[Unit] Description=Ceph cluster manager daemon After=network-online.target local-fs.target time-sync.target Wants=network-online.target local-fs.target time-sync.target PartOf=ceph-mgr.target [Service] LimitNOFILE=1048576 LimitNPROC=1048576 EnvironmentFile=-@SYSTEMD_ENV_FILE@ Environment=CLUSTER=ceph ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph ExecReload=/bin/kill -HUP $MAINPID LockPersonality=true # We need to disable this protection as some python libraries generate # dynamic code, like python-cffi, and require mmap calls to succeed MemoryDenyWriteExecute=false NoNewPrivileges=true PrivateDevices=yes ProtectControlGroups=true ProtectHome=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=full PrivateTmp=true Restart=on-failure RestartSec=10 StartLimitInterval=30min StartLimitBurst=3 [Install] WantedBy=ceph-mgr.target