Skip to content

Implement Private Networking #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 29 commits into from
Mar 8, 2023
Merged

Implement Private Networking #83

merged 29 commits into from
Mar 8, 2023

Conversation

RobotSail
Copy link
Collaborator

@RobotSail RobotSail commented Oct 18, 2022
edited
Loading

Fixes MAN-11
This PR implements private networking through the following mechanisms:

  • A new field is added: .spec.networking.networkMode which can be in one of two modes: public or private.
  • If a field of private is set, the IPFS operator generates a swarm key and sets it as the IPFS_SWARM_KEY environment variable for each of the IPFS containers, including configure-ipfs.
  • A list of bootstrap nodes are created which embed the first node's peer ID by creating a p2p circuit via the created circuit relays
  • The configure IPFS script embeds the list of bootstrap nodes in the IPFS config and all nodes are peered to the first (including the first).

@RobotSail RobotSail changed the title Sanity Check Implement Private Networking Oct 24, 2022
RobotSail
RobotSail commented Oct 24, 2022
View reviewed changes
api/v1alpha1/ipfscluster_types.go Outdated
}

// IpfsClusterSpec defines the desired state of the IpfsCluster.
type IpfsClusterSpec struct {
// url defines the URL to be using as an ingress controller.
// +kubebuilder:validation:Optional
URL string `json:"url"`
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

URL is deleted from spec because I did not see it used anywhere in the operator and I don't want to confuse users. Feel free to let me know if this needs to stay

RobotSail
RobotSail commented Oct 24, 2022
View reviewed changes
api/v1alpha1/ipfscluster_types.go Outdated
// networkMode is a switch which defines whether this IPFSCluster will use
// the global IPFS network or create its own.
// +kubebuilder:validation:Enum={public,private}
NetworkMode NetworkMode `json:"networkMode,omitempty"`
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe this could just be the Public boolean flag from the spec instead of an enum

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

hsanjuan
hsanjuan reviewed Oct 25, 2022
View reviewed changes
Copy link
Collaborator

@hsanjuan hsanjuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had a very quick look

controllers/ipfscluster_controller.go
Comment on lines +242 to +190
for _, circuitAddr := range peer.Addrs {
bootstrapAddr := fmt.Sprintf("%s/p2p/%s/p2p-circuit/p2p/%s", circuitAddr.String(), circuitID.String(), initPeerID)
bootstrapPeers = append(bootstrapPeers, bootstrapAddr)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems off... peers in a private network would not need to use relays to contact each other as they can dial each other directly over their LAN IPs...

There's also a question of what are relays for in private networks. The relays cannot communicate to ipfs nodes at all if those nodes are configured with a PNET key. The relays would need support for private networks too.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added PSK support within the relay daemon within the release of go-libp2p-relay-daemon v0.4.0.

@RobotSail
update csv
18d3dc0 
Signed-off-by: Oleg <[email protected]>
@RobotSail
add network selection
e8d404a 
Signed-off-by: Oleg <[email protected]>
@RobotSail
copy files to helm crds after generating
108abdc 
Signed-off-by: Oleg <[email protected]>
@RobotSail
fix dependencies
d467f24 
Signed-off-by: Oleg <[email protected]>
@RobotSail
refactor to ensure resources sequentially
6355a41 
Signed-off-by: Oleg <[email protected]>
@RobotSail
add private networking
d937ffb 
Signed-off-by: Oleg <[email protected]>
@RobotSail
handle race condition
49ed511 
Signed-off-by: Oleg <[email protected]>
@RobotSail
reduce allowed time & avoid setting key
3e1a27f 
Signed-off-by: Oleg <[email protected]>
@RobotSail
update helm install
cc1a393 
Signed-off-by: Oleg <[email protected]>
@RobotSail
allow circuitrelay to set a private swarm key
c309068 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
use redhat-et-ipfs image
f19fc4f 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
allow circuitrelay to be configured using a private swarm key
772ad22 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
lint code
a7304c9 
Signed-off-by: Oleg S <[email protected]>
@RobotSail RobotSail requested a review from hsanjuan February 8, 2023 15:44
@RobotSail
Copy link
Collaborator Author

@hsanjuan I've updated the PR with the new PSK support merged in go-libp2p-relay-daemon release v0.4.0. Could you please take a quick look again when you have a minute and let me know if there's anything I should change?

cooktheryan
cooktheryan reviewed Feb 15, 2023
View reviewed changes
cooktheryan
cooktheryan reviewed Feb 15, 2023
View reviewed changes
@cooktheryan
Copy link
Collaborator

No major concerns from my end. A question and a single nit but great job cleaning up some hardcoded values that may have caused us pain down the line

@RobotSail
rename NetworkMode -> Public
90cd361 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
docs
f42d67e 
Signed-off-by: Oleg S <[email protected]>
@cooktheryan
Copy link
Collaborator

/LGTM

@cooktheryan cooktheryan self-requested a review February 15, 2023 21:17
RobotSail added 14 commits March 2, 2023 13:11
@RobotSail
temporarily remove ipfs directly
b5bc3b1 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
add extra log messages to find failpoint
98cf06e 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
rename assert
3ed6e8a 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
log more information
5038d10 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
test creating data
573af2c 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
print out path before running e2e tests
8976fd4 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
check information when running test
a7bf4de 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
try printing out again
f7ded6a 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
disable pipefail, log some extra info
806c8c5 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
remove lockfile beforehand
abe39a9 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
remove lockfile
698922b 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
remove lockfile
b50053d 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
remove lockfile
baaa95f 
Signed-off-by: Oleg S <[email protected]>
@RobotSail
move commands into an until loop
4e784d4 
Signed-off-by: Oleg S <[email protected]>
@RobotSail RobotSail merged commit a3c6dbb into ipfs-cluster:main Mar 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cooktheryan cooktheryan cooktheryan approved these changes

@coryschwartz coryschwartz Awaiting requested review from coryschwartz

@hsanjuan hsanjuan Awaiting requested review from hsanjuan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RobotSail @cooktheryan @hsanjuan