| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- # SPDX-License-Identifier: GPL-3.0-or-later
- [Unit]
- Description=Real time performance monitoring
- # append here other services you want netdata to wait for them to start
- After=network.target httpd.service squid.service nfs-server.service mysqld.service mysql.service named.service postfix.service chronyd.service
- [Service]
- Type=simple
- User=netdata
- Group=netdata
- RuntimeDirectory=netdata
- RuntimeDirectoryMode=0775
- PIDFile=@localstatedir_POST@/run/netdata/netdata.pid
- ExecStart=@sbindir_POST@/netdata -P @localstatedir_POST@/run/netdata/netdata.pid -D
- ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata
- ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/cache/netdata
- ExecStartPre=/bin/mkdir -p @localstatedir_POST@/run/netdata
- ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/run/netdata
- PermissionsStartOnly=true
- # saving a big db on slow disks may need some time
- TimeoutStopSec=150
- # restart netdata if it crashes
- Restart=on-failure
- RestartSec=30
- # Valid policies: other (the system default) | batch | idle | fifo | rr
- # To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99
- CPUSchedulingPolicy=batch
- # This sets the scheduling priority (for policies: rr and fifo).
- # Priority gets values 1 (lowest) to 99 (highest).
- #CPUSchedulingPriority=1
- # For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest).
- Nice=0
- # Capabilities
- # is required for freeipmi and slabinfo plugins
- CapabilityBoundingSet=CAP_DAC_OVERRIDE
- # is required for apps plugin
- CapabilityBoundingSet=CAP_DAC_READ_SEARCH
- # is required for freeipmi plugin
- CapabilityBoundingSet=CAP_FOWNER
- # is required for apps, perf and slabinfo plugins
- CapabilityBoundingSet=CAP_SETPCAP
- # is required for perf plugin
- CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON
- # is required for apps plugin
- CapabilityBoundingSet=CAP_SYS_PTRACE
- # is required for ebpf plugin
- CapabilityBoundingSet=CAP_SYS_RESOURCE
- # is required for fping app
- CapabilityBoundingSet=CAP_NET_RAW
- # is required for cgroups plugin
- CapabilityBoundingSet=CAP_SYS_CHROOT
- # is required for nfacct plugin (bandwidth accounting)
- CapabilityBoundingSet=CAP_NET_ADMIN
- # is required for plugins that use sudo
- CapabilityBoundingSet=CAP_SETGID CAP_SETUID
- # Sandboxing
- ProtectSystem=full
- ProtectHome=read-only
- # PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587
- #PrivateTmp=true
- ProtectControlGroups=true
- # We whitelist this because it's the standard location to listen on a UNIX socket.
- ReadWriteDirectories=/run/netdata
- # This is needed to make email-based alert deliver work if Postfix is the email provider on the system.
- ReadWriteDirectories=-/var/spool/postfix/maildrop
- [Install]
- WantedBy=multi-user.target
|
