aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a8d75db00a'
${ noResults }
boundary/website/content/docs/installing/systemd.mdx

95 lines
2.9 KiB
Raw Blame History

---
layout: docs
page_title: Systemd Installation
sidebar_title: Systemd Install
description: |-
How to install Boundary under Systemd on Linux
---
# Installing Boundary under Systemd
This section covers how to install Boundary under the [Systemd]() init system on modern Linux distributions. In this section we'll cover an example of breaking out the controller and worker servers onto separate instances, though you can opt to run both on a single server.
## Filesystem Configuration
`TYPE` below can be either `worker` or `controller`.
1. `/etc/boundary-${TYPE}.hcl`: Configuration file for the boundary service
See above example configurations.
2. `/usr/local/bin/boundary`: The Boundary binary
Can build from https://github.com/hashicorp/boundary or download binary from our release pages.
3. `/etc/systemd/system/boundary-${TYPE}.service`: Systemd unit file for the Boundary service
Example:
## User & Group Configuration
We recommend running Boundary as a non-root user, and use this user to manage the Boundary process running under systemd. The example init files here do exactly this, and our example install script below creates a user and group on Debian-like Ubuntu systems as an example.
## Systemd Unit file
```
[Unit]
Description=${NAME} ${TYPE}
[Service]
ExecStart=/usr/local/bin/${NAME} ${TYPE} -config /etc/${NAME}-${TYPE}.hcl
User=boundary
Group=boundary
LimitMEMLOCK=infinity
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
[Install]
WantedBy=multi-user.target
```
## Systemd All-in-One Installation Script
Here's a simple install script that creates the boundary group and user, installs the
systemd unit file and enables it at startup:
```
#!/bin/bash
# Installs the boundary as a service for systemd on linux
# Usage: ./install.sh <worker|controller>
TYPE=$1
NAME=boundary
sudo cat << EOF > /etc/systemd/system/${NAME}-${TYPE}.service
[Unit]
Description=${NAME} ${TYPE}
[Service]
ExecStart=/usr/local/bin/${NAME} ${TYPE} -config /etc/${NAME}-${TYPE}.hcl
User=boundary
Group=boundary
LimitMEMLOCK=infinity
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
[Install]
WantedBy=multi-user.target
EOF
# Add the boundary system user and group to ensure we have a no-login
# user capable of owning and running Boundary
sudo adduser --system --group boundary || true
sudo chown boundary:boundary /etc/${NAME}-${TYPE}.hcl
sudo chown boundary:boundary /usr/local/bin/boundary
# Make sure to initialize the DB before starting the service. This will result in
# a database already initizalized warning if another controller or worker has done this
# already, making it a lazy, best effort initialization
if [ "${TYPE}" = "controller" ]; then
sudo /usr/local/bin/boundary database init -config /etc/${NAME}-${TYPE}.hcl || true
fi
sudo chmod 664 /etc/systemd/system/${NAME}-${TYPE}.service
sudo systemctl daemon-reload
sudo systemctl enable ${NAME}-${TYPE}
sudo systemctl start ${NAME}-${TYPE}
```
Reference in new issue View Git Blame Copy Permalink