Setting up geth as a service under systemd (Updated for Fedora 27)

geth.service

[Unit]
Description=Ethereum go client
After=syslog.target network.target

[Service]
User=geth
Group=geth
Environment=HOME=/home/geth
Type=simple
# ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --rpc  --rpcaddr="0.0.0.0" --rpcvhosts=ethjsonrpc.mchange.com --ipcdisable
# ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --rpc  --rpcaddr="127.0.0.1" --rpcvhosts=ethjsonrpc.mchange.com --ipcdisable
ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --http  --http.addr="127.0.0.1" --http.vhosts=ethjsonrpc.mchange.com --ipcdisable
KillMode=process
KillSignal=SIGINT
TimeoutStopSec=90
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=multi-user.target

GethAsAService.md

Setting up geth as a service under systemd Fedora 27

Prerequisite: dnf install golang

1. Create user geth with useradd
2. As user geth fast sync the blockchain, geth --fast --cache 1024
3. Manually run geth --rpc as user geth and watch to see that the blockchain continues to sync properly
4. Install the geth.service file (also in this gist) in /usr/lib/systemd/system/
5. Make a symlink from /etc/systemd/system/multi-user.target.wants/geth.service to /usr/lib/systemd/system/geth.service
6. systemctl enable geth followed by systemctl start geth
7. Over and over and over again, until geth runs with no permission-denied log messages, repeat this cycle:

grep geth /var/log/audit/audit.log | audit2allow -M local-geth
semodule -i local-geth.pp
systemctl start geth
systemctl status geth.service
journalctl --follow -u geth
semodule -r local-geth

...and around again

Some Notes

• /home/geth/go-ethereum is a clone of the git archive, from which I rebuild from source to do upgrades. Remember to fetch and checkout the latest release version, don't run development snapshots. The geth binary itself shows up in /home/geth/go-ethereum/build/bin, after everything is built with make all.

• I had trouble getting geth to shutdown properly on systemctl stop geth. The signal needed to be made SIGINT rather than SIGTERM to prevent an immediate shutdown without closing the datavase. I had to pass the --ipcdisable flag to geth because the file /home/geth/.ethereum/geth.ipc was not properly cleaned up.

• geth 1.8.0 has tighter security now for named domains, thus --rpcvhosts=ethjsonrpc.mchange.com, which is new.

• The final (I hope) version of the SELinux policy file generated by audit2allow is included in this gist as local-geth.te

local-geth.te

module local-geth 1.0;

require {
	type ephemeral_port_t;
	type user_home_t;
	type init_t;
	type user_tmp_t;
	type unreserved_port_t;
	class file { append create execute execute_no_trans lock map open read rename unlink write };
	class sock_file { create setattr };
	class tcp_socket name_connect;
}

#============= init_t ==============

#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;

#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow init_t unreserved_port_t:tcp_socket name_connect;
allow init_t user_home_t:file { append create lock map open read rename unlink write };
allow init_t user_home_t:sock_file { create setattr };
allow init_t user_tmp_t:file { execute execute_no_trans map };

The SIGTERM works nicely with geth 1.10.3 now.

if you pass the flag --ipcdisable, and geth.ipc file is not created, how do you track when its synced?

are you running your node locally?

if you pass the flag --ipcdisable, and geth.ipc file is not created, how do you track when its synced?

(I just check the latest blocknumber, in the logs or via jsonrpc. i run geth on a cloud server.)

if you dont mind, can you show me how to do this via jsonrpc?

I have been getting unclean shutdowns whiich ends up corrupting the level db everytime I stop geth. I am not sure what I am doing wrong and how to resolve this