diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-02-02 10:07:26 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-02-02 10:07:26 +0100 |
| commit | f5afa3d974e631de75c438cf2941a88440e2cf69 (patch) | |
| tree | 9f9a89d10940757025b82ff8fdfbe3104c5f89a4 /content/documentation/cookbook/systemd.md | |
| parent | 921dd28f7499e46d78bd39d9ac7630efc50b64e8 (diff) | |
| download | garagehq.deuxfleurs.fr-f5afa3d974e631de75c438cf2941a88440e2cf69.tar.gz garagehq.deuxfleurs.fr-f5afa3d974e631de75c438cf2941a88440e2cf69.zip | |
Documentation from garage submodule
Diffstat (limited to 'content/documentation/cookbook/systemd.md')
| -rw-r--r-- | content/documentation/cookbook/systemd.md | 54 |
1 files changed, 0 insertions, 54 deletions
diff --git a/content/documentation/cookbook/systemd.md b/content/documentation/cookbook/systemd.md deleted file mode 100644 index b071952..0000000 --- a/content/documentation/cookbook/systemd.md +++ /dev/null @@ -1,54 +0,0 @@ -+++ -title = "Starting Garage with systemd" -weight = 15 -+++ - - -We make some assumptions for this systemd deployment. - - - Your garage binary is located at `/usr/local/bin/garage`. - - - Your configuration file is located at `/etc/garage.toml`. - - - Your `garage.toml` must be set with `metadata_dir=/var/lib/garage/meta` and `data_dir=/var/lib/garage/data`. This is mandatory to use `systemd` hardening feature [Dynamic User](https://0pointer.net/blog/dynamic-users-with-systemd.html). Note that in your host filesystem, Garage data will be held in `/var/lib/private/garage`. - - - -Create a file named `/etc/systemd/system/garage.service`: - -```toml -[Unit] -Description=Garage Data Store -After=network-online.target -Wants=network-online.target - -[Service] -Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1' -ExecStart=/usr/local/bin/garage server -StateDirectory=garage -DynamicUser=true -ProtectHome=true -NoNewPrivileges=true - -[Install] -WantedBy=multi-user.target -``` - -*A note on hardening: garage will be run as a non privileged user, its user id is dynamically allocated by systemd. It cannot access (read or write) home folders (/home, /root and /run/user), the rest of the filesystem can only be read but not written, only the path seen as /var/lib/garage is writable as seen by the service (mapped to /var/lib/private/garage on your host). Additionnaly, the process can not gain new privileges over time.* - -To start the service then automatically enable it at boot: - -```bash -sudo systemctl start garage -sudo systemctl enable garage -``` - -To see if the service is running and to browse its logs: - -```bash -sudo systemctl status garage -sudo journalctl -u garage -``` - -If you want to modify the service file, do not forget to run `systemctl daemon-reload` -to inform `systemd` of your modifications. |