diff --git a/REFERENCE.md b/REFERENCE.md
index 42742cfd..9ba10833 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -15,6 +15,7 @@
* `systemd::coredump`: This class manages the systemd-coredump configuration.
* `systemd::install`: Install any systemd sub packages
+* `systemd::journal_remote`: This class manages and configures journal-remote.
* `systemd::journal_upload`: This class manages and configures journal-upload.
* `systemd::journald`: This class manages and configures journald.
* `systemd::logind`: This class manages systemd's login manager configuration.
@@ -57,6 +58,7 @@
* [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf
* [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files
+* [`Systemd::JournalRemoteSettings`](#Systemd--JournalRemoteSettings): Matches Systemd journal remote config Struct
* [`Systemd::JournalUploadSettings`](#Systemd--JournalUploadSettings): Matches Systemd journal upload config Struct
* [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct
* [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings
@@ -130,6 +132,8 @@ The following parameters are available in the `systemd` class:
* [`journald_settings`](#-systemd--journald_settings)
* [`manage_journal_upload`](#-systemd--manage_journal_upload)
* [`journal_upload_settings`](#-systemd--journal_upload_settings)
+* [`manage_journal_remote`](#-systemd--manage_journal_remote)
+* [`journal_remote_settings`](#-systemd--journal_remote_settings)
* [`manage_udevd`](#-systemd--manage_udevd)
* [`udev_log`](#-systemd--udev_log)
* [`udev_children_max`](#-systemd--udev_children_max)
@@ -480,6 +484,22 @@ Config Hash that is used to configure settings in journal-upload.conf
Default value: `{}`
+##### `manage_journal_remote`
+
+Data type: `Boolean`
+
+Manage the systemd journal remote server used to upload journals
+
+Default value: `false`
+
+##### `journal_remote_settings`
+
+Data type: `Systemd::JournalRemoteSettings`
+
+Config Hash that is used to configure settings in journal-remote.conf
+
+Default value: `{}`
+
##### `manage_udevd`
Data type: `Boolean`
@@ -2582,6 +2602,26 @@ custom datatype that validates filenames/paths for valid systemd dropin files
Alias of `Pattern['^[^/]+\.conf$']`
+### `Systemd::JournalRemoteSettings`
+
+Matches Systemd journal remote config Struct
+
+Alias of
+
+```puppet
+Struct[{
+ Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
+ Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure],
+ Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure],
+ }]
+```
+
### `Systemd::JournalUploadSettings`
Matches Systemd journal upload config Struct
diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml
index b5c6093e..a687f75b 100644
--- a/data/Debian-family.yaml
+++ b/data/Debian-family.yaml
@@ -1,3 +1,4 @@
---
systemd::nspawn_package: 'systemd-container'
systemd::journal_upload::package_name: 'systemd-journal-remote'
+systemd::journal_remote::package_name: 'systemd-journal-remote'
diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml
index f16889bc..baacfa17 100644
--- a/data/RedHat-family.yaml
+++ b/data/RedHat-family.yaml
@@ -3,3 +3,4 @@ systemd::networkd_package: systemd-networkd
systemd::nspawn_package: 'systemd-container'
systemd::resolved_package: 'systemd-resolved'
systemd::journal_upload::package_name: 'systemd-journal-remote'
+systemd::journal_remote::package_name: 'systemd-journal-remote'
diff --git a/manifests/init.pp b/manifests/init.pp
index 7382876e..693b8210 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -138,6 +138,12 @@
# @param journal_upload_settings
# Config Hash that is used to configure settings in journal-upload.conf
#
+# @param manage_journal_remote
+# Manage the systemd journal remote server used to upload journals
+#
+# @param journal_remote_settings
+# Config Hash that is used to configure settings in journal-remote.conf
+#
# @param manage_udevd
# Manage the systemd udev daemon
#
@@ -261,6 +267,8 @@
Systemd::JournaldSettings $journald_settings = {},
Boolean $manage_journal_upload = false,
Systemd::JournalUploadSettings $journal_upload_settings = {},
+ Boolean $manage_journal_remote = false,
+ Systemd::JournalRemoteSettings $journal_remote_settings = {},
Systemd::MachineInfoSettings $machine_info_settings = {},
Boolean $manage_udevd = false,
Optional[Variant[Integer,String]] $udev_log = undef,
@@ -367,6 +375,10 @@
contain systemd::journal_upload
}
+ if $manage_journal_remote {
+ contain systemd::journal_remote
+ }
+
if $manage_logind {
contain systemd::logind
}
diff --git a/manifests/journal_remote.pp b/manifests/journal_remote.pp
new file mode 100644
index 00000000..8a931b93
--- /dev/null
+++ b/manifests/journal_remote.pp
@@ -0,0 +1,37 @@
+# @api private
+# @summary This class manages and configures journal-remote.
+# @see https://www.freedesktop.org/software/systemd/man/journal-remote.conf.html
+#
+# @param package_name
+# name of the package to install for the functionality
+#
+class systemd::journal_remote (
+ Optional[String[1]] $package_name = undef,
+) {
+ assert_private()
+
+ if $package_name {
+ stdlib::ensure_packages($package_name)
+ }
+
+ service { 'systemd-journal-remote':
+ ensure => running,
+ }
+ $systemd::journal_remote_settings.each |$option, $value| {
+ ini_setting { "journal-remote_${option}":
+ path => '/etc/systemd/journal-remote.conf',
+ section => 'Remote',
+ setting => $option,
+ notify => Service['systemd-journal-remote'],
+ }
+ if $value =~ Systemd::JournaldSettings::Ensure {
+ Ini_setting["journal-remote_${option}"] {
+ * => $value,
+ }
+ } else {
+ Ini_setting["journal-remote_${option}"] {
+ value => $value,
+ }
+ }
+ }
+}
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index eb95d181..9ed6cabe 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -587,14 +587,23 @@
it { is_expected.not_to contain_service('systemd-journald') }
end
- context 'when journal-upload is enabled' do
+ context 'when journal-upload and journal-remote is enabled' do
let(:params) do
{
manage_journal_upload: true,
journal_upload_settings: {
'URL' => 'https://central.server:19532',
- 'ServerKeyFile' => '/tmp/key.pem',
- 'ServerCertificateFile' => '/tmp/cert.pem',
+ 'ServerKeyFile' => '/tmp/key-upload.pem',
+ 'ServerCertificateFile' => {
+ 'ensure' => 'absent',
+ },
+ 'TrustedCertificateFile' => '/tmp/cert-upload.pem',
+ },
+ manage_journal_remote: true,
+ journal_remote_settings: {
+ 'SplitMode' => 'host',
+ 'ServerKeyFile' => '/tmp/key-remote.pem',
+ 'ServerCertificateFile' => '/tmp/cert-remote.pem',
'TrustedCertificateFile' => {
'ensure' => 'absent',
},
@@ -604,39 +613,62 @@
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_service('systemd-journal-upload') }
+ it { is_expected.to contain_service('systemd-journal-remote') }
- it { is_expected.to have_ini_setting_resource_count(4) }
+ it { is_expected.to have_ini_setting_resource_count(8) }
it {
- expect(subject).to contain_ini_setting('journal-upload_URL').with(
+ expect(subject).to contain_ini_setting('journal-upload_TrustedCertificateFile').with(
path: '/etc/systemd/journal-upload.conf',
section: 'Upload',
- setting: 'URL',
+ setting: 'TrustedCertificateFile',
notify: 'Service[systemd-journal-upload]',
- value: 'https://central.server:19532'
+ value: '/tmp/cert-upload.pem'
)
}
it {
- expect(subject).to contain_ini_setting('journal-upload_TrustedCertificateFile').with(
+ expect(subject).to contain_ini_setting('journal-remote_TrustedCertificateFile').with(
+ path: '/etc/systemd/journal-remote.conf',
+ section: 'Remote',
+ setting: 'TrustedCertificateFile',
+ notify: 'Service[systemd-journal-remote]',
+ ensure: 'absent'
+ )
+ }
+
+ it {
+ expect(subject).to contain_ini_setting('journal-upload_ServerCertificateFile').with(
path: '/etc/systemd/journal-upload.conf',
section: 'Upload',
- setting: 'TrustedCertificateFile',
+ setting: 'ServerCertificateFile',
notify: 'Service[systemd-journal-upload]',
ensure: 'absent'
)
}
+
+ it {
+ expect(subject).to contain_ini_setting('journal-remote_ServerCertificateFile').with(
+ path: '/etc/systemd/journal-remote.conf',
+ section: 'Remote',
+ setting: 'ServerCertificateFile',
+ notify: 'Service[systemd-journal-remote]',
+ value: '/tmp/cert-remote.pem'
+ )
+ }
end
- context 'when journal-upload is not enabled' do
+ context 'when journal-upload/journal-remote is not enabled' do
let(:params) do
{
manage_journal_upload: false,
+ manage_journal_remote: false,
}
end
it { is_expected.to compile.with_all_deps }
it { is_expected.not_to contain_service('systemd-journal-upload') }
+ it { is_expected.not_to contain_service('systemd-journal-remote') }
end
context 'when disabling udevd management' do
diff --git a/types/journalremotesettings.pp b/types/journalremotesettings.pp
new file mode 100644
index 00000000..1648fa8f
--- /dev/null
+++ b/types/journalremotesettings.pp
@@ -0,0 +1,16 @@
+# Matches Systemd journal remote config Struct
+type Systemd::JournalRemoteSettings = Struct[
+ # lint:ignore:140chars
+ {
+ Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
+ Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure],
+ Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure],
+ }
+ # lint:endignore
+]