2022-09-22 14:38:42 +00:00
|
|
|
{{ ansible_managed | comment }}
|
|
|
|
[Unit]
|
|
|
|
Description=Blackbox Exporter
|
|
|
|
After=network-online.target
|
|
|
|
StartLimitInterval=0
|
|
|
|
StartLimitIntervalSec=0
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
Type=simple
|
2024-10-15 17:02:22 +00:00
|
|
|
User={{ blackbox_exporter_system_user }}
|
|
|
|
Group={{ blackbox_exporter_system_group }}
|
2022-09-22 14:38:42 +00:00
|
|
|
PermissionsStartOnly=true
|
|
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
2024-05-14 12:22:14 +00:00
|
|
|
ExecStart={{ blackbox_exporter_binary_install_dir }}/blackbox_exporter \
|
2023-07-29 15:43:24 +00:00
|
|
|
--config.file={{ blackbox_exporter_config_dir }}/blackbox_exporter.yml \
|
2022-09-22 14:38:42 +00:00
|
|
|
{% for flag, flag_value in blackbox_exporter_cli_flags.items() -%}
|
|
|
|
--{{ flag }}={{ flag_value }} \
|
|
|
|
{% endfor -%}
|
2023-09-04 11:03:15 +00:00
|
|
|
{% if blackbox_exporter_version is version('0.23.0', '>=') and
|
|
|
|
blackbox_exporter_web_listen_address is iterable and
|
|
|
|
blackbox_exporter_web_listen_address is not mapping and
|
|
|
|
blackbox_exporter_web_listen_address is not string %}
|
|
|
|
{% for address in blackbox_exporter_web_listen_address %}
|
|
|
|
--web.listen-address={{ address }}{{ " \\" if not loop.last else "" }}
|
|
|
|
{% endfor %}
|
|
|
|
{% else %}
|
2022-09-22 14:38:42 +00:00
|
|
|
--web.listen-address={{ blackbox_exporter_web_listen_address }}
|
2023-09-04 11:03:15 +00:00
|
|
|
{% endif %}
|
2022-09-22 14:38:42 +00:00
|
|
|
|
|
|
|
SyslogIdentifier=blackbox_exporter
|
|
|
|
KillMode=process
|
|
|
|
Restart=always
|
|
|
|
RestartSec=5
|
|
|
|
|
|
|
|
LockPersonality=true
|
|
|
|
NoNewPrivileges=true
|
|
|
|
MemoryDenyWriteExecute=true
|
|
|
|
PrivateTmp=true
|
|
|
|
ProtectHome=true
|
|
|
|
RemoveIPC=true
|
|
|
|
RestrictSUIDSGID=true
|
|
|
|
|
|
|
|
AmbientCapabilities=CAP_NET_RAW
|
2023-03-06 16:08:26 +00:00
|
|
|
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
|
2022-09-22 14:38:42 +00:00
|
|
|
ProtectControlGroups=true
|
|
|
|
ProtectKernelModules=true
|
|
|
|
ProtectKernelTunables=yes
|
|
|
|
ProtectSystem=strict
|
|
|
|
{% else %}
|
|
|
|
ProtectSystem=full
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
WantedBy=multi-user.target
|