From 210b8045aee4af71b0ab3bef812ddac14afd9fd0 Mon Sep 17 00:00:00 2001 From: Benedikt Trefzer Date: Tue, 13 Aug 2024 14:31:50 +0200 Subject: [PATCH] add journal-remote settings --- REFERENCE.md | 40 +++++++++++++++++++++++++++ data/Debian-family.yaml | 1 + data/RedHat-family.yaml | 1 + manifests/init.pp | 12 ++++++++ manifests/journal_remote.pp | 37 +++++++++++++++++++++++++ spec/classes/init_spec.rb | 50 ++++++++++++++++++++++++++++++++++ types/journalremotesettings.pp | 16 +++++++++++ 7 files changed, 157 insertions(+) create mode 100644 manifests/journal_remote.pp create mode 100644 types/journalremotesettings.pp diff --git a/REFERENCE.md b/REFERENCE.md index 8f61754e..5c366b58 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -15,6 +15,7 @@ * `systemd::coredump`: This class manages the systemd-coredump configuration. * `systemd::install`: Install any systemd sub packages +* `systemd::journal_remote`: This class manages and configures journal-remote. * `systemd::journald`: This class manages and configures journald. * `systemd::logind`: This class manages systemd's login manager configuration. * `systemd::machine_info`: This class manages systemd's machine-info file (hostnamectl) @@ -56,6 +57,7 @@ * [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf * [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files +* [`Systemd::JournalRemoteSettings`](#Systemd--JournalRemoteSettings): Matches Systemd journal remote config Struct * [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct * [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings * [`Systemd::LogindSettings`](#Systemd--LogindSettings): Matches Systemd Login Manager Struct @@ -126,6 +128,8 @@ The following parameters are available in the `systemd` class: * [`set_local_rtc`](#-systemd--set_local_rtc) * [`manage_journald`](#-systemd--manage_journald) * [`journald_settings`](#-systemd--journald_settings) +* [`manage_journal_remote`](#-systemd--manage_journal_remote) +* [`journal_remote_settings`](#-systemd--journal_remote_settings) * [`manage_udevd`](#-systemd--manage_udevd) * [`udev_log`](#-systemd--udev_log) * [`udev_children_max`](#-systemd--udev_children_max) @@ -460,6 +464,22 @@ Config Hash that is used to configure settings in journald.conf Default value: `{}` +##### `manage_journal_remote` + +Data type: `Boolean` + +Manage the systemd journal remote server used to upload journals + +Default value: `false` + +##### `journal_remote_settings` + +Data type: `Systemd::JournalRemoteSettings` + +Config Hash that is used to configure settings in journal-remote.conf + +Default value: `{}` + ##### `manage_udevd` Data type: `Boolean` @@ -2562,6 +2582,26 @@ custom datatype that validates filenames/paths for valid systemd dropin files Alias of `Pattern['^[^/]+\.conf$']` +### `Systemd::JournalRemoteSettings` + +Matches Systemd journal remote config Struct + +Alias of + +```puppet +Struct[{ + Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure], + Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure], + Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure], + }] +``` + ### `Systemd::JournaldSettings` Matches Systemd journald config Struct diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml index 5c644fa2..6dd5c759 100644 --- a/data/Debian-family.yaml +++ b/data/Debian-family.yaml @@ -1,2 +1,3 @@ --- systemd::nspawn_package: 'systemd-container' +systemd::journal_remote::package_name: 'systemd-journal-remote' diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml index 199df535..1881725f 100644 --- a/data/RedHat-family.yaml +++ b/data/RedHat-family.yaml @@ -2,3 +2,4 @@ systemd::networkd_package: systemd-networkd systemd::nspawn_package: 'systemd-container' systemd::resolved_package: 'systemd-resolved' +systemd::journal_remote::package_name: 'systemd-journal-remote' diff --git a/manifests/init.pp b/manifests/init.pp index 56575d24..dfcdde5e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -132,6 +132,12 @@ # @param journald_settings # Config Hash that is used to configure settings in journald.conf # +# @param manage_journal_remote +# Manage the systemd journal remote server used to upload journals +# +# @param journal_remote_settings +# Config Hash that is used to configure settings in journal-remote.conf +# # @param manage_udevd # Manage the systemd udev daemon # @@ -253,6 +259,8 @@ Boolean $purge_dropin_dirs = true, Boolean $manage_journald = true, Systemd::JournaldSettings $journald_settings = {}, + Boolean $manage_journal_remote = false, + Systemd::JournalRemoteSettings $journal_remote_settings = {}, Systemd::MachineInfoSettings $machine_info_settings = {}, Boolean $manage_udevd = false, Optional[Variant[Integer,String]] $udev_log = undef, @@ -355,6 +363,10 @@ contain systemd::journald } + if $manage_journal_remote { + contain systemd::journal_remote + } + if $manage_logind { contain systemd::logind } diff --git a/manifests/journal_remote.pp b/manifests/journal_remote.pp new file mode 100644 index 00000000..1e9f51fa --- /dev/null +++ b/manifests/journal_remote.pp @@ -0,0 +1,37 @@ +# @api private +# @summary This class manages and configures journal-remote. +# @see https://www.freedesktop.org/software/systemd/man/journal-remote.conf.html +# +# @param package_name +# name of the package to install for the functionality +# +class systemd::journal_remote ( + Optional[String[1]] $package_name = undef, +) { + assert_private() + + if $package_name { + stdlib::ensure_packages($package_name) + } + + service { 'systemd-journal-remote': + ensure => running, + } + $systemd::journal_upload_settings.each |$option, $value| { + ini_setting { $option: + path => '/etc/systemd/journal-remote.conf', + section => 'Remote', + setting => $option, + notify => Service['systemd-journal-remote'], + } + if $value =~ Hash { + Ini_setting[$option] { + * => $value, + } + } else { + Ini_setting[$option] { + value => $value, + } + } + } +} diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 1be26d8a..dd9fcf24 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -587,6 +587,56 @@ it { is_expected.not_to contain_service('systemd-journald') } end + context 'when journal-remote is enabled' do + let(:params) do + { + manage_journal_remote: true, + journal_remote_settings: { + 'SplitMode' => 'host', + 'ServerKeyFile' => '/tmp/key.pem', + 'ServerCertificateFile' => '/tmp/cert.pem', + 'TrustedCertificateFile' => { + 'ensure' => 'absent', + }, + }, + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.to contain_service('systemd-journal-remote') } + + it { is_expected.to have_ini_setting_resource_count(4) } + + it { + expect(subject).to contain_ini_setting('SplitMode').with( + path: '/etc/systemd/journal-remote.conf', + section: 'Remote', + notify: 'Service[systemd-journal-remote]', + value: 'host' + ) + } + + it { + expect(subject).to contain_ini_setting('TrustedCertificateFile').with( + path: '/etc/systemd/journal-remote.conf', + section: 'Remote', + notify: 'Service[systemd-journal-remote]', + ensure: 'absent' + ) + } + end + + context 'when journal-remote is not enabled' do + let(:params) do + { + manage_journal_remote: false, + } + end + + it { is_expected.to compile.with_all_deps } + it { is_expected.not_to contain_service('systemd-journal-remote') } + end + context 'when disabling udevd management' do let(:params) do { diff --git a/types/journalremotesettings.pp b/types/journalremotesettings.pp new file mode 100644 index 00000000..1648fa8f --- /dev/null +++ b/types/journalremotesettings.pp @@ -0,0 +1,16 @@ +# Matches Systemd journal remote config Struct +type Systemd::JournalRemoteSettings = Struct[ + # lint:ignore:140chars + { + Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure], + Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure], + Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure], + Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure], + Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure], + } + # lint:endignore +]