(/usr/bin/frostfs-cli control healthcheck --endpoint localhost:16513 -c /config/cli-cfg-sn.yaml | grep 'Health status: READY')" ]];
do
@ -63,8 +65,8 @@ runServices() {
sleep 2
done
/usr/bin/frostfs-s3-gw --config /config/s3-gw-config.yaml &
/usr/bin/frostfs-http-gw --config /config/http-gw-config.yaml &
/usr/bin/frostfs-s3-gw --config /config/s3-gw-config.yaml |& tee -a ${LOG_DIR}/frostfs-s3-gw &
/usr/bin/frostfs-http-gw --config /config/http-gw-config.yaml |& tee -a ${LOG_DIR}/frostfs-http-gw &
}

35
bin/issue-creds.sh Executable file
View file

@ -0,0 +1,35 @@
#!/bin/bash
initUser() {
/usr/bin/frostfs-s3-authmate register-user \
--wallet $WALLET_PATH \
--rpc-endpoint http://localhost:30333 \
--username $USERNAME \
--contract-wallet /config/s3-gw-wallet.json >/dev/null 2>&1 && touch $WALLET_CACHE/$USERNAME
}
issueAWS() {
/usr/bin/frostfs-s3-authmate issue-secret \
--wallet $WALLET_PATH \
--peer localhost:8080 \
--gate-public-key $S3_GATE_PUBLIC_KEY \
--container-placement-policy "REP 1"
}
S3_GATE_PUBLIC_KEY=$(neo-go wallet dump-keys -w /config/s3-gw-wallet.json | tail -1)
WALLET_PATH=/wallets/$2
if [[ -z "$2" ]]; then
WALLET_PATH=/config/user-wallet.json
fi
WALLET_CACHE=/data/wallets
mkdir -p $WALLET_CACHE
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
initUser
fi
if [ $1 == "s3" ]; then
issueAWS
fi

View file

@ -15,6 +15,8 @@ services:
retries: 100
start_period: 2s
timeout: 2s
environment:
- LOG_DIR=/var/log
volumes:
- data:/data
- ./wallets:/wallets
@ -23,6 +25,7 @@ services:
- "30333:30333" # RPC
- "8080:8080" # FrostFS API RPC
- "8084:8084" # S3 Gateway
- "8184:8184" # S3 Gateway with TLS
- "16513:16513" # Control service
volumes:

View file

@ -11,6 +11,7 @@ ProtocolConfiguration:
VerifyTransactions: true
StateRootInHeader: true
P2PSigExtensions: true
Hardforks: {}
ApplicationConfiguration:
SkipBlockVerification: false

4
s3-gw/regions.json Normal file
View file

@ -0,0 +1,4 @@
{
"us-east-1": "REP 1",
"us-west-1": "REP 1"
}

View file

@ -11,6 +11,11 @@ peers:
server:
- address: 0.0.0.0:8084
- address: 0.0.0.0:8184
tls:
enabled: true
cert_file: /config/s3-gw-tls.crt
key_file: /config/s3-gw-tls.key
logger:
level: debug
@ -32,7 +37,7 @@ stream_timeout: 10s
healthcheck_timeout: 15s
rebalance_interval: 60s
pool_error_threshold: 100
max_clients_count: 100
max_clients_count: 1000
max_clients_deadline: 30s
cache:
@ -60,6 +65,7 @@ cache:
placement_policy:
default: REP 1
region_mapping: /config/regions.json
features:
md5:
@ -69,9 +75,6 @@ control:
grpc:
endpoint: localhost:16515
frostfsid:
validation:
enabled: false
kludge:
use_default_xmlns: true
bypass_content_encoding_check_in_chunks: true

36
s3-gw/s3-gw-tls.crt Normal file
View file

@ -0,0 +1,36 @@
-----BEGIN CERTIFICATE-----
MIIGOzCCBCOgAwIBAgIUYWyZ9RMzV7CIRScF85cb8kmjUK4wDQYJKoZIhvcNAQEL
BQAwgawxCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYWludCBQZXRlcnNidXJnMRcw
FQYDVQQHDA5TdC4gUGV0ZXJzYnVyZzEXMBUGA1UECgwOVHJ1ZSBDbG91ZCBMYWIx
FzAVBgNVBAsMDlRydWUgQ2xvdWQgTGFiMRUwEwYDVQQDDAxmcm9zdGZzLmluZm8x
IDAeBgkqhkiG9w0BCQEWEWluZm9AZnJvc3Rmcy5pbmZvMB4XDTI0MTEwODA5MzQ0
MFoXDTM0MTEwNjA5MzQ0MFowgawxCzAJBgNVBAYTAlJVMRkwFwYDVQQIDBBTYWlu
dCBQZXRlcnNidXJnMRcwFQYDVQQHDA5TdC4gUGV0ZXJzYnVyZzEXMBUGA1UECgwO
VHJ1ZSBDbG91ZCBMYWIxFzAVBgNVBAsMDlRydWUgQ2xvdWQgTGFiMRUwEwYDVQQD
DAxmcm9zdGZzLmluZm8xIDAeBgkqhkiG9w0BCQEWEWluZm9AZnJvc3Rmcy5pbmZv
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz6tgNXMCc6MGrI/2r/Il
sF4Nr6/RkX1kti+hH/3azbheaTD7rYqrP37F/qFoeRY6jXYzW1Bwhq5jqrUeqnDD
NsY6Gpedn2HJjD1A1zq96Sv3SU8gT0WsSArDaCQW9joYfIlKTjOBS1WBJbWfNEqX
R2ld6/L/x5DoyNJ5+DkdnT+lj1sCCy4uKIDgrM92v6O5MHCjZk6Tp9t5t64EboXH
Wz3gJHCdK76VstSWCJ6Huw6rHcqKTbolZy0CiM9G5m6XeBD7G/28iM9k17KkwZ2T
8w6IKRyrfknl/vPjLKWC3Nj5eJTQuucpLBIs/wK+jgABQYIYzejguj5HPqnSUQ6d
u7UbOWBgOppzkyKJyXY5qJbgZlsMp/lkcDyoyLwGL6+ucz6f5vW72aDHrX3+p5/7
HLbI7phK48OchcMMn9MG0dOZ/vhhvTQ2nNBza905ZZQRQt/AucC1nyCfyTlG5bjb
16EdDbDu0o2PFZqHI0rx/Ytw2FFg6J4PCImxxetimOr1TomcdcvdxdJNqPTTrB9J
fRoh7w1HIxBwXToJ2eUz3kfvI920Jxad8VxcAWVctO2MfDQ1uSUnvqouEswUGPdx
ifpOHcj24b7uDn8g015d/p3yDSEZzxVC6Uw6xZ9dt9CZDtQBDLrno8aAc1xYMmci
J9Q94FepyhV4tg8IwnyIljECAwEAAaNTMFEwHQYDVR0OBBYEFHSkza/3e5y8v9T+
BjBej6ZgqtoHMB8GA1UdIwQYMBaAFHSkza/3e5y8v9T+BjBej6ZgqtoHMA8GA1Ud
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAIYOmcqr+gwbY0zIREcoovBw
z4K5uR1OYY1+HzhzvJHCuFpssCMEjCFQjs5lD726ASFhEYaPaLuDiXtdn2u5QpQd
KwO98HDpC5jVb77Z8Bthf0eKrqzjbr+m7WFa22CPgyav8vGlQ+sv1+4HjHclkeW8
CEtf4k6YjM3//C03JN93Yvsu4zmGbFLkSUVujwLOx/LzF+PbWv6d6tbP8QNufaBx
vk74xc8icHBkyNnYhUddBXimpJEKAbGiF13Hf6M0Lbx/m8QIQ9P4VVR8FYdygYh3
n7O7Ivusae3M+fapSYODwtp3OVC6lz07wC0+m+G08h7YBwcC7z+BofFawtilZuRg
bbtoy5PhQTSpLzYOUtJOA5ihM3EqXR4k4/oeitNF78ZZI27p8z2g6YJY9Mjk+AfL
f6jaBCSqJnnPB8NQtLN6VI2C3Q9/glhUkHLZkHs8DMxZsf+PpqjssU5kZGf0Viha
BCeClyHpK/sOWOYTKfprRtfcVEYmW7favXkhdfG3QaWc8bkpvfw7ZEVmfkUJ2iUB
xJ279uDAdnPcqA43Nw6BtRhxV5AVNfAOSzpsH9MIjRes5RS2FcAs/qt9p7ciCh3Z
QsrnZHUvbgpaWMJimS9bxcXAvWwGhjve/OUmpeXMrjrJfsRtjuK/w4sT9wXZUrbj
zp1TkSmKv3w1aF3xTsOv
-----END CERTIFICATE-----

52
s3-gw/s3-gw-tls.key Normal file
View file

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDPq2A1cwJzowas
j/av8iWwXg2vr9GRfWS2L6Ef/drNuF5pMPutiqs/fsX+oWh5FjqNdjNbUHCGrmOq
tR6qcMM2xjoal52fYcmMPUDXOr3pK/dJTyBPRaxICsNoJBb2Ohh8iUpOM4FLVYEl
tZ80SpdHaV3r8v/HkOjI0nn4OR2dP6WPWwILLi4ogOCsz3a/o7kwcKNmTpOn23m3
rgRuhcdbPeAkcJ0rvpWy1JYInoe7DqsdyopNuiVnLQKIz0bmbpd4EPsb/byIz2TX
sqTBnZPzDogpHKt+SeX+8+MspYLc2Pl4lNC65yksEiz/Ar6OAAFBghjN6OC6Pkc+
qdJRDp27tRs5YGA6mnOTIonJdjmoluBmWwyn+WRwPKjIvAYvr65zPp/m9bvZoMet
ff6nn/sctsjumErjw5yFwwyf0wbR05n++GG9NDac0HNr3TlllBFC38C5wLWfIJ/J
OUbluNvXoR0NsO7SjY8VmocjSvH9i3DYUWDong8IibHF62KY6vVOiZx1y93F0k2o
9NOsH0l9GiHvDUcjEHBdOgnZ5TPeR+8j3bQnFp3xXFwBZVy07Yx8NDW5JSe+qi4S
zBQY93GJ+k4dyPbhvu4OfyDTXl3+nfINIRnPFULpTDrFn1230JkO1AEMuuejxoBz
XFgyZyIn1D3gV6nKFXi2DwjCfIiWMQIDAQABAoICAQC5u3ailygcMDRp5aAmIJYg
tR3cgY0XaGTIpLSgnjQxRbH6trqBrcIXWdTPNaDwmzbnCk5IXxsk+ZdeN/sjSRLv
TD7vRabNw3G1IZt6Y6kygAX85O3quE+rZyT5YT3AHpmD2G5CnsIGlISbK2MmK4g9
cDl2K7Ej1bC827IGlV6tIx15p1WelkDmLM3FARAdudqJPlSFzcU1nY+w/cws5S01
p5NuQ+HuG9hbRtKhBtgyLp5QWLN1bQTC0Hixz2CD+2kxE07i6/7RBVwVpkrAd6S4
/8g7rM6cdo9jhNErPyRZTR1iAQbmApTKO79OnC+9ZLe61RZGIv/K0qR5oPzfTgk3
Gb1lOo36jdBFRNr9wwON726W4pyrMIRURe2zDqfa3SMeSK++6MSxQiam1KXh8C2y
3qa6uWHGrrVrQJQUwXEpE1jonJ43GWNmds1cYD0Mhu/vzicwuOiw9VAtiskYm848
XgIgq5fQoO0lWe2mVfqXfmX4ANwQ3Cw5GaZI8ZbbEJtgSv1NOt6MzIEgNrMjtXGT
B3AG1gwUxf7i6fYCwR6YVDw5F9ze+3BheFiaANVzZ1MGw6RCbDGV0a74ncRAYdGc
N2QFoRY8W0eCYWkqVsDzhITJ2g3/bG5cN/9jD+r3R9ACHf7z7xFCQYEZC5p3+mT0
+MvV1F0p94tHetokAMD6mQKCAQEA7z0olJxdVEbnLFabz1VBYFYpNE/FriQCl1in
Cgdvfd3QOER0UdcpUct7j51dBO4LnGCzCVf8R4CVnUuHqA+CDlezDF1aBZVDdVoH
ICpdeKwiUDsdijAnVvXqjo9aWaS+Elscz+hnbsTq0KTJOGasJLcPmG84oBEInofT
0hLpctS7ZksZc7KcX2dpD3E/x7uWnlgH4fO663K/IybUY/c62CcvOy3L0+w7D8/2
rKqD0tdK1QGTjStdx9MRnP5e96KN3OmvK4wbzqoyYc5Yqoc0EN53O7vedGy/IULM
2cnoqT+bFtdILNYIXr9+04Sf0HDnABq3ADY4NUEgyZfv+jANxwKCAQEA3jgBwRpd
BHBs3y6HTyIse4lPwrbHa2hhF57vfjfWOpx/261kyLjof3KsgV8WbjlZaTDfSfTr
+PfqJX7BDfu6tB7pKjCogXjPXcpV6HUQLaY+hY0BSVtZCAk6MG5qrCaC10Y7NRJ9
STwQJoq6j+gR2VdsyCAbamGpalLXRh1TG0MnNI3Qw+iRHNCwLY6K4J6/kG8S938R
7/PbP7ylIBi0XtLlGD+FDoNt851Rg2fPr9uk+mwWFAHJEjP3UZotK+LN/TGSYV9b
3IY40zTrt78pWwgdXXvyhZw0U0G3u7BpVXTavk2DHsCDYWFCd1LK6umLiopdN/T/
H3H20NHiFrUcRwKCAQBrFA+WvInVT8rmgHlKilkxmj7lCBNthvaV8PsKtRtE1cP9
ez4o50m6L35FYGSi8TzHKEzaEMR86GOOvKCiKxbF/qDIFvxU5WMFIl9wGSYu/bR5
/ouRL05cUMNEPYtt9huQsbEqqVWqMX78FdVuZh4EbN8RFi7dDeKyug6nxwkv+WFL
Pq/MphPxa6KNY93tMtwOUU5t5p4yBfDg9d84Qw7WcmtkbHH/j4s735QD4moQM4Zt
4j+9fryB1MncX8n3wo0GZJ2fux0zGeBlAGuVH+DA8CGj3cmKiKXfaDux+vokzrBG
v+KxFrc2WTWVzJWPQQlTdaGU+a+cvmLDeDrT2zA/AoIBAQC/U2VfRz2TFuEF/1+M
qJW3/29m7EwilAoUdkkpWRXf/OKw10eQ8nNrV+ZitOXxHPt4cBWv7WpGP92fTtUV
HwmPD5YdNyu93bBcxlrU/AVj6GCoR9E1waqUGq25CTha5AV/J/7OIQ8xwL7/EC60
vFCx2m3UmKBCJbfhzVWADruBG35j5z45jsFyF9O4RaQY5VV2G8wuv39II6M/60IY
smyJv/ZzvCzpZAuE1oxaIUVV2jzfR7RyoV7nh0qHPcFqqapFNysbHylOY1oFrujM
mZAXypLN7GvQ0b7TeB+jP65RX3z+oGomTgZQD5dUeTowq8fzDlJYXV5TSqIBBNQu
TNz9AoIBAELhsEeQucMagn0hFKY5WgxIYF27UjYZVzpt78SKyKjwka0CqDFrCwM+
KF80TiAfqMBLD27UpYM9ylwv56e2ZLMWZb/Z0y25jlRC3ctSyRPFyLC6dRgZ1IVA
pDsh06uxJhBcZyJC1KKMShdfgV37TQC4qlpqAnDyN39TQH0rr7g9EOzUrOk1tclU
mnuUD5wTL5vx7h0mpTSJxf8r6D17i5loWYfi+tp4V7wibVrr7QNh7KWZ5Ww24Rmc
LZBtCAKI6Eoac9SOmtpDHW8l8istyNNCqrvU+xtwAnguRbo71rE18j+y11PPhqxn
4y2gRqQJl4QzugozyY0+9DKux/FDFfM=
-----END PRIVATE KEY-----

View file

@ -2,7 +2,6 @@ morph:
rpc_endpoint:
- address: ws://localhost:30333/ws
dial_timeout: 20s
ape_chain_cache_size: 0
control:
grpc:
@ -38,6 +37,7 @@ pprof:
storage:
shard_num: 1
shard_pool_size: 1000
shard:
0:
writecache:
@ -66,6 +66,4 @@ tree:
object:
put:
pool_size_remote: 100
pool_size_local: 100
local_pool_size: 1000

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

File diff suppressed because one or more lines are too long

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.