X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/39e9c0f23c2c459285df473de8011221f429dbad..a4c4a8a5a8cde7f9bf91ae49a9dc1ce23e77293b:/cookbooks/prometheus/resources/collector.rb

diff --git a/cookbooks/prometheus/resources/collector.rb b/cookbooks/prometheus/resources/collector.rb
index 0ae8320f7..9a4870f24 100644
--- a/cookbooks/prometheus/resources/collector.rb
+++ b/cookbooks/prometheus/resources/collector.rb
@@ -31,10 +31,12 @@ property :capability_bounding_set, [String, Array]
 property :private_devices, [true, false]
 property :private_users, [true, false]
 property :protect_clock, [true, false]
+property :protect_kernel_modules, [true, false]
 
 action :create do
   systemd_service service_name do
     description "Prometheus #{new_resource.collector} collector"
+    type "oneshot"
     user new_resource.user
     dynamic_user new_resource.user.nil?
     group "adm"
@@ -49,6 +51,7 @@ action :create do
     private_devices new_resource.private_devices if new_resource.property_is_set?(:private_devices)
     private_users new_resource.private_users if new_resource.property_is_set?(:private_users)
     protect_clock new_resource.protect_clock if new_resource.property_is_set?(:protect_clock)
+    protect_kernel_modules new_resource.protect_kernel_modules if new_resource.property_is_set?(:protect_kernel_modules)
     read_write_paths ["/var/lib/prometheus/node-exporter", "/var/lock", "/var/log"]
   end