ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-04-28 06:49:55 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
corda/docs/source/ha-utilities.rst
Patrick Kuo 5244d41384
ENT-2653 Standalone Keytool/Registration tool for HA deployment (#1558) 
* Node registration tool for registering multiple nodes at the same time
* SSL key import tool for creating SSL keystore for the bridge or adding new key to existing bridge keystore
* Self signed SSL keystores generator for creating SSL keystores for firewall components' internal communication
2018-11-16 11:49:21 +00:00

5.2 KiB
Raw Blame History

HA Utilities

Setting up multiple nodes behind shared Corda Firewall require preparation of various keystores and config files, which can be time consuming and error prone. The HA Utilities aims to provide tools to streamline the node provision and deployment process.

The tool is distributed as part of in the form of runnable JAR "corda-tools-ha-utilities-.jar".

To run simply pass in the file or URL as the first parameter:

> java -jar corda-tools-ha-utilities-.jar <file or URL>

Use the --help flag for a full list of command line options.

Sub-commands

node-registration: Corda registration tool for registering 1 or more node with the corda network, using provided node configuration. import-ssl-key: Key copying tool for creating bridge SSL keystore or add new node SSL identity to existing bridge SSL keystore. generate-internal-ssl-keystores: Generate self-signed root and SSL certificates for bridge, external artemis broker and float, for internal communication between the services. install-shell-extensions: Install alias and autocompletion for bash and zsh. See cli-application-shell-extensions for more info.

Node Registration Tool

The registration tool can be used to register multiple Corda nodes with the network operator, it is useful when managing multiple identities and setting up multiple Corda nodes sharing Corda firewall infrastructures.

Command-line options

ha-utilities node-registration [-hvV] [--logging-level=<loggingLevel>] [-b=FOLDER] -p=PASSWORD -t=FILE -f=FILE... [-f=FILE...]...
  • -v, --verbose, --log-to-console: If set, prints logging to the console as well as to a file.
  • --logging-level=<loggingLevel>: Enable logging at this level and higher. Possible values: ERROR, WARN, INFO, DEBUG, TRACE. Default: INFO
  • -b, --base-directory=FOLDER: The node working directory where all the files are kept.
  • -f, --config-files=FILE...: The path to the config file
  • -t, --network-root-truststore=FILE: Network root trust store obtained from network operator.
  • -p, --network-root-truststore-password=PASSWORD: Network root trust store password obtained from network operator.
  • -h, --help: Show this help message and exit.
  • -V, --version: Print version information and exit.

SSL key copier

When using shared external bridge, the bridge will need to have access to nodes' SSL key in order to establish connections to counterparties on behalf of the nodes. The SSL key copier sub command can be used to provision the SSL keystore and add additional keys when adding more nodes to the shared infrastructure.

Command-line options

ha-utilities import-ssl-key [-hvV] [--logging-level=<loggingLevel>] [-b=FOLDER] [-k=FILES] -p=PASSWORDS --node-keystore-passwords=PASSWORDS... [--node-keystore-passwords=PASSWORDS...]... --node-keystores=FILES... [--node-keystores=FILES...]...
  • -v, --verbose, --log-to-console: If set, prints logging to the console as well as to a file.
  • --logging-level=<loggingLevel>: Enable logging at this level and higher. Possible values: ERROR, WARN, INFO, DEBUG, TRACE. Default: INFO
  • --node-keystores=FILES...: The path to the node SSL keystore(s)
  • --node-keystore-passwords=PASSWORDS...: The password(s) of the node SSL keystore(s)
  • -b, --base-directory=FOLDER: The working directory where all the files are kept.
  • -k, --bridge-keystore=FILES: The path to the bridge SSL keystore.
  • -p, --bridge-keystore-password=PASSWORDS: The password of the bridge SSL keystore.
  • -h, --help: Show this help message and exit.
  • -V, --version :Print version information and exit.

Self signed internal SSL keystore

TLS is used to ensure communications between firewall components are secured. This tool can be used to generate the required keystores if TLS cert signing infrastructure is not available within your organisation.

Command-line options

ha-utilities generate-internal-ssl-keystores [-hvV] [--logging-level=<loggingLevel>] [-b=<baseDirectory>] [-c=<country>] [-l=<locality>] [-o=<organization>] [-p=<password>]
  • -v, --verbose, --log-to-console: If set, prints logging to the console as well as to a file.
  • --logging-level=<loggingLevel>: Enable logging at this level and higher. Possible values:ERROR, WARN, INFO, DEBUG, TRACE. Default: INFO
  • -p, --password=<password>: Default password for all generated keystore and private keys. Default: changeit
  • -o, --organization=<organization>: X500Name's organization attribute. Default: Corda
  • -l, --locality=<locality>: X500Name's locality attribute. Default: London
  • -c, --county=<country>: X500Name's country attribute. Default: GB
  • -b, --base-directory=<baseDirectory>: The node working directory where all the files are kept.
  • -h, --help: Show this help message and exit.
  • -V, --version: Print version information and exit.