Add eturnal (STUN/TURN standalone server) systemd service unit #187
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Taken [from upstream][1]. With `LogsDirectory=eturnal`, eturnal currently logs to `/var/log/eturnal/eturnal.log`. [1]: https://github.com/processone/eturnal/blob/master/config/eturnal.service
With `ETURNAL_ETC_PREFIX=/project/eturnal` eturnal uses `/project/eturnal/etc/eturnal.yml`.
From [issues #9 (*Document ERL_EPMD_ADDRESS and ERL_EPMD_PORT*)][1]: > === ERL_EPMD_ADDRESS === > > On eturnal startup, an Erlang Port Mapper Daemon (epmd) service is spawned (if > not running already). This service listens on all available interfaces by > default. Setting the `ERL_EPMD_ADDRESS' environment variable tells epmd to > listen on the specified comma-seperated list of IP addresses instead. Note that > the IPv4 and IPv6 loopback addresses are implicitly added to this list if not > specified. It's usually recommended to set `ERL_EPMD_ADDRESS' to `127.0.0.1' > (e.g., by calling `systemctl edit eturnal' and adding an > `Environment="ERL_EPMD_ADDRESS=127.0.0.1"' line to the `[Service]' section). [1]: https://github.com/processone/eturnal/issues/9
This reverts commit f95afb4. Despite `net.ipv6.conf.all.disable_ipv6 = 1`, epmd tries to bind to the IPv6 loopback device, [which fails][1]. eturnalctl[91982]: Protocol 'inet_tcp': register/listen error: econnrefused So, remove `ERL_EPMD_ADDRESS=127.0.0.1`, which is no problem, as our firewall blocks access to epmd from the internet. [1]: https://github.com/processone/eturnal/issues/11
`LogsDirectory=` does not support absolute paths:
Nov 03 13:23:09 pitti.molgen.mpg.de systemd[1]: /etc/systemd/system/eturnal.service:20: LogsDirectory= path is absolute, ignoring: /project/eturnal/log
Therefore, [do not set it all][1]:
> If this environment variable is unset as well, a `log' directory is
> created within the installation prefix.
The directory `log` is a symbolic link to `/project/eturnal/log`
[1]: https://github.com/processone/eturnal/blob/f9168eb70d2a1b8f7f110f4022985adb65175e55/doc/overview.edoc#L178-L188
|
No, it’s not enabled, and going to be started by
It’s not needed for bigbluebutton.molgen.mpg.de, so people with NAT or behind restrictive firewalls can connect. |
Maybe remove the install section from the service unit? |
…ation We use mxstartupctl to start the service.
|
Looks good. |
[`ProtectSystem=strict` mounts more directories as read-only.][1] [The upstream service unit only sets it to `full` to support older systemd releases.][2] systemd 242, currently shipped by MarIuX, support `strict`, so use it. [1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem= [2]: https://github.com/processone/eturnal/issues/14#issuecomment-843021648
Sign in
to join this conversation on GitHub.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.