Switch from IPFS cluster to kredits-ipfs-pinner

This removes the cluster configuration and adds deployment of Kredits IPFS Pinner. It also switches hubot-kredits to use the normal API endpoint again (instead of the cluster port). Furthermore, it upgrades go-ipfs to the latest version.
2019-07-03 15:34:42 +02:00 · 2019-07-03 15:34:42 +02:00 · f4990a8066
parent a22d10e083
commit f4990a8066
9 changed files with 124 additions and 32 deletions
--- a/nodes/andromeda.kosmos.org.json
+++ b/nodes/andromeda.kosmos.org.json
@ -2,7 +2,8 @@
  "run_list": [
    "role[base]",
    "kosmos-base::andromeda_firewall",
-    "role[ipfs_cluster_with_tls]",
+    "kosmos-ipfs",
+    "kosmos-ipfs::public_gateway",
    "kosmos-postgresql",
    "kosmos-mediawiki",
    "kosmos-btcpayserver::proxy",
--- a/nodes/barnard.kosmos.org.json
+++ b/nodes/barnard.kosmos.org.json
@ -2,7 +2,7 @@
  "run_list": [
    "role[base]",
    "role[kredits_github]",
-    "kosmos-ipfs::cluster",
+    "kosmos-ipfs",
    "kosmos-hubot::botka_freenode",
    "kosmos-hubot::hal8000",
    "kosmos-hubot::hal8000_xmpp",
--- a/roles/ipfs_cluster_with_tls.rb
+++ b/roles/ipfs_cluster_with_tls.rb
@ -1,15 +0,0 @@
-name "ipfs_cluster_with_tls"
-
-run_list %w(
-  kosmos-ipfs
-  kosmos-ipfs::cluster
-  kosmos-ipfs::letsencrypt
-)
-
-override_attributes(
-  'kosmos-ipfs' => {
-    'nginx' => {
-      'api_port' => 9095
-    }
-  }
-)
--- a/site-cookbooks/kosmos-hubot/attributes/default.rb
+++ b/site-cookbooks/kosmos-hubot/attributes/default.rb
@ -23,9 +23,7 @@ node.default['hal8000_xmpp']['rooms'] = [
 node.default['hal8000_xmpp']['auth_admins'] = []

 node.default['hal8000_xmpp']['kredits']['ipfs_host']     = 'localhost'
-# Use the running ipfs-cluster, so adding documents adds and pins them on all
-# members of the cluster
-node.default['hal8000_xmpp']['kredits']['ipfs_port']     = '9095'
+node.default['hal8000_xmpp']['kredits']['ipfs_port']     = '5001'
 node.default['hal8000_xmpp']['kredits']['ipfs_protocol'] = 'http'
 node.default['hal8000_xmpp']['kredits']['room']          = 'kredits@chat.kosmos.org'
 node.default['hal8000_xmpp']['kredits']['provider_url']  = 'https://rinkeby.infura.io/v3/c5e74367261d475ab935e2f0e726482f'
--- a/site-cookbooks/kosmos-ipfs/attributes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb
@ -1,10 +1,8 @@
-# Override to connect to the IPFS cluster proxy on port 9095
-# (https://cluster.ipfs.io/documentation/composite-clusters/)
-
 # FIXME api_port should come from the ipfs cookbook/attributes
 # It has nothing to do with nginx
 node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
 node.default['kosmos-ipfs']['nginx']['gateway_port'] = 9090
 node.default['kosmos-ipfs']['nginx']['external_api_port'] = 5444
-
 node.default['kosmos-ipfs']['nginx']['domain'] = "ipfs.kosmos.org"
+
+node.default['kosmos-ipfs']['kredits-pinner']['revision'] = "v1.0.2"
--- a/site-cookbooks/kosmos-ipfs/recipes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb
@ -24,9 +24,10 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.

-node.override['ipfs']['version'] = '0.4.20'
-node.override['ipfs']['checksum'] = '155dbdb2d7a9b8df38feccf48eb925cf9ab650754dc51994aa1e0bda1c1f9123'
+node.override['ipfs']['version'] = '0.4.21'
+node.override['ipfs']['checksum'] = 'a7ec5ddc4d52f818cbf3853a80f7ec17f9fde9128f039485dbe1889cf673d562'
 include_recipe "ipfs"
+include_recipe "kosmos-ipfs::kredits_pinner"

 # Configure ipfs

--- a/site-cookbooks/kosmos-ipfs/recipes/kredits_pinner.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/kredits_pinner.rb
@ -0,0 +1,73 @@
+#
+# Cookbook Name:: kosmos-ipfs
+# Recipe:: kredits_pinner
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2019, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+app_name     = "kredits-ipfs-pinner"
+deploy_user  = "ipfs"
+deploy_group = "ipfs"
+
+group deploy_group
+
+path_to_deploy = "/opt/#{app_name}"
+application path_to_deploy do
+  owner deploy_user
+  group deploy_group
+
+  git do
+    user  deploy_user
+    group deploy_group
+    repository "https://gitea.kosmos.org/kosmos/#{app_name}.git"
+    revision node['kosmos-ipfs']['kredits-pinner']['revision']
+  end
+
+  npm_install do
+    user deploy_user
+  end
+
+  execute "systemctl daemon-reload" do
+    command "systemctl daemon-reload"
+    action :nothing
+  end
+
+  template "/lib/systemd/system/#{app_name}.service" do
+    source 'nodejs.systemd.service.erb'
+    owner 'root'
+    group 'root'
+    mode '0640'
+    variables(
+      user: deploy_user,
+      group: deploy_group,
+      app_dir: path_to_deploy,
+      entry: "/usr/bin/node /usr/bin/npm start",
+      environment: {}
+    )
+    notifies :run, "execute[systemctl daemon-reload]", :delayed
+    notifies :restart, "service[#{app_name}]", :delayed
+  end
+
+  service app_name do
+    action [:enable, :start]
+  end
+end
--- a/site-cookbooks/kosmos-ipfs/recipes/public_gateway.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/public_gateway.rb
@ -1,6 +1,6 @@
 #
 # Cookbook Name:: kosmos-ipfs
-# Recipe:: cluster
+# Recipe:: public_gateway
 #
 # The MIT License (MIT)
 #
@ -24,15 +24,34 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.

-node.override['ipfs']['cluster']['version'] = '0.10.1'
+include_recipe "kosmos-nginx"

-include_recipe "ipfs::cluster"
-include_recipe "ipfs::cluster_service"
+domain = node["kosmos-ipfs"]["nginx"]["domain"]
+
+template "#{node['nginx']['dir']}/sites-available/#{domain}" do
+  source "nginx_conf_#{domain}.erb"
+  owner 'www-data'
+  mode 0640
+  variables server_name:            domain,
+            ssl_cert:               "/etc/letsencrypt/live/#{domain}/fullchain.pem",
+            ssl_key:                "/etc/letsencrypt/live/#{domain}/privkey.pem",
+            ipfs_api_port:          node['kosmos-ipfs']['nginx']['api_port'],
+            ipfs_gateway_port:      node['kosmos-ipfs']['nginx']['gateway_port'],
+            ipfs_external_api_port: node['kosmos-ipfs']['nginx']['external_api_port']
+
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site domain do
+  action :enable
+end
+
+nginx_certbot_site domain

 unless node.chef_environment == "development"
  include_recipe "firewall"
-  firewall_rule 'ipfs_cluster' do
-    port     9096
+  firewall_rule 'ipfs_api' do
+    port     node['kosmos-ipfs']['nginx']['external_api_port']
    protocol :tcp
    command  :allow
  end
--- a/site-cookbooks/kosmos-ipfs/templates/default/nodejs.systemd.service.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nodejs.systemd.service.erb
@ -0,0 +1,17 @@
+[Unit]
+Description=Start nodejs app
+After=ipfs.service
+
+[Service]
+ExecStartPre=/bin/sleep 5
+ExecStart=<%= @entry %>
+WorkingDirectory=<%= @app_dir %>
+User=<%= @user %>
+Group=<%= @group %>
+<% unless @environment.empty? -%>
+Environment=<% @environment.each do |key, value| -%>'<%= key %>=<%= value %>' <% end %>
+<% end -%>
+Restart=always
+
+[Install]
+WantedBy=multi-user.target