chore(node): systemd tidying-up (#3699)

[NODE-1330](https://dfinity.atlassian.net/browse/NODE-1330)

Commits
- Comment updates: e814341,
23b3295
- [Delete unnecessary
StartLimits](489fd83)
- [Remove unnecessary vsock-agent.service
settings](57f419d)
- [Remove unnecessary NotifyAccess
settings](40902f8)
- [Remove unnecessary User=root
settings](14c5dc3)

[NODE-1330]:
https://dfinity.atlassian.net/browse/NODE-1330?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

ic-os/components/boundary-guestos/etc/systemd/system/canary-proxy.service

@@ -17,8 +17,7 @@ ExecStart=/opt/ic/bin/canary-proxy \
 Restart=always
 RestartSec=10
 KillSignal=SIGINT
-StartLimitBurst=5
-StartLimitInterval=0
+StartLimitIntervalSec=0
 
 [Install]
 WantedBy=multi-user.target

ic-os/components/boundary-guestos/etc/systemd/system/danted.service

@@ -3,8 +3,6 @@ Description=SOCKS (v4 and v5) proxy daemon (danted)
 Documentation=man:danted(8) man:danted.conf(5)
 Wants=network-online.target
 After=network-online.target
-# We must wait for IC bootstrap to complete: It writes various
-# state files and may also be needed to obtain network config.
 After=bootstrap-ic-node.service
 Wants=bootstrap-ic-node.service
 After=generate-dante-config.service

ic-os/components/boundary-guestos/etc/systemd/system/setup-ssh-user-keys.service

@@ -11,7 +11,7 @@ Type=oneshot
 RemainAfterExit=true
 ExecStart=/opt/ic/bin/setup-ssh-user-keys.sh
 
-# All services that networking depends on log their outputs to the console 
-# and are piped to the host terminal if the verbose flag is enabled.
+# All guestos services that networking depends on log their outputs to the 
+# console to be piped to the host terminal if the verbose flag is enabled.
 StandardOutput=journal+console
 StandardError=journal+console

ic-os/components/ic/generate-ic-config/generate-ic-config.service

@@ -1,13 +1,11 @@
 [Unit]
 Description=Generate IC Configuration
-# We must wait for IC bootstrap to complete: It writes various
-# state files and may also be needed to obtain network config.
 After=bootstrap-ic-node.service
 Wants=bootstrap-ic-node.service
-# We must also wait for storage permission fixup to have finished.
+# We must wait for storage permission fixup to have finished.
 After=setup-permissions.service
 Wants=setup-permissions.service
-# We must also wait for the network to become online: We must
+# We must wait for the network to become online: We must
 # put the correct address(es) into the ic.json5, but in case
 # of dynamic assignment they only become available once all
 # network interfaces are up.
@@ -21,7 +19,7 @@ ExecStart=/opt/ic/bin/generate-ic-config.sh -n /boot/config/network.conf -c /boo
 [Install]
 WantedBy=multi-user.target
 
-# All services that networking depends on log their outputs to the console 
-# and are piped to the host terminal if the verbose flag is enabled.
+# All guestos services that networking depends on log their outputs to the 
+# console to be piped to the host terminal if the verbose flag is enabled.
 StandardOutput=journal+console
 StandardError=journal+console

ic-os/components/ic/ic-btc-adapter/ic-btc-mainnet-adapter.service

@@ -1,7 +1,5 @@
 [Unit]
 Description=IC Bitcoin Mainnet Adapter Service Provider
-# We must wait for IC bootstrap to complete: It writes various
-# state files and may also be needed to obtain network config.
 After=bootstrap-ic-node.service
 Wants=bootstrap-ic-node.service
 After=network-online.target
@@ -16,7 +14,6 @@ User=ic-replica
 # socks_proxy.conf is not present for mainnet deployments and the socks_proxy defaults to 'socks5://socks5.ic0.app:1080'
 ExecStartPre=+/opt/ic/bin/generate-btc-adapter-config.sh -s /boot/config/socks_proxy.conf -m -o /run/ic-node/config/ic-btc-mainnet-adapter.json5
 ExecStart=/opt/ic/bin/ic-btc-adapter /run/ic-node/config/ic-btc-mainnet-adapter.json5
-NotifyAccess=main
 Restart=always
 
 [Install]

ic-os/components/ic/ic-btc-adapter/ic-btc-testnet-adapter.service

@@ -1,7 +1,5 @@
 [Unit]
 Description=IC Bitcoin Testnet Adapter Service Provider
-# We must wait for IC bootstrap to complete: It writes various
-# state files and may also be needed to obtain network config.
 After=bootstrap-ic-node.service
 Wants=bootstrap-ic-node.service
 After=network-online.target
@@ -15,7 +13,6 @@ Environment=RUST_BACKTRACE=1
 # socks_proxy.conf is not present for mainnet deployments and the socks_proxy defaults to 'socks5://socks5.ic0.app:1080'
 ExecStartPre=+/opt/ic/bin/generate-btc-adapter-config.sh -b /boot/config/bitcoind_addr.conf -s /boot/config/socks_proxy.conf -o /run/ic-node/config/ic-btc-testnet-adapter.json5
 ExecStart=/opt/ic/bin/ic-btc-adapter /run/ic-node/config/ic-btc-testnet-adapter.json5
-NotifyAccess=main
 Restart=always
 
 [Install]

ic-os/components/ic/ic-crypto-csp/ic-crypto-csp.service

@@ -3,15 +3,12 @@ Description=IC Crypto Service Provider
 After=generate-ic-config.service
 Wants=generate-ic-config.service
 Requires=ic-crypto-csp.socket
-StartLimitBurst=5
-StartLimitIntervalSec=5
 
 [Service]
 UMask=066
 User=ic-csp-vault
 Environment=RUST_BACKTRACE=1
 ExecStart=/opt/ic/bin/ic-crypto-csp --replica-config-file /run/ic-node/config/ic.json5
-NotifyAccess=main
 Restart=always
 
 [Install]

ic-os/components/ic/ic-https-outcalls-adapter/ic-https-outcalls-adapter.service

@@ -1,7 +1,5 @@
 [Unit]
 Description=IC Canister HTTP Provider
-# We must wait for IC bootstrap to complete: It writes various
-# state files and may also be needed to obtain network config.
 After=bootstrap-ic-node.service
 Wants=bootstrap-ic-node.service
 After=network-online.target
@@ -14,7 +12,6 @@ User=ic-http-adapter
 Environment=RUST_BACKTRACE=1
 ExecStartPre=+/opt/ic/bin/generate-https-outcalls-adapter-config.sh -s /boot/config/socks_proxy.conf -o /run/ic-node/config/ic-https-outcalls-adapter.json
 ExecStart=/opt/ic/bin/ic-https-outcalls-adapter /run/ic-node/config/ic-https-outcalls-adapter.json
-NotifyAccess=main
 Restart=always
 
 [Install]

ic-os/components/ic/ic-replica.service

@@ -6,8 +6,6 @@ Wants=generate-ic-config.service
 # Replica & orchestrator need ic-crypto-csp service running.
 After=ic-crypto-csp.service
 Wants=ic-crypto-csp.service
-StartLimitBurst=5
-StartLimitIntervalSec=60
 
 [Service]
 UMask=026

ic-os/components/ic/setup-permissions/setup-permissions.service

@@ -1,11 +1,7 @@
 [Unit]
 Description=Set up persistent storage permissions
-# We must wait for IC bootstrap to complete (it may
-# write the state files to begin with).
 After=bootstrap-ic-node.service
 Wants=bootstrap-ic-node.service
-StartLimitBurst=5
-StartLimitIntervalSec=60
 
 [Service]
 Type=oneshot

ic-os/components/init/bootstrap-ic-node/bootstrap-ic-node.service

@@ -13,7 +13,7 @@ Type=oneshot
 RemainAfterExit=true
 ExecStart=/opt/ic/bin/bootstrap-ic-node.sh
 
-# All services that networking depends on log their outputs to the console 
-# and are piped to the host terminal if the verbose flag is enabled.
+# All guestos services that networking depends on log their outputs to the 
+# console to be piped to the host terminal if the verbose flag is enabled.
 StandardOutput=journal+console
 StandardError=journal+console

ic-os/components/misc/vsock/vsock-agent.service

@@ -2,14 +2,8 @@
 Description=VSOCK agent daemon
 
 [Service]
-User=root
-Group=root
 ExecStart=/opt/ic/bin/vsock_host
 Restart=always
-RestartSec=10
-KillSignal=SIGINT
-StartLimitBurst=5
-StartLimitInterval=60
 
 [Install]
 WantedBy=multi-user.target

ic-os/components/monitoring/filebeat/filebeat.service

@@ -3,8 +3,6 @@ Description=Filebeat ships systemd journal entries to Elasticsearch
 Documentation=https://www.elastic.co/beats/filebeat
 Wants=network-online.target
 After=network-online.target
-# We must wait for IC bootstrap to complete: It writes various
-# state files and may also be needed to obtain network config.
 After=bootstrap-ic-node.service
 Wants=bootstrap-ic-node.service
 # We must wait for var to be mounted over before interacting with it

ic-os/components/monitoring/metrics-proxy/metrics-proxy.service

@@ -8,8 +8,6 @@ ExecStart=/opt/ic/bin/metrics-proxy /etc/metrics-proxy.yaml
 Restart=on-failure
 RestartSec=10
 KillSignal=SIGINT
-StartLimitBurst=5
-StartLimitInterval=60
 LimitNOFILE=65536
 
 [Install]

ic-os/components/networking/generate-network-config/guestos/generate-network-config.service

@@ -13,7 +13,7 @@ Type=oneshot
 RemainAfterExit=true
 ExecStart=/opt/ic/bin/guestos_tool generate-network-config
 
-# All services that networking depends on log their outputs to the console 
-# and are piped to the host terminal if the verbose flag is enabled.
+# All guestos services that networking depends on log their outputs to the 
+# console to be piped to the host terminal if the verbose flag is enabled.
 StandardOutput=journal+console
 StandardError=journal+console

ic-os/components/ssh/setup-ssh-user-keys/setup-ssh-user-keys.service

@@ -11,7 +11,7 @@ Type=oneshot
 RemainAfterExit=true
 ExecStart=/opt/ic/bin/setup-ssh-user-keys.sh
 
-# All services that networking depends on log their outputs to the console 
-# and are piped to the host terminal if the verbose flag is enabled.
+# All guestos services that networking depends on log their outputs to the 
+# console to be piped to the host terminal if the verbose flag is enabled.
 StandardOutput=journal+console
 StandardError=journal+console

ic-os/components/upgrade/shared-resources/upgrade-shared-data-store/upgrade-shared-data-store.service

@@ -12,7 +12,7 @@ Type=oneshot
 RemainAfterExit=true
 ExecStart=/opt/ic/bin/upgrade-shared-data-store.sh
 
-# All services that networking depends on log their outputs to the console 
-# and are piped to the host terminal if the verbose flag is enabled.
+# All guestos services that networking depends on log their outputs to the 
+# console to be piped to the host terminal if the verbose flag is enabled.
 StandardOutput=journal+console
 StandardError=journal+console