Merge pull request 'Fix IPFS node connectivity from the outside as well as the private network' (#442 ) from bugfix/ipfs_connectivity into master

Reviewed-on: #442
Remove ufw logging for ipfs
2022-11-02 18:32:44 +00:00 · 2022-11-02 19:27:09 +01:00 · 2022-11-02 17:13:55 +00:00 · 2022-11-02 14:06:07 +01:00 · 2022-11-02 14:05:43 +01:00
3 changed files with 64 additions and 7 deletions
--- a/nodes/ipfs-1.json
+++ b/nodes/ipfs-1.json
@@ -37,13 +37,13 @@
      "hostname::default",
      "ipfs::default",
      "ipfs::_user",
      "firewall::default",
      "chef-sugar::default",
      "kosmos-ipfs::kredits_pinner",
      "kosmos-nodejs::default",
      "nodejs::nodejs_from_package",
      "nodejs::repo",
      "kosmos-ipfs::firewall_swarm",
      "firewall::default",
      "chef-sugar::default",
      "kosmos-nginx::default",
      "nginx::default",
      "nginx::package",
--- a/site-cookbooks/kosmos-ipfs/attributes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/attributes/default.rb
@@ -1,20 +1,55 @@
 node.normal['ipfs']['version'] = "0.15.0"
 node.normal['ipfs']['checksum'] = "5830ce226956c5e2a2de3a3440704402dd3501c43ec16eeec2d61491317005f2"
 node.default['kosmos-ipfs']['api']['port'] = 5001
 node.default['kosmos-ipfs']['ipfs']['config'] = {
  # The default gateway is already used by kosmos' hubot (8080)
  "Addresses.Gateway" => "/ip4/127.0.0.1/tcp/9090",
-  # Do not keep track of bandwidth metrics. Disabling bandwidth metrics can
+  # API with Web UI
-  # lead to a slight performance improvement, as well as a reduction in memory
+  "Addresses.API" => "/ip4/0.0.0.0/tcp/5001",
-  # usage.
+  # Enable bandwith metrics
-  'Swarm.DisableBandwidthMetrics' => true,
+  'Swarm.DisableBandwidthMetrics' => false,
  # Disable the p2p-circuit relay transport
  'Swarm.Transports.Network.Relay' => false,
  # Number of connections that, when exceeded, will trigger a connection GC
  # operation
  'Swarm.ConnMgr.HighWater' => 40,
  # Minimum number of connections to maintain
-  'Swarm.ConnMgr.LowWater' => 20
+  'Swarm.ConnMgr.LowWater' => 20,
  # Do not dial out to these IP ranges
  # We go a bit nuts on the 10.0 range definitions to allow dialouts on our own
  # private network
  'Swarm.AddrFilters' => [
                          '/ip4/10.128.0.0/ipcidr/9',
                          '/ip4/10.64.0.0/ipcidr/10',
                          '/ip4/10.32.0.0/ipcidr/11',
                          '/ip4/10.16.0.0/ipcidr/12',
                          '/ip4/10.8.0.0/ipcidr/13',
                          '/ip4/10.4.0.0/ipcidr/14',
                          '/ip4/10.2.0.0/ipcidr/15',
                          '/ip4/10.0.0.0/ipcidr/16',
                          '/ip4/10.1.128.0/ipcidr/17',
                          '/ip4/10.1.64.0/ipcidr/18',
                          '/ip4/10.1.32.0/ipcidr/19',
                          '/ip4/10.1.16.0/ipcidr/20',
                          '/ip4/10.1.8.0/ipcidr/21',
                          '/ip4/10.1.4.0/ipcidr/22',
                          '/ip4/10.1.2.0/ipcidr/23',
                          '/ip4/10.1.0.0/ipcidr/24',
                          '/ip4/100.64.0.0/ipcidr/10',
                          '/ip4/169.254.0.0/ipcidr/16',
                          '/ip4/172.16.0.0/ipcidr/12',
                          '/ip4/192.0.0.0/ipcidr/24',
                          '/ip4/192.0.0.0/ipcidr/29',
                          '/ip4/192.0.0.8/ipcidr/32',
                          '/ip4/192.0.0.170/ipcidr/32',
                          '/ip4/192.0.0.171/ipcidr/32',
                          '/ip4/192.0.2.0/ipcidr/24',
                          '/ip4/192.168.0.0/ipcidr/16',
                          '/ip4/198.18.0.0/ipcidr/15',
                          '/ip4/198.51.100.0/ipcidr/24',
                          '/ip4/203.0.113.0/ipcidr/24',
                          '/ip4/240.0.0.0/ipcidr/4'],
 }
 node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
--- a/site-cookbooks/kosmos-ipfs/recipes/default.rb
+++ b/site-cookbooks/kosmos-ipfs/recipes/default.rb
@@ -4,6 +4,7 @@
 #
 include_recipe "ipfs"
 include_recipe 'firewall'
 include_recipe "kosmos-ipfs::kredits_pinner"
 node['kosmos-ipfs']['ipfs']['config'].each do |k, v|
@@ -15,3 +16,24 @@ end
 unless node.chef_environment == "development"
  include_recipe "kosmos-ipfs::firewall_swarm"
 end
 firewall_rule 'ipfs_api' do
  port     node['kosmos-ipfs']['api']['port']
  source   "10.1.1.0/24"
  protocol :tcp
  command  :allow
 end
 firewall_rule 'ipfs_local_p2p_allow_out' do
  destination "10.1.1.0/24"
  direction   :out
  protocol    :none
  command     :allow
 end
 firewall_rule 'ipfs_local_p2p_deny_out' do
  destination "10.0.0.0/8"
  direction   :out
  protocol    :none
  command     :deny
 end
Author	SHA1	Message	Date
raucao	08bcdcc395	Merge pull request 'Fix IPFS node connectivity from the outside as well as the private network' (#442 ) from bugfix/ipfs_connectivity into master Reviewed-on: #442	2022-11-02 18:32:44 +00:00
Râu Cao	90b62e3fc1	Remove ufw logging for ipfs	2022-11-02 19:27:09 +01:00
greg	c9a0310511	Merge branch 'master' into bugfix/ipfs_connectivity	2022-11-02 17:13:55 +00:00
Râu Cao	b1922d26f6	Allow IPFS connections on private network (HAProxy is now also using the private network.) This fixes IPFS connections to Kosmos nodes from outside the network, as well as in between nodes on the private network.	2022-11-02 14:06:07 +01:00
Râu Cao	f7ff1248fe	Enable Web UI on private network	2022-11-02 14:05:43 +01:00