helexa/cortex
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(neuron): run service as neuron user, not cortex

Browse Source 
neuron and cortex are independent packages installable on different
hosts. Having neuron run under a 'cortex' system user implied a
shared identity that doesn't exist. Give neuron its own user/group.

- New data/neuron-sysusers.conf declares the neuron user/group with
  home /var/lib/neuron.
- systemd unit User/Group changed to neuron.
- Spec file attrs, explicit Provides, and %sysusers_create_compat
  updated to reference the neuron user.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
rob thijssen
2026-04-16 13:32:36 +03:00
parent 2ce1060cb8
commit db8ad309b4
3 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
data/neuron-sysusers.conf Normal file
View File

@@ -0,0 +1,3 @@
g neuron - -
u neuron - "Neuron GPU node daemon" /var/lib/neuron /sbin/nologin
m neuron neuron

4
data/neuron.service
View File

@@ -8,8 +8,8 @@ Type=simple
ExecStart=/usr/bin/neuron --config /etc/neuron/neuron.toml ExecStart=/usr/bin/neuron --config /etc/neuron/neuron.toml
Restart=on-failure Restart=on-failure
RestartSec=5 RestartSec=5
User=cortex User=neuron
Group=cortex Group=neuron
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

18
neuron.spec
View File

@@ -22,11 +22,11 @@ BuildRequires: systemd-rpm-macros
Requires(pre): shadow-utils Requires(pre): shadow-utils
Requires: systemd Requires: systemd
# rpm's sysusers provides-generator only emits versioned user(cortex) when # rpm's sysusers provides-generator only emits versioned user(neuron) when
# the u-line has GECOS/home/shell fields. %attr(,,cortex) in %files emits # the u-line has GECOS/home/shell fields. %attr(,,neuron) in %files emits
# an unversioned Requires: user(cortex), so we provide it explicitly. # an unversioned Requires: user(neuron), so we provide it explicitly.
Provides: user(cortex) Provides: user(neuron)
Provides: group(cortex) Provides: group(neuron)
%description %description
Neuron is a per-node daemon for cortex inference clusters. It discovers Neuron is a per-node daemon for cortex inference clusters. It discovers
@@ -51,12 +51,12 @@ cargo build --release -p neuron
%install %install
install -Dm755 target/release/neuron %{buildroot}%{_bindir}/neuron install -Dm755 target/release/neuron %{buildroot}%{_bindir}/neuron
install -Dm644 data/neuron.service %{buildroot}%{_unitdir}/neuron.service install -Dm644 data/neuron.service %{buildroot}%{_unitdir}/neuron.service
install -Dm644 data/cortex-sysusers.conf %{buildroot}%{_sysusersdir}/neuron.conf install -Dm644 data/neuron-sysusers.conf %{buildroot}%{_sysusersdir}/neuron.conf
install -dm750 %{buildroot}%{_sysconfdir}/neuron install -dm750 %{buildroot}%{_sysconfdir}/neuron
install -Dm640 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml install -Dm640 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml
%pre %pre
%sysusers_create_compat %{_builddir}/%{name}-%{version}/data/cortex-sysusers.conf %sysusers_create_compat %{_builddir}/%{name}-%{version}/data/neuron-sysusers.conf
%post %post
%systemd_post neuron.service %systemd_post neuron.service
@@ -73,8 +73,8 @@ install -Dm640 neuron.example.toml %{buildroot}%{_sysconfdir}/neuron/neuron.toml
%{_bindir}/neuron %{_bindir}/neuron
%{_unitdir}/neuron.service %{_unitdir}/neuron.service
%{_sysusersdir}/neuron.conf %{_sysusersdir}/neuron.conf
%dir %attr(750,root,cortex) %{_sysconfdir}/neuron %dir %attr(750,root,neuron) %{_sysconfdir}/neuron
%config(noreplace) %attr(640,root,cortex) %{_sysconfdir}/neuron/neuron.toml %config(noreplace) %attr(640,root,neuron) %{_sysconfdir}/neuron/neuron.toml
%changelog %changelog
* Tue Apr 15 2026 Rob Thijssen <grenade@rob.tn> - 0.1.0-1 * Tue Apr 15 2026 Rob Thijssen <grenade@rob.tn> - 0.1.0-1