Add boot-time secrets loading service to prevent service failures after reboot
All checks were successful
Systemd Sync / sync-systemd (push) Successful in 19s
All checks were successful
Systemd Sync / sync-systemd (push) Successful in 19s
- Add aitbc-load-secrets.service to load /run/aitbc/secrets/.env at boot - Add aitbc-secrets.conf tmpfiles.d config to create secrets directory - Update link-systemd.sh to deploy tmpfiles.d configurations - Fixes issue where services fail with 'Failed to load environment files' after reboot
This commit is contained in:
aitbc
4
scripts/config/aitbc-secrets.conf
Normal file
4
scripts/config/aitbc-secrets.conf
Normal file
@@ -0,0 +1,4 @@
|
||||
# Create runtime directory for AITBC secrets at boot
|
||||
# This directory is in tmpfs (/run) and gets cleared on reboot
|
||||
# Deployed to /etc/tmpfiles.d/ by setup scripts
|
||||
d /run/aitbc/secrets 0700 root root -
|
||||
@@ -8,10 +8,14 @@
|
||||
|
||||
REPO_SYSTEMD_DIR="/opt/aitbc/systemd"
|
||||
ACTIVE_SYSTEMD_DIR="/etc/systemd/system"
|
||||
REPO_CONFIG_DIR="/opt/aitbc/scripts/config"
|
||||
ACTIVE_TMPFILES_DIR="/etc/tmpfiles.d"
|
||||
|
||||
echo "=== AITBC SYSTEMD LINKING ==="
|
||||
echo "Repository: $REPO_SYSTEMD_DIR"
|
||||
echo "Active: $ACTIVE_SYSTEMD_DIR"
|
||||
echo "Config: $REPO_CONFIG_DIR"
|
||||
echo "Tmpfiles: $ACTIVE_TMPFILES_DIR"
|
||||
echo
|
||||
|
||||
# Check if running as root
|
||||
@@ -97,6 +101,26 @@ else
|
||||
echo " ⚠️ Systemd daemon reload failed, but continuing..."
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "📁 Deploying tmpfiles.d configurations..."
|
||||
if [[ -d "$REPO_CONFIG_DIR" ]]; then
|
||||
for file in "$REPO_CONFIG_DIR"/*.conf; do
|
||||
if [[ -f "$file" ]]; then
|
||||
filename=$(basename "$file")
|
||||
target="$ACTIVE_TMPFILES_DIR/$filename"
|
||||
echo " 📋 Deploying: $filename -> $target"
|
||||
if cp "$file" "$target" 2>/dev/null; then
|
||||
echo " ✅ Successfully deployed: $filename"
|
||||
else
|
||||
echo " ❌ Failed to deploy: $filename"
|
||||
((error_count++))
|
||||
fi
|
||||
fi
|
||||
done
|
||||
else
|
||||
echo " ℹ️ Config directory not found: $REPO_CONFIG_DIR (skipping tmpfiles.d deployment)"
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "✅ Systemd linking completed!"
|
||||
echo
|
||||
|
||||
12
systemd/aitbc-load-secrets.service
Normal file
12
systemd/aitbc-load-secrets.service
Normal file
@@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=Load AITBC secrets at boot
|
||||
Before=aitbc-blockchain-rpc.service aitbc-coordinator-api.service aitbc-wallet.service aitbc-agent-coordinator.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/opt/aitbc/scripts/utils/load-keystore-secrets.sh
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user