[#18] Support custom wallets

Signed-off-by: Alex Vanin <a.vanin@yadro.com>

.env

@@ -1,3 +1,3 @@
 FROSTFS_HUB_IMAGE=truecloudlab/frostfs
 AIO_IMAGE=truecloudlab/frostfs-aio
-AIO_VERSION=1.2.7
+AIO_VERSION=1.2.8

Dockerfile

@@ -1,8 +1,8 @@
 ARG FROSTFS_HUB_IMAGE=truecloudlab/frostfs
 ARG NEOGO_HUB_IMAGE=nspccdev/neo-go
 
-ARG FROSTFS_CORE_TAG=0beb7ccf
-ARG FROSTFS_GATES_TAG=0.27.0-rc.2
+ARG FROSTFS_CORE_TAG=0.36.0
+ARG FROSTFS_GATES_TAG=0.27.0
 ARG NEOGO_TAG=0.101.1
 
 FROM ${NEOGO_HUB_IMAGE}:${NEOGO_TAG} as neo-go
@@ -25,8 +25,6 @@ RUN apk add --no-cache \
 
 WORKDIR /
 
-COPY --from=neo-go /usr/bin/privnet-entrypoint.sh /usr/bin/privnet-entrypoint.sh
-COPY --from=neo-go /etc/ssl/certs /etc/ssl/certs
 COPY --from=neo-go /usr/bin/neo-go /usr/bin/neo-go
 COPY --from=frostfs-adm /bin/frostfs-adm /usr/bin/frostfs-adm
 COPY --from=frostfs-cli /bin/frostfs-cli /usr/bin/frostfs-cli
@@ -55,7 +53,7 @@ COPY ./sn/config.yaml /config/config-sn.yaml
 COPY ./vendor/locode_db /config/locode.db
 COPY ./vendor/contracts/ /config/contracts
 
-COPY ./bin/ /config/bin
+COPY ./bin/init-aio.sh /config/bin/init-aio.sh
 
 ENV AUTHMATE_WALLET_PASSPHRASE=""
 

Dockerfile.local

@@ -0,0 +1,45 @@
+# Executable image
+FROM alpine AS frostfs-aio
+RUN apk add --no-cache \
+  bash \
+  ca-certificates \
+  jq \
+  expect \
+  iputils \
+  curl
+
+WORKDIR /
+
+COPY ./bin/neo-go /usr/bin/neo-go
+COPY ./bin/frostfs-adm /usr/bin/frostfs-adm
+COPY ./bin/frostfs-cli /usr/bin/frostfs-cli
+COPY ./bin/frostfs-ir /usr/bin/frostfs-ir
+COPY ./bin/frostfs-node /usr/bin/frostfs-node
+COPY ./bin/frostfs-s3-gw /usr/bin/frostfs-s3-gw
+COPY ./bin/frostfs-s3-authmate /usr/bin/frostfs-s3-authmate
+COPY ./bin/frostfs-http-gw /usr/bin/frostfs-http-gw
+
+COPY ./adm/frostfs-adm.yml /config/frostfs-adm.yml
+COPY ./ir/cli-cfg.yaml /config/cli-cfg-ir.yaml
+COPY ./ir/config.yaml /config/config-ir.yaml
+COPY ./morph/protocol.privnet.yml /config/protocol.privnet.yml
+COPY ./morph/node-wallet.json /config/alphabet/az.json
+COPY ./morph/node-wallet.json /config/node-wallet.json
+COPY ./morph/node-config.yaml /config/node-config.yaml
+COPY ./http-gw/http-gw-config.yaml /config/http-gw-config.yaml
+COPY ./http-gw/http-gw-wallet.json /config/http-gw-wallet.json
+COPY ./s3-gw/rules.json /config/bearer-rules.json
+COPY ./s3-gw/s3-gw-config.yaml /config/s3-gw-config.yaml
+COPY ./s3-gw/s3-gw-wallet.json /config/s3-gw-wallet.json
+COPY ./s3-gw/user-wallet.json /config/user-wallet.json
+COPY ./sn/cli-cfg.yaml /config/cli-cfg-sn.yaml
+COPY ./sn/wallet.json /config/wallet-sn.json
+COPY ./sn/config.yaml /config/config-sn.yaml
+COPY ./vendor/locode_db /config/locode.db
+COPY ./vendor/contracts/ /config/contracts
+
+COPY ./bin/init-aio.sh /config/bin/init-aio.sh
+
+ENV AUTHMATE_WALLET_PASSPHRASE=""
+
+ENTRYPOINT ["/config/bin/init-aio.sh"]

Makefile

@@ -11,15 +11,18 @@ VERSION ?= "$(shell git describe --tags --match "v*" 2>/dev/null || git rev-pars
 NEOGO_HUB_IMAGE ?= "nspccdev/neo-go"
 NEOGO_HUB_TAG ?= "0.101.1"
 FROSTFS_HUB_IMAGE ?= "truecloudlab/frostfs"
-FROSTFS_CORE_TAG ?= "0beb7ccf"
-FROSTFS_GATES_TAG ?= "0.27.0-rc.2"
+FROSTFS_CORE_TAG ?= "0.36.0"
+FROSTFS_GATES_TAG ?= "0.27.0"
 AIO_IMAGE ?= "truecloudlab/frostfs-aio"
 
 # Variables for compose
-COMPOSE_CMD ?= docker-compose up -d
+COMPOSE_CMD_UP ?= docker-compose up -d
+COMPOSE_CMD_DOWN ?= docker-compose down
+
 COMPOSE_V2 = "$(shell docker compose version --short | grep -q '^2' && echo true)"
 ifeq ($(COMPOSE_V2), "true")
-        COMPOSE_CMD = docker compose up -d --wait
+	COMPOSE_CMD_UP = docker compose up -d --wait
+	COMPOSE_CMD_DOWN = docker compose down
 endif
 
 # Variables for S3
@@ -28,7 +31,7 @@ S3_GATE_PUBLIC_KEY ?= "0312fe65b101565de74eedf477afb43417ff5f795732506cfddc8e044
 
 # Build aio Docker image
 image-aio:
-	@echo "⇒ Build aio docker image "
+	@echo "⇒ Build aio docker image"
 	@docker build \
 		--rm \
 		--build-arg FROSTFS_HUB_IMAGE=$(FROSTFS_HUB_IMAGE) \
@@ -39,17 +42,25 @@ image-aio:
 		-f Dockerfile \
 		-t $(AIO_IMAGE):$(AIO_VERSION) .
 
+# Build aio Docker image from all local pre-built binaries
+image-aio-local:
+	@echo "⇒ Build aio docker image from all local pre-built binaries"
+	@docker build \
+		--rm \
+		-f Dockerfile.local \
+		-t $(AIO_IMAGE):$(AIO_VERSION) .
+
 # Start AIO
 up:
-	@$(COMPOSE_CMD)
+	@$(COMPOSE_CMD_UP)
 
 # Stop AIO
 down:
-	@docker-compose down
+	@$(COMPOSE_CMD_DOWN)
 
 # Clean up
 clean:
-	@docker volume rm frostfs-aio_data
+	@$(COMPOSE_CMD_DOWN) --volumes
 
 # Generate S3 credentials
 s3cred:
@@ -58,8 +69,17 @@ s3cred:
 		--peer localhost:8080 \
 		--gate-public-key $(S3_GATE_PUBLIC_KEY) \
 		--container-placement-policy "REP 1" \
-		--bearer-rules $(S3_BEARER_RULES) 
-                
+		--bearer-rules $(S3_BEARER_RULES)
+
+# Generate S3 credentials based on imported wallets
+s3cred-custom:
+	@docker exec aio /usr/bin/frostfs-s3-authmate issue-secret \
+		--wallet /wallets/$(wallet) \
+		--peer localhost:8080 \
+		--gate-public-key $(S3_GATE_PUBLIC_KEY) \
+		--container-placement-policy "REP 1" \
+		--bearer-rules $(S3_BEARER_RULES)
+
 # Tick new epoch in side chain
 tick.epoch:
 	@docker exec aio /usr/bin/frostfs-adm --config /config/frostfs-adm.yml morph force-new-epoch

README.md

@@ -96,12 +96,34 @@ Waiting for transactions to persist...
 
 # Build images
 
-Build frostfs-aio image locally with this command.
+## Standard image
+
+Build frostfs-aio image with this command.
 
 ``` sh
 $ make image-aio
 ```
 
+## Image with local binaries
+
+Put all the needed pre-built binaries to the `frostfs-aio/bin/`:
+
+- neo-go
+- frostfs-adm
+- frostfs-cli
+- frostfs-ir
+- frostfs-node
+- frostfs-s3-gw
+- frostfs-s3-authmate
+- frostfs-http-gw
+
+Make sure they all have the `x` right for the execution enabled.
+Build frostfs-aio image using pre-built local binaries for all the services.
+
+``` sh
+$ make image-aio-local
+```
+
 
 # Simple storage
 
@@ -169,6 +191,25 @@ $ aws s3api --endpoint http://localhost:8084 list-objects --bucket koty
 }
 ```
 
+### S3 credentials from custom wallets
+
+Credentials made by `make s3cred` command are based on the private key from 
+`s3-gw/user-wallet.json` file. If you need to create credential for different
+users, use wallets from `wallets` dir.
+
+```sh
+$ make s3cred-custom wallet=wallet2.json
+{
+  "access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
+  "secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
+  "owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
+  "wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
+  "container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
+}
+```
+
+To get credentials from custom wallet, place it in `wallets` dir before start.
+Make sure that wallet account has empty password.
 
 ## frostfs-cli interface
 

bin/init-aio.sh

@@ -14,7 +14,7 @@ die() {
 runBlockchain() {
   stage "Starting the blockchain"
 
-  /usr/bin/privnet-entrypoint.sh node --config-path /config --privnet &
+  /usr/bin/neo-go node --config-path /config --privnet &
 
   while [[ "$(curl -s -o /dev/null -w %{http_code} localhost:30333)" != "422" ]];
   do

docker-compose.yml

@@ -17,6 +17,7 @@ services:
       timeout: 2s
     volumes:
       - data:/data
+      - ./wallets:/wallets
     ports:
       - "8081:8081"   # HTTP Gateway
       - "30333:30333" # RPC

sn/config.yaml

@@ -22,7 +22,7 @@ grpc:
   0:
     endpoint: 0.0.0.0:8080
     tls:
-      enables: false
+      enabled: false
 
 logger:
   level: debug

wallets/wallet1.json

@@ -0,0 +1 @@
+{"version":"1.0","accounts":[{"address":"NhCHDEtGgSph1v6PmjFC1gtzJWNKtNSadk","key":"6PYQVTyo4PHBvegpRzSCNijGw6Zj2qN4wLVxTj5CM8nvsoYxkzBHqPzjzq","label":"wallet1","contract":{"script":"DCEDsJuqv/P2EHx+msuHIab8VhjUW1AkejFNguVIcCzOjNVBVuezJw==","parameters":[{"name":"parameter0","type":"Signature"}],"deployed":false},"lock":false,"isDefault":false}],"scrypt":{"n":16384,"r":8,"p":8},"extra":{"Tokens":null}}

wallets/wallet2.json

@@ -0,0 +1 @@
+{"version":"1.0","accounts":[{"address":"NivQRezLwGP8xFPr87DD5XaYGUKK3BMsTa","key":"6PYWJrGbrRmY9eTagWhNaucN2PfuPmi1G3QStUwNX8uAtCjTs6UYj1V1J9","label":"wallet2","contract":{"script":"DCED44dZlzprtyK6q8LdhANqOfCy9T0y/sRaTazeilD+S3BBVuezJw==","parameters":[{"name":"parameter0","type":"Signature"}],"deployed":false},"lock":false,"isDefault":false}],"scrypt":{"n":16384,"r":8,"p":8},"extra":{"Tokens":null}}

wallets/wallet3.json

@@ -0,0 +1 @@
+{"version":"1.0","accounts":[{"address":"NR8qvrREk1eCeQJce9zBaDyPE3PHGZfT6t","key":"6PYWLJ3VAUcE8xLPnCbMp561b411u6qWoErdkx3hJugFZXrSckH9wTKRhe","label":"wallet3","contract":{"script":"DCECPwTRyxo1hHzMtjFAr5qmm8+WMm6X1qnlLX2lRkoSY+1BVuezJw==","parameters":[{"name":"parameter0","type":"Signature"}],"deployed":false},"lock":false,"isDefault":false}],"scrypt":{"n":16384,"r":8,"p":8},"extra":{"Tokens":null}}