diff --git a/watchdog.8 b/watchdog.8 index 9b7c6e7..052b1e1 100644 --- a/watchdog.8 +++ b/watchdog.8 @@ -216,6 +216,7 @@ by .BR watchdog . So you can for instance restart the server from your .IR repair-binary . +See the Systemd section below for additinal information. .PP .B watchdog will try periodically to fork itself to see whether the process @@ -242,6 +243,8 @@ a given interface for traffic. If no traffic arrives the network is considered unreachable causing a soft reboot or action from the repair binary. .PP +To start the watchdog when network is available see the Systemd section below. +.PP .B watchdog can run an external command for user-defined tests. A return code not equal 0 means an error occurred and watchdog should react. If the external command is @@ -348,6 +351,9 @@ Child process did not return in time. 246 Free for personal watchdog-specific use (was \-10 as an unsigned 8\-bit number). +.PP +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your test-binary configuration. .TP 245 Reserved for an unknown result, for example a slow background test that is @@ -375,6 +381,9 @@ repair-maximum controls the number of successive repair attempts that report 0 (i.e. success) but fail to clear the tested fault. If this is exceeded then a reboot takes place. If set to zero then a reboot can always be blocked by the repair program reporting success. +.PP +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your repair-binary configuration. .SH "TEST DIRECTORY" Executables placed in the test directory are discovered by watchdog on startup and are automatically executed. They are bounded time-wise by @@ -413,6 +422,27 @@ As for the repair binary, the configuration parameter repair-maximum also controls the number of successive repair attempts that report success (return 0) but fail to clear the fault. +.SH SYSTEMD +To start watchdog after the network is available: +.PP +.br +systemctl disable watchdog +.br +systemctl enable NetworkManager-wait-online +.br +systemctl enable watchdog-ping +.PP + +When using custom service pid check with custom service +systemd unit file please be aware the "Requires=" +does dependent service deactivation. +Using "Before=watchdog.service" or "Before=watchdog-ping.service" +in the custom service unit file may be the desired operation instead. +See systemd.unit documentation for more details. + +.SH SELINUX +The directories /etc/watchdog.d/ and /usr/libexec/watchdog/scripts/ are +recognized locations for custom executables. .SH BUGS None known so far. .SH AUTHORS @@ -431,4 +461,4 @@ The watchdog device. The pid file of the running .BR watchdog . .SH "SEE ALSO" -.BR watchdog.conf (5) +.BR watchdog.conf (5), systemd.unit (5) diff --git a/watchdog.conf b/watchdog.conf index 207da3e..7dd3cb3 100644 --- a/watchdog.conf +++ b/watchdog.conf @@ -75,7 +75,9 @@ priority = 1 # If you have a custom binary/script to handle errors then uncomment # this line and provide the path. For 'v1' test binary files they also # handle error cases. - +# With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ + +# or /etc/watchdog.d/ for your test-binary and repair-binary configuration. #repair-binary = /usr/sbin/repair #repair-timeout = 60 @@ -175,6 +177,13 @@ priority = 1 #temperature-sensor = #max-temperature = 90 +# When using custom service pid check with custom service +# systemd unit file please be aware the "Requires=" +# does dependent service deactivation. +# Using "Before=watchdog.service" or "Before=watchdog-ping.service" +# in the custom service unit file may be the desired operation instead. +# See man 5 systemd.unit for more details. +# # Check for a running process/daemon by its PID file. For example, # check if rsyslogd is still running by enabling the following line: diff --git a/watchdog.conf.5 b/watchdog.conf.5 index edf7c8b..72c3bc2 100644 --- a/watchdog.conf.5 +++ b/watchdog.conf.5 @@ -130,6 +130,7 @@ pidfile = Set pidfile name for daemon test mode. This option can be given as often as you like to check several daemons, assuming they write their post-forking PID to the specified files. +See the Systemd section in watchdog (8) for more information. .TP ping = Set IPv4 address for ping mode. @@ -147,6 +148,8 @@ aliased IP interfaces. .TP test-binary = Execute the given binary to do some user defined tests. +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your test-binary configuration. .TP test-timeout = User defined tests may only run for seconds. Set to 0 for unlimited. @@ -154,6 +157,8 @@ User defined tests may only run for seconds. Set to 0 for unlimited. repair-binary = Execute the given binary in case of a problem instead of shutting down the system. +With enforcing SELinux policy please use the /usr/libexec/watchdog/scripts/ +for your repair-binary configuration. .TP repair-timeout = repair command may only run for seconds. Set to 0 for 'unlimited', but @@ -188,6 +193,7 @@ Set the schedule priority for realtime mode passed to sched_setscheduler(). .TP test-directory = Set the directory to run user test/repair scripts. Default is '/etc/watchdog.d' +The /etc/watchdog.d/ is recognized by SELinux policy. See the Test Directory section in watchdog(8) for more information. .TP log-dir =