systemd services, based on ee49c6240aa2cf2c9dac47eff6c751ce8c17efb5 by @cfcs

2019-11-21 13:29:22 +01:00 · 2019-11-21 13:29:22 +01:00 · 05ab18457b
parent 3dc21c037e
commit 05ab18457b
6 changed files with 159 additions and 0 deletions
--- a/packaging/Linux/README.md
+++ b/packaging/Linux/README.md
@ -0,0 +1,10 @@
+# systemd service scripts
+
+these are preliminary and just here to let people play with `solo5-spt`, the seccomp-enabled backend for [Solo5](https://github.com/Solo5/solo5) on Linux.
+
+1) You need to build the `vmm` tooling in this repository
+2) You need to build a `spt`-compatible binary to deploy.
+3) See [`install.sh`](./install.sh) for commands required to deploy it.
+4) `sudo journalctl -fu albatross'*'.service`
+5) ideally, once the services are up and running, you would be able to issue this command to deploy a unikernel:
+   `sudo vmmc_local.native -t spt-amd64 --compression0 helloworld /path/to/hello_world.spt`
--- a/packaging/Linux/albatross_console.service
+++ b/packaging/Linux/albatross_console.service
@ -0,0 +1,34 @@
+[Unit]
+
+# To configure this service, please use the following command
+# to create an override configuration:
+# systemctl edit albatross_console.service
+
+Description=Albatross console daemon (albatross_console)
+After=syslog.target
+[Service]
+Type=simple
+
+#TODO no need to run as root!
+#Environment="albatross_console_user=root"
+User=root
+
+WorkingDirectory=/
+
+# TODO what does the following line do?
+Environment=albatross_prefix=/usr/local/sbin/albatross_console.exe
+#ExecStartPre=id # the fbsd scripts do something here, not sure what
+ExecStart=/usr/local/sbin/albatross_console.exe --tmpdir="%t/albatross/" -vv
+
+# state=%S
+# runtime=%t
+# small temp=%T
+# large temp=%V
+# PrivateTmp=yes
+
+RuntimeDirectoryPreserve=yes
+RuntimeDirectory=albatross albatross/fifo albatross/util
+PIDFile=%t/albatross/console.pid
+
+[Install]
+WantedBy=multi-user.target
--- a/packaging/Linux/albatross_daemon.service
+++ b/packaging/Linux/albatross_daemon.service
@ -0,0 +1,38 @@
+[Unit]
+Description=Albatross VMM daemon (albatrossd)
+Requires=albatross_console.service albatross_log.service albatross_stat.service
+After=syslog.target albatross_console.service albatross_log.service albatross_stat.service
+[Service]
+Type=simple
+
+# TODO not necessarily needs to be run as root, anything that can solo5-spt/hvt,
+#  create tap interfaces should be fine!
+#Environment=albatross_daemon_user=root
+#User=${albatross_daemon_user}
+User=root
+
+WorkingDirectory=/
+
+#ExecStartPre=id # the fbsd scripts do something here, not sure what
+ExecStart=/usr/local/sbin/albatrossd.exe --tmpdir="%t/albatross/" -vv
+#--dbdir (defaults to /run/albatross)
+
+RuntimeDirectoryPreserve=yes
+RuntimeDirectory=albatross albatross/fifo albatross/util
+PIDFile=/%t/albatross/daemon.pid
+
+## hardening stuff
+ProtectSystem=full
+ProtectHome=true
+UMask=0077
+OOMScoreAdjust=-1000
+#AppArmorProfile=
+#SmackProcessLabel=albatross_vmm
+IgnoreSIGPIPE=true
+#SystemCallFilter=~reboot
+#SystemCallFilter=
+RestrictAddressFamilies=AF_UNIX AF_INET
+#RuntimeDirectoryMode=0700
+
+[Install]
+WantedBy=multi-user.target
--- a/packaging/Linux/albatross_log.service
+++ b/packaging/Linux/albatross_log.service
@ -0,0 +1,25 @@
+[Unit]
+
+# To configure this service, please use the following command
+# to create an override configuration:
+# systemctl edit albatross_log.service
+
+Description=Albatross log daemon (albatross_log)
+After=syslog.target
+[Service]
+Type=simple
+
+# TODO should not be root (needs to write to logfile (%L/albatross.log))
+User=root
+
+WorkingDirectory=/
+
+#ExecStartPre=id # the fbsd scripts do something here, not sure what
+ExecStart=/usr/local/sbin/albatross_log.exe --logfile="%L/albatross.log" --tmpdir="%t/albatross/" -vv
+
+RuntimeDirectory=albatross
+RuntimeDirectory=albatross albatross/fifo albatross/util
+PIDFile=/%t/albatross/log.pid
+
+[Install]
+WantedBy=multi-user.target
--- a/packaging/Linux/albatross_stat.service
+++ b/packaging/Linux/albatross_stat.service
@ -0,0 +1,34 @@
+[Unit]
+
+# To configure this service, please use the following command
+# to create an override configuration:
+# systemctl edit albatross_stat.service
+
+Description=Albatross stat daemon (albatross_stat)
+After=syslog.target
+[Service]
+Type=simple
+
+# TODO no need to run as root!
+#Environment="albatross_stat_user=root"
+User=root
+
+WorkingDirectory=/
+
+# TODO what does the following line do?
+Environment=albatross_prefix=/usr/local/sbin/albatross_stats.exe
+#ExecStartPre=id # the fbsd scripts do something here, not sure what
+ExecStart=/usr/local/sbin/albatross_stats.exe --tmpdir="%t/albatross/" -vv
+
+# state=%S
+# runtime=%t
+# small temp=%T
+# large temp=%V
+# PrivateTmp=yes
+
+RuntimeDirectoryPreserve=yes
+RuntimeDirectory=albatross albatross/fifo albatross/util
+PIDFile=%t/albatross/stat.pid
+
+[Install]
+WantedBy=multi-user.target
--- a/packaging/Linux/install.sh
+++ b/packaging/Linux/install.sh
@ -0,0 +1,18 @@
+#!/bin/sh
+sudo mkdir -m 0700 -p /var/lib/albatross/block
+
+sudo cp ../../_build/default/client/*.exe /usr/local/sbin/
+sudo cp ../../_build/default/daemon/*.exe /usr/local/sbin/
+sudo cp ../../_build/default/provision/*.exe /usr/local/sbin/
+sudo cp ../../_build/default/stats/*.exe /usr/local/sbin/
+sudo cp ../../_build/default/tls/*.exe /usr/local/sbin/
+sudo cp ./albatross_*.service  /lib/systemd/system/
+sudo systemctl daemon-reload
+sudo systemctl stop   albatross_console
+sudo systemctl start  albatross_console
+sudo systemctl stop  albatross_log
+sudo systemctl start albatross_log
+sudo systemctl stop  albatross_stat
+sudo systemctl start albatross_stat
+sudo systemctl stop  albatross_daemon
+sudo systemctl start albatross_daemon