Skip to content

Commit

Permalink
Merge pull request #482 from cirrax/dev_journal
Browse files Browse the repository at this point in the history
add support for journal upload and remote server
  • Loading branch information
bastelfreak authored Nov 12, 2024
2 parents 291b9e1 + 895a42e commit 1fc5d99
Show file tree
Hide file tree
Showing 9 changed files with 311 additions and 0 deletions.
76 changes: 76 additions & 0 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@

* `systemd::coredump`: This class manages the systemd-coredump configuration.
* `systemd::install`: Install any systemd sub packages
* `systemd::journal_remote`: This class manages and configures journal-remote.
* `systemd::journal_upload`: This class manages and configures journal-upload.
* `systemd::journald`: This class manages and configures journald.
* `systemd::logind`: This class manages systemd's login manager configuration.
* `systemd::machine_info`: This class manages systemd's machine-info file (hostnamectl)
Expand Down Expand Up @@ -60,6 +62,8 @@
* [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities
* [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf
* [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files
* [`Systemd::JournalRemoteSettings`](#Systemd--JournalRemoteSettings): matches Systemd journal remote config Struct
* [`Systemd::JournalUploadSettings`](#Systemd--JournalUploadSettings): matches Systemd journal upload config Struct
* [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct
* [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings
* [`Systemd::LogLevel`](#Systemd--LogLevel): Defines allowed log levels
Expand Down Expand Up @@ -136,6 +140,10 @@ The following parameters are available in the `systemd` class:
* [`set_local_rtc`](#-systemd--set_local_rtc)
* [`manage_journald`](#-systemd--manage_journald)
* [`journald_settings`](#-systemd--journald_settings)
* [`manage_journal_upload`](#-systemd--manage_journal_upload)
* [`journal_upload_settings`](#-systemd--journal_upload_settings)
* [`manage_journal_remote`](#-systemd--manage_journal_remote)
* [`journal_remote_settings`](#-systemd--journal_remote_settings)
* [`manage_udevd`](#-systemd--manage_udevd)
* [`udev_log`](#-systemd--udev_log)
* [`udev_children_max`](#-systemd--udev_children_max)
Expand Down Expand Up @@ -475,6 +483,38 @@ Config Hash that is used to configure settings in journald.conf

Default value: `{}`

##### <a name="-systemd--manage_journal_upload"></a>`manage_journal_upload`

Data type: `Boolean`

Manage the systemd journal upload to a remote server

Default value: `false`

##### <a name="-systemd--journal_upload_settings"></a>`journal_upload_settings`

Data type: `Systemd::JournalUploadSettings`

Config Hash that is used to configure settings in journal-upload.conf

Default value: `{}`

##### <a name="-systemd--manage_journal_remote"></a>`manage_journal_remote`

Data type: `Boolean`

Manage the systemd journal remote server used to upload journals

Default value: `false`

##### <a name="-systemd--journal_remote_settings"></a>`journal_remote_settings`

Data type: `Systemd::JournalRemoteSettings`

Config Hash that is used to configure settings in journal-remote.conf

Default value: `{}`

##### <a name="-systemd--manage_udevd"></a>`manage_udevd`

Data type: `Boolean`
Expand Down Expand Up @@ -2690,6 +2730,42 @@ custom datatype that validates filenames/paths for valid systemd dropin files

Alias of `Pattern['^[^/]+\.conf$']`

### <a name="Systemd--JournalRemoteSettings"></a>`Systemd::JournalRemoteSettings`

matches Systemd journal remote config Struct

Alias of

```puppet
Struct[{
Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure],
Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure],
}]
```

### <a name="Systemd--JournalUploadSettings"></a>`Systemd::JournalUploadSettings`

matches Systemd journal upload config Struct

Alias of

```puppet
Struct[{
Optional['URL'] => Variant[Stdlib::HTTPUrl,Systemd::JournaldSettings::Ensure],
Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['NetworkTimeoutSec'] => Variant[Systemd::Unit::Timespan,Systemd::JournaldSettings::Ensure],
}]
```

### <a name="Systemd--JournaldSettings"></a>`Systemd::JournaldSettings`

Matches Systemd journald config Struct
Expand Down
2 changes: 2 additions & 0 deletions data/Debian-family.yaml
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
---
systemd::nspawn_package: 'systemd-container'
systemd::journal_upload::package_name: 'systemd-journal-remote'
systemd::journal_remote::package_name: 'systemd-journal-remote'
2 changes: 2 additions & 0 deletions data/RedHat-family.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,5 @@
systemd::networkd_package: systemd-networkd
systemd::nspawn_package: 'systemd-container'
systemd::resolved_package: 'systemd-resolved'
systemd::journal_upload::package_name: 'systemd-journal-remote'
systemd::journal_remote::package_name: 'systemd-journal-remote'
24 changes: 24 additions & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,18 @@
# @param journald_settings
# Config Hash that is used to configure settings in journald.conf
#
# @param manage_journal_upload
# Manage the systemd journal upload to a remote server
#
# @param journal_upload_settings
# Config Hash that is used to configure settings in journal-upload.conf
#
# @param manage_journal_remote
# Manage the systemd journal remote server used to upload journals
#
# @param journal_remote_settings
# Config Hash that is used to configure settings in journal-remote.conf
#
# @param manage_udevd
# Manage the systemd udev daemon
#
Expand Down Expand Up @@ -275,6 +287,10 @@
Boolean $purge_dropin_dirs = true,
Boolean $manage_journald = true,
Systemd::JournaldSettings $journald_settings = {},
Boolean $manage_journal_upload = false,
Systemd::JournalUploadSettings $journal_upload_settings = {},
Boolean $manage_journal_remote = false,
Systemd::JournalRemoteSettings $journal_remote_settings = {},
Systemd::MachineInfoSettings $machine_info_settings = {},
Boolean $manage_udevd = false,
Optional[Variant[Integer,String]] $udev_log = undef,
Expand Down Expand Up @@ -383,6 +399,14 @@
contain systemd::journald
}

if $manage_journal_upload {
contain systemd::journal_upload
}

if $manage_journal_remote {
contain systemd::journal_remote
}

if $manage_logind {
contain systemd::logind
}
Expand Down
38 changes: 38 additions & 0 deletions manifests/journal_remote.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# @api private
# @summary This class manages and configures journal-remote.
# @see https://www.freedesktop.org/software/systemd/man/journal-remote.conf.html
#
# @param package_name
# name of the package to install for the functionality
#
class systemd::journal_remote (
Optional[String[1]] $package_name = undef,
) {
assert_private()

if $package_name {
stdlib::ensure_packages($package_name)
}

service { 'systemd-journal-remote':
ensure => running,
enable => true,
}
$systemd::journal_remote_settings.each |$option, $value| {
ini_setting { "journal-remote_${option}":
path => '/etc/systemd/journal-remote.conf',
section => 'Remote',
setting => $option,
notify => Service['systemd-journal-remote'],
}
if $value =~ Systemd::JournaldSettings::Ensure {
Ini_setting["journal-remote_${option}"] {
* => $value,
}
} else {
Ini_setting["journal-remote_${option}"] {
value => $value,
}
}
}
}
46 changes: 46 additions & 0 deletions manifests/journal_upload.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# @api private
# @summary This class manages and configures journal-upload.
# @see https://www.freedesktop.org/software/systemd/man/journald.conf.html
#
# @param package_name
# name of the package to install for the functionality
#
# @param service_ensure
# what we ensure for the service
#
# @param service_enable
# to enable the service
#
class systemd::journal_upload (
Optional[String[1]] $package_name = undef,
Enum['running','stopped'] $service_ensure = 'running',
Boolean $service_enable = true,
) {
assert_private()

if $package_name {
stdlib::ensure_packages($package_name)
}

service { 'systemd-journal-upload':
ensure => $service_ensure,
enable => $service_enable,
}
$systemd::journal_upload_settings.each |$option, $value| {
ini_setting { "journal-upload_${option}":
path => '/etc/systemd/journal-upload.conf',
section => 'Upload',
setting => $option,
notify => Service['systemd-journal-upload'],
}
if $value =~ Systemd::JournaldSettings::Ensure {
Ini_setting["journal-upload_${option}"] {
* => $value,
}
} else {
Ini_setting["journal-upload_${option}"] {
value => $value,
}
}
}
}
95 changes: 95 additions & 0 deletions spec/classes/init_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -675,6 +675,101 @@
it { is_expected.not_to contain_service('systemd-journald') }
end

context 'when journal-upload and journal-remote is enabled' do
let(:params) do
{
manage_journal_upload: true,
journal_upload_settings: {
'URL' => 'https://central.server:19532',
'ServerKeyFile' => '/tmp/key-upload.pem',
'ServerCertificateFile' => {
'ensure' => 'absent',
},
'TrustedCertificateFile' => '/tmp/cert-upload.pem',
},
manage_journal_remote: true,
journal_remote_settings: {
'SplitMode' => 'host',
'ServerKeyFile' => '/tmp/key-remote.pem',
'ServerCertificateFile' => '/tmp/cert-remote.pem',
'TrustedCertificateFile' => {
'ensure' => 'absent',
},
},
}
end

it { is_expected.to compile.with_all_deps }

it {
is_expected.to contain_service('systemd-journal-upload').with(
ensure: 'running',
enable: true
)
}

it {
is_expected.to contain_service('systemd-journal-remote').with(
ensure: 'running'
)
}

it { is_expected.to have_ini_setting_resource_count(8) }

it {
expect(subject).to contain_ini_setting('journal-upload_TrustedCertificateFile').with(
path: '/etc/systemd/journal-upload.conf',
section: 'Upload',
setting: 'TrustedCertificateFile',
notify: 'Service[systemd-journal-upload]',
value: '/tmp/cert-upload.pem'
)
}

it {
expect(subject).to contain_ini_setting('journal-remote_TrustedCertificateFile').with(
path: '/etc/systemd/journal-remote.conf',
section: 'Remote',
setting: 'TrustedCertificateFile',
notify: 'Service[systemd-journal-remote]',
ensure: 'absent'
)
}

it {
expect(subject).to contain_ini_setting('journal-upload_ServerCertificateFile').with(
path: '/etc/systemd/journal-upload.conf',
section: 'Upload',
setting: 'ServerCertificateFile',
notify: 'Service[systemd-journal-upload]',
ensure: 'absent'
)
}

it {
expect(subject).to contain_ini_setting('journal-remote_ServerCertificateFile').with(
path: '/etc/systemd/journal-remote.conf',
section: 'Remote',
setting: 'ServerCertificateFile',
notify: 'Service[systemd-journal-remote]',
value: '/tmp/cert-remote.pem'
)
}
end

context 'when journal-upload/journal-remote is not enabled' do
let(:params) do
{
manage_journal_upload: false,
manage_journal_remote: false,
}
end

it { is_expected.to compile.with_all_deps }
it { is_expected.not_to contain_service('systemd-journal-upload') }
it { is_expected.not_to contain_service('systemd-journal-remote') }
end

context 'when disabling udevd management' do
let(:params) do
{
Expand Down
16 changes: 16 additions & 0 deletions types/journalremotesettings.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# @summary matches Systemd journal remote config Struct
type Systemd::JournalRemoteSettings = Struct[
# lint:ignore:140chars
{
Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure],
Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure],
}
# lint:endignore
]
12 changes: 12 additions & 0 deletions types/journaluploadsettings.pp
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# @summary matches Systemd journal upload config Struct
type Systemd::JournalUploadSettings = Struct[
# lint:ignore:140chars
{
Optional['URL'] => Variant[Stdlib::HTTPUrl,Systemd::JournaldSettings::Ensure],
Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
Optional['NetworkTimeoutSec'] => Variant[Systemd::Unit::Timespan,Systemd::JournaldSettings::Ensure],
}
# lint:endignore
]

0 comments on commit 1fc5d99

Please sign in to comment.