[Unit] Description=Ceph rbd mirror daemon After=network-online.target local-fs.target Wants=network-online.target local-fs.target PartOf=ceph-rbd-mirror.target [Service] Environment=CLUSTER=ceph EnvironmentFile=-@SYSTEMD_ENV_FILE@ ExecReload=/bin/kill -HUP $MAINPID ExecStart=/usr/bin/rbd-mirror -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph LimitNOFILE=1048576 LimitNPROC=1048576 LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateDevices=yes PrivateTmp=true ProtectClock=true ProtectControlGroups=true ProtectHome=true ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=full Restart=on-failure RestrictSUIDSGID=true StartLimitBurst=3 StartLimitInterval=30min TasksMax=infinity [Install] WantedBy=ceph-rbd-mirror.target