-
Notifications
You must be signed in to change notification settings - Fork 138
/
alertmanager.service.j2
78 lines (73 loc) · 2.31 KB
/
alertmanager.service.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{%- if alertmanager_version is version_compare('0.13.0', '>=') %}
{%- set pre = '-' %}
{%- else %}
{%- set pre = '' %}
{%- endif %}
{%- if alertmanager_version is version_compare('0.15.0', '<') %}
{%- set cluster_flag = 'mesh' %}
{%- else %}
{%- set cluster_flag = 'cluster' %}
{%- endif %}
{{ ansible_managed | comment }}
[Unit]
Description=Prometheus Alertmanager
After=network-online.target
StartLimitInterval=0
StartLimitIntervalSec=0
[Service]
Type=simple
{% if (ansible_facts.packages.systemd | first).version is version('239', '>=') %}
PIDFile=/run/alertmanager.pid
{% else %}
PIDFile=/var/run/alertmanager.pid
{% endif %}
User=alertmanager
Group=alertmanager
ExecReload=/bin/kill -HUP $MAINPID
ExecStart={{ alertmanager_binary_install_dir }}/alertmanager \
{% for option, value in (alertmanager_cluster.items() | sort) %}
{% if option == "peers" %}
{% for peer in value %}
{{ pre }}-{{ cluster_flag }}.peer={{ peer }} \
{% endfor %}
{% else %}
{{ pre }}-{{ cluster_flag }}.{{ option }}={{ value }} \
{% endif %}
{% endfor %}
{{ pre }}-config.file={{ alertmanager_config_dir }}/alertmanager.yml \
{{ pre }}-storage.path={{ alertmanager_db_dir }} \
{% if alertmanager_version is version('0.25.0', '>=') and
alertmanager_web_listen_address is iterable and
alertmanager_web_listen_address is not mapping and
alertmanager_web_listen_address is not string %}
{% for address in alertmanager_web_listen_address %}
{{ pre }}-web.listen-address={{ address }} \
{% endfor %}
{% else %}
{{ pre }}-web.listen-address={{ alertmanager_web_listen_address }} \
{% endif %}
{{ pre }}-web.external-url={{ alertmanager_web_external_url }}{% for flag, flag_value in alertmanager_config_flags_extra.items() %} \
{{ pre }}-{{ flag }}={{ flag_value }}{% endfor %}
SyslogIdentifier=alertmanager
Restart=always
RestartSec=5
CapabilityBoundingSet=CAP_SET_UID
LockPersonality=true
NoNewPrivileges=true
MemoryDenyWriteExecute=true
PrivateTmp=true
ProtectHome=true
ReadWriteDirectories={{ alertmanager_db_dir }}
RemoveIPC=true
RestrictSUIDSGID=true
{% if (ansible_facts.packages.systemd | first).version is version('232', '>=') %}
PrivateUsers=true
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=yes
ProtectSystem=strict
{% else %}
ProtectSystem=full
{% endif %}
[Install]
WantedBy=multi-user.target