diff options
| author | Alex <alex@adnab.me> | 2022-02-07 11:51:12 +0100 |
|---|---|---|
| committer | Alex <alex@adnab.me> | 2022-02-07 11:51:12 +0100 |
| commit | 1c0ba930b8d6aa5d97e6942852240861e6ab9bed (patch) | |
| tree | cddc9af5fc2378c76fe5ef6306f807e27648b7a7 /doc/book/cookbook/systemd.md | |
| parent | 45d6d377d2011d8fb4ceb13bb4584df97c458525 (diff) | |
| download | garage-1c0ba930b8d6aa5d97e6942852240861e6ab9bed.tar.gz garage-1c0ba930b8d6aa5d97e6942852240861e6ab9bed.zip | |
Reorganize documentation for new website (#213)
This PR should be merged after the new website is deployed.
- [x] Rename files
- [x] Add front matter section to all `.md` files in the book (necessary for Zola)
- [x] Change all internal links to use Zola's linking system that checks broken links
- [x] Some updates to documentation contents and organization
Co-authored-by: Alex Auvolat <alex@adnab.me>
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/213
Co-authored-by: Alex <alex@adnab.me>
Co-committed-by: Alex <alex@adnab.me>
Diffstat (limited to 'doc/book/cookbook/systemd.md')
| -rw-r--r-- | doc/book/cookbook/systemd.md | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/doc/book/cookbook/systemd.md b/doc/book/cookbook/systemd.md new file mode 100644 index 00000000..b271010b --- /dev/null +++ b/doc/book/cookbook/systemd.md @@ -0,0 +1,53 @@ ++++ +title = "Starting Garage with systemd" +weight = 15 ++++ + +We make some assumptions for this systemd deployment. + + - Your garage binary is located at `/usr/local/bin/garage`. + + - Your configuration file is located at `/etc/garage.toml`. + + - Your `garage.toml` must be set with `metadata_dir=/var/lib/garage/meta` and `data_dir=/var/lib/garage/data`. This is mandatory to use `systemd` hardening feature [Dynamic User](https://0pointer.net/blog/dynamic-users-with-systemd.html). Note that in your host filesystem, Garage data will be held in `/var/lib/private/garage`. + + + +Create a file named `/etc/systemd/system/garage.service`: + +```toml +[Unit] +Description=Garage Data Store +After=network-online.target +Wants=network-online.target + +[Service] +Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1' +ExecStart=/usr/local/bin/garage server +StateDirectory=garage +DynamicUser=true +ProtectHome=true +NoNewPrivileges=true + +[Install] +WantedBy=multi-user.target +``` + +*A note on hardening: garage will be run as a non privileged user, its user id is dynamically allocated by systemd. It cannot access (read or write) home folders (/home, /root and /run/user), the rest of the filesystem can only be read but not written, only the path seen as /var/lib/garage is writable as seen by the service (mapped to /var/lib/private/garage on your host). Additionnaly, the process can not gain new privileges over time.* + +To start the service then automatically enable it at boot: + +```bash +sudo systemctl start garage +sudo systemctl enable garage +``` + +To see if the service is running and to browse its logs: + +```bash +sudo systemctl status garage +sudo journalctl -u garage +``` + +If you want to modify the service file, do not forget to run `systemctl daemon-reload` +to inform `systemd` of your modifications. |