Merge pull request #87 from jordiprats/master

journald management
NTTCom-MS · Apr 11, 2018 · cf0aab8 · cf0aab8
2 parents 9546acd + 45f5df3
commit cf0aab8
Show file tree

Hide file tree

Showing 8 changed files with 218 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## 0.1.42
+
+* Add journald under puppet management - thanks to [fraenki](https://github.com/fraenki) for this [PR-84](https://github.com/NTTCom-MS/eyp-systemd/pull/84), it have been marged with some changes using [PR-87](https://github.com/NTTCom-MS/eyp-systemd/pull/87)
+
 ## 0.1.41
 
 * changed default setting **kill_user_processes** to false, it was breaking compatibility on some systems

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# systemd ![status ready](https://img.shields.io/badge/status-ready-brightgreen.svg) ![doc completed](https://img.shields.io/badge/doc-completed-brightgreen.svg)
+# systemd 🎗️
 
 #### Table of Contents
 
@@ -261,6 +261,36 @@ base class for systemd reload management
 * **suspend_key_ignore_inhibited**:    (default: false)
 * **user_tasks_max**:                  (default: 33%')
 
+#### systemd::journald
+
+systemd-journald is a system service that collects and stores logging data
+
+* **compress**: If enabled (the default), data objects that shall be stored in the journal and are larger than the default threshold of 512 bytes are compressed before they are written to the file system. It can also be set to a number of bytes to specify the compression threshold directly. Suffixes like K, M, and G can be used to specify larger units. (default: true)
+* **forward_to_console**:    (default: false)
+* **forward_to_kmsg**:       (default: false)
+* **forward_to_syslog**:     (default: true)
+* **forward_to_wall**:       (default: true)
+* **max_file_sec**:          (default: 1month)
+* **max_level_console**:     (default: info)
+* **max_level_kmsg**:        (default: notice)
+* **max_level_store**:       (default: debug)
+* **max_level_syslog**:      (default: debug)
+* **max_level_wall**:        (default: emerg)
+* **max_retention_sec**:     (default: undef)
+* **rate_limit_burst**:      (default: 1000)
+* **rate_limit_interval**:   (default: 30s)
+* **runtime_keep_free**:     (default: undef)
+* **runtime_max_files_size**: (default: undef)
+* **runtime_max_use**:       (default: undef)
+* **seal**: If enabled (the default), and a sealing key is available (as created by journalctl(1)'s --setup-keys command), Forward Secure Sealing (FSS) for all persistent journal files is enabled (default: true)
+* **split_mode**:            (default: uid)
+* **storage**: Controls where to store journal data. One of "volatile", "persistent", "auto" and "none" (default: auto)
+* **sync_interval_sec**:     (default: 5m)
+* **system_keep_free**:      (default: undef)
+* **system_max_file_size**:  (default: undef)
+* **system_max_use**:        (default: undef)
+* **tty_path**:              (default: /dev/console)
+
 ### defines
 
 #### systemd::service
@@ -373,7 +403,7 @@ have some test to check both presence and absence of any feature
 
 ### Contributing
 
-1. Fork it
+1. Fork it using the development fork: [jordiprats/eyp-systemd](https://github.com/jordiprats/eyp-systemd)
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Added some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -1,7 +1,10 @@
 #
 # https://wiki.archlinux.org/index.php/systemd#Service_types
 #
-class systemd($removeipc = 'no') inherits systemd::params {
+class systemd (
+                $manage_logind   = true,
+                $removeipc       = 'no',
+              ) inherits systemd::params {
 
   Exec {
     path => '/bin:/sbin:/usr/bin:/usr/sbin',
@@ -20,4 +23,5 @@
   }
 
   include ::systemd::logind
+
 }
diff --git a/manifests/journald.pp b/manifests/journald.pp
@@ -0,0 +1,56 @@
+class systemd::journald (
+                          $manage_service         = true,
+                          $manage_docker_service  = true,
+                          $service_ensure         = 'running',
+                          $service_enable         = true,
+                          $compress               = true,
+                          $forward_to_console     = false,
+                          $forward_to_kmsg        = false,
+                          $forward_to_syslog      = true,
+                          $forward_to_wall        = true,
+                          $max_file_sec           = '1month',
+                          $max_level_console      = 'info',
+                          $max_level_kmsg         = 'notice',
+                          $max_level_store        = 'debug',
+                          $max_level_syslog       = 'debug',
+                          $max_level_wall         = 'emerg',
+                          $max_retention_sec      = undef,
+                          $rate_limit_burst       = 1000,
+                          $rate_limit_interval    = '30s',
+                          $runtime_keep_free      = undef,
+                          $runtime_max_files_size = undef,
+                          $runtime_max_use        = undef,
+                          $seal                   = true,
+                          $split_mode             = 'uid',
+                          $storage                = 'auto',
+                          $sync_interval_sec      = '5m',
+                          $system_keep_free       = undef,
+                          $system_max_file_size   = undef,
+                          $system_max_use         = undef,
+                          $tty_path               = '/dev/console'
+                        ) inherits systemd::params {
+
+  validate_bool($forward_to_console, $forward_to_kmsg,
+                $forward_to_syslog, $forward_to_wall, $seal)
+
+  validate_integer($rate_limit_burst)
+
+  validate_re($max_level_console, ['^emerg$', '^alert$', '^crit$', '^err$',
+    '^warning$', '^notice$', '^info$', '^debug$'])
+
+  validate_re($max_level_kmsg, ['^emerg$', '^alert$', '^crit$', '^err$',
+    '^warning$', '^notice$', '^info$', '^debug$'])
+
+  validate_re($max_level_store, ['^emerg$', '^alert$', '^crit$', '^err$',
+    '^warning$', '^notice$', '^info$', '^debug$'])
+
+  validate_re($max_level_syslog, ['^emerg$', '^alert$', '^crit$', '^err$',
+    '^warning$', '^notice$', '^info$', '^debug$'])
+
+  validate_re($max_level_wall, ['^emerg$', '^alert$', '^crit$', '^err$',
+    '^warning$', '^notice$', '^info$', '^debug$'])
+
+  class { '::systemd::journald::config': } ~>
+  class { '::systemd::journald::service': } ->
+  Class['::systemd::journald']
+}
diff --git a/manifests/journald/config.pp b/manifests/journald/config.pp
@@ -0,0 +1,31 @@
+class systemd::journald::config inherits systemd::journald {
+
+  Exec {
+    path => '/bin:/sbin:/usr/bin:/usr/sbin',
+  }
+
+  file { '/etc/systemd/journald.conf':
+    ensure  => 'present',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template("${module_name}/journald.erb"),
+  }
+
+  if($systemd::journald::seal)
+  {
+    # TODO: FSS interval
+    # chmod 2755 /var/log/journal/
+    # [root@centos7 ~]# ls -ld /var/log/journal/
+    # drwxr-sr-x+ 3 root systemd-journal 46 Apr 11 11:34 /var/log/journal/
+    # [root@centos7 ~]# journalctl --interval=30s --setup-keys
+
+    file { '/var/log/journal':
+      ensure  => 'directory',
+      owner   => 'root',
+      group   => 'systemd-journal',
+      mode    => '2755',
+      require => File['/etc/systemd/journald.conf'],
+    }
+  }
+}
diff --git a/manifests/journald/service.pp b/manifests/journald/service.pp
@@ -0,0 +1,19 @@
+class systemd::journald::service inherits systemd::journald {
+
+  $is_docker_container_var=getvar('::eyp_docker_iscontainer')
+  $is_docker_container=str2bool($is_docker_container_var)
+
+  if( $is_docker_container==false or
+      $systemd::journald::manage_docker_service)
+  {
+    if($systemd::journald::manage_service)
+    {
+      service { 'systemd-journald':
+        ensure     => $systemd::journald::service_ensure,
+        enable     => $systemd::journald::service_enable,
+        hasstatus  => true,
+        hasrestart => true,
+      }
+    }
+  }
+}
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "eyp-systemd",
-  "version": "0.1.41",
+  "version": "0.1.42",
   "author": "eyp",
   "summary": "management of systemd services, services dropins, sockets and timers",
   "license": "Apache-2.0",

diff --git a/templates/journald.erb b/templates/journald.erb
@@ -0,0 +1,70 @@
+###  puppet managed file
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# See journald.conf(5) for details
+<%-
+
+var_to_systemd_directives = {
+  'compress'               => 'Compress',
+  'forward_to_console'     => 'ForwardToConsole',
+  'forward_to_kmsg'        => 'ForwardToKMsg',
+  'forward_to_syslog'      => 'ForwardToSyslog',
+  'forward_to_wall'        => 'ForwardToWall',
+  'max_file_sec'           => 'MaxFileSec',
+  'max_level_console'      => 'MaxLevelConsole',
+  'max_level_kmsg'         => 'MaxLevelKMsg',
+  'max_level_store'        => 'MaxLevelStore',
+  'max_level_syslog'       => 'MaxLevelSyslog',
+  'max_level_wall'         => 'MaxLevelWall',
+  'max_retention_sec'      => 'MaxRetentionSec',
+  'rate_limit_burst'       => 'RateLimitBurst',
+  'rate_limit_interval'    => 'RateLimitInterval',
+  'run_time_keep_free'     => 'RuntimeKeepFree',
+  'run_time_max_file_size' => 'RuntimeMaxFileSize',
+  'run_time_max_use'       => 'RuntimeMaxUse',
+  'seal'                   => 'Seal',
+  'split_mode'             => 'SplitMode',
+  'storage'                => 'Storage',
+  'sync_interval_sec'      => 'SyncIntervalSec',
+  'system_keep_free'       => 'SystemKeepFree',
+  'system_max_file_size'   => 'SystemMaxFileSize',
+  'system_max_use'         => 'SystemMaxUse',
+  'tty_path'               => 'TTYPath',
+}
+
+-%>
+
+[Journal]
+<%
+  all_var_names = %w( compress forward_to_console forward_to_kmsg
+                      forward_to_syslog forward_to_wall max_file_sec
+                      max_level_console max_level_kmsg max_level_store
+                      max_level_syslog max_level_wall max_retention_sec
+                      rate_limit_burst rate_limit_interval run_time_keep_free
+                      run_time_max_file_size run_time_max_use seal
+                      split_mode storage sync_interval_sec system_keep_free
+                      system_max_file_size system_max_use tty_path)
+
+  bool_var_names = %w(compress forward_to_console forward_to_kmsg
+                      forward_to_syslog forward_to_wall seal)
+
+all_var_names.each do | variableName | -%>
+<%- if scope[variableName].to_s != 'undef' and !scope[variableName].nil?
+  if bool_var_names.include? variableName
+    myvalue = scope.function_bool2yesno([scope[variableName]])
+  elsif  scope[variableName].is_a?(Array)
+    next if scope[variableName].empty?
+    myvalue = scope[variableName].join(' ')
+  else
+    myvalue = scope[variableName]
+  end
+-%>
+<%= var_to_systemd_directives[variableName] -%>=<%= myvalue %>
+<%- end -%>
+<% end -%>