mirror of https://github.com/ceph/ceph
38 lines
1.0 KiB
SYSTEMD
38 lines
1.0 KiB
SYSTEMD
[Unit]
|
|
Description=Ceph cluster manager daemon
|
|
PartOf=ceph-mgr.target
|
|
After=network-online.target local-fs.target time-sync.target
|
|
Before=remote-fs-pre.target ceph-mgr.target
|
|
Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mgr.target
|
|
|
|
[Service]
|
|
Environment=CLUSTER=ceph
|
|
EnvironmentFile=-@SYSTEMD_ENV_FILE@
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
|
|
LimitNOFILE=1048576
|
|
LimitNPROC=1048576
|
|
LockPersonality=true
|
|
NoNewPrivileges=true
|
|
PrivateDevices=yes
|
|
PrivateTmp=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHome=true
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=full
|
|
Restart=on-failure
|
|
RestartSec=10
|
|
RestrictSUIDSGID=true
|
|
StartLimitBurst=3
|
|
StartLimitInterval=30min
|
|
# We need to disable this protection as some python libraries generate
|
|
# dynamic code, like python-cffi, and require mmap calls to succeed
|
|
MemoryDenyWriteExecute=false
|
|
|
|
[Install]
|
|
WantedBy=ceph-mgr.target
|