summaryrefslogtreecommitdiff
path: root/other/bootstrap_daemon
diff options
context:
space:
mode:
Diffstat (limited to 'other/bootstrap_daemon')
-rw-r--r--other/bootstrap_daemon/README.md134
-rw-r--r--other/bootstrap_daemon/tox-bootstrapd.service8
2 files changed, 90 insertions, 52 deletions
diff --git a/other/bootstrap_daemon/README.md b/other/bootstrap_daemon/README.md
index d0c16eb1..e77e3ae0 100644
--- a/other/bootstrap_daemon/README.md
+++ b/other/bootstrap_daemon/README.md
@@ -1,6 +1,17 @@
1##Instructions 1#Instructions
2 2
3This instruction primarily tested on Linux but, may be, will work on other POSIX-compliant systems. 3- [For `systemd` users](#systemd)
4 - [Troubleshooting](#systemd-troubleshooting)
5<br>
6- [For `init.d` users](#initd)
7 - [Troubleshooting](#initd-troubleshooting)
8
9
10These instructions are primarily tested on Debian Linux, Wheezy for init.d and Jessie for systemd, but they should work on other POSIX-compliant systems too.
11
12
13<a name="systemd" />
14##For `systemd` users:
4 15
5For security reasons we run the daemon under its own user. 16For security reasons we run the daemon under its own user.
6 17
@@ -9,100 +20,129 @@ Create a new user by executing the following:
9sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd 20sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
10``` 21```
11 22
12Copy `tox-bootstrapd.conf` file to where `CFGFILE` variable from `tox-bootstrapd.sh` tells (for `init.d` users) or `ExecStart=` from `tox-bootstrap.service` ( for `systemd` users). By default it's `/etc/tox-bootstrapd.conf`.
13
14Go over everything in `tox-bootstrapd.conf`. Make sure `pid_file_path` matches `PIDFILE` from `tox-bootstrapd.sh` (`init.d`) or `PIDFile=` from `tox-bootstrap.service` AND file in `ExecStartPre`(`systemd`).
15
16
17Restrict access to home directory: 23Restrict access to home directory:
18```sh 24```sh
19sudo chmod 700 /var/lib/tox-bootstrapd 25sudo chmod 700 /var/lib/tox-bootstrapd
20``` 26```
21 27
22##For `init.d` users: 28Copy `tox-bootstrapd.conf` file to where `ExecStart=` from `tox-bootstrapd.service` points to. By default it's `/etc/tox-bootstrapd.conf`.
29```sh
30sudo cp tox-bootstrapd.conf /etc/tox-bootstrapd.conf
31```
23 32
24Look at the variable declarations in the beginning of `tox-bootstrapd.sh` init script to see if you need to change anything for it to work for you. The default values must be fine for most users and we assume that you use those next. 33Go over everything in the copied `tox-bootstrapd.conf` file. Set options you want and add actual working nodes to the `bootstrap_nodes` list, instead of the example ones, if you want your node to connect to the Tox network. Make sure `pid_file_path` matches `PIDFile=` from `tox-bootstrapd.service`.
25 34
26Copy `tox-bootstrapd.sh` init file to `/etc/init.d/tox-bootstrapd` (note the disappearance of ".sh" ending). 35Copy `tox-bootstrapd.service` to `/etc/systemd/system/`:
27```sh 36```sh
28sudo cp tox-bootstrapd.sh /etc/init.d/tox-bootstrapd 37sudo cp tox-bootstrapd.service /etc/systemd/system/
29``` 38```
30 39
31Set permissions for the init system to run the script: 40You must uncomment the next line in tox-bootstrapd.service, if you want to use port number < 1024
41
42 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
43
44and, possibly, install `libcap2-bin` or `libcap2` package, depending of your distribution.
45
46Reload systemd units definitions, enable service for automatic start (if needed), start it and verify it's running:
32```sh 47```sh
33sudo chmod 755 /etc/init.d/tox-bootstrapd 48sudo systemctl daemon-reload
49sudo systemctl enable tox-bootstrapd.service
50sudo systemctl start tox-bootstrapd.service
51sudo systemctl status tox-bootstrapd.service
34``` 52```
35 53
36Make the init system aware of the script: 54Get your public key and check that the daemon initialized correctly:
37```sh 55```sh
38sudo update-rc.d tox-bootstrapd defaults 56sudo grep "tox-bootstrapd" /var/log/syslog
39``` 57```
40 58
41Start the daemon: 59<a name="systemd-troubleshooting" />
60###Troubleshooting:
61
62- Check daemon's status:
42```sh 63```sh
43sudo service tox-bootstrapd start 64sudo systemctl status tox-bootstrapd.service
44``` 65```
45 66
46Verify it's running: 67- Check the log for errors:
47```sh 68```sh
48sudo service tox-bootstrapd status 69sudo grep "tox-bootstrapd" /var/log/syslog
70# or
71sudo journalctl --pager-end
72# or
73sudo journalctl -f _SYSTEMD_UNIT=tox-bootstrapd.service
49``` 74```
50 75
51Get your public key and check that the daemon initialized correctly: 76- Make sure tox-bootstrapd user has write permission for keys and pid files.
77
78- Make sure tox-bootstrapd has read permission for the config file.
79
80- Make sure tox-bootstrapd location matches its path in tox-bootstrapd.service file.
81
82
83<a name="initd" />
84##For `init.d` users
85
86For security reasons we run the daemon under its own user.
87
88Create a new user by executing the following:
52```sh 89```sh
53sudo grep "tox-bootstrapd" /var/log/syslog 90sudo useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment "Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
54``` 91```
55 92
56##For `systemd` users: 93Restrict access to home directory:
94```sh
95sudo chmod 700 /var/lib/tox-bootstrapd
96```
57 97
58Copy tox-bootstrap.service to /etc/systemd/system/: 98Copy `tox-bootstrapd.conf` file to where `CFGFILE` variable from `tox-bootstrapd.sh` points to. By default it's `/etc/tox-bootstrapd.conf`.
59```sh 99```sh
60sudo cp tox-bootstrap.service /etc/systemd/system/ 100sudo cp tox-bootstrapd.conf /etc/tox-bootstrapd.conf
61``` 101```
62 102
63Make sure, that path to `chown` and `mkdir` is correct in `tox-bootstrap.service` (they may be different in some distributions, by default `/bin/chown` and `/bin/mkdir`) 103Go over everything in the copied `tox-bootstrapd.conf` file. Set options you want and add actual working nodes to the `bootstrap_nodes` list, instead of the example ones, if you want your node to connect to the Tox network. Make sure `pid_file_path` matches `PIDFILE` from `tox-bootstrapd.sh`.
64 104
65You must uncomment the next line in tox-bootstrap.service, if you want to use port number <1024 105Look at the variable declarations in the beginning of `tox-bootstrapd.sh` init script to see if you need to change anything for it to work on your system. The default values must be fine for most users and we assume that you use those next.
66
67 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
68 106
69and, possibly, install `libcap2-bin` or `libcap2` package, depending of your distribution. 107Copy `tox-bootstrapd.sh` init script to `/etc/init.d/tox-bootstrapd` (note the disappearance of ".sh" ending):
108```sh
109sudo cp tox-bootstrapd.sh /etc/init.d/tox-bootstrapd
110```
70 111
112Set permissions for the init system to run the script:
113```sh
114sudo chmod 755 /etc/init.d/tox-bootstrapd
115```
71 116
72Reload systemd units definitions, enable service for automatic start (if needed), and start it: 117Make the init system aware of the script, start the daemon and verify it's running:
73```sh 118```sh
74sudo systemctl daemon-reload 119sudo update-rc.d tox-bootstrapd defaults
75sudo systemctl enable tox-bootstrap.service 120sudo service tox-bootstrapd start
76sudo systemctl start tox-bootstrap.service 121sudo service tox-bootstrapd status
122```
123
124Get your public key and check that the daemon initialized correctly:
125```sh
126sudo grep "tox-bootstrapd" /var/log/syslog
77``` 127```
128
129<a name="initd-troubleshooting" />
78###Troubleshooting: 130###Troubleshooting:
79 131
80- Check daemon's status: 132- Check daemon's status:
81```sh 133```sh
82#init.d
83sudo service tox-bootstrapd status 134sudo service tox-bootstrapd status
84
85#systemd
86sudo systemctl status tox-bootstrap.service
87``` 135```
88 136
89- Check the log for errors: 137- Check the log for errors:
90```sh 138```sh
91#init.d
92sudo grep "tox-bootstrapd" /var/log/syslog 139sudo grep "tox-bootstrapd" /var/log/syslog
93
94#systemd
95sudo journalctl -f _SYSTEMD_UNIT=tox-bootstrap.service
96``` 140```
97 141
98`init.d`:
99- Check that variables in the beginning of `/etc/init.d/tox-bootstrapd` are valid. 142- Check that variables in the beginning of `/etc/init.d/tox-bootstrapd` are valid.
100 143
101 144- Make sure tox-bootstrapd user has write permission for keys and pid files.
102Common:
103
104- Make sure tox-bootstrapd user has write permission for keys and pid files (in systemd pid file insured by unit definition).
105 145
106- Make sure tox-bootstrapd has read permission for the config file. 146- Make sure tox-bootstrapd has read permission for the config file.
107 147
108- Make sure tox-bootstrapd location matches its path in init scripts, if you specified non-default `--prefix`, when building. 148- Make sure tox-bootstrapd location matches its path in the `/etc/init.d/tox-bootstrapd` init script.
diff --git a/other/bootstrap_daemon/tox-bootstrapd.service b/other/bootstrap_daemon/tox-bootstrapd.service
index 4b499311..db54cc41 100644
--- a/other/bootstrap_daemon/tox-bootstrapd.service
+++ b/other/bootstrap_daemon/tox-bootstrapd.service
@@ -4,16 +4,14 @@ After=network.target
4 4
5[Service] 5[Service]
6Type=forking 6Type=forking
7PermissionsStartOnly=true 7RuntimeDirectory=tox-bootstrapd
8ExecStartPre=-/bin/mkdir /var/run/tox-bootstrapd -p 8RuntimeDirectoryMode=750
9ExecStartPre=/bin/chown tox-bootstrapd:tox-bootstrapd -R /var/run/tox-bootstrapd 9PIDFile=/var/run/tox-bootstrapd/tox-bootstrapd.pid
10WorkingDirectory=/var/lib/tox-bootstrapd 10WorkingDirectory=/var/lib/tox-bootstrapd
11ExecStart=/usr/local/bin/tox-bootstrapd /etc/tox-bootstrapd.conf 11ExecStart=/usr/local/bin/tox-bootstrapd /etc/tox-bootstrapd.conf
12User=tox-bootstrapd 12User=tox-bootstrapd
13Group=tox-bootstrapd 13Group=tox-bootstrapd
14PIDFile=/var/run/tox-bootstrapd/tox-bootstrapd.pid
15#CapabilityBoundingSet=CAP_NET_BIND_SERVICE 14#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
16 15
17[Install] 16[Install]
18WantedBy=multi-user.target 17WantedBy=multi-user.target
19