mirror of
https://github.com/netdata/netdata.git
synced 2025-04-14 17:48:37 +00:00
76 lines
2.7 KiB
SYSTEMD
76 lines
2.7 KiB
SYSTEMD
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
[Unit]
|
|
Description=Real time performance monitoring
|
|
|
|
# append here other services you want netdata to wait for them to start
|
|
After=network.target httpd.service squid.service nfs-server.service mysqld.service mysql.service named.service postfix.service chronyd.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=@netdata_user_POST@
|
|
Group=netdata
|
|
RuntimeDirectory=netdata
|
|
RuntimeDirectoryMode=0775
|
|
PIDFile=/run/netdata/netdata.pid
|
|
ExecStart=@sbindir_POST@/netdata -P /run/netdata/netdata.pid -D
|
|
ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata
|
|
ExecStartPre=/bin/chown -R @netdata_user_POST@ @localstatedir_POST@/cache/netdata
|
|
ExecStartPre=/bin/mkdir -p /run/netdata
|
|
ExecStartPre=/bin/chown -R @netdata_user_POST@ /run/netdata
|
|
PermissionsStartOnly=true
|
|
|
|
# saving a big db on slow disks may need some time
|
|
TimeoutStopSec=150
|
|
|
|
# restart netdata if it crashes
|
|
Restart=on-failure
|
|
RestartSec=30
|
|
|
|
# Valid policies: other (the system default) | batch | idle | fifo | rr
|
|
# To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99
|
|
CPUSchedulingPolicy=batch
|
|
|
|
# This sets the scheduling priority (for policies: rr and fifo).
|
|
# Priority gets values 1 (lowest) to 99 (highest).
|
|
#CPUSchedulingPriority=1
|
|
|
|
# For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest).
|
|
Nice=0
|
|
|
|
# Capabilities
|
|
# is required for freeipmi and slabinfo plugins
|
|
CapabilityBoundingSet=CAP_DAC_OVERRIDE
|
|
# is required for apps plugin
|
|
CapabilityBoundingSet=CAP_DAC_READ_SEARCH
|
|
# is required for freeipmi plugin
|
|
CapabilityBoundingSet=CAP_FOWNER CAP_SYS_RAWIO
|
|
# is required for apps, perf and slabinfo plugins
|
|
CapabilityBoundingSet=CAP_SETPCAP
|
|
# is required for perf plugin
|
|
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON
|
|
# is required for apps plugin
|
|
CapabilityBoundingSet=CAP_SYS_PTRACE
|
|
# is required for ebpf plugin
|
|
CapabilityBoundingSet=CAP_SYS_RESOURCE
|
|
# is required for go.d/ping app
|
|
CapabilityBoundingSet=CAP_NET_RAW
|
|
# is required for cgroups plugin
|
|
CapabilityBoundingSet=CAP_SYS_CHROOT
|
|
# is required for nfacct plugin (bandwidth accounting)
|
|
CapabilityBoundingSet=CAP_NET_ADMIN
|
|
# is required for plugins that use sudo
|
|
CapabilityBoundingSet=CAP_SETGID CAP_SETUID
|
|
|
|
# Sandboxing
|
|
ProtectSystem=full
|
|
ProtectHome=read-only
|
|
# PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587
|
|
#PrivateTmp=true
|
|
ProtectControlGroups=on
|
|
# We whitelist this because it's the standard location to listen on a UNIX socket.
|
|
ReadWriteDirectories=/run/netdata
|
|
# This is needed to make email-based alert deliver work if Postfix is the email provider on the system.
|
|
ReadWriteDirectories=-/var/spool/postfix/maildrop
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|