diff options
Diffstat (limited to '')
-rw-r--r-- | system/systemd/50-netdata.preset | 1 | ||||
-rw-r--r-- | system/systemd/netdata-updater.service.in | 8 | ||||
-rw-r--r-- | system/systemd/netdata-updater.timer | 12 | ||||
-rw-r--r-- | system/systemd/netdata.service.in | 84 | ||||
-rw-r--r-- | system/systemd/netdata.service.v235.in | 34 |
5 files changed, 139 insertions, 0 deletions
diff --git a/system/systemd/50-netdata.preset b/system/systemd/50-netdata.preset new file mode 100644 index 00000000..fe4e5a19 --- /dev/null +++ b/system/systemd/50-netdata.preset @@ -0,0 +1 @@ +enable netdata.service diff --git a/system/systemd/netdata-updater.service.in b/system/systemd/netdata-updater.service.in new file mode 100644 index 00000000..d0bd4994 --- /dev/null +++ b/system/systemd/netdata-updater.service.in @@ -0,0 +1,8 @@ +[Unit] +Description=Daily auto-updates for Netdata +RefuseManualStart=no +RefuseManualStop=yes + +[Service] +Type=oneshot +ExecStart=@pkglibexecdir_POST@/netdata-updater.sh diff --git a/system/systemd/netdata-updater.timer b/system/systemd/netdata-updater.timer new file mode 100644 index 00000000..8b36e46f --- /dev/null +++ b/system/systemd/netdata-updater.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Daily auto-updates for Netdata +RefuseManualStart=no +RefuseManualStop=no + +[Timer] +Persistent=false +OnCalendar=daily +Unit=netdata-updater.service + +[Install] +WantedBy=timers.target diff --git a/system/systemd/netdata.service.in b/system/systemd/netdata.service.in new file mode 100644 index 00000000..7d15dad7 --- /dev/null +++ b/system/systemd/netdata.service.in @@ -0,0 +1,84 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +[Unit] +Description=Real time performance monitoring + +# append here other services you want netdata to wait for them to start +After=network.target + +[Service] +LogNamespace=netdata +Type=simple +User=root +RuntimeDirectory=netdata +RuntimeDirectoryMode=0775 +PIDFile=/run/netdata/netdata.pid +ExecStart=@sbindir_POST@/netdata -P /run/netdata/netdata.pid -D +ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata +ExecStartPre=/bin/chown -R @netdata_user_POST@ @localstatedir_POST@/cache/netdata +ExecStartPre=/bin/mkdir -p /run/netdata +ExecStartPre=/bin/chown -R @netdata_user_POST@ /run/netdata +PermissionsStartOnly=true + +# saving a big db on slow disks may need some time +TimeoutStopSec=150 + +# restart netdata if it crashes +Restart=on-failure +RestartSec=30 + +# Valid policies: other (the system default) | batch | idle | fifo | rr +# To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99 +CPUSchedulingPolicy=batch + +# This sets the scheduling priority (for policies: rr and fifo). +# Priority gets values 1 (lowest) to 99 (highest). +#CPUSchedulingPriority=1 + +# For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest). +Nice=0 + +# Capabilities +# is required for freeipmi and slabinfo plugins +CapabilityBoundingSet=CAP_DAC_OVERRIDE +# is required for apps plugin +CapabilityBoundingSet=CAP_DAC_READ_SEARCH +# is required for freeipmi plugin +CapabilityBoundingSet=CAP_FOWNER CAP_SYS_RAWIO +# is required for apps, perf and slabinfo plugins +CapabilityBoundingSet=CAP_SETPCAP +# is required for perf plugin +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON +# is required for apps plugin +CapabilityBoundingSet=CAP_SYS_PTRACE +# is required for ebpf plugin +CapabilityBoundingSet=CAP_SYS_RESOURCE +# is required for go.d/ping app +CapabilityBoundingSet=CAP_NET_RAW +# is required for cgroups plugin +CapabilityBoundingSet=CAP_SYS_CHROOT +# is required for nfacct plugin (bandwidth accounting) +CapabilityBoundingSet=CAP_NET_ADMIN +# is required for plugins that use sudo +CapabilityBoundingSet=CAP_SETGID CAP_SETUID +# is required to change file ownership +CapabilityBoundingSet=CAP_CHOWN +# is required for logs-management.plugin +CapabilityBoundingSet=CAP_SYSLOG + +# Sandboxing +ProtectSystem=full +ProtectHome=read-only +# PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587 +#PrivateTmp=true +ProtectControlGroups=on +# We whitelist this because it's the standard location to listen on a UNIX socket. +ReadWriteDirectories=/run/netdata +# This is needed to make email-based alert deliver work if Postfix is the email provider on the system. +ReadWriteDirectories=-/var/spool/postfix/maildrop +# LXCFS directories (https://github.com/lxc/lxcfs#lxcfs) +# If we don't set them explicitly, systemd mounts procfs from the host. See https://github.com/netdata/netdata/issues/14238. +BindReadOnlyPaths=-/proc/cpuinfo -/proc/diskstats -/proc/loadavg -/proc/meminfo +BindReadOnlyPaths=-/proc/stat -/proc/swaps -/proc/uptime -/proc/slabinfo + +[Install] +WantedBy=multi-user.target diff --git a/system/systemd/netdata.service.v235.in b/system/systemd/netdata.service.v235.in new file mode 100644 index 00000000..06f03b26 --- /dev/null +++ b/system/systemd/netdata.service.v235.in @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +[Unit] +Description=Real time performance monitoring + +# append here other services you want netdata to wait for them to start +After=network.target + +[Service] +LogNamespace=netdata +Type=simple +User=root +EnvironmentFile=-/etc/default/netdata +ExecStart=@sbindir_POST@/netdata -D $EXTRA_OPTS + +# saving a big db on slow disks may need some time +TimeoutStopSec=150 + +# restart netdata if it crashes +Restart=on-failure +RestartSec=30 + +# Valid policies: other (the system default) | batch | idle | fifo | rr +# To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99 +CPUSchedulingPolicy=batch + +# This sets the scheduling priority (for policies: rr and fifo). +# Priority gets values 1 (lowest) to 99 (highest). +#CPUSchedulingPriority=1 + +# For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest). +Nice=0 + +[Install] +WantedBy=multi-user.target |