diff options
| author | Costa Tsaousis <costa@tsaousis.gr> | 2016-08-12 21:18:57 +0300 |
|---|---|---|
| committer | Costa Tsaousis <costa@tsaousis.gr> | 2016-08-12 21:18:57 +0300 |
| commit | 7be4d1e56904c079e40a45b4e1ac85e5e940653a (patch) | |
| tree | 5511790c9aaa54b6ff88c7ed249a565b4b2023ba /system | |
| parent | 30ce32f31ea23ef2166cd24e4a9a00aac34a9946 (diff) | |
proper log file management; re-opening logs on SIGHUP; updated logrotate; updated systemd.service
Diffstat (limited to 'system')
| -rw-r--r-- | system/netdata.logrotate.in | 14 | ||||
| -rw-r--r-- | system/netdata.service.in | 33 |
2 files changed, 29 insertions, 18 deletions
diff --git a/system/netdata.logrotate.in b/system/netdata.logrotate.in index d06944610a..7858ef0dc5 100644 --- a/system/netdata.logrotate.in +++ b/system/netdata.logrotate.in @@ -6,14 +6,8 @@ delaycompress notifempty sharedscripts - # - # if you add netdata to your init.d/system.d - # comment su & copytruncate and uncomment postrotate - # to have netdata restart when logs are rotated - create 0640 netdata netdata - copytruncate - # - #postrotate - # /sbin/service netdata try-restart >/dev/null - #endscript + create 0664 netdata netdata + postrotate + /sbin/killall -HUP netdata + endscript } diff --git a/system/netdata.service.in b/system/netdata.service.in index 0dd6eba38d..afdf0d78ce 100644 --- a/system/netdata.service.in +++ b/system/netdata.service.in @@ -1,27 +1,44 @@ [Unit] -Description=Linux real time system monitoring, done right +Description=Real time performance monitoring After=network.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service [Service] -Type=forking +Type=simple WorkingDirectory=/tmp User=netdata Group=netdata RuntimeDirectory=netdata -PIDFile=@localstatedir_POST@/run/netdata/netdata.pid -ExecStart=@sbindir_POST@/netdata -P @localstatedir_POST@/run/netdata/netdata.pid +ExecStartPre=/bin/mkdir -p @localstatedir_POST@/run/netdata +ExecStartPre=/bin/chown -R netdata:netdata @localstatedir_POST@/run/netdata +ExecStartPre=/bin/chmod 0775 @localstatedir_POST@/run/netdata +ExecStart=@sbindir_POST@/netdata -D -P @localstatedir_POST@/run/netdata/netdata.pid + +# ----------------------------------------------------------------------------- +# Stopping netdata + KillMode=mixed KillSignal=SIGTERM -TimeoutStopSec=30 -#Hardening +# saving a big db on slow disks may need some time +TimeoutStopSec=60 + +# and disable SIGKILL - if sent during save, we will loose the db +SendSIGKILL=no + +# ----------------------------------------------------------------------------- +# Hardening netdata + AmbientCapabilities=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_SYS_PTRACE PrivateTmp=true ProtectSystem=full ProtectHome=read-only -#NoNewPrivileges=true is implicitly set by the MemoryDenyWriteExecute=true -MemoryDenyWriteExecute=true + +# is implicitly set by the MemoryDenyWriteExecute=true +# NoNewPrivileges=true + +# Do not enable - it makes node.js plugins to crash +# MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target |