From 7a8042e356a707ad1d8501597b08b1fa9944c6c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Mon, 6 Aug 2018 18:05:44 +0200 Subject: [PATCH] Add initial IPFS Cluster support It uses an encrypted data bag to store the cluster secret that has to be the same on all members of a cluster. It installs ipfs-cluster-service and ipfs-cluster-ctl and starts the cluster Refs #25 --- data_bags/credentials/ipfs_cluster.json | 10 ++ site-cookbooks/ipfs/attributes/default.rb | 2 + site-cookbooks/ipfs/recipes/cluster.rb | 68 ++++++++++++ .../default/ipfs-cluster.initd.service.erb | 102 ++++++++++++++++++ .../default/ipfs-cluster.systemd.service.erb | 11 ++ 5 files changed, 193 insertions(+) create mode 100644 data_bags/credentials/ipfs_cluster.json create mode 100644 site-cookbooks/ipfs/recipes/cluster.rb create mode 100644 site-cookbooks/ipfs/templates/default/ipfs-cluster.initd.service.erb create mode 100644 site-cookbooks/ipfs/templates/default/ipfs-cluster.systemd.service.erb diff --git a/data_bags/credentials/ipfs_cluster.json b/data_bags/credentials/ipfs_cluster.json new file mode 100644 index 0000000..f9b1108 --- /dev/null +++ b/data_bags/credentials/ipfs_cluster.json @@ -0,0 +1,10 @@ +{ + "id": "ipfs_cluster", + "secret": { + "encrypted_data": "oyy8QVRPvMx4YpHVqHr0WxX0D4WQMwZ43A1N+ZFa2jBlB/tzwzIz2gQv05L2\nf/2q4t4yXk6zTJRqPJ9kzcBddJCfuQPr8IzwdOZRz1UdXfE/iYY=\n", + "iv": "8+l2J0qmn6cKmGdf\n", + "auth_tag": "mgzeYpKJk6PSXjdcOP4CEg==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/site-cookbooks/ipfs/attributes/default.rb b/site-cookbooks/ipfs/attributes/default.rb index 301d7c2..0186fe5 100644 --- a/site-cookbooks/ipfs/attributes/default.rb +++ b/site-cookbooks/ipfs/attributes/default.rb @@ -3,3 +3,5 @@ node.default['ipfs']['checksum'] = "ae50c760f58548adc7c6dade4cf549059b6bc73ebc25 # Do not contact local network addresses. This will stop platforms like Hetzner # to block your server (https://github.com/ipfs/go-ipfs/issues/1226) node.default['ipfs']['config']['swarm']['addr_filter'] = ["/ip4/10.0.0.0/ipcidr/8", "/ip4/100.64.0.0/ipcidr/10", "/ip4/169.254.0.0/ipcidr/16", "/ip4/172.16.0.0/ipcidr/12", "/ip4/192.0.0.0/ipcidr/24", "/ip4/192.0.0.0/ipcidr/29", "/ip4/192.0.0.8/ipcidr/32", "/ip4/192.0.0.170/ipcidr/32", "/ip4/192.0.0.171/ipcidr/32", "/ip4/192.0.2.0/ipcidr/24", "/ip4/192.168.0.0/ipcidr/16", "/ip4/198.18.0.0/ipcidr/15", "/ip4/198.51.100.0/ipcidr/24", "/ip4/203.0.113.0/ipcidr/24", "/ip4/240.0.0.0/ipcidr/4"] + +node.default['ipfs']['cluster']['version'] = "0.4.0" diff --git a/site-cookbooks/ipfs/recipes/cluster.rb b/site-cookbooks/ipfs/recipes/cluster.rb new file mode 100644 index 0000000..8b68a13 --- /dev/null +++ b/site-cookbooks/ipfs/recipes/cluster.rb @@ -0,0 +1,68 @@ +# +# Cookbook Name:: ipfs +# Recipe:: cluster +# +# Copyright 2018, Kosmos +# +# All rights reserved - Do Not Redistribute +# + +version = node["ipfs"]["cluster"]["version"] + +ark "ipfs-cluster-service" do + url "https://dist.ipfs.io/ipfs-cluster-service/v#{version}/ipfs-cluster-service_v#{version}_linux-amd64.tar.gz" + has_binaries ["ipfs-cluster-service"] +end + +ark "ipfs-cluster-ctl" do + url "https://dist.ipfs.io/ipfs-cluster-ctl/v#{version}/ipfs-cluster-ctl_v#{version}_linux-amd64.tar.gz" + has_binaries ["ipfs-cluster-ctl"] +end + +credentials = data_bag_item("credentials", "ipfs_cluster") + +execute "ipfs-cluster-service init" do + user "ipfs" + environment "CLUSTER_SECRET" => credentials["secret"], + "IPFS_CLUSTER_PATH" => "/home/ipfs/.ipfs-cluster" + not_if { File.exist? "/home/ipfs/.ipfs-cluster/service.json" } +end + +if platform?('ubuntu') && node[:platform_version].to_f < 15.04 || + platform?('debian') && node['platform_version'].to_f < 8 + template "ipfs.initd-cluster.service.erb" do + path "/etc/init.d/ipfs-cluster" + source 'ipfs-cluster.initd.service.erb' + owner 'root' + group 'root' + mode '0750' + notifies :restart, "service[ipfs-cluster]", :delayed + end + + service "ipfs-cluster" do + provider Chef::Provider::Service::Init::Debian + action [:enable] + supports start: true, stop: true, restart: true, reload: false, status: true + end + +else + execute "systemctl daemon-reload" do + command "systemctl daemon-reload" + action :nothing + end + + template "ipfs-cluster.systemd.service.erb" do + path "/lib/systemd/system/ipfs-cluster.service" + source 'ipfs-cluster.systemd.service.erb' + owner 'root' + group 'root' + mode '0644' + notifies :run, "execute[systemctl daemon-reload]", :delayed + notifies :restart, "service[ipfs-cluster]", :delayed + end + + service "ipfs-cluster" do + provider Chef::Provider::Service::Systemd + action [:enable] + end +end diff --git a/site-cookbooks/ipfs/templates/default/ipfs-cluster.initd.service.erb b/site-cookbooks/ipfs/templates/default/ipfs-cluster.initd.service.erb new file mode 100644 index 0000000..1b8c2ff --- /dev/null +++ b/site-cookbooks/ipfs/templates/default/ipfs-cluster.initd.service.erb @@ -0,0 +1,102 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: ipfs-cluster daemon +# Required-Start: $local_fs $remote_fs $network $syslog $named +# Required-Stop: $local_fs $remote_fs $network $syslog $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts the ipfs-cluster daemon +# Description: Starts the ipfs-cluster daemon using the start-stop-daemon +### END INIT INFO + +# Author: Dylan Powers = 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() { + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test >/dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \ + --background --chuid $IPFS_USER --no-close \ + --exec /usr/bin/env IPFS_PATH="$IPFS_PATH" $DAEMON 2>>$IPFS_PATH/daemon.log 1>/dev/null \ + -- $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() { + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + + # Delete the pid + rm -f $PIDFILE + return "$RETVAL" +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart) + do_stop + do_start + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart}" >&2 + exit 3 + ;; +esac diff --git a/site-cookbooks/ipfs/templates/default/ipfs-cluster.systemd.service.erb b/site-cookbooks/ipfs/templates/default/ipfs-cluster.systemd.service.erb new file mode 100644 index 0000000..08bf2f0 --- /dev/null +++ b/site-cookbooks/ipfs/templates/default/ipfs-cluster.systemd.service.erb @@ -0,0 +1,11 @@ +[Unit] +Description=Start ipfs-cluster + +[Service] +ExecStart=/usr/local/bin/ipfs-cluster-service daemon +User=ipfs +Group=ipfs +Restart=always + +[Install] +WantedBy=multi-user.target