.. _opservices:
Services
========
This section lists the names and explains the maintenance
of the REDAC-specific software on :ref:`opsetup-server`. This also includes the
supervision of log files and their general availability.
First of all, all REDAC software comes `dockerized `_ and/or
is maintained as `systemd services `_. One of the most important
properties is that all relevant services come up *automatically* on system boot. This
is ensured by having
* Python daemons being directly started by systemd units (within their relevant
`virtualenv `_).
* Single docker daemons being directly started by systemd units.
* `Docker-Compose `_ services being automatically
started by docker.
If you don't know how to maintain a sytemd service, please advise any contemporary
linux administrators manual. The same applies with docker and in particular
``docker-compose``.
Relevant systemd units
----------------------
The relevant systemd units are named:
* ``redaccess-forward.service`` (:ref:`redaccess`)
* ``redaccess-api.service`` (:ref:`redaccess`)
* ``supercontroller-proxy.service`` (:ref:`pybrid`)
* ``docker-keycloak.service`` (:ref:`opauth`)
You can edit the service description files in ``/etc/systemd/system/``.
For each service, you can its status with ``sudo systemctl status ``.
You can view the relevant logfiles with ``sudo journalctl --unit=``
(with `` = .service``). Helpful options for ``journalctl``
are the *follow flag* ``-f`` to get interactive, continous output as well as the
date filtering such as ``--since today`` to see the relevant logs only.
This is the output of a typical status report:
::
you@redac1-sc0 $ sudo systemctl status supercontroller-proxy.service
o supercontroller-proxy.service - REDAC SuperControl Proxy
Loaded: loaded (/etc/systemd/system/supercontroller-proxy.service; static)
Active: active (running) since Tue 2025-02-11 07:34:48 UTC; 5min ago
Main PID: 3718259 (python)
Tasks: 2 (limit: 38307)
Memory: 26.5M (peak: 27.0M)
CPU: 995ms
CGroup: /system.slice/supercontroller-proxy.service
+- 3718259 /home/anabrid-admin/.cache/pypoetry/virtualenvs/pybrid-computing-XZRhPXGJ-py3.12/bin/python -m pybrid.cli.base --log-level=DEBUG redac -h 192.168.104.0/24 proxy --ma>
...
Feb 11 07:34:57 redac1-sc0 python[3718259]: 57.677 | WARNING | proxy | Target for MAC mapping from 00-00-00-00-00-00 to 04-E9-E5-17-E5-4F does not exist.
Feb 11 07:34:57 redac1-sc0 python[3718259]: Starting proxy on 0.0.0.0:5732... Press Ctrl+C to exit.
Furthermore, the following services are part of ubuntu software packages, they are
not custom REDAC software but relevant for correct operation:
* ``caddy`` with its configuration file at ``/etc/caddy/Caddyfile``. This is the HTTPS webserver,
REST reverse proxy and main entrypoint. After changing the configuration file, a ``service caddy reload``
is sufficient.
* ``ssh`` is the OpenSSH server which is crucial for managing the system from remote.
* ``lightdm`` is the graphical display manager (greeter), see also :ref:`oplogin`. When you have
trouble with the graphical terminal, try to restart this service.
Docker service overview
-----------------------
The following docker services are used/installed:
* ``redac-keycloak`` is a single `keycloak `_ image from
`dockerhub `_, managed by a systemd unit (see above) with relevant options in
the service description file.
* Grafana as a ``docker-compose`` setup
You can get a quick overview about running services with these commands:
::
you@redac1-sc0 $ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bb9982649e60 quay.io/keycloak/keycloak:26.0.7 "/opt/keycloak/bin/k…" 47 minutes ago Up 47 minutes 8443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 9000/tcp redac-keycloak
b9ce90eaa284 redis2influx "poetry run python -…" 21 hours ago Up 14 hours redis2influx
f0b7f3d79034 grafana/grafana-oss "/run.sh" 21 hours ago Up 14 hours 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp grafana
515dd4d984cc influxdb:2 "/entrypoint.sh infl…" 21 hours ago Up 14 hours 0.0.0.0:8086->8086/tcp, :::8086->8086/tcp influxdb
c1ef8172ab3b redis/redis-stack "/entrypoint.sh" 21 hours ago Up 14 hours 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp, 0.0.0.0:8001->8001/tcp, :::8001->8001/tcp redis
20dacd1c8e2a ghcr.io/goauthentik/server:2024.12.2 "dumb-init -- ak wor…" 4 weeks ago Up 14 hours (healthy) authentik_worker_1
4376dc22d03d ghcr.io/goauthentik/server:2024.12.2 "dumb-init -- ak ser…" 4 weeks ago Up 14 hours (healthy) 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp authentik_server_1
fddcad498baf postgres:16-alpine "docker-entrypoint.s…" 4 weeks ago Up 14 hours (healthy) 5432/tcp authentik_postgresql_1
716681800dab redis:alpine "docker-entrypoint.s…" 4 weeks ago Up 14 hours (healthy) 6379/tcp authentik_redis_1
For instance, the Grafana installation is managed with
::
you@redac1-sc0:/path/to/grafana # docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------------
grafana /run.sh Up 0.0.0.0:3000->3000/tcp,:::3000->3000/tcp
influxdb /entrypoint.sh influxd Up 0.0.0.0:8086->8086/tcp,:::8086->8086/tcp
redis /entrypoint.sh Up 0.0.0.0:6379->6379/tcp,:::6379->6379/tcp, 0.0.0.0:8001->8001/tcp,:::8001->8001/tcp
redis2influx poetry run python -m src Up
Further details will follow as soon as the software is more mature. There will be a focus on
installation-specific details.
How to (re-)install the relevant software on the server
-------------------------------------------------------
In most cases, reinstallation will be as easy as an
``docker-compose pull``. Note that the REDAC software for the super controller
is not open sourced and thus updates will be provided by anabrid if there
is an appropriate contract discussing this in detail.
In the moment, please refer to the
section about :ref:`dev_software` in the developer's manual for further detail.