From 179a94ce53187f45a7ea2dc5ee7892f693795ea1 Mon Sep 17 00:00:00 2001 From: vanphan24 <89482663+vanphan24@users.noreply.github.com> Date: Mon, 17 Nov 2025 18:04:16 -0800 Subject: [PATCH] Update install.mdx for manual boundary install to systemD download boundary created unit file create boundary user, set permissions for bounder user --- .../docs/deploy/self-managed/install.mdx | 65 +++++++++++++++++-- 1 file changed, 61 insertions(+), 4 deletions(-) diff --git a/content/boundary/v0.20.x/content/docs/deploy/self-managed/install.mdx b/content/boundary/v0.20.x/content/docs/deploy/self-managed/install.mdx index b2c756e637..eefac633cc 100644 --- a/content/boundary/v0.20.x/content/docs/deploy/self-managed/install.mdx +++ b/content/boundary/v0.20.x/content/docs/deploy/self-managed/install.mdx @@ -7,12 +7,17 @@ description: >- # Install Boundary -Pre-built Boundary packages are available from the [HashiCorp Linux -Repository](https://www.hashicorp.com/blog/announcing-the-hashicorp-linux-repository). -In addition to installing the Boundary binary, the official package also +You can install Boundary using two methods: + +1. Using a package manager, the official package provides a systemd service unit, and a local `boundary` user account under which the service runs. +2. Manual install using pre-built Boundary packages are available from the [HashiCorp Linux +Repository](https://www.hashicorp.com/blog/announcing-the-hashicorp-linux-repository). + +Steps for both options are provided below. + You must complete the following steps for each Boundary controller and worker @@ -22,6 +27,10 @@ Boundary binary. + +## Install using a package manager + + The steps vary by Linux distribution. Select your distribution of Boundary, and complete the steps to install the @@ -182,6 +191,54 @@ binary: + +## Manual install using downloaded binaries + +1. From the [Boundary install page](https://developer.hashicorp.com/boundary/install), retrieve the appropriate binary download. + +2. Unzip the binary into the `/usr/local/bin/` directory. + +3. Set environment variable. + +``` +export NAME=boundary +``` + +Set TYPE to `controller` or `worker` depending on whether you intend to configure as a Boundary controller or a worker +Example: +``` +export TYPE=worker +``` + +4. Create a *systemd* unit file with the contents below: + +``` +sudo cat << EOF > /etc/systemd/system/${NAME}-${TYPE}.service +[Unit] +Description=${NAME} ${TYPE} + +[Service] +ExecStart=/usr/local/bin/${NAME} server -config /etc/${NAME}-${TYPE}.hcl +User=boundary +Group=boundary +LimitMEMLOCK=infinity +Capabilities=CAP_IPC_LOCK+ep +CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK + +[Install] +WantedBy=multi-user.target +EOF +``` + +5. Create and set permissions for boundary as a user + +``` +sudo adduser --system --group boundary || true +sudo chown boundary:boundary /etc/${NAME}-${TYPE}.hcl +sudo chown boundary:boundary /usr/local/bin/boundary +sudo chown boundary:boundary /home +``` + You should install the binary on the controller and worker instances you configure to run in your Boundary environments. ## Next steps @@ -191,4 +248,4 @@ After you install the binary, you should: 1. [Configure controllers](/boundary/docs/deploy/self-managed/configure-controllers) 1. [Deploy workers](/boundary/docs/deploy/self-managed/deploy-workers) 1. [Initialize Boundary](/boundary/docs/deploy/self-managed/initialize) -1. [Install the Boundary Clients](/boundary/docs/deploy/self-managed/install-clients) \ No newline at end of file +1. [Install the Boundary Clients](/boundary/docs/deploy/self-managed/install-clients)