]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | [Unit] |
2 | Description=Ceph cluster manager daemon | |
224ce89b | 3 | After=network-online.target local-fs.target time-sync.target |
7c673cae | 4 | Wants=network-online.target local-fs.target time-sync.target |
224ce89b | 5 | PartOf=ceph-mgr.target |
7c673cae FG |
6 | |
7 | [Service] | |
8 | LimitNOFILE=1048576 | |
9 | LimitNPROC=1048576 | |
11fdf7f2 | 10 | EnvironmentFile=-@SYSTEMD_ENV_FILE@ |
7c673cae | 11 | Environment=CLUSTER=ceph |
7c673cae FG |
12 | ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph |
13 | ExecReload=/bin/kill -HUP $MAINPID | |
11fdf7f2 | 14 | LockPersonality=true |
81eedcae TL |
15 | |
16 | # We need to disable this protection as some python libraries generate | |
17 | # dynamic code, like python-cffi, and require mmap calls to succeed | |
18 | MemoryDenyWriteExecute=false | |
19 | ||
11fdf7f2 TL |
20 | NoNewPrivileges=true |
21 | PrivateDevices=yes | |
22 | ProtectControlGroups=true | |
23 | ProtectHome=true | |
24 | ProtectKernelModules=true | |
25 | ProtectKernelTunables=true | |
26 | ProtectSystem=full | |
27 | PrivateTmp=true | |
7c673cae | 28 | Restart=on-failure |
94b18763 | 29 | RestartSec=10 |
7c673cae FG |
30 | StartLimitInterval=30min |
31 | StartLimitBurst=3 | |
32 | ||
33 | [Install] | |
34 | WantedBy=ceph-mgr.target |