ipfs_config

ipfs_config

Deploy go-ipfs configuration with Ansible, including systemd service files.

Requirements

go-ipfs must be present in the system.

Role Variables

go-ipfs

If no ipfs_config is found in Ansible variables for the host, the role will run ipfs init.

When ipfs_config is defined, it must as a minimum contain Identity.PeerID and Identity.PrivKey. It's then merged with ipfs_config_default which contains default configuration produced by ipfs init, per [go-ipfs` config reference](https://github.com/ipfs/go-ipfs/blob/master/docs/config.md). Sample:


# 
ipfs_config_default:
  API:
  HTTPHeaders: {}
  Addresses:
    API:
    - /ip6/::/tcp/5001
    - /ip4/0.0.0.0/tcp/5001
    ...

The role also configured systemd service for ipfs using the following variables (enforced using systemd.resource-control):

ipfs_config_debug: true
ipfs_mem_hi: 800M
ipfs_mem_max: 1G
ipfs_home: /home/ipfs

ipfs-cluster-service

IPFS clusters require ipfs_cluster_secret variable explicitly defined. If the secret is not defined, the cluster configuration will be skipped entirely.

The secret needs to be shared among all hosts that belong to a cluster (e.g. as a group variable), and can be generated with openssl rand -hex 32:

# protect with ansible-vault
ipfs_cluster_secret: 0d26e71c48e84890c89ef73bc26a45b167df03177df3ca399244e630513fbf53

On the first cluster node, you should also define the following:

ipfs_cluster_bootstrap: []`

All remaining cluster configuration on the first cluster node is optional, and the role will run ipfs-cluster-service init on the node, creating new configuration with the configured secret.

All subsequent hosts in the cluster must also declare ipfs_cluster_bootstrap with address and public key of at least one existing cluster member, allowing them to bootstrap configuration and establish connections to other members, for example:

ipfs_cluster_bootstrap:
  - /ip4/192.168.144.200/tcp/9096/p2p/12D3KooWPd39DaEUVdaEHaJhKb3nDBA2SPjgwVA3YsrsSXH7XGa3

This leads to an interesting chicken-and-egg problem which can be resolved by running Ansible twice:

  • run the playbook with ipfs_cluster_bootstrap: [] on all servers - this will install daemons and initialise config even though nodes will be initally disconnected;
  • run sudo -u ipfs ipfs-cluster-ctl id on any of the initialised servers to retrieve its IPFS cluster address;
  • configure that address in ipfs_cluster_bootstrap for all the other hosts and re-run Ansible.

Optional: IPFS cluster identifier and private key are also configurable and can be controlled with the following variables - they end up in ~/.ipfs-cluster/identity.json:

ipfs_cluster_identity:
  id: 12D3KooWPd39DaEUVdaEHaJhKb3nDBA2SPjgwVA3YsrsSXH7XGa3
  # protect with ansible-vault
  private_key: CAESQLDHjjm8oMlXz5CAI1l40ytMyoJfEBANEfP3AO3RhzI0zRy3BfXYwZaiRtCx9odFzW7dRrdj3oD/kJLIhTiHE6g=

Any other configuration options can be set in ipfs_cluster_config and they will be merged with ipfs_cluster_config_default to form a full IPFS cluster service configuration file written to ~/.ipfs-cluster/service.json.

All systemd settings set for ipfs (see above) will be also applied to the ipfs-cluster service.

Dependencies

For installation of the actual go-ipfs binaries:

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
    - role: kravietz.ipfs_config

License

GPL3

Author Information

Pawel Krawczyk https://krvtz.net/

About

ipfs and ipfs-cluster configuration

Install
ansible-galaxy install kravietz/ipfs-config
GitHub repository
License
gpl-3.0
Downloads
58
Owner
Information security, DevOps and DevSecOps professional from Poland living in the UK