Skip to content

Instantly share code, notes, and snippets.

Last active October 9, 2022 02:18
  • Star 25 You must be signed in to star a gist
  • Fork 9 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save swaldman/e58a866eafc4ff043c4099e394901a1e to your computer and use it in GitHub Desktop.
Setting up geth as a service under systemd (Updated for Fedora 27)
Description=Ethereum go client
# ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --rpc --rpcaddr="" --ipcdisable
# ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --rpc --rpcaddr="" --ipcdisable
ExecStart=/home/geth/go-ethereum/build/bin/geth --cache 2048 --http --http.addr="" --ipcdisable

Setting up geth as a service under systemd Fedora 27

Prerequisite: dnf install golang

  1. Create user geth with useradd
  2. As user geth fast sync the blockchain, geth --fast --cache 1024
  3. Manually run geth --rpc as user geth and watch to see that the blockchain continues to sync properly
  4. Install the geth.service file (also in this gist) in /usr/lib/systemd/system/
  5. Make a symlink from /etc/systemd/system/ to /usr/lib/systemd/system/geth.service
  6. systemctl enable geth followed by systemctl start geth
  7. Over and over and over again, until geth runs with no permission-denied log messages, repeat this cycle:
grep geth /var/log/audit/audit.log | audit2allow -M local-geth
semodule -i local-geth.pp
systemctl start geth
systemctl status geth.service
journalctl --follow -u geth
semodule -r local-geth

...and around again

Some Notes

  • /home/geth/go-ethereum is a clone of the git archive, from which I rebuild from source to do upgrades. Remember to fetch and checkout the latest release version, don't run development snapshots. The geth binary itself shows up in /home/geth/go-ethereum/build/bin, after everything is built with make all.

  • I had trouble getting geth to shutdown properly on systemctl stop geth. The signal needed to be made SIGINT rather than SIGTERM to prevent an immediate shutdown without closing the datavase. I had to pass the --ipcdisable flag to geth because the file /home/geth/.ethereum/geth.ipc was not properly cleaned up.

  • geth 1.8.0 has tighter security now for named domains, thus, which is new.

  • The final (I hope) version of the SELinux policy file generated by audit2allow is included in this gist as local-geth.te

module local-geth 1.0;
require {
type ephemeral_port_t;
type user_home_t;
type init_t;
type user_tmp_t;
type unreserved_port_t;
class file { append create execute execute_no_trans lock map open read rename unlink write };
class sock_file { create setattr };
class tcp_socket name_connect;
#============= init_t ==============
#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow init_t ephemeral_port_t:tcp_socket name_connect;
#!!!! This avc can be allowed using the boolean 'nis_enabled'
allow init_t unreserved_port_t:tcp_socket name_connect;
allow init_t user_home_t:file { append create lock map open read rename unlink write };
allow init_t user_home_t:sock_file { create setattr };
allow init_t user_tmp_t:file { execute execute_no_trans map };
Copy link

are you running your node locally?

Copy link

swaldman commented Aug 2, 2021

if you pass the flag --ipcdisable, and geth.ipc file is not created, how do you track when its synced?

(I just check the latest blocknumber, in the logs or via jsonrpc. i run geth on a cloud server.)

Copy link

if you dont mind, can you show me how to do this via jsonrpc?

Copy link

I have been getting unclean shutdowns whiich ends up corrupting the level db everytime I stop geth. I am not sure what I am doing wrong and how to resolve this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment