Using systemd to handle restarts
systemd is a common system daemon that works with running services in linux. A
common scenario is wanting services to automatically start on boot or to restart
if they crash. Lots of things can happen to computers. You want your service to
be resistant to a minimal degree.
Keeping a service up minimally can happen through a simple
.service file. I
use this pattern to make sure services stay up after restarts of the machine or
handling errors in the service which can take it down.
[Unit] Description=Describe your service ; Wait till the network is online After=network-online.target ; Make sure networkd is online Wants=network-online.target systemd-networkd-wait-online.service ; Time between start attempts. StartLimitIntervalSec=500 ; Limit of number of starts StartLimitBurst=5 [Service] ; make sure to restart if the process stops Restart=on-failure ; time til it will try to restart RestartSec=5s ; Your main executable to run ExecStart=/usr/bin/docker run -e CSP_CAPTURE_LOG -v /var/log/csp-capture:/log -p 12345:12345 registry.gitlab.com/rockerboo/csp-capture ; Any additional environmental variables for this process can be set here Environment=CSP_CAPTURE_LOG=/log/csp-capture.log [Install] WantedBy=multi-user.target
Once you finish you must update the daemon for systemd
systemctl daemon-reload). Then you should be able to run the service to see
sudo systemctl start myservicefile.service
Then you can “enable” the service.
sudo systemctl enable myservicefile.service
Next, you want to harden your service files. You may not need to do much but it’s a good thing to look into. A thread on hacker news has good information on how to do this. Contains other posts with more information.
Specifically look into
systemd-analyze security myservicefile.service which
will check for possible hardening you can do. You want to make sure you don’t
expose too much and limit what this process can do, at least from the systemd