Build and Run Automation
To get an automated build of grin and run the server, pull changes from Github, compile and restart, then run grin as a service. Tested on both Ubuntu 16.04 and Fedora 28.
Build and run manually the first time
Set up grin as a service
Disable the TUI before setting up grin as a service by updating the following line in
run_tui = false
Then create a service file for grin:
sudo nano /etc/systemd/system/grin.service
Paste the following content into the file. Ensure you update it with your own user, group, working directory, and path where you placed the grin binary.
[Unit] Description=grin node After=network.target [Service] WorkingDirectory=/home/alice/.grin/ User=alice Group=alice PrivateDevices=yes Type=simple ExecReload=/bin/kill -HUP $MAINPID KillMode=mixed KillSignal=SIGTERM TimeoutStopSec=60 ExecStart=/home/alice/mimblewimble/grin/target/release/grin Restart=on-failure RestartSec=30 [Install] WantedBy=multi-user.target Alias=grin.service
Tell systemd to reload (you need to do that every time you edit this file):
Now try to start the node:
sudo systemctl start grin
And check to see if it's running:
ps aux | grep grin
That should give you two lines of output like this:
alice 19175 0.4 0.6 188040 54208 ? Ssl 17:45 0:07 /home/alice/mimblewimble/grin/target/release/grin alice 27481 0.0 0.0 12944 1028 pts/0 S+ 18:11 0:00 grep --color=auto grin
If you use SELinux in Enforcing mode, the first time you are going to run grin via systemd is going to fail with permission errors. You can grab a profile of those permission errors using
audit2allow, create a SELinux policy module for grin, and add that module in SELinux's policies.
# capture grin AVC denials in a file (sudo audit2allow -w -a | ausearch -c grin) > denials.log # create a policy module out of the captured denials # avoid piping audit2allow to itself due to https://bugs.centos.org/view.php?id=14220 cat denials.log | audit2allow -M grin # set the module in SELinux's policies sudo semodule -i grin.pp
There is an additional thread in grin named
peer_connect that also gets denied certain access so it's more likely that you will need to repeat the above process for it as well.
Create an update script
Copy this text into a
nightly-update.sh script in the same directory as the above:
#!/bin/sh cd /home/alice/mimblewimble/grin git pull git checkout master git fetch --tags latestTag=$(git describe --tags `git rev-list --tags --max-count=1`) git checkout $latestTag cargo build --release sudo systemctl restart grin
If you want to be pedantic and build from scratch every time, you can also insert
cargo clean before
cargo build --release.
Set up a cron job
You can set up cron jobs for you the current user by executing:
This will open an editor and let you edit the cron file of the current user. Paste this onto the bottom of the file:
0 2 * * * /home/alice/mimblewimble/nightly-update.sh 1> /home/alice/mimblewimble/nightly-update.log 2> /home/alice/mimblewimble/nightly-update.log
The above puts either success or fail debug output into a file in your main directory. Alternatively, if mail is enabled on your host, you can also have the results emailed to you:
0 2 * * * /home/alice/mimblewimble/nightly-update.sh 2>&1 | mail -s "grin update FAIL" firstname.lastname@example.org
This runs the script from the previous step at 2 am UTC. Please adjust this time with some randomness so your node does not restart at the same time as everyone else.
Check that it worked
Later, after your chosen time of day has passed, you can check that all is working as expected. If you run
ps aux | grep grin, you should get one output line that is something like:
alice 13065 0.5 1.0 206492 85232 ? Ssl 02:00 5:30 /home/alice/mimblewimble/grin/target/release/grin
That means the server is running. Now also check that the latest version was built by running:
ls -l ~/mimblewimble/grin/target/release/grin
That should make it all set to compile and restart every night. Enjoy!