Ipfs-cluster-ctl connect to ipfs-cluster-service via libp2p trouble

insanity54 · July 10, 2023, 10:51pm

I’ve got an ipfs-cluster-service 1.0.6 running on a VPS. I would like to run commands on it using ipfs-cluster-ctl 1.0.6 via libp2p. However, when I try, I get an error.

ipfs-cluster-ctl --force-http --debug --host '/ip4/38.242.216.6/tcp/9096/ipfs/QmZSZJeo3o3q2q3M5VTtH6UrgWEodYLmhRwpaoU8uQzbrM' --basic-auth 'redacted:redacted' --secret 3acade7f761c91f5fe3d34c4f4d15a17f817bc3463ab4395958f302b222a023b status
2023-07-10T14:42:54.786-0800    DEBUG   cluster-ctl     ipfs-cluster-ctl/main.go:153    debug level enabled
2023-07-10T14:42:54.792-0800    DEBUG   apiclient       client/lbclient.go:81   retrying 1 times
2023-07-10T14:42:54.792-0800    DEBUG   apiclient       client/request.go:63    GET: libp2p://QmZSZJeo3o3q2q3M5VTtH6UrgWEodYLmhRwpaoU8uQzbrM/pins?local=false&filter=&cids=
2023-07-10T14:42:55.850-0800    ERROR   apiclient       client/lbclient.go:104  reached maximum number of retries without success, retries: 1
An error occurred:
  Code: 0
  Message: Get "libp2p://QmZSZJeo3o3q2q3M5VTtH6UrgWEodYLmhRwpaoU8uQzbrM/pins?local=false&filter=&cids=": protocols not supported: [/libp2p-http]

The error brings up more questions than answers. It says protocol not supported, but which process is it talking about? Is it ipfs-cluster-service or ipfs-cluster-ctl that is not supporting the protocol?

Why is the protocol not supported? I am following the IPFS Cluster documentation which suggests I can connect to ipfs-cluster-service restapi using libp2p.

I’ve been searching for answers and found some git issues and PRs which mention the feature of being able to use libp2p.

github.com/ipfs-cluster/ipfs-cluster

Feat #305: Libp2p support for REST API

ipfs-cluster:master ← ipfs-cluster:feat/restapi-libp2p

opened 11:00PM - 14 Mar 18 UTC

hsanjuan

+1535 -807

This does something very cool: Since the cluster peer has a libp2p host, we c…an pipe the http traffic under encrypted libp2p streams and basically get encrypted traffic to/from the API for free, without needing to setup certificates. Doing this has required a bunch of changes: * First we need to create the Host outside the Cluster component, so we can re-use it for the API component. * Then we need to have the API component take a host. * We also support that the API component creates a fully different host (with different key etc). But this is not default. But if the user provides ID, PrivateKey, ListenAddress we do that * Then if we want to use libp2p we use a gostream listener for libp2p-http protocol and use it with the standard http.Server * Then the rest client needs to be able to talk to this, rather than to http endpoint, so we create a host and use go-libp2p-http to register a custom transport and create a libp2p-powered http.Client with it * Then we need to have ipfs-cluster-ctl figure out when the `--host` parameter is an libp2p multiaddress (<...>/ipfs/peer_id), and configure the client accordingly. The rest: expand the tests to use both plain and tunneled http, deal with PNet, use new libp2p host constructors, use new Pnet helpers and other cosmetics. This is a very big PR, but the commits in correspond to each step, are self-contained to components and the log messages explain the change, so probably easy to check one by one. Note, there will still be some refactoring/function splitting coming (I want to leave a green codeclimate). Fixes #305 .

github.com/ipfs-cluster/ipfs-cluster

REST API and ipfs-cluster-ctl should be able to talk over libp2p

opened 01:49PM - 25 Jan 18 UTC

closed 12:22PM - 26 Mar 18 UTC

hsanjuan

kind/enhancement exp/wizard P2

This gives secure transport out of the box, without the need to setup https. But… there are many considerations: * Might need an extra libp2p host on the rest api side, and one on the ctl side. * Not sure what to do about authorization. If the main libp2p host is re-used, allowing anyone to use the rest api would imply revealing the swarm secret too (bad). * Not sure if this could be solved by registering RPC methods from the REST API and using them directly, thus, no longer an http rest api, but providing another libp2p-based api. * Alternatively, we can pass http with libp2p. This problably comes handy: https://github.com/hsanjuan/go-libp2p-http, but should be re-written using https://github.com/hsanjuan/go-libp2p-gostream (would basic auth still work with this? maybe yes, which is nice). * HTTP api should stay as an option (even maybe running both apis in parallel) * REST client should support both things (cluster-ctl uses it, and cluster-ctl should support both things too) * This will require configuration file for cluster-ctl (`ctl.conf`) * Does it make sense to make a rest/api wrapper that does it (as a separate component, like a libp2p-to-http proxy) or rather to develop it in the rest/api component directly? In any case, HTTP APIs are very important for integrations with other software, so providing via libp2p should be an alternative only, and the user should choose which one is on (or both). Todo: actually figure out the best approach.

I must be missing something. I’ll keep poking at this. If anybody has any ideas I’d love to hear them. Thank you!

insanity54 · July 11, 2023, 12:35am

Based on the documentation, I’m suspecting that libp2p is not listening by default for crdt clusters, which is what I’m doing.

The REST API component automatically, and additionally, can expose the HTTP API as a libp2p service on the main libp2p cluster Host (which listens on port 9096) (this happens by default on Raft clusters)

I got it working by defining api.restapi.libp2p_listen_multiaddress, api.restapi.id, and api.restapi.private_key in the cluster config. Also instead of --force-http I used --https.

hector · July 12, 2023, 4:17pm

There are some more details here:

CRDT clusters with “followers” could share the cluster-secret publicly and this would give access to the libp2p API endpoint if it was enabled by default on the main libp2p-host.

Thus it is necessary to define a separate host.

Regarding ipfs-cluster-ctl usage, you can ipfs-cluster-ctl --host /ip4/<ip>/tcp/<port>/p2p/<api_peer_id> and it should use libp2p-http tunnel. If you are using --force-http changes are that you are talking to the normal http endpoint.

Topic		Replies	Views
Ipfs-cluster-ctl: 127.0.0.1:9094: connect: connection refused IPFS Cluster	15	2601	October 9, 2020
[Solved] `ipfs-cluster-ctl pin ls` throws an error Help ipfs-cluster	0	231	September 11, 2022
Ipfs-cluster offline IPFS go-ipfs , ipfs-cluster , ipns	4	165	May 3, 2024
Ipfs-cluster-ctl pin not working ipfs-cluster	1	656	October 2, 2017
How to point ipfs-cluster-ctl to a custom path? Help ipfs-cluster	4	355	February 18, 2021

Ipfs-cluster-ctl connect to ipfs-cluster-service via libp2p trouble

Related topics