loki: Do not chcon/chown state dir at startup
_systemd_ automatically recursively changes the ownership of the paths listed in `StateDirectory` when the unit is activated. This can take a very long time, as the Loki storage directory contains hundreds of thousands of files. Since we also have `podman` change the ownership, that *doubles* the time taken. Similarly, with `podman` also configured to change the SELinux label of the files in that path, even more time is wasted at startup. To avoid all these time wasters, we need to avoid having _systemd_ manage the state directory and create it with the proper ownership and SELinux label manually. Here, we're only manipulating the metadata of the top-level directory; anything within the directory is untouched. This ensures that the directory is always there and has the correct permissions, but does not spend any time changing anything that doesn't need changed.master
parent
837cec36f1
commit
beb243d69a
|
|
@ -7,7 +7,8 @@ StartLimitIntervalSec=1m
|
||||||
StartLimitBurst=60
|
StartLimitBurst=60
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
StateDirectory=%P
|
ExecStartPre=/bin/install -o 10001 -g 10001 -d %S/%P
|
||||||
|
ExecStartPre=/bin/chcon -t container_file_t %S/%P
|
||||||
ExecReload=/usr/bin/podman kill --cidfile=%t/%N.cid --signal HUP
|
ExecReload=/usr/bin/podman kill --cidfile=%t/%N.cid --signal HUP
|
||||||
TimeoutStartSec=5m
|
TimeoutStartSec=5m
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
@ -16,7 +17,7 @@ RstartSec=1s
|
||||||
[Container]
|
[Container]
|
||||||
Image=docker.io/grafana/loki:2.9.4
|
Image=docker.io/grafana/loki:2.9.4
|
||||||
Exec=-config.file=/etc/loki/config.yml
|
Exec=-config.file=/etc/loki/config.yml
|
||||||
Volume=%S/%P:/var/lib/loki:rw,Z,U
|
Volume=%S/%P:/var/lib/loki:rw
|
||||||
Volume=/etc/loki:/etc/loki:ro
|
Volume=/etc/loki:/etc/loki:ro
|
||||||
Network=host
|
Network=host
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue