github.com/hyperledger/fabric-ca@v2.0.0-alpha.0.20201120210307-7b4f34729db1+incompatible/scripts/fvt/fabric-ca_setup.sh (about)

     1  #!/bin/bash
     2  #
     3  # Copyright IBM Corp. All Rights Reserved.
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca"
     9  SCRIPTDIR="$FABRIC_CA/scripts/fvt"
    10  . $SCRIPTDIR/fabric-ca_utils
    11  RC=0
    12  
    13  function usage() {
    14    echo "ARGS:"
    15    echo "  -d)   <DRIVER> - [sqlite3|mysql|postgres]"
    16    echo "  -n)   <FABRIC_CA_INSTANCES> - number of servers to start"
    17    echo "  -t)   <KEYTYPE> - rsa|ecdsa"
    18    echo "  -l)   <KEYLEN> - ecdsa: 256|384|521; rsa 2048|3072|4096"
    19    echo "  -c)   <SRC_CERT> - pre-existing server cert"
    20    echo "  -k)   <SRC_KEY> - pre-existing server key"
    21    echo "  -x)   <DATADIR> - local storage for client auth_info"
    22    echo "FLAGS:"
    23    echo "  -D)   set FABRIC_CA_DEBUG='true'"
    24    echo "  -R)   set RESET='true' - delete DB, server certs, client certs"
    25    echo "  -I)   set INIT='true'  - run fabric-ca server init"
    26    echo "  -S)   set START='true' - start \$FABRIC_CA_INSTANCES number of servers"
    27    echo "  -X)   set PROXY='true' - start haproxy for \$FABRIC_CA_INSTANCES of fabric-ca servers"
    28    echo "  -K)   set KILL='true'  - kill all running fabric-ca instances and haproxy"
    29    echo "  -L)   list all running fabric-ca instances"
    30    echo "  -P)   Enable profiling port on the server"
    31    echo " ?|h)  this help text"
    32    echo ""
    33    echo "Defaults: -d sqlite3 -n 1 -k ecdsa -l 256"
    34  }
    35  
    36  runPSQL() {
    37    local cmd="$1"
    38    local opts="$2"
    39    local wrk_dir="$(pwd)"
    40    cd /tmp
    41    /usr/bin/psql "$opts" -U postgres -h localhost -c "$cmd"
    42    local rc=$?
    43    cd $wrk_dir
    44    return $rc
    45  }
    46  
    47  resetFabricCa() {
    48    killAllFabricCas
    49    rm -rf $DATADIR >/dev/null
    50    test -f $(pwd)/${DBNAME}* && rm $(pwd)/${DBNAME}*
    51    cd /tmp
    52  
    53    # Base server and cluster servers
    54    for i in "" $(seq ${CACOUNT:-0}); do
    55      test -z $i && dbSuffix="" || dbSuffix="_ca$i"
    56      mysql --host=localhost --user=root --password=mysql -e 'show tables' ${DBNAME}${dbSuffix} >/dev/null 2>&1
    57      mysql --host=localhost --user=root --password=mysql -e "DROP DATABASE IF EXISTS ${DBNAME}${dbSuffix}" >/dev/null 2>&1
    58      /usr/bin/dropdb "${DBNAME}${dbSuffix}" -U postgres -h localhost -w --if-exists 2>/dev/null
    59    done
    60  }
    61  
    62  listFabricCa() {
    63    echo "Listening servers;"
    64    local port=${USER_CA_PORT-$CA_DEFAULT_PORT}
    65    local inst=0
    66    while test $((inst)) -lt $FABRIC_CA_INSTANCES; do
    67      lsof -n -i tcp:$((port + $inst))
    68      inst=$((inst + 1))
    69    done
    70  
    71    # Base server and cluster servers
    72    for i in "" $(seq ${CACOUNT:-0}); do
    73      test -z $i && dbSuffix="" || dbSuffix="_ca$i"
    74      echo ""
    75      echo " ======================================"
    76      echo " ========> Dumping ${DBNAME}${dbSuffix} Database"
    77      echo " ======================================"
    78      case $DRIVER in
    79      mysql)
    80        echo ""
    81        echo "Users:"
    82        mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM users;' ${DBNAME}${dbSuffix}
    83        if $($FABRIC_CA_DEBUG); then
    84          echo "Certificates:"
    85          mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM certificates;' ${DBNAME}${dbSuffix}
    86          echo "Affiliations:"
    87          mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM affiliations;' ${DBNAME}${dbSuffix}
    88        fi
    89        ;;
    90      postgres)
    91        echo ""
    92        runPSQL "\l ${DBNAME}${dbSuffix}" | sed 's/^/   /;1s/^ *//;1s/$/:/'
    93  
    94        echo "Users:"
    95        runPSQL "SELECT * FROM USERS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/   /'
    96        if $($FABRIC_CA_DEBUG); then
    97          echo "Certificates::"
    98          runPSQL "SELECT * FROM CERTIFICATES;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/   /'
    99          echo "Affiliations:"
   100          runPSQL "SELECT * FROM AFFILIATIONS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/   /'
   101        fi
   102        ;;
   103      sqlite3)
   104        test -z $i && DBDIR=$DATADIR || DBDIR="$DATADIR/ca/ca$i"
   105        sqlite3 "$DBDIR/$DBNAME" 'SELECT * FROM USERS ;;' | sed 's/^/   /'
   106        if $($FABRIC_CA_DEBUG); then
   107          sqlite3 "$DATASRC" 'SELECT * FROM CERTIFICATES;' | sed 's/^/   /'
   108          sqlite3 "$DATASRC" 'SELECT * FROM AFFILIATIONS;' | sed 's/^/   /'
   109        fi
   110        ;;
   111      esac
   112    done
   113  }
   114  
   115  function initFabricCa() {
   116    test -f $FABRIC_CA_SERVEREXEC || ErrorExit "fabric-ca executable not found in src tree"
   117    $FABRIC_CA_SERVEREXEC init -c $RUNCONFIG $PARENTURL $args
   118    rc1=$?
   119    if test $rc1 -eq 1; then
   120      return $rc1
   121    fi
   122    echo "FABRIC_CA server initialized"
   123  }
   124  
   125  function startHaproxy() {
   126    local inst=$1
   127    local i=0
   128    local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}')
   129    test -n "$proxypids" && kill $proxypids
   130    local server_port=${USER_CA_PORT-$CA_DEFAULT_PORT}
   131    haproxy -f <(
   132      echo "global
   133        log 127.0.0.1 local2
   134        daemon
   135  defaults
   136        log     global
   137        option  dontlognull
   138        maxconn 4096
   139        timeout connect 30000
   140        timeout client 300000
   141        timeout server 300000
   142  
   143  frontend haproxy
   144        bind *:$PROXY_PORT
   145        mode tcp
   146        option tcplog
   147        default_backend fabric-cas
   148  
   149  backend fabric-cas
   150     mode tcp
   151     balance roundrobin"
   152  
   153      # For each requested instance passed to startHaproxy
   154      # (which is determined by the -n option passed to the
   155      # main script) create a backend server in haproxy config
   156      # Each server binds to a unique port on INADDR_ANY
   157      while test $((i)) -lt $inst; do
   158        echo "      server server$i  localhost:$((server_port + $i))"
   159        i=$((i + 1))
   160      done
   161      i=0
   162  
   163      if test -n "$FABRIC_CA_SERVER_PROFILE_PORT"; then
   164        echo "
   165  frontend haproxy-profile
   166        bind *:8889
   167        mode http
   168        option tcplog
   169        default_backend fabric-ca-profile
   170  
   171  backend fabric-ca-profile
   172        mode http
   173        http-request set-header X-Forwarded-Port %[dst_port]
   174        balance roundrobin"
   175        while test $((i)) -lt $inst; do
   176          echo "      server server$i  localhost:$((FABRIC_CA_SERVER_PROFILE_PORT + $i))"
   177          i=$((i + 1))
   178        done
   179        i=0
   180      fi
   181  
   182      if test -n "$FABRIC_CA_INTERMEDIATE_SERVER_PORT"; then
   183        echo "
   184  frontend haproxy-intcas
   185        bind *:$INTERMEDIATE_PROXY_PORT
   186        mode tcp
   187        option tcplog
   188        default_backend fabric-intcas
   189  
   190  backend fabric-intcas
   191     mode tcp
   192     balance roundrobin"
   193  
   194        while test $((i)) -lt $inst; do
   195          echo "      server intserver$i  localhost:$((INTERMEDIATE_CA_DEFAULT_PORT + $i))"
   196          i=$((i + 1))
   197        done
   198        i=0
   199      fi
   200    )
   201  
   202  }
   203  
   204  function startFabricCa() {
   205    local inst=$1
   206    local start=$SECONDS
   207    local timeout="$TIMEOUT"
   208    local now=0
   209    local server_addr=0.0.0.0
   210    local polladdr=$server_addr
   211    local port=${USER_CA_PORT-$CA_DEFAULT_PORT}
   212    port=$((port + $inst))
   213    # if not explcitly set, use default
   214    test -n "${port}" && local server_port="--port $port" || local server_port=""
   215    test -n "${CACOUNT}" && local cacount="--cacount ${CACOUNT}"
   216  
   217    if test -n "$FABRIC_CA_SERVER_PROFILE_PORT"; then
   218      local profile_port=$((FABRIC_CA_SERVER_PROFILE_PORT + $inst))
   219      FABRIC_CA_SERVER_PROFILE_PORT=$profile_port $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \
   220        --ca.keyfile $DST_KEY --config $RUNCONFIG $PARENTURL 2>&1 &
   221    else
   222      #      $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \
   223      #                     --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args > $DATADIR/server${port}.log 2>&1 &
   224      $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \
   225        --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args 2>&1 &
   226    fi
   227  
   228    printf "FABRIC_CA server on $server_addr:$port "
   229    test "$server_addr" = "0.0.0.0" && polladdr="127.0.0.1"
   230    pollFabricCa "" "$server_addr" "$port" "" "$TIMEOUT"
   231    if test "$?" -eq 0; then
   232      echo " STARTED"
   233    else
   234      RC=$((RC + 1))
   235      echo " FAILED"
   236    fi
   237  }
   238  
   239  function killAllFabricCas() {
   240    local fabric_capids=$(ps ax | awk '$5~/fabric-ca/ {print $1}')
   241    local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}')
   242    test -n "$fabric_capids" && kill $fabric_capids
   243    test -n "$proxypids" && kill $proxypids
   244  }
   245  
   246  while getopts "\?hRCISKXLDTAPNad:t:l:n:c:k:x:g:m:p:r:o:u:U:" option; do
   247    case "$option" in
   248    a) LDAP_ENABLE="true" ;;
   249    o) TIMEOUT="$OPTARG" ;;
   250    u) CACOUNT="$OPTARG" ;;
   251    d) DRIVER="$OPTARG" ;;
   252    r) USER_CA_PORT="$OPTARG" ;;
   253    p) HTTP_PORT="$OPTARG" ;;
   254    n) FABRIC_CA_INSTANCES="$OPTARG" ;;
   255    t) KEYTYPE=$(tolower $OPTARG) ;;
   256    l) KEYLEN="$OPTARG" ;;
   257    c) SRC_CERT="$OPTARG" ;;
   258    k) SRC_KEY="$OPTARG" ;;
   259    x) CA_CFG_PATH="$OPTARG" ;;
   260    m) MAXENROLL="$OPTARG" ;;
   261    g) SERVERCONFIG="$OPTARG" ;;
   262    U) PARENTURL="$OPTARG" ;;
   263    D) export FABRIC_CA_DEBUG='true' ;;
   264    A) AUTH="false" ;;
   265    R) RESET="true" ;;
   266    I) INIT="true" ;;
   267    S) START="true" ;;
   268    X) PROXY="true" ;;
   269    K) KILL="true" ;;
   270    L) LIST="true" ;;
   271    P) export FABRIC_CA_SERVER_PROFILE_PORT=$PROFILING_PORT ;;
   272    N) export FABRIC_CA_INTERMEDIATE_SERVER_PORT=$INTERMEDIATE_CA_DEFAULT_PORT ;;
   273    \? | h)
   274      usage
   275      exit 1
   276      ;;
   277    esac
   278  done
   279  
   280  shift $((OPTIND - 1))
   281  args=$@
   282  : ${LDAP_ENABLE:="false"}
   283  : ${TIMEOUT:=$DEFAULT_TIMEOUT}
   284  : ${HTTP_PORT:="3755"}
   285  : ${DBNAME:="fabric_ca"}
   286  : ${MAXENROLL:="-1"}
   287  : ${AUTH:="true"}
   288  : ${DRIVER:="sqlite3"}
   289  : ${FABRIC_CA_INSTANCES:=1}
   290  : ${FABRIC_CA_DEBUG:="false"}
   291  : ${LIST:="false"}
   292  : ${RESET:="false"}
   293  : ${INIT:="false"}
   294  : ${START:="false"}
   295  : ${PROXY:="false"}
   296  : ${HTTP:="true"}
   297  : ${KILL:="false"}
   298  : ${KEYTYPE:="ecdsa"}
   299  : ${KEYLEN:="256"}
   300  : ${CACOUNT=""}
   301  test $KEYTYPE = "rsa" && SSLKEYCMD=$KEYTYPE || SSLKEYCMD="ec"
   302  test -n "$PARENTURL" && PARENTURL="-u $PARENTURL"
   303  
   304  : ${CA_CFG_PATH:="/tmp/fabric-ca"}
   305  : ${DATADIR:="$CA_CFG_PATH"}
   306  export CA_CFG_PATH
   307  
   308  test -d $DATADIR || mkdir -p $DATADIR
   309  DST_KEY="fabric-ca-key.pem"
   310  DST_CERT="fabric-ca-cert.pem"
   311  test -n "$SRC_CERT" && cp "$SRC_CERT" $DATADIR/$DST_CERT
   312  test -n "$SRC_KEY" && cp "$SRC_KEY" $DATADIR/$DST_KEY
   313  RUNCONFIG="$DATADIR/$DEFAULT_RUN_CONFIG_FILE_NAME"
   314  
   315  case $DRIVER in
   316  postgres) DATASRC="dbname=$DBNAME host=127.0.0.1 port=$POSTGRES_PORT user=postgres password=postgres" ;;
   317  sqlite3) DATASRC="$DBNAME" ;;
   318  mysql) DATASRC="root:mysql@tcp(localhost:$MYSQL_PORT)/$DBNAME?parseTime=true" ;;
   319  esac
   320  
   321  $($LIST) && listFabricCa
   322  $($RESET) && resetFabricCa
   323  $($KILL) && killAllFabricCas
   324  $($PROXY) && startHaproxy $FABRIC_CA_INSTANCES
   325  
   326  $($INIT -o $START) && genRunconfig "$RUNCONFIG" "$DRIVER" "$DATASRC" "$DST_CERT" "$DST_KEY" "$MAXENROLL"
   327  test -n "$SERVERCONFIG" && cp "$SERVERCONFIG" "$RUNCONFIG"
   328  
   329  if $($INIT); then
   330    initFabricCa
   331    rc2=$?
   332    if test $rc2 -eq 1; then
   333      exit $rc2
   334    fi
   335  fi
   336  
   337  if $($START); then
   338    inst=0
   339    while test $((inst)) -lt $FABRIC_CA_INSTANCES; do
   340      startFabricCa $inst
   341      inst=$((inst + 1))
   342    done
   343  fi
   344  exit $RC