Running Cells as a service with Systemd
Created on 2020/07/01,When deployed in production environment, we generally advise to run Pydio Cells as a systemd service.
This configuration assumes that you have followed our recommended best practices during installation process, see our detailed installation guides. Adapt to your specific setup if necessary.
Thus you have:
- defined
CELLS_WORKING_DIRas/var/cells - the downloaded binary at
/opt/pydio/bin/cells - a
pydiouser that has correct rights on/opt/pydio(read and execute) and/var/cells - the
pydiouser has onlysudopermission to execute the setcap command. Typically on Linux, do:
echo "pydio ALL=(ALL) NOPASSWD: /sbin/setcap 'cap_net_bind_service=+ep' /opt/pydio/bin/cells" | sudo tee -a /etc/sudoers.d/pydio
Create a new /etc/systemd/system/cells.service file with following content:
[Unit]
Description=Pydio Cells
Documentation=https://pydio.com
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/opt/pydio/bin/cells
[Service]
WorkingDirectory=/tmp/cells
User=pydio
Group=pydio
PermissionsStartOnly=true
ExecStartPre=/usr/bin/sudo /sbin/setcap 'cap_net_bind_service=+ep' /opt/pydio/bin/cells
ExecStart=/opt/pydio/bin/cells start
Restart=on-failure
StandardOutput=journal
StandardError=inherit
LimitNOFILE=65536
TimeoutStopSec=5
KillSignal=INT
SendSIGKILL=yes
SuccessExitStatus=0
# Add environment variables
Environment=PYDIO_LOGS_LEVEL=production
Environment=CELLS_WORKING_DIR=/var/cells
Environment=PYDIO_ENABLE_METRICS=false
[Install]
WantedBy=multi-user.target
Then, enable and start the service:
sudo systemctl enable cells
sudo systemctl start cells
Various Notes
Loging
With the above configuration, Pydio Cells logs in rolling text files of 10MB under <CELLS_WORKING_DIR>/logs/ folder. Typically, on Linux:
tail -200f /var/cells/logs/cells.log
It is worth noting that logs are also outputed to the systemd standard loging system so that you can also see them with e.g.:
sudo journalctl -f -u cells --since "1 hour ago"
Systemd working directory
In the above file, we also overwrite the default systemd configuration for the working directory by using:
...
[Service]
WorkingDirectory=/tmp/cells
...
Thus the current directory for the various processes that are launched by the app is /tmp/cells, that we find safer than the default location that is usually the home directory of the user that runs the app.
Please note that this directory must exist and be writable before launching the application.
If it is not the case, the system fails to start with a message that can be quite cryptic for people that are not systemd fluent:
...
code=exited, status=200/CHDIR
...