Hi, i’m interested about ipfs cluster, but i need something like admin in this technology
I’m trying to make content sharing app, but can understand how some functions works
How can i control pin and unpin command?
Is there permissions for peers?
How to protect cluster from full unpin from hackers?
Found info about ipfs-cluster-ctl
Is ipfs-cluster-ctl control cluster? It’s like main daemon in one node?
Hi!
How can i control pin and unpin command?
There are 3 ways:
Is there permissions for peers?
The details of the current security model are explained here: https://github.com/ipfs/ipfs-cluster/blob/master/docs/ipfs-cluster-guide.md#security
How to protect cluster from full unpin from hackers?
Make sure cluster-secret is set and don’t expose the HTTP API or Proxy API to the world (both listen on localhost by default).
I’d recommend that you read the guide: https://github.com/ipfs/ipfs-cluster/blob/master/docs/ipfs-cluster-guide.md which is very detailed about how ipfs-cluster works.
One ipfs-cluster-service daemon runs for every ipfs node. ipfs-cluster-ctl is just the command line interface to control the daemons. Every cluster node can be used to perform trigger operations in the cluster (like pinning or unpinning).
All the peers in the cluster have a shared secret key. If you have this key you can ask any of the peers to pin/unpin something.
ipfs-cluster-ctl pin add <cid> # Pin a CID in ipfs-cluster ipfs-cluster-ctl pin rm <cid> # Upin a CID
If you have the key you can pin/unpin items, if you don’t have the key you can’t do anything. I don’t think there are any more than that.
If they don’t have the key they can’t do anything.
ipfs-cluster-ctl is the tool you use to control the entire cluster.
https://github.com/ipfs/ipfs-cluster/blob/master/docs/ipfs-cluster-guide.md#user-content-security
I’m read this post, but i didnt find answer
Can i disable pin or unpin for node?
For example
I have app, when app start with ipfs daemon cluster. App allow pps to share files, node A share music, and each nodes can download it. But i want to protect files node A, from deleting someone. Only node A or Admin can delete it.
Is it possible with cluster?
@hector @es_00788224
I like Akasha project, they have interesting idea, but they have many problems.
I don’t want to make new Akasha project, but want to make project like akasha only with posts and file sharing
.
So i thought, for a fast access to content, is it real, to pin and unpin for all clients? And found ipfs cluster, but as i can understand all nodes in cluster, can manage content?
You can’t delete things from ipfs. You can unpin at most.
With ipfscluster or without ipfscluster (using ipfs nodes directly) you have the same problem, if you allow API access to a stranger, that stranger can control what is pinned or unpinned.
If you’re using ipfs cluster, I understand you are going to provide storage for the users of your application. You will need to set up a layer on top of ipfs-cluster to control how access is granted or not, depending on your application needs. For example, you can use a simple application to track which hashes belong to user A and only do cluster unpin operation when the user is authenticated as A and is unpinning its hashes.
ipfs-cluster nodes in a cluster are all the same and don’t keep track of which content was pinned through them, they just orchestrate the maintenance of a shared pinset distributed across a bunch of ipfs nodes.
There is a problem. I tested ipfs cluster and saw that i cant control unpin.
Bcs user can do ipfs-cluster-ctl pin ls and unpin after that
[this is an informational side note for casual visitors who might read this thread]
To clarify that statement, you can delete things from any ipfs node that you have control over – unpin the content and then either wait for garbage collection to run or explicitly run it yourself. That will delete the content from your node.
What you can’t do is delete stuff off of nodes that you don’t have control over.
The classical http web parallel: you can delete content off of your own machines and you can delete content off of any servers that you have control over, but you can’t reach into other people’s machines and delete the copies they already downloaded. With the classical http web you can’t even see that those downloaded copies exist on the network.
To remedy this, ipfs-cluster is designed for situations where you want to run an entire network of coordinated nodes, where a leader is able to decide what is pinned or unpinned (and eventually garbage collected) on any of those nodes.
Hi
To remedy this, ipfs-cluster is designed for situations where you want to run an entire network of coordinated nodes, where a leader is able to decide what is pinned or unpinned (and eventually garbage collected) on any of those nodes.
Can’t find that in the docs. On default config any of the nodes can invoke a
ipfs-cluster-ctl pin rm
and that would result in unpinning content on all nodes - leader included.
You’re correct @mwelner. Cluster Leader is an internal thing to the consensus protocol used by cluster. From the outside (from the user’s point of view), every cluster peer is the same.