How do I run the Ubuntu node as a service?

Is there a guide to run Ubuntu as a service? Thank you in advance

The first thing you’ll want to do is create a systemd service file - in this example we will call our service “frog”

cd /etc/systemd/system/

sudo vi frog.service


[Unit]
Description=Cardano Core Node - FROG
After=syslog.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=always
RestartSec=5
User=[user]
LimitNOFILE=131072
WorkingDirectory=/home/[user]/
EnvironmentFile=/home/[user]/files/env/frog.environment
ExecStart=/home/[user]/.cabal/bin/cardano-node
+RTS -N2 -RTS run
–topology {TOPOLOGY} \ --database-path {DATABASE}
–socket-path {SOCKET} \ --host-addr {HOST}
–port {PORT} \ --config {CONFIG}
–shelley-kes-key {KES_KEY} \ --shelley-vrf-key {VRF_KEY}
–shelley-operational-certificate ${OPCERT}
KillSignal=SIGINT
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=frog-pool

[Install]
WantedBy=multi-user.target


*notes

replace “[user]” above with to a user that has no login permissions, and ideally dynamically created that ceases to exist when the service is stopped

ExecStart=/home/[user]/.cabal/bin/cardano-node
may be
ExecStart=/home/[user]/.local/bin/cardano-node

*-N2 refers to the number of cores your node will use on your system / vm (a quad core node would be represented by -N4)

*save and exit

sudo chmod 644 /etc/systemd/system/frog.service

Now you will want to create your environment file:

cd files
mkdir env
cd env
vi frog.environment


TOPOLOGY="/home/[user]/files/mainnet/mainnet-topology.json"
CONFIG="/home/[user]/files/mainnet/mainnet-config.json"
DATABASE="/home/[user]/cardano-node/db"
HOST=[host-ip]
PORT=[port]
SOCKET="/home/[user]/cardano-node/db/node.socket"
KES_KEY="/home/[user]/files/mainnet/kes.skey"
VRF_KEY="/home/[user]/files/mainnet/vrf.skey"
OPCERT="/home/[user]/files/mainnet/opcert"


*notes - change “[user]”, “[host-ip]” and “[port]” above accordingly

*save and exit

to start the node:
sudo systemctl start frog

to force the node to start on system boot:
sudo systemctl enable frog

to stop the node:
sudo systemctl stop frog

The above configuration is for a block producing core node. You will want to remove the following from the systemd service file on your relay nodes (remember to remove the trailing slash after the --config param too):

–shelley-kes-key ${KES_KEY} \

–shelley-vrf-key ${VRF_KEY} \

–shelley-operational-certificate ${OPCERT}

You will need to do more to be able to access LiveView while running as a systemd service, and this is not something I am familiar with

8 Likes

Wow that’s a perfect guide. I don’t know how to thank you enough. Will update you after implementing the code

1 Like

Hi Frog!

This is very helpful thank you :slight_smile:

Could you pls clarify 3 things, thank you

  1. What/ how to create a ‘dynamic’ user with no login permissions and that ceases to exist on stopping the service?

  2. SyslogIdentifier=frog-pool
    What is this mean? Shouldn’t we change this?

  3. Could you clarify what this means?
    LimitNOFILE=131072

Thank you!

This is so cool…running a node as a system init daemon as if it were part of the OS, built into it. I’m using coincashew’s install guide, but I don’t know to what degree their installation process facilitates the incorporation of running my ubuntu nodes (core and relays) as system services. I still need to look at FROG’s guide. Has anybody had an easy time of using coincashew’s install procedure in conjunction with running their nodes as system services?
System services are easy to start, stop, and restart…if the same could be done with a node as a service, just as easily, that would make it a real breeze running, stopping, restarting your nodes as well as having these services start automatically during boot time process.

Is this procedure for a home set up only, or does it work in the cloud as well, say on a virtual machine, like GCE VM? Cloud VMs have extra constraints that might make it more difficult for this set up, but it’s worth trying.

If you successfully followed coincashew’s guide you should have a script named startBlockProducingNode.sh and essentially you just need to have your service call that. Section 18.6 Auto-starting with systemd services of their guide steps you through setting up the service. It uses tmux so you have a session to attach to after the service starts, which is especially helpful since coincashew’s installation procedure’s viewMode is liveView.

2 Likes

Thanks for the help! I really appreciate it!
I haven’t gotten to that part yet…have been sidetracked for about a week, documenting the procedure to set up apt-offline on my offline computer that has a faulty BIOS, required extra work to install apt-offline, its dependencies, and recommended support packages. I finally finished today though so I can finally update, upgrade, and install new packages on my offline/cold computer - it was a major pain to set up.

Glad to hear you were able to work through it. I hit the same roadblock when trying to get apt-offline installed on my air-gapped machine as well. Good for you for taking the time to do it - no one should skimp on that step and you can sleep better at night knowing you’ve followed a best-practice. :+1:

1 Like

I just discovered apt-offline by chance while trying to figure out how to update packages on an offline machine - just did a bit of googling. Did you discover it the same way, or through some SPO manual?
I feel like I’m wasting a lot of time setting things up, while others are producing blocks…but like you said, I want to get things right the first time before I go online with my SPO network.

Mine has been-air gapped since wiping windows from it and installing ubuntu minimal 20.04 LTS. I should have updated the BIOS under windows first before installing linux because this particular model of Acer has a faulty BIOS, and there is no non-windows procedure to update the BIOS. The BIOS update has a window file format…I would have to install WINE or some kind of window emulation packge/software or something similar and try updating that way, but I found a workaround, so it doesn’t matter.
Mine is air-gapped only in terms of not ever having been connected to the internet since I got rid of windows. It still has USB ports, which if you had a wifi dongle or could emulate one with software - if that’s possible, you could create online access - same goes for wi-fi card which is functional. I’ve just been thinking of getting rid of all apps/packgages that allow for internet connection to from the machine as a precaution, but maybe that’s overkill. Also keep all ports permanently closed. I have also installed rkhunter and chkrootkit as precautions, and have been thinking about installing snort in network intrustion mode for the offline computer at home, but I haven’t looked into details of these packages yet;e.g., whether snort should be installed on a per-machine basis or have a snort machine “server” running on my LAN 24/7 on a small rock PI device to minimize operational costs, and monitor the rest of the machines externally for network intrustions, or even migrate such a solution to my relays in the cloud if possible. I haven’t looked into the details of snort yet, so I don’t know exactly what it does - don’t know if is network intrustion dection software and is just limited to packets or it has other features like network vulnerability scanner for weaknesses in certain hosts in the LAN if there is such a thing for linux.

I just discovered apt-offline by chance while trying to figure out how to update packages on an offline machine - just did a bit of googling. Did you discover it the same way, or through some SPO manual?

Yes same way as you. I suspected offline updates were a ‘solved’ probelem and some quick searching confirmed my suspicions.

I feel like I’m wasting a lot of time setting things up, while others are producing blocks…but like you said, I want to get things right the first time before I go online with my SPO network.

If you look at the foundation’s prerequisites for stake pool operators you’ll see 4 out of the 5 items don’t have anything to do with the stake pool directly, and so setting up the node and relay(s), their operations and maintenance, etc. are really only a piece of the puzzle. Don’t get discouraged, picking up DevOps, sys admin and general operational skills of a server takes time but yes, most of the guides assume these skillsets are already in place.

2 Likes

LimitNOFILE means maximum number of files that the system can keep it open for this service. Ideally this number should be low. Not sure what the range of values are for the relay node.