| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 |
- # SPDX-License-Identifier: GPL-3.0-or-later
- [Unit]
- Description=infrastructure monitoring and troubleshooting, transformed
- # append here other services you want netdata to wait for them to start
- After=network.target network-online.target nss-lookup.target
- Wants=network-online.target nss-lookup.target
- [Service]
- LogNamespace=netdata
- Type=simple
- User=root
- Group=netdata
- RuntimeDirectory=netdata
- RuntimeDirectoryMode=0775
- PIDFile=/run/netdata/netdata.pid
- ExecStart=@sbindir_POST@/netdata -P /run/netdata/netdata.pid -D
- ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata
- ExecStartPre=/bin/chown -R @netdata_user_POST@ @localstatedir_POST@/cache/netdata
- PermissionsStartOnly=true
- # saving a big db on slow disks may need some time
- TimeoutStopSec=150
- # restart netdata if it crashes
- Restart=on-failure
- RestartSec=30
- # Valid policies: other (the system default) | batch | idle | fifo | rr
- # To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99
- CPUSchedulingPolicy=batch
- # This sets the scheduling priority (for policies: rr and fifo).
- # Priority gets values 1 (lowest) to 99 (highest).
- #CPUSchedulingPriority=1
- # For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest).
- Nice=0
- # Capabilities
- # is required for freeipmi and slabinfo plugins
- CapabilityBoundingSet=CAP_DAC_OVERRIDE
- # is required for apps plugin
- CapabilityBoundingSet=CAP_DAC_READ_SEARCH
- # is required for freeipmi plugin
- CapabilityBoundingSet=CAP_FOWNER CAP_SYS_RAWIO
- # is required for apps, perf and slabinfo plugins
- CapabilityBoundingSet=CAP_SETPCAP
- # is required for perf plugin
- CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON
- # is required for apps plugin
- CapabilityBoundingSet=CAP_SYS_PTRACE
- # is required for ebpf plugin
- CapabilityBoundingSet=CAP_SYS_RESOURCE
- # is required for go.d/ping app
- CapabilityBoundingSet=CAP_NET_RAW
- # is required for cgroups plugin
- CapabilityBoundingSet=CAP_SYS_CHROOT
- # is required for nfacct plugin (bandwidth accounting)
- CapabilityBoundingSet=CAP_NET_ADMIN
- # is required for plugins that use sudo
- CapabilityBoundingSet=CAP_SETGID CAP_SETUID
- # is required to change file ownership
- CapabilityBoundingSet=CAP_CHOWN
- # Sandboxing
- ProtectSystem=full
- ProtectHome=read-only
- # PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587
- #PrivateTmp=true
- ProtectControlGroups=on
- # We whitelist this because it's the standard location to listen on a UNIX socket.
- ReadWriteDirectories=/run/netdata
- # This is needed to make email-based alert deliver work if Postfix is the email provider on the system.
- ReadWriteDirectories=-/var/spool/postfix/maildrop
- # LXCFS directories (https://github.com/lxc/lxcfs#lxcfs)
- # If we don't set them explicitly, systemd mounts procfs from the host. See https://github.com/netdata/netdata/issues/14238.
- BindReadOnlyPaths=-/proc/cpuinfo -/proc/diskstats -/proc/loadavg -/proc/meminfo
- BindReadOnlyPaths=-/proc/stat -/proc/swaps -/proc/uptime -/proc/slabinfo
- [Install]
- WantedBy=multi-user.target
|
