diff --git a/defaults/main.yml b/defaults/main.yml
index e9a34f6..2bd0d54 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -23,7 +23,7 @@ cache_timeout: 600
 # Options are 'present' and 'latest'
 memcached_package_state: "latest"
 
-# MemcacheD sets 'PrivateDevices=True' for its systemd unit by default when
+# MemcacheD could set 'PrivateDevices=True' for its systemd unit by default when
 # installed into a container. This provides some additional security, but it
 # causes problems with creating mount namespaces on CentOS 7 with systemd 219.
 # While the security enhancements are helpful on bare metal hosts with
@@ -37,7 +37,7 @@ memcached_package_state: "latest"
 #
 # Setting the following variable to 'yes' will disable the PrivateDevices
 # setting in the systemd unit file for MemcacheD on CentOS 7 hosts.
-memcached_disable_privatedevices: no
+memcached_disable_privatedevices: "{{ ansible_pkg_mgr == 'yum' }}"
 
 # The default memcache memory setting is to use .25 of the available system ram
 # as long as that value is < 8192. However you can set the `memcached_memory`
diff --git a/tasks/memcached_config.yml b/tasks/memcached_config.yml
index fab9e11..eda16aa 100644
--- a/tasks/memcached_config.yml
+++ b/tasks/memcached_config.yml
@@ -18,12 +18,11 @@
     if [ -h "{{ memcached_log | dirname }}"  ]; then
       chown -h root:root "{{ memcached_log | dirname }}"
       chown -R root:root "$(readlink {{ memcached_log | dirname }})"
-    else
       exit 1
     fi
   register: log_dir
   failed_when: false
-  changed_when: log_dir.rc != 0
+  changed_when: log_dir.rc == 1
 
 - name: Create memcached log dir
   file:
@@ -57,38 +56,17 @@
     group: "root"
     owner: "root"
     mode: "0755"
-  when:
-    - ansible_service_mgr == 'systemd'
 
-# See comments above 'memcached_disable_privatedevices' in defaults/main.yml for
-# links to relevant bugs and discussion.
-- name: Remove PrivateDevices systemd options when in container
+- name: Apply systemd options
   template:
-    src: without-privatedevices.conf.j2
-    dest: "/etc/systemd/system/memcached.service.d/without-privatedevices.conf"
-  when:
-    - ansible_pkg_mgr == 'yum'
-    - ansible_service_mgr == 'systemd'
-  notify: Restart memcached
-
-- name: Add automatic restart on failure
-  template:
-    src: systemd-restart-on-failure.conf.j2
-    dest: "/etc/systemd/system/memcached.service.d/systemd-restart-on-failure.conf"
-  when:
-    - ansible_service_mgr == 'systemd'
-  notify: Restart memcached
-
-- name: Apply resource limits (systemd)
-  template:
-    src: "limits.conf.j2"
-    dest: "/etc/systemd/system/memcached.service.d/limits.conf"
-    owner: "root"
-    group: "root"
+    src: "{{ item.src }}"
+    dest: "/etc/systemd/system/memcached.service.d/{{ item.dest }}"
     mode: "0644"
-  when:
-    - ansible_service_mgr == 'systemd'
-    - memcached_connections > 1024
+  with_items:
+    - { src: "systemd.limits.conf.j2", dest: "limits.conf" }
+    - { src: "systemd.restart.conf.j2", dest: "restart.conf" }
+    - { src: "systemd.slice.conf.j2", dest: "slice.conf" }
+    - { src: "systemd.without-privatedevices.conf.j2", dest: "without-privatedevices.conf" }
   notify:
     - Restart memcached
 
diff --git a/templates/limits.conf.j2 b/templates/systemd.limits.conf.j2
similarity index 100%
rename from templates/limits.conf.j2
rename to templates/systemd.limits.conf.j2
diff --git a/templates/systemd-restart-on-failure.conf.j2 b/templates/systemd.restart.conf.j2
similarity index 98%
rename from templates/systemd-restart-on-failure.conf.j2
rename to templates/systemd.restart.conf.j2
index 8acdc0f..c680921 100644
--- a/templates/systemd-restart-on-failure.conf.j2
+++ b/templates/systemd.restart.conf.j2
@@ -1,4 +1,5 @@
 # {{ ansible_managed }}
+
 [Service]
 Restart=on-failure
 RestartSec=2
diff --git a/templates/systemd.slice.conf.j2 b/templates/systemd.slice.conf.j2
new file mode 100644
index 0000000..b58a95c
--- /dev/null
+++ b/templates/systemd.slice.conf.j2
@@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+
+[Service]
+# This creates a specific slice to operate from. The accounting options give us
+# the ability to see resource usage through the `systemd-cgtop` command and
+# further isolate this service from the host machine.
+Slice=memcached.slice
+CPUAccounting=true
+BlockIOAccounting=true
+MemoryAccounting=false
+TasksAccounting=true
diff --git a/templates/without-privatedevices.conf.j2 b/templates/systemd.without-privatedevices.conf.j2
similarity index 79%
rename from templates/without-privatedevices.conf.j2
rename to templates/systemd.without-privatedevices.conf.j2
index 848b326..dd4c0ca 100644
--- a/templates/without-privatedevices.conf.j2
+++ b/templates/systemd.without-privatedevices.conf.j2
@@ -1,2 +1,4 @@
+# {{ ansible_managed }}
+
 [Service]
 PrivateDevices={{ memcached_disable_privatedevices | bool | ternary('false', 'true') }}
diff --git a/tests/test.yml b/tests/test.yml
index ac1f8ad..f626b98 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -27,9 +27,11 @@
       register: memcached_log_stat
     - name: Check memcache is running
       command: pgrep -a memcached
+      changed_when: false
       register: memcached_proc
     - name: Test connecting to memcache
       shell: echo stats | nc -w5 127.0.0.1 11211
+      changed_when: false
       register: memcached_stats
     - name: Check role functions
       assert: