Skip to content

Instantly share code, notes, and snippets.

Last active October 9, 2022 02:18
What would you like to do?
Setting up geth as a service under systemd (Updated for Fedora 27)
Description=Ethereum go client
# ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --rpc --rpcaddr="" --ipcdisable
# ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --rpc --rpcaddr="" --ipcdisable
ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --http --http.addr="" --ipcdisable

Setting up geth as a service under systemd Fedora 27

Prerequisite: dnf install golang

  1. Create user geth with useradd
  2. As user geth fast sync the blockchain, geth --fast --cache 1024
  3. Manually run geth --rpc as user geth and watch to see that the blockchain continues to sync properly
  4. Install the geth.service file (also in this gist) in /usr/lib/systemd/system/
  5. Make a symlink from /etc/systemd/system/ to /usr/lib/systemd/system/geth.service
  6. systemctl enable geth followed by systemctl start geth
  7. Over and over and over again, until geth runs with no permission-denied log messages, repeat this cycle:
grep geth /var/log/audit/audit.log | audit2allow -M local-geth
semodule -i local-geth.pp
systemctl start geth
systemctl status geth.service
journalctl --follow -u geth
semodule -r local-geth

...and around again

Some Notes

  • /home/geth/go-ethereum is a clone of the git archive, from which I rebuild from source to do upgrades. Remember to fetch and checkout the latest release version, don't run development snapshots. The geth binary itself shows up in /home/geth/go-ethereum/build/bin, after everything is built with make all.

  • I had trouble getting geth to shutdown properly on systemctl stop geth. The signal needed to be made SIGINT rather than SIGTERM to prevent an immediate shutdown without closing the datavase. I had to pass the --ipcdisable flag to geth because the file /home/geth/.ethereum/geth.ipc was not properly cleaned up.

  • geth 1.8.0 has tighter security now for named domains, thus, which is new.

  • The final (I hope) version of the SELinux policy file generated by audit2allow is included in this gist as local-geth.te

module local-geth 1.0;
require {
type ephemeral_port_t;
type user_home_t;
type init_t;
type user_tmp_t;
type unreserved_port_t;
class file { append create execute execute_no_trans lock map open read rename unlink write };
class sock_file { create setattr };
class tcp_socket name_connect;
#============= init_t ==============
#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow init_t unreserved_port_t:tcp_socket name_connect;
allow init_t user_home_t:file { append create lock map open read rename unlink write };
allow init_t user_home_t:sock_file { create setattr };
allow init_t user_tmp_t:file { execute execute_no_trans map };
Copy link

chfast commented May 22, 2021

The SIGTERM works nicely with geth 1.10.3 now.

Copy link

if you pass the flag --ipcdisable, and geth.ipc file is not created, how do you track when its synced?

Copy link

are you running your node locally?

Copy link

swaldman commented Aug 2, 2021

if you pass the flag --ipcdisable, and geth.ipc file is not created, how do you track when its synced?

(I just check the latest blocknumber, in the logs or via jsonrpc. i run geth on a cloud server.)

Copy link

if you dont mind, can you show me how to do this via jsonrpc?

Copy link

I have been getting unclean shutdowns whiich ends up corrupting the level db everytime I stop geth. I am not sure what I am doing wrong and how to resolve this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment