Deploy go-ipfs configuration with Ansible, including systemd service files.
go-ipfs must be present in the system.
If no ipfs_config is found in Ansible variables for the host, the role will run ipfs init.
When ipfs_config is defined, it must as a minimum contain Identity.PeerID and Identity.PrivKey. It's then merged with
ipfs_config_default which contains default configuration produced by ipfs init, per go-ipfs` config reference. Sample:
#
ipfs_config_default:
API:
HTTPHeaders: {}
Addresses:
API:
- /ip6/::/tcp/5001
- /ip4/0.0.0.0/tcp/5001
...The role also configured systemd service for ipfs using the following variables (enforced using systemd.resource-control):
ipfs_config_debug: true
ipfs_mem_hi: 800M
ipfs_mem_max: 1G
ipfs_home: /home/ipfsIPFS clusters require ipfs_cluster_secret variable explicitly defined. If the secret is not defined, the cluster configuration will be skipped entirely.
The secret needs to be shared among all hosts that belong to a cluster (e.g. as a group variable), and can be generated with openssl rand -hex 32:
# protect with ansible-vault
ipfs_cluster_secret: 0d26e71c48e84890c89ef73bc26a45b167df03177df3ca399244e630513fbf53On the first cluster node, you should also define the following:
ipfs_cluster_bootstrap: []`All remaining cluster configuration on the first cluster node is optional, and the role will run ipfs-cluster-service init on the node, creating new configuration with the configured secret.
All subsequent hosts in the cluster must also declare ipfs_cluster_bootstrap with address and public key of at least one existing cluster member, allowing them to bootstrap configuration and establish connections to other members, for example:
ipfs_cluster_bootstrap:
- /ip4/192.168.144.200/tcp/9096/p2p/12D3KooWPd39DaEUVdaEHaJhKb3nDBA2SPjgwVA3YsrsSXH7XGa3This leads to an interesting chicken-and-egg problem which can be resolved by running Ansible twice:
- run the playbook with
ipfs_cluster_bootstrap: []on all servers - this will install daemons and initialise config even though nodes will be initally disconnected; - run
sudo -u ipfs ipfs-cluster-ctl idon any of the initialised servers to retrieve its IPFS cluster address; - configure that address in
ipfs_cluster_bootstrapfor all the other hosts and re-run Ansible.
Optional: IPFS cluster identifier and private key are also configurable and can be controlled with the following variables - they end up in ~/.ipfs-cluster/identity.json:
ipfs_cluster_identity:
id: 12D3KooWPd39DaEUVdaEHaJhKb3nDBA2SPjgwVA3YsrsSXH7XGa3
# protect with ansible-vault
private_key: CAESQLDHjjm8oMlXz5CAI1l40ytMyoJfEBANEfP3AO3RhzI0zRy3BfXYwZaiRtCx9odFzW7dRrdj3oD/kJLIhTiHE6g=Any other configuration options can be set in ipfs_cluster_config and they will be merged with ipfs_cluster_config_default to form a full IPFS cluster service configuration file written to ~/.ipfs-cluster/service.json.
All systemd settings set for ipfs (see above) will be also applied to the ipfs-cluster service.
For installation of the actual go-ipfs binaries:
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- role: kravietz.ipfs_config
GPL3
Pawel Krawczyk https://krvtz.net/
