diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 18:45:59 +0000 |
commit | 19fcec84d8d7d21e796c7624e521b60d28ee21ed (patch) | |
tree | 42d26aa27d1e3f7c0b8bd3fd14e7d7082f5008dc /systemd | |
parent | Initial commit. (diff) | |
download | ceph-upstream/16.2.11+ds.tar.xz ceph-upstream/16.2.11+ds.zip |
Adding upstream version 16.2.11+ds.upstream/16.2.11+dsupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'systemd')
25 files changed, 476 insertions, 0 deletions
diff --git a/systemd/50-ceph.preset b/systemd/50-ceph.preset new file mode 100644 index 000000000..a7fc5f129 --- /dev/null +++ b/systemd/50-ceph.preset @@ -0,0 +1,9 @@ +enable ceph.target +enable ceph-mds.target +enable ceph-mgr.target +enable ceph-mon.target +enable ceph-osd.target +enable ceph-rbd-mirror.target +enable ceph-radosgw.target +enable ceph-crash.service +enable cephfs-mirror.target diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt new file mode 100644 index 000000000..499b5d190 --- /dev/null +++ b/systemd/CMakeLists.txt @@ -0,0 +1,39 @@ +set(CMAKE_INSTALL_SYSTEMD_SERVICEDIR "${CMAKE_INSTALL_LIBEXECDIR}/systemd/system" + CACHE PATH "Location for systemd service files") +set(CEPH_SYSTEMD_ENV_DIR "/etc/sysconfig" + CACHE PATH "Location for systemd service environmental variable settings files") +set(SYSTEMD_ENV_FILE "${CEPH_SYSTEMD_ENV_DIR}/ceph") +foreach(service + ceph-crash + ceph-fuse@ + ceph-mds@ + ceph-mgr@ + ceph-mon@ + ceph-osd@ + ceph-radosgw@ + ceph-rbd-mirror@ + ceph-immutable-object-cache@ + cephfs-mirror@ + rbdmap) + configure_file( + ${service}.service.in + ${service}.service + @ONLY) + install( + FILES ${CMAKE_CURRENT_BINARY_DIR}/${service}.service + DESTINATION ${CMAKE_INSTALL_SYSTEMD_SERVICEDIR}) +endforeach() + +install(FILES + ceph.target + ceph-fuse.target + ceph-osd.target + ceph-mgr.target + ceph-mon.target + ceph-mds.target + ceph-radosgw.target + ceph-rbd-mirror.target + ceph-immutable-object-cache.target + ceph-volume@.service + cephfs-mirror.target + DESTINATION ${CMAKE_INSTALL_SYSTEMD_SERVICEDIR}) diff --git a/systemd/ceph-crash.service.in b/systemd/ceph-crash.service.in new file mode 100644 index 000000000..8304dd612 --- /dev/null +++ b/systemd/ceph-crash.service.in @@ -0,0 +1,13 @@ +[Unit] +Description=Ceph crash dump collector + +[Service] +Type=simple +ExecStart=/usr/bin/ceph-crash +Restart=always +RestartSec=10 +StartLimitInterval=10min +StartLimitBurst=10 + +[Install] +WantedBy=ceph.target diff --git a/systemd/ceph-fuse.target b/systemd/ceph-fuse.target new file mode 100644 index 000000000..c31fdfa8d --- /dev/null +++ b/systemd/ceph-fuse.target @@ -0,0 +1,7 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-fuse@.service instances at once +PartOf=ceph.target +Before=ceph.target + +[Install] +WantedBy=remote-fs.target ceph.target diff --git a/systemd/ceph-fuse@.service.in b/systemd/ceph-fuse@.service.in new file mode 100644 index 000000000..9c12c9ba4 --- /dev/null +++ b/systemd/ceph-fuse@.service.in @@ -0,0 +1,29 @@ +[Unit] +Description=Ceph FUSE client +After=network-online.target local-fs.target time-sync.target +Wants=network-online.target local-fs.target time-sync.target +Conflicts=umount.target +PartOf=ceph-fuse.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecStart=/usr/bin/ceph-fuse -f --cluster ${CLUSTER} %I +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +# ceph-fuse requires access to /dev fuse device +PrivateDevices=no +ProtectControlGroups=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +Restart=on-failure +RestrictSUIDSGID=true +StartLimitBurst=3 +StartLimitInterval=30min +TasksMax=infinity + +[Install] +WantedBy=ceph-fuse.target diff --git a/systemd/ceph-immutable-object-cache.target b/systemd/ceph-immutable-object-cache.target new file mode 100644 index 000000000..f041bad60 --- /dev/null +++ b/systemd/ceph-immutable-object-cache.target @@ -0,0 +1,7 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-immutable-object-cache@.service instances at once +PartOf=ceph.target +Before=ceph.target + +[Install] +WantedBy=multi-user.target ceph.target diff --git a/systemd/ceph-immutable-object-cache@.service.in b/systemd/ceph-immutable-object-cache@.service.in new file mode 100644 index 000000000..62ff8dbd2 --- /dev/null +++ b/systemd/ceph-immutable-object-cache@.service.in @@ -0,0 +1,29 @@ +[Unit] +Description=Ceph immutable object cache daemon +After=network-online.target local-fs.target +Wants=network-online.target local-fs.target +PartOf=ceph-immutable-object-cache.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/bin/ceph-immutable-object-cache -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=yes +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +Restart=on-failure +RestrictSUIDSGID=true +StartLimitBurst=3 + +[Install] +WantedBy=ceph-immutable-object-cache.target diff --git a/systemd/ceph-mds.target b/systemd/ceph-mds.target new file mode 100644 index 000000000..1101f21f6 --- /dev/null +++ b/systemd/ceph-mds.target @@ -0,0 +1,9 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-mds@.service instances at once +PartOf=ceph.target +After=ceph-mon.target +Before=ceph.target +Wants=ceph.target ceph-mon.target + +[Install] +WantedBy=multi-user.target ceph.target diff --git a/systemd/ceph-mds@.service.in b/systemd/ceph-mds@.service.in new file mode 100644 index 000000000..afa36702f --- /dev/null +++ b/systemd/ceph-mds@.service.in @@ -0,0 +1,34 @@ +[Unit] +Description=Ceph metadata server daemon +PartOf=ceph-mds.target +After=network-online.target local-fs.target time-sync.target +Before=remote-fs-pre.target ceph-mds.target +Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mds.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph +LimitNOFILE=1048576 +LimitNPROC=1048576 +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=yes +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +Restart=on-failure +RestrictSUIDSGID=true +StartLimitBurst=3 +StartLimitInterval=30min +TasksMax=infinity + +[Install] +WantedBy=ceph-mds.target diff --git a/systemd/ceph-mgr.target b/systemd/ceph-mgr.target new file mode 100644 index 000000000..288888b0d --- /dev/null +++ b/systemd/ceph-mgr.target @@ -0,0 +1,9 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-mgr@.service instances at once +PartOf=ceph.target +After=ceph-mon.target +Before=ceph.target +Wants=ceph.target ceph-mon.target + +[Install] +WantedBy=multi-user.target ceph.target diff --git a/systemd/ceph-mgr@.service.in b/systemd/ceph-mgr@.service.in new file mode 100644 index 000000000..8fadc4746 --- /dev/null +++ b/systemd/ceph-mgr@.service.in @@ -0,0 +1,36 @@ +[Unit] +Description=Ceph cluster manager daemon +PartOf=ceph-mgr.target +After=network-online.target local-fs.target time-sync.target +Before=remote-fs-pre.target ceph-mgr.target +Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mgr.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/bin/ceph-mgr -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph +LimitNOFILE=1048576 +LimitNPROC=1048576 +LockPersonality=true +NoNewPrivileges=true +PrivateDevices=yes +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +Restart=on-failure +RestartSec=10 +RestrictSUIDSGID=true +StartLimitBurst=3 +StartLimitInterval=30min +# We need to disable this protection as some python libraries generate +# dynamic code, like python-cffi, and require mmap calls to succeed +MemoryDenyWriteExecute=false + +[Install] +WantedBy=ceph-mgr.target diff --git a/systemd/ceph-mon.target b/systemd/ceph-mon.target new file mode 100644 index 000000000..4325bac7a --- /dev/null +++ b/systemd/ceph-mon.target @@ -0,0 +1,8 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-mon@.service instances at once +PartOf=ceph.target +Before=ceph.target +Wants=ceph.target + +[Install] +WantedBy=multi-user.target ceph.target diff --git a/systemd/ceph-mon@.service.in b/systemd/ceph-mon@.service.in new file mode 100644 index 000000000..2eba83c3c --- /dev/null +++ b/systemd/ceph-mon@.service.in @@ -0,0 +1,43 @@ +[Unit] +Description=Ceph cluster monitor daemon +PartOf=ceph-mon.target +# According to: +# http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +# these can be removed once ceph-mon will dynamically change network +# configuration. +After=network-online.target local-fs.target time-sync.target +Before=remote-fs-pre.target ceph-mon.target +Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-mon.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph +LimitNOFILE=1048576 +LimitNPROC=1048576 +LockPersonality=true +MemoryDenyWriteExecute=true +# Need NewPrivileges via `sudo smartctl` +NoNewPrivileges=false +# We need access to block devices to check the health of the disk backing the +# monitor DB store. It can be set to `true` if you're not interested in that +# feature. +PrivateDevices=false +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +Restart=on-failure +RestartSec=10 +RestrictSUIDSGID=true +StartLimitBurst=5 +StartLimitInterval=30min +TasksMax=infinity + +[Install] +WantedBy=ceph-mon.target diff --git a/systemd/ceph-osd.target b/systemd/ceph-osd.target new file mode 100644 index 000000000..e4d1b9f07 --- /dev/null +++ b/systemd/ceph-osd.target @@ -0,0 +1,9 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-osd@.service instances at once +PartOf=ceph.target +After=ceph-mon.target +Before=ceph.target +Wants=ceph.target ceph-mon.target + +[Install] +WantedBy=multi-user.target ceph.target diff --git a/systemd/ceph-osd@.service.in b/systemd/ceph-osd@.service.in new file mode 100644 index 000000000..046500efb --- /dev/null +++ b/systemd/ceph-osd@.service.in @@ -0,0 +1,37 @@ +[Unit] +Description=Ceph object storage daemon osd.%i +PartOf=ceph-osd.target +After=network-online.target local-fs.target time-sync.target +Before=remote-fs-pre.target ceph-osd.target +Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-osd.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/bin/ceph-osd -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph +ExecStartPre=@CMAKE_INSTALL_FULL_LIBEXECDIR@/ceph/ceph-osd-prestart.sh --cluster ${CLUSTER} --id %i +LimitNOFILE=1048576 +LimitNPROC=1048576 +LockPersonality=true +MemoryDenyWriteExecute=true +# Need NewPrivileges via `sudo smartctl` +NoNewPrivileges=false +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +# flushing filestore requires access to /proc/sys/vm/drop_caches +ProtectKernelTunables=false +ProtectSystem=full +Restart=on-failure +RestartSec=10 +RestrictSUIDSGID=true +StartLimitBurst=3 +StartLimitInterval=30min +TasksMax=infinity + +[Install] +WantedBy=ceph-osd.target diff --git a/systemd/ceph-radosgw.target b/systemd/ceph-radosgw.target new file mode 100644 index 000000000..8ea707a0b --- /dev/null +++ b/systemd/ceph-radosgw.target @@ -0,0 +1,9 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-radosgw@.service instances at once +PartOf=ceph.target +After=ceph-mon.target +Before=ceph.target +Wants=ceph.target ceph-mon.target + +[Install] +WantedBy=multi-user.target ceph.target diff --git a/systemd/ceph-radosgw@.service.in b/systemd/ceph-radosgw@.service.in new file mode 100644 index 000000000..b74747055 --- /dev/null +++ b/systemd/ceph-radosgw@.service.in @@ -0,0 +1,33 @@ +[Unit] +Description=Ceph rados gateway +PartOf=ceph-radosgw.target +After=network-online.target local-fs.target time-sync.target +Before=remote-fs-pre.target ceph-radosgw.target +Wants=network-online.target local-fs.target time-sync.target remote-fs-pre.target ceph-radosgw.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecStart=/usr/bin/radosgw -f --cluster ${CLUSTER} --name client.%i --setuser ceph --setgroup ceph +LimitNOFILE=1048576 +LimitNPROC=1048576 +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=yes +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +Restart=on-failure +RestrictSUIDSGID=true +StartLimitBurst=5 +StartLimitInterval=30s +TasksMax=infinity + +[Install] +WantedBy=ceph-radosgw.target diff --git a/systemd/ceph-rbd-mirror.target b/systemd/ceph-rbd-mirror.target new file mode 100644 index 000000000..57ea09f1d --- /dev/null +++ b/systemd/ceph-rbd-mirror.target @@ -0,0 +1,7 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph-rbd-mirror@.service instances at once +PartOf=ceph.target +Before=ceph.target + +[Install] +WantedBy=multi-user.target ceph.target diff --git a/systemd/ceph-rbd-mirror@.service.in b/systemd/ceph-rbd-mirror@.service.in new file mode 100644 index 000000000..1057892dc --- /dev/null +++ b/systemd/ceph-rbd-mirror@.service.in @@ -0,0 +1,33 @@ +[Unit] +Description=Ceph rbd mirror daemon +After=network-online.target local-fs.target +Wants=network-online.target local-fs.target +PartOf=ceph-rbd-mirror.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/bin/rbd-mirror -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph +LimitNOFILE=1048576 +LimitNPROC=1048576 +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=yes +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +Restart=on-failure +RestrictSUIDSGID=true +StartLimitBurst=3 +StartLimitInterval=30min +TasksMax=infinity + +[Install] +WantedBy=ceph-rbd-mirror.target diff --git a/systemd/ceph-volume@.service b/systemd/ceph-volume@.service new file mode 100644 index 000000000..c21002cec --- /dev/null +++ b/systemd/ceph-volume@.service @@ -0,0 +1,14 @@ +[Unit] +Description=Ceph Volume activation: %i +After=local-fs.target +Wants=local-fs.target + +[Service] +Type=oneshot +KillMode=none +Environment=CEPH_VOLUME_TIMEOUT=10000 +ExecStart=/bin/sh -c 'timeout $CEPH_VOLUME_TIMEOUT /usr/sbin/ceph-volume-systemd %i' +TimeoutSec=0 + +[Install] +WantedBy=multi-user.target diff --git a/systemd/ceph.target b/systemd/ceph.target new file mode 100644 index 000000000..67a982c5b --- /dev/null +++ b/systemd/ceph.target @@ -0,0 +1,5 @@ +[Unit] +Description=ceph target allowing to start/stop all ceph*@.service instances at once + +[Install] +WantedBy=multi-user.target diff --git a/systemd/ceph.tmpfiles.d b/systemd/ceph.tmpfiles.d new file mode 100644 index 000000000..2ded82f5f --- /dev/null +++ b/systemd/ceph.tmpfiles.d @@ -0,0 +1 @@ +d /run/ceph 0770 ceph ceph - diff --git a/systemd/cephfs-mirror.target b/systemd/cephfs-mirror.target new file mode 100644 index 000000000..e2296dc5c --- /dev/null +++ b/systemd/cephfs-mirror.target @@ -0,0 +1,7 @@ +[Unit] +Description=Ceph target to start/stop all cephfs-mirror@.service instances +PartOf=ceph.target +Before=ceph.target + +[Install] +WantedBy=multi-user.target ceph.target
\ No newline at end of file diff --git a/systemd/cephfs-mirror@.service.in b/systemd/cephfs-mirror@.service.in new file mode 100644 index 000000000..bed9d1953 --- /dev/null +++ b/systemd/cephfs-mirror@.service.in @@ -0,0 +1,32 @@ +[Unit] +Description=CephFS Mirror Daemon +After=network-online.target local-fs.target +Wants=network-online.target local-fs.target +PartOf=cephfs-mirror.target + +[Service] +Environment=CLUSTER=ceph +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +ExecStart=/usr/bin/cephfs-mirror --id %i --cluster ${CLUSTER} -f --setuser ceph --setgroup ceph +LimitNOFILE=1048576 +LimitNPROC=1048576 +LockPersonality=true +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=yes +PrivateTmp=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=full +Restart=on-failure +RestrictSUIDSGID=true +StartLimitBurst=3 +StartLimitInterval=30min +TasksMax=infinity + +[Install] +WantedBy=cephfs-mirror.target diff --git a/systemd/rbdmap.service.in b/systemd/rbdmap.service.in new file mode 100644 index 000000000..6644508cf --- /dev/null +++ b/systemd/rbdmap.service.in @@ -0,0 +1,17 @@ +[Unit] +Description=Map RBD devices +After=network-online.target ceph.target +Before=remote-fs-pre.target +Wants=network-online.target remote-fs-pre.target ceph.target + +[Service] +EnvironmentFile=-@SYSTEMD_ENV_FILE@ +Environment=RBDMAPFILE=/etc/ceph/rbdmap +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/rbdmap map +ExecReload=/usr/bin/rbdmap map +ExecStop=/usr/bin/rbdmap unmap-all + +[Install] +WantedBy=multi-user.target |