Create systemd file so the app can run as a Linux system daemon. #2737

[Rajveerchoubisa]

What kind of change does this PR introduce?

• Feature: Adds a new systemd service file for Talawa API to allow it to run as a Linux service.

Issue Number:

• 2737

Fixes #

Did you add tests for your changes?

• No. This change is related to creating a service file for systemd, and doesn't involve direct code functionality changes, so testing is not applicable.

Snapshots/Videos:

• N/A (As it's a configuration file, visual snapshots are not applicable)

If relevant, did you update the documentation?

• Yes. Updated relevant configuration documentation on the Talawa Docs to include details about setting up the systemd-talawa-api.service for automatic startup.

Summary

This pull request introduces a systemd service file (systemd-talawa-api.service) to enable the Talawa API to run as a service on Linux systems. This allows the Talawa API to be easily managed using standard systemctl commands (such as start, stop, restart, and enable on boot).

The service file sets up:

• The user and group under which the service runs.
• Environment variables for the Talawa API's root directory and configuration.
• Commands for starting, stopping, and restarting the API.

This change ensures that the Talawa API can be run as a background service in production environments, improving its manageability and availability.

Does this PR introduce a breaking change?

• No, this PR does not introduce any breaking changes to the functionality of Talawa API. It only adds configuration for managing the API as a service.

Other information

• The systemd-talawa-api.service file is configured for systems running RedHat/CentOS/Fedora or Debian/Ubuntu, based on the paths where systemd services are typically stored.
• You may need to update the CODEROOT and TALAWA_API_CONFIGDIR paths in the service file to match the actual directory paths on your system.

Have you read the contributing guide?

• Yes

Summary by CodeRabbit

• New Features
  • Introduced a new systemd service file for managing the Talawa API as a system service on Linux systems.
  • Added a new environment configuration file for the Talawa API, defining essential environment variables and command options.

[coderabbitai]

Warning

Rate limit exceeded

@Rajveerchoubisa has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 6 minutes and 44 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between fdb6199 and efa0641.

📒 Files selected for processing (1)

• examples/linux/systemd/systemd-talawa-api.service (1 hunks)

Walkthrough

The changes introduce a new systemd service file for the Talawa API, enabling it to be managed as a system service on Linux. The service file includes configuration for the service's operational parameters, such as dependencies, execution commands, and environment variables. It is set to run under specific user and group permissions and is designed to start automatically at boot. This implementation aligns with the requirements for running the application as a Linux system daemon.

Changes

File Path	Change Summary
examples/linux/systemd/systemd-talawa-api.service	New systemd service file created to manage the Talawa API as a Linux system service with specified configurations.
examples/linux/systemd/talawa-api.env	New environment configuration file created with variables for the Talawa API's operational settings.

Possibly related issues

• API: Create systemd file so the app can run as a Linux system daemon. #2737: This pull request addresses the request for creating a systemd file to allow the Talawa API to run as a Linux system daemon, fulfilling the outlined requirements.

Poem

In the land of code where rabbits play,
A service file hops in, brightening the day.
With systemd's help, the Talawa API will thrive,
Running as a daemon, oh what a lively drive!
So let’s raise our ears and give a cheer,
For this new change brings the future near! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Our Pull Request Approval Process

Thanks for contributing!

Testing Your Code

Remember, your PRs won't be reviewed until these criteria are met:

1. We don't merge PRs with poor code quality.
   1. Follow coding best practices such that CodeRabbit.ai approves your PR.
2. We don't merge PRs with failed tests.
   1. When tests fail, click on the Details link to learn more.
   2. Write sufficient tests for your changes (CodeCov Patch Test). Your testing level must be better than the target threshold of the repository
   3. Tests may fail if you edit sensitive files. Ask to add the ignore-sensitive-files-pr label if the edits are necessary.
3. We cannot merge PRs with conflicting files. These must be fixed.

Our policies make our code better.

Reviewers

Do not assign reviewers. Our Queue Monitors will review your PR and assign them.
When your PR has been assigned reviewers contact them to get your code reviewed and approved via:

1. comments in this PR or
2. our slack channel

Reviewing Your Code

Your reviewer(s) will have the following roles:

1. arbitrators of future discussions with other contributors about the validity of your changes
2. point of contact for evaluating the validity of your work
3. person who verifies matching issues by others that should be closed.
4. person who gives general guidance in fixing your tests

CONTRIBUTING.md

Read our CONTRIBUTING.md file. Most importantly:

1. PRs with issues not assigned to you will be closed by the reviewer
2. Fix the first comment in the PR so that each issue listed automatically closes

Other

1. 🎯 Please be considerate of our volunteers' time. Contacting the person who assigned the reviewers is not advised unless they ask for your input. Do not @ the person who did the assignment otherwise.
2. Read the CONTRIBUTING.md file make

[github-actions]

Congratulations on making your first PR! 🎊 If you haven't already, check out our Contributing Guidelines and PR Reporting Guidelines to ensure that you are following our guidelines for contributing and creating PR.

[coderabbitai]

Actionable comments posted: 4

🧹 Outside diff range and nitpick comments (1)

examples/linux/systemd/systemd-talawa-api.service (1)

1-20: Enhance setup instructions for production deployment

The setup instructions should include additional critical steps for secure production deployment:

1. Directory permissions and ownership:
   • Set correct permissions for /var/run/talawa-api
   • Set correct permissions for log directory
2. SELinux context (for RedHat variants)
3. Log rotation configuration
4. Specify the name of the configuration file referenced in step 0

Would you like me to provide detailed instructions for these additional setup steps?

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 43f2bb0 and 354b373.

📒 Files selected for processing (1)

• examples/linux/systemd/systemd-talawa-api.service (1 hunks)

[coderabbitai]

💡 Codebase verification

Add recommended systemd service hardening directives

The service file is missing several important systemd directives that would improve service reliability and security:

• Add Restart=on-failure to automatically restart the service on failures
• Add ProtectSystem=full to make the /usr and /boot directories read-only
• Add NoNewPrivileges=yes to prevent privilege escalation
• Consider adding other hardening options like:
  • ProtectHome=yes
  • RestartSec=5
  • PrivateTmp=yes

🔗 Analysis chain

Verify systemd service file syntax

Let's verify the service file syntax and check for common configuration patterns.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify systemd service file syntax and common patterns

# Check syntax
systemd-analyze verify examples/linux/systemd/systemd-talawa-api.service 2>&1 || true

# Check for common systemd service patterns
rg -l "WantedBy=multi-user.target" | while read -r file; do
  echo "Analyzing $file for common systemd patterns..."
  rg "Restart=" "$file" || echo "Missing Restart directive in $file"
  rg "ProtectSystem=" "$file" || echo "Missing ProtectSystem directive in $file"
  rg "NoNewPrivileges=" "$file" || echo "Missing NoNewPrivileges directive in $file"
done

Length of output: 1178

[coderabbitai]

🛠️ Refactor suggestion

Add essential service dependencies

The Unit section should include additional dependencies and documentation:

 [Unit]
 Description=Talawa API Service
+Documentation=https://github.com/talawa-api/
 After=network.target
+After=postgresql.service redis.service
+Requires=postgresql.service
+Wants=redis.service

This ensures proper service startup order and documents the service's dependencies.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	[Unit]
	Description=Talawa API Service
	After=network.target
	[Unit]
	Description=Talawa API Service
	Documentation=https://github.com/talawa-api/
	After=network.target
	After=postgresql.service redis.service
	Requires=postgresql.service
	Wants=redis.service

[coderabbitai]

⚠️ Potential issue

Improve service execution security and reliability

The current ExecStart/Stop/Reload commands use shell expansion which could be unsafe. Also, missing important security and reliability settings.

1. Simplify execution commands:

-ExecStart=/bin/bash -c '${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py $START'
-ExecStop=/bin/bash -c '${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py $STOP'
-ExecReload=/bin/bash -c '${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py $RESTART'
+ExecStart=${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py ${START}
+ExecStop=${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py ${STOP}
+ExecReload=${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py ${RESTART}

2. Add security and reliability directives:

 Type=forking
 RuntimeDirectory=talawa
+# Restart policy
+Restart=always
+RestartSec=3
+
+# Security settings
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=read-only
+
+# Resource limits
+LimitNOFILE=65535
+LimitNPROC=4096

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Command to start Talawa API
	ExecStart=/bin/bash -c '${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py $START'
	# Command to stop Talawa API
	ExecStop=/bin/bash -c '${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py $STOP'
	# Command to restart Talawa API
	ExecReload=/bin/bash -c '${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py $RESTART'
	# Command to start Talawa API
	ExecStart=${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py ${START}
	# Command to stop Talawa API
	ExecStop=${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py ${STOP}
	# Command to restart Talawa API
	ExecReload=${VIRTUAL_ENV}/python3 ${CODEROOT}/main.py ${RESTART}

[coderabbitai]

🛠️ Refactor suggestion

Use EnvironmentFile for better security and maintainability

Instead of hardcoding environment variables, use an EnvironmentFile:

 [Service]
 User=talawa
 Group=talawa
-Environment=CODEROOT=/home/talawa/talawa-api
-Environment=TALAWA_API_CONFIGDIR=/etc/talawa
-Environment=VIRTUAL_ENV=$CODEROOT/venv/bin
-Environment=PATH=$VIRTUAL_ENV:$PATH
-Environment=START=--start "STOP=--stop --force" "RESTART=--restart --force"
+EnvironmentFile=/etc/talawa/talawa-api.env

Create /etc/talawa/talawa-api.env with:

CODEROOT=/home/talawa/talawa-api
TALAWA_API_CONFIGDIR=/etc/talawa
VIRTUAL_ENV=${CODEROOT}/venv/bin
PATH=${VIRTUAL_ENV}:${PATH}
START=--start
STOP=--stop --force
RESTART=--restart --force

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 354b373 and fdb6199.

📒 Files selected for processing (2)

• examples/linux/systemd/systemd-talawa-api.service (1 hunks)
• examples/linux/systemd/talawa-api.env (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• examples/linux/systemd/talawa-api.env

🔇 Additional comments (5)

examples/linux/systemd/systemd-talawa-api.service (5)

21-29: LGTM! Dependencies and documentation are well defined

The Unit section correctly specifies service dependencies and includes proper documentation links.

---

41-44: LGTM! Execution commands are properly defined

The ExecStart, ExecStop, and ExecReload commands are correctly specified without shell expansion.

---

50-62: LGTM! Service hardening is well implemented

The restart policy, security settings, and resource limits are properly configured with recommended hardening directives.

---

64-65: LGTM! Install section is correct

The service is properly configured to be enabled in multi-user.target.

---

34-39: ⚠️ Potential issue

Fix environment configuration issues

1. The environment configuration has redundant and potentially conflicting settings:
   • Both inline Environment variables and EnvironmentFile are used
   • Shell expansions in Environment variables could be unsafe
2. The EnvironmentFile path is non-standard

Apply these changes:

-Environment=CODEROOT=/home/talawa/talawa-api
-Environment=TALAWA_API_CONFIGDIR=/etc/talawa
-Environment=VIRTUAL_ENV=$CODEROOT/venv/bin
-Environment=PATH=$VIRTUAL_ENV:$PATH
-Environment=START=--start "STOP=--stop --force" "RESTART=--restart --force"
-EnvironmentFile=/etc/examples/linux/systemd/talawa-api.env
+EnvironmentFile=/etc/talawa/talawa-api.env

Create /etc/talawa/talawa-api.env with:

CODEROOT=/home/talawa/talawa-api
TALAWA_API_CONFIGDIR=/etc/talawa
VIRTUAL_ENV=/home/talawa/talawa-api/venv/bin
PATH=${VIRTUAL_ENV}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
START=--start
STOP=--stop --force
RESTART=--restart --force

Likely invalid or redundant comment.

[coderabbitai]

💡 Codebase verification

The systemd service file references a non-existent main.py script

The verification reveals that main.py does not exist in the repository, yet it's referenced in the systemd service file. This script is expected to handle start, stop, and restart operations but is missing from the codebase.

• examples/linux/systemd/systemd-talawa-api.service references a non-existent main.py
• The script is expected to support command-line arguments ${START}, ${STOP}, and ${RESTART}

🔗 Analysis chain

Verify main.py supports the specified command-line arguments

Let's verify that the main.py script exists and supports the specified command-line arguments (--start, --stop, --restart).

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify main.py exists and supports the required command-line arguments

# Check if main.py exists
echo "Checking for main.py..."
if ! fd "main.py$" ; then
  echo "Error: main.py not found"
  exit 1
fi

# Check for command-line argument handling
echo "Checking command-line argument handling..."
rg -A 5 "argparse|ArgumentParser|add_argument" "main.py" || echo "Warning: No argument parsing found in main.py"

# Look for start/stop/restart handling
echo "Checking start/stop/restart handling..."
rg -i "def (start|stop|restart)" "main.py" || echo "Warning: No start/stop/restart functions found in main.py"

Length of output: 678

[coderabbitai]

🛠️ Refactor suggestion

Reconsider service type setting

The Type=forking setting suggests the application daemonizes itself, which is not recommended for systemd services. Modern systemd services should use Type=exec or Type=simple and let systemd handle the daemonization.

 RemainAfterExit=yes
 GuessMainPID=yes
-Type=forking
+Type=simple
 RuntimeDirectory=talawa

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	RemainAfterExit=yes
	GuessMainPID=yes
	Type=forking
	RuntimeDirectory=talawa
	RemainAfterExit=yes
	GuessMainPID=yes
	Type=simple
	RuntimeDirectory=talawa

[coderabbitai]

🛠️ Refactor suggestion

Add security context to setup instructions

The setup instructions should include additional security considerations:

1. File permissions for configuration directory
2. SELinux/AppArmor context if applicable
3. Secure ownership of the runtime directory

Add these lines after step 4:

 # 4) Edit the User and Group to match the POSIX user you want the daemon
 #    to run as.
+# 4a) Set appropriate permissions:
+#     sudo chown -R talawa:talawa /etc/talawa
+#     sudo chmod 750 /etc/talawa
+# 4b) If using SELinux, set the correct context:
+#     sudo semanage fcontext -a -t bin_t "/home/talawa/talawa-api/main.py"
+#     sudo restorecon -v /home/talawa/talawa-api/main.py

Committable suggestion skipped: line range outside the PR's diff.

[palisadoes]

Please fix the failing tests and make sure code rabbit.ai approves the PR