Modern versions of Ubuntu (starting with 15.04) and some other Linux distributions, including Debian and Fedora, use systemd to start system daemons, monitor their health, and restart them when they die.
Edit nfd.service
, correcting the paths to the nfd
executable, configuration, and HOME
directories.
Copy the systemd config file for NFD to the proper directory
sudo cp nfd.service /etc/systemd/system
Reload the systemd manager configuration
sudo systemctl daemon-reload
nfd
is installed into /usr/local/bin
/usr/local/etc/ndn/nfd.conf
nfd
will be run as root/usr/local/var/log/ndn
folder, which is owned by user ndn
If the ndn
user and group do not exist, they need to be manually created.
# Create group `ndn` sudo addgroup --system ndn # Create user `ndn` sudo adduser --system \ --disabled-login \ --ingroup ndn \ --home /nonexistent \ --gecos "NDN User" \ --shell /bin/false \ ndn
Folder /usr/local/var/log/ndn
should be created and assigned proper user and group:
sudo mkdir -p /usr/local/var/log/ndn sudo chown -R ndn:ndn /usr/local/var/log/ndn
HOME
directory for nfd
should be created prior to starting. This is necessary to manage unique security credentials for the daemon.
# Create HOME and generate self-signed NDN certificate for nfd sudo sh -c ' \ mkdir -p /usr/local/var/lib/ndn/nfd/.ndn; \ export HOME=/usr/local/var/lib/ndn/nfd; \ ndnsec-keygen /localhost/daemons/nfd | ndnsec-install-cert -; \ '
NFD sample configuration allows anybody to create faces, add nexthops to FIB, and set strategy choice for namespaces. While such settings could be a good start, it is generally not a good idea to run NFD in this mode.
While thorough discussion about the security configuration of NFD is outside the scope of this document, at least the following change should be done in nfd.conf
in the authorize section:
authorizations { authorize { certfile certs/localhost_daemons_nfd.ndncert privileges { faces fib strategy-choice } } authorize { certfile any privileges { faces strategy-choice } } }
While this configuration still allows the management of faces and updating strategy choice by anyone, only NFD's RIB Manager (i.e., NFD itself) is allowed to manage FIB.
As the final step to make this configuration work, nfd's self-signed certificate needs to be exported into the localhost_daemons_nfd.ndncert
file:
sudo sh -c '\ mkdir -p /usr/local/etc/ndn/certs || true; \ export HOME=/usr/local/var/lib/ndn/nfd; \ ndnsec-dump-certificate -i /localhost/daemons/nfd > \ /usr/local/etc/ndn/certs/localhost_daemons_nfd.ndncert; \ '
After copying the provided nfd.service
file, auto-start can be enabled with:
sudo systemctl enable nfd
To manually start it, use the following command:
sudo systemctl start nfd
To stop the nfd
daemon, use the following command:
sudo systemctl stop nfd
To prevent it from being automatically started on reboot, disable the service:
sudo systemctl disable nfd