| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 |
- # SPDX-License-Identifier: GPL-3.0-or-later
- [Unit]
- Description=Real time performance monitoring
- # append here other services you want netdata to wait for them to start
- After=network.target httpd.service squid.service nfs-server.service mysqld.service mysql.service named.service postfix.service chronyd.service
- [Service]
- Type=simple
- User=root
- RuntimeDirectory=netdata
- RuntimeDirectoryMode=0775
- PIDFile=/run/netdata/netdata.pid
- ExecStart=@sbindir_POST@/netdata -P /run/netdata/netdata.pid -D
- ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata
- ExecStartPre=/bin/chown -R @netdata_user_POST@ @localstatedir_POST@/cache/netdata
- ExecStartPre=/bin/mkdir -p /run/netdata
- ExecStartPre=/bin/chown -R @netdata_user_POST@ /run/netdata
- PermissionsStartOnly=true
- # saving a big db on slow disks may need some time
- TimeoutStopSec=150
- # restart netdata if it crashes
- Restart=on-failure
- RestartSec=30
- # Valid policies: other (the system default) | batch | idle | fifo | rr
- # To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99
- CPUSchedulingPolicy=batch
- # This sets the scheduling priority (for policies: rr and fifo).
- # Priority gets values 1 (lowest) to 99 (highest).
- #CPUSchedulingPriority=1
- # For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest).
- Nice=0
- # Capabilities
- # is required for freeipmi and slabinfo plugins
- CapabilityBoundingSet=CAP_DAC_OVERRIDE
- # is required for apps plugin
- CapabilityBoundingSet=CAP_DAC_READ_SEARCH
- # is required for freeipmi plugin
- CapabilityBoundingSet=CAP_FOWNER CAP_SYS_RAWIO
- # is required for apps, perf and slabinfo plugins
- CapabilityBoundingSet=CAP_SETPCAP
- # is required for perf plugin
- CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON
- # is required for apps plugin
- CapabilityBoundingSet=CAP_SYS_PTRACE
- # is required for ebpf plugin
- CapabilityBoundingSet=CAP_SYS_RESOURCE
- # is required for go.d/ping app
- CapabilityBoundingSet=CAP_NET_RAW
- # is required for cgroups plugin
- CapabilityBoundingSet=CAP_SYS_CHROOT
- # is required for nfacct plugin (bandwidth accounting)
- CapabilityBoundingSet=CAP_NET_ADMIN
- # is required for plugins that use sudo
- CapabilityBoundingSet=CAP_SETGID CAP_SETUID
- # is required to change file ownership
- CapabilityBoundingSet=CAP_CHOWN
- # Sandboxing
- ProtectSystem=full
- ProtectHome=read-only
- # PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587
- #PrivateTmp=true
- ProtectControlGroups=on
- # We whitelist this because it's the standard location to listen on a UNIX socket.
- ReadWriteDirectories=/run/netdata
- # This is needed to make email-based alert deliver work if Postfix is the email provider on the system.
- ReadWriteDirectories=-/var/spool/postfix/maildrop
- # LXCFS directories (https://github.com/lxc/lxcfs#lxcfs)
- # If we don't set them explicitly, systemd mounts procfs from the host. See https://github.com/netdata/netdata/issues/14238.
- BindReadOnlyPaths=-/proc/cpuinfo -/proc/diskstats -/proc/loadavg -/proc/meminfo
- BindReadOnlyPaths=-/proc/stat -/proc/swaps -/proc/uptime -/proc/slabinfo
- [Install]
- WantedBy=multi-user.target
|
