From 3624d7a3ce1ee9c6196e2bf0815c51e45a18d78a Mon Sep 17 00:00:00 2001 From: Yury Bushmelev Date: Wed, 30 Oct 2024 19:30:02 +0800 Subject: [PATCH] Manage {system,user}.conf --- REFERENCE.md | 198 +++++++++++++++++++++++++++++++- manifests/init.pp | 32 +++++- manifests/service_manager.pp | 79 +++++++++++++ manifests/system.pp | 17 --- spec/classes/init_spec.rb | 92 ++++++++++++++- types/boolean.pp | 2 + types/boolean/false.pp | 2 + types/boolean/true.pp | 2 + types/capabilities.pp | 2 + types/loglevel.pp | 2 + types/output.pp | 3 + types/servicemanagersettings.pp | 86 ++++++++++++++ types/settingensure.pp | 2 + types/timespan.pp | 6 + 14 files changed, 499 insertions(+), 26 deletions(-) create mode 100644 manifests/service_manager.pp delete mode 100644 manifests/system.pp create mode 100644 types/boolean.pp create mode 100644 types/boolean/false.pp create mode 100644 types/boolean/true.pp create mode 100644 types/capabilities.pp create mode 100644 types/loglevel.pp create mode 100644 types/output.pp create mode 100644 types/servicemanagersettings.pp create mode 100644 types/settingensure.pp create mode 100644 types/timespan.pp diff --git a/REFERENCE.md b/REFERENCE.md index 339624ca..b671b662 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -22,7 +22,7 @@ * `systemd::networkd`: This class provides an abstract way to trigger systemd-networkd * `systemd::oomd`: This class manages and configures oomd. * `systemd::resolved`: This class provides an abstract way to trigger resolved. -* `systemd::system`: This class provides a solution to enable accounting +* `systemd::service_manager`: This class provides a solution to manage system and/or user service manager settings * `systemd::timedatectl`: This class provides an abstract way to set elements with timedatectl * `systemd::timesyncd`: This class provides an abstract way to trigger systemd-timesyncd * `systemd::udevd`: This class manages systemd's udev config @@ -54,15 +54,24 @@ ### Data types +* [`Systemd::Boolean`](#Systemd--Boolean): Defines systemd boolean type representation +* [`Systemd::Boolean::False`](#Systemd--Boolean--False): Defines systemd boolean "false" type representation +* [`Systemd::Boolean::True`](#Systemd--Boolean--True): Defines systemd boolean "true" type representation +* [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities * [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf * [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files * [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct * [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings +* [`Systemd::LogLevel`](#Systemd--LogLevel): Defines allowed log levels * [`Systemd::LogindSettings`](#Systemd--LogindSettings): Matches Systemd Login Manager Struct * [`Systemd::LogindSettings::Ensure`](#Systemd--LogindSettings--Ensure): defines allowed ensure states for systemd-logind settings * [`Systemd::MachineInfoSettings`](#Systemd--MachineInfoSettings): Matches Systemd machine-info (hostnamectl) file Struct * [`Systemd::OomdSettings`](#Systemd--OomdSettings): Configurations for oomd.conf +* [`Systemd::Output`](#Systemd--Output): Defines allowed output values * [`Systemd::ServiceLimits`](#Systemd--ServiceLimits): Deprecated - Matches Systemd Service Limit Struct +* [`Systemd::ServiceManagerSettings`](#Systemd--ServiceManagerSettings): Matches Systemd system.conf/user.conf settings +* [`Systemd::SettingEnsure`](#Systemd--SettingEnsure): Defines allowed ensure states for an ini_setting +* [`Systemd::Timespan`](#Systemd--Timespan): Defines a timespan type * [`Systemd::Unit`](#Systemd--Unit): custom datatype that validates different filenames for systemd units and unit templates * [`Systemd::Unit::Amount`](#Systemd--Unit--Amount): Systemd definition of amount, often bytes or united bytes * [`Systemd::Unit::AmountOrPercent`](#Systemd--Unit--AmountOrPercent): Systemd definition of amount, often bytes or united bytes @@ -156,6 +165,10 @@ The following parameters are available in the `systemd` class: * [`oomd_ensure`](#-systemd--oomd_ensure) * [`oomd_settings`](#-systemd--oomd_settings) * [`udev_purge_rules`](#-systemd--udev_purge_rules) +* [`manage_system_conf`](#-systemd--manage_system_conf) +* [`system_settings`](#-systemd--system_settings) +* [`manage_user_conf`](#-systemd--manage_user_conf) +* [`user_settings`](#-systemd--user_settings) ##### `default_target` @@ -612,7 +625,8 @@ Default value: `'/etc/systemd/network'` Data type: `Boolean` -when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units +When enabled, the different accounting options (network traffic, IO, +CPU util...) are enabled for units. Default value: `false` @@ -620,7 +634,9 @@ Default value: `false` Data type: `Hash[String,String]` -Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera. +Hash of the different accounting options. This highly depends on the used +systemd version. The module provides sane defaults per operating system +using Hiera. Default value: `{}` @@ -696,6 +712,42 @@ Toggle if unmanaged files in /etc/udev/rules.d should be purged if manage_udevd Default value: `false` +##### `manage_system_conf` + +Data type: `Boolean` + +Should system service manager configurations be managed + +Default value: `false` + +##### `system_settings` + +Data type: `Systemd::ServiceManagerSettings` + +Config Hash that is used to configure settings in system.conf +NOTE: It's currently impossible to have multiple entries of the same key in +the settings. + +Default value: `{}` + +##### `manage_user_conf` + +Data type: `Boolean` + +Should user service manager configurations be managed + +Default value: `false` + +##### `user_settings` + +Data type: `Systemd::ServiceManagerSettings` + +Config Hash that is used to configure settings in user.conf +NOTE: It's currently impossible to have multiple entries of the same key in +the settings. + +Default value: `{}` + ### `systemd::tmpfiles` Update the systemd temp files @@ -2587,6 +2639,30 @@ Use path (-p) ornon-path style escaping. ## Data types +### `Systemd::Boolean` + +Defines systemd boolean type representation + +Alias of `Variant[Systemd::Boolean::True, Systemd::Boolean::False]` + +### `Systemd::Boolean::False` + +Defines systemd boolean "false" type representation + +Alias of `Variant[Integer[0,0], Enum['no', 'false'], Boolean[false]]` + +### `Systemd::Boolean::True` + +Defines systemd boolean "true" type representation + +Alias of `Variant[Integer[1], Enum['yes', 'true'], Boolean[true]]` + +### `Systemd::Capabilities` + +Defines allowed capabilities + +Alias of `Variant[Pattern[/^~?(CAP_[A-Z_]+ *)+$/]]` + ### `Systemd::CoredumpSettings` Configurations for coredump.conf @@ -2661,6 +2737,12 @@ defines allowed ensure states for systemd-journald settings Alias of `Struct[{ 'ensure' => Enum['present','absent'] }]` +### `Systemd::LogLevel` + +Defines allowed log levels + +Alias of `Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'], Integer[0,7]]` + ### `Systemd::LogindSettings` Matches Systemd Login Manager Struct @@ -2738,6 +2820,12 @@ Struct[{ }] ``` +### `Systemd::Output` + +Used in DefaultStandardOutput/DefaultStandardError e.g. + +Alias of `Enum['inherit', 'null', 'tty', 'journal', 'journal+console', 'kmsg', 'kmsg+console']` + ### `Systemd::ServiceLimits` Deprecated - Matches Systemd Service Limit Struct @@ -2791,6 +2879,110 @@ Struct[{ }] ``` +### `Systemd::ServiceManagerSettings` + +NOTE: Systemd::SettingEnsure here allows to delete the setting from the INI +file. See the example below for Hiera: + +```yaml +systemd::system_settings: + LogLevel: + ensure: absent +``` + +* **See also** + * https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html + +Alias of + +```puppet +Struct[{ + Optional['LogLevel'] => Variant[Systemd::LogLevel, Systemd::SettingEnsure], + Optional['LogTarget'] => Variant[Enum['console','console-prefixed','kmsg','journal','journal-or-kmsg','auto','null'], Systemd::SettingEnsure], + Optional['LogColor'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['LogLocation'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['LogTime'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DumpCore'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['ShowStatus'] => Variant[Systemd::Boolean, Enum['auto','error'], Systemd::SettingEnsure], + Optional['CrashChangeVT'] => Variant[Systemd::Boolean, Integer[1,63], Systemd::SettingEnsure], + Optional['CrashShell'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['CrashReboot'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Obsoleted by CrashAction in v256, delete after Debian 12 EOL + Optional['CrashAction'] => Variant[Enum['freeze', 'reboot', 'poweroff'], Systemd::SettingEnsure], + Optional['CtrlAltDelBurstAction'] => Variant[Enum['reboot-force','poweroff-force','reboot-immediate','poweroff-immediate','none'], Systemd::SettingEnsure], + Optional['CPUAffinity'] => Variant[Enum['numa'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure], + Optional['NUMAPolicy'] => Variant[Enum['default','preferred','bind','interleave','local'], Systemd::SettingEnsure], + Optional['NUMAMask'] => Variant[Enum['all'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure], + Optional['RuntimeWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['RuntimeWatchdogPreSec'] => Variant[Enum['off'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['RuntimeWatchdogPreGovernor'] => Variant[Enum['noop', 'panic'], String[1], Systemd::SettingEnsure], + Optional['RebootWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['KExecWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['WatchdogDevice'] => Variant[Stdlib::Absolutepath, Systemd::SettingEnsure], + Optional['CapabilityBoundingSet'] => Variant[Systemd::Capabilities, Systemd::SettingEnsure], + Optional['NoNewPrivileges'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['ProtectSystem'] => Variant[Enum['auto'], Systemd::Boolean, Systemd::SettingEnsure], + Optional['SystemCallArchitectures'] => Variant[String[1], Systemd::SettingEnsure], + Optional['TimerSlackNSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['StatusUnitFormat'] => Variant[Enum['combined','description','name'], Systemd::SettingEnsure], + Optional['DefaultTimerAccuracySec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultStandardOutput'] => Variant[Systemd::Output, Systemd::SettingEnsure], + Optional['DefaultStandardError'] => Variant[Systemd::Output, Systemd::SettingEnsure], + Optional['DefaultTimeoutStartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultTimeoutStopSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultTimeoutAbortSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultDeviceTimeoutSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultRestartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultStartLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultStartLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure], + Optional['DefaultEnvironment'] => Variant[String, Systemd::SettingEnsure], + Optional['ManagerEnvironment'] => Variant[String, Systemd::SettingEnsure], + Optional['DefaultCPUAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultBlockIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Deprecated in v252. Delete after Debian 11 EOL + Optional['DefaultIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultIPAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultMemoryAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultTasksAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultTasksMax'] => Variant[Enum['infinity'], Integer[0], Systemd::Unit::Percent, Systemd::SettingEnsure], + Optional['DefaultLimitCPU'] => Variant[Enum['infinity'], Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure], + Optional['DefaultLimitFSIZE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitDATA'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitSTACK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitCORE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitRSS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitNOFILE'] => Variant[Integer[-1], Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure], + Optional['DefaultLimitAS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure], + Optional['DefaultLimitMEMLOCK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitLOCKS'] => Variant[Integer[1], Systemd::SettingEnsure], + Optional['DefaultLimitSIGPENDING'] => Variant[Integer[1], Systemd::SettingEnsure], + Optional['DefaultLimitMSGQUEUE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$'], Systemd::SettingEnsure], + Optional['DefaultLimitRTPRIO'] => Variant[Integer[0], Systemd::SettingEnsure], + Optional['DefaultLimitRTTIME'] => Variant[Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure], + Optional['DefaultOOMPolicy'] => Variant[Enum['continue', 'stop','kill'], Systemd::SettingEnsure], + Optional['DefaultSmackProcessLabel'] => Variant[String, Systemd::SettingEnsure], + Optional['ReloadLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['ReloadLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure], + Optional['DefaultMemoryPressureWatch'] => Variant[Systemd::SettingEnsure], + Optional['DefaultMemoryPressureThresholdSec'] => Variant[Systemd::SettingEnsure], + }] +``` + +### `Systemd::SettingEnsure` + +Defines allowed ensure states for an ini_setting + +Alias of `Struct[{ 'ensure' => Enum['absent'] }]` + +### `Systemd::Timespan` + +Defines a timespan type + +* **See also** + * https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html + +Alias of `Variant[Integer[0], Pattern[/^([0-9]+ *(usec|us|msec|ms|seconds?|sec|s|minutes?|min|m|hours?|hr|h|days?|d|weeks?|w|months?|M|years?|y)? *)+$/]]` + ### `Systemd::Unit` custom datatype that validates different filenames for systemd units and unit templates diff --git a/manifests/init.pp b/manifests/init.pp index 95aeda78..dc0e7f00 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -188,10 +188,13 @@ # where all networkd files are placed in # # @param manage_accounting -# when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units +# When enabled, the different accounting options (network traffic, IO, +# CPU util...) are enabled for units. # # @param accounting -# Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera. +# Hash of the different accounting options. This highly depends on the used +# systemd version. The module provides sane defaults per operating system +# using Hiera. # # @param purge_dropin_dirs # When enabled, unused directories for dropin files will be purged @@ -219,6 +222,22 @@ # # @param udev_purge_rules # Toggle if unmanaged files in /etc/udev/rules.d should be purged if manage_udevd is enabled +# +# @param manage_system_conf +# Should system service manager configurations be managed +# +# @param system_settings +# Config Hash that is used to configure settings in system.conf +# NOTE: It's currently impossible to have multiple entries of the same key in +# the settings. +# +# @param manage_user_conf +# Should user service manager configurations be managed +# +# @param user_settings +# Config Hash that is used to configure settings in user.conf +# NOTE: It's currently impossible to have multiple entries of the same key in +# the settings. class systemd ( Optional[Pattern['^.+\.target$']] $default_target = undef, Hash[String,String] $accounting = {}, @@ -284,6 +303,10 @@ Enum['stopped','running'] $oomd_ensure = 'running', Systemd::OomdSettings $oomd_settings = {}, Boolean $udev_purge_rules = false, + Boolean $manage_system_conf = false, + Systemd::ServiceManagerSettings $system_settings = {}, + Boolean $manage_user_conf = false, + Systemd::ServiceManagerSettings $user_settings = {}, ) { contain systemd::install @@ -347,8 +370,9 @@ contain systemd::udevd } - if $manage_accounting { - contain systemd::system + # $manage_accounting is retained for backward compatibility + if $manage_accounting or $manage_system_conf or $manage_user_conf { + contain systemd::service_manager } unless empty($machine_info_settings) { diff --git a/manifests/service_manager.pp b/manifests/service_manager.pp new file mode 100644 index 00000000..c783f4d5 --- /dev/null +++ b/manifests/service_manager.pp @@ -0,0 +1,79 @@ +# @api private +# +# This class provides a solution to manage system and/or user service manager settings +# @see https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html +# +# @param manage_accounting +# When enabled, the different accounting options (network traffic, IO, +# CPU util...) are enabled for units. +# +# @param accounting_settings +# Hash of the different accounting options. This highly depends on the used +# systemd version. The module provides sane defaults per operating system +# using Hiera. +# +# @param manage_system_conf +# Should system service manager configurations be managed +# +# @param system_settings +# Config Hash that is used to configure settings in system.conf +# NOTE: It's currently impossible to have multiple entries of the same key in +# the settings. +# +# @param manage_user_conf +# Should user service manager configurations be managed +# +# @param user_settings +# Config Hash that is used to configure settings in user.conf +# NOTE: It's currently impossible to have multiple entries of the same key in +# the settings. +# +class systemd::service_manager ( + Boolean $manage_accounting = $systemd::manage_accounting, + Boolean $manage_system_conf = $systemd::manage_system_conf, + Boolean $manage_user_conf = $systemd::manage_user_conf, + Systemd::ServiceManagerSettings $accounting_settings = $systemd::accounting, + Systemd::ServiceManagerSettings $system_settings = $systemd::system_settings, + Systemd::ServiceManagerSettings $user_settings = $systemd::user_settings, +) { + assert_private() + + $real_system_settings = case [$manage_accounting, $manage_system_conf] { + [true, false]: { $accounting_settings } + [false, true]: { $system_settings } + [true, true]: { $system_settings + $accounting_settings } # Accounting settings have preference + default: { ({}) } # Empty Hash otherwise + } + + $real_system_settings.each |$option, $value| { + $vh = $value ? { + Systemd::SettingEnsure => $value, + default => { value => $value }, + } + + ini_setting { "system/${option}": + ensure => $vh.get('ensure', 'present'), + path => '/etc/systemd/system.conf', + section => 'Manager', + setting => $option, + value => $vh['value'], + } + } + + if $manage_user_conf { + $user_settings.each |$option, $value| { + $vh = $value ? { + Systemd::SettingEnsure => $value, + default => { value => $value }, + } + + ini_setting { "user/${option}": + ensure => $vh.get('ensure', 'present'), + path => '/etc/systemd/user.conf', + section => 'Manager', + setting => $option, + value => $vh['value'], + } + } + } +} diff --git a/manifests/system.pp b/manifests/system.pp deleted file mode 100644 index 368048dc..00000000 --- a/manifests/system.pp +++ /dev/null @@ -1,17 +0,0 @@ -# @api private -# -# This class provides a solution to enable accounting -# -class systemd::system { - assert_private() - - $systemd::accounting.each |$option, $value| { - ini_setting { $option: - ensure => 'present', - path => '/etc/systemd/system.conf', - section => 'Manager', - setting => $option, - value => $value, - } - } -} diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index b53ad18a..4e90a50d 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -508,7 +508,7 @@ } end - it { is_expected.to contain_class('systemd::system') } + it { is_expected.to contain_class('systemd::service_manager') } case facts[:os]['family'] when 'Archlinux', 'Gentoo' @@ -519,9 +519,97 @@ accounting = %w[DefaultCPUAccounting DefaultBlockIOAccounting DefaultMemoryAccounting DefaultTasksAccounting] end accounting.each do |account| - it { is_expected.to contain_ini_setting(account) } + it { is_expected.to contain_ini_setting("system/#{account}") } end it { is_expected.to compile.with_all_deps } + + context 'when both manage_accounting and manage_system_conf are enabled' do + let :params do + super().merge( + manage_system_conf: true, + system_settings: { + 'DefaultTimeoutStartSec' => '120s', + 'DefaultCPUAccounting' => true, + 'DefaultMemoryAccounting' => { 'ensure' => 'absent' }, + } + ) + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_ini_setting('system/DefaultTimeoutStartSec').with_ensure('present').with_value('120s') } + # Value is overriden by accounting settings + it { is_expected.to contain_ini_setting('system/DefaultCPUAccounting').with_ensure('present').with_value('yes') } + # Ensure and value are overriden by accounting settings + it { is_expected.to contain_ini_setting('system/DefaultMemoryAccounting').with_ensure('present').with_value('yes') } + # Included by accounting (switch to DefaultIOAccounting after RHEL7 EOL) + it { is_expected.to contain_ini_setting('system/DefaultBlockIOAccounting').with_ensure('present').with_value('yes') } + end + end + + context 'when managing system service manager config' do + let :params do + { + manage_system_conf: true, + system_settings: { + 'DefaultTimeoutStartSec' => '120s', + 'DefaultCPUAccounting' => true, + 'DefaultMemoryAccounting' => { 'ensure' => 'absent' }, + } + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to have_ini_setting_resource_count(3) } + it { is_expected.to contain_ini_setting('system/DefaultMemoryAccounting').with_ensure('absent') } + + it do + is_expected.to contain_ini_setting('system/DefaultTimeoutStartSec').with( + ensure: 'present', + path: '/etc/systemd/system.conf', + value: '120s' + ) + end + + it do + is_expected.to contain_ini_setting('system/DefaultCPUAccounting').with( + ensure: 'present', + path: '/etc/systemd/system.conf', + value: true + ) + end + end + + context 'when managing user service manager config' do + let :params do + { + manage_user_conf: true, + user_settings: { + 'DefaultTimeoutStartSec' => '123s', + 'DefaultLimitCORE' => 'infinity', + 'DefaultLimitCPU' => { 'ensure' => 'absent' }, + } + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to have_ini_setting_resource_count(3) } + it { is_expected.to contain_ini_setting('user/DefaultLimitCPU').with_ensure('absent') } + + it do + is_expected.to contain_ini_setting('user/DefaultTimeoutStartSec').with( + ensure: 'present', + path: '/etc/systemd/user.conf', + value: '123s' + ) + end + + it do + is_expected.to contain_ini_setting('user/DefaultLimitCORE').with( + ensure: 'present', + path: '/etc/systemd/user.conf', + value: 'infinity' + ) + end end context 'when enabling journald with options' do diff --git a/types/boolean.pp b/types/boolean.pp new file mode 100644 index 00000000..e21196d1 --- /dev/null +++ b/types/boolean.pp @@ -0,0 +1,2 @@ +# @summary Defines systemd boolean type representation +type Systemd::Boolean = Variant[Systemd::Boolean::True, Systemd::Boolean::False] diff --git a/types/boolean/false.pp b/types/boolean/false.pp new file mode 100644 index 00000000..878e1c5f --- /dev/null +++ b/types/boolean/false.pp @@ -0,0 +1,2 @@ +# @summary Defines systemd boolean "false" type representation +type Systemd::Boolean::False = Variant[Integer[0,0], Enum['no', 'false'], Boolean[false]] diff --git a/types/boolean/true.pp b/types/boolean/true.pp new file mode 100644 index 00000000..69aa0f51 --- /dev/null +++ b/types/boolean/true.pp @@ -0,0 +1,2 @@ +# @summary Defines systemd boolean "true" type representation +type Systemd::Boolean::True = Variant[Integer[1], Enum['yes', 'true'], Boolean[true]] diff --git a/types/capabilities.pp b/types/capabilities.pp new file mode 100644 index 00000000..acbc7701 --- /dev/null +++ b/types/capabilities.pp @@ -0,0 +1,2 @@ +# @summary Defines allowed capabilities +type Systemd::Capabilities = Variant[Pattern[/^~?(CAP_[A-Z_]+ *)+$/]] diff --git a/types/loglevel.pp b/types/loglevel.pp new file mode 100644 index 00000000..49f81904 --- /dev/null +++ b/types/loglevel.pp @@ -0,0 +1,2 @@ +# @summary Defines allowed log levels +type Systemd::LogLevel = Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'], Integer[0,7]] diff --git a/types/output.pp b/types/output.pp new file mode 100644 index 00000000..3735bd5c --- /dev/null +++ b/types/output.pp @@ -0,0 +1,3 @@ +# @summary Defines allowed output values +# Used in DefaultStandardOutput/DefaultStandardError e.g. +type Systemd::Output = Enum['inherit', 'null', 'tty', 'journal', 'journal+console', 'kmsg', 'kmsg+console'] diff --git a/types/servicemanagersettings.pp b/types/servicemanagersettings.pp new file mode 100644 index 00000000..69ea08c3 --- /dev/null +++ b/types/servicemanagersettings.pp @@ -0,0 +1,86 @@ +# @summary Matches Systemd system.conf/user.conf settings +# +# NOTE: Systemd::SettingEnsure here allows to delete the setting from the INI +# file. See the example below for Hiera: +# +# ```yaml +# systemd::system_settings: +# LogLevel: +# ensure: absent +# ``` +# +# @see https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html +type Systemd::ServiceManagerSettings = Struct[ + # lint:ignore:140chars + { + Optional['LogLevel'] => Variant[Systemd::LogLevel, Systemd::SettingEnsure], + Optional['LogTarget'] => Variant[Enum['console','console-prefixed','kmsg','journal','journal-or-kmsg','auto','null'], Systemd::SettingEnsure], + Optional['LogColor'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['LogLocation'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['LogTime'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DumpCore'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['ShowStatus'] => Variant[Systemd::Boolean, Enum['auto','error'], Systemd::SettingEnsure], + Optional['CrashChangeVT'] => Variant[Systemd::Boolean, Integer[1,63], Systemd::SettingEnsure], + Optional['CrashShell'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['CrashReboot'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Obsoleted by CrashAction in v256, delete after Debian 12 EOL + Optional['CrashAction'] => Variant[Enum['freeze', 'reboot', 'poweroff'], Systemd::SettingEnsure], + Optional['CtrlAltDelBurstAction'] => Variant[Enum['reboot-force','poweroff-force','reboot-immediate','poweroff-immediate','none'], Systemd::SettingEnsure], + Optional['CPUAffinity'] => Variant[Enum['numa'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure], + Optional['NUMAPolicy'] => Variant[Enum['default','preferred','bind','interleave','local'], Systemd::SettingEnsure], + Optional['NUMAMask'] => Variant[Enum['all'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure], + Optional['RuntimeWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['RuntimeWatchdogPreSec'] => Variant[Enum['off'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['RuntimeWatchdogPreGovernor'] => Variant[Enum['noop', 'panic'], String[1], Systemd::SettingEnsure], + Optional['RebootWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['KExecWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['WatchdogDevice'] => Variant[Stdlib::Absolutepath, Systemd::SettingEnsure], + Optional['CapabilityBoundingSet'] => Variant[Systemd::Capabilities, Systemd::SettingEnsure], + Optional['NoNewPrivileges'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['ProtectSystem'] => Variant[Enum['auto'], Systemd::Boolean, Systemd::SettingEnsure], + Optional['SystemCallArchitectures'] => Variant[String[1], Systemd::SettingEnsure], + Optional['TimerSlackNSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['StatusUnitFormat'] => Variant[Enum['combined','description','name'], Systemd::SettingEnsure], + Optional['DefaultTimerAccuracySec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultStandardOutput'] => Variant[Systemd::Output, Systemd::SettingEnsure], + Optional['DefaultStandardError'] => Variant[Systemd::Output, Systemd::SettingEnsure], + Optional['DefaultTimeoutStartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultTimeoutStopSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultTimeoutAbortSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultDeviceTimeoutSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultRestartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultStartLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['DefaultStartLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure], + Optional['DefaultEnvironment'] => Variant[String, Systemd::SettingEnsure], + Optional['ManagerEnvironment'] => Variant[String, Systemd::SettingEnsure], + Optional['DefaultCPUAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultBlockIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Deprecated in v252. Delete after Debian 11 EOL + Optional['DefaultIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultIPAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultMemoryAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultTasksAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], + Optional['DefaultTasksMax'] => Variant[Enum['infinity'], Integer[0], Systemd::Unit::Percent, Systemd::SettingEnsure], + Optional['DefaultLimitCPU'] => Variant[Enum['infinity'], Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure], + Optional['DefaultLimitFSIZE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitDATA'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitSTACK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitCORE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitRSS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitNOFILE'] => Variant[Integer[-1], Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure], + Optional['DefaultLimitAS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure], + Optional['DefaultLimitMEMLOCK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitLOCKS'] => Variant[Integer[1], Systemd::SettingEnsure], + Optional['DefaultLimitSIGPENDING'] => Variant[Integer[1], Systemd::SettingEnsure], + Optional['DefaultLimitMSGQUEUE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure], + Optional['DefaultLimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$'], Systemd::SettingEnsure], + Optional['DefaultLimitRTPRIO'] => Variant[Integer[0], Systemd::SettingEnsure], + Optional['DefaultLimitRTTIME'] => Variant[Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure], + Optional['DefaultOOMPolicy'] => Variant[Enum['continue', 'stop','kill'], Systemd::SettingEnsure], + Optional['DefaultSmackProcessLabel'] => Variant[String, Systemd::SettingEnsure], + Optional['ReloadLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure], + Optional['ReloadLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure], + Optional['DefaultMemoryPressureWatch'] => Variant[Systemd::SettingEnsure], + Optional['DefaultMemoryPressureThresholdSec'] => Variant[Systemd::SettingEnsure], + } + # lint:endignore +] diff --git a/types/settingensure.pp b/types/settingensure.pp new file mode 100644 index 00000000..12e32577 --- /dev/null +++ b/types/settingensure.pp @@ -0,0 +1,2 @@ +# @summary Defines allowed ensure states for an ini_setting +type Systemd::SettingEnsure = Struct[{ 'ensure' => Enum['absent'] }] diff --git a/types/timespan.pp b/types/timespan.pp new file mode 100644 index 00000000..34f0eebf --- /dev/null +++ b/types/timespan.pp @@ -0,0 +1,6 @@ +# @summary Defines a timespan type +# @see https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html +type Systemd::Timespan = Variant[ + Integer[0], + Pattern[/^([0-9]+ *(usec|us|msec|ms|seconds?|sec|s|minutes?|min|m|hours?|hr|h|days?|d|weeks?|w|months?|M|years?|y)? *)+$/] +]