]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | [Unit] |
2 | Description=Ceph cluster manager daemon | |
224ce89b | 3 | PartOf=ceph-mgr.target |
f91f0fd5 TL |
4 | After=network-online.target local-fs.target time-sync.target |
5 | Before=remote-fs-pre.target ceph-mgr.target | |
6 | Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mgr.target | |
7c673cae FG |
7 | |
8 | [Service] | |
7c673cae | 9 | Environment=CLUSTER=ceph |
f67539c2 | 10 | EnvironmentFile=-@SYSTEMD_ENV_FILE@ |
7c673cae | 11 | ExecReload=/bin/kill -HUP $MAINPID |
f67539c2 TL |
12 | ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph |
13 | LimitNOFILE=1048576 | |
14 | LimitNPROC=1048576 | |
11fdf7f2 | 15 | LockPersonality=true |
11fdf7f2 TL |
16 | NoNewPrivileges=true |
17 | PrivateDevices=yes | |
f67539c2 TL |
18 | PrivateTmp=true |
19 | ProtectClock=true | |
11fdf7f2 TL |
20 | ProtectControlGroups=true |
21 | ProtectHome=true | |
f67539c2 TL |
22 | ProtectHostname=true |
23 | ProtectKernelLogs=true | |
11fdf7f2 TL |
24 | ProtectKernelModules=true |
25 | ProtectKernelTunables=true | |
26 | ProtectSystem=full | |
7c673cae | 27 | Restart=on-failure |
94b18763 | 28 | RestartSec=10 |
f67539c2 | 29 | RestrictSUIDSGID=true |
7c673cae | 30 | StartLimitBurst=3 |
f67539c2 TL |
31 | StartLimitInterval=30min |
32 | # We need to disable this protection as some python libraries generate | |
33 | # dynamic code, like python-cffi, and require mmap calls to succeed | |
34 | MemoryDenyWriteExecute=false | |
7c673cae FG |
35 | |
36 | [Install] | |
37 | WantedBy=ceph-mgr.target |