Home Explore Help
Sign In
pbarriat
/
Brevet
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ec4a4f6268
Branches Tags
Brevet
/
dev
/
provisioning
/
ansible
/
roles
/
prometheus
/
templates
/
prometheus.service.j2

prometheus.service.j2 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. {{ ansible_managed | comment }}
    2. 

  2. 

  3. [Unit]
    4. 

  4. Description=Prometheus
    5. 

  5. After=network-online.target
    6. 

  6. Requires=local-fs.target
    7. 

  7. After=local-fs.target
    8. 

  8. 

  9. [Service]
    10. 

  10. Type=simple
    11. 

  11. Environment="GOMAXPROCS={{ ansible_processor_vcpus|default(ansible_processor_count) }}"
    12. 

  12. User=prometheus
    13. 

  13. Group=prometheus
    14. 

  14. ExecReload=/bin/kill -HUP $MAINPID
    15. 

  15. ExecStart={{ prometheus_binary_install_dir }}/prometheus \
    16. 

  16.   --storage.tsdb.path={{ prometheus_db_dir }} \
    17. 

  17. {% if prometheus_version is version('2.7.0', '>=') %}
    18. 

  18.   --storage.tsdb.retention.time={{ prometheus_storage_retention }} \
    19. 

  19.   --storage.tsdb.retention.size={{ prometheus_storage_retention_size }} \
    20. 

  20. {% else %}
    21. 

  21.   --storage.tsdb.retention={{ prometheus_storage_retention }} \
    22. 

  22. {% endif %}
    23. 

  23. {% if prometheus_version is version('2.24.0', '>=') %}
    24. 

  24.   --web.config.file={{ prometheus_config_dir }}/web.yml \
    25. 

  25. {% endif %}
    26. 

  26.   --web.console.libraries={{ prometheus_config_dir }}/console_libraries \
    27. 

  27.   --web.console.templates={{ prometheus_config_dir }}/consoles \
    28. 

  28.   --web.listen-address={{ prometheus_web_listen_address }} \
    29. 

  29.   --web.external-url={{ prometheus_web_external_url }} \
    30. 

  30. {% for flag, flag_value in prometheus_config_flags_extra.items() %}
    31. 

  31. {% if not flag_value %}
    32. 

  32.   --{{ flag }} \
    33. 

  33. {% elif flag_value is string %}
    34. 

  34.   --{{ flag }}={{ flag_value }} \
    35. 

  35. {% elif flag_value is sequence %}
    36. 

  36. {% for flag_value_item in flag_value %}
    37. 

  37.   --{{ flag }}={{ flag_value_item }} \
    38. 

  38. {% endfor %}
    39. 

  39. {% endif %}
    40. 

  40. {% endfor %}
    41. 

  41.   --config.file={{ prometheus_config_dir }}/prometheus.yml
    42. 

  42. 

  43. CapabilityBoundingSet=CAP_SET_UID
    44. 

  44. LimitNOFILE=65000
    45. 

  45. LockPersonality=true
    46. 

  46. NoNewPrivileges=true
    47. 

  47. MemoryDenyWriteExecute=true
    48. 

  48. PrivateDevices=true
    49. 

  49. PrivateTmp=true
    50. 

  50. ProtectHome=true
    51. 

  51. RemoveIPC=true
    52. 

  52. RestrictSUIDSGID=true
    53. 

  53. #SystemCallFilter=@signal @timer
    54. 

  54. 

  55. {% if prometheus_systemd_version | int >= 231 %}
    56. 

  56. ReadWritePaths={{ prometheus_db_dir }}
    57. 

  57. {% for path in prometheus_read_only_dirs %}
    58. 

  58. ReadOnlyPaths={{ path }}
    59. 

  59. {% endfor %}
    60. 

  60. {% else %}
    61. 

  61. ReadWriteDirectories={{ prometheus_db_dir }}
    62. 

  62. {% for path in prometheus_read_only_dirs %}
    63. 

  63. ReadOnlyDirectories={{ path }}
    64. 

  64. {% endfor %}
    65. 

  65. {% endif %}
    66. 

  66. 

  67. {% if prometheus_systemd_version | int >= 232 %}
    68. 

  68. PrivateUsers=true
    69. 

  69. ProtectControlGroups=true
    70. 

  70. ProtectKernelModules=true
    71. 

  71. ProtectKernelTunables=true
    72. 

  72. ProtectSystem=strict
    73. 

  73. {% else %}
    74. 

  74. ProtectSystem=full
    75. 

  75. {% endif %}
    76. 

  76. 

  77. {% if http_proxy is defined %}
    78. 

  78. Environment="HTTP_PROXY={{ http_proxy }}"{% if https_proxy is defined %} "HTTPS_PROXY={{ https_proxy }}{% endif %}"
    79. 

  79. {% endif %}
    80. 

  80. 

  81. SyslogIdentifier=prometheus
    82. 

  82. Restart=always
    83. 

  83. 

  84. [Install]
    85. 

  85. WantedBy=multi-user.target
    86.