From 1e20a282276e77d28fa1562c1a8d51211aeca889 Mon Sep 17 00:00:00 2001 From: Sownak Roy <20537268+sownak@users.noreply.github.com> Date: Mon, 22 Jan 2024 05:33:32 +0000 Subject: [PATCH] [besu] Q2T using http (#2489) Signed-off-by: Roy,Sownak --- .../besu-node/templates/besu-config-configmap.yaml | 2 +- .../hyperledger-besu/charts/besu-node/values.yaml | 2 +- .../charts/besu-tessera-node/templates/_helpers.tpl | 9 +++------ .../charts/besu-tessera-node/templates/configmap.yaml | 10 ++++++---- .../roles/create/helm_component/templates/member.tpl | 2 ++ 5 files changed, 13 insertions(+), 12 deletions(-) diff --git a/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml b/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml index ea17e3d1e41..7b711609ce9 100644 --- a/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml +++ b/platforms/hyperledger-besu/charts/besu-node/templates/besu-config-configmap.yaml @@ -88,7 +88,7 @@ data: {{ if .Values.tessera.enabled -}} # Privacy privacy-enabled={{ .Values.tessera.enabled }} - privacy-url="{{ .Values.node.besu.privacy.scheme }}://tessera-{{ .Release.Name }}:{{ .Values.node.besu.privacy.clientport }}" + privacy-url="{{ .Values.node.besu.privacy.scheme }}://tessera-{{ .Release.Name }}.{{ .Release.Namespace }}:{{ .Values.node.besu.privacy.clientport }}" {{- if and (ne .Values.global.cluster.provider "minikube") (.Values.global.cluster.cloudNativeServices) }} privacy-public-key-file="{{ .Values.node.besu.keysPath }}/{{ .Values.node.besu.privacy.pubkeyFile }}" {{ else }} diff --git a/platforms/hyperledger-besu/charts/besu-node/values.yaml b/platforms/hyperledger-besu/charts/besu-node/values.yaml index 42213332903..837b34f6333 100644 --- a/platforms/hyperledger-besu/charts/besu-node/values.yaml +++ b/platforms/hyperledger-besu/charts/besu-node/values.yaml @@ -121,7 +121,7 @@ node: interval: 15 prometheusJob: "besu" privacy: - scheme: "https" # Must use https when TLS is STRICT + scheme: "http" # Must use https when TLS is STRICT clientport: 9101 pubkeysPath: "/tessera" pubkeyFile: "tm.pub" diff --git a/platforms/hyperledger-besu/charts/besu-tessera-node/templates/_helpers.tpl b/platforms/hyperledger-besu/charts/besu-tessera-node/templates/_helpers.tpl index 138efc50811..fe89bac2641 100644 --- a/platforms/hyperledger-besu/charts/besu-tessera-node/templates/_helpers.tpl +++ b/platforms/hyperledger-besu/charts/besu-tessera-node/templates/_helpers.tpl @@ -51,14 +51,11 @@ Create tessera url depending on tls mode {{- end -}} {{/* -Create client url depending on tls mode +Client URL is defaulted to http; tls certificates need to be checked for using https */}} {{- define "besu-tessera-node.clientURL" -}} {{- $fullname := include "besu-tessera-node.fullname" . -}} {{- $port := .Values.tessera.q2tport | int -}} -{{- if eq .Values.tessera.tlsMode "STRICT" -}} - {{- printf "https://%s.%s:%d" $fullname .Release.Namespace $port | quote }} -{{- else -}} - {{- printf "http://%s.%s:%d" $fullname .Release.Namespace $port | quote }} +{{- printf "http://%s.%s:%d" $fullname .Release.Namespace $port | quote }} +{{- end -}} {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/platforms/hyperledger-besu/charts/besu-tessera-node/templates/configmap.yaml b/platforms/hyperledger-besu/charts/besu-tessera-node/templates/configmap.yaml index 024f51cf544..5f0d8845acd 100644 --- a/platforms/hyperledger-besu/charts/besu-tessera-node/templates/configmap.yaml +++ b/platforms/hyperledger-besu/charts/besu-tessera-node/templates/configmap.yaml @@ -39,8 +39,9 @@ data: "enabled": true, "serverAddress": {{ include "besu-tessera-node.clientURL" . }}, "sslConfig": { - "tls": {{ .Values.tessera.tlsMode | quote }}, + "tls": "OFF", "generateKeyStoreIfNotExisted": true, + "sslConfigType": "SERVER_ONLY", "serverTrustMode": {{ .Values.tessera.trust | quote }}, "serverTlsKeyPath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.key", "serverTlsCertificatePath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.pem", @@ -49,9 +50,9 @@ data: "clientTlsKeyPath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.key", "clientTlsCertificatePath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.pem", "clientTrustCertificates": ["{{ .Values.tessera.dataPath }}/crypto/tessera_ca.pem"], - "knownClientsFile": "{{ .Values.tessera.dataPath }}/crypto/known_client1", - "knownServersFile": "{{ .Values.tessera.dataPath }}/crypto/known_server1", - "clientAuth": true + "knownClientsFile": "{{ .Values.tessera.dataPath }}/crypto/known_client", + "knownServersFile": "{{ .Values.tessera.dataPath }}/crypto/known_server", + "clientAuth": false }, "communicationType": "REST" }, @@ -62,6 +63,7 @@ data: "sslConfig": { "tls": {{ .Values.tessera.tlsMode | quote }}, "generateKeyStoreIfNotExisted": true, + "sslConfigType": "SERVER_AND_CLIENT", "serverTrustMode": {{ .Values.tessera.trust | quote }}, "serverTlsKeyPath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.key", "serverTlsCertificatePath": "{{ .Values.tessera.dataPath }}/crypto/tessera_cer.pem", diff --git a/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl b/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl index 6cfa29cdc67..e8302c80c6d 100644 --- a/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl +++ b/platforms/hyperledger-besu/configuration/roles/create/helm_component/templates/member.tpl @@ -128,6 +128,8 @@ spec: enabled: {{ peer.metrics.enabled | default(false) }} port: {{ peer.metrics.port | default(9545) }} serviceMonitorEnabled: {{ network.prometheus.enabled | default(false)}} + privacy: + clientport: {{ peer.tm_clientport.port }} permissions: enabled: {{ network.permissioning.enabled | default(false) }} #Add other permissioning params below this {% if network.env.labels is defined %}