diff --git a/watchdog.8 b/watchdog.8 index 9b7c6e7..052b1e1 100644 --- a/watchdog.8 +++ b/watchdog.8 @@ -216,6 +216,7 @@ by .BR watchdog . So you can for instance restart the server from your .IR repair-binary . +See the Systemd section below for additinal information. .PP .B watchdog will try periodically to fork itself to see whether the process @@ -242,6 +243,8 @@ a given interface for traffic. If no traffic arrives the network is considered unreachable causing a soft reboot or action from the repair binary. .PP +To start the watchdog when network is available see the Systemd section below. +.PP .B watchdog can run an external command for user-defined tests. A return code not equal 0 means an error occurred and watchdog should react. If the external command is @@ -348,6 +351,9 @@ Child process did not return in time. 246 Free for personal watchdog-specific use (was \-10 as an unsigned 8\-bit number). +.PP +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your test-binary configuration. .TP 245 Reserved for an unknown result, for example a slow background test that is @@ -375,6 +381,9 @@ repair-maximum controls the number of successive repair attempts that report 0 (i.e. success) but fail to clear the tested fault. If this is exceeded then a reboot takes place. If set to zero then a reboot can always be blocked by the repair program reporting success. +.PP +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your repair-binary configuration. .SH "TEST DIRECTORY" Executables placed in the test directory are discovered by watchdog on startup and are automatically executed. They are bounded time-wise by @@ -413,6 +422,27 @@ As for the repair binary, the configuration parameter repair-maximum also controls the number of successive repair attempts that report success (return 0) but fail to clear the fault. +.SH SYSTEMD +To start watchdog after the network is available: +.PP +.br +systemctl disable watchdog +.br +systemctl enable NetworkManager-wait-online +.br +systemctl enable watchdog-ping +.PP + +When using custom service pid check with custom service +systemd unit file please be aware the "Requires=" +does dependent service deactivation. +Using "Before=watchdog.service" or "Before=watchdog-ping.service" +in the custom service unit file may be the desired operation instead. +See systemd.unit documentation for more details. + +.SH SELINUX +The directories /etc/watchdog.d/ and /usr/libexec/watchdog/scripts/ are +recognized locations for custom executables. .SH BUGS None known so far. .SH AUTHORS @@ -431,4 +461,4 @@ The watchdog device. The pid file of the running .BR watchdog . .SH "SEE ALSO" -.BR watchdog.conf (5) +.BR watchdog.conf (5), systemd.unit (5) diff --git a/watchdog.conf.5 b/watchdog.conf.5 index edf7c8b..2803fee 100644 --- a/watchdog.conf.5 +++ b/watchdog.conf.5 @@ -47,7 +47,7 @@ Be careful not to this parameter too low. To set a value less then the predefined minimal value of 2, you have to use the \-f command line option. .TP min-memory = -Set the minimal amount of memory that has to stay free. Note that +Set the minimal amount of virtual memory that has to stay free. Note that this is in memory pages (4kB on x86). Default value is 0 pages which means this test is disabled. The page size is taken from the system include files. The usable memory is computed from MemFree + Buffers + Cached since buffer @@ -130,6 +130,7 @@ pidfile = Set pidfile name for daemon test mode. This option can be given as often as you like to check several daemons, assuming they write their post-forking PID to the specified files. +See the Systemd section in watchdog (8) for more information. .TP ping = Set IPv4 address for ping mode. @@ -147,6 +148,8 @@ aliased IP interfaces. .TP test-binary = Execute the given binary to do some user defined tests. +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your test-binary configuration. .TP test-timeout = User defined tests may only run for seconds. Set to 0 for unlimited. @@ -154,6 +157,8 @@ User defined tests may only run for seconds. Set to 0 for unlimited. repair-binary = Execute the given binary in case of a problem instead of shutting down the system. +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your repair-binary configuration. .TP repair-timeout = repair command may only run for seconds. Set to 0 for 'unlimited', but @@ -188,6 +193,7 @@ Set the schedule priority for realtime mode passed to sched_setscheduler(). .TP test-directory = Set the directory to run user test/repair scripts. Default is '/etc/watchdog.d' +The /etc/watchdog.d/ is recognized by SELinux policy. See the Test Directory section in watchdog(8) for more information. .TP log-dir = @@ -202,23 +208,7 @@ large databases or virtual machines might need longer. verbose = This overrides the command line \-\-verbose option. Generally the verbose mode is only enabled for debugging as it creates a lot of syslog chatter, so use this option -with consideration. Zero is "normal" operation (quiet), while 1 is typically used -for debugging. Values of 2 or more usually generate far too many messages. -.TP -heartbeat-file = -For debugging this allows a rolling set of status values to be kept on disk -.TP -heartbeat-stamps = -For debugging this sets the number of entries in the -.TP -log-killed-pids = -This acts like enabling 'verbose' logging, but only for a system reboot, where it -enables the logging of the PID values for all processes that are being killed. The -results are written to the killall5.log file in the log directory (if at all -possible) in this case. -Intended for debugging cases where you would like to know what was running at the -point the machine triggered the watchdog, but don't want syslog filling up with the -usual chatter of activity. +with consideration. .SH FILES .TP .I /etc/watchdog.conf