ceph/systemd/ceph-mgr@.service.in

   1 [Unit]
   2 Description=Ceph cluster manager daemon
   3 PartOf=ceph-mgr.target
   4 After=network-online.target local-fs.target time-sync.target
   5 Before=remote-fs-pre.target ceph-mgr.target
   6 Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mgr.target
   7
   8 [Service]
   9 Environment=CLUSTER=ceph
  10 EnvironmentFile=-@SYSTEMD_ENV_FILE@
  11 ExecReload=/bin/kill -HUP $MAINPID
  12 ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
  13 LimitNOFILE=1048576
  14 LimitNPROC=1048576
  15 LockPersonality=true
  16 NoNewPrivileges=true
  17 PrivateDevices=yes
  18 PrivateTmp=true
  19 ProtectClock=true
  20 ProtectControlGroups=true
  21 ProtectHome=true
  22 ProtectHostname=true
  23 ProtectKernelLogs=true
  24 ProtectKernelModules=true
  25 ProtectKernelTunables=true
  26 ProtectSystem=full
  27 Restart=on-failure
  28 RestartSec=10
  29 RestrictSUIDSGID=true
  30 StartLimitBurst=3
  31 StartLimitInterval=30min
  32 # We need to disable this protection as some python libraries generate
  33 # dynamic code, like python-cffi, and require mmap calls to succeed
  34 MemoryDenyWriteExecute=false
  35
  36 [Install]
  37 WantedBy=ceph-mgr.target