11. Services
This section lists the names and explains the maintenance of the REDAC-specific software on The Super Controller Server. This also includes the supervision of log files and their general availability.
First of all, all REDAC software comes dockerized and/or is maintained as systemd services. One of the most important properties is that all relevant services come up automatically on system boot. This is ensured by having
Python daemons being directly started by systemd units (within their relevant virtualenv).
Single docker daemons being directly started by systemd units.
Docker-Compose services being automatically started by docker.
If you don’t know how to maintain a sytemd service, please advise any contemporary
linux administrators manual. The same applies with docker and in particular
docker-compose.
11.1. Relevant systemd units
The relevant systemd units are named:
redaccess-forward.service(Redaccess (Middleware))redaccess-api.service(Redaccess (Middleware))supercontroller-proxy.service(Pybrid Proxy)docker-keycloak.service(Authentification)
You can edit the service description files in /etc/systemd/system/<nameOfService>.
For each service, you can its status with sudo systemctl status <nameOfService>.
You can view the relevant logfiles with sudo journalctl --unit=<nameOfUnit>
(with <nameOfService> = <nameOfUnit>.service). Helpful options for journalctl
are the follow flag -f to get interactive, continous output as well as the
date filtering such as --since today to see the relevant logs only.
This is the output of a typical status report:
you@redac1-sc0 $ sudo systemctl status supercontroller-proxy.service
o supercontroller-proxy.service - REDAC SuperControl Proxy
Loaded: loaded (/etc/systemd/system/supercontroller-proxy.service; static)
Active: active (running) since Tue 2025-02-11 07:34:48 UTC; 5min ago
Main PID: 3718259 (python)
Tasks: 2 (limit: 38307)
Memory: 26.5M (peak: 27.0M)
CPU: 995ms
CGroup: /system.slice/supercontroller-proxy.service
+- 3718259 /home/anabrid-admin/.cache/pypoetry/virtualenvs/pybrid-computing-XZRhPXGJ-py3.12/bin/python -m pybrid.cli.base --log-level=DEBUG redac -h 192.168.104.0/24 proxy --ma>
...
Feb 11 07:34:57 redac1-sc0 python[3718259]: 57.677 | WARNING | proxy | Target for MAC mapping from 00-00-00-00-00-00 to 04-E9-E5-17-E5-4F does not exist.
Feb 11 07:34:57 redac1-sc0 python[3718259]: Starting proxy on 0.0.0.0:5732... Press Ctrl+C to exit.
Furthermore, the following services are part of ubuntu software packages, they are not custom REDAC software but relevant for correct operation:
caddywith its configuration file at/etc/caddy/Caddyfile. This is the HTTPS webserver, REST reverse proxy and main entrypoint. After changing the configuration file, aservice caddy reloadis sufficient.sshis the OpenSSH server which is crucial for managing the system from remote.lightdmis the graphical display manager (greeter), see also Login and usage of the server. When you have trouble with the graphical terminal, try to restart this service.
11.2. Docker service overview
The following docker services are used/installed:
redac-keycloakis a single keycloak image from dockerhub, managed by a systemd unit (see above) with relevant options in the service description file.Grafana as a
docker-composesetup
You can get a quick overview about running services with these commands:
you@redac1-sc0 $ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bb9982649e60 quay.io/keycloak/keycloak:26.0.7 "/opt/keycloak/bin/k…" 47 minutes ago Up 47 minutes 8443/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp, 9000/tcp redac-keycloak
b9ce90eaa284 redis2influx "poetry run python -…" 21 hours ago Up 14 hours redis2influx
f0b7f3d79034 grafana/grafana-oss "/run.sh" 21 hours ago Up 14 hours 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp grafana
515dd4d984cc influxdb:2 "/entrypoint.sh infl…" 21 hours ago Up 14 hours 0.0.0.0:8086->8086/tcp, :::8086->8086/tcp influxdb
c1ef8172ab3b redis/redis-stack "/entrypoint.sh" 21 hours ago Up 14 hours 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp, 0.0.0.0:8001->8001/tcp, :::8001->8001/tcp redis
20dacd1c8e2a ghcr.io/goauthentik/server:2024.12.2 "dumb-init -- ak wor…" 4 weeks ago Up 14 hours (healthy) authentik_worker_1
4376dc22d03d ghcr.io/goauthentik/server:2024.12.2 "dumb-init -- ak ser…" 4 weeks ago Up 14 hours (healthy) 0.0.0.0:9000->9000/tcp, :::9000->9000/tcp, 0.0.0.0:9443->9443/tcp, :::9443->9443/tcp authentik_server_1
fddcad498baf postgres:16-alpine "docker-entrypoint.s…" 4 weeks ago Up 14 hours (healthy) 5432/tcp authentik_postgresql_1
716681800dab redis:alpine "docker-entrypoint.s…" 4 weeks ago Up 14 hours (healthy) 6379/tcp authentik_redis_1
For instance, the Grafana installation is managed with
you@redac1-sc0:/path/to/grafana # docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------------
grafana /run.sh Up 0.0.0.0:3000->3000/tcp,:::3000->3000/tcp
influxdb /entrypoint.sh influxd Up 0.0.0.0:8086->8086/tcp,:::8086->8086/tcp
redis /entrypoint.sh Up 0.0.0.0:6379->6379/tcp,:::6379->6379/tcp, 0.0.0.0:8001->8001/tcp,:::8001->8001/tcp
redis2influx poetry run python -m src Up
Further details will follow as soon as the software is more mature. There will be a focus on installation-specific details.
11.3. How to (re-)install the relevant software on the server
In most cases, reinstallation will be as easy as an
docker-compose pull. Note that the REDAC software for the super controller
is not open sourced and thus updates will be provided by anabrid if there
is an appropriate contract discussing this in detail.
In the moment, please refer to the section about Software in the developer’s manual for further detail.