====== Runbook: systemd ======

<WRAP round info>
**Trajanje:** ~10 minut \\
**Vloga:** Linux administrator \\
**Predpogoj:** root/sudo, .NET 8 Runtime
</WRAP>

Poganjanje Data Gateway kot systemd storitev pod Linuxom.

----

===== Potek dela =====

<mermaid>
flowchart TD
    A[Začetek] --> B[Namestitev Gateway]
    B --> C[Ustvarjanje Service-Unit]
    C --> D[systemctl enable]
    D --> E[systemctl start]
    E --> F[Health Check]
    F --> G{V redu?}
    G -->|Da| H[Končano]
    G -->|Ne| I[Preveri journalctl]

    style H fill:#e8f5e9
    style I fill:#ffebee
</mermaid>

----

===== 1. Namestitev Gateway =====

<code bash>
# Ustvari mapo
sudo mkdir -p /opt/data-gateway
sudo chown $USER:$USER /opt/data-gateway

# Kopiraj datoteke
cp -r ./publish/* /opt/data-gateway/

# Nastavi kot izvršljivo
chmod +x /opt/data-gateway/WvdS.WebAPI.Data.Gateway.Api

# Prilagodi konfiguracijo
sudo nano /opt/data-gateway/appsettings.json
</code>

----

===== 2. Ustvarjanje uporabnika =====

<code bash>
# Namenski storitveni uporabnik
sudo useradd --system --no-create-home --shell /sbin/nologin datagateway

# Nastavi dovoljenja
sudo chown -R datagateway:datagateway /opt/data-gateway
</code>

----

===== 3. Ustvarjanje systemd Unit =====

<code bash>
sudo nano /etc/systemd/system/data-gateway.service
</code>

**Vsebina:**

<code ini>
[Unit]
Description=WvdS Data Gateway
Documentation=https://wiki.example.com/data-gateway
After=network.target

[Service]
Type=notify
User=datagateway
Group=datagateway
WorkingDirectory=/opt/data-gateway
ExecStart=/opt/data-gateway/WvdS.WebAPI.Data.Gateway.Api
Restart=always
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=data-gateway
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false

# Varnost
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
ReadWritePaths=/opt/data-gateway/logs
ReadWritePaths=/opt/data-gateway/data

# Omejitve
LimitNOFILE=65536
TimeoutStopSec=30

[Install]
WantedBy=multi-user.target
</code>

----

===== 4. Aktiviranje storitve =====

<code bash>
# Ponovno naloži systemd
sudo systemctl daemon-reload

# Aktiviraj samodejni zagon
sudo systemctl enable data-gateway

# Zaženi storitev
sudo systemctl start data-gateway

# Preveri status
sudo systemctl status data-gateway
</code>

----

===== 5. Health Check =====

<code bash>
# Počakaj da je pripravljen
sleep 5

# Health Check
curl -s http://localhost:5000/health
# Pričakovan odgovor: "Healthy"

# API test
curl -s http://localhost:5000/api/v1/dsn/demo/tables | head
</code>

----

===== 6. Prikaz dnevnikov =====

<code bash>
# Trenutni dnevniki
sudo journalctl -u data-gateway -n 50 --no-pager

# Live-Tail
sudo journalctl -u data-gateway -f

# Od danes
sudo journalctl -u data-gateway --since today

# Samo napake
sudo journalctl -u data-gateway -p err
</code>

----

===== 7. Kontrolni seznam =====

| # | Točka preverjanja | V |
|---|-----------|---|
| 1 | .NET 8 nameščen | |
| 2 | Gateway v /opt/data-gateway | |
| 3 | Service-User ustvarjen | |
| 4 | Unit datoteka ustvarjena | |
| 5 | Service enabled | |
| 6 | Service zagnan | |
| 7 | Health Check v redu | |

----

===== Storitveni ukazi =====

| Ukaz | Opis |
|--------|--------------|
| ''systemctl start data-gateway'' | Zaženi |
| ''systemctl stop data-gateway'' | Ustavi |
| ''systemctl restart data-gateway'' | Ponovno zaženi |
| ''systemctl status data-gateway'' | Status |
| ''systemctl enable data-gateway'' | Samodejni zagon vklopljen |
| ''systemctl disable data-gateway'' | Samodejni zagon izklopljen |

----

===== Odpravljanje težav =====

| Težava | Vzrok | Rešitev |
|---------|---------|--------|
| ''code=exited, status=203'' | Napačna pot | Preveri ExecStart |
| ''code=exited, status=1'' | Napaka v konfiguraciji | Preveri journalctl |
| ''Permission denied'' | Napačne pravice | Preveri chown |
| ''Address already in use'' | Vrata zasedena | Druga vrata ali ubij proces |

**Podrobna analiza napak:**

<code bash>
# Neposredno testiraj izvršljivo datoteko
sudo -u datagateway /opt/data-gateway/WvdS.WebAPI.Data.Gateway.Api

# SELinux težave (RHEL/CentOS)
sudo ausearch -m avc -ts recent
sudo setsebool -P httpd_can_network_connect 1
</code>

----

===== Spreminjanje vrat =====

V ''appsettings.json'':

<code json>
{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://0.0.0.0:8080"
      }
    }
  }
}
</code>

**Odpiranje požarnega zidu:**

<code bash>
# firewalld (RHEL/CentOS)
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

# ufw (Ubuntu/Debian)
sudo ufw allow 8080/tcp
</code>

----

===== Odstranitev storitve =====

<code bash>
# Ustavi in deaktiviraj
sudo systemctl stop data-gateway
sudo systemctl disable data-gateway

# Odstrani Unit datoteko
sudo rm /etc/systemd/system/data-gateway.service
sudo systemctl daemon-reload

# Odstrani datoteke (neobvezno)
sudo rm -rf /opt/data-gateway
sudo userdel datagateway
</code>

----

===== Povezani Runbooks =====

  * [[.:docker|Docker]] - Kontejnerska alternativa
  * [[..:monitoring:prometheus|Prometheus]] - Izvoz metrik
  * [[..:sicherheit:tls-einrichten|Nastavitev TLS]] - HTTPS

----

<< [[.:windows-dienst|<- Windows storitev]] | [[.:docker|-> Docker]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional//

{{tag>operator runbook linux systemd service}}