Compare commits

..

6 commits

Author SHA1 Message Date
df6859d246 [#92] docs: Update contract list
Contract list got outdated: it was mentioning NeoFS, Audit and Reputation

Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-12-13 18:10:57 +03:00
326578f0ab [#90] Stop using obsolete .github directory
This commit is a part of multi-repo cleanup effort:
TrueCloudLab/frostfs-infra#136

Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
2024-12-10 11:16:44 +00:00
a0fdaebbf4 [#85] Add s3 lifecycler
Signed-off-by: Pavel Pogodaev <p.pogodaev@yadro.com>
2024-11-06 22:54:58 +03:00
10e5bed2af
[#79] storage: Take User-Agent from NODE_VERSION
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-10-31 10:39:00 +03:00
7152f59232 [#88] Remove nats service
It was removed from node in TrueCloudLab/frostfs-node#1161.

Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
2024-10-31 07:38:50 +00:00
636be7352e [#84] Make targets for issuing credentials
Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>
2024-10-17 12:37:26 +03:00
36 changed files with 254 additions and 272 deletions

View file

@ -1,5 +1,4 @@
# Services start/stop order # Services start/stop order
# Will start from top to bottom and stop in reverse # Will start from top to bottom and stop in reverse
nats
ir ir
storage storage

View file

@ -1,5 +1,4 @@
.docker .docker
.github
.forgejo .forgejo
vendor vendor
tmp tmp

10
.env
View file

@ -19,10 +19,6 @@ IR_IMAGE=git.frostfs.info/truecloudlab/frostfs-ir
NODE_VERSION=0.42.9 NODE_VERSION=0.42.9
NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage NODE_IMAGE=git.frostfs.info/truecloudlab/frostfs-storage
# NATS Server
NATS_VERSION=2.7.2
NATS_IMAGE=nats
# HTTP Gate # HTTP Gate
HTTP_GW_VERSION=0.30.2 HTTP_GW_VERSION=0.30.2
HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw HTTP_GW_IMAGE=truecloudlab/frostfs-http-gw
@ -32,9 +28,13 @@ REST_GW_VERSION=c9c85e90
REST_GW_IMAGE=truecloudlab/frostfs-rest-gw REST_GW_IMAGE=truecloudlab/frostfs-rest-gw
# S3 Gate # S3 Gate
S3_GW_VERSION=0.30.4 S3_GW_VERSION=0.31.0-rc.4
S3_GW_IMAGE=truecloudlab/frostfs-s3-gw S3_GW_IMAGE=truecloudlab/frostfs-s3-gw
# Lifecycler
S3_LIFECYCLER_VERSION=0.1.3
S3_LIFECYCLER_IMAGE=truecloudlab/frostfs-s3-lifecycler
# FrostFS LOCODE database # FrostFS LOCODE database
LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54 LOCODE_DB_URL=https://git.frostfs.info/attachments/a2e8def7-52b6-49f1-89cd-a056712e8e54
#LOCODE_DB_PATH=/path/to/locode_db #LOCODE_DB_PATH=/path/to/locode_db

View file

Before

Width:  |  Height:  |  Size: 5.5 KiB

After

Width:  |  Height:  |  Size: 5.5 KiB

1
.github/CODEOWNERS vendored
View file

@ -1 +0,0 @@
* @alexvanin @fyrchik

1
.gitignore vendored
View file

@ -15,4 +15,3 @@ sites/*
# Runtime generation keys # Runtime generation keys
services/storage/*tls.crt services/storage/*tls.crt
services/storage/*tls.key services/storage/*tls.key
services/nats/*.pem

View file

@ -3,3 +3,4 @@
http_gate http_gate
s3_gate s3_gate
rest_gate rest_gate
s3_lifecycler

1
CODEOWNERS Normal file
View file

@ -0,0 +1 @@
.* @alexvanin @fyrchik

View file

@ -60,6 +60,7 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
.PHONY: up .PHONY: up
up: up/basic up: up/basic
@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d)) @$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
@echo "Full FrostFS Developer Environment is ready" @echo "Full FrostFS Developer Environment is ready"
# Build up FrostFS # Build up FrostFS
@ -149,7 +150,7 @@ hosts: vendor/hosts
.PHONY: clean .PHONY: clean
.ONESHELL: .ONESHELL:
clean: clean:
@rm -rf vendor/* services/storage/s04tls.* services/nats/*.pem @rm -rf vendor/* services/storage/s04tls.*
@> .int_test.env @> .int_test.env
@for svc in $(PULL_SVCS) @for svc in $(PULL_SVCS)
do do

View file

@ -1,5 +1,5 @@
<p align="center"> <p align="center">
<img src="./.github/logo.svg" width="500px" alt="FrostFS logo"> <img src="./.forgejo/logo.svg" width="500px" alt="FrostFS logo">
</p> </p>
<p align="center"> <p align="center">
<a href="https://frostfs.info">FrostFS</a> local Development and Testing environment <a href="https://frostfs.info">FrostFS</a> local Development and Testing environment
@ -137,6 +137,65 @@ Display addresses and host names for each running service, if available.
Clean up `vendor` directory. Clean up `vendor` directory.
### s3cred
Registers user wallet and issues s3 credentials.
Usage and default parameter values:
```sh
make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
```
As soon as the storage node is in the network map (see above) you can generate S3
credentials:
``` sh
$ make s3cred
{
"access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
"secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
"owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
"wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
"container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
}
```
Running without any parameters will result in defaults which are based on the private key from
`/user-wallet.json` file and `/wallet.json` contract wallet.
Now let's configure an S3 client (AWS CLI will be used as example):
``` sh
$ aws configure
AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
Default region name []: us-east-1
Default output format []: json
```
If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter.
Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
```sh
$ make s3cred wallet=custom_wallet.json password=test
{
"access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
"secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
"owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
"wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
"container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
}
```
To get credentials from custom wallet, place it in `wallets` dir before start.
### cred
Usage and default parameter values:
```sh
make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
```
The same as `s3cred`, but it doesn't issues s3 credentials.
## Contributing ## Contributing
Feel free to contribute to this project after reading the [contributing Feel free to contribute to this project after reading the [contributing

View file

@ -4,14 +4,16 @@ A single-node N3 privnet deployment, running on
Contracts deployed: Contracts deployed:
- Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet) - Alphabet (AZ) [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/alphabet)
- Audit [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/audit)
- Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance) - Balance [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/balance)
- Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container) - Container [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/container)
- FrostFS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfs)
- FrostFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/frostfsid)
- NNS [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/nns)
- Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap) - Netmap [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/netmap)
- NeoFSID [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/neofsid) - Policy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/policy)
- Processing [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/processing)
- Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy) - Proxy [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/proxy)
- Reputation [contract](https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/branch/master/reputation)
RPC available at `http://morph-chain.frostfs.devenv:30333`. RPC available at `http://morph-chain.frostfs.devenv:30333`.
## .env settings ## .env settings

4
extra/.gitignore vendored
View file

@ -1,4 +0,0 @@
bin
storage
.frostfs-storage-state
new_storage_wallet.json

View file

@ -1,47 +0,0 @@
WALLET=new_storage_wallet.json
GAS?=1000
INNERRING_IP?=$(call docker_ip,ir01)
MORPH_IP?=$(call docker_ip,morph_chain)
MORPH_ENDPOINT=http://$(MORPH_IP):30333
ADM=../vendor/frostfs-adm
CLI=../vendor/frostfs-cli
NEO=./bin/neo-go
NODE=./bin/frostfs-node
.PHONY: up
up: wallet | $(NEO) $(NODE)
$(NEO) wallet nep17 balance -r $(MORPH_ENDPOINT) -w $(WALLET)
$(ADM) morph refill-gas --storage-wallet $(WALLET) --gas $(GAS) \
--rpc-endpoint $(MORPH_ENDPOINT) --alphabet-wallets ../services/ir \
--config ../frostfs-adm.yml
$(NEO) wallet nep17 balance -r $(MORPH_ENDPOINT) -w $(WALLET)
$(NODE) --config-dir config &
NODE_PID=$$!
sleep 10
kill $$NODE_PID
$(NEO) wallet nep17 balance -r $(MORPH_ENDPOINT) -w $(WALLET)
.PHONY: wallet
wallet: | $(NEO)
rm $(WALLET) || true
$(NEO) wallet init --account --wallet-config new_storage_wallet.template
$(NEO):
mkdir -p $(dir $@)
curl -o $@ -sSL https://github.com/nspcc-dev/neo-go/releases/download/v0.106.3/neo-go-linux-amd64
chmod +x $@
$(NODE):
mkdir -p $(dir $@)
curl -o $@ -sSL https://git.frostfs.info/TrueCloudLab/frostfs-node/releases/download/v0.42.9/frostfs-node
chmod +x $@
define docker_ip
$(firstword $(shell docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}} {{end}}' $(1)))
endef
SHELL=/bin/bash
.SHELLFLAGS=-euo pipefail -c
.ONESHELL:

View file

@ -1 +0,0 @@
../../services/storage/cfg/config.yml

View file

@ -1,77 +0,0 @@
logger:
loki:
enabled: false
pprof:
enabled: false
prometheus:
enabled: false
tracing:
enabled: false
morph:
rpc_endpoint: # Side chain NEO RPC endpoints
- address: ws://morph-chain.frostfs.devenv:30333/ws
priority: 1
# Common storage node settings
node:
wallet:
path: new_storage_wallet.json
password: ""
addresses:
- grpc://s01.frostfs.devenv:8080
notification:
enabled: false
grpc:
- endpoint: 127.0.88.1:8802
tls:
enabled: false
tree:
enabled: true
storage:
shard:
0:
writecache:
enabled: true
path: storage/wc0 # Write-cache root directory
metabase:
path: storage/meta0 # Path to the metabase
blobstor:
- type: blobovnicza
path: storage/blobovnicza0 # Blobovnicza root directory
depth: 2
width: 4
- type: fstree
path: storage/fstree0 # FSTree root directory
depth: 2
pilorama:
path: storage/pilorama0 # Path to the pilorama database
1:
writecache:
enabled: true
path: storage/wc1 # Write-cache root directory
metabase:
path: storage/meta1 # Path to the metabase
blobstor:
- type: blobovnicza
path: storage/blobovnicza1 # Blobovnicza root directory
depth: 2
width: 4
- type: fstree
path: storage/fstree1 # FSTree root directory
depth: 2
pilorama:
path: storage/pilorama1 # Path to the pilorama database

View file

@ -1,2 +0,0 @@
Path: new_storage_wallet.json
Password: ""

View file

@ -19,6 +19,7 @@ services:
- ./config.yml:/wallets/config.yml - ./config.yml:/wallets/config.yml
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./../../wallets/wallet.json:/wallets/wallet.json - ./../../wallets/wallet.json:/wallets/wallet.json
- ./../s3_gate/wallet.json:/wallets/s3-wallet.json
- chains:/chains - chains:/chains
networks: networks:

View file

@ -1 +0,0 @@
IPV4_PREFIX.101 nats.LOCAL_DOMAIN

View file

@ -1,7 +0,0 @@
# Create new TLS certs for NATS server and clients
NATS_DIR=$(abspath services/nats)
get.nats:
@echo "⇒ Creating certs for NATS server and clients"
${NATS_DIR}/generate_cert.sh ${LOCAL_DOMAIN} > /dev/null

View file

@ -1,30 +0,0 @@
---
services:
nats:
image: ${NATS_IMAGE}:${NATS_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: nats
container_name: nats
restart: on-failure
dns:
- ${IPV4_PREFIX}.101
networks:
nats_int:
internet:
ipv4_address: ${IPV4_PREFIX}.101
volumes:
- ./../../vendor/hosts:/etc/hosts
- ./nats.conf:/etc/nats/frostfs-nats-server.conf
- ./server-cert.pem:/certs/server-cert.pem
- ./server-key.pem:/certs/server-key.pem
- ./ca-cert.pem:/certs/ca-cert.pem
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: ["-c", "/etc/nats/frostfs-nats-server.conf"]
networks:
nats_int:
internet:
external: true
name: basenet_internet

View file

@ -1,49 +0,0 @@
#!/bin/bash
source bin/helper.sh
WORKDIR=$(dirname "$0")
LOCAL_DOMAIN=$1
CA_KEY=$WORKDIR/ca-key.pem
CA_CRT=$WORKDIR/ca-cert.pem
SRV_KEY=$WORKDIR/server-key.pem
SRV_REQ=$WORKDIR/server-req.csr
SRV_CRT=$WORKDIR/server-cert.pem
CLI_KEY=$WORKDIR/client-key.pem
CLI_REQ=$WORKDIR/client-req.csr
CLI_CRT=$WORKDIR/client-cert.pem
SUBJ="/O=TrueCloudLab"
if [[ ! -f $CA_KEY || ! -f $CA_CRT ]]; then
openssl req -newkey rsa:4096 -x509 -days 365 -nodes -keyout $CA_KEY -out $CA_CRT -subj $SUBJ 2>&1 ||
die "CA certificate was not created"
fi
if [[ ! -f $SRV_KEY || ! -f $SRV_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $SRV_KEY -out $SRV_REQ -subj $SUBJ 2>&1 ||
die "Server certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $SRV_REQ -out $SRV_CRT -CA $CA_CRT -CAkey $CA_KEY \
-extensions san -extfile <(printf "[san]\nsubjectAltName=DNS:nats.$LOCAL_DOMAIN") 2>&1 || {
rm $SRV_REQ
die "Server certificate was not signed by CA"
}
rm $SRV_REQ
fi
if [[ ! -f $CLI_KEY || ! -f $CLI_CRT ]]; then
openssl req -newkey rsa:4096 -nodes -keyout $CLI_KEY -out $CLI_REQ -subj $SUBJ 2>&1 ||
die "Client certificate was not created"
openssl x509 -req -days 365 -set_serial 01 -in $CLI_REQ -out $CLI_CRT -CA $CA_CRT -CAkey $CA_KEY 2>&1 || {
rm $CLI_REQ
die "Client certificate was not signed by CA"
}
rm $CLI_REQ
fi

View file

@ -1,15 +0,0 @@
port: 4222
monitor_port: 8222
jetstream {
store_dir=nats
max_memory_store: 1GB
max_file_store: 2GB
}
tls {
cert_file: /certs/server-cert.pem
key_file: /certs/server-key.pem
ca_file: /certs/ca-cert.pem
verify: true
}

View file

@ -12,11 +12,17 @@ services:
internet: internet:
ipv4_address: ${IPV4_PREFIX}.82 ipv4_address: ${IPV4_PREFIX}.82
volumes: volumes:
# Gate wallet
- ./wallet.json:/wallet.json - ./wallet.json:/wallet.json
# Custom user wallets
- ./wallets:/wallets
# Default user wallet
- ./../../wallets/wallet.json:/wallets/wallet.json
- ./tls.key:/tls.key - ./tls.key:/tls.key
- ./tls.crt:/tls.crt - ./tls.crt:/tls.crt
- ./../../vendor/hosts:/etc/hosts - ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3 - ./cfg:/etc/frostfs/s3
- ./issue-creds.sh:/usr/bin/issue-creds.sh
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
env_file: [ ".env", ".s3.env", ".int_test.env" ] env_file: [ ".env", ".s3.env", ".int_test.env" ]
@ -34,6 +40,8 @@ services:
- S3_GW_PEERS_2_WEIGHT=0.2 - S3_GW_PEERS_2_WEIGHT=0.2
- S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080 - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_GW_PEERS_3_WEIGHT=0.2 - S3_GW_PEERS_3_WEIGHT=0.2
- AUTHMATE_WALLET_PASSPHRASE=
- AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
networks: networks:
s3_gate_int: s3_gate_int:

41
services/s3_gate/issue-creds.sh Executable file
View file

@ -0,0 +1,41 @@
#!/bin/bash
initUser() {
/bin/frostfs-s3-authmate register-user \
--wallet $WALLET_PATH \
--rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
--username $USERNAME \
--contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
}
issueCreds() {
/bin/frostfs-s3-authmate issue-secret \
--wallet $WALLET_PATH \
--peer s01.frostfs.devenv:8080 \
--gate-public-key $S3_GATE_PUBLIC_KEY \
--container-placement-policy "REP 3"
}
set -e
WALLET_PATH=/wallets/$2
if [[ -z "$2" ]]; then
WALLET_PATH=/wallets/wallet.json
fi
S3_GATE_PUBLIC_KEY=$3
if [[ -z "$3" ]]; then
S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
fi
WALLET_CACHE=/data/wallets
mkdir -p $WALLET_CACHE
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
initUser
fi
if [ $1 == "s3" ]; then
issueCreds
fi

View file

@ -0,0 +1,14 @@
.PHONY: s3cred register
password?=
contract_password?=s3
gate_public_key?=
wallet?=
# Register wallet & generate S3 credentials
s3cred:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
# Only registers user wallet
register:
@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"

View file

@ -0,0 +1 @@
IPV4_PREFIX.84 lifecycler.LOCAL_DOMAIN

View file

@ -0,0 +1,42 @@
logger:
level: debug
prometheus:
enabled: true
address: :9090
lifecycle:
job_fetcher_buffer: 1000
executor_pool_size: 100
frostfs:
stream_timeout: 10s
connect_timeout: 10s
healthcheck_timeout: 15s
rebalance_interval: 60s
pool_error_threshold: 100
tree_pool_max_attempts: 4
credential:
use: wallets
source:
wallets:
- path: /wallet.json
address: NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7
passphrase: "cycle"
- path: /user-wallet.json
address: NbUgTSFvPmsRxmGeWpuuGeJUoRoi6PErcM
passphrase: ""
morph:
reconnect_clients_interval: 30s
dial_timeout: 5s
contract:
netmap: netmap.frostfs
frostfsid: frostfsid.frostfs
container: container.frostfs
# Wallet configuration
wallet:
path: /wallet.json # Path to wallet
passphrase: "cycle" # Passphrase to decrypt wallet

View file

@ -0,0 +1,38 @@
---
version: "2.4"
services:
s3_lifecycler:
image: ${S3_LIFECYCLER_IMAGE}:${S3_LIFECYCLER_VERSION}
domainname: ${LOCAL_DOMAIN}
hostname: s3_lifecycler
container_name: s3_lifecycler
restart: on-failure
networks:
s3_lifecycler_int:
internet:
ipv4_address: ${IPV4_PREFIX}.84
volumes:
- ./wallet.json:/wallet.json
- ./../../vendor/hosts:/etc/hosts
- ./cfg:/etc/frostfs/s3-lifecycler
- ./../../wallets/wallet.json:/user-wallet.json
stop_signal: SIGKILL
env_file: [ ".env", ".int_test.env" ]
command: [ "frostfs-s3-lifecycler", "--config", "/etc/frostfs/s3-lifecycler/config.yml" ]
environment:
- S3_LIFECYCLER_MORPH_RPC_ENDPOINT_0_ADDRESS=ws://morph-chain:30333/ws
- S3_LIFECYCLER_FROSTFS_PEERS_0_ADDRESS=s01.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_0_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_1_ADDRESS=s02.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_1_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_2_ADDRESS=s03.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_2_WEIGHT=0.2
- S3_LIFECYCLER_FROSTFS_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
- S3_LIFECYCLER_FROSTFS_PEERS_3_WEIGHT=0.2
networks:
s3_lifecycler_int:
internet:
external: true
name: basenet_internet

View file

@ -0,0 +1,30 @@
{
"version": "1.0",
"accounts": [
{
"address": "NTt1rxvmEDxEuuogLxs2xgxA71qhVaUcN7",
"key": "6PYR3XurAyTzVeDG5WV2Z8vnGdySw3mTLuKjr6Nwo7tae64SJ7XjZSMMPQ",
"label": "lifecycler",
"contract": {
"script": "DCED9z0M+WSGfXZGxYLj1yYwmgxJXE/kNA4+oWNi0q1uKCdBVuezJw==",
"parameters": [
{
"name": "parameter0",
"type": "Signature"
}
],
"deployed": false
},
"lock": false,
"isDefault": false
}
],
"scrypt": {
"n": 16384,
"r": 8,
"p": 8
},
"extra": {
"Tokens": null
}
}

View file

@ -32,18 +32,6 @@ morph:
- address: ws://morph-chain:30333/ws - address: ws://morph-chain:30333/ws
priority: 1 priority: 1
# Common storage node settings
node:
attribute_0: "User-Agent:FrostFS/0.34"
notification:
enabled: true # Turn on object notification service
endpoint: "tls://nats.frostfs.devenv:4222" # Notification server endpoint
timeout: "6s" # Timeout for object notification client connection
default_topic: "test" # Default topic for object notifications if not found in object's meta
certificate: "/etc/frostfs-node/nats.tls.cert" # Path to TLS certificate
key: "/etc/frostfs-node/nats.tls.key" # Path to TLS key
ca: "/etc/frostfs-node/nats.ca.crt" # Path to optional CA certificate
# Tree section # Tree section
tree: tree:
enabled: true enabled: true

View file

@ -18,9 +18,6 @@ services:
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
@ -32,6 +29,7 @@ services:
- FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s01.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s01.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MOW
- FROSTFS_NODE_ATTRIBUTE_2=Price:22 - FROSTFS_NODE_ATTRIBUTE_2=Price:22
healthcheck: healthcheck:
@ -58,9 +56,6 @@ services:
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
@ -72,6 +67,7 @@ services:
- FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s02.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s02.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU LED
- FROSTFS_NODE_ATTRIBUTE_2=Price:33 - FROSTFS_NODE_ATTRIBUTE_2=Price:33
healthcheck: healthcheck:
@ -98,9 +94,6 @@ services:
- ./../../vendor/frostfs-cli:/frostfs-cli - ./../../vendor/frostfs-cli:/frostfs-cli
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./s04tls.crt:/etc/ssl/certs/s04tls.crt - ./s04tls.crt:/etc/ssl/certs/s04tls.crt
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
@ -112,6 +105,7 @@ services:
- FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_NODE_ADDRESSES=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080 - FROSTFS_GRPC_0_ENDPOINT=s03.${LOCAL_DOMAIN}:8080
- FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081 - FROSTFS_CONTROL_GRPC_ENDPOINT=s03.${LOCAL_DOMAIN}:8081
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:SE STO
- FROSTFS_NODE_ATTRIBUTE_2=Price:11 - FROSTFS_NODE_ATTRIBUTE_2=Price:11
healthcheck: healthcheck:
@ -139,9 +133,6 @@ services:
- ./cli-cfg.yml:/cli-cfg.yml - ./cli-cfg.yml:/cli-cfg.yml
- ./s04tls.crt:/tls.crt - ./s04tls.crt:/tls.crt
- ./s04tls.key:/tls.key - ./s04tls.key:/tls.key
- ../nats/client-cert.pem:/etc/frostfs-node/nats.tls.cert
- ../nats/client-key.pem:/etc/frostfs-node/nats.tls.key
- ../nats/ca-cert.pem:/etc/frostfs-node/nats.ca.crt
- ./cfg:/etc/frostfs/storage - ./cfg:/etc/frostfs/storage
stop_signal: SIGTERM stop_signal: SIGTERM
stop_grace_period: 15s stop_grace_period: 15s
@ -158,6 +149,7 @@ services:
- FROSTFS_GRPC_1_TLS_ENABLED=true - FROSTFS_GRPC_1_TLS_ENABLED=true
- FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt - FROSTFS_GRPC_1_TLS_CERTIFICATE=/tls.crt
- FROSTFS_GRPC_1_TLS_KEY=/tls.key - FROSTFS_GRPC_1_TLS_KEY=/tls.key
- FROSTFS_NODE_ATTRIBUTE_0=User-Agent:FrostFS/${NODE_VERSION}
- FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL - FROSTFS_NODE_ATTRIBUTE_1=UN-LOCODE:FI HEL
- FROSTFS_NODE_ATTRIBUTE_2=Price:44 - FROSTFS_NODE_ATTRIBUTE_2=Price:44
healthcheck: healthcheck: