Is there a guide to run Ubuntu as a service? Thank you in advance
The first thing youâll want to do is create a systemd service file - in this example we will call our service âfrogâ
cd /etc/systemd/system/
sudo vi frog.service
[Unit]
Description=Cardano Core Node - FROG
After=syslog.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=always
RestartSec=5
User=[user]
LimitNOFILE=131072
WorkingDirectory=/home/[user]/
EnvironmentFile=/home/[user]/files/env/frog.environment
ExecStart=/home/[user]/.cabal/bin/cardano-node
+RTS -N2 -RTS run
âtopology {TOPOLOGY} \
--database-path {DATABASE}
âsocket-path {SOCKET} \
--host-addr {HOST}
âport {PORT} \
--config {CONFIG}
âshelley-kes-key {KES_KEY} \
--shelley-vrf-key {VRF_KEY}
âshelley-operational-certificate ${OPCERT}
KillSignal=SIGINT
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=frog-pool
[Install]
WantedBy=multi-user.target
*notes
replace â[user]â above with to a user that has no login permissions, and ideally dynamically created that ceases to exist when the service is stopped
ExecStart=/home/[user]/.cabal/bin/cardano-node
may be
ExecStart=/home/[user]/.local/bin/cardano-node
*-N2 refers to the number of cores your node will use on your system / vm (a quad core node would be represented by -N4)
*save and exit
sudo chmod 644 /etc/systemd/system/frog.service
Now you will want to create your environment file:
cd files
mkdir env
cd env
vi frog.environment
TOPOLOGY="/home/[user]/files/mainnet/mainnet-topology.json"
CONFIG="/home/[user]/files/mainnet/mainnet-config.json"
DATABASE="/home/[user]/cardano-node/db"
HOST=[host-ip]
PORT=[port]
SOCKET="/home/[user]/cardano-node/db/node.socket"
KES_KEY="/home/[user]/files/mainnet/kes.skey"
VRF_KEY="/home/[user]/files/mainnet/vrf.skey"
OPCERT="/home/[user]/files/mainnet/opcert"
*notes - change â[user]â, â[host-ip]â and â[port]â above accordingly
*save and exit
to start the node:
sudo systemctl start frog
to force the node to start on system boot:
sudo systemctl enable frog
to stop the node:
sudo systemctl stop frog
The above configuration is for a block producing core node. You will want to remove the following from the systemd service file on your relay nodes (remember to remove the trailing slash after the --config param too):
âshelley-kes-key ${KES_KEY} \
âshelley-vrf-key ${VRF_KEY} \
âshelley-operational-certificate ${OPCERT}
You will need to do more to be able to access LiveView while running as a systemd service, and this is not something I am familiar with
Wow thatâs a perfect guide. I donât know how to thank you enough. Will update you after implementing the code
Hi Frog!
This is very helpful thank you
Could you pls clarify 3 things, thank you
-
What/ how to create a âdynamicâ user with no login permissions and that ceases to exist on stopping the service?
-
SyslogIdentifier=frog-pool
What is this mean? Shouldnât we change this? -
Could you clarify what this means?
LimitNOFILE=131072
Thank you!
This is so coolâŚrunning a node as a system init daemon as if it were part of the OS, built into it. Iâm using coincashewâs install guide, but I donât know to what degree their installation process facilitates the incorporation of running my ubuntu nodes (core and relays) as system services. I still need to look at FROGâs guide. Has anybody had an easy time of using coincashewâs install procedure in conjunction with running their nodes as system services?
System services are easy to start, stop, and restartâŚif the same could be done with a node as a service, just as easily, that would make it a real breeze running, stopping, restarting your nodes as well as having these services start automatically during boot time process.
Is this procedure for a home set up only, or does it work in the cloud as well, say on a virtual machine, like GCE VM? Cloud VMs have extra constraints that might make it more difficult for this set up, but itâs worth trying.
If you successfully followed coincashewâs guide you should have a script named startBlockProducingNode.sh
and essentially you just need to have your service call that. Section 18.6 Auto-starting with systemd services of their guide steps you through setting up the service. It uses tmux
so you have a session to attach to after the service starts, which is especially helpful since coincashewâs installation procedureâs viewMode
is liveView
.
Thanks for the help! I really appreciate it!
I havenât gotten to that part yetâŚhave been sidetracked for about a week, documenting the procedure to set up apt-offline on my offline computer that has a faulty BIOS, required extra work to install apt-offline, its dependencies, and recommended support packages. I finally finished today though so I can finally update, upgrade, and install new packages on my offline/cold computer - it was a major pain to set up.
Glad to hear you were able to work through it. I hit the same roadblock when trying to get apt-offline installed on my air-gapped machine as well. Good for you for taking the time to do it - no one should skimp on that step and you can sleep better at night knowing youâve followed a best-practice.
I just discovered apt-offline by chance while trying to figure out how to update packages on an offline machine - just did a bit of googling. Did you discover it the same way, or through some SPO manual?
I feel like Iâm wasting a lot of time setting things up, while others are producing blocksâŚbut like you said, I want to get things right the first time before I go online with my SPO network.
Mine has been-air gapped since wiping windows from it and installing ubuntu minimal 20.04 LTS. I should have updated the BIOS under windows first before installing linux because this particular model of Acer has a faulty BIOS, and there is no non-windows procedure to update the BIOS. The BIOS update has a window file formatâŚI would have to install WINE or some kind of window emulation packge/software or something similar and try updating that way, but I found a workaround, so it doesnât matter.
Mine is air-gapped only in terms of not ever having been connected to the internet since I got rid of windows. It still has USB ports, which if you had a wifi dongle or could emulate one with software - if thatâs possible, you could create online access - same goes for wi-fi card which is functional. Iâve just been thinking of getting rid of all apps/packgages that allow for internet connection to from the machine as a precaution, but maybe thatâs overkill. Also keep all ports permanently closed. I have also installed rkhunter and chkrootkit as precautions, and have been thinking about installing snort in network intrustion mode for the offline computer at home, but I havenât looked into details of these packages yet;e.g., whether snort should be installed on a per-machine basis or have a snort machine âserverâ running on my LAN 24/7 on a small rock PI device to minimize operational costs, and monitor the rest of the machines externally for network intrustions, or even migrate such a solution to my relays in the cloud if possible. I havenât looked into the details of snort yet, so I donât know exactly what it does - donât know if is network intrustion dection software and is just limited to packets or it has other features like network vulnerability scanner for weaknesses in certain hosts in the LAN if there is such a thing for linux.
I just discovered apt-offline by chance while trying to figure out how to update packages on an offline machine - just did a bit of googling. Did you discover it the same way, or through some SPO manual?
Yes same way as you. I suspected offline updates were a âsolvedâ probelem and some quick searching confirmed my suspicions.
I feel like Iâm wasting a lot of time setting things up, while others are producing blocksâŚbut like you said, I want to get things right the first time before I go online with my SPO network.
If you look at the foundationâs prerequisites for stake pool operators youâll see 4 out of the 5 items donât have anything to do with the stake pool directly, and so setting up the node and relay(s), their operations and maintenance, etc. are really only a piece of the puzzle. Donât get discouraged, picking up DevOps, sys admin and general operational skills of a server takes time but yes, most of the guides assume these skillsets are already in place.
LimitNOFILE means maximum number of files that the system can keep it open for this service. Ideally this number should be low. Not sure what the range of values are for the relay node.