ansible-collection-prometheus/roles/blackbox_exporter/templates/blackbox_exporter.service.j2

55 lines
1.5 KiB
Text
Raw Normal View History

{{ ansible_managed | comment }}
[Unit]
Description=Blackbox Exporter
After=network-online.target
StartLimitInterval=0
StartLimitIntervalSec=0
[Service]
Type=simple
User={{ blackbox_exporter_system_user }}
Group={{ blackbox_exporter_system_group }}
PermissionsStartOnly=true
ExecReload=/bin/kill -HUP $MAINPID
ExecStart={{ blackbox_exporter_binary_install_dir }}/blackbox_exporter \
--config.file={{ blackbox_exporter_config_dir }}/blackbox_exporter.yml \
{% for flag, flag_value in blackbox_exporter_cli_flags.items() -%}
--{{ flag }}={{ flag_value }} \
{% endfor -%}
{% if blackbox_exporter_version is version('0.23.0', '>=') and
blackbox_exporter_web_listen_address is iterable and
blackbox_exporter_web_listen_address is not mapping and
blackbox_exporter_web_listen_address is not string %}
{% for address in blackbox_exporter_web_listen_address %}
--web.listen-address={{ address }}{{ " \\" if not loop.last else "" }}
{% endfor %}
{% else %}
--web.listen-address={{ blackbox_exporter_web_listen_address }}
{% endif %}
SyslogIdentifier=blackbox_exporter
KillMode=process
Restart=always
RestartSec=5
LockPersonality=true
NoNewPrivileges=true
MemoryDenyWriteExecute=true
PrivateTmp=true
ProtectHome=true
RemoveIPC=true
RestrictSUIDSGID=true
AmbientCapabilities=CAP_NET_RAW
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=yes
ProtectSystem=strict
{% else %}
ProtectSystem=full
{% endif %}
[Install]
WantedBy=multi-user.target