elebedeva/frostfs-dev-env
1
0
Fork 0
forked from TrueCloudLab/frostfs-dev-env
Code Pull requests Activity

[#159] Add NATS service

Browse source 
Signed-off-by: Alex Vanin <alexey@nspcc.ru>
This commit is contained in:
Alex Vanin 2022-02-09 19:58:35 +03:00 committed by Alex Vanin
parent 99b65b9fa1
commit aabb1eaf86
9 changed files with 121 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.basic_services
View file

@ -3,5 +3,6 @@
basenet
chain
morph_chain
nats
ir
storage

4
.env
View file

@ -18,6 +18,10 @@ IR_IMAGE=nspccdev/neofs-ir
NODE_VERSION=0.27.5
NODE_IMAGE=nspccdev/neofs-storage
# NATS Server
NATS_VERSION=2.7.2
NATS_IMAGE=nats
# HTTP Gate
HTTP_GW_VERSION=0.18.0
HTTP_GW_IMAGE=nspccdev/neofs-http-gw

2
Makefile
View file

@ -113,7 +113,7 @@ hosts: vendor/hosts
.PHONY: clean
.ONESHELL:
clean:
@rm -rf vendor/* services/storage/s04tls.*
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem
@for svc in $(START_SVCS)
do
vols=`docker-compose -f services/$${svc}/docker-compose.yml config --volumes`

1
services/nats/.env Symbolic link
View file

@ -0,0 +1 @@
../../.env

1
services/nats/.hosts Normal file
View file

@ -0,0 +1 @@
IPV4_PREFIX.101 nats.LOCAL_DOMAIN

7
services/nats/artifacts.mk Normal file
View file

@ -0,0 +1,7 @@
# Create new tls certs
NATS_DIR=$(abspath services/nats)
get.nats:
@echo "⇒ Creating certs for NATS server and clients"
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN}

31
services/nats/docker-compose.yml Normal file
View file

@ -0,0 +1,31 @@
---
version: "2.4"
services:
nats:
image: ${NATS_IMAGE}:${NATS_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: nats
container_name: nats
restart: on-failure
dns:
- ${IPV4_PREFIX}.101
networks:
nats_int:
internet:
ipv4_address: ${IPV4_PREFIX}.101
volumes:
- ./../../vendor/hosts:/etc/hosts
- ./nats.conf:/etc/nats/neofs-nats-server.conf
- ./server-cert.pem:/certs/server-cert.pem
- ./server-key.pem:/certs/server-key.pem
- ./ca-cert.pem:/certs/ca-cert.pem
stop_signal: SIGKILL
env_file: [ ".env" ]
command: ["-c", "/etc/nats/neofs-nats-server.conf"]
networks:
nats_int:
internet:
external: true
name: basenet_internet

60
services/nats/generate_cert.sh Executable file
View file

@ -0,0 +1,60 @@
#!/bin/bash
WORKDIR=$(dirname "$0")
LOCAL_DOMAIN=$1
CA_KEY=$WORKDIR/ca-key.pem
CA_CRT=$WORKDIR/ca-cert.pem
SRV_KEY=$WORKDIR/server-key.pem
SRV_REQ=$WORKDIR/server-req.csr
SRV_CRT=$WORKDIR/server-cert.pem
CLI_KEY=$WORKDIR/client-key.pem
CLI_REQ=$WORKDIR/client-req.csr
CLI_CRT=$WORKDIR/client-cert.pem
SUBJ="/O=NSPCC"
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
OUT=$(openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1) || {
echo "CA certificate was not created"
echo $OUT
exit 1
}
fi
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
OUT=$(openssl req -newkey rsa:4096 -nodes --keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ) || {
echo "Server certificate was not created"
echo $OUT
exit 1
}
OUT=$(openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1)|| {
echo "Server certificate was not signed by CA"
echo $OUT
rm $SRV_REQ
exit 1
}
rm $SRV_REQ
fi
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
OUT=$(openssl req -newkey rsa:4096 -nodes --keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1) || {
echo "Client certificate was not created"
echo $OUT
exit 1
}
OUT=$(openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1) || {
echo "Client certificate was not signed by CA"
echo $OUT
rm $CLI_REQ
exit 1
}
rm $CLI_REQ
fi

15
services/nats/nats.conf Normal file
View file

@ -0,0 +1,15 @@
port: 4222
monitor_port: 8222
jetstream {
store_dir=nats
max_memory_store: 1GB
max_file_store: 2GB
}
tls {
cert_file: /certs/server-cert.pem
key_file: /certs/server-key.pem
ca_file: /certs/ca-cert.pem
verify: true
}