From c2f8876c84fcf42e5bfb4e2ceeb3960e43e81015 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Tue, 3 Nov 2020 18:50:52 +0100
Subject: [PATCH] ipfs-cluster: Add initial version
This patch adds an initial version of my IPFS-cluster role to the
infrastructure repository. It's not completely figured out yet. This
should be reviewed by some IPFS pro down the line.
The experimental setup, went down after starting to scan local networks
for peers. This resulted in learning about the `IPFS_PROFILE` variable
and how important it is, to set it to `server` before deploying in
hosted environments.
---
ipfs-cluster.yml | 31 +++++++
roles/ipfs-cluster/README.md | 57 +++++++++++++
roles/ipfs-cluster/defaults/main.yml | 35 ++++++++
roles/ipfs-cluster/meta/main.yml | 16 ++++
roles/ipfs-cluster/tasks/main.yml | 66 +++++++++++++++
.../ipfs-cluster/templates/docker-compose.yml | 82 +++++++++++++++++++
6 files changed, 287 insertions(+)
create mode 100644 ipfs-cluster.yml
create mode 100644 roles/ipfs-cluster/README.md
create mode 100644 roles/ipfs-cluster/defaults/main.yml
create mode 100644 roles/ipfs-cluster/meta/main.yml
create mode 100644 roles/ipfs-cluster/tasks/main.yml
create mode 100644 roles/ipfs-cluster/templates/docker-compose.yml
diff --git a/ipfs-cluster.yml b/ipfs-cluster.yml
new file mode 100644
index 00000000..2323aebb
--- /dev/null
+++ b/ipfs-cluster.yml
@@ -0,0 +1,31 @@
+---
+
+# Shivering-Isles Infrastructure
+# Ansible instructions to deploy the infrastructure for the Shivering-Isles
+# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+- hosts: ipfs_cluster
+ serial: 1
+ roles:
+ - sys-upgrade
+ - docker
+ - docker-compose
+ - docker-cleanup
+ - traefik
+ - ipfs-cluster
+
+ environment:
+ PYTHONPATH: /opt/docker-compose
diff --git a/roles/ipfs-cluster/README.md b/roles/ipfs-cluster/README.md
new file mode 100644
index 00000000..6889d45f
--- /dev/null
+++ b/roles/ipfs-cluster/README.md
@@ -0,0 +1,57 @@
+static_websites
+===============
+
+This role provides the ability to deploy various static sites with out docker containers in a very easy way.
+
+Requirements
+------------
+
+You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles.
+
+**This role assumes that you have setup traefik with an endpoint called `websecure`.**
+
+Role Variables
+--------------
+
+**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
+
+**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
+
+### Global variables, that are used:
+
+- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
+- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
+
+
+### Example config:
+```yaml
+---
+static_websites:
+ example:
+ image: docker.io/acme/example-site # docker image, can include a tag
+ domain: example.com # domain that is published by traefik
+ certresolver: letsencrypt_cf # specify traefik cert resolver (optional)
+ www: true # Add www. as alias (optional)
+ hsts: # HSTS advanced settings (optinal)
+ preloaded: true # enable preloaded header
+ subdomains: true # enable all subdomains header
+ nginx:
+ readonly: true
+ tmpfs:
+ "/tmp/nginx-cache": 1M
+ example2:
+ image: docker.io/acme/example-docs
+ domain: docs.example.com
+```
+
+Dependencies
+------------
+
+- docker
+- docker-compose
+- traefik
+
+License
+-------
+
+GPL-3.0-only
diff --git a/roles/ipfs-cluster/defaults/main.yml b/roles/ipfs-cluster/defaults/main.yml
new file mode 100644
index 00000000..6d4ffd96
--- /dev/null
+++ b/roles/ipfs-cluster/defaults/main.yml
@@ -0,0 +1,35 @@
+---
+# Default variables for the ipfs-cluster role
+
+# Shivering-Isles Infrastructure
+# Ansible instructions to deploy the infrastructure for the Shivering-Isles
+# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
+# Copyright (C) 2020 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# The install location (where to put the docker-compose.yml)
+ipfscluster_install_location: /var/srv/ipfscluster
+ipfscluster_ipfs_data_location: "{{ ipfscluster_install_location }}/data/ipfs"
+ipfscluster_cluster_data_location: "{{ ipfscluster_install_location }}/data/cluster"
+
+# The default certresolver to use by traefik for the domain if none is specified
+ipfscluster_traefik_certresolver: letsencrypt_cf
+
+ipfscluster_api_domain: ipfs-cluster-api.example.com
+# to generate the username+password combination use the htpasswd command:
+# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
+ipfscluster_api_users: "{{ omit }}"
+ipfscluster_cluster_options:
+ peername: cluster01
+ secret: "{{ omit }}"
diff --git a/roles/ipfs-cluster/meta/main.yml b/roles/ipfs-cluster/meta/main.yml
new file mode 100644
index 00000000..ef0d71c5
--- /dev/null
+++ b/roles/ipfs-cluster/meta/main.yml
@@ -0,0 +1,16 @@
+galaxy_info:
+ author: Christoph Kern
+ description: Installs an IPFS cluster by using docker containers
+ license: GPL-3.0-only
+
+ min_ansible_version: 2.4
+ platforms:
+ - name: CentOS
+ versions:
+ - 7
+
+ galaxy_tags: []
+dependencies:
+ - docker
+ - docker-compose
+ - traefik
diff --git a/roles/ipfs-cluster/tasks/main.yml b/roles/ipfs-cluster/tasks/main.yml
new file mode 100644
index 00000000..4c753da0
--- /dev/null
+++ b/roles/ipfs-cluster/tasks/main.yml
@@ -0,0 +1,66 @@
+---
+# Tasks file for the ipfs-cluster role
+
+# Shivering-Isles Infrastructure
+# Ansible instructions to deploy the infrastructure for the Shivering-Isles
+# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+- name: Update default SELinux contexts
+ sefcontext:
+ target: '{{ item }}(/.*)?'
+ setype: "container_file_t"
+ state: present
+ with_items:
+ - "{{ ipfscluster_ipfs_data_location }}"
+ - "{{ ipfscluster_cluster_data_location }}"
+ become: true
+
+- name: Create directory
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - "{{ ipfscluster_install_location }}"
+ become: true
+
+- name: Create data directory
+ file:
+ path: "{{ item }}"
+ state: directory
+ setype: "container_file_t"
+ with_items:
+ - "{{ ipfscluster_ipfs_data_location }}"
+ - "{{ ipfscluster_cluster_data_location }}"
+ become: true
+
+- name: Deploy docker-compose.yml
+ template:
+ src: docker-compose.yml
+ dest: "{{ ipfscluster_install_location }}/docker-compose.yml"
+ mode: '0600'
+ owner: 'root'
+ group: 'root'
+ validate: python2 -m compose -f %s config -q
+ become: true
+ tags:
+ - ipfs
+
+- name: Compose ipfs cluster node
+ docker_compose:
+ state: present
+ project_src: "{{ ipfscluster_install_location }}"
+ pull: yes
+ remove_orphans: yes
+ become: true
diff --git a/roles/ipfs-cluster/templates/docker-compose.yml b/roles/ipfs-cluster/templates/docker-compose.yml
new file mode 100644
index 00000000..534a068e
--- /dev/null
+++ b/roles/ipfs-cluster/templates/docker-compose.yml
@@ -0,0 +1,82 @@
+{{ ansible_managed | comment }}
+
+# Shivering-Isles Infrastructure
+# Ansible instructions to deploy the infrastructure for the Shivering-Isles
+# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
+# Copyright (C) 2020 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+version: '2'
+
+services:
+ ipfs:
+ image: docker.io/ipfs/go-ipfs:v0.7.0
+ security_opt:
+ - no-new-privileges
+ restart: always
+ environment:
+ - "IPFS_PROFILE=server"
+ volumes:
+ - {{ ipfscluster_ipfs_data_location }}:/data/ipfs
+ networks:
+ internal:
+
+ cluster:
+ image: docker.io/ipfs/ipfs-cluster:v0.13.0
+ restart: always
+ depends_on:
+ - ipfs
+ environment:
+{% for key, value in ipfscluster_cluster_options.items() %}
+ - "CLUSTER_{{ key | upper }}={{ value }}"
+{% endfor %}
+ - "CLUSTER_IPFSHTTP_NODEMULTIADDRESS=/dns4/ipfs/tcp/5001"
+ - "CLUSTER_CRDT_TRUSTEDPEERS=*"
+ - "CLUSTER_RESTAPI_HTTPLISTENMULTIADDRESS=/ip4/0.0.0.0/tcp/9094"
+ ports:
+ - "9096:9096"
+ volumes:
+ - {{ ipfscluster_cluster_data_location }}:/data/ipfs-cluster
+
+ labels:
+{% if ipfscluster_api_users != omit %}
+ # traefik V2
+ - "traefik.http.routers.ipfscluster_api_domain.rule=Host(`{{ ipfscluster_api_domain }}`) && PathPrefix(`/`)"
+ - "traefik.http.routers.ipfscluster_api_domain.entrypoints=websecure"
+ - "traefik.http.routers.ipfscluster_api_domain.tls=true"
+ - "traefik.http.routers.ipfscluster_api_domain.tls.certresolver={{ ipfscluster_traefik_certresolver }}"
+ - "traefik.http.routers.ipfscluster_api_domain.middlewares=ipfscluster_api_domain,compress,ipfscluster_api_domain-auth"
+ - "traefik.http.routers.ipfscluster_api_domain.service=ipfscluster_api_domain"
+ - "traefik.http.middlewares.ipfscluster_api_domain.headers.sslredirect=true"
+ - "traefik.http.middlewares.ipfscluster_api_domain.headers.stsSeconds=63072000"
+ - "traefik.http.services.ipfscluster_api_domain.loadbalancer.server.port=9094"
+ - "traefik.http.middlewares.ipfscluster_api_domain-auth.basicauth.users={{ ipfscluster_api_users }}"
+ - "traefik.enable=true"
+{% if proxy_network is defined %}
+ - "traefik.docker.network={{ proxy_network }}"
+{% endif %}
+{% endif %}
+
+ networks:
+ internal:
+{% if proxy_network is defined and ipfscluster_api_users != omit %}
+ {{ proxy_network }}:
+{% endif %}
+
+
+networks:
+ internal:
+{% if proxy_network is defined and ipfscluster_api_users != omit %}
+ {{ proxy_network }}:
+ external: true
+{% endif %}
--
GitLab