| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 |
- # SPDX-License-Identifier: GPL-3.0-or-later
- [Unit]
- Description=Real time performance monitoring
- # append here other services you want netdata to wait for them to start
- After=network.target httpd.service squid.service nfs-server.service mysqld.service mysql.service named.service postfix.service chronyd.service
- [Service]
- Type=simple
- User=netdata
- Group=netdata
- RuntimeDirectory=netdata
- RuntimeDirectoryMode=0775
- PIDFile=@localstatedir_POST@/run/netdata/netdata.pid
- ExecStart=@sbindir_POST@/netdata -P @localstatedir_POST@/run/netdata/netdata.pid -D
- ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata
- ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/cache/netdata
- ExecStartPre=/bin/mkdir -p @localstatedir_POST@/run/netdata
- ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/run/netdata
- ExecStopPost=@pluginsdir_POST@/reset_netdata_trace.sh
- PermissionsStartOnly=true
- # saving a big db on slow disks may need some time
- TimeoutStopSec=150
- # restart netdata if it crashes
- Restart=on-failure
- RestartSec=30
- # The minimum netdata Out-Of-Memory (OOM) score.
- # netdata (via [global].OOM score in netdata.conf) can only increase the value set here.
- # To decrease it, set the minimum here and set the same or a higher value in netdata.conf.
- # Valid values: -1000 (never kill netdata) to 1000 (always kill netdata).
- OOMScoreAdjust=1000
- # Valid policies: other (the system default) | batch | idle | fifo | rr
- # To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99
- CPUSchedulingPolicy=idle
- # This sets the scheduling priority (for policies: rr and fifo).
- # Priority gets values 1 (lowest) to 99 (highest).
- #CPUSchedulingPriority=1
- # For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest).
- #Nice=0
- # Capabilities
- # is required for freeipmi and slabinfo plugins
- CapabilityBoundingSet=CAP_DAC_OVERRIDE
- # is required for apps plugin
- CapabilityBoundingSet=CAP_DAC_READ_SEARCH
- # is required for freeipmi plugin
- CapabilityBoundingSet=CAP_FOWNER
- # is required for apps, perf and slabinfo plugins
- CapabilityBoundingSet=CAP_SETPCAP
- # is required for perf plugin
- CapabilityBoundingSet=CAP_SYS_ADMIN
- # is required for apps plugin
- CapabilityBoundingSet=CAP_SYS_PTRACE
- # is required for ebpf plugin
- CapabilityBoundingSet=CAP_SYS_RESOURCE
- # is required for fping app
- CapabilityBoundingSet=CAP_NET_RAW
- # is required for cgroups plugin
- CapabilityBoundingSet=CAP_SYS_CHROOT
- # Sandboxing
- ProtectSystem=full
- ProtectHome=read-only
- # PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587
- #PrivateTmp=true
- ProtectControlGroups=true
- # We whitelist this because it's the standard location to listen on a UNIX socket.
- ReadWriteDirectories=/run/netdata
- [Install]
- WantedBy=multi-user.target
|
