Move to frostfs-node

Signed-off-by: Pavel Karpy <p.karpy@yadro.com>
2022-12-23 20:35:35 +03:00 · 2022-12-23 20:35:35 +03:00 · 923f84722a
commit 923f84722a
parent 42554a9298
934 changed files with 3470 additions and 3451 deletions
--- a/cmd/frostfs-adm/docs/deploy.md
+++ b/cmd/frostfs-adm/docs/deploy.md
@ -0,0 +1,211 @@
+# Step-by-step private NeoFS deployment
+
+This is a short guide on how to deploy a private NeoFS storage network on bare
+metal without docker images. This guide does not cover details on how to start
+consensus, Alphabet, or Storage nodes. This guide covers only `frostfs-adm` 
+related configuration details.
+
+## Prerequisites
+
+To follow this guide you need:
+- latest released version of [neo-go](https://github.com/nspcc-dev/neo-go/releases) (v0.97.2 at the moment),
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases) utility (v0.25.1 at the moment),
+- latest released version of compiled [frostfs-contract](https://github.com/TrueCloudLab/frostfs-contract/releases) (v0.11.0 at the moment).
+
+## Step 1: Prepare network configuration 
+
+To start a network, you need a set of consensus nodes, the same number of 
+Alphabet nodes and any number of Storage nodes. While the number of Storage 
+nodes can be scaled almost infinitely, the number of consensus and Alphabet 
+nodes can't be changed so easily right now. Consider this before going any further.
+
+It is easier to use`frostfs-adm` with a predefined configuration. First, create
+a network configuration file. In this example, there is going to be only one
+consensus / Alphabet node in the network.
+
+```
+$ frostfs-adm config init --path foo.network.yml
+Initial config file saved to foo.network.yml
+
+$ cat foo.network.yml 
+rpc-endpoint: https://neo.rpc.node:30333
+alphabet-wallets: /home/user/deploy/alphabet-wallets
+network:
+  max_object_size: 67108864
+  epoch_duration: 240
+  basic_income_rate: 0
+  fee:
+    audit: 0
+    candidate: 0
+    container: 0
+    withdraw: 0
+credentials:
+  az: hunter2
+```
+
+For private installation, it is recommended to set all **fees** and **basic 
+income rate** to 0. 
+
+As for **epoch duration**, consider consensus node block generation frequency. 
+With default 15 seconds per block, 240 blocks are going to be a 1-hour epoch. 
+
+For **max object size**, 67108864 (64 MiB) or 134217728 (128 MiB) should provide 
+good chunk distribution in most cases.
+
+With this config, generate wallets (private keys) of consensus nodes. The same
+wallets will be used for Alphabet nodes. Make sure, that dir for alphabet 
+wallets already exists.
+
+```
+$ frostfs-adm -c foo.network.yml morph generate-alphabet --size 1
+size: 1
+alphabet-wallets: /home/user/deploy/alphabet-wallets
+wallet[0]: hunter2
+```
+
+Do not lose wallet files and network config. Store it in an encrypted backed up
+storage.
+
+## Step 2: Launch consensus nodes
+
+Configure blockchain nodes with the generated wallets from the previous step.
+Config examples can be found in 
+[neo-go repository](https://github.com/nspcc-dev/neo-go/tree/master/config).
+
+Gather public keys from **all** generated wallets. We are interested in the first
+`simple signature contract` public key.
+
+```
+$ neo-go wallet dump-keys -w alphabet-wallets/az.json 
+NitdS4k4f1Hh5mbLJhAswBK3WC2gQgPN1o (simple signature contract):
+02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
+
+NiMKabp3ddi3xShmLAXhTfbnuWb4cSJT6E (1 out of 1 multisig contract):
+02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
+
+NiMKabp3ddi3xShmLAXhTfbnuWb4cSJT6E (1 out of 1 multisig contract):
+02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
+```
+
+Put the list of public keys into `ProtocolConfiguration.StandbyCommittee` 
+section. Specify the wallet path and the password in `ApplicationConfiguration.P2PNotary`
+and `ApplicationConfiguration.UnlockWallet` sections. If config includes
+`ProtocolConfiguration.NativeActivations` section, add notary 
+contract `Notary: [0]`.
+
+```yaml
+ProtocolConfiguration:
+  StandbyCommittee:
+    - 02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
+  NativeActivations:
+    Notary: [0]
+ApplicationConfiguration:
+  P2PNotary:
+    Enabled: true
+    UnlockWallet:
+      Path: "/home/user/deploy/alphabet-wallets/az.json"
+      Password: "hunter2"
+  UnlockWallet:
+    Path: "/home/user/deploy/alphabet-wallets/az.json"
+    Password: "hunter2"
+```
+
+Then, launch consensus nodes. They should connect to each other and start
+producing blocks in consensus. You might want to deploy additional RPC
+nodes at this stage because Storage nodes should be connected to the chain too.
+It is not recommended to use a consensus node as an RPC node due to security policies
+and possible overload issues.
+
+## Step 3: Initialize sidechain
+
+Use archive with compiled NeoFS contracts to initialize the sidechain.
+
+```
+$ tar -xzvf frostfs-contract-v0.11.0.tar.gz 
+
+$ ./frostfs-adm -c foo.network.yml morph init --contracts ./frostfs-contract-v0.11.0
+Stage 1: transfer GAS to alphabet nodes.
+Waiting for transactions to persist...
+Stage 2: set notary and alphabet nodes in designate contract.
+Waiting for transactions to persist...
+Stage 3: deploy NNS contract.
+Waiting for transactions to persist...
+Stage 4: deploy NeoFS contracts.
+Waiting for transactions to persist...
+Stage 4.1: Transfer GAS to proxy contract.
+Waiting for transactions to persist...
+Stage 5: register candidates.
+Waiting for transactions to persist...
+Stage 6: transfer NEO to alphabet contracts.
+Waiting for transactions to persist...
+Stage 7: set addresses in NNS.
+Waiting for transactions to persist...
+NNS: Set alphabet0.neofs -> f692dfb4d43a15b464eb51a7041160fb29c44b6a
+NNS: Set audit.neofs -> 7df847b993affb3852074345a7c2bd622171ee0d
+NNS: Set balance.neofs -> 103519b3067a66307080a66570c0491ee8f68879
+NNS: Set container.neofs -> cae60bdd689d185901e495352d0247752ce50846
+NNS: Set neofsid.neofs -> c421fb60a3895865a8f24d197d6a80ef686041d2
+NNS: Set netmap.neofs -> 894eb854632f50fb124412ce7951ebc00763525e
+NNS: Set proxy.neofs -> ac6e6fe4b373d0ca0ca4969d1e58fa0988724e7d
+NNS: Set reputation.neofs -> 6eda57c9d93d990573646762d1fea327ce41191f
+Waiting for transactions to persist...
+```
+
+## Step 4: Launch Alphabet nodes
+
+Configure Alphabet nodes with the wallets generated in step 1. For 
+`morph.validators` use a list of public keys from 
+`ProtocolConfiguration.StandbyCommittee`.
+
+```yaml
+wallet:
+  path: "/home/user/deploy/alphabet-wallets/az.json"
+  password: "hunter2"
+  account: "NitdS4k4f1Hh5mbLJhAswBK3WC2gQgPN1o"
+
+morph:
+  validators:
+    - 02c1cc85f9c856dbe2d02017349bcb7b4e5defa78b8056a09b3240ba2a8c078869
+
+contracts:
+  alphabet:
+    amount: 1
+```
+
+## Step 4: Launch Storage node
+
+Generate a new wallet for a Storage node.
+
+```
+$ frostfs-adm -c foo.network.yml morph generate-storage-wallet --storage-wallet ./sn01.json --initial-gas 10.0
+New password > 
+Waiting for transactions to persist...
+
+$ neo-go wallet dump-keys -w sn01.json 
+Ngr7p8Z9S22XDH6VkUG9oXobv8zZRAWwwv (simple signature contract):
+0355eccb72cd46f09a3e5237eaa0f4949cceb5ecfa5a225bd3bb9fd021c4d75b85
+```
+
+Configure the Storage node to use this wallet.
+
+```
+node:
+  wallet:
+    path: "/home/user/deploy/sn01.json"
+    address: "Ngr7p8Z9S22XDH6VkUG9oXobv8zZRAWwwv"
+    password: "foobar"
+```
+
+The storage node will be included in the network map in the next NeoFS epoch. To
+speed up this process, you can increment epoch counter immediately.
+
+```
+$ frostfs-adm -c foo.network.yml morph force-new-epoch
+Current epoch: 8, increase to 9.
+Waiting for transactions to persist...
+```
+
+--- 
+
+After that, NeoFS Storage is ready to work. You can access it directly or
+with protocol gates.
--- a/cmd/frostfs-adm/docs/subnetwork-creation.md
+++ b/cmd/frostfs-adm/docs/subnetwork-creation.md
@ -0,0 +1,39 @@
+# NeoFS subnetwork creation
+
+This is a short guide on how to create NeoFS subnetworks. This guide 
+considers that the sidechain and the inner ring (alphabet nodes) have already been 
+deployed and the sidechain contains a deployed `subnet` contract.
+
+## Prerequisites
+
+To follow this guide, you need:
+- neo-go sidechain RPC endpoint;
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases);
+- wallet with NeoFS account.
+
+## Creation
+
+```shell
+$ frostfs-adm morph subnet create \
+    -r <side_chain_RPC_endpoint> \
+    -w </path/to/owner/wallet> \
+    --notary
+Create subnet request sent successfully. ID: 4223489767.
+```
+
+**NOTE:** in notary-enabled environment you should have a sufficient
+notary deposit (not expired, with enough GAS balance). Your subnet ID
+will differ from the example.
+
+The default account in the wallet that has been passed with `-w` flag is the owner
+of the just created subnetwork.
+
+You can check if your subnetwork was created successfully:
+
+```shell
+$ frostfs-adm morph subnet get \
+    -r <side_chain_RPC_endpoint> \
+    --subnet <subnet_ID>
+Owner: NUc734PMJXiqa2J9jRtvskU3kCdyyuSN8Q
+```
+Your owner will differ from the example.
--- a/cmd/frostfs-adm/docs/subnetwork-usage.md
+++ b/cmd/frostfs-adm/docs/subnetwork-usage.md
@ -0,0 +1,137 @@
+# Managing Subnetworks
+
+This is a short guide on how to manage NeoFS subnetworks. This guide
+considers that the sidechain and the inner ring (alphabet nodes) have already been
+deployed, and the sidechain contains a deployed `subnet` contract.
+
+## Prerequisites
+
+- neo-go sidechain RPC endpoint;
+- latest released version of [frostfs-adm](https://github.com/TrueCloudLab/frostfs-node/releases);
+- [created](subnetwork-creation.md) subnetwork;
+- wallet with the account that owns the subnetwork;
+- public key of the Storage Node;
+- public keys of the node and client administrators;
+- owner IDs of the NeoFS users.
+
+## Add node administrator
+
+Node administrators are accounts that can manage (add and delete nodes)
+the whitelist of the nodes which can be included to a subnetwork. Only the subnet
+owner is allowed to add and remove node administrators from the subnetwork.
+
+```shell
+$ frostfs-adm morph subnet admin add \
+    -r <side_chain_RPC_endpoint> \
+    -w </path/to/owner/wallet> \
+    --admin <HEX_admin_public_key> \
+    --subnet <subnet_ID>
+Add admin request sent successfully.
+```
+
+## Add node
+
+Adding a node to a subnetwork means that the node becomes able to service
+containers that have been created in that subnetwork. Addition only changes
+the list of the allowed nodes. Node is not required to be bootstrapped at the
+moment of its inclusion.
+
+```shell
+$ frostfs-adm morph subnet node add \
+    -r <side_chain_RPC_endpoint> \
+    -w </path/to/node_admin/wallet> \
+    --node <HEX_node_public_key> \
+    --subnet <subnet_ID>
+Add node request sent successfully.
+```
+
+**NOTE:** the owner of the subnetwork is also allowed to add nodes.
+
+## Add client administrator
+
+Client administrators are accounts that can manage (add and delete
+nodes) the whitelist of the clients that can create containers in the
+subnetwork. Only the subnet owner is allowed to add and remove client
+administrators from the subnetwork.
+
+```shell
+$ frostfs-adm morph subnet admin add \
+    -r <side_chain_RPC_endpoint> \
+    -w </path/to/owner/wallet> \
+    --admin <HEX_admin_public_key> \
+    --subnet <subnet_ID> \
+    --client \
+    --group <group_ID>
+Add admin request sent successfully.
+```
+
+**NOTE:** you do not need to create a group explicitly, it will be created
+right after the first client admin is added. Group ID is a 4-byte
+positive integer number.
+
+## Add client
+
+```shell
+$ frostfs-adm morph subnet client add \
+    -r <side_chain_RPC_endpoint> \
+    -w </path/to/client_admin/wallet> \
+    --client <client_ownerID> \
+    --subnet <subnet_ID> \
+    --group <group_ID>
+Add client request sent successfully.
+```
+
+**NOTE:** the owner of the subnetwork is also allowed to add clients. This is
+the only one command that accepts `ownerID`, not the public key.
+Administrator can manage only their group (a group where that administrator
+has been added by the subnet owner).
+
+# Bootstrapping Storage Node
+
+After a subnetwork [is created](subnetwork-creation.md) and a node is included into it, the 
+node could be bootstrapped and service subnetwork containers.
+
+For bootstrapping, you need to specify the ID of the subnetwork in the node's 
+configuration: 
+
+```yaml
+...
+node:
+  ...
+  subnet:
+    entries: # list of IDs of subnets to enter in a text format of NeoFS API protocol (overrides corresponding attributes)
+      - <subnetwork_ID>
+  ...
+...
+```
+
+**NOTE:** specifying subnetwork that is denied for the node is not an error:
+that configuration value would be ignored. You do not need to specify zero 
+(with 0 ID) subnetwork: its inclusion is implicit. On the contrary, to exclude
+a node from the default zero subnetwork, you need to specify it explicitly:
+
+```yaml
+...
+node:
+  ...
+  subnet:
+    exit_zero: true # toggle entrance to zero subnet (overrides corresponding attribute and occurrence in `entries`)
+  ...
+...
+```
+
+# Creating container in non-zero subnetwork
+
+Creating containers without using `--subnet` flag is equivalent to 
+creating container in the zero subnetwork.
+
+To create a container in a private network, your wallet must be added to
+the client whitelist by the client admins or the subnet owners:
+
+```shell
+$ frostfs-cli container create \
+    --policy 'REP 1' \
+    -w </path/to/wallet> \
+    -r s01.frostfs.devenv:8080 \
+    --subnet <subnet_ID>
+```