kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity

Add initial IPFS Cluster support

Browse Source 
It uses an encrypted data bag to store the cluster secret that has to be
the same on all members of a cluster. It installs ipfs-cluster-service
and ipfs-cluster-ctl and starts the cluster

Refs #25
This commit is contained in:
Greg Karékinian 2018-08-06 18:05:44 +02:00
parent d0f2275ebb
commit 7a8042e356
5 changed files with 193 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
data_bags/credentials/ipfs_cluster.json Normal file
View File

@ -0,0 +1,10 @@
{
"id": "ipfs_cluster",
"secret": {
"encrypted_data": "oyy8QVRPvMx4YpHVqHr0WxX0D4WQMwZ43A1N+ZFa2jBlB/tzwzIz2gQv05L2\nf/2q4t4yXk6zTJRqPJ9kzcBddJCfuQPr8IzwdOZRz1UdXfE/iYY=\n",
"iv": "8+l2J0qmn6cKmGdf\n",
"auth_tag": "mgzeYpKJk6PSXjdcOP4CEg==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

2
site-cookbooks/ipfs/attributes/default.rb
View File

@ -3,3 +3,5 @@ node.default['ipfs']['checksum'] = "ae50c760f58548adc7c6dade4cf549059b6bc73ebc25
# Do not contact local network addresses. This will stop platforms like Hetzner # Do not contact local network addresses. This will stop platforms like Hetzner
# to block your server (https://github.com/ipfs/go-ipfs/issues/1226) # to block your server (https://github.com/ipfs/go-ipfs/issues/1226)
node.default['ipfs']['config']['swarm']['addr_filter'] = ["/ip4/10.0.0.0/ipcidr/8", "/ip4/100.64.0.0/ipcidr/10", "/ip4/169.254.0.0/ipcidr/16", "/ip4/172.16.0.0/ipcidr/12", "/ip4/192.0.0.0/ipcidr/24", "/ip4/192.0.0.0/ipcidr/29", "/ip4/192.0.0.8/ipcidr/32", "/ip4/192.0.0.170/ipcidr/32", "/ip4/192.0.0.171/ipcidr/32", "/ip4/192.0.2.0/ipcidr/24", "/ip4/192.168.0.0/ipcidr/16", "/ip4/198.18.0.0/ipcidr/15", "/ip4/198.51.100.0/ipcidr/24", "/ip4/203.0.113.0/ipcidr/24", "/ip4/240.0.0.0/ipcidr/4"] node.default['ipfs']['config']['swarm']['addr_filter'] = ["/ip4/10.0.0.0/ipcidr/8", "/ip4/100.64.0.0/ipcidr/10", "/ip4/169.254.0.0/ipcidr/16", "/ip4/172.16.0.0/ipcidr/12", "/ip4/192.0.0.0/ipcidr/24", "/ip4/192.0.0.0/ipcidr/29", "/ip4/192.0.0.8/ipcidr/32", "/ip4/192.0.0.170/ipcidr/32", "/ip4/192.0.0.171/ipcidr/32", "/ip4/192.0.2.0/ipcidr/24", "/ip4/192.168.0.0/ipcidr/16", "/ip4/198.18.0.0/ipcidr/15", "/ip4/198.51.100.0/ipcidr/24", "/ip4/203.0.113.0/ipcidr/24", "/ip4/240.0.0.0/ipcidr/4"]
node.default['ipfs']['cluster']['version'] = "0.4.0"

68
site-cookbooks/ipfs/recipes/cluster.rb Normal file
View File

@ -0,0 +1,68 @@
#
# Cookbook Name:: ipfs
# Recipe:: cluster
#
# Copyright 2018, Kosmos
#
# All rights reserved - Do Not Redistribute
#
version = node["ipfs"]["cluster"]["version"]
ark "ipfs-cluster-service" do
url "https://dist.ipfs.io/ipfs-cluster-service/v#{version}/ipfs-cluster-service_v#{version}_linux-amd64.tar.gz"
has_binaries ["ipfs-cluster-service"]
end
ark "ipfs-cluster-ctl" do
url "https://dist.ipfs.io/ipfs-cluster-ctl/v#{version}/ipfs-cluster-ctl_v#{version}_linux-amd64.tar.gz"
has_binaries ["ipfs-cluster-ctl"]
end
credentials = data_bag_item("credentials", "ipfs_cluster")
execute "ipfs-cluster-service init" do
user "ipfs"
environment "CLUSTER_SECRET" => credentials["secret"],
"IPFS_CLUSTER_PATH" => "/home/ipfs/.ipfs-cluster"
not_if { File.exist? "/home/ipfs/.ipfs-cluster/service.json" }
end
if platform?('ubuntu') && node[:platform_version].to_f < 15.04 ||
platform?('debian') && node['platform_version'].to_f < 8
template "ipfs.initd-cluster.service.erb" do
path "/etc/init.d/ipfs-cluster"
source 'ipfs-cluster.initd.service.erb'
owner 'root'
group 'root'
mode '0750'
notifies :restart, "service[ipfs-cluster]", :delayed
end
service "ipfs-cluster" do
provider Chef::Provider::Service::Init::Debian
action [:enable]
supports start: true, stop: true, restart: true, reload: false, status: true
end
else
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "ipfs-cluster.systemd.service.erb" do
path "/lib/systemd/system/ipfs-cluster.service"
source 'ipfs-cluster.systemd.service.erb'
owner 'root'
group 'root'
mode '0644'
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[ipfs-cluster]", :delayed
end
service "ipfs-cluster" do
provider Chef::Provider::Service::Systemd
action [:enable]
end
end

102
site-cookbooks/ipfs/templates/default/ipfs-cluster.initd.service.erb Normal file
View File

@ -0,0 +1,102 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: ipfs-cluster daemon
# Required-Start: $local_fs $remote_fs $network $syslog $named
# Required-Stop: $local_fs $remote_fs $network $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts the ipfs-cluster daemon
# Description: Starts the ipfs-cluster daemon using the start-stop-daemon
### END INIT INFO
# Author: Dylan Powers <dylan.kyle.powers@gmail.com
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
DESC="ipfs-cluster daemon"
NAME=ipfs-cluster
DAEMON=/usr/local/bin/ipfs-cluster-service
DAEMON_ARGS="daemon"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
IPFS_PATH=/home/ipfs/.ipfs
IPFS_USER=ipfs
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start() {
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test >/dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \
--background --chuid $IPFS_USER --no-close \
--exec /usr/bin/env IPFS_PATH="$IPFS_PATH" $DAEMON 2>>$IPFS_PATH/daemon.log 1>/dev/null \
-- $DAEMON_ARGS \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop() {
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Delete the pid
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
restart)
do_stop
do_start
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart}" >&2
exit 3
;;
esac

11
site-cookbooks/ipfs/templates/default/ipfs-cluster.systemd.service.erb Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Start ipfs-cluster
[Service]
ExecStart=/usr/local/bin/ipfs-cluster-service daemon
User=ipfs
Group=ipfs
Restart=always
[Install]
WantedBy=multi-user.target