diff options
Diffstat (limited to 'other/bootstrap_daemon')
-rw-r--r-- | other/bootstrap_daemon/README.md | 134 | ||||
-rw-r--r-- | other/bootstrap_daemon/tox-bootstrapd.service | 8 |
2 files changed, 90 insertions, 52 deletions
diff --git a/other/bootstrap_daemon/README.md b/other/bootstrap_daemon/README.md index d0c16eb1..e77e3ae0 100644 --- a/other/bootstrap_daemon/README.md +++ b/other/bootstrap_daemon/README.md | |||
@@ -1,6 +1,17 @@ | |||
1 | ##Instructions | 1 | #Instructions |
2 | 2 | ||
3 | This instruction primarily tested on Linux but, may be, will work on other POSIX-compliant systems. | 3 | - [For `systemd` users](#systemd) |
4 | - [Troubleshooting](#systemd-troubleshooting) | ||
5 | <br> | ||
6 | - [For `init.d` users](#initd) | ||
7 | - [Troubleshooting](#initd-troubleshooting) | ||
8 | |||
9 | |||
10 | These instructions are primarily tested on Debian Linux, Wheezy for init.d and Jessie for systemd, but they should work on other POSIX-compliant systems too. | ||
11 | |||
12 | |||
13 | <a name="systemd" /> | ||
14 | ##For `systemd` users: | ||
4 | 15 | ||
5 | For security reasons we run the daemon under its own user. | 16 | For security reasons we run the daemon under its own user. |
6 | 17 | ||
@@ -9,100 +20,129 @@ Create a new user by executing the following: | |||
9 | sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd | 20 | sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd |
10 | ``` | 21 | ``` |
11 | 22 | ||
12 | Copy `tox-bootstrapd.conf` file to where `CFGFILE` variable from `tox-bootstrapd.sh` tells (for `init.d` users) or `ExecStart=` from `tox-bootstrap.service` ( for `systemd` users). By default it's `/etc/tox-bootstrapd.conf`. | ||
13 | |||
14 | Go over everything in `tox-bootstrapd.conf`. Make sure `pid_file_path` matches `PIDFILE` from `tox-bootstrapd.sh` (`init.d`) or `PIDFile=` from `tox-bootstrap.service` AND file in `ExecStartPre`(`systemd`). | ||
15 | |||
16 | |||
17 | Restrict access to home directory: | 23 | Restrict access to home directory: |
18 | ```sh | 24 | ```sh |
19 | sudo chmod 700 /var/lib/tox-bootstrapd | 25 | sudo chmod 700 /var/lib/tox-bootstrapd |
20 | ``` | 26 | ``` |
21 | 27 | ||
22 | ##For `init.d` users: | 28 | Copy `tox-bootstrapd.conf` file to where `ExecStart=` from `tox-bootstrapd.service` points to. By default it's `/etc/tox-bootstrapd.conf`. |
29 | ```sh | ||
30 | sudo cp tox-bootstrapd.conf /etc/tox-bootstrapd.conf | ||
31 | ``` | ||
23 | 32 | ||
24 | Look at the variable declarations in the beginning of `tox-bootstrapd.sh` init script to see if you need to change anything for it to work for you. The default values must be fine for most users and we assume that you use those next. | 33 | Go over everything in the copied `tox-bootstrapd.conf` file. Set options you want and add actual working nodes to the `bootstrap_nodes` list, instead of the example ones, if you want your node to connect to the Tox network. Make sure `pid_file_path` matches `PIDFile=` from `tox-bootstrapd.service`. |
25 | 34 | ||
26 | Copy `tox-bootstrapd.sh` init file to `/etc/init.d/tox-bootstrapd` (note the disappearance of ".sh" ending). | 35 | Copy `tox-bootstrapd.service` to `/etc/systemd/system/`: |
27 | ```sh | 36 | ```sh |
28 | sudo cp tox-bootstrapd.sh /etc/init.d/tox-bootstrapd | 37 | sudo cp tox-bootstrapd.service /etc/systemd/system/ |
29 | ``` | 38 | ``` |
30 | 39 | ||
31 | Set permissions for the init system to run the script: | 40 | You must uncomment the next line in tox-bootstrapd.service, if you want to use port number < 1024 |
41 | |||
42 | #CapabilityBoundingSet=CAP_NET_BIND_SERVICE | ||
43 | |||
44 | and, possibly, install `libcap2-bin` or `libcap2` package, depending of your distribution. | ||
45 | |||
46 | Reload systemd units definitions, enable service for automatic start (if needed), start it and verify it's running: | ||
32 | ```sh | 47 | ```sh |
33 | sudo chmod 755 /etc/init.d/tox-bootstrapd | 48 | sudo systemctl daemon-reload |
49 | sudo systemctl enable tox-bootstrapd.service | ||
50 | sudo systemctl start tox-bootstrapd.service | ||
51 | sudo systemctl status tox-bootstrapd.service | ||
34 | ``` | 52 | ``` |
35 | 53 | ||
36 | Make the init system aware of the script: | 54 | Get your public key and check that the daemon initialized correctly: |
37 | ```sh | 55 | ```sh |
38 | sudo update-rc.d tox-bootstrapd defaults | 56 | sudo grep "tox-bootstrapd" /var/log/syslog |
39 | ``` | 57 | ``` |
40 | 58 | ||
41 | Start the daemon: | 59 | <a name="systemd-troubleshooting" /> |
60 | ###Troubleshooting: | ||
61 | |||
62 | - Check daemon's status: | ||
42 | ```sh | 63 | ```sh |
43 | sudo service tox-bootstrapd start | 64 | sudo systemctl status tox-bootstrapd.service |
44 | ``` | 65 | ``` |
45 | 66 | ||
46 | Verify it's running: | 67 | - Check the log for errors: |
47 | ```sh | 68 | ```sh |
48 | sudo service tox-bootstrapd status | 69 | sudo grep "tox-bootstrapd" /var/log/syslog |
70 | # or | ||
71 | sudo journalctl --pager-end | ||
72 | # or | ||
73 | sudo journalctl -f _SYSTEMD_UNIT=tox-bootstrapd.service | ||
49 | ``` | 74 | ``` |
50 | 75 | ||
51 | Get your public key and check that the daemon initialized correctly: | 76 | - Make sure tox-bootstrapd user has write permission for keys and pid files. |
77 | |||
78 | - Make sure tox-bootstrapd has read permission for the config file. | ||
79 | |||
80 | - Make sure tox-bootstrapd location matches its path in tox-bootstrapd.service file. | ||
81 | |||
82 | |||
83 | <a name="initd" /> | ||
84 | ##For `init.d` users | ||
85 | |||
86 | For security reasons we run the daemon under its own user. | ||
87 | |||
88 | Create a new user by executing the following: | ||
52 | ```sh | 89 | ```sh |
53 | sudo grep "tox-bootstrapd" /var/log/syslog | 90 | sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd |
54 | ``` | 91 | ``` |
55 | 92 | ||
56 | ##For `systemd` users: | 93 | Restrict access to home directory: |
94 | ```sh | ||
95 | sudo chmod 700 /var/lib/tox-bootstrapd | ||
96 | ``` | ||
57 | 97 | ||
58 | Copy tox-bootstrap.service to /etc/systemd/system/: | 98 | Copy `tox-bootstrapd.conf` file to where `CFGFILE` variable from `tox-bootstrapd.sh` points to. By default it's `/etc/tox-bootstrapd.conf`. |
59 | ```sh | 99 | ```sh |
60 | sudo cp tox-bootstrap.service /etc/systemd/system/ | 100 | sudo cp tox-bootstrapd.conf /etc/tox-bootstrapd.conf |
61 | ``` | 101 | ``` |
62 | 102 | ||
63 | Make sure, that path to `chown` and `mkdir` is correct in `tox-bootstrap.service` (they may be different in some distributions, by default `/bin/chown` and `/bin/mkdir`) | 103 | Go over everything in the copied `tox-bootstrapd.conf` file. Set options you want and add actual working nodes to the `bootstrap_nodes` list, instead of the example ones, if you want your node to connect to the Tox network. Make sure `pid_file_path` matches `PIDFILE` from `tox-bootstrapd.sh`. |
64 | 104 | ||
65 | You must uncomment the next line in tox-bootstrap.service, if you want to use port number <1024 | 105 | Look at the variable declarations in the beginning of `tox-bootstrapd.sh` init script to see if you need to change anything for it to work on your system. The default values must be fine for most users and we assume that you use those next. |
66 | |||
67 | #CapabilityBoundingSet=CAP_NET_BIND_SERVICE | ||
68 | 106 | ||
69 | and, possibly, install `libcap2-bin` or `libcap2` package, depending of your distribution. | 107 | Copy `tox-bootstrapd.sh` init script to `/etc/init.d/tox-bootstrapd` (note the disappearance of ".sh" ending): |
108 | ```sh | ||
109 | sudo cp tox-bootstrapd.sh /etc/init.d/tox-bootstrapd | ||
110 | ``` | ||
70 | 111 | ||
112 | Set permissions for the init system to run the script: | ||
113 | ```sh | ||
114 | sudo chmod 755 /etc/init.d/tox-bootstrapd | ||
115 | ``` | ||
71 | 116 | ||
72 | Reload systemd units definitions, enable service for automatic start (if needed), and start it: | 117 | Make the init system aware of the script, start the daemon and verify it's running: |
73 | ```sh | 118 | ```sh |
74 | sudo systemctl daemon-reload | 119 | sudo update-rc.d tox-bootstrapd defaults |
75 | sudo systemctl enable tox-bootstrap.service | 120 | sudo service tox-bootstrapd start |
76 | sudo systemctl start tox-bootstrap.service | 121 | sudo service tox-bootstrapd status |
122 | ``` | ||
123 | |||
124 | Get your public key and check that the daemon initialized correctly: | ||
125 | ```sh | ||
126 | sudo grep "tox-bootstrapd" /var/log/syslog | ||
77 | ``` | 127 | ``` |
128 | |||
129 | <a name="initd-troubleshooting" /> | ||
78 | ###Troubleshooting: | 130 | ###Troubleshooting: |
79 | 131 | ||
80 | - Check daemon's status: | 132 | - Check daemon's status: |
81 | ```sh | 133 | ```sh |
82 | #init.d | ||
83 | sudo service tox-bootstrapd status | 134 | sudo service tox-bootstrapd status |
84 | |||
85 | #systemd | ||
86 | sudo systemctl status tox-bootstrap.service | ||
87 | ``` | 135 | ``` |
88 | 136 | ||
89 | - Check the log for errors: | 137 | - Check the log for errors: |
90 | ```sh | 138 | ```sh |
91 | #init.d | ||
92 | sudo grep "tox-bootstrapd" /var/log/syslog | 139 | sudo grep "tox-bootstrapd" /var/log/syslog |
93 | |||
94 | #systemd | ||
95 | sudo journalctl -f _SYSTEMD_UNIT=tox-bootstrap.service | ||
96 | ``` | 140 | ``` |
97 | 141 | ||
98 | `init.d`: | ||
99 | - Check that variables in the beginning of `/etc/init.d/tox-bootstrapd` are valid. | 142 | - Check that variables in the beginning of `/etc/init.d/tox-bootstrapd` are valid. |
100 | 143 | ||
101 | 144 | - Make sure tox-bootstrapd user has write permission for keys and pid files. | |
102 | Common: | ||
103 | |||
104 | - Make sure tox-bootstrapd user has write permission for keys and pid files (in systemd pid file insured by unit definition). | ||
105 | 145 | ||
106 | - Make sure tox-bootstrapd has read permission for the config file. | 146 | - Make sure tox-bootstrapd has read permission for the config file. |
107 | 147 | ||
108 | - Make sure tox-bootstrapd location matches its path in init scripts, if you specified non-default `--prefix`, when building. | 148 | - Make sure tox-bootstrapd location matches its path in the `/etc/init.d/tox-bootstrapd` init script. |
diff --git a/other/bootstrap_daemon/tox-bootstrapd.service b/other/bootstrap_daemon/tox-bootstrapd.service index 4b499311..db54cc41 100644 --- a/other/bootstrap_daemon/tox-bootstrapd.service +++ b/other/bootstrap_daemon/tox-bootstrapd.service | |||
@@ -4,16 +4,14 @@ After=network.target | |||
4 | 4 | ||
5 | [Service] | 5 | [Service] |
6 | Type=forking | 6 | Type=forking |
7 | PermissionsStartOnly=true | 7 | RuntimeDirectory=tox-bootstrapd |
8 | ExecStartPre=-/bin/mkdir /var/run/tox-bootstrapd -p | 8 | RuntimeDirectoryMode=750 |
9 | ExecStartPre=/bin/chown tox-bootstrapd:tox-bootstrapd -R /var/run/tox-bootstrapd | 9 | PIDFile=/var/run/tox-bootstrapd/tox-bootstrapd.pid |
10 | WorkingDirectory=/var/lib/tox-bootstrapd | 10 | WorkingDirectory=/var/lib/tox-bootstrapd |
11 | ExecStart=/usr/local/bin/tox-bootstrapd /etc/tox-bootstrapd.conf | 11 | ExecStart=/usr/local/bin/tox-bootstrapd /etc/tox-bootstrapd.conf |
12 | User=tox-bootstrapd | 12 | User=tox-bootstrapd |
13 | Group=tox-bootstrapd | 13 | Group=tox-bootstrapd |
14 | PIDFile=/var/run/tox-bootstrapd/tox-bootstrapd.pid | ||
15 | #CapabilityBoundingSet=CAP_NET_BIND_SERVICE | 14 | #CapabilityBoundingSet=CAP_NET_BIND_SERVICE |
16 | 15 | ||
17 | [Install] | 16 | [Install] |
18 | WantedBy=multi-user.target | 17 | WantedBy=multi-user.target |
19 | |||