pkg/alertmanager: Configure state directory
dustin/metricspi/pipeline/head This commit looks good
Details
dustin/metricspi/pipeline/head This commit looks good
Details
AlertManager is a stateful service, and as such needs a writable location for its data. Using the `StateDirectory` service unit directive, we can configure systemd to create this directory automatically, if it does not already exist when the service starts. In order for the service to be able to write to the state directory, it must have a stable UID. This means it cannot use the `DynamicUser` service unit directive.pull/2/head
parent
276bcce2a4
commit
e3a349e3a1
|
|
@ -15,11 +15,13 @@ ExecStart=/usr/sbin/alertmanager \
|
||||||
--web.listen-address=${WEB_LISTEN_ADDRESS}
|
--web.listen-address=${WEB_LISTEN_ADDRESS}
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
Restart=on-failure
|
Restart=on-failure
|
||||||
|
User=alertmanager
|
||||||
|
StateDirectory=alertmanager
|
||||||
|
WorkingDirectory=/var/lib/alertmanager
|
||||||
|
|
||||||
CapabilityBoundingSet=
|
CapabilityBoundingSet=
|
||||||
DeviceAllow=
|
DeviceAllow=
|
||||||
DevicePolicy=closed
|
DevicePolicy=closed
|
||||||
DynamicUser=yes
|
|
||||||
LockPersonality=yes
|
LockPersonality=yes
|
||||||
MemoryDenyWriteExecute=yes
|
MemoryDenyWriteExecute=yes
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue