github.com/hyperledger/fabric-ca@v2.0.0-alpha.0.20201120210307-7b4f34729db1+incompatible/scripts/fvt/fabric-ca_setup.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 . $SCRIPTDIR/fabric-ca_utils 11 RC=0 12 13 function usage() { 14 echo "ARGS:" 15 echo " -d) <DRIVER> - [sqlite3|mysql|postgres]" 16 echo " -n) <FABRIC_CA_INSTANCES> - number of servers to start" 17 echo " -t) <KEYTYPE> - rsa|ecdsa" 18 echo " -l) <KEYLEN> - ecdsa: 256|384|521; rsa 2048|3072|4096" 19 echo " -c) <SRC_CERT> - pre-existing server cert" 20 echo " -k) <SRC_KEY> - pre-existing server key" 21 echo " -x) <DATADIR> - local storage for client auth_info" 22 echo "FLAGS:" 23 echo " -D) set FABRIC_CA_DEBUG='true'" 24 echo " -R) set RESET='true' - delete DB, server certs, client certs" 25 echo " -I) set INIT='true' - run fabric-ca server init" 26 echo " -S) set START='true' - start \$FABRIC_CA_INSTANCES number of servers" 27 echo " -X) set PROXY='true' - start haproxy for \$FABRIC_CA_INSTANCES of fabric-ca servers" 28 echo " -K) set KILL='true' - kill all running fabric-ca instances and haproxy" 29 echo " -L) list all running fabric-ca instances" 30 echo " -P) Enable profiling port on the server" 31 echo " ?|h) this help text" 32 echo "" 33 echo "Defaults: -d sqlite3 -n 1 -k ecdsa -l 256" 34 } 35 36 runPSQL() { 37 local cmd="$1" 38 local opts="$2" 39 local wrk_dir="$(pwd)" 40 cd /tmp 41 /usr/bin/psql "$opts" -U postgres -h localhost -c "$cmd" 42 local rc=$? 43 cd $wrk_dir 44 return $rc 45 } 46 47 resetFabricCa() { 48 killAllFabricCas 49 rm -rf $DATADIR >/dev/null 50 test -f $(pwd)/${DBNAME}* && rm $(pwd)/${DBNAME}* 51 cd /tmp 52 53 # Base server and cluster servers 54 for i in "" $(seq ${CACOUNT:-0}); do 55 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 56 mysql --host=localhost --user=root --password=mysql -e 'show tables' ${DBNAME}${dbSuffix} >/dev/null 2>&1 57 mysql --host=localhost --user=root --password=mysql -e "DROP DATABASE IF EXISTS ${DBNAME}${dbSuffix}" >/dev/null 2>&1 58 /usr/bin/dropdb "${DBNAME}${dbSuffix}" -U postgres -h localhost -w --if-exists 2>/dev/null 59 done 60 } 61 62 listFabricCa() { 63 echo "Listening servers;" 64 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 65 local inst=0 66 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 67 lsof -n -i tcp:$((port + $inst)) 68 inst=$((inst + 1)) 69 done 70 71 # Base server and cluster servers 72 for i in "" $(seq ${CACOUNT:-0}); do 73 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 74 echo "" 75 echo " ======================================" 76 echo " ========> Dumping ${DBNAME}${dbSuffix} Database" 77 echo " ======================================" 78 case $DRIVER in 79 mysql) 80 echo "" 81 echo "Users:" 82 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM users;' ${DBNAME}${dbSuffix} 83 if $($FABRIC_CA_DEBUG); then 84 echo "Certificates:" 85 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM certificates;' ${DBNAME}${dbSuffix} 86 echo "Affiliations:" 87 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM affiliations;' ${DBNAME}${dbSuffix} 88 fi 89 ;; 90 postgres) 91 echo "" 92 runPSQL "\l ${DBNAME}${dbSuffix}" | sed 's/^/ /;1s/^ *//;1s/$/:/' 93 94 echo "Users:" 95 runPSQL "SELECT * FROM USERS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 96 if $($FABRIC_CA_DEBUG); then 97 echo "Certificates::" 98 runPSQL "SELECT * FROM CERTIFICATES;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 99 echo "Affiliations:" 100 runPSQL "SELECT * FROM AFFILIATIONS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 101 fi 102 ;; 103 sqlite3) 104 test -z $i && DBDIR=$DATADIR || DBDIR="$DATADIR/ca/ca$i" 105 sqlite3 "$DBDIR/$DBNAME" 'SELECT * FROM USERS ;;' | sed 's/^/ /' 106 if $($FABRIC_CA_DEBUG); then 107 sqlite3 "$DATASRC" 'SELECT * FROM CERTIFICATES;' | sed 's/^/ /' 108 sqlite3 "$DATASRC" 'SELECT * FROM AFFILIATIONS;' | sed 's/^/ /' 109 fi 110 ;; 111 esac 112 done 113 } 114 115 function initFabricCa() { 116 test -f $FABRIC_CA_SERVEREXEC || ErrorExit "fabric-ca executable not found in src tree" 117 $FABRIC_CA_SERVEREXEC init -c $RUNCONFIG $PARENTURL $args 118 rc1=$? 119 if test $rc1 -eq 1; then 120 return $rc1 121 fi 122 echo "FABRIC_CA server initialized" 123 } 124 125 function startHaproxy() { 126 local inst=$1 127 local i=0 128 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 129 test -n "$proxypids" && kill $proxypids 130 local server_port=${USER_CA_PORT-$CA_DEFAULT_PORT} 131 haproxy -f <( 132 echo "global 133 log 127.0.0.1 local2 134 daemon 135 defaults 136 log global 137 option dontlognull 138 maxconn 4096 139 timeout connect 30000 140 timeout client 300000 141 timeout server 300000 142 143 frontend haproxy 144 bind *:$PROXY_PORT 145 mode tcp 146 option tcplog 147 default_backend fabric-cas 148 149 backend fabric-cas 150 mode tcp 151 balance roundrobin" 152 153 # For each requested instance passed to startHaproxy 154 # (which is determined by the -n option passed to the 155 # main script) create a backend server in haproxy config 156 # Each server binds to a unique port on INADDR_ANY 157 while test $((i)) -lt $inst; do 158 echo " server server$i localhost:$((server_port + $i))" 159 i=$((i + 1)) 160 done 161 i=0 162 163 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT"; then 164 echo " 165 frontend haproxy-profile 166 bind *:8889 167 mode http 168 option tcplog 169 default_backend fabric-ca-profile 170 171 backend fabric-ca-profile 172 mode http 173 http-request set-header X-Forwarded-Port %[dst_port] 174 balance roundrobin" 175 while test $((i)) -lt $inst; do 176 echo " server server$i localhost:$((FABRIC_CA_SERVER_PROFILE_PORT + $i))" 177 i=$((i + 1)) 178 done 179 i=0 180 fi 181 182 if test -n "$FABRIC_CA_INTERMEDIATE_SERVER_PORT"; then 183 echo " 184 frontend haproxy-intcas 185 bind *:$INTERMEDIATE_PROXY_PORT 186 mode tcp 187 option tcplog 188 default_backend fabric-intcas 189 190 backend fabric-intcas 191 mode tcp 192 balance roundrobin" 193 194 while test $((i)) -lt $inst; do 195 echo " server intserver$i localhost:$((INTERMEDIATE_CA_DEFAULT_PORT + $i))" 196 i=$((i + 1)) 197 done 198 i=0 199 fi 200 ) 201 202 } 203 204 function startFabricCa() { 205 local inst=$1 206 local start=$SECONDS 207 local timeout="$TIMEOUT" 208 local now=0 209 local server_addr=0.0.0.0 210 local polladdr=$server_addr 211 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 212 port=$((port + $inst)) 213 # if not explcitly set, use default 214 test -n "${port}" && local server_port="--port $port" || local server_port="" 215 test -n "${CACOUNT}" && local cacount="--cacount ${CACOUNT}" 216 217 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT"; then 218 local profile_port=$((FABRIC_CA_SERVER_PROFILE_PORT + $inst)) 219 FABRIC_CA_SERVER_PROFILE_PORT=$profile_port $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 220 --ca.keyfile $DST_KEY --config $RUNCONFIG $PARENTURL 2>&1 & 221 else 222 # $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 223 # --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args > $DATADIR/server${port}.log 2>&1 & 224 $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 225 --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args 2>&1 & 226 fi 227 228 printf "FABRIC_CA server on $server_addr:$port " 229 test "$server_addr" = "0.0.0.0" && polladdr="127.0.0.1" 230 pollFabricCa "" "$server_addr" "$port" "" "$TIMEOUT" 231 if test "$?" -eq 0; then 232 echo " STARTED" 233 else 234 RC=$((RC + 1)) 235 echo " FAILED" 236 fi 237 } 238 239 function killAllFabricCas() { 240 local fabric_capids=$(ps ax | awk '$5~/fabric-ca/ {print $1}') 241 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 242 test -n "$fabric_capids" && kill $fabric_capids 243 test -n "$proxypids" && kill $proxypids 244 } 245 246 while getopts "\?hRCISKXLDTAPNad:t:l:n:c:k:x:g:m:p:r:o:u:U:" option; do 247 case "$option" in 248 a) LDAP_ENABLE="true" ;; 249 o) TIMEOUT="$OPTARG" ;; 250 u) CACOUNT="$OPTARG" ;; 251 d) DRIVER="$OPTARG" ;; 252 r) USER_CA_PORT="$OPTARG" ;; 253 p) HTTP_PORT="$OPTARG" ;; 254 n) FABRIC_CA_INSTANCES="$OPTARG" ;; 255 t) KEYTYPE=$(tolower $OPTARG) ;; 256 l) KEYLEN="$OPTARG" ;; 257 c) SRC_CERT="$OPTARG" ;; 258 k) SRC_KEY="$OPTARG" ;; 259 x) CA_CFG_PATH="$OPTARG" ;; 260 m) MAXENROLL="$OPTARG" ;; 261 g) SERVERCONFIG="$OPTARG" ;; 262 U) PARENTURL="$OPTARG" ;; 263 D) export FABRIC_CA_DEBUG='true' ;; 264 A) AUTH="false" ;; 265 R) RESET="true" ;; 266 I) INIT="true" ;; 267 S) START="true" ;; 268 X) PROXY="true" ;; 269 K) KILL="true" ;; 270 L) LIST="true" ;; 271 P) export FABRIC_CA_SERVER_PROFILE_PORT=$PROFILING_PORT ;; 272 N) export FABRIC_CA_INTERMEDIATE_SERVER_PORT=$INTERMEDIATE_CA_DEFAULT_PORT ;; 273 \? | h) 274 usage 275 exit 1 276 ;; 277 esac 278 done 279 280 shift $((OPTIND - 1)) 281 args=$@ 282 : ${LDAP_ENABLE:="false"} 283 : ${TIMEOUT:=$DEFAULT_TIMEOUT} 284 : ${HTTP_PORT:="3755"} 285 : ${DBNAME:="fabric_ca"} 286 : ${MAXENROLL:="-1"} 287 : ${AUTH:="true"} 288 : ${DRIVER:="sqlite3"} 289 : ${FABRIC_CA_INSTANCES:=1} 290 : ${FABRIC_CA_DEBUG:="false"} 291 : ${LIST:="false"} 292 : ${RESET:="false"} 293 : ${INIT:="false"} 294 : ${START:="false"} 295 : ${PROXY:="false"} 296 : ${HTTP:="true"} 297 : ${KILL:="false"} 298 : ${KEYTYPE:="ecdsa"} 299 : ${KEYLEN:="256"} 300 : ${CACOUNT=""} 301 test $KEYTYPE = "rsa" && SSLKEYCMD=$KEYTYPE || SSLKEYCMD="ec" 302 test -n "$PARENTURL" && PARENTURL="-u $PARENTURL" 303 304 : ${CA_CFG_PATH:="/tmp/fabric-ca"} 305 : ${DATADIR:="$CA_CFG_PATH"} 306 export CA_CFG_PATH 307 308 test -d $DATADIR || mkdir -p $DATADIR 309 DST_KEY="fabric-ca-key.pem" 310 DST_CERT="fabric-ca-cert.pem" 311 test -n "$SRC_CERT" && cp "$SRC_CERT" $DATADIR/$DST_CERT 312 test -n "$SRC_KEY" && cp "$SRC_KEY" $DATADIR/$DST_KEY 313 RUNCONFIG="$DATADIR/$DEFAULT_RUN_CONFIG_FILE_NAME" 314 315 case $DRIVER in 316 postgres) DATASRC="dbname=$DBNAME host=127.0.0.1 port=$POSTGRES_PORT user=postgres password=postgres" ;; 317 sqlite3) DATASRC="$DBNAME" ;; 318 mysql) DATASRC="root:mysql@tcp(localhost:$MYSQL_PORT)/$DBNAME?parseTime=true" ;; 319 esac 320 321 $($LIST) && listFabricCa 322 $($RESET) && resetFabricCa 323 $($KILL) && killAllFabricCas 324 $($PROXY) && startHaproxy $FABRIC_CA_INSTANCES 325 326 $($INIT -o $START) && genRunconfig "$RUNCONFIG" "$DRIVER" "$DATASRC" "$DST_CERT" "$DST_KEY" "$MAXENROLL" 327 test -n "$SERVERCONFIG" && cp "$SERVERCONFIG" "$RUNCONFIG" 328 329 if $($INIT); then 330 initFabricCa 331 rc2=$? 332 if test $rc2 -eq 1; then 333 exit $rc2 334 fi 335 fi 336 337 if $($START); then 338 inst=0 339 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 340 startFabricCa $inst 341 inst=$((inst + 1)) 342 done 343 fi 344 exit $RC