gitee.com/hyperledger/fabric-ca@v2.0.0-alpha+incompatible/scripts/fvt/fabric-ca_setup.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 . $SCRIPTDIR/fabric-ca_utils 11 GO_VER="1.7.1" 12 ARCH="amd64" 13 RC=0 14 15 function usage() { 16 echo "ARGS:" 17 echo " -d) <DRIVER> - [sqlite3|mysql|postgres]" 18 echo " -n) <FABRIC_CA_INSTANCES> - number of servers to start" 19 echo " -t) <KEYTYPE> - rsa|ecdsa" 20 echo " -l) <KEYLEN> - ecdsa: 256|384|521; rsa 2048|3072|4096" 21 echo " -c) <SRC_CERT> - pre-existing server cert" 22 echo " -k) <SRC_KEY> - pre-existing server key" 23 echo " -x) <DATADIR> - local storage for client auth_info" 24 echo "FLAGS:" 25 echo " -D) set FABRIC_CA_DEBUG='true'" 26 echo " -R) set RESET='true' - delete DB, server certs, client certs" 27 echo " -I) set INIT='true' - run fabric-ca server init" 28 echo " -S) set START='true' - start \$FABRIC_CA_INSTANCES number of servers" 29 echo " -X) set PROXY='true' - start haproxy for \$FABRIC_CA_INSTANCES of fabric-ca servers" 30 echo " -K) set KILL='true' - kill all running fabric-ca instances and haproxy" 31 echo " -L) list all running fabric-ca instances" 32 echo " -P) Enable profiling port on the server" 33 echo " ?|h) this help text" 34 echo "" 35 echo "Defaults: -d sqlite3 -n 1 -k ecdsa -l 256" 36 } 37 38 runPSQL() { 39 local cmd="$1" 40 local opts="$2" 41 local wrk_dir="$(pwd)" 42 cd /tmp 43 /usr/bin/psql "$opts" -U postgres -h localhost -c "$cmd" 44 local rc=$? 45 cd $wrk_dir 46 return $rc 47 } 48 49 resetFabricCa(){ 50 killAllFabricCas 51 rm -rf $DATADIR >/dev/null 52 test -f $(pwd)/${DBNAME}* && rm $(pwd)/${DBNAME}* 53 cd /tmp 54 55 # Base server and cluster servers 56 for i in "" $(seq ${CACOUNT:-0}); do 57 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 58 mysql --host=localhost --user=root --password=mysql -e 'show tables' ${DBNAME}${dbSuffix} >/dev/null 2>&1 59 mysql --host=localhost --user=root --password=mysql -e "DROP DATABASE IF EXISTS ${DBNAME}${dbSuffix}" >/dev/null 2>&1 60 /usr/bin/dropdb "${DBNAME}${dbSuffix}" -U postgres -h localhost -w --if-exists 2>/dev/null 61 done 62 } 63 64 listFabricCa(){ 65 echo "Listening servers;" 66 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 67 local inst=0 68 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 69 lsof -n -i tcp:$((port+$inst)) 70 inst=$((inst+1)) 71 done 72 73 # Base server and cluster servers 74 for i in "" $(seq ${CACOUNT:-0}); do 75 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 76 echo "" 77 echo " ======================================" 78 echo " ========> Dumping ${DBNAME}${dbSuffix} Database" 79 echo " ======================================" 80 case $DRIVER in 81 mysql) 82 echo "" 83 echo "Users:" 84 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM users;' ${DBNAME}${dbSuffix} 85 if $($FABRIC_CA_DEBUG); then 86 echo "Certificates:" 87 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM certificates;' ${DBNAME}${dbSuffix} 88 echo "Affiliations:" 89 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM affiliations;' ${DBNAME}${dbSuffix} 90 fi 91 ;; 92 postgres) 93 echo "" 94 runPSQL "\l ${DBNAME}${dbSuffix}" | sed 's/^/ /;1s/^ *//;1s/$/:/' 95 96 echo "Users:" 97 runPSQL "SELECT * FROM USERS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 98 if $($FABRIC_CA_DEBUG); then 99 echo "Certificates::" 100 runPSQL "SELECT * FROM CERTIFICATES;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 101 echo "Affiliations:" 102 runPSQL "SELECT * FROM AFFILIATIONS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 103 fi 104 ;; 105 sqlite3) test -z $i && DBDIR=$DATADIR || DBDIR="$DATADIR/ca/ca$i" 106 sqlite3 "$DBDIR/$DBNAME" 'SELECT * FROM USERS ;;' | sed 's/^/ /' 107 if $($FABRIC_CA_DEBUG); then 108 sqlite3 "$DATASRC" 'SELECT * FROM CERTIFICATES;' | sed 's/^/ /' 109 sqlite3 "$DATASRC" 'SELECT * FROM AFFILIATIONS;' | sed 's/^/ /' 110 fi 111 esac 112 done 113 } 114 115 function initFabricCa() { 116 test -f $FABRIC_CA_SERVEREXEC || ErrorExit "fabric-ca executable not found in src tree" 117 $FABRIC_CA_SERVEREXEC init -c $RUNCONFIG $PARENTURL $args 118 rc1=$? 119 if test $rc1 -eq 1; then 120 return $rc1 121 fi 122 echo "FABRIC_CA server initialized" 123 if $($FABRIC_CA_DEBUG); then 124 openssl x509 -in $DATADIR/$DST_CERT -noout -issuer -subject -serial \ 125 -dates -nameopt RFC2253| sed 's/^/ /' 126 openssl x509 -in $DATADIR/$DST_CERT -noout -text | 127 awk ' 128 /Subject Alternative Name:/ { 129 gsub(/^ */,"") 130 printf $0"= " 131 getline; gsub(/^ */,"") 132 print 133 }'| sed 's/^/ /' 134 openssl x509 -in $DATADIR/$DST_CERT -noout -pubkey | 135 openssl $KEYTYPE -pubin -noout -text 2>/dev/null| sed 's/Private/Public/' 136 openssl $KEYTYPE -in $DATADIR/$DST_KEY -text 2>/dev/null 137 fi 138 } 139 140 141 function startHaproxy() { 142 local inst=$1 143 local i=0 144 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 145 test -n "$proxypids" && kill $proxypids 146 local server_port=${USER_CA_PORT-$CA_DEFAULT_PORT} 147 case $TLS_ON in 148 "true") 149 haproxy -f <(echo "global 150 log 127.0.0.1 local2 151 daemon 152 defaults 153 log global 154 option dontlognull 155 maxconn 4096 156 timeout connect 30000 157 timeout client 300000 158 timeout server 300000 159 160 frontend haproxy 161 bind *:$PROXY_PORT 162 mode tcp 163 option tcplog 164 default_backend fabric-cas 165 166 backend fabric-cas 167 mode tcp 168 balance roundrobin"; 169 170 # For each requested instance passed to startHaproxy 171 # (which is determined by the -n option passed to the 172 # main script) create a backend server in haproxy config 173 # Each server binds to a unique port on INADDR_ANY 174 while test $((i)) -lt $inst; do 175 echo " server server$i localhost:$((server_port+$i))" 176 i=$((i+1)) 177 done 178 i=0 179 180 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT" ; then 181 echo " 182 frontend haproxy-profile 183 bind *:8889 184 mode http 185 option tcplog 186 default_backend fabric-ca-profile 187 188 backend fabric-ca-profile 189 mode http 190 http-request set-header X-Forwarded-Port %[dst_port] 191 balance roundrobin"; 192 while test $((i)) -lt $inst; do 193 echo " server server$i localhost:$((FABRIC_CA_SERVER_PROFILE_PORT+$i))" 194 i=$((i+1)) 195 done 196 i=0 197 fi 198 199 if test -n "$FABRIC_CA_INTERMEDIATE_SERVER_PORT" ; then 200 echo " 201 frontend haproxy-intcas 202 bind *:$INTERMEDIATE_PROXY_PORT 203 mode tcp 204 option tcplog 205 default_backend fabric-intcas 206 207 backend fabric-intcas 208 mode tcp 209 balance roundrobin"; 210 211 while test $((i)) -lt $inst; do 212 echo " server intserver$i localhost:$((INTERMEDIATE_CA_DEFAULT_PORT+$i))" 213 i=$((i+1)) 214 done 215 i=0 216 fi 217 ) 218 ;; 219 *) 220 haproxy -f <(echo "global 221 log 127.0.0.1 local2 222 daemon 223 defaults 224 log global 225 mode http 226 option httplog 227 option dontlognull 228 maxconn 4096 229 timeout connect 30000 230 timeout client 300000 231 timeout server 300000 232 option forwardfor 233 234 listen stats 235 bind *:10888 236 stats enable 237 stats uri / 238 stats enable 239 240 frontend haproxy 241 bind *:$PROXY_PORT 242 mode http 243 option tcplog 244 default_backend fabric-cas 245 246 backend fabric-cas 247 mode http 248 http-request set-header X-Forwarded-Port %[dst_port] 249 balance roundrobin"; 250 while test $((i)) -lt $inst; do 251 echo " server server$i localhost:$((server_port+$i))" 252 i=$((i+1)) 253 done 254 i=0 255 256 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT" ; then 257 echo " 258 frontend haproxy-profile 259 bind *:8889 260 mode http 261 option tcplog 262 default_backend fabric-ca-profile 263 264 backend fabric-ca-profile 265 mode http 266 http-request set-header X-Forwarded-Port %[dst_port] 267 balance roundrobin"; 268 while test $((i)) -lt $inst; do 269 echo " server server$i localhost:$((FABRIC_CA_SERVER_PROFILE_PORT+$i))" 270 i=$((i+1)) 271 done 272 i=0 273 fi 274 275 if test -n "$FABRIC_CA_INTERMEDIATE_SERVER_PORT" ; then 276 echo " 277 frontend haproxy-intcas 278 bind *:$INTERMEDIATE_PROXY_PORT 279 mode http 280 option tcplog 281 default_backend fabric-intcas 282 283 backend fabric-intcas 284 mode http 285 http-request set-header X-Forwarded-Port %[dst_port] 286 balance roundrobin"; 287 288 while test $((i)) -lt $inst; do 289 echo " server intserver$i localhost:$((INTERMEDIATE_CA_DEFAULT_PORT+$i))" 290 i=$((i+1)) 291 done 292 i=0 293 fi 294 ) 295 ;; 296 esac 297 } 298 299 function startFabricCa() { 300 local inst=$1 301 local start=$SECONDS 302 local timeout="$TIMEOUT" 303 local now=0 304 local server_addr=0.0.0.0 305 local polladdr=$server_addr 306 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 307 port=$((port+$inst)) 308 # if not explcitly set, use default 309 test -n "${port}" && local server_port="--port $port" || local server_port="" 310 test -n "${CACOUNT}" && local cacount="--cacount ${CACOUNT}" 311 312 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT" ; then 313 local profile_port=$((FABRIC_CA_SERVER_PROFILE_PORT+$inst)) 314 FABRIC_CA_SERVER_PROFILE_PORT=$profile_port $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 315 --ca.keyfile $DST_KEY --config $RUNCONFIG $PARENTURL 2>&1 & 316 else 317 # $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 318 # --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args > $DATADIR/server${port}.log 2>&1 & 319 $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 320 --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args 2>&1 & 321 fi 322 323 printf "FABRIC_CA server on $server_addr:$port " 324 test "$server_addr" = "0.0.0.0" && polladdr="127.0.0.1" 325 pollFabricCa "" "$server_addr" "$port" "" "$TIMEOUT" 326 if test "$?" -eq 0; then 327 echo " STARTED" 328 else 329 RC=$((RC+1)) 330 echo " FAILED" 331 fi 332 } 333 334 function killAllFabricCas() { 335 local fabric_capids=$(ps ax | awk '$5~/fabric-ca/ {print $1}') 336 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 337 test -n "$fabric_capids" && kill $fabric_capids 338 test -n "$proxypids" && kill $proxypids 339 } 340 341 while getopts "\?hRCISKXLDTAPNad:t:l:n:c:k:x:g:m:p:r:o:u:U:" option; do 342 case "$option" in 343 a) LDAP_ENABLE="true" ;; 344 o) TIMEOUT="$OPTARG" ;; 345 u) CACOUNT="$OPTARG" ;; 346 d) DRIVER="$OPTARG" ;; 347 r) USER_CA_PORT="$OPTARG" ;; 348 p) HTTP_PORT="$OPTARG" ;; 349 n) FABRIC_CA_INSTANCES="$OPTARG" ;; 350 t) KEYTYPE=$(tolower $OPTARG);; 351 l) KEYLEN="$OPTARG" ;; 352 c) SRC_CERT="$OPTARG";; 353 k) SRC_KEY="$OPTARG" ;; 354 x) CA_CFG_PATH="$OPTARG" ;; 355 m) MAXENROLL="$OPTARG" ;; 356 g) SERVERCONFIG="$OPTARG" ;; 357 U) PARENTURL="$OPTARG" ;; 358 D) export FABRIC_CA_DEBUG='true' ;; 359 A) AUTH="false" ;; 360 R) RESET="true" ;; 361 I) INIT="true" ;; 362 S) START="true" ;; 363 X) PROXY="true" ;; 364 K) KILL="true" ;; 365 L) LIST="true" ;; 366 T) TLS_ON="true" ;; 367 P) export FABRIC_CA_SERVER_PROFILE_PORT=$PROFILING_PORT ;; 368 N) export FABRIC_CA_INTERMEDIATE_SERVER_PORT=$INTERMEDIATE_CA_DEFAULT_PORT;; 369 \?|h) usage 370 exit 1 371 ;; 372 esac 373 done 374 375 shift $((OPTIND-1)) 376 args=$@ 377 : ${LDAP_ENABLE:="false"} 378 : ${TIMEOUT:=$DEFAULT_TIMEOUT} 379 : ${HTTP_PORT:="3755"} 380 : ${DBNAME:="fabric_ca"} 381 : ${MAXENROLL:="-1"} 382 : ${AUTH:="true"} 383 : ${DRIVER:="sqlite3"} 384 : ${FABRIC_CA_INSTANCES:=1} 385 : ${FABRIC_CA_DEBUG:="false"} 386 : ${LIST:="false"} 387 : ${RESET:="false"} 388 : ${INIT:="false"} 389 : ${START:="false"} 390 : ${PROXY:="false"} 391 : ${HTTP:="true"} 392 : ${KILL:="false"} 393 : ${KEYTYPE:="ecdsa"} 394 : ${KEYLEN:="256"} 395 : ${CACOUNT=""} 396 test $KEYTYPE = "rsa" && SSLKEYCMD=$KEYTYPE || SSLKEYCMD="ec" 397 test -n "$PARENTURL" && PARENTURL="-u $PARENTURL" 398 399 : ${CA_CFG_PATH:="/tmp/fabric-ca"} 400 : ${DATADIR:="$CA_CFG_PATH"} 401 export CA_CFG_PATH 402 403 # regarding tls: 404 # honor the command-line setting to turn on TLS 405 # else honor the envvar 406 # else (default) turn off tls 407 sslmode=disable 408 if test -n "$TLS_ON"; then 409 TLS_DISABLE='false'; LDAP_PORT=636; LDAP_PROTO="ldaps://";sslmode="require";mysqlTls='&tls=custom' 410 else 411 case "$FABRIC_TLS" in 412 true) TLS_DISABLE='false';TLS_ON='true'; LDAP_PORT=636; LDAP_PROTO="ldaps://";sslmode="require";mysqlTls='&tls=custom' ;; 413 false) TLS_DISABLE='true' ;TLS_ON='false' ;; 414 *) TLS_DISABLE='true' ;TLS_ON='false' ;; 415 esac 416 fi 417 418 test -d $DATADIR || mkdir -p $DATADIR 419 DST_KEY="fabric-ca-key.pem" 420 DST_CERT="fabric-ca-cert.pem" 421 test -n "$SRC_CERT" && cp "$SRC_CERT" $DATADIR/$DST_CERT 422 test -n "$SRC_KEY" && cp "$SRC_KEY" $DATADIR/$DST_KEY 423 RUNCONFIG="$DATADIR/$DEFAULT_RUN_CONFIG_FILE_NAME" 424 425 case $DRIVER in 426 postgres) DATASRC="dbname=$DBNAME host=127.0.0.1 port=$POSTGRES_PORT user=postgres password=postgres sslmode=$sslmode" ;; 427 sqlite3) DATASRC="$DBNAME" ;; 428 mysql) DATASRC="root:mysql@tcp(localhost:$MYSQL_PORT)/$DBNAME?parseTime=true$mysqlTls" ;; 429 esac 430 431 $($LIST) && listFabricCa 432 $($RESET) && resetFabricCa 433 $($KILL) && killAllFabricCas 434 $($PROXY) && startHaproxy $FABRIC_CA_INSTANCES 435 436 $( $INIT -o $START ) && genRunconfig "$RUNCONFIG" "$DRIVER" "$DATASRC" "$DST_CERT" "$DST_KEY" "$MAXENROLL" 437 test -n "$SERVERCONFIG" && cp "$SERVERCONFIG" "$RUNCONFIG" 438 439 if $($INIT); then 440 initFabricCa 441 rc2=$? 442 if test $rc2 -eq 1; then 443 exit $rc2 444 fi 445 fi 446 447 if $($START); then 448 inst=0 449 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 450 startFabricCa $inst 451 inst=$((inst+1)) 452 done 453 fi 454 exit $RC