Merge pull request #6554 from Caian/feat/docker-swarm-key-vars

Add swarm key variables to container daemon
ipfs · Aug 7, 2019 · 7066042 · 7066042
2 parents 6139174 + 31d35d8
commit 7066042
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -338,6 +338,15 @@ When starting a container running ipfs for the first time with an empty data dir
 
     docker run -d --name ipfs_host -e IPFS_PROFILE=server -v $ipfs_staging:/export -v $ipfs_data:/data/ipfs -p 4001:4001 -p 127.0.0.1:8080:8080 -p 127.0.0.1:5001:5001 ipfs/go-ipfs:latest
 
+It is possible to initialize the container with a swarm key file (`/data/ipfs/swarm.key`) using the variables `IPFS_SWARM_KEY` and `IPFS_SWARM_KEY_FILE`. The `IPFS_SWARM_KEY` creates `swarm.key` with the contents of the variable itself, whilst `IPFS_SWARM_KEY_FILE` copies the key from a path stored in the variable. The `IPFS_SWARM_KEY_FILE` **overwrites** the key generated by `IPFS_SWARM_KEY`.
+
+    docker run -d --name ipfs_host -e IPFS_SWARM_KEY=<your swarm key> -v $ipfs_staging:/export -v $ipfs_data:/data/ipfs -p 4001:4001 -p 127.0.0.1:8080:8080 -p 127.0.0.1:5001:5001 ipfs/go-ipfs:latest
+
+The swarm key initialization can also be done using docker secrets **(requires docker swarm or docker-compose)**:
+
+    cat your_swarm.key | docker secret create swarm_key_secret -
+    docker run -d --name ipfs_host --secret swarm_key_secret -e IPFS_SWARM_KEY_FILE=/run/secrets/swarm_key_secret -v $ipfs_staging:/export -v $ipfs_data:/data/ipfs -p 4001:4001 -p 127.0.0.1:8080:8080 -p 127.0.0.1:5001:5001 ipfs/go-ipfs:latest
+
 ### Troubleshooting
 
 If you have previously installed IPFS before and you are running into problems getting a newer version to work, try deleting (or backing up somewhere else) your IPFS config directory (~/.ipfs by default) and rerunning `ipfs init`. This will reinitialize the config file to its defaults and clear out the local datastore of any bad entries.

diff --git a/bin/container_daemon b/bin/container_daemon
@@ -24,6 +24,33 @@ else
   ipfs init $INIT_ARGS
   ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
   ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080
+
+  # Set up the swarm key, if provided
+
+  SWARM_KEY_FILE="$repo/swarm.key"
+  SWARM_KEY_PERM=0400
+
+  # Create a swarm key from a given environment variable
+  if [ ! -z "$IPFS_SWARM_KEY" ] ; then
+    echo "Copying swarm key from variable..."
+    echo -e "$IPFS_SWARM_KEY" >"$SWARM_KEY_FILE" || exit 1
+    chmod $SWARM_KEY_PERM "$SWARM_KEY_FILE"
+  fi
+
+  # Unset the swarm key variable
+  unset IPFS_SWARM_KEY
+
+  # Check during initialization if a swarm key was provided and
+  # copy it to the ipfs directory with the right permissions
+  # WARNING: This will replace the swarm key if it exists
+  if [ ! -z "$IPFS_SWARM_KEY_FILE" ] ; then
+    echo "Copying swarm key from file..."
+    install -m $SWARM_KEY_PERM "$IPFS_SWARM_KEY_FILE" "$SWARM_KEY_FILE" || exit 1
+  fi
+
+  # Unset the swarm key file variable
+  unset IPFS_SWARM_KEY_FILE
+
 fi
 
 exec ipfs "$@"