diff options
Diffstat (limited to 'system/systemd/netdata.service.in')
| -rw-r--r-- | system/systemd/netdata.service.in | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/system/systemd/netdata.service.in b/system/systemd/netdata.service.in new file mode 100644 index 00000000..25d95b2b --- /dev/null +++ b/system/systemd/netdata.service.in @@ -0,0 +1,80 @@ +# SPDX-License-Identifier: GPL-3.0-or-later +[Unit] +Description=Real time performance monitoring + +# append here other services you want netdata to wait for them to start +After=network.target httpd.service squid.service nfs-server.service mysqld.service mysql.service named.service postfix.service chronyd.service + +[Service] +Type=simple +User=@netdata_user_POST@ +Group=netdata +RuntimeDirectory=netdata +RuntimeDirectoryMode=0775 +PIDFile=/run/netdata/netdata.pid +ExecStart=@sbindir_POST@/netdata -P /run/netdata/netdata.pid -D +ExecStartPre=/bin/mkdir -p @localstatedir_POST@/cache/netdata +ExecStartPre=/bin/chown -R @netdata_user_POST@ @localstatedir_POST@/cache/netdata +ExecStartPre=/bin/mkdir -p /run/netdata +ExecStartPre=/bin/chown -R @netdata_user_POST@ /run/netdata +PermissionsStartOnly=true + +# saving a big db on slow disks may need some time +TimeoutStopSec=150 + +# restart netdata if it crashes +Restart=on-failure +RestartSec=30 + +# Valid policies: other (the system default) | batch | idle | fifo | rr +# To give netdata the max priority, set CPUSchedulingPolicy=rr and CPUSchedulingPriority=99 +CPUSchedulingPolicy=batch + +# This sets the scheduling priority (for policies: rr and fifo). +# Priority gets values 1 (lowest) to 99 (highest). +#CPUSchedulingPriority=1 + +# For scheduling policy 'other' and 'batch', this sets the lowest niceness of netdata (-20 highest to 19 lowest). +Nice=0 + +# Capabilities +# is required for freeipmi and slabinfo plugins +CapabilityBoundingSet=CAP_DAC_OVERRIDE +# is required for apps plugin +CapabilityBoundingSet=CAP_DAC_READ_SEARCH +# is required for freeipmi plugin +CapabilityBoundingSet=CAP_FOWNER CAP_SYS_RAWIO +# is required for apps, perf and slabinfo plugins +CapabilityBoundingSet=CAP_SETPCAP +# is required for perf plugin +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_PERFMON +# is required for apps plugin +CapabilityBoundingSet=CAP_SYS_PTRACE +# is required for ebpf plugin +CapabilityBoundingSet=CAP_SYS_RESOURCE +# is required for go.d/ping app +CapabilityBoundingSet=CAP_NET_RAW +# is required for cgroups plugin +CapabilityBoundingSet=CAP_SYS_CHROOT +# is required for nfacct plugin (bandwidth accounting) +CapabilityBoundingSet=CAP_NET_ADMIN +# is required for plugins that use sudo +CapabilityBoundingSet=CAP_SETGID CAP_SETUID + +# Sandboxing +ProtectSystem=full +ProtectHome=read-only +# PrivateTmp break netdatacli functionality. See - https://github.com/netdata/netdata/issues/7587 +#PrivateTmp=true +ProtectControlGroups=on +# We whitelist this because it's the standard location to listen on a UNIX socket. +ReadWriteDirectories=/run/netdata +# This is needed to make email-based alert deliver work if Postfix is the email provider on the system. +ReadWriteDirectories=-/var/spool/postfix/maildrop +# LXCFS directories (https://github.com/lxc/lxcfs#lxcfs) +# If we don't set them explicitly, systemd mounts procfs from the host. See https://github.com/netdata/netdata/issues/14238. +BindReadOnlyPaths=-/proc/cpuinfo -/proc/diskstats -/proc/loadavg -/proc/meminfo +BindReadOnlyPaths=-/proc/stat -/proc/swaps -/proc/uptime -/proc/slabinfo + +[Install] +WantedBy=multi-user.target |