From d7149958de444871182748c23e743a5b4a132b35 Mon Sep 17 00:00:00 2001 From: Benedikt Trefzer Date: Mon, 12 Aug 2024 22:47:22 +0200 Subject: [PATCH 1/5] add support for journal upload to a remote server --- REFERENCE.md | 36 ++++++++++++++++++++++++ data/Debian-family.yaml | 1 + data/RedHat-family.yaml | 1 + manifests/init.pp | 12 ++++++++ manifests/journal_upload.pp | 37 +++++++++++++++++++++++++ spec/classes/init_spec.rb | 50 ++++++++++++++++++++++++++++++++++ types/journaluploadsettings.pp | 12 ++++++++ 7 files changed, 149 insertions(+) create mode 100644 manifests/journal_upload.pp create mode 100644 types/journaluploadsettings.pp diff --git a/REFERENCE.md b/REFERENCE.md index b671b662..7343c74b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -15,6 +15,7 @@ * `systemd::coredump`: This class manages the systemd-coredump configuration. * `systemd::install`: Install any systemd sub packages +* `systemd::journal_upload`: This class manages and configures journal-upload. * `systemd::journald`: This class manages and configures journald. * `systemd::logind`: This class manages systemd's login manager configuration. * `systemd::machine_info`: This class manages systemd's machine-info file (hostnamectl) @@ -60,6 +61,7 @@ * [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities * [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf * [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files +* [`Systemd::JournalUploadSettings`](#Systemd--JournalUploadSettings): Matches Systemd journal upload config Struct * [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct * [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings * [`Systemd::LogLevel`](#Systemd--LogLevel): Defines allowed log levels @@ -136,6 +138,8 @@ The following parameters are available in the `systemd` class: * [`set_local_rtc`](#-systemd--set_local_rtc) * [`manage_journald`](#-systemd--manage_journald) * [`journald_settings`](#-systemd--journald_settings) +* [`manage_journal_upload`](#-systemd--manage_journal_upload) +* [`journal_upload_settings`](#-systemd--journal_upload_settings) * [`manage_udevd`](#-systemd--manage_udevd) * [`udev_log`](#-systemd--udev_log) * [`udev_children_max`](#-systemd--udev_children_max) @@ -475,6 +479,22 @@ Config Hash that is used to configure settings in journald.conf Default value: `{}` +##### `manage_journal_upload` + +Data type: `Boolean` + +Manage the systemd journal upload to a remote server + +Default value: `false` + +##### `journal_upload_settings` + +Data type: `Systemd::JournalUploadSettings` + +Config Hash that is used to configure settings in journal-upload.conf + +Default value: `{}` + ##### `manage_udevd` Data type: `Boolean` @@ -2690,6 +2710,22 @@ custom datatype that validates filenames/paths for valid systemd dropin files Alias of `Pattern['^[^/]+\.conf$']` +### `Systemd::JournalUploadSettings` + +Matches Systemd journal upload config Struct + +Alias of + +```puppet +Struct[{ + Optional['URL'] => Variant[Stdlib::HTTPUrl,Systemd::JournaldSettings::Ensure], + Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['NetworkTimeoutSec'] => Variant[Systemd::Unit::Timespan,Systemd::JournaldSettings::Ensure], + }] +``` + ### `Systemd::JournaldSettings` Matches Systemd journald config Struct diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml index 5c644fa2..b5c6093e 100644 --- a/data/Debian-family.yaml +++ b/data/Debian-family.yaml @@ -1,2 +1,3 @@ --- systemd::nspawn_package: 'systemd-container' +systemd::journal_upload::package_name: 'systemd-journal-remote' diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index 199df535..f16889bc 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -2,3 +2,4 @@ systemd::networkd_package: systemd-networkd systemd::nspawn_package: 'systemd-container' systemd::resolved_package: 'systemd-resolved' +systemd::journal_upload::package_name: 'systemd-journal-remote' diff --git a/manifests/init.pp b/manifests/init.pp index dc0e7f00..51d64ba8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -132,6 +132,12 @@ # @param journald_settings # Config Hash that is used to configure settings in journald.conf # +# @param manage_journal_upload +# Manage the systemd journal upload to a remote server +# +# @param journal_upload_settings +# Config Hash that is used to configure settings in journal-upload.conf +# # @param manage_udevd # Manage the systemd udev daemon # @@ -275,6 +281,8 @@ Boolean $purge_dropin_dirs = true, Boolean $manage_journald = true, Systemd::JournaldSettings $journald_settings = {}, + Boolean $manage_journal_upload = false, + Systemd::JournalUploadSettings $journal_upload_settings = {}, Systemd::MachineInfoSettings $machine_info_settings = {}, Boolean $manage_udevd = false, Optional[Variant[Integer,String]] $udev_log = undef, @@ -383,6 +391,10 @@ contain systemd::journald } + if $manage_journal_upload { + contain systemd::journal_upload + } + if $manage_logind { contain systemd::logind } diff --git a/manifests/journal_upload.pp b/manifests/journal_upload.pp new file mode 100644 index 00000000..6ff3d88d --- /dev/null +++ b/manifests/journal_upload.pp @@ -0,0 +1,37 @@ +# @api private +# @summary This class manages and configures journal-upload. +# @see https://www.freedesktop.org/software/systemd/man/journald.conf.html +# +# @param package_name +# name of the package to install for the functionality +# +class systemd::journal_upload ( + Optional[String[1]] $package_name = undef, +) { + assert_private() + + if $package_name { + stdlib::ensure_packages($package_name) + } + + service { 'systemd-journal-upload': + ensure => running, + } + $systemd::journal_upload_settings.each |$option, $value| { + ini_setting { $option: + path => '/etc/systemd/journal-upload.conf', + section => 'Upload', + setting => $option, + notify => Service['systemd-journal-upload'], + } + if $value =~ Hash { + Ini_setting[$option] { + * => $value, + } + } else { + Ini_setting[$option] { + value => $value, + } + } + } +} diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 4e90a50d..cc12c677 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -675,6 +675,56 @@ it { is_expected.not_to contain_service('systemd-journald') } end + context 'when journal-upload is enabled' do + let(:params) do + { + manage_journal_upload: true, + journal_upload_settings: { + 'URL' => 'https://central.server:19532', + 'ServerKeyFile' => '/tmp/key.pem', + 'ServerCertificateFile' => '/tmp/cert.pem', + 'TrustedCertificateFile' => { + 'ensure' => 'absent', + }, + }, + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_service('systemd-journal-upload') } + + it { is_expected.to have_ini_setting_resource_count(4) } + + it { + expect(subject).to contain_ini_setting('URL').with( + path: '/etc/systemd/journal-upload.conf', + section: 'Upload', + notify: 'Service[systemd-journal-upload]', + value: 'https://central.server:19532' + ) + } + + it { + expect(subject).to contain_ini_setting('TrustedCertificateFile').with( + path: '/etc/systemd/journal-upload.conf', + section: 'Upload', + notify: 'Service[systemd-journal-upload]', + ensure: 'absent' + ) + } + end + + context 'when journal-upload is not enabled' do + let(:params) do + { + manage_journal_upload: false, + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_service('systemd-journal-upload') } + end + context 'when disabling udevd management' do let(:params) do { diff --git a/types/journaluploadsettings.pp b/types/journaluploadsettings.pp new file mode 100644 index 00000000..66ef297c --- /dev/null +++ b/types/journaluploadsettings.pp @@ -0,0 +1,12 @@ +# Matches Systemd journal upload config Struct +type Systemd::JournalUploadSettings = Struct[ + # lint:ignore:140chars + { + Optional['URL'] => Variant[Stdlib::HTTPUrl,Systemd::JournaldSettings::Ensure], + Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['NetworkTimeoutSec'] => Variant[Systemd::Unit::Timespan,Systemd::JournaldSettings::Ensure], + } + # lint:endignore +] From 2c9f55df0d6c94c449d0aeef4e039d7fe7a2afe3 Mon Sep 17 00:00:00 2001 From: Benedikt Trefzer Date: Tue, 13 Aug 2024 16:24:51 +0200 Subject: [PATCH 2/5] prefix ini_setting resources Reason: equal options in journal-upload and journal-remote --- manifests/journal_upload.pp | 8 ++++---- spec/classes/init_spec.rb | 6 ++++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/manifests/journal_upload.pp b/manifests/journal_upload.pp index 6ff3d88d..117665e2 100644 --- a/manifests/journal_upload.pp +++ b/manifests/journal_upload.pp @@ -18,18 +18,18 @@ ensure => running, } $systemd::journal_upload_settings.each |$option, $value| { - ini_setting { $option: + ini_setting { "journal-upload_${option}": path => '/etc/systemd/journal-upload.conf', section => 'Upload', setting => $option, notify => Service['systemd-journal-upload'], } - if $value =~ Hash { - Ini_setting[$option] { + if $value =~ Systemd::JournaldSettings::Ensure { + Ini_setting["journal-upload_${option}"] { * => $value, } } else { - Ini_setting[$option] { + Ini_setting["journal-upload_${option}"] { value => $value, } } diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index cc12c677..79f0f7c9 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -696,18 +696,20 @@ it { is_expected.to have_ini_setting_resource_count(4) } it { - expect(subject).to contain_ini_setting('URL').with( + expect(subject).to contain_ini_setting('journal-upload_URL').with( path: '/etc/systemd/journal-upload.conf', section: 'Upload', + setting: 'URL', notify: 'Service[systemd-journal-upload]', value: 'https://central.server:19532' ) } it { - expect(subject).to contain_ini_setting('TrustedCertificateFile').with( + expect(subject).to contain_ini_setting('journal-upload_TrustedCertificateFile').with( path: '/etc/systemd/journal-upload.conf', section: 'Upload', + setting: 'TrustedCertificateFile', notify: 'Service[systemd-journal-upload]', ensure: 'absent' ) From f7a621580a5a153d9d62282a7d21ea4ad54d0288 Mon Sep 17 00:00:00 2001 From: Benedikt Trefzer Date: Wed, 14 Aug 2024 14:25:35 +0200 Subject: [PATCH 3/5] add journal-remote settings --- REFERENCE.md | 40 ++++++++++++++++++++++++++ data/Debian-family.yaml | 1 + data/RedHat-family.yaml | 1 + manifests/init.pp | 12 ++++++++ manifests/journal_remote.pp | 37 ++++++++++++++++++++++++ spec/classes/init_spec.rb | 52 +++++++++++++++++++++++++++------- types/journalremotesettings.pp | 16 +++++++++++ 7 files changed, 149 insertions(+), 10 deletions(-) create mode 100644 manifests/journal_remote.pp create mode 100644 types/journalremotesettings.pp diff --git a/REFERENCE.md b/REFERENCE.md index 7343c74b..cbd31e10 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -15,6 +15,7 @@ * `systemd::coredump`: This class manages the systemd-coredump configuration. * `systemd::install`: Install any systemd sub packages +* `systemd::journal_remote`: This class manages and configures journal-remote. * `systemd::journal_upload`: This class manages and configures journal-upload. * `systemd::journald`: This class manages and configures journald. * `systemd::logind`: This class manages systemd's login manager configuration. @@ -61,6 +62,7 @@ * [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities * [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf * [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files +* [`Systemd::JournalRemoteSettings`](#Systemd--JournalRemoteSettings): Matches Systemd journal remote config Struct * [`Systemd::JournalUploadSettings`](#Systemd--JournalUploadSettings): Matches Systemd journal upload config Struct * [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct * [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings @@ -140,6 +142,8 @@ The following parameters are available in the `systemd` class: * [`journald_settings`](#-systemd--journald_settings) * [`manage_journal_upload`](#-systemd--manage_journal_upload) * [`journal_upload_settings`](#-systemd--journal_upload_settings) +* [`manage_journal_remote`](#-systemd--manage_journal_remote) +* [`journal_remote_settings`](#-systemd--journal_remote_settings) * [`manage_udevd`](#-systemd--manage_udevd) * [`udev_log`](#-systemd--udev_log) * [`udev_children_max`](#-systemd--udev_children_max) @@ -495,6 +499,22 @@ Config Hash that is used to configure settings in journal-upload.conf Default value: `{}` +##### `manage_journal_remote` + +Data type: `Boolean` + +Manage the systemd journal remote server used to upload journals + +Default value: `false` + +##### `journal_remote_settings` + +Data type: `Systemd::JournalRemoteSettings` + +Config Hash that is used to configure settings in journal-remote.conf + +Default value: `{}` + ##### `manage_udevd` Data type: `Boolean` @@ -2710,6 +2730,26 @@ custom datatype that validates filenames/paths for valid systemd dropin files Alias of `Pattern['^[^/]+\.conf$']` +### `Systemd::JournalRemoteSettings` + +Matches Systemd journal remote config Struct + +Alias of + +```puppet +Struct[{ + Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure], + Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure], + Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure], + }] +``` + ### `Systemd::JournalUploadSettings` Matches Systemd journal upload config Struct diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml index b5c6093e..a687f75b 100644 --- a/data/Debian-family.yaml +++ b/data/Debian-family.yaml @@ -1,3 +1,4 @@ --- systemd::nspawn_package: 'systemd-container' systemd::journal_upload::package_name: 'systemd-journal-remote' +systemd::journal_remote::package_name: 'systemd-journal-remote' diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index f16889bc..baacfa17 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -3,3 +3,4 @@ systemd::networkd_package: systemd-networkd systemd::nspawn_package: 'systemd-container' systemd::resolved_package: 'systemd-resolved' systemd::journal_upload::package_name: 'systemd-journal-remote' +systemd::journal_remote::package_name: 'systemd-journal-remote' diff --git a/manifests/init.pp b/manifests/init.pp index 51d64ba8..fa46b664 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -138,6 +138,12 @@ # @param journal_upload_settings # Config Hash that is used to configure settings in journal-upload.conf # +# @param manage_journal_remote +# Manage the systemd journal remote server used to upload journals +# +# @param journal_remote_settings +# Config Hash that is used to configure settings in journal-remote.conf +# # @param manage_udevd # Manage the systemd udev daemon # @@ -283,6 +289,8 @@ Systemd::JournaldSettings $journald_settings = {}, Boolean $manage_journal_upload = false, Systemd::JournalUploadSettings $journal_upload_settings = {}, + Boolean $manage_journal_remote = false, + Systemd::JournalRemoteSettings $journal_remote_settings = {}, Systemd::MachineInfoSettings $machine_info_settings = {}, Boolean $manage_udevd = false, Optional[Variant[Integer,String]] $udev_log = undef, @@ -395,6 +403,10 @@ contain systemd::journal_upload } + if $manage_journal_remote { + contain systemd::journal_remote + } + if $manage_logind { contain systemd::logind } diff --git a/manifests/journal_remote.pp b/manifests/journal_remote.pp new file mode 100644 index 00000000..8a931b93 --- /dev/null +++ b/manifests/journal_remote.pp @@ -0,0 +1,37 @@ +# @api private +# @summary This class manages and configures journal-remote. +# @see https://www.freedesktop.org/software/systemd/man/journal-remote.conf.html +# +# @param package_name +# name of the package to install for the functionality +# +class systemd::journal_remote ( + Optional[String[1]] $package_name = undef, +) { + assert_private() + + if $package_name { + stdlib::ensure_packages($package_name) + } + + service { 'systemd-journal-remote': + ensure => running, + } + $systemd::journal_remote_settings.each |$option, $value| { + ini_setting { "journal-remote_${option}": + path => '/etc/systemd/journal-remote.conf', + section => 'Remote', + setting => $option, + notify => Service['systemd-journal-remote'], + } + if $value =~ Systemd::JournaldSettings::Ensure { + Ini_setting["journal-remote_${option}"] { + * => $value, + } + } else { + Ini_setting["journal-remote_${option}"] { + value => $value, + } + } + } +} diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 79f0f7c9..6793ca22 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -675,14 +675,23 @@ it { is_expected.not_to contain_service('systemd-journald') } end - context 'when journal-upload is enabled' do + context 'when journal-upload and journal-remote is enabled' do let(:params) do { manage_journal_upload: true, journal_upload_settings: { 'URL' => 'https://central.server:19532', - 'ServerKeyFile' => '/tmp/key.pem', - 'ServerCertificateFile' => '/tmp/cert.pem', + 'ServerKeyFile' => '/tmp/key-upload.pem', + 'ServerCertificateFile' => { + 'ensure' => 'absent', + }, + 'TrustedCertificateFile' => '/tmp/cert-upload.pem', + }, + manage_journal_remote: true, + journal_remote_settings: { + 'SplitMode' => 'host', + 'ServerKeyFile' => '/tmp/key-remote.pem', + 'ServerCertificateFile' => '/tmp/cert-remote.pem', 'TrustedCertificateFile' => { 'ensure' => 'absent', }, @@ -692,39 +701,62 @@ it { is_expected.to compile.with_all_deps } it { is_expected.to contain_service('systemd-journal-upload') } + it { is_expected.to contain_service('systemd-journal-remote') } - it { is_expected.to have_ini_setting_resource_count(4) } + it { is_expected.to have_ini_setting_resource_count(8) } it { - expect(subject).to contain_ini_setting('journal-upload_URL').with( + expect(subject).to contain_ini_setting('journal-upload_TrustedCertificateFile').with( path: '/etc/systemd/journal-upload.conf', section: 'Upload', - setting: 'URL', + setting: 'TrustedCertificateFile', notify: 'Service[systemd-journal-upload]', - value: 'https://central.server:19532' + value: '/tmp/cert-upload.pem' ) } it { - expect(subject).to contain_ini_setting('journal-upload_TrustedCertificateFile').with( + expect(subject).to contain_ini_setting('journal-remote_TrustedCertificateFile').with( + path: '/etc/systemd/journal-remote.conf', + section: 'Remote', + setting: 'TrustedCertificateFile', + notify: 'Service[systemd-journal-remote]', + ensure: 'absent' + ) + } + + it { + expect(subject).to contain_ini_setting('journal-upload_ServerCertificateFile').with( path: '/etc/systemd/journal-upload.conf', section: 'Upload', - setting: 'TrustedCertificateFile', + setting: 'ServerCertificateFile', notify: 'Service[systemd-journal-upload]', ensure: 'absent' ) } + + it { + expect(subject).to contain_ini_setting('journal-remote_ServerCertificateFile').with( + path: '/etc/systemd/journal-remote.conf', + section: 'Remote', + setting: 'ServerCertificateFile', + notify: 'Service[systemd-journal-remote]', + value: '/tmp/cert-remote.pem' + ) + } end - context 'when journal-upload is not enabled' do + context 'when journal-upload/journal-remote is not enabled' do let(:params) do { manage_journal_upload: false, + manage_journal_remote: false, } end it { is_expected.to compile.with_all_deps } it { is_expected.not_to contain_service('systemd-journal-upload') } + it { is_expected.not_to contain_service('systemd-journal-remote') } end context 'when disabling udevd management' do diff --git a/types/journalremotesettings.pp b/types/journalremotesettings.pp new file mode 100644 index 00000000..1648fa8f --- /dev/null +++ b/types/journalremotesettings.pp @@ -0,0 +1,16 @@ +# Matches Systemd journal remote config Struct +type Systemd::JournalRemoteSettings = Struct[ + # lint:ignore:140chars + { + Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure], + Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure], + Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure], + } + # lint:endignore +] From b5d04556629a4b7b981f2c020c3aa495b61df59d Mon Sep 17 00:00:00 2001 From: Benedikt Trefzer Date: Wed, 14 Aug 2024 21:39:39 +0200 Subject: [PATCH 4/5] update dokumentation and service settings --- REFERENCE.md | 8 ++++---- manifests/journal_upload.pp | 13 +++++++++++-- spec/classes/init_spec.rb | 15 +++++++++++++-- types/journalremotesettings.pp | 2 +- types/journaluploadsettings.pp | 2 +- 5 files changed, 30 insertions(+), 10 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index cbd31e10..42295a2e 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -62,8 +62,8 @@ * [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities * [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf * [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files -* [`Systemd::JournalRemoteSettings`](#Systemd--JournalRemoteSettings): Matches Systemd journal remote config Struct -* [`Systemd::JournalUploadSettings`](#Systemd--JournalUploadSettings): Matches Systemd journal upload config Struct +* [`Systemd::JournalRemoteSettings`](#Systemd--JournalRemoteSettings): matches Systemd journal remote config Struct +* [`Systemd::JournalUploadSettings`](#Systemd--JournalUploadSettings): matches Systemd journal upload config Struct * [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct * [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings * [`Systemd::LogLevel`](#Systemd--LogLevel): Defines allowed log levels @@ -2732,7 +2732,7 @@ Alias of `Pattern['^[^/]+\.conf$']` ### `Systemd::JournalRemoteSettings` -Matches Systemd journal remote config Struct +matches Systemd journal remote config Struct Alias of @@ -2752,7 +2752,7 @@ Struct[{ ### `Systemd::JournalUploadSettings` -Matches Systemd journal upload config Struct +matches Systemd journal upload config Struct Alias of diff --git a/manifests/journal_upload.pp b/manifests/journal_upload.pp index 117665e2..35095131 100644 --- a/manifests/journal_upload.pp +++ b/manifests/journal_upload.pp @@ -5,8 +5,16 @@ # @param package_name # name of the package to install for the functionality # +# @param service_ensure +# what we ensure for the service +# +# @param service_enable +# to enable the service +# class systemd::journal_upload ( - Optional[String[1]] $package_name = undef, + Optional[String[1]] $package_name = undef, + Enum['running','stopped'] $service_ensure = 'running', + Boolean $service_enable = true, ) { assert_private() @@ -15,7 +23,8 @@ } service { 'systemd-journal-upload': - ensure => running, + ensure => $service_ensure, + enable => $service_enable, } $systemd::journal_upload_settings.each |$option, $value| { ini_setting { "journal-upload_${option}": diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 6793ca22..af732ffa 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -700,8 +700,19 @@ end it { is_expected.to compile.with_all_deps } - it { is_expected.to contain_service('systemd-journal-upload') } - it { is_expected.to contain_service('systemd-journal-remote') } + + it { + is_expected.to contain_service('systemd-journal-upload').with( + ensure: 'running', + enable: true + ) + } + + it { + is_expected.to contain_service('systemd-journal-remote').with( + ensure: 'running' + ) + } it { is_expected.to have_ini_setting_resource_count(8) } diff --git a/types/journalremotesettings.pp b/types/journalremotesettings.pp index 1648fa8f..80d5f492 100644 --- a/types/journalremotesettings.pp +++ b/types/journalremotesettings.pp @@ -1,4 +1,4 @@ -# Matches Systemd journal remote config Struct +# @summary matches Systemd journal remote config Struct type Systemd::JournalRemoteSettings = Struct[ # lint:ignore:140chars { diff --git a/types/journaluploadsettings.pp b/types/journaluploadsettings.pp index 66ef297c..8ce6149b 100644 --- a/types/journaluploadsettings.pp +++ b/types/journaluploadsettings.pp @@ -1,4 +1,4 @@ -# Matches Systemd journal upload config Struct +# @summary matches Systemd journal upload config Struct type Systemd::JournalUploadSettings = Struct[ # lint:ignore:140chars { From 895a42e1fc0f1499043234974522353c3b8e3894 Mon Sep 17 00:00:00 2001 From: Benedikt Trefzer Date: Tue, 12 Nov 2024 09:29:02 +0100 Subject: [PATCH 5/5] enable systemd-journal-remote service --- manifests/journal_remote.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/journal_remote.pp b/manifests/journal_remote.pp index 8a931b93..c22c8bd7 100644 --- a/manifests/journal_remote.pp +++ b/manifests/journal_remote.pp @@ -16,6 +16,7 @@ service { 'systemd-journal-remote': ensure => running, + enable => true, } $systemd::journal_remote_settings.each |$option, $value| { ini_setting { "journal-remote_${option}":