From beb243d69a8f61d38606df501a3c7a6e4415dec4 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Thu, 25 Apr 2024 09:47:21 -0500 Subject: [PATCH] loki: Do not chcon/chown state dir at startup _systemd_ automatically recursively changes the ownership of the paths listed in `StateDirectory` when the unit is activated. This can take a very long time, as the Loki storage directory contains hundreds of thousands of files. Since we also have `podman` change the ownership, that *doubles* the time taken. Similarly, with `podman` also configured to change the SELinux label of the files in that path, even more time is wasted at startup. To avoid all these time wasters, we need to avoid having _systemd_ manage the state directory and create it with the proper ownership and SELinux label manually. Here, we're only manipulating the metadata of the top-level directory; anything within the directory is untouched. This ensures that the directory is always there and has the correct permissions, but does not spend any time changing anything that doesn't need changed. --- templates/loki/loki.container | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/loki/loki.container b/templates/loki/loki.container index 39da230..20e3a70 100644 --- a/templates/loki/loki.container +++ b/templates/loki/loki.container @@ -7,7 +7,8 @@ StartLimitIntervalSec=1m StartLimitBurst=60 [Service] -StateDirectory=%P +ExecStartPre=/bin/install -o 10001 -g 10001 -d %S/%P +ExecStartPre=/bin/chcon -t container_file_t %S/%P ExecReload=/usr/bin/podman kill --cidfile=%t/%N.cid --signal HUP TimeoutStartSec=5m Restart=always @@ -16,7 +17,7 @@ RstartSec=1s [Container] Image=docker.io/grafana/loki:2.9.4 Exec=-config.file=/etc/loki/config.yml -Volume=%S/%P:/var/lib/loki:rw,Z,U +Volume=%S/%P:/var/lib/loki:rw Volume=/etc/loki:/etc/loki:ro Network=host