Open lidel opened 1 year ago
lidel
commented
1 year ago @mashi @willscott just for the sake of planning, do we have any ETA for cid.contact supporting IPNS lookups (IPIP-351)?
If it is not happening in next 1-2 months, we could still do this cleanup if we repurpose delegate nodes and expose /ipns/id?format=ipns-record there (they already run kubo, so it is only a nginx config change).
lidel
commented
1 year ago Filled https://github.com/protocol/bifrost-infra/pull/2701 to enable /ipns/id?format=ipns-record (Accept: application/vnd.ipfs.ipns-record) lookups at node[0-2].delegate.ipfs.io.
Once we have it in prod, we can remove Kubo RPC related code incl. KUBO_RPC_URL and implement IPNS_GATEWAY_URL
lidel
commented
1 year ago https://github.com/protocol/bifrost-infra/pull/2701 got merged, and we now can switch routing.go to fetch signed IPNS records via:
$ curl -s -H 'Accept: application/vnd.ipfs.ipns-record' "https://node2.delegate.ipfs.io/ipns/k51qzi5uqu5dgutdk6i1ynyzgkqngpha5xpgia3a5qqp4jsh0u4csozksxel2r" -o test.ipns-recordAnd then verify signature locally:
$ ipfs name inspect --verify k51qzi5uqu5dgutdk6i1ynyzgkqngpha5xpgia3a5qqp4jsh0u4csozksxel2r ./test.ipns-record
Value: "/ipfs/bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi"
[...]
Valid: true
[...]With this, adding IPNS_RECORD_GATEWAY as a list of URLs will allow us to support both endpoints from IPIP-351 and IPIP-379.
hacdias
commented
1 year ago Remove Kubo RPC code from bifrost-gateway.
Maybe I'm overlooking something: does this mean we should also remove the proxy code to the RPC API? If we don't, we'll still depend on those delegation nodes.
lidel
commented
1 year ago @hacdias you are right, we need to keep KUBO_RPC_URL for these legacy /api/v0 paths handled by newKuboRPCHandler – but these are only redirects, and we should only register /api/v0 listener when KUBO_RPC_URL is set (see https://github.com/ipfs/bifrost-gateway/pull/185#discussion_r1289266069)
IPNS resolution and raw signed records are fetched from Kubo RPC at
node[0-2].delegate.ipfs.ionodes (details why: https://github.com/ipfs/bifrost-gateway/issues/5)https://github.com/ipfs/bifrost-gateway/blob/49d8b1475fd4298f8f50a6557181810d542ddcac/routing.go#L91
Problem
PL wants to shut down delegate/preload nodes at some point: https://github.com/ipfs/ipfs/issues/499
Solution
Remove Kubo RPC code from bifrost-gateway.
Switch to support for
/routing/v1/ipnsand/or some external trustless gateway that supports application/vnd.ipfs.ipns-record responses (IPIP-351). Make the default behavior work out of the box when user is self-hosting with own trustless gateway.Default: use the same backend as Block and CAR requests
When
KUBO_RPC_URLis not set, bifrost-gateway should fetch IPNS record fromPROXY_GATEWAY_URLvia/ipns/id?format=ipns-record(IPIP-351)This allows users to self-host using regular Kubo or other trustless-gateway based on boxo/gateway library as a backend, without having to run a dedicated service just for IPNS resolution.
There should be optional
IPNS_RECORD_GATEWAYthat overridesPROXY_GATEWAY_URL, in case someone wants to have a dedicate service for IPNS cache/lookups, separate from blocks and cars.Or if we want to use this in Rhea, where
PROXY_GATEWAY_URLis not used, and we have Saturn-specific orchestrator.Opt-in: delegate to
/routing/v1/ipnsSince
/ipns/id?format=ipns-recorddescribed above depends on the backend gateway to support application/vnd.ipfs.ipns-record responses, this may not be possible to do in deployments like Rhea, because Saturn does not speak IPNS.If
IPNS_RECORD_GATEWAYends with/routing/v1HTTP APIs then things still work, as long we concatenate path. Namely, we would usehttps://cid.contact/routing/v1and ask it forrouting/v1/ipns/idfrom IPIP-379.This depends on cid.contact implementing IPIP-379.