github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/scripts/fvt/fabric-ca_setup.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 . $SCRIPTDIR/fabric-ca_utils 11 GO_VER="1.7.1" 12 ARCH="amd64" 13 RC=0 14 15 function usage() { 16 echo "ARGS:" 17 echo " -d) <DRIVER> - [sqlite3|mysql|postgres]" 18 echo " -n) <FABRIC_CA_INSTANCES> - number of servers to start" 19 echo " -t) <KEYTYPE> - rsa|ecdsa" 20 echo " -l) <KEYLEN> - ecdsa: 256|384|521; rsa 2048|3072|4096" 21 echo " -c) <SRC_CERT> - pre-existing server cert" 22 echo " -k) <SRC_KEY> - pre-existing server key" 23 echo " -x) <DATADIR> - local storage for client auth_info" 24 echo "FLAGS:" 25 echo " -D) set FABRIC_CA_DEBUG='true'" 26 echo " -R) set RESET='true' - delete DB, server certs, client certs" 27 echo " -I) set INIT='true' - run fabric-ca server init" 28 echo " -S) set START='true' - start \$FABRIC_CA_INSTANCES number of servers" 29 echo " -X) set PROXY='true' - start haproxy for \$FABRIC_CA_INSTANCES of fabric-ca servers" 30 echo " -K) set KILL='true' - kill all running fabric-ca instances and haproxy" 31 echo " -L) list all running fabric-ca instances" 32 echo " -P) Enable profiling port on the server" 33 echo " ?|h) this help text" 34 echo "" 35 echo "Defaults: -d sqlite3 -n 1 -k ecdsa -l 256" 36 } 37 38 runPSQL() { 39 local cmd="$1" 40 local opts="$2" 41 local wrk_dir="$(pwd)" 42 cd /tmp 43 /usr/bin/psql "$opts" -U postgres -h localhost -c "$cmd" 44 local rc=$? 45 cd $wrk_dir 46 return $rc 47 } 48 49 resetFabricCa() { 50 killAllFabricCas 51 rm -rf $DATADIR >/dev/null 52 test -f $(pwd)/${DBNAME}* && rm $(pwd)/${DBNAME}* 53 cd /tmp 54 55 # Base server and cluster servers 56 for i in "" $(seq ${CACOUNT:-0}); do 57 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 58 mysql --host=localhost --user=root --password=mysql -e 'show tables' ${DBNAME}${dbSuffix} >/dev/null 2>&1 59 mysql --host=localhost --user=root --password=mysql -e "DROP DATABASE IF EXISTS ${DBNAME}${dbSuffix}" >/dev/null 2>&1 60 /usr/bin/dropdb "${DBNAME}${dbSuffix}" -U postgres -h localhost -w --if-exists 2>/dev/null 61 done 62 } 63 64 listFabricCa() { 65 echo "Listening servers;" 66 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 67 local inst=0 68 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 69 lsof -n -i tcp:$((port + $inst)) 70 inst=$((inst + 1)) 71 done 72 73 # Base server and cluster servers 74 for i in "" $(seq ${CACOUNT:-0}); do 75 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 76 echo "" 77 echo " ======================================" 78 echo " ========> Dumping ${DBNAME}${dbSuffix} Database" 79 echo " ======================================" 80 case $DRIVER in 81 mysql) 82 echo "" 83 echo "Users:" 84 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM users;' ${DBNAME}${dbSuffix} 85 if $($FABRIC_CA_DEBUG); then 86 echo "Certificates:" 87 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM certificates;' ${DBNAME}${dbSuffix} 88 echo "Affiliations:" 89 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM affiliations;' ${DBNAME}${dbSuffix} 90 fi 91 ;; 92 postgres) 93 echo "" 94 runPSQL "\l ${DBNAME}${dbSuffix}" | sed 's/^/ /;1s/^ *//;1s/$/:/' 95 96 echo "Users:" 97 runPSQL "SELECT * FROM USERS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 98 if $($FABRIC_CA_DEBUG); then 99 echo "Certificates::" 100 runPSQL "SELECT * FROM CERTIFICATES;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 101 echo "Affiliations:" 102 runPSQL "SELECT * FROM AFFILIATIONS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 103 fi 104 ;; 105 sqlite3) 106 test -z $i && DBDIR=$DATADIR || DBDIR="$DATADIR/ca/ca$i" 107 sqlite3 "$DBDIR/$DBNAME" 'SELECT * FROM USERS ;;' | sed 's/^/ /' 108 if $($FABRIC_CA_DEBUG); then 109 sqlite3 "$DATASRC" 'SELECT * FROM CERTIFICATES;' | sed 's/^/ /' 110 sqlite3 "$DATASRC" 'SELECT * FROM AFFILIATIONS;' | sed 's/^/ /' 111 fi 112 ;; 113 esac 114 done 115 } 116 117 function initFabricCa() { 118 test -f $FABRIC_CA_SERVEREXEC || ErrorExit "fabric-ca executable not found in src tree" 119 $FABRIC_CA_SERVEREXEC init -c $RUNCONFIG $PARENTURL $args 120 rc1=$? 121 if test $rc1 -eq 1; then 122 return $rc1 123 fi 124 echo "FABRIC_CA server initialized" 125 } 126 127 function startHaproxy() { 128 local inst=$1 129 local i=0 130 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 131 test -n "$proxypids" && kill $proxypids 132 local server_port=${USER_CA_PORT-$CA_DEFAULT_PORT} 133 haproxy -f <( 134 echo "global 135 log 127.0.0.1 local2 136 daemon 137 defaults 138 log global 139 option dontlognull 140 maxconn 4096 141 timeout connect 30000 142 timeout client 300000 143 timeout server 300000 144 145 frontend haproxy 146 bind *:$PROXY_PORT 147 mode tcp 148 option tcplog 149 default_backend fabric-cas 150 151 backend fabric-cas 152 mode tcp 153 balance roundrobin" 154 155 # For each requested instance passed to startHaproxy 156 # (which is determined by the -n option passed to the 157 # main script) create a backend server in haproxy config 158 # Each server binds to a unique port on INADDR_ANY 159 while test $((i)) -lt $inst; do 160 echo " server server$i localhost:$((server_port + $i))" 161 i=$((i + 1)) 162 done 163 i=0 164 165 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT"; then 166 echo " 167 frontend haproxy-profile 168 bind *:8889 169 mode http 170 option tcplog 171 default_backend fabric-ca-profile 172 173 backend fabric-ca-profile 174 mode http 175 http-request set-header X-Forwarded-Port %[dst_port] 176 balance roundrobin" 177 while test $((i)) -lt $inst; do 178 echo " server server$i localhost:$((FABRIC_CA_SERVER_PROFILE_PORT + $i))" 179 i=$((i + 1)) 180 done 181 i=0 182 fi 183 184 if test -n "$FABRIC_CA_INTERMEDIATE_SERVER_PORT"; then 185 echo " 186 frontend haproxy-intcas 187 bind *:$INTERMEDIATE_PROXY_PORT 188 mode tcp 189 option tcplog 190 default_backend fabric-intcas 191 192 backend fabric-intcas 193 mode tcp 194 balance roundrobin" 195 196 while test $((i)) -lt $inst; do 197 echo " server intserver$i localhost:$((INTERMEDIATE_CA_DEFAULT_PORT + $i))" 198 i=$((i + 1)) 199 done 200 i=0 201 fi 202 ) 203 204 } 205 206 function startFabricCa() { 207 local inst=$1 208 local start=$SECONDS 209 local timeout="$TIMEOUT" 210 local now=0 211 local server_addr=0.0.0.0 212 local polladdr=$server_addr 213 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 214 port=$((port + $inst)) 215 # if not explcitly set, use default 216 test -n "${port}" && local server_port="--port $port" || local server_port="" 217 test -n "${CACOUNT}" && local cacount="--cacount ${CACOUNT}" 218 219 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT"; then 220 local profile_port=$((FABRIC_CA_SERVER_PROFILE_PORT + $inst)) 221 FABRIC_CA_SERVER_PROFILE_PORT=$profile_port $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 222 --ca.keyfile $DST_KEY --config $RUNCONFIG $PARENTURL 2>&1 & 223 else 224 # $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 225 # --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args > $DATADIR/server${port}.log 2>&1 & 226 $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 227 --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args 2>&1 & 228 fi 229 230 printf "FABRIC_CA server on $server_addr:$port " 231 test "$server_addr" = "0.0.0.0" && polladdr="127.0.0.1" 232 pollFabricCa "" "$server_addr" "$port" "" "$TIMEOUT" 233 if test "$?" -eq 0; then 234 echo " STARTED" 235 else 236 RC=$((RC + 1)) 237 echo " FAILED" 238 fi 239 } 240 241 function killAllFabricCas() { 242 local fabric_capids=$(ps ax | awk '$5~/fabric-ca/ {print $1}') 243 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 244 test -n "$fabric_capids" && kill $fabric_capids 245 test -n "$proxypids" && kill $proxypids 246 } 247 248 while getopts "\?hRCISKXLDTAPNad:t:l:n:c:k:x:g:m:p:r:o:u:U:" option; do 249 case "$option" in 250 a) LDAP_ENABLE="true" ;; 251 o) TIMEOUT="$OPTARG" ;; 252 u) CACOUNT="$OPTARG" ;; 253 d) DRIVER="$OPTARG" ;; 254 r) USER_CA_PORT="$OPTARG" ;; 255 p) HTTP_PORT="$OPTARG" ;; 256 n) FABRIC_CA_INSTANCES="$OPTARG" ;; 257 t) KEYTYPE=$(tolower $OPTARG) ;; 258 l) KEYLEN="$OPTARG" ;; 259 c) SRC_CERT="$OPTARG" ;; 260 k) SRC_KEY="$OPTARG" ;; 261 x) CA_CFG_PATH="$OPTARG" ;; 262 m) MAXENROLL="$OPTARG" ;; 263 g) SERVERCONFIG="$OPTARG" ;; 264 U) PARENTURL="$OPTARG" ;; 265 D) export FABRIC_CA_DEBUG='true' ;; 266 A) AUTH="false" ;; 267 R) RESET="true" ;; 268 I) INIT="true" ;; 269 S) START="true" ;; 270 X) PROXY="true" ;; 271 K) KILL="true" ;; 272 L) LIST="true" ;; 273 P) export FABRIC_CA_SERVER_PROFILE_PORT=$PROFILING_PORT ;; 274 N) export FABRIC_CA_INTERMEDIATE_SERVER_PORT=$INTERMEDIATE_CA_DEFAULT_PORT ;; 275 \? | h) 276 usage 277 exit 1 278 ;; 279 esac 280 done 281 282 shift $((OPTIND - 1)) 283 args=$@ 284 : ${LDAP_ENABLE:="false"} 285 : ${TIMEOUT:=$DEFAULT_TIMEOUT} 286 : ${HTTP_PORT:="3755"} 287 : ${DBNAME:="fabric_ca"} 288 : ${MAXENROLL:="-1"} 289 : ${AUTH:="true"} 290 : ${DRIVER:="sqlite3"} 291 : ${FABRIC_CA_INSTANCES:=1} 292 : ${FABRIC_CA_DEBUG:="false"} 293 : ${LIST:="false"} 294 : ${RESET:="false"} 295 : ${INIT:="false"} 296 : ${START:="false"} 297 : ${PROXY:="false"} 298 : ${HTTP:="true"} 299 : ${KILL:="false"} 300 : ${KEYTYPE:="ecdsa"} 301 : ${KEYLEN:="256"} 302 : ${CACOUNT=""} 303 test $KEYTYPE = "rsa" && SSLKEYCMD=$KEYTYPE || SSLKEYCMD="ec" 304 test -n "$PARENTURL" && PARENTURL="-u $PARENTURL" 305 306 : ${CA_CFG_PATH:="/tmp/fabric-ca"} 307 : ${DATADIR:="$CA_CFG_PATH"} 308 export CA_CFG_PATH 309 310 test -d $DATADIR || mkdir -p $DATADIR 311 DST_KEY="fabric-ca-key.pem" 312 DST_CERT="fabric-ca-cert.pem" 313 test -n "$SRC_CERT" && cp "$SRC_CERT" $DATADIR/$DST_CERT 314 test -n "$SRC_KEY" && cp "$SRC_KEY" $DATADIR/$DST_KEY 315 RUNCONFIG="$DATADIR/$DEFAULT_RUN_CONFIG_FILE_NAME" 316 317 case $DRIVER in 318 postgres) DATASRC="dbname=$DBNAME host=127.0.0.1 port=$POSTGRES_PORT user=postgres password=postgres" ;; 319 sqlite3) DATASRC="$DBNAME" ;; 320 mysql) DATASRC="root:mysql@tcp(localhost:$MYSQL_PORT)/$DBNAME?parseTime=true" ;; 321 esac 322 323 $($LIST) && listFabricCa 324 $($RESET) && resetFabricCa 325 $($KILL) && killAllFabricCas 326 $($PROXY) && startHaproxy $FABRIC_CA_INSTANCES 327 328 $($INIT -o $START) && genRunconfig "$RUNCONFIG" "$DRIVER" "$DATASRC" "$DST_CERT" "$DST_KEY" "$MAXENROLL" 329 test -n "$SERVERCONFIG" && cp "$SERVERCONFIG" "$RUNCONFIG" 330 331 if $($INIT); then 332 initFabricCa 333 rc2=$? 334 if test $rc2 -eq 1; then 335 exit $rc2 336 fi 337 fi 338 339 if $($START); then 340 inst=0 341 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 342 startFabricCa $inst 343 inst=$((inst + 1)) 344 done 345 fi 346 exit $RC