From 66e8246c3b9ca01489bacf0913784ab1c2803c51 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Tue, 28 Jun 2022 16:23:55 -0500 Subject: [PATCH] Add systemd units for Victoria Metrics I think it makes the most sense to install the systemd unit files for services along with their binaries. This is how most software provided by Linux distribution package manager works. Providing the systemd unit with the package eliminates the need for variability, since the paths to the executable and other files are well defined. --- .../victoriametrics/victoria-metrics.service | 51 ++++++++++++++++++ package/victoriametrics/victoriametrics.mk | 6 +++ package/vmutils/vmagent.service | 52 +++++++++++++++++++ package/vmutils/vmalert.service | 51 ++++++++++++++++++ package/vmutils/vmutils.mk | 17 ++++++ 5 files changed, 177 insertions(+) create mode 100644 package/victoriametrics/victoria-metrics.service create mode 100644 package/vmutils/vmagent.service create mode 100644 package/vmutils/vmalert.service diff --git a/package/victoriametrics/victoria-metrics.service b/package/victoriametrics/victoria-metrics.service new file mode 100644 index 0000000..c9dbc84 --- /dev/null +++ b/package/victoriametrics/victoria-metrics.service @@ -0,0 +1,51 @@ +[Unit] +Description=Victoria Metrics +Documentation=https://docs.victoriametrics.com +After=network.target + +[Service] +Type=exec +Environment=httpListenAddr=[::1]:8428 +Environment=storageDataPath=/var/lib/victoria-metrics/data +Environment=loggerDisableTimestamps=true +EnvironmentFile=-/etc/sysconfig/victoria-metrics +ExecStart=/usr/bin/victoria-metrics -enableTCP6 -envflag.enable +Restart=on-failure +User=victoriametrics +Group=victoriametrics +ReadWritePaths=/var/lib/victoria-metrics +LimitNOFILE=1048576 + +CapabilityBoundingSet= +DeviceAllow= +DevicePolicy=closed +DynamicUser=yes +IPAddressAllow=localhost +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateUsers=yes +PrivateTmp=yes +ProcSubset=pid +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0027 + +[Install] +WantedBy=multi-user.target diff --git a/package/victoriametrics/victoriametrics.mk b/package/victoriametrics/victoriametrics.mk index 1e7f7e6..8b0b120 100644 --- a/package/victoriametrics/victoriametrics.mk +++ b/package/victoriametrics/victoriametrics.mk @@ -8,4 +8,10 @@ VICTORIAMETRICS_LDFLAGS = -extldflags '-static' VICTORIAMETRICS_TAGS = netgo osusergo nethttpomithttp2 musl VICTORIAMETRICS_INSTALL_BINS = victoria-metrics +define VICTORIAMETRICS_INSTALL_INIT_SYSTEMD + $(INSTALL) -D -m u=rw,go=r \ + $(BR2_EXTERNAL_metricspi_PATH)/package/victoriametrics/victoria-metrics.service \ + $(TARGET_DIR)/usr/lib/systemd/system/victoria-metrics.service +endef + $(eval $(golang-package)) diff --git a/package/vmutils/vmagent.service b/package/vmutils/vmagent.service new file mode 100644 index 0000000..6e52c17 --- /dev/null +++ b/package/vmutils/vmagent.service @@ -0,0 +1,52 @@ +[Unit] +Description=Victoria Metrics vmagent +Documentation=https://docs.victoriametrics.com/vmagent.html +Wants=network-online.target +After=network-online.target + +[Service] +Type=exec +Environment=httpListenAddr=[::1]:8429 +Environment=loggerDisableTimestamps=true +Environment=remoteWrite_tmpDataPath=/var/lib/victoria-metrics/vmagent +EnvironmentFile=-/etc/sysconfig/vmagent +ExecStart=/usr/bin/vmagent -enableTCP6 -envflag.enable +Restart=on-failure +User=victoriametrics +Group=victoriametrics +ReadWritePaths=/var/lib/victoria-metrics + +CapabilityBoundingSet= +DeviceAllow= +DevicePolicy=closed +DynamicUser=yes +IPAddressAllow=localhost +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateUsers=yes +PrivateTmp=yes +ProcSubset=pid +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0027 + +[Install] +WantedBy=multi-user.target + diff --git a/package/vmutils/vmalert.service b/package/vmutils/vmalert.service new file mode 100644 index 0000000..6a91e2f --- /dev/null +++ b/package/vmutils/vmalert.service @@ -0,0 +1,51 @@ +[Unit] +Description=Victoria Metrics vmalert +Documentation=https://docs.victoriametrics.com/vmalert.html +Wants=network-online.target +After=network-online.target + +[Service] +Type=exec +Environment=httpListenAddr=[::1]:8880 +Environment=loggerDisableTimestamps=true +EnvironmentFile=-/etc/sysconfig/vmalert +ExecStart=/usr/bin/vmagent -enableTCP6 -envflag.enable +Restart=on-failure +User=victoriametrics +Group=victoriametrics +LimitNOFILE=1048576 + +CapabilityBoundingSet= +DeviceAllow= +DevicePolicy=closed +DynamicUser=yes +IPAddressAllow=localhost +IPAddressDeny=any +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateDevices=yes +PrivateUsers=yes +PrivateTmp=yes +ProcSubset=pid +ProtectClock=yes +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +UMask=0027 + +[Install] +WantedBy=multi-user.target + diff --git a/package/vmutils/vmutils.mk b/package/vmutils/vmutils.mk index 11fde65..89edaf5 100644 --- a/package/vmutils/vmutils.mk +++ b/package/vmutils/vmutils.mk @@ -36,4 +36,21 @@ VMUTILS_BUILD_TARGETS += app/vmctl VMUTILS_INSTALL_BINS += vmctl endif +define VMUTILS_VMAGENT_INSTALL_INIT_SYSTEMD + $(INSTALL) -D -m u=rw,go=r \ + $(BR2_EXTERNAL_metricspi_PATH)/package/vmutils/vmagent.service \ + $(TARGET_DIR)/usr/lib/systemd/system/vmagent.service +endef + +define VMUTILS_VMALERT_INSTALL_INIT_SYSTEMD + $(INSTALL) -D -m u=rw,go=r \ + $(BR2_EXTERNAL_metricspi_PATH)/package/vmutils/vmalert.service \ + $(TARGET_DIR)/usr/lib/systemd/system/vmalert.service +endef + +define VMUTILS_INSTALL_INIT_SYSTEMD + $(if $(BR2_PACKAGE_VMUTILS_VMAGENT),$(VMUTILS_VMAGENT_INSTALL_INIT_SYSTEMD)) + $(if $(BR2_PACKAGE_VMUTILS_VMALERT),$(VMUTILS_VMALERT_INSTALL_INIT_SYSTEMD)) +endef + $(eval $(golang-package))