No, not an evil spirit. Rather a wicked “fully executable” jar to run Smuggler as a Linux service.
This distro comes with a Spring Boot “fully executable” jar you can use to run Smuggler either as a System V (init
) daemon or systemd
service. This executable jar is just the Smuggler self-contained jar prepended with a startup script. No black magic.
Service Account
Decide what account to use to run Smuggler. Ideally, you should use an unprivileged user with no shell access. For example the command below creates both a group named smuggler
and a user with the same name inside this new group while making sure the user has no shell access.
$ sudo useradd -r -s /usr/bin/nologin smuggler -U
Of course, YMMV.
Unpacking
Now unpack the distro tarball. You could extract the contents to /opt
, for example
$ sudo tar xzf ome-smuggler-linux-daemon-*tgz -C /opt
or to any other directory as appropriate for your system. Either way, you should now see an ome-smuggler
directory with the following in it
ome-smuggler-*.exe.jar
: the Spring Boot executable jar.ome-smuggler-*.exe.conf
: Spring Boot configuration file for the startup script embedded into the executable jar.ome-cli-*.jar
: the app Smuggler uses to run imports.LICENSE.md
,README.md
: can you guess what these are yet?
You need to make your service user/group own this ome-smuggler
directory. For example, if you have a user and group both named smuggler
$ cd /opt
$ sudo chown smuggler:smuggler ome-smuggler
And as we’re at it, let’s raise the security bar even more:
$ sudo chmod 700 ome-smuggler
$ sudo chmod 500 ome-smuggler/ome-smuggler-*.exe.jar
$ sudo chmod 400 ome-smuggler/ome-cli-*.jar
$ sudo chattr +i ome-smuggler/*.jar
Over and above these basic things, you should also do whatever additional hardening advised by your system security guidelines.
Minimal Configuration
Smuggler uses three directories during his operation: one for configuration, one for data related to task processing, and one for logs. (Details in the configuration section.) The Linux daemon is pre-configured to create a data and log directory inside ome-smuggler
—i.e. the directory you unpacked earlier—and to read your configuration from a config
directory also inside ome-smuggler
. The horror! But you can make the daemon follow Unix conventions in below a minute: just edit ome-smuggler-*.exe.conf
to specify your directory layout. For example, a decent arrangement could be:
/etc/opt/ome-smuggler.d
for your configuration directory;/var/opt/ome-smuggler
for data; and/var/log/ome-smuggler
for the logs.
Smuggler will try to start an HTTP server on port 8000
. If that doesn’t suit you, stick an undertow.yml
file in your configuration directory with this line in it:
port: 8000
but replace 8000
with the port number you want.
Restart Required!
Every time you change any of your configuration files you’ll have to stop and start the server again for the new configuration to take effect.
As for the mail configuration, Smuggler expects an SMTP service to be available on port 25
on localhost
. If this is not the case, email notifications won’t go out (obviously!) but for the rest Smuggler will still work as advertised. Anyway, you can easily override the default mail configuration with your own: just provide a mail.yml
file as explained in the configuration section.
Daemon Installation
At this point you’re ready to hook the fully executable jar into init.d
or systemd
. The installation instructions in the Spring Boot manual explain how to do that.