s.makhov/frostfs-node
1
0
Fork 0
forked from TrueCloudLab/frostfs-node
Code Pull requests Activity

[#1170] node: Support morph mTLS

Browse source 
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
This commit is contained in:
Evgenii Stratonikov 2024-06-11 15:48:06 +03:00
parent 96fe271bab
commit dbd3b238f7
5 changed files with 33 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
cmd/frostfs-node/config/morph/config.go
View file

@ -54,9 +54,20 @@ func RPCEndpoint(c *config.Config) []client.Endpoint {
priority = PriorityDefault priority = PriorityDefault
} }
var mtlsConfig *client.MTLSConfig
rootCAs := config.StringSliceSafe(s, "trusted_ca_list")
if len(rootCAs) != 0 {
mtlsConfig = &client.MTLSConfig{
TrustedCAList: rootCAs,
KeyFile: config.StringSafe(s, "key"),
CertFile: config.StringSafe(s, "certificate"),
}
}
es = append(es, client.Endpoint{ es = append(es, client.Endpoint{
Address: addr, Address: addr,
Priority: priority, Priority: priority,
MTLSConfig: mtlsConfig,
}) })
} }

7
cmd/frostfs-node/config/morph/config_test.go
View file

@ -28,6 +28,13 @@ func TestMorphSection(t *testing.T) {
{ {
Address: "wss://rpc1.morph.frostfs.info:40341/ws", Address: "wss://rpc1.morph.frostfs.info:40341/ws",
Priority: 1, Priority: 1,
MTLSConfig: &client.MTLSConfig{
TrustedCAList: []string{
"/path/to/ca.pem",
},
KeyFile: "/path/to/key",
CertFile: "/path/to/cert",
},
}, },
{ {
Address: "wss://rpc2.morph.frostfs.info:40341/ws", Address: "wss://rpc2.morph.frostfs.info:40341/ws",

3
config/example/node.env
View file

@ -61,6 +61,9 @@ FROSTFS_MORPH_CACHE_TTL=15s
FROSTFS_MORPH_SWITCH_INTERVAL=3m FROSTFS_MORPH_SWITCH_INTERVAL=3m
FROSTFS_MORPH_RPC_ENDPOINT_0_ADDRESS="wss://rpc1.morph.frostfs.info:40341/ws" FROSTFS_MORPH_RPC_ENDPOINT_0_ADDRESS="wss://rpc1.morph.frostfs.info:40341/ws"
FROSTFS_MORPH_RPC_ENDPOINT_0_PRIORITY=0 FROSTFS_MORPH_RPC_ENDPOINT_0_PRIORITY=0
FROSTFS_MORPH_RPC_ENDPOINT_0_TRUSTED_CA_LIST="/path/to/ca.pem"
FROSTFS_MORPH_RPC_ENDPOINT_0_CERTIFICATE="/path/to/cert"
FROSTFS_MORPH_RPC_ENDPOINT_0_KEY="/path/to/key"
FROSTFS_MORPH_RPC_ENDPOINT_1_ADDRESS="wss://rpc2.morph.frostfs.info:40341/ws" FROSTFS_MORPH_RPC_ENDPOINT_1_ADDRESS="wss://rpc2.morph.frostfs.info:40341/ws"
FROSTFS_MORPH_RPC_ENDPOINT_1_PRIORITY=2 FROSTFS_MORPH_RPC_ENDPOINT_1_PRIORITY=2
FROSTFS_MORPH_APE_CHAIN_CACHE_SIZE=100000 FROSTFS_MORPH_APE_CHAIN_CACHE_SIZE=100000

7
config/example/node.json
View file

@ -95,7 +95,12 @@
"rpc_endpoint": [ "rpc_endpoint": [
{ {
"address": "wss://rpc1.morph.frostfs.info:40341/ws", "address": "wss://rpc1.morph.frostfs.info:40341/ws",
"priority": 0 "priority": 0,
"trusted_ca_list": [
"/path/to/ca.pem"
],
"certificate": "/path/to/cert",
"key": "/path/to/key"
}, },
{ {
"address": "wss://rpc2.morph.frostfs.info:40341/ws", "address": "wss://rpc2.morph.frostfs.info:40341/ws",

4
config/example/node.yaml
View file

@ -84,6 +84,10 @@ morph:
rpc_endpoint: # side chain NEO RPC endpoints; are shuffled and used one by one until the first success rpc_endpoint: # side chain NEO RPC endpoints; are shuffled and used one by one until the first success
- address: wss://rpc1.morph.frostfs.info:40341/ws - address: wss://rpc1.morph.frostfs.info:40341/ws
priority: 0 priority: 0
trusted_ca_list:
- "/path/to/ca.pem"
certificate: "/path/to/cert"
key: "/path/to/key"
- address: wss://rpc2.morph.frostfs.info:40341/ws - address: wss://rpc2.morph.frostfs.info:40341/ws
priority: 2 priority: 2
ape_chain_cache_size: 100000 ape_chain_cache_size: 100000