Fix LXC deploy: absolute paths + systemd section for StartLimit
CI / Lint + build + test (push) Failing after 5m17s
CI / Lint + build + test (push) Failing after 5m17s
Service was crashing on every boot because vetting.example.yaml uses ./var/... relative paths that resolve to / under ProtectSystem=strict. Ship a separate vetting.production.yaml with absolute /var/lib/vetting + /var/log/vetting paths that match the unit's ReadWritePaths, and have install.sh copy that one. Also move StartLimit* keys into [Unit] to silence the 'Unknown key' warning on modern systemd.
This commit is contained in:
@@ -1,8 +1,10 @@
|
||||
[Unit]
|
||||
Description=Vetting orchestrator (post-repair hardware validation)
|
||||
Documentation=https://github.com/your-org/vetting
|
||||
Documentation=https://gitea.thewrightserver.net/josh/Vetting
|
||||
After=network-online.target
|
||||
Wants=network-online.target
|
||||
StartLimitBurst=5
|
||||
StartLimitIntervalSec=60
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
@@ -38,11 +40,9 @@ RestrictNamespaces=true
|
||||
LockPersonality=true
|
||||
|
||||
# Restart policy — crash out loudly on startup errors, but recover from
|
||||
# transient failures.
|
||||
# transient failures. (StartLimit* lives under [Unit] in modern systemd.)
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
StartLimitBurst=5
|
||||
StartLimitIntervalSec=60
|
||||
|
||||
# Logs go to journald; the orchestrator's own per-run log files live
|
||||
# under /var/log/vetting regardless.
|
||||
|
||||
Reference in New Issue
Block a user