diff --git a/CHANGELOG.md b/CHANGELOG.md index a3847a7..b248981 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # CHANGELOG +## 0.1.42 + +* Add journald under puppet management - thanks to [fraenki](https://github.com/fraenki) for this [PR-84](https://github.com/NTTCom-MS/eyp-systemd/pull/84), it have been marged with some changes using [PR-87](https://github.com/NTTCom-MS/eyp-systemd/pull/87) + ## 0.1.41 * changed default setting **kill_user_processes** to false, it was breaking compatibility on some systems diff --git a/README.md b/README.md index 6caf056..206f550 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# systemd ![status ready](https://img.shields.io/badge/status-ready-brightgreen.svg) ![doc completed](https://img.shields.io/badge/doc-completed-brightgreen.svg) +# systemd 🎗️ #### Table of Contents @@ -261,6 +261,36 @@ base class for systemd reload management * **suspend_key_ignore_inhibited**: (default: false) * **user_tasks_max**: (default: 33%') +#### systemd::journald + +systemd-journald is a system service that collects and stores logging data + +* **compress**: If enabled (the default), data objects that shall be stored in the journal and are larger than the default threshold of 512 bytes are compressed before they are written to the file system. It can also be set to a number of bytes to specify the compression threshold directly. Suffixes like K, M, and G can be used to specify larger units. (default: true) +* **forward_to_console**: (default: false) +* **forward_to_kmsg**: (default: false) +* **forward_to_syslog**: (default: true) +* **forward_to_wall**: (default: true) +* **max_file_sec**: (default: 1month) +* **max_level_console**: (default: info) +* **max_level_kmsg**: (default: notice) +* **max_level_store**: (default: debug) +* **max_level_syslog**: (default: debug) +* **max_level_wall**: (default: emerg) +* **max_retention_sec**: (default: undef) +* **rate_limit_burst**: (default: 1000) +* **rate_limit_interval**: (default: 30s) +* **runtime_keep_free**: (default: undef) +* **runtime_max_files_size**: (default: undef) +* **runtime_max_use**: (default: undef) +* **seal**: If enabled (the default), and a sealing key is available (as created by journalctl(1)'s --setup-keys command), Forward Secure Sealing (FSS) for all persistent journal files is enabled (default: true) +* **split_mode**: (default: uid) +* **storage**: Controls where to store journal data. One of "volatile", "persistent", "auto" and "none" (default: auto) +* **sync_interval_sec**: (default: 5m) +* **system_keep_free**: (default: undef) +* **system_max_file_size**: (default: undef) +* **system_max_use**: (default: undef) +* **tty_path**: (default: /dev/console) + ### defines #### systemd::service @@ -373,7 +403,7 @@ have some test to check both presence and absence of any feature ### Contributing -1. Fork it +1. Fork it using the development fork: [jordiprats/eyp-systemd](https://github.com/jordiprats/eyp-systemd) 2. Create your feature branch (`git checkout -b my-new-feature`) 3. Commit your changes (`git commit -am 'Added some feature'`) 4. Push to the branch (`git push origin my-new-feature`) diff --git a/manifests/init.pp b/manifests/init.pp index 8921b8d..7917153 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,7 +1,10 @@ # # https://wiki.archlinux.org/index.php/systemd#Service_types # -class systemd($removeipc = 'no') inherits systemd::params { +class systemd ( + $manage_logind = true, + $removeipc = 'no', + ) inherits systemd::params { Exec { path => '/bin:/sbin:/usr/bin:/usr/sbin', @@ -20,4 +23,5 @@ } include ::systemd::logind + } diff --git a/manifests/journald.pp b/manifests/journald.pp new file mode 100644 index 0000000..9a0659c --- /dev/null +++ b/manifests/journald.pp @@ -0,0 +1,56 @@ +class systemd::journald ( + $manage_service = true, + $manage_docker_service = true, + $service_ensure = 'running', + $service_enable = true, + $compress = true, + $forward_to_console = false, + $forward_to_kmsg = false, + $forward_to_syslog = true, + $forward_to_wall = true, + $max_file_sec = '1month', + $max_level_console = 'info', + $max_level_kmsg = 'notice', + $max_level_store = 'debug', + $max_level_syslog = 'debug', + $max_level_wall = 'emerg', + $max_retention_sec = undef, + $rate_limit_burst = 1000, + $rate_limit_interval = '30s', + $runtime_keep_free = undef, + $runtime_max_files_size = undef, + $runtime_max_use = undef, + $seal = true, + $split_mode = 'uid', + $storage = 'auto', + $sync_interval_sec = '5m', + $system_keep_free = undef, + $system_max_file_size = undef, + $system_max_use = undef, + $tty_path = '/dev/console' + ) inherits systemd::params { + + validate_bool($forward_to_console, $forward_to_kmsg, + $forward_to_syslog, $forward_to_wall, $seal) + + validate_integer($rate_limit_burst) + + validate_re($max_level_console, ['^emerg$', '^alert$', '^crit$', '^err$', + '^warning$', '^notice$', '^info$', '^debug$']) + + validate_re($max_level_kmsg, ['^emerg$', '^alert$', '^crit$', '^err$', + '^warning$', '^notice$', '^info$', '^debug$']) + + validate_re($max_level_store, ['^emerg$', '^alert$', '^crit$', '^err$', + '^warning$', '^notice$', '^info$', '^debug$']) + + validate_re($max_level_syslog, ['^emerg$', '^alert$', '^crit$', '^err$', + '^warning$', '^notice$', '^info$', '^debug$']) + + validate_re($max_level_wall, ['^emerg$', '^alert$', '^crit$', '^err$', + '^warning$', '^notice$', '^info$', '^debug$']) + + class { '::systemd::journald::config': } ~> + class { '::systemd::journald::service': } -> + Class['::systemd::journald'] +} diff --git a/manifests/journald/config.pp b/manifests/journald/config.pp new file mode 100644 index 0000000..117d121 --- /dev/null +++ b/manifests/journald/config.pp @@ -0,0 +1,31 @@ +class systemd::journald::config inherits systemd::journald { + + Exec { + path => '/bin:/sbin:/usr/bin:/usr/sbin', + } + + file { '/etc/systemd/journald.conf': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0644', + content => template("${module_name}/journald.erb"), + } + + if($systemd::journald::seal) + { + # TODO: FSS interval + # chmod 2755 /var/log/journal/ + # [root@centos7 ~]# ls -ld /var/log/journal/ + # drwxr-sr-x+ 3 root systemd-journal 46 Apr 11 11:34 /var/log/journal/ + # [root@centos7 ~]# journalctl --interval=30s --setup-keys + + file { '/var/log/journal': + ensure => 'directory', + owner => 'root', + group => 'systemd-journal', + mode => '2755', + require => File['/etc/systemd/journald.conf'], + } + } +} diff --git a/manifests/journald/service.pp b/manifests/journald/service.pp new file mode 100644 index 0000000..3903aeb --- /dev/null +++ b/manifests/journald/service.pp @@ -0,0 +1,19 @@ +class systemd::journald::service inherits systemd::journald { + + $is_docker_container_var=getvar('::eyp_docker_iscontainer') + $is_docker_container=str2bool($is_docker_container_var) + + if( $is_docker_container==false or + $systemd::journald::manage_docker_service) + { + if($systemd::journald::manage_service) + { + service { 'systemd-journald': + ensure => $systemd::journald::service_ensure, + enable => $systemd::journald::service_enable, + hasstatus => true, + hasrestart => true, + } + } + } +} diff --git a/metadata.json b/metadata.json index 6136e65..5ad4a72 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "eyp-systemd", - "version": "0.1.41", + "version": "0.1.42", "author": "eyp", "summary": "management of systemd services, services dropins, sockets and timers", "license": "Apache-2.0", diff --git a/templates/journald.erb b/templates/journald.erb new file mode 100644 index 0000000..b478494 --- /dev/null +++ b/templates/journald.erb @@ -0,0 +1,70 @@ +###  puppet managed file +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# See journald.conf(5) for details +<%- + +var_to_systemd_directives = { + 'compress' => 'Compress', + 'forward_to_console' => 'ForwardToConsole', + 'forward_to_kmsg' => 'ForwardToKMsg', + 'forward_to_syslog' => 'ForwardToSyslog', + 'forward_to_wall' => 'ForwardToWall', + 'max_file_sec' => 'MaxFileSec', + 'max_level_console' => 'MaxLevelConsole', + 'max_level_kmsg' => 'MaxLevelKMsg', + 'max_level_store' => 'MaxLevelStore', + 'max_level_syslog' => 'MaxLevelSyslog', + 'max_level_wall' => 'MaxLevelWall', + 'max_retention_sec' => 'MaxRetentionSec', + 'rate_limit_burst' => 'RateLimitBurst', + 'rate_limit_interval' => 'RateLimitInterval', + 'run_time_keep_free' => 'RuntimeKeepFree', + 'run_time_max_file_size' => 'RuntimeMaxFileSize', + 'run_time_max_use' => 'RuntimeMaxUse', + 'seal' => 'Seal', + 'split_mode' => 'SplitMode', + 'storage' => 'Storage', + 'sync_interval_sec' => 'SyncIntervalSec', + 'system_keep_free' => 'SystemKeepFree', + 'system_max_file_size' => 'SystemMaxFileSize', + 'system_max_use' => 'SystemMaxUse', + 'tty_path' => 'TTYPath', +} + +-%> + +[Journal] +<% + all_var_names = %w( compress forward_to_console forward_to_kmsg + forward_to_syslog forward_to_wall max_file_sec + max_level_console max_level_kmsg max_level_store + max_level_syslog max_level_wall max_retention_sec + rate_limit_burst rate_limit_interval run_time_keep_free + run_time_max_file_size run_time_max_use seal + split_mode storage sync_interval_sec system_keep_free + system_max_file_size system_max_use tty_path) + + bool_var_names = %w(compress forward_to_console forward_to_kmsg + forward_to_syslog forward_to_wall seal) + +all_var_names.each do | variableName | -%> +<%- if scope[variableName].to_s != 'undef' and !scope[variableName].nil? + if bool_var_names.include? variableName + myvalue = scope.function_bool2yesno([scope[variableName]]) + elsif scope[variableName].is_a?(Array) + next if scope[variableName].empty? + myvalue = scope[variableName].join(' ') + else + myvalue = scope[variableName] + end +-%> +<%= var_to_systemd_directives[variableName] -%>=<%= myvalue %> +<%- end -%> +<% end -%>