-
Notifications
You must be signed in to change notification settings - Fork 1
/
start-lb-sequencer.sh
executable file
·75 lines (59 loc) · 3.02 KB
/
start-lb-sequencer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/bin/bash
# Copyright (c) 2024 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
# set -e
source env.sh
if [ ! "LOADBALANCER" == "$ENABLE_HA" ] ; then
echo " Not running as not in Load Balancer mode"
exit 1
fi
# Run NGINX load balancer for Sequencer
# https://fardog.io/blog/2017/12/30/client-side-certificate-authentication-with-nginx/
case "$(uname -s)" in
Darwin)
SEQUENCER_1_HOST=host.docker.internal
SEQUENCER_2_HOST=host.docker.internal
;;
esac
docker stop lb-sequencer
docker rm lb-sequencer
DOMAIN=acme.com
if [ "NGINX" == "$LOADBALANCER_TYPE" ] ; then
cat ./nginx-conf/nginx.conf-sequencer-template | \
sed -e "s;<DOMAIN>;$DOMAIN;g" | \
sed -e "s;<SEQUENCER_1_HOST>;$SEQUENCER_1_HOST;g" | \
sed -e "s;<CANTON_SEQUENCER_1_PUBLIC_PORT>;$CANTON_SEQUENCER_1_PUBLIC_PORT;g" | \
sed -e "s;<SEQUENCER_2_HOST>;$SEQUENCER_2_HOST;g" | \
sed -e "s;<CANTON_SEQUENCER_2_PUBLIC_PORT>;$CANTON_SEQUENCER_2_PUBLIC_PORT;g" | \
sed -e "s;<SEQUENCER_HOST>;$SEQUENCER_HOST;g" | \
sed -e "s;<SEQUENCER_PORT>;$SEQUENCER_PORT;g" \
> ./nginx-conf/nginx-sequencer.conf
docker run --name lb-sequencer -p $SEQUENCER_PORT:$SEQUENCER_PORT \
-v "$(pwd)/nginx-conf/nginx-sequencer.conf:/etc/nginx/nginx.conf:ro" \
-v "$(pwd)/certs/domain/sequencer/certs/sequencer-chain.$DOMAIN.cert.pem:/etc/ssl/server.crt:ro" \
-v "$(pwd)/certs/domain/sequencer/private/sequencer.$DOMAIN.key.pem:/etc/ssl/server.key:ro" \
-v "$(pwd)/certs/domain/intermediate/certs/ca-chain.cert.pem:/etc/ssl/certs/ca-chain.crt:ro" \
-v "$(pwd)/certs/domain/client/admin-api.$DOMAIN.cert.pem:/etc/ssl/client.crt:ro" \
-v "$(pwd)/certs/domain/client/admin-api.$DOMAIN.key.pem:/etc/ssl/client.key:ro" \
-P -d $LOADBALANCER_VERSION
fi
if [ "HAPROXY" == "$LOADBALANCER_TYPE" ] ; then
cat ./haproxy-conf/haproxy.conf-sequencer-template | \
sed -e "s;<DOMAIN>;$DOMAIN;g" | \
sed -e "s;<SEQUENCER_1_HOST>;$SEQUENCER_1_HOST;g" | \
sed -e "s;<CANTON_SEQUENCER_1_PUBLIC_PORT>;$CANTON_SEQUENCER_1_PUBLIC_PORT;g" | \
sed -e "s;<SEQUENCER_2_HOST>;$SEQUENCER_2_HOST;g" | \
sed -e "s;<CANTON_SEQUENCER_2_PUBLIC_PORT>;$CANTON_SEQUENCER_2_PUBLIC_PORT;g" | \
sed -e "s;<SEQUENCER_HOST>;$SEQUENCER_HOST;g" | \
sed -e "s;<SEQUENCER_PORT>;$SEQUENCER_PORT;g" \
> ./haproxy-conf/haproxy-sequencer.conf
docker run --name lb-sequencer -p $SEQUENCER_PORT:$SEQUENCER_PORT \
--sysctl net.ipv4.ip_unprivileged_port_start=0 \
-v "$(pwd)/haproxy-conf/haproxy-sequencer.conf:/usr/local/etc/haproxy/haproxy.cfg:ro" \
-v "$(pwd)/certs/domain/sequencer/certs/sequencer-chain.$DOMAIN.cert.pem:/etc/ssl/server.crt:ro" \
-v "$(pwd)/certs/domain/sequencer/private/sequencer.$DOMAIN.key.pem:/etc/ssl/server.crt.key:ro" \
-v "$(pwd)/certs/domain/intermediate/certs/ca-chain.cert.pem:/etc/ssl/certs/ca-chain.crt:ro" \
-v "$(pwd)/certs/domain/client/admin-api.$DOMAIN.cert.pem:/etc/ssl/client.crt:ro" \
-v "$(pwd)/certs/domain/client/admin-api.$DOMAIN.key.pem:/etc/ssl/client.crt.key:ro" \
-P -d $LOADBALANCER_VERSION
fi