]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 28fdac3)
systemd: use --setuser and --setgroup for all daemons
authorSage Weil <sage@redhat.com>
Thu, 6 Aug 2015 15:57:57 +0000 (11:57 -0400)
committerSage Weil <sage@redhat.com>
Thu, 27 Aug 2015 00:34:15 +0000 (20:34 -0400)
Allow all daemons drop privilege themselves, instead of letting
systemd do it.

Among other things, this means that admins can conditionally not
drop prives by setting

  setuser match path = /var/lib/ceph/$type/$cluster-$id

in their ceph.conf to ease the pain of upgrade.

Signed-off-by: Sage Weil <sage@redhat.com>
Reviewed-by: Boris Ranto <branto@redhat.com>
systemd/ceph-mds@.service patch | blob | history
systemd/ceph-mon@.service patch | blob | history
systemd/ceph-osd@.service.in patch | blob | history
systemd/ceph-radosgw@.service patch | blob | history

diff --git a/systemd/ceph-mds@.service b/systemd/ceph-mds@.service
index e045ebba0aaf9305f5b68242a04118c5525b8516..7e5a95e8c4ebe833af78dfda6579f7570c57f67b 100644 (file)
--- a/systemd/ceph-mds@.service
+++ b/systemd/ceph-mds@.service
@@ -7,9 +7,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-User=ceph
-Group=ceph
-ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i
+ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-mon@.service b/systemd/ceph-mon@.service
index 396cb84a18c7271afa430b040e9671fb70bf04f5..7ac9b8f2ec7698f148a6061d91f9518db68baf53 100644 (file)
--- a/systemd/ceph-mon@.service
+++ b/systemd/ceph-mon@.service
@@ -13,9 +13,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-User=ceph
-Group=ceph
-ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i
+ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-osd@.service.in b/systemd/ceph-osd@.service.in
index 5c7f77c7fe721e080e83716ec79c6c13a7a71f82..fac1932f58f22523253aa74206c5dd6282f6f028 100644 (file)
--- a/systemd/ceph-osd@.service.in
+++ b/systemd/ceph-osd@.service.in
@@ -8,7 +8,7 @@ PartOf=ceph.target
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
 ExecStart=/usr/bin/ceph-osd -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
-ExecStartPre=/usr/libexec/ceph/ceph-osd-prestart.sh --cluster ${CLUSTER} --setuser ceph --setgroup ceph --id %i
+ExecStartPre=/usr/libexec/ceph/ceph-osd-prestart.sh --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-radosgw@.service b/systemd/ceph-radosgw@.service
index 8a520aca30d65b5caa366a8094d8e7260825a7bf..486cef889cb445769e592ae16bcbb80e99440ab2 100644 (file)
--- a/systemd/ceph-radosgw@.service
+++ b/systemd/ceph-radosgw@.service
@@ -7,7 +7,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-ExecStart=/usr/bin/radosgw -f --cluster ${CLUSTER} --name client.%i
+ExecStart=/usr/bin/radosgw -f --cluster ${CLUSTER} --name client.%i --setuser ceph --setgroup ceph
 
 [Install]
 WantedBy=ceph.target
Unnamed repository; edit this file 'description' to name the repository.