[RFC] implement systemd socket activation #5514
Conversation
ghost
assigned 
Stebalien
changed the title
Stebalien
added
kind/feature
cmd/ipfs/sockets/sockets_linux.go
Outdated
|
|
||
| var log = logging.Logger("socket-activation") | ||
|
|
||
| var socketsMu sync.Mutex |
There was a problem hiding this comment.
nitpick:
var (
socketsMu sync.Mutex
sockets map[string][]manet.Listener
)Makes the association of the mutex a little clearer.
cmd/ipfs/daemon.go
Outdated
| if err != nil { | ||
| return nil, fmt.Errorf("serveHTTPApi: invalid API address: %q (err: %s)", apiAddr, err) | ||
| return nil, fmt.Errorf("serveHTTPGateway: socket activation failed: %s", err) |
There was a problem hiding this comment.
s/serveHTTPGateway/serveHTTPApi
| @@ -0,0 +1,9 @@ | |||
| [Unit] | |||
There was a problem hiding this comment.
How does configuration work, in terms of users vs system config? Where is the repo initialized when enabling this service, if this enabled as a system service instead of as a user one? For example, the Arch Linux Wiki suggests starting ipfs as a systemd user service. This probably doesn't need to be solved here but I feel if we are going to be putting out an 'official' service file it is something that we should take into consideration.
There was a problem hiding this comment.
I just put these here as starting points. The one I use is:
[Unit]
Description=IPFS Daemon
[Service]
User=ipfs
Group=ipfs
NoNewPrivileges=true
ProtectHome=true
ProtectSystem=full
PrivateTmp=true
PrivateDevices=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
Environment=IPFS_PATH=/var/lib/ipfs
Environment=HOME=/var/lib/ipfs
ExecStart=/usr/bin/ipfs daemon --routing=dhtclient --migrate=true
KillSignal=SIGINT
[Install]
WantedBy=default.target
Also=ipfs-api.socket
Also=ipfs-gateway.socket| Service=ipfs.service | ||
| FileDescriptorName=io.ipfs.api | ||
| BindIPv6Only=true | ||
| ListenStream=127.0.0.1:5001 |
There was a problem hiding this comment.
It would be great if the port values were retrieved from the ~/.ipfs/config or even better ~/.config/ipfs/config or some suitable configuration directory. But whatever the solution, this will be confusing for users, i.e. enable systemd sockets, at some point in the future want to change port values, update ~/.ipfs/config, does nothing, restart sockets, still does nothing, google it/remembers to change in systemd files.
There was a problem hiding this comment.
Yeah but there's really nothing we can do about that. systemd doesn't let one read a config file.
Well... technically I can write a generator and generate these socket files dynamically. However, that probably isn't worth it.
We could, alternatively, listen on the union of addresses.
There was a problem hiding this comment.
You could use an EnvironmentFile?
License: MIT Signed-off-by: Steven Allen <[email protected]>
License: MIT Signed-off-by: Steven Allen <[email protected]>
Stebalien
force-pushed
the
feat/systemd-activation
branch
from
30cf7d5 to
39ff597
Compare
License: MIT Signed-off-by: Steven Allen <[email protected]>
|
I like the use case -- but how about a multiaddr? :) Could be systemd-specific, or something more general about file descriptors. |
|
@lgierth wouldn't that require |
|
The systemd unit wouldn't change, but you'd have go-ipfs explicitly configured to listen on e.g. |
Sorry, I am only two coffees into my day, would |
It would be the same as this PR, except instead of just optimistically looking for systemd file descriptors, go-ipfs would have e.g. |
|
This was a random "let's try this PR". I'll try to revive it at some future point but I'll close it for now. |
It works but it could probably be prettier. Thoughts?
Basically, this patch checks for sockets passed via systemd socket-activation and, if present, ignores all other configured listen addresses and uses those. Currently, it only supports socket activation of the gateway and the API.
Motivation: this allows me to auto-start IPFS when I actually need it (but not until then).