projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 7c673cae FG |
1 | [Unit] |
| 2 | Description=Ceph cluster manager daemon | |
| 224ce89b | 3 | PartOf=ceph-mgr.target |
| f91f0fd5 TL |
4 | After=network-online.target local-fs.target time-sync.target |
| 5 | Before=remote-fs-pre.target ceph-mgr.target | |
| 6 | Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mgr.target | |
| 7c673cae FG |
7 | |
| 8 | [Service] | |
| 7c673cae | 9 | Environment=CLUSTER=ceph |
| f67539c2 | 10 | EnvironmentFile=-@SYSTEMD_ENV_FILE@ |
| 7c673cae | 11 | ExecReload=/bin/kill -HUP $MAINPID |
| f67539c2 TL |
12 | ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph |
| 13 | LimitNOFILE=1048576 | |
| 14 | LimitNPROC=1048576 | |
| 11fdf7f2 | 15 | LockPersonality=true |
| 11fdf7f2 TL |
16 | NoNewPrivileges=true |
| 17 | PrivateDevices=yes | |
| f67539c2 TL |
18 | PrivateTmp=true |
| 19 | ProtectClock=true | |
| 11fdf7f2 TL |
20 | ProtectControlGroups=true |
| 21 | ProtectHome=true | |
| f67539c2 TL |
22 | ProtectHostname=true |
| 23 | ProtectKernelLogs=true | |
| 11fdf7f2 TL |
24 | ProtectKernelModules=true |
| 25 | ProtectKernelTunables=true | |
| 26 | ProtectSystem=full | |
| 7c673cae | 27 | Restart=on-failure |
| 94b18763 | 28 | RestartSec=10 |
| f67539c2 | 29 | RestrictSUIDSGID=true |
| 7c673cae | 30 | StartLimitBurst=3 |
| f67539c2 TL |
31 | StartLimitInterval=30min |
| 32 | # We need to disable this protection as some python libraries generate | |
| 33 | # dynamic code, like python-cffi, and require mmap calls to succeed | |
| 34 | MemoryDenyWriteExecute=false | |
| 7c673cae FG |
35 | |
| 36 | [Install] | |
| 37 | WantedBy=ceph-mgr.target |