mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-03 01:17:41 +03:00
41 lines
1.3 KiB
Desktop File
41 lines
1.3 KiB
Desktop File
[Unit]
|
|
Description=OpenNebula Web UI Server
|
|
After=syslog.target network.target
|
|
After=opennebula.service
|
|
Wants=opennebula-novnc.service
|
|
AssertFileNotEmpty=/var/lib/one/.one/sunstone_auth
|
|
|
|
[Service]
|
|
Type=simple
|
|
Group=oneadmin
|
|
User=oneadmin
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
ExecStartPre=-/usr/sbin/logrotate -f /etc/logrotate.d/opennebula-sunstone -s /var/lib/one/.logrotate.status
|
|
ExecStartPre=-/bin/sh -c 'for file in /var/log/one/sunstone*.log; do if [ ! -f "$file.gz" ]; then gzip -9 "$file"; fi; done'
|
|
ExecStart=/usr/bin/ruby /usr/lib/one/sunstone/sunstone-server.rb
|
|
ReadWriteDirectories=/var/lib/one /var/log/one/
|
|
ReadOnlyDirectories=-/var/lib/one/remotes
|
|
InaccessibleDirectories=-/var/lib/one/datastores
|
|
InaccessibleDirectories=-/var/lib/one/.ssh
|
|
InaccessibleDirectories=-/var/lib/one/.ssh-oneprovision
|
|
ReadWriteDirectories=/var/tmp
|
|
PrivateTmp=no
|
|
NoNewPrivileges=yes
|
|
PrivateDevices=yes
|
|
# ProtectSystem=strict is not known by old systemd, so we set
|
|
# full everywhere, and override by strict only where supported.
|
|
ProtectSystem=full
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
ProtectKernelTunables=yes
|
|
ProtectKernelModules=yes
|
|
ProtectKernelLogs=yes
|
|
StartLimitInterval=60
|
|
StartLimitBurst=3
|
|
Restart=on-failure
|
|
RestartSec=5
|
|
SyslogIdentifier=opennebula-sunstone
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|