Server Installation

The Lyftdata binary is installed and available on the system, set up the Server as follows:

Create a system account.
Create a data directory.
Create systemd files.
Start the Server.

By the end of this section, you should be able to access the Server via a browser.

Create a system account

Create a system account for the Server to run under:

sudo adduser --system --home /var/lib/lyftdata-server --disabled-login --group lyftdata

Create a Data Directory

The Server requires a data directory to store Jobs, logs, and metric data.

The lyftdata user home directory is /var/lib/lyftdata-server and it will also serve as the data directory.

If a different data directory is required, create it with the appropriate ownership and permissions. For example:

sudo mkdir -p /data/lyftdata

sudo chown lyftdata:lyftdata /data/lyftdata

Create `systemd` Files

Create a systemd service unit file:

sudo vi /etc/systemd/system/lyftdata-server.service

The file must contain the following:

[Unit]
Description=lyftdata Server
After=network.target auditd.service

[Service]
EnvironmentFile=/etc/default/lyftdata-server
User=lyftdata
Group=lyftdata
ExecStart=/usr/sbin/lyftdata run server
Restart=on-failure
RestartSec=60

[Install]
WantedBy=multi-user.target

Create an environment file for the EnvironmentFile setting:

sudo vi /etc/default/lyftdata-server

Here, the Server is configured through either lyftdata run server options or environment variables. In this case, we’ll be using the latter.

At a minimum, the Server needs LYFTDATA_STAGING_DIR:

LYFTDATA_STAGING_DIR=/var/lib/lyftdata-server
LYFTDATA_LICENSE_EULA_ACCEPT=yes
LYFTDATA_ADMIN_INIT_PASSWORD=ChangeMeVerySoon

We’ve added 2 additional environment variables:

LYFTDATA_LICENSE_EULA_ACCEPT=yes prevents the one-time prompt for accepting the EULA.
LYFTDATA_ADMIN_INIT_PASSWORD provides an initial password for the Server admin user.

Upon first initialization of the Server user database, if LYFTDATA_ADMIN_INIT_PASSWORD is unset, a random password will be generated in the Server STDOUT output (see journalctl -u lyftdata-server).

Once you have saved the service unit file, reload systemd:

sudo systemctl daemon-reload

To start the Server at boot, enable the service with:

sudo systemctl enable lyftdata-server

Finally, start the Server:

sudo systemctl start lyftdata-server

Verify that the Server started successfully:

systemctl status lyftdata-server

It’s a good idea to inspect the startup output, which will contain the admin user password if it wasn’t set with LYFTDATA_ADMIN_INIT_PASSWORD:

journalctl -u lyftdata-server

The Server will be listening on LYFTDATA_BIND_ADDRESS (default 127.0.0.1:3000).

If your cert uses subjectAltName, you must have an entry matching the cert CN. In the below CSR it is server.lyftdata.local:

openssl req -new -nodes -out server.lyftdata.local.csr -newkey rsa:4096 -keyout server.lyftdata.local.key -subj '/CN=server.lyftdata.local/C=ZA/ST=Gauteng/L=Johannesburg/O=Lyftdata'

The matching entry DNS.1 = server.lyftdata.local:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = server.lyftdata.local
IP.1 = 192.168.235.10

If no subjectAltName, the CN will suffice for successful cert verification, else an error occurs (see journalctl -u lyftdata-server):

...X509VerifyResult { code: 62, error: "**_Hostname mismatch_**" }

When testing with curl -v, the output is indicative of what failed:

* subjectAltName does not match server.lyftdata.local

openssl s_client works without issues.

Go to http://localhost:3000 in a browser. Log in with the username admin and the appropriate password.

At this point, the Server is ready to start serving Workers.