github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/scripts/fvt/fabric-ca_setup.sh (about) 1 #!/bin/bash 2 # 3 # Copyright IBM Corp. All Rights Reserved. 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 FABRIC_CA="$GOPATH/src/github.com/hyperledger/fabric-ca" 9 SCRIPTDIR="$FABRIC_CA/scripts/fvt" 10 . $SCRIPTDIR/fabric-ca_utils 11 GO_VER="1.7.1" 12 ARCH="amd64" 13 RC=0 14 15 function usage() { 16 echo "ARGS:" 17 echo " -d) <DRIVER> - [sqlite3|mysql|postgres]" 18 echo " -n) <FABRIC_CA_INSTANCES> - number of servers to start" 19 echo " -t) <KEYTYPE> - rsa|ecdsa" 20 echo " -l) <KEYLEN> - ecdsa: 256|384|521; rsa 2048|3072|4096" 21 echo " -c) <SRC_CERT> - pre-existing server cert" 22 echo " -k) <SRC_KEY> - pre-existing server key" 23 echo " -x) <DATADIR> - local storage for client auth_info" 24 echo "FLAGS:" 25 echo " -D) set FABRIC_CA_DEBUG='true'" 26 echo " -R) set RESET='true' - delete DB, server certs, client certs" 27 echo " -I) set INIT='true' - run fabric-ca server init" 28 echo " -S) set START='true' - start \$FABRIC_CA_INSTANCES number of servers" 29 echo " -X) set PROXY='true' - start haproxy for \$FABRIC_CA_INSTANCES of fabric-ca servers" 30 echo " -K) set KILL='true' - kill all running fabric-ca instances and haproxy" 31 echo " -L) list all running fabric-ca instances" 32 echo " -P) Enable profiling port on the server" 33 echo " ?|h) this help text" 34 echo "" 35 echo "Defaults: -d sqlite3 -n 1 -k ecdsa -l 256" 36 } 37 38 runPSQL() { 39 local cmd="$1" 40 local opts="$2" 41 local wrk_dir="$(pwd)" 42 cd /tmp 43 /usr/bin/psql "$opts" -U postgres -h localhost -c "$cmd" 44 local rc=$? 45 cd $wrk_dir 46 return $rc 47 } 48 49 resetFabricCa(){ 50 killAllFabricCas 51 rm -rf $DATADIR >/dev/null 52 test -f $(pwd)/${DBNAME}* && rm $(pwd)/${DBNAME}* 53 cd /tmp 54 55 # Base server and cluster servers 56 for i in "" $(seq ${CACOUNT:-0}); do 57 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 58 mysql --host=localhost --user=root --password=mysql -e 'show tables' ${DBNAME}${dbSuffix} >/dev/null 2>&1 59 mysql --host=localhost --user=root --password=mysql -e "DROP DATABASE IF EXISTS ${DBNAME}${dbSuffix}" >/dev/null 2>&1 60 /usr/bin/dropdb "${DBNAME}${dbSuffix}" -U postgres -h localhost -w --if-exists 2>/dev/null 61 done 62 } 63 64 listFabricCa(){ 65 echo "Listening servers;" 66 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 67 local inst=0 68 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 69 lsof -n -i tcp:$((port+$inst)) 70 inst=$((inst+1)) 71 done 72 73 # Base server and cluster servers 74 for i in "" $(seq ${CACOUNT:-0}); do 75 test -z $i && dbSuffix="" || dbSuffix="_ca$i" 76 echo "" 77 echo " ======================================" 78 echo " ========> Dumping ${DBNAME}${dbSuffix} Database" 79 echo " ======================================" 80 case $DRIVER in 81 mysql) 82 echo "" 83 echo "Users:" 84 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM users;' ${DBNAME}${dbSuffix} 85 if $($FABRIC_CA_DEBUG); then 86 echo "Certificates:" 87 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM certificates;' ${DBNAME}${dbSuffix} 88 echo "Affiliations:" 89 mysql --host=localhost --user=root --password=mysql -e 'SELECT * FROM affiliations;' ${DBNAME}${dbSuffix} 90 fi 91 ;; 92 postgres) 93 echo "" 94 runPSQL "\l ${DBNAME}${dbSuffix}" | sed 's/^/ /;1s/^ *//;1s/$/:/' 95 96 echo "Users:" 97 runPSQL "SELECT * FROM USERS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 98 if $($FABRIC_CA_DEBUG); then 99 echo "Certificates::" 100 runPSQL "SELECT * FROM CERTIFICATES;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 101 echo "Affiliations:" 102 runPSQL "SELECT * FROM AFFILIATIONS;" "--dbname=${DBNAME}${dbSuffix}" | sed 's/^/ /' 103 fi 104 ;; 105 sqlite3) sqlite3 "$DATADIR/ca/ca$i/$DBNAME" 'SELECT * FROM USERS ;;' | sed 's/^/ /' 106 if $($FABRIC_CA_DEBUG); then 107 sqlite3 "$DATASRC" 'SELECT * FROM CERTIFICATES;' | sed 's/^/ /' 108 sqlite3 "$DATASRC" 'SELECT * FROM AFFILIATIONS;' | sed 's/^/ /' 109 fi 110 esac 111 done 112 } 113 114 function initFabricCa() { 115 test -f $FABRIC_CA_SERVEREXEC || ErrorExit "fabric-ca executable not found in src tree" 116 117 $FABRIC_CA_SERVEREXEC init -c $RUNCONFIG $PARENTURL $args || return 1 118 119 echo "FABRIC_CA server initialized" 120 if $($FABRIC_CA_DEBUG); then 121 openssl x509 -in $DATADIR/$DST_CERT -noout -issuer -subject -serial \ 122 -dates -nameopt RFC2253| sed 's/^/ /' 123 openssl x509 -in $DATADIR/$DST_CERT -noout -text | 124 awk ' 125 /Subject Alternative Name:/ { 126 gsub(/^ */,"") 127 printf $0"= " 128 getline; gsub(/^ */,"") 129 print 130 }'| sed 's/^/ /' 131 openssl x509 -in $DATADIR/$DST_CERT -noout -pubkey | 132 openssl $KEYTYPE -pubin -noout -text 2>/dev/null| sed 's/Private/Public/' 133 openssl $KEYTYPE -in $DATADIR/$DST_KEY -text 2>/dev/null 134 fi 135 } 136 137 138 function startHaproxy() { 139 local inst=$1 140 local i=0 141 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 142 test -n "$proxypids" && kill $proxypids 143 local server_port=${USER_CA_PORT-$CA_DEFAULT_PORT} 144 case $TLS_ON in 145 "true") 146 haproxy -f <(echo "global 147 log 127.0.0.1 local2 148 daemon 149 defaults 150 log global 151 option dontlognull 152 maxconn 4096 153 timeout connect 30000 154 timeout client 300000 155 timeout server 300000 156 157 frontend haproxy 158 bind *:$PROXY_PORT 159 mode tcp 160 option tcplog 161 default_backend fabric-cas 162 163 backend fabric-cas 164 mode tcp 165 balance roundrobin"; 166 167 # For each requested instance passed to startHaproxy 168 # (which is determined by the -n option passed to the 169 # main script) create a backend server in haproxy config 170 # Each server binds to a unique port on INADDR_ANY 171 while test $((i)) -lt $inst; do 172 echo " server server$i localhost:$((server_port+$i))" 173 i=$((i+1)) 174 done 175 i=0 176 177 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT" ; then 178 echo " 179 frontend haproxy-profile 180 bind *:8889 181 mode http 182 option tcplog 183 default_backend fabric-ca-profile 184 185 backend fabric-ca-profile 186 mode http 187 http-request set-header X-Forwarded-Port %[dst_port] 188 balance roundrobin"; 189 while test $((i)) -lt $inst; do 190 echo " server server$i localhost:$((FABRIC_CA_SERVER_PROFILE_PORT+$i))" 191 i=$((i+1)) 192 done 193 i=0 194 fi 195 196 if test -n "$FABRIC_CA_INTERMEDIATE_SERVER_PORT" ; then 197 echo " 198 frontend haproxy-intcas 199 bind *:$INTERMEDIATE_PROXY_PORT 200 mode tcp 201 option tcplog 202 default_backend fabric-intcas 203 204 backend fabric-intcas 205 mode tcp 206 balance roundrobin"; 207 208 while test $((i)) -lt $inst; do 209 echo " server intserver$i localhost:$((INTERMEDIATE_CA_DEFAULT_PORT+$i))" 210 i=$((i+1)) 211 done 212 i=0 213 fi 214 ) 215 ;; 216 *) 217 haproxy -f <(echo "global 218 log 127.0.0.1 local2 219 daemon 220 defaults 221 log global 222 mode http 223 option httplog 224 option dontlognull 225 maxconn 4096 226 timeout connect 30000 227 timeout client 300000 228 timeout server 300000 229 option forwardfor 230 231 listen stats 232 bind *:10888 233 stats enable 234 stats uri / 235 stats enable 236 237 frontend haproxy 238 bind *:$PROXY_PORT 239 mode http 240 option tcplog 241 default_backend fabric-cas 242 243 backend fabric-cas 244 mode http 245 http-request set-header X-Forwarded-Port %[dst_port] 246 balance roundrobin"; 247 while test $((i)) -lt $inst; do 248 echo " server server$i localhost:$((server_port+$i))" 249 i=$((i+1)) 250 done 251 i=0 252 253 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT" ; then 254 echo " 255 frontend haproxy-profile 256 bind *:8889 257 mode http 258 option tcplog 259 default_backend fabric-ca-profile 260 261 backend fabric-ca-profile 262 mode http 263 http-request set-header X-Forwarded-Port %[dst_port] 264 balance roundrobin"; 265 while test $((i)) -lt $inst; do 266 echo " server server$i localhost:$((FABRIC_CA_SERVER_PROFILE_PORT+$i))" 267 i=$((i+1)) 268 done 269 i=0 270 fi 271 272 if test -n "$FABRIC_CA_INTERMEDIATE_SERVER_PORT" ; then 273 echo " 274 frontend haproxy-intcas 275 bind *:$INTERMEDIATE_PROXY_PORT 276 mode http 277 option tcplog 278 default_backend fabric-intcas 279 280 backend fabric-intcas 281 mode http 282 http-request set-header X-Forwarded-Port %[dst_port] 283 balance roundrobin"; 284 285 while test $((i)) -lt $inst; do 286 echo " server intserver$i localhost:$((INTERMEDIATE_CA_DEFAULT_PORT+$i))" 287 i=$((i+1)) 288 done 289 i=0 290 fi 291 ) 292 ;; 293 esac 294 } 295 296 function startFabricCa() { 297 local inst=$1 298 local start=$SECONDS 299 local timeout="$TIMEOUT" 300 local now=0 301 local server_addr=0.0.0.0 302 local polladdr=$server_addr 303 local port=${USER_CA_PORT-$CA_DEFAULT_PORT} 304 port=$((port+$inst)) 305 # if not explcitly set, use default 306 test -n "${port}" && local server_port="--port $port" || local server_port="" 307 test -n "${CACOUNT}" && local cacount="--cacount ${CACOUNT}" 308 309 if test -n "$FABRIC_CA_SERVER_PROFILE_PORT" ; then 310 local profile_port=$((FABRIC_CA_SERVER_PROFILE_PORT+$inst)) 311 FABRIC_CA_SERVER_PROFILE_PORT=$profile_port $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 312 --ca.keyfile $DST_KEY --config $RUNCONFIG $PARENTURL 2>&1 & 313 else 314 # $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 315 # --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args > $DATADIR/server${port}.log 2>&1 & 316 $FABRIC_CA_SERVEREXEC start --address $server_addr $server_port --ca.certfile $DST_CERT \ 317 --ca.keyfile $DST_KEY $cacount --config $RUNCONFIG $args 2>&1 & 318 fi 319 320 printf "FABRIC_CA server on $server_addr:$port " 321 test "$server_addr" = "0.0.0.0" && polladdr="127.0.0.1" 322 pollFabricCa "" "$server_addr" "$port" "" "$TIMEOUT" 323 if test "$?" -eq 0; then 324 echo " STARTED" 325 else 326 RC=$((RC+1)) 327 echo " FAILED" 328 fi 329 } 330 331 function killAllFabricCas() { 332 local fabric_capids=$(ps ax | awk '$5~/fabric-ca/ {print $1}') 333 local proxypids=$(lsof -n -i tcp | awk '$1=="haproxy" && !($2 in a) {a[$2]=$2;print a[$2]}') 334 test -n "$fabric_capids" && kill $fabric_capids 335 test -n "$proxypids" && kill $proxypids 336 } 337 338 while getopts "\?hRCISKXLDTAPNad:t:l:n:c:k:x:g:m:p:r:o:u:U:" option; do 339 case "$option" in 340 a) LDAP_ENABLE="true" ;; 341 o) TIMEOUT="$OPTARG" ;; 342 u) CACOUNT="$OPTARG" ;; 343 d) DRIVER="$OPTARG" ;; 344 r) USER_CA_PORT="$OPTARG" ;; 345 p) HTTP_PORT="$OPTARG" ;; 346 n) FABRIC_CA_INSTANCES="$OPTARG" ;; 347 t) KEYTYPE=$(tolower $OPTARG);; 348 l) KEYLEN="$OPTARG" ;; 349 c) SRC_CERT="$OPTARG";; 350 k) SRC_KEY="$OPTARG" ;; 351 x) CA_CFG_PATH="$OPTARG" ;; 352 m) MAXENROLL="$OPTARG" ;; 353 g) SERVERCONFIG="$OPTARG" ;; 354 U) PARENTURL="$OPTARG" ;; 355 D) export FABRIC_CA_DEBUG='true' ;; 356 A) AUTH="false" ;; 357 R) RESET="true" ;; 358 I) INIT="true" ;; 359 S) START="true" ;; 360 X) PROXY="true" ;; 361 K) KILL="true" ;; 362 L) LIST="true" ;; 363 T) TLS_ON="true" ;; 364 P) export FABRIC_CA_SERVER_PROFILE_PORT=$PROFILING_PORT ;; 365 N) export FABRIC_CA_INTERMEDIATE_SERVER_PORT=$INTERMEDIATE_CA_DEFAULT_PORT;; 366 \?|h) usage 367 exit 1 368 ;; 369 esac 370 done 371 372 shift $((OPTIND-1)) 373 args=$@ 374 : ${LDAP_ENABLE:="false"} 375 : ${TIMEOUT:=$DEFAULT_TIMEOUT} 376 : ${HTTP_PORT:="3755"} 377 : ${DBNAME:="fabric_ca"} 378 : ${MAXENROLL:="-1"} 379 : ${AUTH:="true"} 380 : ${DRIVER:="sqlite3"} 381 : ${FABRIC_CA_INSTANCES:=1} 382 : ${FABRIC_CA_DEBUG:="false"} 383 : ${LIST:="false"} 384 : ${RESET:="false"} 385 : ${INIT:="false"} 386 : ${START:="false"} 387 : ${PROXY:="false"} 388 : ${HTTP:="true"} 389 : ${KILL:="false"} 390 : ${KEYTYPE:="ecdsa"} 391 : ${KEYLEN:="256"} 392 : ${CACOUNT=""} 393 test $KEYTYPE = "rsa" && SSLKEYCMD=$KEYTYPE || SSLKEYCMD="ec" 394 test -n "$PARENTURL" && PARENTURL="-u $PARENTURL" 395 396 : ${CA_CFG_PATH:="/tmp/fabric-ca"} 397 : ${DATADIR:="$CA_CFG_PATH"} 398 export CA_CFG_PATH 399 400 # regarding tls: 401 # honor the command-line setting to turn on TLS 402 # else honor the envvar 403 # else (default) turn off tls 404 sslmode=disable 405 if test -n "$TLS_ON"; then 406 TLS_DISABLE='false'; LDAP_PORT=636; LDAP_PROTO="ldaps://";sslmode="require";mysqlTls='&tls=custom' 407 else 408 case "$FABRIC_TLS" in 409 true) TLS_DISABLE='false';TLS_ON='true'; LDAP_PORT=636; LDAP_PROTO="ldaps://";sslmode="require";mysqlTls='&tls=custom' ;; 410 false) TLS_DISABLE='true' ;TLS_ON='false' ;; 411 *) TLS_DISABLE='true' ;TLS_ON='false' ;; 412 esac 413 fi 414 415 test -d $DATADIR || mkdir -p $DATADIR 416 DST_KEY="fabric-ca-key.pem" 417 DST_CERT="fabric-ca-cert.pem" 418 test -n "$SRC_CERT" && cp "$SRC_CERT" $DATADIR/$DST_CERT 419 test -n "$SRC_KEY" && cp "$SRC_KEY" $DATADIR/$DST_KEY 420 RUNCONFIG="$DATADIR/runFabricCaFvt.yaml" 421 422 case $DRIVER in 423 postgres) DATASRC="dbname=$DBNAME host=127.0.0.1 port=$POSTGRES_PORT user=postgres password=postgres sslmode=$sslmode" ;; 424 sqlite3) DATASRC="$DBNAME" ;; 425 mysql) DATASRC="root:mysql@tcp(localhost:$MYSQL_PORT)/$DBNAME?parseTime=true$mysqlTls" ;; 426 esac 427 428 $($LIST) && listFabricCa 429 $($RESET) && resetFabricCa 430 $($KILL) && killAllFabricCas 431 $($PROXY) && startHaproxy $FABRIC_CA_INSTANCES 432 433 $( $INIT -o $START ) && genRunconfig "$RUNCONFIG" "$DRIVER" "$DATASRC" "$DST_CERT" "$DST_KEY" "$MAXENROLL" 434 test -n "$SERVERCONFIG" && cp "$SERVERCONFIG" "$RUNCONFIG" 435 436 $($INIT) && initFabricCa 437 if $($START); then 438 inst=0 439 while test $((inst)) -lt $FABRIC_CA_INSTANCES; do 440 startFabricCa $inst 441 inst=$((inst+1)) 442 done 443 fi 444 exit $RC