Running commands from the shell is all well and good, but what if you don’t want to always be logging into your terminal? What if the script, or even server, crashes or needs to reboot? In this series, we have been looking at automation in Linux, and nothing is more important than automating the launching (and relaunching) of your scripts.
Previously
Sheduling Scripts
The first way we ensure our scripts run is by putting them on a schedule using Crontab. This will launch the commands you set at chosen times, every minute, hour, day, etc.
To edit your schedule, enter:
crontab -e
You can add a command like so:
# m h dom mon dow command
*/30 * * * * /home/chrisg/steemit/reclaim-cron.sh
This launches my Reclaim script every 30 minutes. It checks if I have any Steemit rewards ready to claim so I don’t have to hit the button on the website.
There is an excellent resource for figuring out the schedules here at crontab.guru
Launching on Reboot or Crash
What, though, about starting the scripts on reboot? Or if the script crashes?
You don’t want to run a webserver using Cron, it should be there all the time, right?
There is an app for that! It’s called Supervisor.
Install with:
sudo apt-get install supervisor
When Supervisor runs, it checks for .conf files in /etc/supervisor/conf.d/
Create a new configuration file with a meaningful name:
sudo nano /etc/supervisor/conf.d/[your program].conf
and add your configuration information into the file. In the following, I am creating a test.conf with the program called test.
[program:test]
command=[your command]
[program:test]
user=myuser
autostart=true
autorestart=true
command=/bin/sh /home/chrisg/test.sh
stderr_logfile=/var/log/supervisor/test.err.log
stdout_logfile=/var/log/supervisor/test.out.log
Note I am also outputting two log files, one for script errors and the other for script output. This is important for debugging in case you find something doesn’t run.
You can see that I want my test script to start when the machine boots and if the script crashes for any reason.
When you make changes to your .conf files you will need to re-read and update the configuration, like so:
sudo supervisorctl reread
sudo supervisorctl update
There are also the following commands for stopping, starting and so on.
sudo supervisorctl stop all
sudo supervisorctl reload
sudo supervisorctl restart all
Starting Supervisord on Boot
Of course you also want Supervisor to run on server boot, so you will need to enter the following commands when you are happy with your configuration (Google for your OS and version if this does not work for you):
sudo systemctl enable supervisor
sudo systemctl start supervisor
Tightening Security
Now your machine is doing important work and needs to be semi-reliable, it is a good idea to tighten your security.
First lets stop root logins, you can use Sudo if necessary:
sudo nano /etc/ssh/ssh_config
Find and uncomment, or add the following line:
PermitRootLogin no
If you are only ever running passwordless using Public Key SSH, then you can use the following too:
PasswordAuthentication no
Adding a Simple Firewall in Linux
You can also run a quick and easy uncomplicated firewall called, as it happens, UFW.
Install ufw with:
sudo apt-get install -y ufw
This will stop your machine accepting connections, so now you need to allow the connections you actually want.
I have a dev website running using Flask on port 5000, so I would enter:
sudo ufw allow 5000
Plus obviously HTTP port 80 and, SSH of course:
sudo ufw allow http
sudo ufw allow ssh
Of course if you have an SSL certificate you would add HTTPS.
Check your work with:
sudo ufw status
After making changes, make them take hold using:
sudo ufw --force enable
sudo ufw status
Image Source: Bigstock
Password-Less SSH Access to Your Linux Machine or Raspberry Pi Using Public Keys