ceph/systemd/ceph-mgr@.service.in

[Unit]
Description=Ceph cluster manager daemon
PartOf=ceph-mgr.target
After=network-online.target local-fs.target time-sync.target
Before=remote-fs-pre.target ceph-mgr.target
Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mgr.target

[Service]
EnvironmentFile=-@SYSTEMD_ENV_FILE@
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/bin/ceph-mgr -f --id %i --setuser ceph --setgroup ceph
LimitNOFILE=1048576
LimitNPROC=1048576
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=yes
PrivateTmp=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
Restart=on-failure
RestartSec=10
RestrictSUIDSGID=true
StartLimitBurst=3
StartLimitInterval=30min
# We need to disable this protection as some python libraries generate
# dynamic code, like python-cffi, and require mmap calls to succeed
MemoryDenyWriteExecute=false

[Install]
WantedBy=ceph-mgr.target