diff options
-rw-r--r-- | contrib/init/README.md | 10 | ||||
-rw-r--r-- | contrib/init/bitcoind.conf | 65 | ||||
-rw-r--r-- | contrib/init/bitcoind.openrc | 86 | ||||
-rw-r--r-- | contrib/init/bitcoind.openrcconf | 27 | ||||
-rw-r--r-- | contrib/init/bitcoind.service (renamed from contrib/systemd/bitcoind.service) | 11 | ||||
-rw-r--r-- | doc/README.md | 2 | ||||
-rw-r--r-- | doc/init.md | 92 | ||||
-rw-r--r-- | doc/systemd.md | 47 |
8 files changed, 289 insertions, 51 deletions
diff --git a/contrib/init/README.md b/contrib/init/README.md new file mode 100644 index 0000000000..d3fa966583 --- /dev/null +++ b/contrib/init/README.md @@ -0,0 +1,10 @@ +Sample configuration files for: + +SystemD: bitcoind.service +Upstart: bitcoind.conf +OpenRC: bitcoind.openrc + bitcoind.openrcconf + +have been made available to assist packagers in creating node packages here. + +See doc/init.md for more information. diff --git a/contrib/init/bitcoind.conf b/contrib/init/bitcoind.conf new file mode 100644 index 0000000000..f9554eecde --- /dev/null +++ b/contrib/init/bitcoind.conf @@ -0,0 +1,65 @@ +description "Bitcoin Core Daemon" + +start on runlevel [2345] +stop on starting rc RUNLEVEL=[016] + +env BITCOIND_BIN="/usr/bin/bitcoind" +env BITCOIND_USER="bitcoin" +env BITCOIND_GROUP="bitcoin" +env BITCOIND_PIDDIR="/var/run/bitcoind" +# upstart can't handle variables constructed with other variables +env BITCOIND_PIDFILE="/var/run/bitcoind/bitcoind.pid" +env BITCOIND_CONFIGFILE="/etc/bitcoin/bitcoin.conf" +env BITCOIND_DATADIR="/var/lib/bitcoind" + +expect fork + +respawn +respawn limit 5 120 +kill timeout 60 + +pre-start script + # this will catch non-existent config files + # bitcoind will check and exit with this very warning, but it can do so + # long after forking, leaving upstart to think everything started fine. + # since this is a commonly encountered case on install, just check and + # warn here. + if ! grep -qs '^rpcpassword=' "$BITCOIND_CONFIGFILE" ; then + echo "ERROR: You must set a secure rpcpassword to run bitcoind." + echo "The setting must appear in $BITCOIND_CONFIGFILE" + echo + echo "This password is security critical to securing wallets " + echo "and must not be the same as the rpcuser setting." + echo "You can generate a suitable random password using the following" + echo "command from the shell:" + echo + echo "bash -c 'tr -dc a-zA-Z0-9 < /dev/urandom | head -c32 && echo'" + echo + echo "It is also recommended that you also set alertnotify so you are " + echo "notified of problems:" + echo + echo "ie: alertnotify=echo %%s | mail -s \"Bitcoin Alert\"" \ + "admin@foo.com" + echo + exit 1 + fi + + mkdir -p "$BITCOIND_PIDDIR" + chmod 0755 "$BITCOIND_PIDDIR" + chown $BITCOIND_USER:$BITCOIND_GROUP "$BITCOIND_PIDDIR" + chown $BITCOIND_USER:$BITCOIND_GROUP "$BITCOIND_CONFIGFILE" + chmod 0660 "$BITCOIND_CONFIGFILE" +end script + +exec start-stop-daemon \ + --start \ + --pidfile "$BITCOIND_PIDFILE" \ + --chuid $BITCOIND_USER:$BITCOIND_GROUP \ + --exec "$BITCOIND_BIN" \ + -- \ + -pid="$BITCOIND_PIDFILE" \ + -conf="$BITCOIND_CONFIGFILE" \ + -datadir="$BITCOIND_DATADIR" \ + -disablewallet \ + -daemon + diff --git a/contrib/init/bitcoind.openrc b/contrib/init/bitcoind.openrc new file mode 100644 index 0000000000..1f7758c920 --- /dev/null +++ b/contrib/init/bitcoind.openrc @@ -0,0 +1,86 @@ +#!/sbin/runscript + +# backward compatibility for existing gentoo layout +# +if [ -d "/var/lib/bitcoin/.bitcoin" ]; then + BITCOIND_DEFAULT_DATADIR="/var/lib/bitcoin/.bitcoin" +else + BITCOIND_DEFAULT_DATADIR="/var/lib/bitcoind" +fi + +BITCOIND_CONFIGFILE=${BITCOIND_CONFIGFILE:-/etc/bitcoin/bitcoin.conf} +BITCOIND_PIDDIR=${BITCOIND_PIDDIR:-/var/run/bitcoind} +BITCOIND_PIDFILE=${BITCOIND_PIDFILE:-${BITCOIND_PIDDIR}/bitcoind.pid} +BITCOIND_DATADIR=${BITCOIND_DATADIR:-${BITCOIND_DEFAULT_DATADIR}} +BITCOIND_USER=${BITCOIND_USER:-bitcoin} +BITCOIND_GROUP=${BITCOIND_GROUP:-bitcoin} +BITCOIND_BIN=${BITCOIND_BIN:-/usr/bin/bitcoind} + +name="Bitcoin Core Daemon" +description="Bitcoin crypto-currency p2p network daemon" + +command="/usr/bin/bitcoind" +command_args="-pid=\"${BITCOIND_PIDFILE}\" \ + -conf=\"${BITCOIND_CONFIGFILE}\" \ + -datadir=\"${BITCOIND_DATADIR}\" \ + -daemon \ + ${BITCOIND_OPTS}" + +required_files="${BITCOIND_CONFIGFILE}" +start_stop_daemon_args="-u ${BITCOIND_USER} \ + -N ${BITCOIND_NICE:-0} -w 2000" +pidfile="${BITCOIND_PIDFILE}" +retry=60 + +depend() { + need localmount net +} + +# verify +# 1) that the datadir exists and is writable (or create it) +# 2) that a directory for the pid exists and is writable +# 3) ownership and permissions on the config file +start_pre() { + checkpath \ + -d \ + --mode 0750 \ + --owner "${BITCOIND_USER}:${BITCOIND_GROUP}" \ + "${BITCOIND_DATADIR}" + + checkpath \ + -d \ + --mode 0755 \ + --owner "${BITCOIND_USER}:${BITCOIND_GROUP}" \ + "${BITCOIND_PIDDIR}" + + checkpath -f \ + -o ${BITCOIND_USER}:${BITCOIND_GROUP} \ + -m 0660 \ + ${BITCOIND_CONFIGFILE} + + checkconfig || return 1 +} + +checkconfig() +{ + if ! grep -qs '^rpcpassword=' "${BITCOIND_CONFIGFILE}" ; then + eerror "" + eerror "ERROR: You must set a secure rpcpassword to run bitcoind." + eerror "The setting must appear in ${BITCOIND_CONFIGFILE}" + eerror "" + eerror "This password is security critical to securing wallets " + eerror "and must not be the same as the rpcuser setting." + eerror "You can generate a suitable random password using the following" + eerror "command from the shell:" + eerror "" + eerror "bash -c 'tr -dc a-zA-Z0-9 < /dev/urandom | head -c32 && echo'" + eerror "" + eerror "It is also recommended that you also set alertnotify so you are " + eerror "notified of problems:" + eerror "" + eerror "ie: alertnotify=echo %%s | mail -s \"Bitcoin Alert\"" \ + "admin@foo.com" + eerror "" + return 1 + fi +} diff --git a/contrib/init/bitcoind.openrcconf b/contrib/init/bitcoind.openrcconf new file mode 100644 index 0000000000..d8d7f58337 --- /dev/null +++ b/contrib/init/bitcoind.openrcconf @@ -0,0 +1,27 @@ +# /etc/conf.d/bitcoind: config file for /etc/init.d/bitcoind + +# Config file location +#BITCOIND_CONFIGFILE="/etc/bitcoin/bitcoin.conf" + +# What directory to write pidfile to? (created and owned by $BITCOIND_USER) +#BITCOIND_PIDDIR="/var/run/bitcoind" + +# What filename to give the pidfile +#BITCOIND_PIDFILE="${BITCOIND_PIDDIR}/bitcoind.pid" + +# Where to write bitcoind data (be mindful that the blockchain is large) +#BITCOIND_DATADIR="/var/lib/bitcoind" + +# User and group to own bitcoind process +#BITCOIND_USER="bitcoin" +#BITCOIND_GROUP="bitcoin" + +# Path to bitcoind executable +#BITCOIND_BIN="/usr/bin/bitcoind" + +# Nice value to run bitcoind under +#BITCOIND_NICE=0 + +# Additional options (avoid -conf and -datadir, use flags above) +BITCOIND_OPTS="-disablewallet" + diff --git a/contrib/systemd/bitcoind.service b/contrib/init/bitcoind.service index edc81cc763..9132957c38 100644 --- a/contrib/systemd/bitcoind.service +++ b/contrib/init/bitcoind.service @@ -3,15 +3,20 @@ Description=Bitcoin's distributed currency daemon After=network.target [Service] -User=bitcoind -Group=bitcoind +User=bitcoin +Group=bitcoin Type=forking PIDFile=/var/lib/bitcoind/bitcoind.pid -ExecStart=/usr/bin/bitcoind -daemon -pid=/var/lib/bitcoind/bitcoind.pid -conf=/etc/bitcoind.conf -datadir=/var/lib/bitcoind +ExecStart=/usr/bin/bitcoind -daemon -pid=/var/lib/bitcoind/bitcoind.pid \ +-conf=/etc/bitcoin/bitcoin.conf -datadir=/var/lib/bitcoind -disablewallet Restart=always PrivateTmp=true +TimeoutStopSec=60s +TimeoutStartSec=2s +StartLimitInterval=120s +StartLimitBurst=5 [Install] WantedBy=multi-user.target diff --git a/doc/README.md b/doc/README.md index f8bb8020d4..8368e4644b 100644 --- a/doc/README.md +++ b/doc/README.md @@ -68,7 +68,7 @@ The Bitcoin repo's [root README](https://github.com/bitcoin/bitcoin/blob/master/ - [Assets Attribution](assets-attribution.md) - [Files](files.md) - [Tor Support](tor.md) -- [Systemd](systemd.md) +- [Init Scripts (systemd/upstart/openrc)](init.md) License --------------------- diff --git a/doc/init.md b/doc/init.md new file mode 100644 index 0000000000..3d14025ab4 --- /dev/null +++ b/doc/init.md @@ -0,0 +1,92 @@ +Sample init scripts and service configuration for bitcoind +========================================================== + +Sample scripts and configuration files for systemd, Upstart and OpenRC +can be found in the contrib/init folder. + +contrib/init/bitcoind.service: systemd service unit configuration +contrib/init/bitcoind.openrc: OpenRC compatible SysV style init script +contrib/init/bitcoind.openrcconf: OpenRC conf.d file +contrib/init/bitcoind.conf: Upstart service configuration file + +1. Service User +--------------------------------- + +All three startup configurations assume the existence of a "bitcoin" user +and group. They must be created before attempting to use these scripts. + +2. Configuration +--------------------------------- + +At a bare minimum, bitcoind requires that the rpcpassword setting be set +when running as a daemon. If the configuration file does not exist or this +setting is not set, bitcoind will shutdown promptly after startup. + +This password does not have to be remembered or typed as it is mostly used +as a fixed token that bitcoind and client programs read from the configuration +file, however it is recommended that a strong and secure password be used +as this password is security critical to securing the wallet should the +wallet be enabled. + +If bitcoind is run with "-daemon" flag, and no rpcpassword is set, it will +print a randomly generated suitable password to stderr. You can also +generate one from the shell yourself like this: + +bash -c 'tr -dc a-zA-Z0-9 < /dev/urandom | head -c32 && echo' + +Once you have a password in hand, set rpcpassword= in /etc/bitcoin/bitcoin.conf + +For an example configuration file that describes the configuration settings, +see contrib/debian/examples/bitcoin.conf. + +3. Paths +--------------------------------- + +All three configurations assume several paths that might need to be adjusted. + +Binary: /usr/bin/bitcoind +Configuration file: /etc/bitcoin/bitcoin.conf +Data directory: /var/lib/bitcoind +PID file: /var/run/bitcoind/bitcoind.pid (OpenRC and Upstart) + /var/lib/bitcoind/bitcoind.pid (systemd) + +The configuration file, PID directory (if applicable) and data directory +should all be owned by the bitcoin user and group. It is advised for security +reasons to make the configuration file and data directory only readable by the +bitcoin user and group. Access to bitcoin-cli and other bitcoind rpc clients +can then be controlled by group membership. + +4. Installing Service Configuration +----------------------------------- + +4a) systemd + +Installing this .service file consists on just copying it to +/usr/lib/systemd/system directory, followed by the command +"systemctl daemon-reload" in order to update running systemd configuration. + +To test, run "systemctl start bitcoind" and to enable for system startup run +"systemctl enable bitcoind" + +4b) OpenRC + +Rename bitcoind.openrc to bitcoind and drop it in /etc/init.d. Double +check ownership and permissions and make it executable. Test it with +"/etc/init.d/bitcoind start" and configure it to run on startup with +"rc-update add bitcoind" + +4c) Upstart (for Debian/Ubuntu based distributions) + +Drop bitcoind.conf in /etc/init. Test by running "service bitcoind start" +it will automatically start on reboot. + +NOTE: This script is incompatible with CentOS 5 and Amazon Linux 2014 as they +use old versions of Upstart and do not supply the start-stop-daemon uitility. + +5. Auto-respawn +----------------------------------- + +Auto respawning is currently only configured for Upstart and systemd. +Reasonable defaults have been chosen but YMMV. + + diff --git a/doc/systemd.md b/doc/systemd.md deleted file mode 100644 index 96202c1532..0000000000 --- a/doc/systemd.md +++ /dev/null @@ -1,47 +0,0 @@ -SYSTEMD SUPPORT IN BITCOIN -========================== - -Packagers can find a .service file in this repo in order to integrate bitcoin's -daemon into systemd based distributions. - -bitcoind.service file is located in contrib/systemd/ folder. - -1. Users ---------------------------------- - -This .service file assumes bitcoind user and group exist in the system, so packager -should make sure they are created on installation. - -2. Files ---------------------------------- - -The .service file assumes several paths that might need to be adjusted according -to packager's needs. - -Daemon's config file is assumed to be located at /etc/bitcoind.conf (you can -use contrib/debian/examples/bitcoin.conf as an example). Once installed, users -must edit the file in order to update at least these two -values: rpcuser and rpcpassword . Failing to do so will make the daemon fail -to boot. However, the message written to /var/lib/bitcoind/debug.log file is -very helpful and no default values should be set: - - YYYY-MM-DD HH:MM:DD Error: To use the "-server" option, you must set a rpcpassword in the configuration file: - /etc/bitcoind.conf - It is recommended you use the following random password: - rpcuser=bitcoinrpc - rpcpassword=HdYZ5HGtAF7mx8aTw6uCATtD2maMAK4E12Ysp4YNZQcX - (you do not need to remember this password) - The username and password MUST NOT be the same. - If the file does not exist, create it with owner-readable-only file permissions. - It is also recommended to set alertnotify so you are notified of problems; - for example: alertnotify=echo %s | mail -s "Bitcoin Alert" admin@foo.com - -Daemon's data and pid files will be stored in /var/lib/bitcoind directory, so it -should be created on installation and make bitcoind user/group it's owner. - -3. Installing .service file ---------------------------------- - -Installing this .service file consists on just copying it to /usr/lib/systemd/system -directory, followed by the command "systemctl daemon-reload" in order to update -running systemd configuration. |