[ceph.git] / ceph / systemd / ceph-mon@.service.in

[Unit]
Description=Ceph cluster monitor daemon
PartOf=ceph-mon.target
# According to:
#   http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
# these can be removed once ceph-mon will dynamically change network
# configuration.
After=network-online.target local-fs.target time-sync.target
Before=remote-fs-pre.target ceph-mon.target
Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mon.target

[Service]
Environment=CLUSTER=ceph
EnvironmentFile=-@SYSTEMD_ENV_FILE@
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
LimitNOFILE=1048576
LimitNPROC=1048576
LockPersonality=true
MemoryDenyWriteExecute=true
# Need NewPrivileges via `sudo smartctl`
NoNewPrivileges=false
# We need access to block devices to check the health of the disk backing the
# monitor DB store. It can be set to `true` if you're not interested in that
# feature.
PrivateDevices=false
PrivateTmp=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
Restart=on-failure
RestartSec=10
RestrictSUIDSGID=true
StartLimitBurst=5
StartLimitInterval=30min
TasksMax=infinity

[Install]
WantedBy=ceph-mon.target
Commit	Line	Data
7c673cae FG	1	[Unit]
7c673cae FG	2	Description=Ceph cluster monitor daemon
f91f0fd5	3	PartOf=ceph-mon.target
7c673cae FG	4	# According to:
	5	# http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
	6	# these can be removed once ceph-mon will dynamically change network
	7	# configuration.
	8	After=network-online.target local-fs.target time-sync.target
f91f0fd5 TL	9	Before=remote-fs-pre.target ceph-mon.target
f91f0fd5 TL	10	Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mon.target
7c673cae FG	11
7c673cae FG	12	[Service]
7c673cae	13	Environment=CLUSTER=ceph
f67539c2	14	EnvironmentFile=-@SYSTEMD_ENV_FILE@
7c673cae	15	ExecReload=/bin/kill -HUP $MAINPID
f67539c2 TL	16	ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
	17	LimitNOFILE=1048576
	18	LimitNPROC=1048576
11fdf7f2 TL	19	LockPersonality=true
	20	MemoryDenyWriteExecute=true
	21	# Need NewPrivileges via `sudo smartctl`
	22	NoNewPrivileges=false
20effc67 TL	23	# We need access to block devices to check the health of the disk backing the
	24	# monitor DB store. It can be set to `true` if you're not interested in that
	25	# feature.
	26	PrivateDevices=false
f67539c2	27	PrivateTmp=true
11fdf7f2	28	ProtectControlGroups=true
7c673cae	29	ProtectHome=true
f67539c2 TL	30	ProtectHostname=true
f67539c2 TL	31	ProtectKernelLogs=true
11fdf7f2 TL	32	ProtectKernelModules=true
11fdf7f2 TL	33	ProtectKernelTunables=true
7c673cae	34	ProtectSystem=full
7c673cae	35	Restart=on-failure
7c673cae	36	RestartSec=10
f67539c2 TL	37	RestrictSUIDSGID=true
	38	StartLimitBurst=5
	39	StartLimitInterval=30min
	40	TasksMax=infinity
7c673cae FG	41
	42	[Install]
	43	WantedBy=ceph-mon.target