Merge branch 'develop' into dist/eole/2.7.0/master
This commit is contained in:
commit
80231b48a4
|
@ -6,7 +6,7 @@
|
|||
<file filelist='redisSlave' name='/etc/redis/redis-slave.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='redisCl' name='/etc/redis/cluster.conf' source='redis-cluster.conf' mkdir='True' rm='True'/>
|
||||
<service servicelist="svredis">redis-server</service>
|
||||
<!--service servicelist="svredisSlave">redis2-server</service -->
|
||||
<service servicelist="svredisSlave">redis2-server</service>
|
||||
<service_access service='redis-server'>
|
||||
<port service_accesslist='saRedis' protocol='tcp' port_type='SymLinkOption'>redisPort</port>
|
||||
<port service_accesslist='saRedis' protocol='tcp' port_type='SymLinkOption'>redisClPort</port>
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
[Unit]
|
||||
Description=Advanced key-value store instance 2
|
||||
After=network.target
|
||||
Documentation=http://redis.io/documentation, man:redis-server(1)
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/usr/bin/redis-server /etc/redis/redis-slave.conf
|
||||
PIDFile=/var/run/redis/redis-slave-server.pid
|
||||
TimeoutStopSec=0
|
||||
Restart=always
|
||||
User=redis
|
||||
Group=redis
|
||||
RuntimeDirectory=redis
|
||||
RuntimeDirectoryMode=2755
|
||||
|
||||
UMask=007
|
||||
PrivateTmp=yes
|
||||
LimitNOFILE=65535
|
||||
PrivateDevices=yes
|
||||
ProtectHome=yes
|
||||
ReadOnlyDirectories=/
|
||||
ReadWriteDirectories=-/var/lib/redis
|
||||
ReadWriteDirectories=-/var/log/redis
|
||||
ReadWriteDirectories=-/var/run/redis
|
||||
|
||||
NoNewPrivileges=true
|
||||
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
|
||||
MemoryDenyWriteExecute=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectControlGroups=true
|
||||
RestrictRealtime=true
|
||||
RestrictNamespaces=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
|
||||
# redis-server can write to its own config file when in cluster mode so we
|
||||
# permit writing there by default. If you are not using this feature, it is
|
||||
# recommended that you replace the following lines with "ProtectSystem=full".
|
||||
ProtectSystem=true
|
||||
ReadWriteDirectories=-/etc/redis
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=redis2.service
|
Loading…
Reference in New Issue