diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-09-27 21:41:57 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-09-27 21:41:57 +0200 |
commit | 4d60167a0a935a141e6300bc1c1fb691a77c49c0 (patch) | |
tree | 247aeb9cd9a2010a062112ccf7ca4da9566044b1 /roles/monitoring/prometheus/exporter/ipmi | |
parent | prometheus: add some openwrt specific alert rules (diff) |
fix and finalize ipmi exporter
Diffstat (limited to 'roles/monitoring/prometheus/exporter/ipmi')
-rw-r--r-- | roles/monitoring/prometheus/exporter/ipmi/templates/service.j2 | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/roles/monitoring/prometheus/exporter/ipmi/templates/service.j2 b/roles/monitoring/prometheus/exporter/ipmi/templates/service.j2 index 465215e8..d862e299 100644 --- a/roles/monitoring/prometheus/exporter/ipmi/templates/service.j2 +++ b/roles/monitoring/prometheus/exporter/ipmi/templates/service.j2 @@ -1,22 +1,21 @@ [Unit] Description=Prometheus ipmi exporter +After=systemd-modules-load.service [Service] Restart=always -User=prometheus-exporter ExecStart=/usr/bin/prometheus-ipmi-exporter --web.listen-address="127.0.0.1:9290" --config.file=/etc/prometheus/exporter/ipmi/config.yml --freeipmi.path="/usr/sbin" ExecReload=/bin/kill -HUP $MAINPID -{# TODO: test which hardening options need to be removed for IPMI to work... #} # systemd hardening-options AmbientCapabilities= CapabilityBoundingSet= DeviceAllow=/dev/null rw +DeviceAllow=char-ipmidev rw DevicePolicy=strict LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true -PrivateDevices=true PrivateTmp=true ProtectControlGroups=true ProtectHome=true |