kafka/trunk/kafka.service

   1 [Unit]
   2 Description=Kafka server
   3 After=network.target zookeeper.service
   4 Requires=zookeeper.service
   5
   6 [Service]
   7 Type=simple
   8 Environment=KAFKA_PID_DIR=/run/kafka/
   9 Environment=LOG_DIR=/var/log/kafka
  10 Environment=KAFKA_LOG4J_OPTS="-Dlog4j.configuration=file:/etc/kafka/log4j.properties"
  11 User=kafka
  12 WorkingDirectory=/var/lib/kafka
  13 ExecStart=/usr/bin/kafka-server-start.sh /etc/kafka/server.properties
  14 ReadWritePaths=/var/log/kafka
  15 SuccessExitStatus=143
  16 PrivateTmp=true
  17 ProtectSystem=strict
  18 ProtectHome=true
  19 PrivateDevices=true
  20 ProtectKernelTunables=true
  21 ProtectControlGroups=true
  22 NoNewPrivileges=true
  23 LockPersonality=true
  24 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
  25 CapabilityBoundingSet=~CAP_NET_BROADCAST CAP_NET_RAW
  26 ProtectHostname=true
  27 ProtectKernelLogs=true
  28 ProtectKernelModules=true
  29 RemoveIPC=true
  30 RestrictAddressFamilies=~AF_PACKET AF_NETLINK AF_UNIX
  31 RestrictSUIDSGID=true
  32 RestrictNamespaces=true
  33 RestrictRealtime=true
  34 SystemCallArchitectures=native
  35 SystemCallFilter=@system-service
  36 SystemCallFilter=~@privileged @resources
  37 RuntimeDirectory=kafka
  38 StateDirectory=kafka
  39 LogsDirectory=kafka
  40
  41 [Install]
  42 WantedBy=multi-user.target