[#85] Add s3 lifecycler

Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>

.basic_services

@@ -1,5 +1,4 @@
 # Services start/stop order
 # Will start from top to bottom and stop in reverse
-nats
 ir
 storage

.bootstrap_services

@@ -4,3 +4,4 @@ basenet
 morph_chain
 jaeger
 prometheus
+grafana

.dockerignore

@@ -1,5 +1,6 @@
 .docker
 .github
+.forgejo
 vendor
 tmp
 .secrets

.env

@@ -8,23 +8,19 @@ BASTION_VERSION=10
 BASTION_IMAGE=debian
 
 # NeoGo privnet
-NEOGO_VERSION=0.101.1
+NEOGO_VERSION=0.104.0
 NEOGO_IMAGE=nspccdev/neo-go
 
 # FrostFS InnerRing nodes
-IR_VERSION=eca5c210
-IR_IMAGE=truecloudlab/frostfs-ir
+IR_VERSION=0.42.9
+IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
 
 # FrostFS Storage nodes
-NODE_VERSION=eca5c210
-NODE_IMAGE=truecloudlab/frostfs-storage
-
-# NATS Server
-NATS_VERSION=2.7.2
-NATS_IMAGE=nats
+NODE_VERSION=0.42.9
+NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
 
 # HTTP Gate
-HTTP_GW_VERSION=6abd500b
+HTTP_GW_VERSION=0.30.2
 HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
 
 # REST Gate
@@ -32,25 +28,29 @@ REST_GW_VERSION=c9c85e90
 REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
 
 # S3 Gate
-S3_GW_VERSION=000d9ed4
+S3_GW_VERSION=0.31.0-rc.4
 S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
 
+# Lifecycler
+S3_LIFECYCLER_VERSION=0.1.3
+S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
+
 # FrostFS LOCODE database
-LOCODE_DB_URL=https://github.com/nspcc-dev/neofs-locode-db/releases/download/v0.3.0/locode_db.gz
+LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
 #LOCODE_DB_PATH=/path/to/locode_db
 
 # FrostFS CLI binary
-FROSTFS_CLI_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/BbngJDdRJEDJTJk7qptq3SxKqrJqtvVYWU6R5AaFGbtG
+FROSTFS_CLI_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-cli
 #FROSTFS_CLI_PATH=/path/to/frostfs-cli-binary
 
 # FrostFS ADM tool binary
-FROSTFS_ADM_VERSION=eca5c210
-FROSTFS_ADM_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/2GxarAjGUb3RevxvqFGYT3hDQxNNaHzK6aFxhJCAMehq
+FROSTFS_ADM_VERSION=498f9955ea
+FROSTFS_ADM_URL=https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v${NODE_VERSION}/frostfs-adm
 #FROSTFS_ADM_PATH=/path/to/frostfs-adm-binary
 
 # Compiled FrostFS Smart Contracts
-FROSTFS_CONTRACTS_VERSION=8537293e
-FROSTFS_CONTRACTS_URL=https://http.t5.fs.neo.org/7sm9csjtRLpr4c9QD55q9JJM73v79ohuAhTzP4fYRHFz/6ccZoj4HxoN1G1qvJAX2Qw9p2D6qdyzAjNMaNkEKYQpA
+FROSTFS_CONTRACTS_VERSION=694daebb19
+FROSTFS_CONTRACTS_URL=https://git.frostfs.info/TrueCloudLab/frostfs-contract/releases/download/v0.19.2/frostfs-contract-v0.19.2.tar.gz
 #FROSTFS_CONTRACTS_PATH=/path/to/unpacked/frostfs-contracts-dir
 
 # Jaeger tracing
@@ -60,3 +60,11 @@ JAEGER_IMAGE=jaegertracing/all-in-one
 # Prometheus monitoring
 PROMETHEUS_VERSION=v2.43.0
 PROMETHEUS_IMAGE=prom/prometheus
+
+# Grafana versions
+GRAFANA_VERSION=9.5.6
+GRAFANA_IMAGE=grafana/grafana
+
+# Loki versions
+LOKI_VERSION=2.9.1
+LOKI_IMAGE=grafana/loki

.forgejo/workflows/dco.yml

@@ -0,0 +1,21 @@
+name: DCO action
+on: [pull_request]
+
+jobs:
+  dco:
+    name: DCO
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: '1.21'
+
+      - name: Run commit format checker
+        uses: https://git.frostfs.info/TrueCloudLab/dco-go@v2
+        with:
+          from: 'origin/${{ github.event.pull_request.base.ref }}'

.gitattributes

@@ -0,0 +1 @@
+/services/grafana/provisioning/dashboards/* -diff -merge

.github/workflows/dco.yml

@@ -1,21 +0,0 @@
-name: DCO check
-
-on:
-  pull_request:
-    branches:
-      - master
-
-jobs:
-  commits_check_job:
-    runs-on: ubuntu-latest
-    name: Commits Check
-    steps:
-    - name: Get PR Commits
-      id: 'get-pr-commits'
-      uses: tim-actions/get-pr-commits@master
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-    - name: DCO Check
-      uses: tim-actions/dco@master
-      with:
-        commits: ${{ steps.get-pr-commits.outputs.commits }}

.gitignore

@@ -15,4 +15,3 @@ sites/*
 # Runtime generation keys
 services/storage/*tls.crt
 services/storage/*tls.key
-services/nats/*.pem

.services

@@ -3,3 +3,4 @@
 http_gate
 s3_gate
 rest_gate
+s3_lifecycler

CONTRIBUTING.md

@@ -3,8 +3,8 @@
 First, thank you for contributing! We love and encourage pull requests from
 everyone. Please follow the guidelines:
 
-- Check the open [issues](https://github.com/TrueCloudLab/frostfs-dev-env/issues) and
-  [pull requests](https://github.com/TrueCloudLab/frostfs-dev-env/pulls) for existing
+- Check the open [issues](https://git.frostfs.info/TrueCloudLab/frostfs-dev-env/issues) and
+  [pull requests](https://git.frostfs.info/TrueCloudLab/frostfs-dev-env/pulls) for existing
   discussions.
 
 - Open an issue first, to discuss a new feature or enhancement.
@@ -25,19 +25,19 @@ Start by forking the `frostfs-dev-env` repository, make changes in a branch and
 send a pull request. We encourage pull requests to discuss code changes. Here
 are the steps in details:
 
-### Set up your GitHub Repository
-Fork [FrostFS node upstream](https://github.com/TrueCloudLab/frostfs-dev-env/fork) source
+### Set up your git repository
+Fork [FrostFS node upstream](https://git.frostfs.info/repo/fork/24) source
 repository to your own personal repository. Copy the URL of your fork (you will
 need it for the `git clone` command below).
 
 ```sh
-$ git clone https://github.com/TrueCloudLab/frostfs-dev-env
+$ git clone https://git.frostfs.info/<username>/frostfs-dev-env.git
 ```
 
 ### Set up git remote as ``upstream``
 ```sh
 $ cd frostfs-dev-env
-$ git remote add upstream https://github.com/TrueCloudLab/frostfs-dev-env
+$ git remote add upstream https://git.frostfs.info/TrueCloudLab/frostfs-dev-env.git
 $ git fetch upstream
 $ git merge upstream/master
 ...
@@ -55,8 +55,7 @@ $ git checkout -b feature/123-something_awesome
 ### Test your changes
 After your code changes, make sure
 
-- To add test cases for the new code.
-- To run `make lint`
+- To run `make up` to check dev-env is not broken.
 - To squash your commits into a single commit or a series of logically separated
   commits run `git rebase -i`. It's okay to force update your pull request.
 
@@ -86,8 +85,8 @@ $ git push origin feature/123-something_awesome
 ```
 
 ### Create a Pull Request
-Pull requests can be created via GitHub. Refer to [this
-document](https://help.github.com/articles/creating-a-pull-request/) for
+Pull requests can be created via Forgejo. Refer to [this
+document](https://docs.codeberg.org/collaborating/pull-requests-and-git-flow/) for
 detailed steps on how to create a pull request. After a Pull Request gets peer
 reviewed and approved, it will be merged.
 

Makefile

@@ -60,6 +60,7 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
 .PHONY: up
 up: up/basic
 	@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
+	./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
 	@echo "Full FrostFS Developer Environment is ready"
 
 # Build up FrostFS
@@ -76,12 +77,25 @@ up/bootstrap: get vendor/hosts
 	@$(foreach SVC, $(START_BOOTSTRAP), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
 	@source ./bin/helper.sh
 	@./vendor/frostfs-adm --config frostfs-adm.yml morph init --contracts vendor/contracts
+	echo "Set rule chain to policy contract" 
+	@./vendor/frostfs-adm --config frostfs-adm.yml morph \
+		ape add-rule-chain --target-type namespace --target-name "" \
+		--rule 'allow Container.* *' --chain-id "allow_container_ops"
 	@for f in ./services/storage/wallet*.json; do \
 		echo "Transfer GAS to wallet $${f}" \
 		&& ./vendor/frostfs-adm -c frostfs-adm.yml morph refill-gas --storage-wallet $${f} --gas 10.0 \
 		|| die "Failed to transfer GAS to alphabet wallets"; \
 		done
-	@echo "FrostFS sidechain environment is deployed"
+	@echo "Create frostfsid subject for ./wallets/wallet.json"; \
+	if [ -n "$$(./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid list-subjects --namespace '')" ]; then \
+		echo "Subject already exists"; \
+	else \
+		subj_key=`docker container exec -it morph_chain neo-go wallet dump-keys -w /wallets/wallet.json | tail -1 | tr -d ' \r\n'` \
+		&& echo "Subject key: $${subj_key}" \
+		&& ./vendor/frostfs-adm -c frostfs-adm.yml morph frostfsid create-subject --namespace "" --subject-key $${subj_key} --subject-name walletsubject \
+		|| die "Failed to create subject for the wallet"; \
+	fi
+	echo "FrostFS sidechain environment is deployed"
 
 # Build up certain service
 .PHONY: up/%
@@ -136,7 +150,7 @@ hosts: vendor/hosts
 .PHONY: clean
 .ONESHELL:
 clean:
-	@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
+	@rm -rf vendor/* services/storage/s04tls.*
 	@> .int_test.env
 	@for svc in $(PULL_SVCS)
 	do

README.md

@@ -27,7 +27,7 @@ Make sure you have installed all of the following prerequisites on your machine:
 Clone repo: 
 
 ```
-$ git clone https://github.com/TrueCloudLab/frostfs-dev-env.git
+$ git clone https://git.frostfs.info/TrueCloudLab/frostfs-dev-env.git
 ```
 
 Run next commands from project's root:
@@ -71,12 +71,7 @@ password of inner ring wallet is `one`. See examples in `make help`.
 
 ```
 $ make update.epoch_duration val=30
-Changing EpochDuration configration value to 30
-Enter account NNudMSGzEoktFzdYGYoNb3bzHzbmM1genF password > 
-Sent invocation transaction dbb8c1145b6d10f150135630e13bb0dc282023163f5956c6945a60db0cb45cb0
-Updating FrostFS epoch to 2
-Enter account NNudMSGzEoktFzdYGYoNb3bzHzbmM1genF password > 
-Sent invocation transaction 0e6eb5e190f36332e5e5f4e866c7e100826e285fd949e11c085e15224f343ba6
+Waiting for transactions to persist...
 ```
 
 For instructions on how to set up DevEnv on macOS, please refer [the
@@ -112,7 +107,7 @@ Maybe you will find the answer for your question in [F.A.Q.](docs/faq.md)
 
 ## Using FrostFS Admin Tool in `dev-env`
 
-Devenv supports FrostFS network management via [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/tree/master/cmd/frostfs-adm).
+Devenv supports FrostFS network management via [frostfs-adm](https://git.frostfs.info/TrueCloudLab/frostfs-node/src/branch/master/cmd/frostfs-adm).
 `services/ir` contains the Alphabet wallet in a proper format, specify it
 with `--alphabet-wallets` flag.
 
@@ -142,6 +137,65 @@ Display addresses and host names for each running service, if available.
 
 Clean up `vendor` directory.
 
+### s3cred
+
+Registers user wallet and issues s3 credentials.
+
+Usage and default parameter values:
+```sh
+make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
+```
+
+As soon as the storage node is in the network map (see above) you can generate S3
+credentials:
+
+``` sh
+$ make s3cred
+{
+  "access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
+  "secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
+  "owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
+  "wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
+  "container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
+}                   
+```
+Running without any parameters will result in defaults which are based on the private key from
+`/user-wallet.json` file and `/wallet.json` contract wallet.
+
+Now let's configure an S3 client (AWS CLI will be used as example):
+
+``` sh
+$ aws configure
+AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
+AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
+Default region name []: us-east-1
+Default output format []: json
+```
+
+If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter.
+Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
+
+```sh
+$ make s3cred wallet=custom_wallet.json password=test
+{
+  "access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
+  "secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
+  "owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
+  "wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
+  "container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
+}
+```
+
+To get credentials from custom wallet, place it in `wallets` dir before start.
+
+### cred
+
+Usage and default parameter values:
+```sh
+make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
+```
+The same as `s3cred`, but it doesn't issues s3 credentials.
+
 ## Contributing
 
 Feel free to contribute to this project after reading the [contributing

configs/s01-cli.yml

@@ -0,0 +1,4 @@
+wallet: services/storage/wallet01.json
+password: ""
+rpc-endpoint: s01.frostfs.devenv:8080
+endpoint: s01.frostfs.devenv:8081

configs/s02-cli.yml

@@ -0,0 +1,4 @@
+wallet: services/storage/wallet02.json
+password: ""
+rpc-endpoint: s02.frostfs.devenv:8080
+endpoint: s02.frostfs.devenv:8081

configs/s03-cli.yml

@@ -0,0 +1,4 @@
+wallet: services/storage/wallet03.json
+password: ""
+rpc-endpoint: s03.frostfs.devenv:8080
+endpoint: s03.frostfs.devenv:8081

configs/s04-cli.yml

@@ -0,0 +1,4 @@
+wallet: services/storage/wallet04.json
+password: ""
+rpc-endpoint: s04.frostfs.devenv:8080
+endpoint: s04.frostfs.devenv:8081

docs/http_gate.md

@@ -2,7 +2,7 @@
 
 Protocol Gateway to access data in FrostFS using HTTP protocol.
 
-Source code and more information can be found in [project's GitHub repository](https://github.com/TrueCloudLab/frostfs-http-gate)
+Source code and more information can be found in [project's repository](https://git.frostfs.info/TrueCloudLab/frostfs-http-gw)
 
 ## .env settings
 
@@ -22,8 +22,8 @@ Image label prefix to use for containers.
 - Create a new container
 ```
 $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
-            --key wallets/wallet.key \
-            container create --basic-acl readonly --await \
+            --wallet wallets/wallet.key \
+            container create --basic-acl private --await \
             --policy "REP 1 SELECT 1 FROM *"
 container ID: 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
 awaiting...
@@ -33,7 +33,7 @@ container has been persisted on sidechain
 - Put an object into the newly created container
 ```
 $ frostfs-cli --rpc-endpoint s01.frostfs.devenv:8080 \
-            --key wallets/wallet.key \
+            --wallet wallets/wallet.key \
             object put --file /tmp/backup.jpeg \
             --cid 4LfREK1cetL4PUji5fqj9SgRTSmaC5jExEDK9HKCDjdP
 [/tmp/backup.jpeg] Object successfully stored

docs/morph.md

@@ -3,52 +3,23 @@ A single-node N3 privnet deployment, running on
 [neo-go](https://github.com/nspcc-dev/neo-go). Represents N3 FrostFS SideChain.
 
 Contracts deployed:
-- Alphabet (AZ) [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/alphabet)
-- Audit [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/audit)
-- Balance [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/balance)
-- Container [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/container)
-- Netmap [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/netmap)
-- NeoFSID [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/neofsid)
-- Proxy [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/proxy)
-- Reputation [contract](https://github.com/TrueCloudLab/frostfs-contract/tree/master/reputation)
+- Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet)
+- Audit [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/audit)
+- Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance)
+- Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container)
+- Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap)
+- NeoFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/neofsid)
+- Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy)
+- Reputation [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/reputation)
  
 RPC available at `http://morph-chain.frostfs.devenv:30333`.
 
 ## .env settings
 
-### MORPH_CHAIN_URL
-
-URL to get side chain dump. Used on artifact get stage.
-
-### MORPH_CHAIN_PATH
-
-Path to get side chain dump. If set, overrides `CHAIN_URL`.
-
 ### NEOGO_VERSION
 
 Version of neo-go docker container for side chain deployment.
 
-## Side chain wallets
-
-There is a wallet with GAS that used for contract deployment:
-`wallets/wallet.json`. This wallet has one account with **empty password**.
-
-```
-$ neo-go wallet nep17 balance \
-    -w wallets/wallet.json \
-    -r http://morph-chain.frostfs.devenv:30333
-
-Account NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
-GAS: GasToken (d2a4cff31913016155e38e474a2c06d08be276cf)
-        Amount : 189826.0515316
-        Updated: 3909
-FROSTFS: FrostFS Balance (69550190e740b93f92dbd5dea52246f550391057)
-        Amount : 50
-        Updated: 3909
-```
-
-This way you can also monitor FrostFS internal balance of your account.
-
 ## FrostFS global config
 
 FrostFS uses global configuration to store epoch duration, maximum object size, 
@@ -57,16 +28,10 @@ netmap contract and managed by Inner Ring (Alphabet) nodes.
 
 To change these parameters use `make update.*` commands. Command down below
 changes epoch duration from 300 blocks (about 300 seconds with 1bps) to 30.
-Script enters passwords automatically with `expect` utility.
 
 ```
 $ make update.epoch_duration val=30
-Changing EpochDuration configration value to 30
-Enter account NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP password > 
-Sent invocation transaction bdc0fa88cd6719ef6df2b9c82de423ddec6141ca24255c2d0072688083b1de9d
-Updating FrostFS epoch to 20
-Enter account NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP password > 
-Sent invocation transaction 12296e1ce24dd6c04edb9c56d0a1d0e26d3226adefb0333c74a28788f44a8d0f
+Waiting for transactions to persist...
 ```
 
 Read more about available configuration in Makefile help.
@@ -76,10 +41,14 @@ $ make help
   ...
   Targets:
   ...
-    update.audit_fee                Update audit fee per result in fixed 12 (make update.audit_fee val=100)
-    update.basic_income_rate        Update basic income rate in fixed 12 (make update.basic_income_rate val=1000)
-    update.container_fee            Update container fee per alphabet node in fixed 12 (make update.container_fee val=500)
-    update.eigen_trust_iterations   Update amount of EigenTrust iterations (make update.eigen_trust_iterations val=2)
-    update.epoch_duration           Update epoch duration in side chain blocks (make update.epoch_duration val=30)
-    update.max_object_size          Update max object size in bytes (make update.max_object_size val=1000)
+    update.audit_fee                     Update audit fee per result in fixed 12 (make update.audit_fee val=100)
+    update.basic_income_rate             Update basic income rate in fixed 12 (make update.basic_income_rate val=1000)
+    update.container_alias_fee           Update container alias fee per alphabet node in fixed 12 (make update.container_alias_fee val=100)
+    update.container_fee                 Update container fee per alphabet node in fixed 12 (make update.container_fee val=500)
+    update.eigen_trust_alpha             Update alpha parameter of EigenTrust algorithm in 0 <= f <= 1.0 (make update.eigen_trust_alpha val=0.2)
+    update.eigen_trust_iterations        Update amount of EigenTrust iterations (make update.eigen_trust_iterations val=2)
+    update.epoch_duration                Update epoch duration in side chain blocks (make update.epoch_duration val=30)
+    update.homomorphic_hashing_disable   Update homomorphic hashing disabled flag (make update.homomorphic_hashing_disable val=true)
+    update.max_object_size               Update max object size in bytes (make update.max_object_size val=1000)
+    update.system_dns                    Update system dns to resolve container names (make update.system_dns val=container)
 ```

docs/notary.md

@@ -7,66 +7,12 @@ create containers, approve balance changes, update network map, tick epochs,
 etc. With notary service, it takes up to seven times fewer transactions 
 to do these operations. Notary service calculates the exact amount of GAS 
 to execute transaction, therefore operations are cheaper (withdraw fee **with**
-notary is less than 0.5 GAS; withdraw fee **without** notary is up to 7.0 GAS). 
+notary is less than 0.5 GAS; withdraw fee **without** notary is up to 7.0 GAS).
 
-By default, main chain service is running without notary service, and side chain
-running with notary service. However, you can change that in configuration.
+Currently, frostfs-dev-env contains single chain (see morph service) and it
+enables notary service from the genesis block.
 
-# Disable notary service in side chain
-
-To disable notary service in side chain do these steps.
-
-1. Update `.env` and choose notary disabled chain dump for side chain.
-
-```
-MORPH_CHAIN_URL="https://github.com/nspcc-dev/neofs-contract/releases/download/v0.9.0/devenv_sidechain_notary_disabled.gz"
-```
-
-Make sure to update chain dump files with `make get` target.
-
-2. Update `service/morph_chain/protocol.privnet.yml` and disable notary settings
-and state root in header.
-   
-```yaml
-ProtocolConfiguration:
-  StateRootInHeader: false
-  P2PSigExtensions: false
-ApplicationConfiguration:
-  P2PNotary:
-    Enabled: false
-```
-
-Chain dump without notary service does not have predefined network map.
-Therefore, you need to wait about 5 minutes until new epoch tick with updated
-network map.
-
-
-3. Enable helper commands
-
-To enable helper commands such as `make tick.epoch` or `make update.epoch_duration`
-make sure to export non-empty `FROSTFS_NOTARY_DISABLED` environment variable. 
-```
-$ export FROSTFS_NOTARY_DISABLED=1
-```
-
-Use `unset` command to return it back.
-```
-$ unset FROSTFS_NOTARY_DISABLED
-```
-
-# Enable notary service in main chain
-
-To enable notary service in main chain do these steps.
-
-1. Update `.env` and choose notary enabled chain dump for main chain.
-
-```
-CHAIN_URL="https://github.com/nspcc-dev/neofs-contract/releases/download/v0.9.0/devenv_mainchain.gz"
-```
-
-Make sure to update chain dump files with `make get` target.
-
-2. Update `service/chain/protocol.privnet.yml` and enable notary settings.
+To enable notary service, use neo-go configuration below.
 
 ```yaml
 ProtocolConfiguration:
@@ -75,7 +21,3 @@ ApplicationConfiguration:
   P2PNotary:
     Enabled: true
 ```
-
-Main chain generates a block once per 15 seconds, so Inner Ring takes about 
-15-30 seconds to make a notary deposit in main chain after startup. Then 
-frostfs-dev-env is ready to work.

docs/rest_gate.md

@@ -2,7 +2,7 @@
 
 REST Gateway to access data in FrostFS using REST.
 
-Source code and more information can be found in [project's GitHub repository](https://github.com/TrueCloudLab/frostfs-rest-gw)
+Source code and more information can be found in [project's repository](https://git.frostfs.info/TrueCloudLab/frostfs-rest-gw)
 
 ## .env settings
 

docs/s3_gate.md

@@ -2,7 +2,7 @@
 
 Protocol Gateway to access data in FrostFS using AWS S3 protocol
 
-Source code and more information can be found in [project's GitHub repository](https://github.com/TrueCloudLab/frostfs-s3-gw)
+Source code and more information can be found in [project's repository](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw)
 
 ## .env settings
 

frostfs-adm.yml

@@ -5,6 +5,7 @@ network:
   epoch_duration: 240
   basic_income_rate: 100000000
   homomorphic_hash_disabled: false
+  maintenance_mode_allowed: true
   fee:
     audit: 10000
     candidate: 10000000000

services/basenet/docker-compose.yml

@@ -1,6 +1,5 @@
 ---
 
-version: "2.4"
 services:
 
   basenet:

services/grafana/.hosts

@@ -0,0 +1,2 @@
+IPV4_PREFIX.122 grafana.LOCAL_DOMAIN
+IPV4_PREFIX.123 loki.LOCAL_DOMAIN

services/grafana/docker-compose.yml

@@ -0,0 +1,31 @@
+services:
+  grafana:
+    image: ${GRAFANA_IMAGE}:${GRAFANA_VERSION}
+    domainname: ${LOCAL_DOMAIN}
+    hostname: grafana
+    container_name: grafana
+    restart: on-failure
+    networks:
+      grafana_int:
+      internet:
+        ipv4_address: ${IPV4_PREFIX}.122
+    volumes:
+      - ./../../vendor/hosts:/etc/hosts
+      - ./grafana.ini:/etc/grafana/grafana.ini
+      - ./provisioning:/etc/grafana/provisioning
+    stop_signal: SIGKILL
+    env_file: [ ".env", ".int_test.env" ]
+
+  loki:
+    image: ${LOKI_IMAGE}:${LOKI_VERSION}
+    command: -config.file=/etc/loki/local-config.yaml
+    networks:
+      grafana_int:
+      internet:
+        ipv4_address: ${IPV4_PREFIX}.123
+
+networks:
+  grafana_int:
+  internet:
+    external: true
+    name: basenet_internet

services/grafana/grafana.ini

@@ -0,0 +1,7 @@
+[auth.anonymous]
+enabled = true
+org_name = Main Org.
+org_role = Editor
+
+[dashboards]
+default_home_dashboard_path= /etc/grafana/provisioning/dashboards/overview.json

services/grafana/provisioning/datasources/datasource.yml

@@ -0,0 +1,13 @@
+apiVersion: 1
+
+datasources:
+- name: Prometheus
+  type: prometheus
+  access: proxy
+  orgId: 1
+  url: http://prometheus:9090
+- name: Loki
+  type: loki
+  access: proxy
+  orgId: 1
+  url: http://loki:3100

services/http_gate/docker-compose.yml

@@ -1,6 +1,5 @@
 ---
 
-version: "2.4"
 services:
   http_gate:
     image: ${HTTP_GW_IMAGE}:${HTTP_GW_VERSION}
@@ -21,6 +20,7 @@ services:
     command: [ "frostfs-http-gw", "--config", "/etc/frostfs/http/config.yml" ]
     environment:
       - HTTP_GW_RPC_ENDPOINT=http://morph-chain.${LOCAL_DOMAIN}:30333
+      - HTTP_GW_TREE_SERVICE=s01.${LOCAL_DOMAIN}:8080
       - HTTP_GW_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
       - HTTP_GW_PEERS_0_WEIGHT=0.2
       - HTTP_GW_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080

services/ir/.ir.env

@@ -1,3 +1 @@
-FROSTFS_IR_CONTRACTS_FROSTFSID=27407c76feabc407908f3d09a3d845d45e7c981a
-
 FROSTFS_IR_CONTROL_GRPC_ENDPOINT=127.0.0.1:16512

services/ir/artifacts.mk

@@ -25,7 +25,6 @@ endif
 # Download FrostFS CLI 
 .ONESHELL:
 get.cli: FROSTFS_CLI_FILE=./vendor/frostfs-cli
-get.cli: FROSTFS_CLI_ARCHIVE_FILE=${FROSTFS_CLI_FILE}.tar.gz
 get.cli: FROSTFS_CLI_PATH?=
 get.cli:
 	@mkdir -p ./vendor
@@ -34,10 +33,8 @@ ifeq (${FROSTFS_CLI_PATH},)
 	@echo "⇒ Download FrostFS CLI binary from ${FROSTFS_CLI_URL}"
 	@curl \
 		-ksSL "${FROSTFS_CLI_URL}" \
-		-o ${FROSTFS_CLI_ARCHIVE_FILE} 
-	@tar -xvf ${FROSTFS_CLI_ARCHIVE_FILE} -C ./vendor | xargs -I {} \
-		mv ./vendor/{} ${FROSTFS_CLI_FILE}
-	@rm ${FROSTFS_CLI_ARCHIVE_FILE}
+		-o ${FROSTFS_CLI_FILE} 
+	@chmod +x ${FROSTFS_CLI_FILE}
 else
 	@echo "⇒ Copy local binary from ${FROSTFS_CLI_PATH}"
 	@cp ${FROSTFS_CLI_PATH} ${FROSTFS_CLI_FILE}

services/ir/docker-compose.yml

@@ -1,6 +1,5 @@
 ---
 
-version: "2.4"
 services:
 
   ir01:
@@ -13,19 +12,19 @@ services:
       ir_int:
       internet:
         ipv4_address: ${IPV4_PREFIX}.61
-    stop_signal: SIGKILL
+    stop_signal: SIGTERM
+    stop_grace_period: 15s
     volumes:
       - ./az.json:/wallet.json
       - ./az.key:/wallet01.key
       - ./../../vendor/hosts:/etc/hosts
       - ./../../vendor/locode_db:/locode/db
       - ./../../vendor/frostfs-cli:/frostfs-cli
-      - ./healthcheck.sh:/healthcheck.sh
       - ./cfg:/etc/frostfs/ir
     env_file: [ ".env", ".ir.env", ".int_test.env" ]
     command: [ "frostfs-ir", "--config", "/etc/frostfs/ir/config.yml" ]
     healthcheck:
-      test: ["CMD-SHELL", "/healthcheck.sh"]
+      test: ["CMD-SHELL", "/frostfs-cli control ir healthcheck -q --wallet /wallet01.key  --endpoint \"$$FROSTFS_IR_CONTROL_GRPC_ENDPOINT\""]
       interval: 2s
       timeout: 1s
       retries: 5

services/ir/healthcheck.sh

@@ -1,6 +0,0 @@
-#!/bin/sh
-
-/frostfs-cli control healthcheck \
-	--endpoint "$FROSTFS_IR_CONTROL_GRPC_ENDPOINT" \
-	--wallet /wallet01.key --ir |
-	grep "Health status: READY"

services/jaeger/docker-compose.yml

@@ -1,4 +1,3 @@
-version: '2.4'
 services:
   jaeger:
     image: ${JAEGER_IMAGE}:${JAEGER_VERSION}
@@ -20,7 +19,10 @@ services:
     env_file: [ ".env", ".jaeger.env", ".int_test.env" ]
     environment:
       - COLLECTOR_OTLP_ENABLED=true
-      - MEMORY_MAX_TRACES=100000
+      - SPAN_STORAGE_TYPE=badger
+      - BADGER_EPHEMERAL=false
+      - BADGER_DIRECTORY_VALUE=/badger/data
+      - BADGER_DIRECTORY_KEY=/badger/key
 
 networks:
   jaeger_int:

services/morph_chain/artifacts.mk

@@ -20,15 +20,12 @@ endif
 
 # Download FrostFS ADM tool 
 get.adm: FROSTFS_ADM_DEST=./vendor/frostfs-adm
-get.adm: FROSTFS_ADM_ARCHIVE=frostfs-adm.tar.gz
 get.adm:
 
 ifeq (${FROSTFS_ADM_PATH},)
 	@echo "⇒ Download FrostFS ADM binary from ${FROSTFS_ADM_URL}"
-	@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_ARCHIVE}
-	@tar -xvf ${FROSTFS_ADM_ARCHIVE} -C ./vendor | xargs -I {} \
-		mv ./vendor/{} ${FROSTFS_ADM_DEST}
-	@rm ${FROSTFS_ADM_ARCHIVE}
+	@curl -skSL ${FROSTFS_ADM_URL} -o ${FROSTFS_ADM_DEST}
+	@chmod +x ${FROSTFS_ADM_DEST}
 else
 	@echo "⇒ Copy frostfs-adm binary from ${FROSTFS_ADM_PATH}"
 	@cp ${FROSTFS_ADM_PATH} ${FROSTFS_ADM_DEST}

services/morph_chain/docker-compose.yml

@@ -1,6 +1,5 @@
 ---
 
-version: "2.4"
 services:
   frostfs_morph_chain:
     image: ${NEOGO_IMAGE}:${NEOGO_VERSION}
@@ -20,9 +19,14 @@ services:
     - ./config.yml:/wallets/config.yml
     - ./../../vendor/hosts:/etc/hosts
     - ./../../wallets/wallet.json:/wallets/wallet.json
+    - ./../s3_gate/wallet.json:/wallets/s3-wallet.json
+    - chains:/chains
 
 networks:
   chain_int:
   internet:
     external: true
     name: basenet_internet
+
+volumes:
+  chains:

services/morph_chain/protocol.privnet.yml

@@ -17,7 +17,7 @@ ApplicationConfiguration:
   DBConfiguration:
     Type: "boltdb"
     BoltDBOptions:
-      FilePath: "./db/morph.bolt"
+      FilePath: "/chains/morph.bolt"
   P2P:
     Addresses:
       - ":20333"
@@ -29,9 +29,14 @@ ApplicationConfiguration:
     AttemptConnPeers: 5
     MinPeers: 0
   Relay: true
+  Consensus:
+    Enabled: true
+    UnlockWallet:
+      Path: "./wallets/node-wallet.json"
+      Password: "one"
   RPC:
     Addresses:
-      - "192.168.130.90:30333"
+      - ":30333"
     Enabled: true
     SessionEnabled: true
     EnableCORSWorkaround: false
@@ -49,6 +54,3 @@ ApplicationConfiguration:
     Addresses:
       - ":20011"
     Enabled: true
-  UnlockWallet:
-    Path: "./wallets/node-wallet.json"
-    Password: "one"

services/nats/.hosts

@@ -1 +0,0 @@
-IPV4_PREFIX.101 nats.LOCAL_DOMAIN

services/nats/artifacts.mk

@@ -1,7 +0,0 @@
-# Create new TLS certs for NATS server and clients
-
-NATS_DIR=$(abspath services/nats)
-
-get.nats:
-	@echo "⇒ Creating certs for NATS server and clients"
-	${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null

services/nats/docker-compose.yml

@@ -1,31 +0,0 @@
----
-
-version: "2.4"
-services:
-  nats:
-    image: ${NATS_IMAGE}:${NATS_VERSION}
-    domainname: ${LOCAL_DOMAIN}
-    hostname: nats
-    container_name: nats
-    restart: on-failure
-    dns: 
-      - ${IPV4_PREFIX}.101
-    networks:
-      nats_int:
-      internet:
-        ipv4_address: ${IPV4_PREFIX}.101
-    volumes:
-      - ./../../vendor/hosts:/etc/hosts
-      - ./nats.conf:/etc/nats/frostfs-nats-server.conf
-      - ./server-cert.pem:/certs/server-cert.pem
-      - ./server-key.pem:/certs/server-key.pem
-      - ./ca-cert.pem:/certs/ca-cert.pem
-    stop_signal: SIGKILL
-    env_file: [ ".env", ".int_test.env" ]
-    command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
-
-networks:
-  nats_int:
-  internet:
-    external: true
-    name: basenet_internet

services/nats/generate_cert.sh

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-source bin/helper.sh
-
-WORKDIR=$(dirname "$0")
-LOCAL_DOMAIN=$1
-
-CA_KEY=$WORKDIR/ca-key.pem
-CA_CRT=$WORKDIR/ca-cert.pem
-
-SRV_KEY=$WORKDIR/server-key.pem
-SRV_REQ=$WORKDIR/server-req.csr
-SRV_CRT=$WORKDIR/server-cert.pem
-
-CLI_KEY=$WORKDIR/client-key.pem
-CLI_REQ=$WORKDIR/client-req.csr
-CLI_CRT=$WORKDIR/client-cert.pem
-
-SUBJ="/O=NSPCC"
-
-if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
-	openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
-		die "CA certificate was not created"
-fi
-
-if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
-	openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
-		die "Server certificate was not created"
-
-	openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
- 		-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
-		rm $SRV_REQ
-		die "Server certificate was not signed by CA"
-	}
-
-	rm $SRV_REQ
-fi
-
-if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
-	openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
-		die "Client certificate was not created"
-
-	openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
-		rm $CLI_REQ
-		die "Client certificate was not signed by CA"
-	}
-
-	rm $CLI_REQ
-fi

services/nats/nats.conf

@@ -1,15 +0,0 @@
-port: 4222
-monitor_port: 8222
-
-jetstream {
-   store_dir=nats
-   max_memory_store: 1GB
-   max_file_store: 2GB
-}
-
-tls {
-  cert_file: /certs/server-cert.pem
-  key_file:  /certs/server-key.pem
-  ca_file:   /certs/ca-cert.pem 
-  verify:    true
-}

services/prometheus/docker-compose.yml

@@ -1,4 +1,3 @@
-version: '2.4'
 services:
   prometheus:
     image: ${PROMETHEUS_IMAGE}:${PROMETHEUS_VERSION}
@@ -15,8 +14,6 @@ services:
       - ./prometheus.yml:/etc/prometheus/prometheus.yml
     command:
       - --config.file=/etc/prometheus/prometheus.yml
-    ports:
-      - '9090:9090'
     stop_signal: SIGKILL
     env_file: [ ".env", ".prometheus.env", ".int_test.env" ]
 
@@ -24,4 +21,4 @@ networks:
   prometheus_int:
   internet:
     external: true
-    name: basenet_internet
+    name: basenet_internet

services/prometheus/prometheus.yml

@@ -16,4 +16,7 @@ scrape_configs:
       - targets: ['s3.frostfs.devenv:9090']
   - job_name: 'neo-go'
     static_configs:
-      - targets: ['morph-chain.frostfs.devenv:20001']
+      - targets: ['morph-chain.frostfs.devenv:20001']
+  - job_name: 'inner-ring'
+    static_configs:
+      - targets: ['ir01.frostfs.devenv:9090']

services/rest_gate/docker-compose.yml

@@ -1,6 +1,5 @@
 ---
 
-version: "2.4"
 services:
   rest_gate:
     image: ${REST_GW_IMAGE}:${REST_GW_VERSION}
@@ -16,7 +15,8 @@ services:
       - ./wallet.json:/wallet.json
       - ./../../vendor/hosts:/etc/hosts
       - ./cfg:/etc/frostfs/rest
-    stop_signal: SIGKILL
+    stop_signal: SIGTERM
+    stop_grace_period: 15s
     env_file: [ ".env", ".int_test.env" ]
     command: [ "frostfs-rest-gw", "--config", "/etc/frostfs/rest/config.yml" ]
     environment:

services/s3_gate/cfg/config.yml

@@ -33,3 +33,17 @@ server:
 wallet:
   path: /wallet.json # Path to wallet
   passphrase: "s3" # Passphrase to decrypt wallet
+
+features:
+  md5:
+    enabled: true
+
+control:
+  grpc:
+    endpoint: localhost:16515
+
+frostfsid:
+  enabled: false
+
+policy:
+  enabled: false

services/s3_gate/docker-compose.yml

@@ -1,6 +1,5 @@
 ---
 
-version: "2.4"
 services:
   s3_gate:
     image: ${S3_GW_IMAGE}:${S3_GW_VERSION}
@@ -13,19 +12,26 @@ services:
       internet:
         ipv4_address: ${IPV4_PREFIX}.82
     volumes:
+      # Gate wallet
       - ./wallet.json:/wallet.json
+      # Custom user wallets
+      - ./wallets:/wallets
+      # Default user wallet
+      - ./../../wallets/wallet.json:/wallets/wallet.json
       - ./tls.key:/tls.key
       - ./tls.crt:/tls.crt
       - ./../../vendor/hosts:/etc/hosts
       - ./cfg:/etc/frostfs/s3
-    stop_signal: SIGKILL
+      - ./issue-creds.sh:/usr/bin/issue-creds.sh
+    stop_signal: SIGTERM
+    stop_grace_period: 15s
     env_file: [ ".env", ".s3.env", ".int_test.env" ]
     command: [ "frostfs-s3-gw", "--config", "/etc/frostfs/s3/config.yml" ]
     environment:
       - S3_GW_RPC_ENDPOINT=http://morph-chain.${LOCAL_DOMAIN}:30333
       - S3_GW_SERVER_0_ADDRESS=s3.${LOCAL_DOMAIN}:8080
       - S3_GW_LISTEN_DOMAINS=s3.${LOCAL_DOMAIN}
-      - S3_GW_TREE_SERVICE=s01.${LOCAL_DOMAIN}:8080
+      - S3_GW_TREE_SERVICE=s01.${LOCAL_DOMAIN}:8080 s02.${LOCAL_DOMAIN}:8080 s03.${LOCAL_DOMAIN}:8080 s04.${LOCAL_DOMAIN}:8080
       - S3_GW_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
       - S3_GW_PEERS_0_WEIGHT=0.2
       - S3_GW_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
@@ -34,6 +40,8 @@ services:
       - S3_GW_PEERS_2_WEIGHT=0.2
       - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
       - S3_GW_PEERS_3_WEIGHT=0.2
+      - AUTHMATE_WALLET_PASSPHRASE=
+      - AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
 
 networks:
   s3_gate_int:

services/s3_gate/issue-creds.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+initUser() {
+  /bin/frostfs-s3-authmate register-user \
+    --wallet $WALLET_PATH \
+    --rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
+    --username $USERNAME \
+    --contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
+}
+
+issueCreds() {
+  /bin/frostfs-s3-authmate issue-secret \
+    --wallet $WALLET_PATH \
+    --peer s01.frostfs.devenv:8080 \
+    --gate-public-key $S3_GATE_PUBLIC_KEY \
+    --container-placement-policy "REP 3"
+}
+
+set -e
+
+WALLET_PATH=/wallets/$2
+if [[ -z "$2" ]]; then
+  WALLET_PATH=/wallets/wallet.json
+fi
+
+S3_GATE_PUBLIC_KEY=$3
+if [[ -z "$3" ]]; then
+  S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
+fi 
+
+WALLET_CACHE=/data/wallets
+mkdir -p $WALLET_CACHE
+
+USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
+if [ ! -e $WALLET_CACHE/$USERNAME ]; then
+  initUser
+fi
+
+if [ $1 == "s3" ]; then
+  issueCreds
+fi

services/s3_gate/prepare.mk

@@ -0,0 +1,14 @@
+.PHONY: s3cred register
+
+password?=
+contract_password?=s3
+gate_public_key?=
+wallet?=
+
+# Register wallet & generate S3 credentials
+s3cred:
+	@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
+
+# Only registers user wallet
+register:
+	@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"

services/s3_lifecycler/.env

@@ -0,0 +1 @@
+../../.env

services/s3_lifecycler/.hosts

@@ -0,0 +1 @@
+IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN

services/s3_lifecycler/.int_test.env

@@ -0,0 +1 @@
+../../.int_test.env

services/s3_lifecycler/cfg/config.yml

@@ -0,0 +1,42 @@
+logger:
+  level: debug
+
+prometheus:
+  enabled: true
+  address: :9090
+  
+lifecycle:
+  job_fetcher_buffer: 1000
+  executor_pool_size: 100  
+
+frostfs:
+  stream_timeout: 10s
+  connect_timeout: 10s
+  healthcheck_timeout: 15s
+  rebalance_interval: 60s
+  pool_error_threshold: 100
+  tree_pool_max_attempts: 4
+
+credential:
+  use: wallets
+  source:
+    wallets:
+      - path: /wallet.json
+        address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
+        passphrase: "cycle"
+      - path: /user-wallet.json
+        address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
+        passphrase: ""
+        
+morph:
+  reconnect_clients_interval: 30s
+  dial_timeout: 5s
+  contract:
+    netmap: netmap.frostfs
+    frostfsid: frostfsid.frostfs
+    container: container.frostfs
+
+# Wallet configuration
+wallet:
+  path: /wallet.json # Path to wallet
+  passphrase: "cycle" # Passphrase to decrypt wallet

services/s3_lifecycler/docker-compose.yml

@@ -0,0 +1,38 @@
+---
+
+version: "2.4"
+services:
+  s3_lifecycler:
+    image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
+    domainname: ${LOCAL_DOMAIN}
+    hostname: s3_lifecycler
+    container_name: s3_lifecycler
+    restart: on-failure
+    networks:
+      s3_lifecycler_int:
+      internet:
+        ipv4_address: ${IPV4_PREFIX}.84
+    volumes:
+      - ./wallet.json:/wallet.json
+      - ./../../vendor/hosts:/etc/hosts
+      - ./cfg:/etc/frostfs/s3-lifecycler
+      - ./../../wallets/wallet.json:/user-wallet.json
+    stop_signal: SIGKILL
+    env_file: [ ".env", ".int_test.env" ]
+    command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
+    environment:
+      - S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
+      - S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
+      - S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
+      - S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
+      - S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
+      - S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
+      - S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
+      - S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
+      - S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
+
+networks:
+  s3_lifecycler_int:
+  internet:
+    external: true
+    name: basenet_internet

services/s3_lifecycler/wallet.json

@@ -0,0 +1,30 @@
+{
+  "version": "1.0",
+  "accounts": [
+    {
+      "address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7",
+      "key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ",
+      "label": "lifecycler",
+      "contract": {
+        "script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==",
+        "parameters": [
+          {
+            "name": "parameter0",
+            "type": "Signature"
+          }
+        ],
+        "deployed": false
+      },
+      "lock": false,
+      "isDefault": false
+    }
+  ],
+  "scrypt": {
+    "n": 16384,
+    "r": 8,
+    "p": 8
+  },
+  "extra": {
+    "Tokens": null
+  }
+}

services/storage/cfg/config.yml

@@ -1,6 +1,11 @@
 # Logger section
 logger:
   level: debug # Minimum enabled logging level
+  loki:
+    enabled: true
+    endpoint: "loki.frostfs.devenv:3100/api/prom/push"
+    max_batch_delay: 1s
+    max_batch_size: 200
 
 # Profiler section
 pprof:
@@ -14,7 +19,7 @@ prometheus:
   address: :9090  # Server address
   shutdown_timeout: 15s  # Timeout for metrics HTTP server graceful shutdown
 
-  # Application tracing section
+# Application tracing section
 tracing:
   enabled: true
   exporter: otlp_grpc
@@ -27,18 +32,6 @@ morph:
     - address: ws://morph-chain:30333/ws
       priority: 1
 
-# Common storage node settings
-node:
-  attribute_0: "User-Agent:FrostFS/0.34"
-  notification:
-    enabled: true  # Turn on object notification service
-    endpoint: "tls://nats.frostfs.devenv:4222"  # Notification server endpoint
-    timeout: "6s"  # Timeout for object notification client connection
-    default_topic: "test"  # Default topic for object notifications if not found in object's meta
-    certificate: "/etc/frostfs-node/nats.tls.cert"  # Path to TLS certificate
-    key: "/etc/frostfs-node/nats.tls.key"  # Path to TLS key
-    ca: "/etc/frostfs-node/nats.ca.crt"  # Path to optional CA certificate
-
 # Tree section
 tree:
   enabled: true

services/storage/docker-compose.yml

@@ -1,6 +1,5 @@
 ---
 
-version: "2.4"
 services:
   storage01:
     image: ${NODE_IMAGE}:${NODE_VERSION}
@@ -18,13 +17,10 @@ services:
       - storage_s01:/storage
       - ./../../vendor/frostfs-cli:/frostfs-cli
       - ./cli-cfg.yml:/cli-cfg.yml
-      - ./healthcheck.sh:/healthcheck.sh
       - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
-      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
-      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
-      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
       - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGKILL
+    stop_signal: SIGTERM
+    stop_grace_period: 15s
     env_file: [ ".env", ".storage.env", ".int_test.env" ]
     command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
     environment:
@@ -33,10 +29,11 @@ services:
       - FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
       - FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
       - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
+      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
       - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
       - FROSTFS_NODE_ATTRIBUTE_2=Price:22
     healthcheck:
-      test: ["CMD-SHELL", "/healthcheck.sh"]
+      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
       interval: 2s
       timeout: 1s
       retries: 5
@@ -58,13 +55,10 @@ services:
       - storage_s02:/storage
       - ./../../vendor/frostfs-cli:/frostfs-cli
       - ./cli-cfg.yml:/cli-cfg.yml
-      - ./healthcheck.sh:/healthcheck.sh
       - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
-      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
-      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
-      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
       - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGKILL
+    stop_signal: SIGTERM
+    stop_grace_period: 15s
     env_file: [ ".env", ".storage.env", ".int_test.env" ]
     command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
     environment:
@@ -73,10 +67,11 @@ services:
       - FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
       - FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
       - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
+      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
       - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
       - FROSTFS_NODE_ATTRIBUTE_2=Price:33
     healthcheck:
-      test: ["CMD-SHELL", "/healthcheck.sh"]
+      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
       interval: 2s
       timeout: 1s
       retries: 5
@@ -98,13 +93,10 @@ services:
       - storage_s03:/storage
       - ./../../vendor/frostfs-cli:/frostfs-cli
       - ./cli-cfg.yml:/cli-cfg.yml
-      - ./healthcheck.sh:/healthcheck.sh
       - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
-      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
-      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
-      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
       - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGKILL
+    stop_signal: SIGTERM
+    stop_grace_period: 15s
     env_file: [ ".env", ".storage.env", ".int_test.env" ]
     command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
     environment:
@@ -113,10 +105,11 @@ services:
       - FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
       - FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
       - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
+      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
       - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
       - FROSTFS_NODE_ATTRIBUTE_2=Price:11
     healthcheck:
-      test: ["CMD-SHELL", "/healthcheck.sh"]
+      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
       interval: 2s
       timeout: 1s
       retries: 5
@@ -138,14 +131,11 @@ services:
       - storage_s04:/storage
       - ./../../vendor/frostfs-cli:/frostfs-cli
       - ./cli-cfg.yml:/cli-cfg.yml
-      - ./healthcheck.sh:/healthcheck.sh
       - ./s04tls.crt:/tls.crt
       - ./s04tls.key:/tls.key
-      - ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
-      - ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
-      - ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
       - ./cfg:/etc/frostfs/storage
-    stop_signal: SIGKILL
+    stop_signal: SIGTERM
+    stop_grace_period: 15s
     env_file: [ ".env", ".storage.env", ".int_test.env" ]
     command: [ "frostfs-node", "--config", "/etc/frostfs/storage/config.yml" ]
     environment:
@@ -159,10 +149,11 @@ services:
       - FROSTFS_GRPC_1_TLS_ENABLED=true
       - FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
       - FROSTFS_GRPC_1_TLS_KEY=/tls.key
+      - FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
       - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
       - FROSTFS_NODE_ATTRIBUTE_2=Price:44
     healthcheck:
-      test: ["CMD-SHELL", "/healthcheck.sh"]
+      test: ["CMD-SHELL", "/frostfs-cli control healthcheck -q -c /cli-cfg.yml --endpoint \"$$FROSTFS_CONTROL_GRPC_ENDPOINT\""]
       interval: 2s
       timeout: 1s
       retries: 5

services/storage/generate_cert.sh

@@ -19,7 +19,7 @@ if [[ ! -f ${CERT} ]]; then
         ) > ${SSL_CONFIG}
 
         openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \
-        -subj "/C=RU/ST=SPB/L=St.Petersburg/O=NSPCC/OU=NSPCC/CN=s04.${LOCAL_DOMAIN}" \
+        -subj "/C=RU/ST=SPB/L=St.Petersburg/O=TrueCloudLab/OU=TrueCloudLab/CN=s04.${LOCAL_DOMAIN}" \
         -keyout "${KEY}" -out "${CERT}" -extensions san -config "${SSL_CONFIG}" &> /dev/null || {
             die "Failed to generate SSL certificate for s04"
         }

services/storage/healthcheck.sh

@@ -1,5 +0,0 @@
-#!/bin/sh
-
-/frostfs-cli control healthcheck -c /cli-cfg.yml \
-	--endpoint "$FROSTFS_CONTROL_GRPC_ENDPOINT" |
-	grep "Health status: READY"