diff --git a/REFERENCE.md b/REFERENCE.md
index b671b662..42295a2e 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -15,6 +15,8 @@
* `systemd::coredump`: This class manages the systemd-coredump configuration.
* `systemd::install`: Install any systemd sub packages
+* `systemd::journal_remote`: This class manages and configures journal-remote.
+* `systemd::journal_upload`: This class manages and configures journal-upload.
* `systemd::journald`: This class manages and configures journald.
* `systemd::logind`: This class manages systemd's login manager configuration.
* `systemd::machine_info`: This class manages systemd's machine-info file (hostnamectl)
@@ -60,6 +62,8 @@
* [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities
* [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf
* [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files
+* [`Systemd::JournalRemoteSettings`](#Systemd--JournalRemoteSettings): matches Systemd journal remote config Struct
+* [`Systemd::JournalUploadSettings`](#Systemd--JournalUploadSettings): matches Systemd journal upload config Struct
* [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct
* [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings
* [`Systemd::LogLevel`](#Systemd--LogLevel): Defines allowed log levels
@@ -136,6 +140,10 @@ The following parameters are available in the `systemd` class:
* [`set_local_rtc`](#-systemd--set_local_rtc)
* [`manage_journald`](#-systemd--manage_journald)
* [`journald_settings`](#-systemd--journald_settings)
+* [`manage_journal_upload`](#-systemd--manage_journal_upload)
+* [`journal_upload_settings`](#-systemd--journal_upload_settings)
+* [`manage_journal_remote`](#-systemd--manage_journal_remote)
+* [`journal_remote_settings`](#-systemd--journal_remote_settings)
* [`manage_udevd`](#-systemd--manage_udevd)
* [`udev_log`](#-systemd--udev_log)
* [`udev_children_max`](#-systemd--udev_children_max)
@@ -475,6 +483,38 @@ Config Hash that is used to configure settings in journald.conf
Default value: `{}`
+##### `manage_journal_upload`
+
+Data type: `Boolean`
+
+Manage the systemd journal upload to a remote server
+
+Default value: `false`
+
+##### `journal_upload_settings`
+
+Data type: `Systemd::JournalUploadSettings`
+
+Config Hash that is used to configure settings in journal-upload.conf
+
+Default value: `{}`
+
+##### `manage_journal_remote`
+
+Data type: `Boolean`
+
+Manage the systemd journal remote server used to upload journals
+
+Default value: `false`
+
+##### `journal_remote_settings`
+
+Data type: `Systemd::JournalRemoteSettings`
+
+Config Hash that is used to configure settings in journal-remote.conf
+
+Default value: `{}`
+
##### `manage_udevd`
Data type: `Boolean`
@@ -2690,6 +2730,42 @@ custom datatype that validates filenames/paths for valid systemd dropin files
Alias of `Pattern['^[^/]+\.conf$']`
+### `Systemd::JournalRemoteSettings`
+
+matches Systemd journal remote config Struct
+
+Alias of
+
+```puppet
+Struct[{
+ Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
+ Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure],
+ Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure],
+ }]
+```
+
+### `Systemd::JournalUploadSettings`
+
+matches Systemd journal upload config Struct
+
+Alias of
+
+```puppet
+Struct[{
+ Optional['URL'] => Variant[Stdlib::HTTPUrl,Systemd::JournaldSettings::Ensure],
+ Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['NetworkTimeoutSec'] => Variant[Systemd::Unit::Timespan,Systemd::JournaldSettings::Ensure],
+ }]
+```
+
### `Systemd::JournaldSettings`
Matches Systemd journald config Struct
diff --git a/data/Debian-family.yaml b/data/Debian-family.yaml
index 5c644fa2..a687f75b 100644
--- a/data/Debian-family.yaml
+++ b/data/Debian-family.yaml
@@ -1,2 +1,4 @@
---
systemd::nspawn_package: 'systemd-container'
+systemd::journal_upload::package_name: 'systemd-journal-remote'
+systemd::journal_remote::package_name: 'systemd-journal-remote'
diff --git a/data/RedHat-family.yaml b/data/RedHat-family.yaml
index 199df535..baacfa17 100644
--- a/data/RedHat-family.yaml
+++ b/data/RedHat-family.yaml
@@ -2,3 +2,5 @@
systemd::networkd_package: systemd-networkd
systemd::nspawn_package: 'systemd-container'
systemd::resolved_package: 'systemd-resolved'
+systemd::journal_upload::package_name: 'systemd-journal-remote'
+systemd::journal_remote::package_name: 'systemd-journal-remote'
diff --git a/manifests/init.pp b/manifests/init.pp
index dc0e7f00..fa46b664 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -132,6 +132,18 @@
# @param journald_settings
# Config Hash that is used to configure settings in journald.conf
#
+# @param manage_journal_upload
+# Manage the systemd journal upload to a remote server
+#
+# @param journal_upload_settings
+# Config Hash that is used to configure settings in journal-upload.conf
+#
+# @param manage_journal_remote
+# Manage the systemd journal remote server used to upload journals
+#
+# @param journal_remote_settings
+# Config Hash that is used to configure settings in journal-remote.conf
+#
# @param manage_udevd
# Manage the systemd udev daemon
#
@@ -275,6 +287,10 @@
Boolean $purge_dropin_dirs = true,
Boolean $manage_journald = true,
Systemd::JournaldSettings $journald_settings = {},
+ Boolean $manage_journal_upload = false,
+ Systemd::JournalUploadSettings $journal_upload_settings = {},
+ Boolean $manage_journal_remote = false,
+ Systemd::JournalRemoteSettings $journal_remote_settings = {},
Systemd::MachineInfoSettings $machine_info_settings = {},
Boolean $manage_udevd = false,
Optional[Variant[Integer,String]] $udev_log = undef,
@@ -383,6 +399,14 @@
contain systemd::journald
}
+ if $manage_journal_upload {
+ contain systemd::journal_upload
+ }
+
+ if $manage_journal_remote {
+ contain systemd::journal_remote
+ }
+
if $manage_logind {
contain systemd::logind
}
diff --git a/manifests/journal_remote.pp b/manifests/journal_remote.pp
new file mode 100644
index 00000000..c22c8bd7
--- /dev/null
+++ b/manifests/journal_remote.pp
@@ -0,0 +1,38 @@
+# @api private
+# @summary This class manages and configures journal-remote.
+# @see https://www.freedesktop.org/software/systemd/man/journal-remote.conf.html
+#
+# @param package_name
+# name of the package to install for the functionality
+#
+class systemd::journal_remote (
+ Optional[String[1]] $package_name = undef,
+) {
+ assert_private()
+
+ if $package_name {
+ stdlib::ensure_packages($package_name)
+ }
+
+ service { 'systemd-journal-remote':
+ ensure => running,
+ enable => true,
+ }
+ $systemd::journal_remote_settings.each |$option, $value| {
+ ini_setting { "journal-remote_${option}":
+ path => '/etc/systemd/journal-remote.conf',
+ section => 'Remote',
+ setting => $option,
+ notify => Service['systemd-journal-remote'],
+ }
+ if $value =~ Systemd::JournaldSettings::Ensure {
+ Ini_setting["journal-remote_${option}"] {
+ * => $value,
+ }
+ } else {
+ Ini_setting["journal-remote_${option}"] {
+ value => $value,
+ }
+ }
+ }
+}
diff --git a/manifests/journal_upload.pp b/manifests/journal_upload.pp
new file mode 100644
index 00000000..35095131
--- /dev/null
+++ b/manifests/journal_upload.pp
@@ -0,0 +1,46 @@
+# @api private
+# @summary This class manages and configures journal-upload.
+# @see https://www.freedesktop.org/software/systemd/man/journald.conf.html
+#
+# @param package_name
+# name of the package to install for the functionality
+#
+# @param service_ensure
+# what we ensure for the service
+#
+# @param service_enable
+# to enable the service
+#
+class systemd::journal_upload (
+ Optional[String[1]] $package_name = undef,
+ Enum['running','stopped'] $service_ensure = 'running',
+ Boolean $service_enable = true,
+) {
+ assert_private()
+
+ if $package_name {
+ stdlib::ensure_packages($package_name)
+ }
+
+ service { 'systemd-journal-upload':
+ ensure => $service_ensure,
+ enable => $service_enable,
+ }
+ $systemd::journal_upload_settings.each |$option, $value| {
+ ini_setting { "journal-upload_${option}":
+ path => '/etc/systemd/journal-upload.conf',
+ section => 'Upload',
+ setting => $option,
+ notify => Service['systemd-journal-upload'],
+ }
+ if $value =~ Systemd::JournaldSettings::Ensure {
+ Ini_setting["journal-upload_${option}"] {
+ * => $value,
+ }
+ } else {
+ Ini_setting["journal-upload_${option}"] {
+ value => $value,
+ }
+ }
+ }
+}
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 4e90a50d..af732ffa 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -675,6 +675,101 @@
it { is_expected.not_to contain_service('systemd-journald') }
end
+ context 'when journal-upload and journal-remote is enabled' do
+ let(:params) do
+ {
+ manage_journal_upload: true,
+ journal_upload_settings: {
+ 'URL' => 'https://central.server:19532',
+ 'ServerKeyFile' => '/tmp/key-upload.pem',
+ 'ServerCertificateFile' => {
+ 'ensure' => 'absent',
+ },
+ 'TrustedCertificateFile' => '/tmp/cert-upload.pem',
+ },
+ manage_journal_remote: true,
+ journal_remote_settings: {
+ 'SplitMode' => 'host',
+ 'ServerKeyFile' => '/tmp/key-remote.pem',
+ 'ServerCertificateFile' => '/tmp/cert-remote.pem',
+ 'TrustedCertificateFile' => {
+ 'ensure' => 'absent',
+ },
+ },
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+
+ it {
+ is_expected.to contain_service('systemd-journal-upload').with(
+ ensure: 'running',
+ enable: true
+ )
+ }
+
+ it {
+ is_expected.to contain_service('systemd-journal-remote').with(
+ ensure: 'running'
+ )
+ }
+
+ it { is_expected.to have_ini_setting_resource_count(8) }
+
+ it {
+ expect(subject).to contain_ini_setting('journal-upload_TrustedCertificateFile').with(
+ path: '/etc/systemd/journal-upload.conf',
+ section: 'Upload',
+ setting: 'TrustedCertificateFile',
+ notify: 'Service[systemd-journal-upload]',
+ value: '/tmp/cert-upload.pem'
+ )
+ }
+
+ it {
+ expect(subject).to contain_ini_setting('journal-remote_TrustedCertificateFile').with(
+ path: '/etc/systemd/journal-remote.conf',
+ section: 'Remote',
+ setting: 'TrustedCertificateFile',
+ notify: 'Service[systemd-journal-remote]',
+ ensure: 'absent'
+ )
+ }
+
+ it {
+ expect(subject).to contain_ini_setting('journal-upload_ServerCertificateFile').with(
+ path: '/etc/systemd/journal-upload.conf',
+ section: 'Upload',
+ setting: 'ServerCertificateFile',
+ notify: 'Service[systemd-journal-upload]',
+ ensure: 'absent'
+ )
+ }
+
+ it {
+ expect(subject).to contain_ini_setting('journal-remote_ServerCertificateFile').with(
+ path: '/etc/systemd/journal-remote.conf',
+ section: 'Remote',
+ setting: 'ServerCertificateFile',
+ notify: 'Service[systemd-journal-remote]',
+ value: '/tmp/cert-remote.pem'
+ )
+ }
+ end
+
+ context 'when journal-upload/journal-remote is not enabled' do
+ let(:params) do
+ {
+ manage_journal_upload: false,
+ manage_journal_remote: false,
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.not_to contain_service('systemd-journal-upload') }
+ it { is_expected.not_to contain_service('systemd-journal-remote') }
+ end
+
context 'when disabling udevd management' do
let(:params) do
{
diff --git a/types/journalremotesettings.pp b/types/journalremotesettings.pp
new file mode 100644
index 00000000..80d5f492
--- /dev/null
+++ b/types/journalremotesettings.pp
@@ -0,0 +1,16 @@
+# @summary matches Systemd journal remote config Struct
+type Systemd::JournalRemoteSettings = Struct[
+ # lint:ignore:140chars
+ {
+ Optional['Seal'] => Variant[Enum['yes','no'],Systemd::JournaldSettings::Ensure],
+ Optional['SplitMode'] => Variant[Enum['host','none'],Systemd::JournaldSettings::Ensure],
+ Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['MaxUse'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['KeepFree'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFileSize'] => Variant[Systemd::Unit::Amount,Systemd::JournaldSettings::Ensure],
+ Optional['MaxFiles'] => Variant[Integer,Systemd::JournaldSettings::Ensure],
+ }
+ # lint:endignore
+]
diff --git a/types/journaluploadsettings.pp b/types/journaluploadsettings.pp
new file mode 100644
index 00000000..8ce6149b
--- /dev/null
+++ b/types/journaluploadsettings.pp
@@ -0,0 +1,12 @@
+# @summary matches Systemd journal upload config Struct
+type Systemd::JournalUploadSettings = Struct[
+ # lint:ignore:140chars
+ {
+ Optional['URL'] => Variant[Stdlib::HTTPUrl,Systemd::JournaldSettings::Ensure],
+ Optional['ServerKeyFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['ServerCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['TrustedCertificateFile'] => Variant[Stdlib::Unixpath,Systemd::JournaldSettings::Ensure],
+ Optional['NetworkTimeoutSec'] => Variant[Systemd::Unit::Timespan,Systemd::JournaldSettings::Ensure],
+ }
+ # lint:endignore
+]