Compare commits

..

73 commits

Author SHA1 Message Date
5471dbfc0e
[#98] s3_gate: Fix custom user wallets folder creation during compose up
Make custom wallets volume to point to the `wallets` directory in the project's root.

Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2025-01-10 14:19:47 +03:00
90147c7108 [#95] Output errors during make clean
It happens that a volume may not be deleted during `make clean`.
For example, if the volume is being used by a container.
If this happens, there are no errors printed to stdout.
And old volumes may cause errors during subsequent `make up`

Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-12-27 12:18:25 +00:00
c4d4fecb89
[#96] s3_lifecycler: Fix docker-compose warnings
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-12-27 10:43:20 +03:00
d34d842700 [#93] Remove frostfs-rest-gw from dev-env
This repo is being archived and not maintained at the moment.

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-12-25 08:44:00 +00:00
b08bb663f9 [#93] Update gateway components
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-12-25 08:44:00 +00:00
d29d50a002 [#93] Update frostfs-contract to the latest version
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-12-25 08:44:00 +00:00
6a5817e15c [#93] Register storage nodes in proxy contract during bootstrap
This allows to send APE requests to the nodes right after `make up` command

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-12-25 08:44:00 +00:00
4db8ca356d [#93] Remove unused env variables
These variables were used when binaries
were available in public storage network

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-12-25 08:44:00 +00:00
e1b8fe7919 [#93] Update frostfs-node to the latest version
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-12-25 08:44:00 +00:00
98484b9739 [#93] Update neo-go to the latest version used by frostfs-node
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2024-12-25 08:44:00 +00:00
0f9000bce6 [#91] Refine CODEOWNERS settings
Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-12-20 16:19:17 +00:00
df6859d246 [#92] docs: Update contract list
Contract list got outdated: it was mentioning NeoFS, Audit and Reputation

Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-12-13 18:10:57 +03:00
326578f0ab [#90] Stop using obsolete .github directory
This commit is a part of multi-repo cleanup effort:
TrueCloudLab/frostfs-infra#136

Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-12-10 11:16:44 +00:00
a0fdaebbf4 [#85] Add s3 lifecycler
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-11-06 22:54:58 +03:00
10e5bed2af
[#79] storage: Take User-Agent from NODE_VERSION
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-10-31 10:39:00 +03:00
7152f59232 [#88] Remove nats service
It was removed from node in TrueCloudLab/frostfs-node#1161.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-10-31 07:38:50 +00:00
636be7352e [#84] Make targets for issuing credentials
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-10-17 12:37:26 +03:00
d0c32731f2 [#80] Update frostfs-service components to v0.30.*
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-09-16 08:18:01 +00:00
7538bd9b17 [#83] Honor IPV4_PREFIX in morph_chain config
Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-09-10 16:45:06 +03:00
2e67acbcb2 [#78] env: Restore version format
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-09-06 14:37:48 +03:00
439a9e71cf [#81] env: Fix typo
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-09-06 14:09:08 +03:00
dd382f8ce0 [#68] service/morph: Add volume for morph_chain
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 11:54:57 +00:00
044cf99e8d [#70] Makefile: Make bootstrap idempotent
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 11:54:57 +00:00
ae658469a5 [#69] service/ir: Add support -q flag in healthcheck
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 06:25:04 +00:00
155042343b [#69] service/storage: Add support -q flag in healthcheck
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-19 06:25:04 +00:00
f94fa284ec [#76] Update frostfs-core components to v0.42.9
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-08-17 05:51:34 +03:00
d03be14312 [#75] Makefile: Add subjects for storage and client wallets to FrostfsID
Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2024-08-16 10:41:57 +03:00
0be22a9375
[#73] Update HTTP gate docs
Signed-off-by: Aleksey Savchuk <a.savchuk@yadro.com>
2024-07-08 10:56:42 +03:00
2b6122192a [#67] services/ir: Remove deprecated flag in healthcheck
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-05-08 11:35:37 +03:00
773ea2339b [#66] Update frostfs-* to v0.38.5
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2024-04-15 20:16:51 +03:00
47b4917e7b [#65] services: Fix docker-compose warnings
There were multiple warning like this one.
```
WARN[0000] /secret/services/rest_gate/docker-compose.yml: `version` is obsolete
```

According to docker-compose spec, the parameter is indeed purely informative:
https://github.com/compose-spec/compose-spec/blob/master/spec.md#version-and-name-top-level-elements

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-04-04 11:47:33 +03:00
Airat Arifullin
8edfcb364d [#64] adm: Create default Allow policy for root namespace
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-02-26 08:03:13 +00:00
19e5cec49f [#63] Use SIGTERM to stop Go services
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-02-20 15:54:23 +03:00
0f6f2722c2 [#61] Update frostfs-s3-gw
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-12-14 17:30:01 +03:00
9654b77236 [#61] Update frostfs-http-gw
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-12-14 17:11:58 +03:00
dfad34fdea [#61] Update frostfs-node components with contracts
Signed-off-by: Alex Vanin <a.vanin@yadro.com>
2023-12-14 17:11:52 +03:00
1077c9d358 [#59] .env: Update neo-go to v0.104.0
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-12-06 14:09:11 +03:00
40454b5507 [#56] Add loki
Signed-off-by: Alexander Chuprov <a.chuprov@yadro.com>
2023-11-15 16:08:15 +03:00
9c9ec639f0 [#58] Update neo-go to v0.103.0
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-10-25 13:15:07 +03:00
de8b58911e [#47] prometheus: Don't bind port to localhost
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-10-06 10:37:41 +03:00
c2e2b6442c [#47] grafana: Don't bind port to localhost
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-10-06 10:37:41 +03:00
4413251994 [#20] Add frostfs-cli configurations
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2023-09-13 16:28:48 +03:00
e254eba6a8 [#52] frostfs-adm.yml: Allow maintenance mode by default
It is a DEV-env after all.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-08-25 14:10:54 +03:00
90bd39d717 [#43] grafana: FSTree bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:49 +03:00
fdcf71d5b6 [#49] grafana: Add metabase bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:45 +03:00
f0c3c02943 [#49] grafana: Blobovnicza bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:42 +03:00
4a6b481618 [#49] grafana: Writecache bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:39 +03:00
42e6349276 [#49] grafana: Storage engine bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:35 +03:00
eba763ff79 [#49] grafana: Server bucket distribution
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-25 11:31:31 +03:00
b7ac6f30cf [#50] services/ir: Take all contract hashes from NNS
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-08-21 10:22:19 +03:00
6eedab3d83 [#48] grafana: Fix blobovnicza board
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-18 13:40:03 +03:00
731976cc57 [#44] grafana: Add Client dashboard
Client dashboard shows outgoing requests.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-14 12:33:18 +00:00
51053e3317 [#46] .forgejo: Update DCO action
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2023-08-11 13:48:36 +00:00
04260ad0d8 [#38] grafana: Fix writecache boards
Stack count and size dashborads.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-07 13:59:42 +03:00
9bb0385b85 [#38] grafana: Add morph dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-06 15:15:54 +03:00
b6f47cb2c2 [#38] grafana: Add GC dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-06 13:44:37 +03:00
d8df46b4d1 [#38] grafana: Add engine dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-05 21:16:47 +03:00
cc963b78b5 [#38] grafana: Add fstree dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 15:03:48 +03:00
acd32cb877 [#38] grafana: Add blobovnizca dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 14:50:04 +03:00
0231b2bbf0 [#38] grafana: Add blobstore dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 14:34:54 +03:00
1408558631 [#38] grafana: Fix units
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-04 13:59:12 +03:00
8218440525 [#38] grafana: Add metabase dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 16:11:35 +03:00
201855e729 [#38] grafana: Add epoch dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 15:57:07 +03:00
74d43f48f2 [#38] grafana: Add object service dashboards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 15:48:53 +03:00
d76cc2e48a [#38] grafana: Add replicator dashbords
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-03 15:31:19 +03:00
d5ee290740 [#38] grafana: Add node instance state
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-02 16:14:29 +03:00
4f9285251f [#38] grafana: Add writecache boards
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-02 15:06:03 +03:00
f749581c4e [#38] grafana: Add tree service row
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-01 18:11:57 +03:00
2efc0442f1 [#38] grafana: Add instance to panels
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-08-01 16:14:18 +03:00
7de23fe789 [#38] grafana: Fix config
Allow to acces grafana anonymous.
Change home page.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:06:51 +03:00
3abb217d30 [#38] grafana: Change start order
Start grafana right after prometheus.

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:06:15 +03:00
584fa43ca7 [#38] grafana: Add overview board
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:05:40 +03:00
2744f675aa [#38] grafana: Add storage dashboard
Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2023-07-31 12:05:23 +03:00
70 changed files with 362 additions and 279 deletions

View file

@ -1,5 +1,4 @@
# Services start/stop order # Services start/stop order
# Will start from top to bottom and stop in reverse # Will start from top to bottom and stop in reverse
nats
ir ir
storage storage

View file

@ -4,3 +4,4 @@ basenet
morph_chain morph_chain
jaeger jaeger
prometheus prometheus
grafana

View file

@ -1,5 +1,4 @@
.docker .docker
.github
.forgejo .forgejo
vendor vendor
tmp tmp

38
.env
View file

@ -8,49 +8,43 @@ BASTION_VERSION=10
BASTION_IMAGE=debian BASTION_IMAGE=debian
# NeoGo privnet # NeoGo privnet
NEOGO_VERSION=0.101.1 NEOGO_VERSION=0.106.3
NEOGO_IMAGE=nspccdev/neo-go NEOGO_IMAGE=nspccdev/neo-go
# FrostFS InnerRing nodes # FrostFS InnerRing nodes
IR_VERSION=365a7ca0 IR_VERSION=0.44.4
IR_IMAGE=truecloudlab/frostfs-ir IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
# FrostFS Storage nodes # FrostFS Storage nodes
NODE_VERSION=365a7ca0 NODE_VERSION=0.44.4
NODE_IMAGE=truecloudlab/frostfs-storage NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
# NATS Server
NATS_VERSION=2.7.2
NATS_IMAGE=nats
# HTTP Gate # HTTP Gate
HTTP_GW_VERSION=0.27.0-rc.1-15-g1776db28 HTTP_GW_VERSION=0.32.0
HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
# REST Gate
REST_GW_VERSION=c9c85e90
REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
# S3 Gate # S3 Gate
S3_GW_VERSION=0.27.0-rc.1-30-gce929468 S3_GW_VERSION=0.32.0
S3_GW_IMAGE=truecloudlab/frostfs-s3-gw S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
# Lifecycler
S3_LIFECYCLER_VERSION=0.1.3
S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
# FrostFS LOCODE database # FrostFS LOCODE database
LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54 LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
#LOCODE_DB_PATH=/path/to/locode_db #LOCODE_DB_PATH=/path/to/locode_db
# FrostFS CLI binary # FrostFS CLI binary
FROSTFS_CLI_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/BbngJDdRJEDJTJk7qptq3SxKqrJqtvVYWU6R5AaFGbtG FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-cli
#FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary
# FrostFS ADM tool binary # FrostFS ADM tool binary
FROSTFS_ADM_VERSION=eca5c210 FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm
FROSTFS_ADM_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/2GxarAjGUb3RevxvqFGYT3hDQxNNaHzK6aFxhJCAMehq
#FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary
# Compiled FrostFS Smart Contracts # Compiled FrostFS Smart Contracts
FROSTFS_CONTRACTS_VERSION=8537293e FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.21.1/frostfs-contract-v0.21.1.tar.gz
FROSTFS_CONTRACTS_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/6ccZoj4HxoN1G1qvJAX2Qw9p2D6qdyzAjNMaNkEKYQpA
#FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir #FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir
# Jaeger tracing # Jaeger tracing
@ -64,3 +58,7 @@ PROMETHEUS_IMAGE=prom/prometheus
# Grafana versions # Grafana versions
GRAFANA_VERSION=9.5.6 GRAFANA_VERSION=9.5.6
GRAFANA_IMAGE=grafana/grafana GRAFANA_IMAGE=grafana/grafana
# Loki versions
LOKI_VERSION=2.9.1
LOKI_IMAGE=grafana/loki

View file

Before

Width:  |  Height:  |  Size: 5.5 KiB

After

Width:  |  Height:  |  Size: 5.5 KiB

View file

@ -1,3 +1,4 @@
name: DCO action
on: [pull_request] on: [pull_request]
jobs: jobs:
@ -12,9 +13,9 @@ jobs:
- name: Setup Go - name: Setup Go
uses: actions/setup-go@v3 uses: actions/setup-go@v3
with: with:
go-version: '1.20' go-version: '1.21'
- name: Run commit format checker - name: Run commit format checker
uses: https://git.alexvan.in/alexvanin/dco-go@v1 uses: https://git.frostfs.info/TrueCloudLab/dco-go@v2
with: with:
from: dca6ff62 from: 'origin/${{ github.event.pull_request.base.ref }}'

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
/services/grafana/provisioning/dashboards/* -diff -merge

1
.github/CODEOWNERS vendored
View file

@ -1 +0,0 @@
* @alexvanin @fyrchik

1
.gitignore vendored
View file

@ -15,4 +15,3 @@ sites/*
# Runtime generation keys # Runtime generation keys
services/storage/*tls.crt services/storage/*tls.crt
services/storage/*tls.key services/storage/*tls.key
services/nats/*.pem

View file

@ -2,5 +2,4 @@
# Will start from top to bottom and stop in reverse # Will start from top to bottom and stop in reverse
http_gate http_gate
s3_gate s3_gate
rest_gate s3_lifecycler
grafana

3
CODEOWNERS Normal file
View file

@ -0,0 +1,3 @@
.* @alexvanin @fyrchik
.forgejo/.* @potyarkin
Makefile @potyarkin

View file

@ -60,6 +60,7 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
.PHONY: up .PHONY: up
up: up/basic up: up/basic
@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
@echo "Full FrostFS Developer Environment is ready" @echo "Full FrostFS Developer Environment is ready"
# Build up FrostFS # Build up FrostFS
@ -76,12 +77,27 @@ up/bootstrap: get vendor/hosts
@$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
@source ./bin/helper.sh @source ./bin/helper.sh
@./vendor/frostfs-adm --config frostfs-adm.yml morph init --contracts vendor/contracts @./vendor/frostfs-adm --config frostfs-adm.yml morph init --contracts vendor/contracts
echo "Set rule chain to policy contract"
@./vendor/frostfs-adm --config frostfs-adm.yml morph \
ape add-rule-chain --target-type namespace --target-name "" \
--rule 'allow Container.* *' --chain-id "allow_container_ops"
@for f in ./services/storage/wallet*.json; do \ @for f in ./services/storage/wallet*.json; do \
echo "Transfer GAS to wallet $${f}" \ echo "Transfer GAS to wallet $${f}" \
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \ && ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \
|| die "Failed to transfer GAS to alphabet wallets"; \ || die "Failed to transfer GAS to alphabet wallets"; \
echo "Register storage wallet $${f} in proxy contract" \
&& ./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/storage/$${f##*/} | head -1 | awk '{print $1}'` || die "Couldn't set storage allet as proxy wallet"
done done
@echo "FrostFS sidechain environment is deployed" @echo "Create frostfsid subject for ./wallets/wallet.json"; \
if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \
echo "Subject already exists"; \
else \
subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \
&& echo "Subject key: $${subj_key}" \
&& ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \
|| die "Failed to create subject for the wallet"; \
fi
echo "FrostFS sidechain environment is deployed"
# Build up certain service # Build up certain service
.PHONY: up/% .PHONY: up/%
@ -136,14 +152,14 @@ hosts: vendor/hosts
.PHONY: clean .PHONY: clean
.ONESHELL: .ONESHELL:
clean: clean:
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem @rm -rf vendor/* services/storage/s04tls.*
@> .int_test.env @> .int_test.env
@for svc in $(PULL_SVCS) @for svc in $(PULL_SVCS)
do do
vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes` vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes`
if [[ ! -z "$${vols}" ]]; then if [[ ! -z "$${vols}" ]]; then
for vol in $${vols}; do for vol in $${vols}; do
docker volume rm -f "$${svc}_$${vol}" 2> /dev/null docker volume rm -f "$${svc}_$${vol}"
done done
fi fi
done done

View file

@ -1,5 +1,5 @@
<p align="center"> <p align="center">
<img src="./.github/logo.svg" width="500px" alt="FrostFS logo"> <img src="./.forgejo/logo.svg" width="500px" alt="FrostFS logo">
</p> </p>
<p align="center"> <p align="center">
<a href="https://frostfs.info">FrostFS</a> local Development and Testing environment <a href="https://frostfs.info">FrostFS</a> local Development and Testing environment
@ -137,6 +137,66 @@ Display addresses and host names for each running service, if available.
Clean up `vendor` directory. Clean up `vendor` directory.
### s3cred
Registers user wallet and issues s3 credentials.
Usage and default parameter values:
```sh
make s3cred [password=""] [contract_password=s3] [wallet=""] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
```
As soon as the storage node is in the network map (see above) you can generate S3
credentials:
``` sh
$ make s3cred
{
"access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
"secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
"owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
"wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
"container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
}
```
Running without any parameters results in defaults which are based on the private key from
`/wallets/wallet.json` user wallet and `/wallet.json` contract wallet.
If `wallet` parameter is set, gate searches custom user wallet file in `/wallets` directory.
Now let's configure an S3 client (AWS CLI will be used as example):
``` sh
$ aws configure
AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
Default region name []: us-east-1
Default output format []: json
```
If you need to create credentials for different users, put user wallet to `wallets` dir and specify it via `wallet` parameter.
Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
```sh
$ make s3cred wallet=custom_wallet.json password=test
{
"access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
"secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
"owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
"wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
"container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
}
```
To get credentials from custom wallet, place it in `wallets` dir before start.
### cred
Usage and default parameter values:
```sh
make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
```
The same as `s3cred`, but it doesn't issues s3 credentials.
## Contributing ## Contributing
Feel free to contribute to this project after reading the [contributing Feel free to contribute to this project after reading the [contributing

4
configs/s01-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet01.json
password: ""
rpc-endpoint: s01.frostfs.devenv:8080
endpoint: s01.frostfs.devenv:8081

4
configs/s02-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet02.json
password: ""
rpc-endpoint: s02.frostfs.devenv:8080
endpoint: s02.frostfs.devenv:8081

4
configs/s03-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet03.json
password: ""
rpc-endpoint: s03.frostfs.devenv:8080
endpoint: s03.frostfs.devenv:8081

4
configs/s04-cli.yml Normal file
View file

@ -0,0 +1,4 @@
wallet: services/storage/wallet04.json
password: ""
rpc-endpoint: s04.frostfs.devenv:8080
endpoint: s04.frostfs.devenv:8081

View file

@ -22,8 +22,8 @@ Image label prefix to use for containers.
- Create a new container - Create a new container
``` ```
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
--key wallets/wallet.key \ --wallet wallets/wallet.key \
container create --basic-acl readonly --await \ container create --basic-acl private --await \
--policy "REP 1 SELECT 1 FROM *" --policy "REP 1 SELECT 1 FROM *"
container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
awaiting... awaiting...
@ -33,7 +33,7 @@ container has been persisted on sidechain
- Put an object into the newly created container - Put an object into the newly created container
``` ```
$ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \ $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
--key wallets/wallet.key \ --wallet wallets/wallet.key \
object put --file /tmp/backup.jpeg \ object put --file /tmp/backup.jpeg \
--cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP --cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
[/tmp/backup.jpeg] Object successfully stored [/tmp/backup.jpeg] Object successfully stored

View file

@ -4,13 +4,15 @@ A single-node N3 privnet deployment, running on
Contracts deployed: Contracts deployed:
- Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet) - Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet)
- Audit [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/audit)
- Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance) - Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance)
- Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container) - Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container)
- FrostFS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfs)
- FrostFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfsid)
- NNS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/nns)
- Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap) - Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap)
- NeoFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/neofsid) - Policy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/policy)
- Processing [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/processing)
- Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy) - Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy)
- Reputation [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/reputation)
RPC available at `http://morph-chain.frostfs.devenv:30333`. RPC available at `http://morph-chain.frostfs.devenv:30333`.

View file

@ -5,6 +5,7 @@ network:
epoch_duration: 240 epoch_duration: 240
basic_income_rate: 100000000 basic_income_rate: 100000000
homomorphic_hash_disabled: false homomorphic_hash_disabled: false
maintenance_mode_allowed: true
fee: fee:
audit: 10000 audit: 10000
candidate: 10000000000 candidate: 10000000000

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
basenet: basenet:

View file

@ -1 +1,2 @@
IPV4_PREFIX.122 grafana.LOCAL_DOMAIN IPV4_PREFIX.122 grafana.LOCAL_DOMAIN
IPV4_PREFIX.123 loki.LOCAL_DOMAIN

View file

@ -1,4 +1,3 @@
version: '2.4'
services: services:
grafana: grafana:
image: ${GRAFANA_IMAGE}:${GRAFANA_VERSION} image: ${GRAFANA_IMAGE}:${GRAFANA_VERSION}
@ -14,11 +13,17 @@ services:
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./grafana.ini:/etc/grafana/grafana.ini - ./grafana.ini:/etc/grafana/grafana.ini
- ./provisioning:/etc/grafana/provisioning - ./provisioning:/etc/grafana/provisioning
ports:
- '3000:3000'
stop_signal: SIGKILL stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ] env_file: [ ".env", ".int_test.env" ]
loki:
image: ${LOKI_IMAGE}:${LOKI_VERSION}
command: -config.file=/etc/loki/local-config.yaml
networks:
grafana_int:
internet:
ipv4_address: ${IPV4_PREFIX}.123
networks: networks:
grafana_int: grafana_int:
internet: internet:

View file

@ -1,3 +1,7 @@
[auth.anonymous] [auth.anonymous]
# enable anonymous access
enabled = true enabled = true
org_name = Main Org.
org_role = Editor
[dashboards]
default_home_dashboard_path= /etc/grafana/provisioning/dashboards/overview.json

Binary file not shown.

View file

@ -6,3 +6,8 @@ datasources:
access: proxy access: proxy
orgId: 1 orgId: 1
url: http://prometheus:9090 url: http://prometheus:9090
- name: Loki
type: loki
access: proxy
orgId: 1
url: http://loki:3100

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
http_gate: http_gate:
image: ${HTTP_GW_IMAGE}:${HTTP_GW_VERSION} image: ${HTTP_GW_IMAGE}:${HTTP_GW_VERSION}

View file

@ -1,3 +1 @@
FROSTFS_IR_CONTRACTS_FROSTFSID=27407c76feabc407908f3d09a3d845d45e7c981a
FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512 FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512

View file

@ -25,7 +25,6 @@ endif
# Download FrostFS CLI # Download FrostFS CLI
.ONESHELL: .ONESHELL:
get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli
get.cli: FROSTFS_CLI_ARCHIVE_FILE=${FROSTFS_CLI_FILE}.tar.gz
get.cli: FROSTFS_CLI_PATH?= get.cli: FROSTFS_CLI_PATH?=
get.cli: get.cli:
@mkdir -p ./vendor @mkdir -p ./vendor
@ -34,10 +33,8 @@ ifeq (${FROSTFS_CLI_PATH},)
@echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}" @echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}"
@curl \ @curl \
-ksSL "${FROSTFS_CLI_URL}" \ -ksSL "${FROSTFS_CLI_URL}" \
-o ${FROSTFS_CLI_ARCHIVE_FILE} -o ${FROSTFS_CLI_FILE}
@tar -xvf ${FROSTFS_CLI_ARCHIVE_FILE} -C ./vendor | xargs -I {} \ @chmod +x ${FROSTFS_CLI_FILE}
mv ./vendor/{} ${FROSTFS_CLI_FILE}
@rm ${FROSTFS_CLI_ARCHIVE_FILE}
else else
@echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}" @echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}"
@cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE} @cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE}

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
ir01: ir01:
@ -13,19 +12,19 @@ services:
ir_int: ir_int:
internet: internet:
ipv4_address: ${IPV4_PREFIX}.61 ipv4_address: ${IPV4_PREFIX}.61
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
volumes: volumes:
- ./az.json:/wallet.json - ./az.json:/wallet.json
- ./az.key:/wallet01.key - ./az.key:/wallet01.key
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./../../vendor/locode_db:/locode/db - ./../../vendor/locode_db:/locode/db
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./healthcheck.sh:/healthcheck.sh
- ./cfg:/etc/frostfs/ir - ./cfg:/etc/frostfs/ir
env_file: [ ".env", ".ir.env", ".int_test.env" ] env_file: [ ".env", ".ir.env", ".int_test.env" ]
command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ] command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ]
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control ir healthcheck -q --wallet /wallet01.key --endpoint \"$$FROSTFS_IR_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5

View file

@ -1,6 +0,0 @@
#!/bin/sh
/frostfs-cli control healthcheck \
--endpoint "$FROSTFS_IR_CONTROL_GRPC_ENDPOINT" \
--wallet /wallet01.key --ir |
grep "Health status: READY"

View file

@ -1,4 +1,3 @@
version: '2.4'
services: services:
jaeger: jaeger:
image: ${JAEGER_IMAGE}:${JAEGER_VERSION} image: ${JAEGER_IMAGE}:${JAEGER_VERSION}

View file

@ -20,15 +20,12 @@ endif
# Download FrostFS ADM tool # Download FrostFS ADM tool
get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm
get.adm: FROSTFS_ADM_ARCHIVE=frostfs-adm.tar.gz
get.adm: get.adm:
ifeq (${FROSTFS_ADM_PATH},) ifeq (${FROSTFS_ADM_PATH},)
@echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}" @echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}"
@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_ARCHIVE} @curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_DEST}
@tar -xvf ${FROSTFS_ADM_ARCHIVE} -C ./vendor | xargs -I {} \ @chmod +x ${FROSTFS_ADM_DEST}
mv ./vendor/{} ${FROSTFS_ADM_DEST}
@rm ${FROSTFS_ADM_ARCHIVE}
else else
@echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}" @echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}"
@cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST} @cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST}

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
frostfs_morph_chain: frostfs_morph_chain:
image: ${NEOGO_IMAGE}:${NEOGO_VERSION} image: ${NEOGO_IMAGE}:${NEOGO_VERSION}
@ -20,9 +19,18 @@ services:
- ./config.yml:/wallets/config.yml - ./config.yml:/wallets/config.yml
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./../../wallets/wallet.json:/wallets/wallet.json - ./../../wallets/wallet.json:/wallets/wallet.json
- ./../s3_gate/wallet.json:/wallets/s3-wallet.json
- ./../storage/wallet01.json:/wallets/storage/wallet01.json
- ./../storage/wallet02.json:/wallets/storage/wallet02.json
- ./../storage/wallet03.json:/wallets/storage/wallet03.json
- ./../storage/wallet04.json:/wallets/storage/wallet04.json
- chains:/chains
networks: networks:
chain_int: chain_int:
internet: internet:
external: true external: true
name: basenet_internet name: basenet_internet
volumes:
chains:

View file

@ -11,13 +11,14 @@ ProtocolConfiguration:
VerifyTransactions: true VerifyTransactions: true
StateRootInHeader: true StateRootInHeader: true
P2PSigExtensions: true P2PSigExtensions: true
Hardforks: {}
ApplicationConfiguration: ApplicationConfiguration:
SkipBlockVerification: false SkipBlockVerification: false
DBConfiguration: DBConfiguration:
Type: "boltdb" Type: "boltdb"
BoltDBOptions: BoltDBOptions:
FilePath: "./db/morph.bolt" FilePath: "/chains/morph.bolt"
P2P: P2P:
Addresses: Addresses:
- ":20333" - ":20333"
@ -29,9 +30,14 @@ ApplicationConfiguration:
AttemptConnPeers: 5 AttemptConnPeers: 5
MinPeers: 0 MinPeers: 0
Relay: true Relay: true
Consensus:
Enabled: true
UnlockWallet:
Path: "./wallets/node-wallet.json"
Password: "one"
RPC: RPC:
Addresses: Addresses:
- "192.168.130.90:30333" - ":30333"
Enabled: true Enabled: true
SessionEnabled: true SessionEnabled: true
EnableCORSWorkaround: false EnableCORSWorkaround: false
@ -49,6 +55,3 @@ ApplicationConfiguration:
Addresses: Addresses:
- ":20011" - ":20011"
Enabled: true Enabled: true
UnlockWallet:
Path: "./wallets/node-wallet.json"
Password: "one"

View file

@ -1 +0,0 @@
IPV4_PREFIX.101 nats.LOCAL_DOMAIN

View file

@ -1,7 +0,0 @@
# Create new TLS certs for NATS server and clients
NATS_DIR=$(abspath services/nats)
get.nats:
@echo "⇒ Creating certs for NATS server and clients"
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null

View file

@ -1,31 +0,0 @@
---
version: "2.4"
services:
nats:
image: ${NATS_IMAGE}:${NATS_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: nats
container_name: nats
restart: on-failure
dns:
- ${IPV4_PREFIX}.101
networks:
nats_int:
internet:
ipv4_address: ${IPV4_PREFIX}.101
volumes:
- ./../../vendor/hosts:/etc/hosts
- ./nats.conf:/etc/nats/frostfs-nats-server.conf
- ./server-cert.pem:/certs/server-cert.pem
- ./server-key.pem:/certs/server-key.pem
- ./ca-cert.pem:/certs/ca-cert.pem
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
networks:
nats_int:
internet:
external: true
name: basenet_internet

View file

@ -1,49 +0,0 @@
#!/bin/bash
source bin/helper.sh
WORKDIR=$(dirname "$0")
LOCAL_DOMAIN=$1
CA_KEY=$WORKDIR/ca-key.pem
CA_CRT=$WORKDIR/ca-cert.pem
SRV_KEY=$WORKDIR/server-key.pem
SRV_REQ=$WORKDIR/server-req.csr
SRV_CRT=$WORKDIR/server-cert.pem
CLI_KEY=$WORKDIR/client-key.pem
CLI_REQ=$WORKDIR/client-req.csr
CLI_CRT=$WORKDIR/client-cert.pem
SUBJ="/O=TrueCloudLab"
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
die "CA certificate was not created"
fi
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
die "Server certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
rm $SRV_REQ
die "Server certificate was not signed by CA"
}
rm $SRV_REQ
fi
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
die "Client certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
rm $CLI_REQ
die "Client certificate was not signed by CA"
}
rm $CLI_REQ
fi

View file

@ -1,15 +0,0 @@
port: 4222
monitor_port: 8222
jetstream {
store_dir=nats
max_memory_store: 1GB
max_file_store: 2GB
}
tls {
cert_file: /certs/server-cert.pem
key_file: /certs/server-key.pem
ca_file: /certs/ca-cert.pem
verify: true
}

View file

@ -1,4 +1,3 @@
version: '2.4'
services: services:
prometheus: prometheus:
image: ${PROMETHEUS_IMAGE}:${PROMETHEUS_VERSION} image: ${PROMETHEUS_IMAGE}:${PROMETHEUS_VERSION}
@ -15,8 +14,6 @@ services:
- ./prometheus.yml:/etc/prometheus/prometheus.yml - ./prometheus.yml:/etc/prometheus/prometheus.yml
command: command:
- --config.file=/etc/prometheus/prometheus.yml - --config.file=/etc/prometheus/prometheus.yml
ports:
- '9090:9090'
stop_signal: SIGKILL stop_signal: SIGKILL
env_file: [ ".env", ".prometheus.env", ".int_test.env" ] env_file: [ ".env", ".prometheus.env", ".int_test.env" ]

View file

@ -1 +0,0 @@
../../.env

View file

@ -1 +0,0 @@
IPV4_PREFIX.83 rest.LOCAL_DOMAIN

View file

@ -1 +0,0 @@
../../.int_test.env

View file

@ -1,12 +0,0 @@
prometheus:
enabled: true
address: :9090
server:
# The IP and port to listen on.
listen-address: 0.0.0.0:8090
# Wallet settings
wallet:
path: /wallet.json # Path to wallet
passphrase: one # Password to decrypt wallet

View file

@ -1,32 +0,0 @@
---
version: "2.4"
services:
rest_gate:
image: ${REST_GW_IMAGE}:${REST_GW_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: rest
container_name: rest_gate
restart: on-failure
networks:
rest_gate_int:
internet:
ipv4_address: ${IPV4_PREFIX}.83
volumes:
- ./wallet.json:/wallet.json
- ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/rest
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ]
environment:
- REST_GW_POOL_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- REST_GW_POOL_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
- REST_GW_POOL_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
- REST_GW_POOL_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
networks:
rest_gate_int:
internet:
external: true
name: basenet_internet

View file

@ -33,3 +33,17 @@ server:
wallet: wallet:
path: /wallet.json # Path to wallet path: /wallet.json # Path to wallet
passphrase: "s3" # Passphrase to decrypt wallet passphrase: "s3" # Passphrase to decrypt wallet
features:
md5:
enabled: true
control:
grpc:
endpoint: localhost:16515
frostfsid:
enabled: false
policy:
enabled: false

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
s3_gate: s3_gate:
image: ${S3_GW_IMAGE}:${S3_GW_VERSION} image: ${S3_GW_IMAGE}:${S3_GW_VERSION}
@ -13,12 +12,17 @@ services:
internet: internet:
ipv4_address: ${IPV4_PREFIX}.82 ipv4_address: ${IPV4_PREFIX}.82
volumes: volumes:
# Gate wallet
- ./wallet.json:/wallet.json - ./wallet.json:/wallet.json
# Folder for custom user wallets
- ./../../wallets/:/wallets/
- ./tls.key:/tls.key - ./tls.key:/tls.key
- ./tls.crt:/tls.crt - ./tls.crt:/tls.crt
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3 - ./cfg:/etc/frostfs/s3
stop_signal: SIGKILL - ./issue-creds.sh:/usr/bin/issue-creds.sh
stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".s3.env", ".int_test.env" ] env_file: [ ".env", ".s3.env", ".int_test.env" ]
command: [ "frostfs-s3-gw", "--config", "/etc/frostfs/s3/config.yml" ] command: [ "frostfs-s3-gw", "--config", "/etc/frostfs/s3/config.yml" ]
environment: environment:
@ -34,6 +38,8 @@ services:
- S3_GW_PEERS_2_WEIGHT=0.2 - S3_GW_PEERS_2_WEIGHT=0.2
- S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080 - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_GW_PEERS_3_WEIGHT=0.2 - S3_GW_PEERS_3_WEIGHT=0.2
- AUTHMATE_WALLET_PASSPHRASE=
- AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
networks: networks:
s3_gate_int: s3_gate_int:

41
services/s3_gate/issue-creds.sh Executable file
View file

@ -0,0 +1,41 @@
#!/bin/bash
initUser() {
/bin/frostfs-s3-authmate register-user \
--wallet $WALLET_PATH \
--rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
--username $USERNAME \
--contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
}
issueCreds() {
/bin/frostfs-s3-authmate issue-secret \
--wallet $WALLET_PATH \
--peer s01.frostfs.devenv:8080 \
--gate-public-key $S3_GATE_PUBLIC_KEY \
--container-placement-policy "REP 3"
}
set -e
WALLET_PATH=/wallets/$2
if [[ -z "$2" ]]; then
WALLET_PATH=/wallets/wallet.json
fi
S3_GATE_PUBLIC_KEY=$3
if [[ -z "$3" ]]; then
S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
fi
WALLET_CACHE=/data/wallets
mkdir -p $WALLET_CACHE
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
initUser
fi
if [ $1 == "s3" ]; then
issueCreds
fi

View file

@ -0,0 +1,14 @@
.PHONY: s3cred register
password?=
contract_password?=s3
gate_public_key?=
wallet?=
# Register wallet & generate S3 credentials
s3cred:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
# Only registers user wallet
register:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"

View file

@ -0,0 +1 @@
IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN

View file

@ -0,0 +1,42 @@
logger:
level: debug
prometheus:
enabled: true
address: :9090
lifecycle:
job_fetcher_buffer: 1000
executor_pool_size: 100
frostfs:
stream_timeout: 10s
connect_timeout: 10s
healthcheck_timeout: 15s
rebalance_interval: 60s
pool_error_threshold: 100
tree_pool_max_attempts: 4
credential:
use: wallets
source:
wallets:
- path: /wallet.json
address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
passphrase: "cycle"
- path: /user-wallet.json
address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
passphrase: ""
morph:
reconnect_clients_interval: 30s
dial_timeout: 5s
contract:
netmap: netmap.frostfs
frostfsid: frostfsid.frostfs
container: container.frostfs
# Wallet configuration
wallet:
path: /wallet.json # Path to wallet
passphrase: "cycle" # Passphrase to decrypt wallet

View file

@ -0,0 +1,37 @@
---
services:
s3_lifecycler:
image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: s3_lifecycler
container_name: s3_lifecycler
restart: on-failure
networks:
s3_lifecycler_int:
internet:
ipv4_address: ${IPV4_PREFIX}.84
volumes:
- ./wallet.json:/wallet.json
- ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3-lifecycler
- ./../../wallets/wallet.json:/user-wallet.json
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
environment:
- S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
- S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
networks:
s3_lifecycler_int:
internet:
external: true
name: basenet_internet

View file

@ -1,12 +1,12 @@
{ {
"version": "3.0", "version": "1.0",
"accounts": [ "accounts": [
{ {
"address": "NPFCqWHfi9ixCJRu7DABRbVfXRbkSEr9Vo", "address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7",
"key": "6PYTAGjdaeicUDPqGv9mmgwb9kTwimWJJmmfNqJSDGH9qM79zSRcL9oHiB", "key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ",
"label": "REST Gateway", "label": "lifecycler",
"contract": { "contract": {
"script": "DCECcuPzZCZ2VyDsm2jKEOMnU6xEWO2bF1dvOvBWTDFYB1ZBVuezJw==", "script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==",
"parameters": [ "parameters": [
{ {
"name": "parameter0", "name": "parameter0",

View file

@ -1,6 +1,11 @@
# Logger section # Logger section
logger: logger:
level: debug # Minimum enabled logging level level: debug # Minimum enabled logging level
loki:
enabled: true
endpoint: "loki.frostfs.devenv:3100/api/prom/push"
max_batch_delay: 1s
max_batch_size: 200
# Profiler section # Profiler section
pprof: pprof:
@ -27,18 +32,6 @@ morph:
- address: ws://morph-chain:30333/ws - address: ws://morph-chain:30333/ws
priority: 1 priority: 1
# Common storage node settings
node:
attribute_0: "User-Agent:FrostFS/0.34"
notification:
enabled: true # Turn on object notification service
endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint
timeout: "6s" # Timeout for object notification client connection
default_topic: "test" # Default topic for object notifications if not found in object's meta
certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate
key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key
ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate
# Tree section # Tree section
tree: tree:
enabled: true enabled: true

View file

@ -1,6 +1,5 @@
--- ---
version: "2.4"
services: services:
storage01: storage01:
image: ${NODE_IMAGE}:${NODE_VERSION} image: ${NODE_IMAGE}:${NODE_VERSION}
@ -18,13 +17,10 @@ services:
- storage_s01:/storage - storage_s01:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -33,10 +29,11 @@ services:
- FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
- FROSTFS_NODE_ATTRIBUTE_2=Price:22 - FROSTFS_NODE_ATTRIBUTE_2=Price:22
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -58,13 +55,10 @@ services:
- storage_s02:/storage - storage_s02:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -73,10 +67,11 @@ services:
- FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
- FROSTFS_NODE_ATTRIBUTE_2=Price:33 - FROSTFS_NODE_ATTRIBUTE_2=Price:33
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -98,13 +93,10 @@ services:
- storage_s03:/storage - storage_s03:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -113,10 +105,11 @@ services:
- FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
- FROSTFS_NODE_ATTRIBUTE_2=Price:11 - FROSTFS_NODE_ATTRIBUTE_2=Price:11
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5
@ -138,14 +131,11 @@ services:
- storage_s04:/storage - storage_s04:/storage
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./healthcheck.sh:/healthcheck.sh
- ./s04tls.crt:/tls.crt - ./s04tls.crt:/tls.crt
- ./s04tls.key:/tls.key - ./s04tls.key:/tls.key
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGKILL stop_signal: SIGTERM
stop_grace_period: 15s
env_file: [ ".env", ".storage.env", ".int_test.env" ] env_file: [ ".env", ".storage.env", ".int_test.env" ]
command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ] command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
environment: environment:
@ -159,10 +149,11 @@ services:
- FROSTFS_GRPC_1_TLS_ENABLED=true - FROSTFS_GRPC_1_TLS_ENABLED=true
- FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt - FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
- FROSTFS_GRPC_1_TLS_KEY=/tls.key - FROSTFS_GRPC_1_TLS_KEY=/tls.key
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
- FROSTFS_NODE_ATTRIBUTE_2=Price:44 - FROSTFS_NODE_ATTRIBUTE_2=Price:44
healthcheck: healthcheck:
test: ["CMD-SHELL", "/healthcheck.sh"] test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
interval: 2s interval: 2s
timeout: 1s timeout: 1s
retries: 5 retries: 5

View file

@ -1,5 +0,0 @@
#!/bin/sh
/frostfs-cli control healthcheck -c /cli-cfg.yml \
--endpoint "$FROSTFS_CONTROL_GRPC_ENDPOINT" |
grep "Health status: READY"