Setting up geth as a service under systemd Fedora 27
Prerequisite: dnf install golang
- Create user
geth
withuseradd
- As user
geth
fast sync the blockchain,geth --fast --cache 1024
- Manually run
geth --rpc
as user geth and watch to see that the blockchain continues to sync properly - Install the
geth.service
file (also in this gist) in/usr/lib/systemd/system/
- Make a symlink from
/etc/systemd/system/multi-user.target.wants/geth.service
to/usr/lib/systemd/system/geth.service
systemctl enable geth
followed bysystemctl start geth
- Over and over and over again, until
geth
runs with no permission-denied log messages, repeat this cycle:
grep geth /var/log/audit/audit.log | audit2allow -M local-geth
semodule -i local-geth.pp
systemctl start geth
systemctl status geth.service
journalctl --follow -u geth
semodule -r local-geth
...and around again
Some Notes
-
/home/geth/go-ethereum
is a clone of the git archive, from which I rebuild from source to do upgrades. Remember to fetch and checkout the latest release version, don't run development snapshots. Thegeth
binary itself shows up in/home/geth/go-ethereum/build/bin
, after everything is built withmake all
. -
I had trouble getting
geth
to shutdown properly onsystemctl stop geth
. The signal needed to be madeSIGINT
rather thanSIGTERM
to prevent an immediate shutdown without closing the datavase. I had to pass the--ipcdisable
flag togeth
because the file/home/geth/.ethereum/geth.ipc
was not properly cleaned up. -
geth 1.8.0
has tighter security now for named domains, thus--rpcvhosts=ethjsonrpc.mchange.com
, which is new. -
The final (I hope) version of the SELinux policy file generated by
audit2allow
is included in this gist aslocal-geth.te
The
SIGTERM
works nicely with geth 1.10.3 now.