Forge Home

systemd

Manages systemd-specific things (so everything).

6,493 downloads

6,493 latest version

1.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.0.0 (latest)
released Jan 7th 2018
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.0.0 < 5.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'kb-systemd', '0.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add kb-systemd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install kb-systemd --version 0.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

kb/systemd — version 0.0.0 Jan 7th 2018

systemd

overview

This module manages systemd – the EMACS without the editor.

module description

This module does not cure systemdisease. It may allay the symptoms of it, but a professional treatment is advised.

As systemdisease is under research as is this module. Anyway, since it's first public release it is considered to notably ease the pain of affected sysadmins. However, further tests have to be conducted.

My guaranty: This module is as bad as what it manages (or even worse). I mean, c'mon, let's take over everything that's possible – what a dumb idea (instead of contributing to existing projects, you know).

setup

what systemd affects

Haha, what doesn't it?

setup requirements

Following software is not managed by any means through this module.

  • Several things require a shell.
  • Some things require coreutils.
  • Some things require grep(1).

Furthermore, your system has to run on the systemd operating system. It is not checked, whether the current runtime is actually powered by systemd.

reference

Enough for the systemd bashing (we'll come to that back later). Here comes the reference.

My policy regarding case-sensitive languages (like ruby): identifiers are written in snake_case, all letters in lower-case [in case in-sensitive language I do use camelCase]. Therefore systemd.directives(7) are adapted accordingly. Usually they're prefixed with the [section] name they belong to. Furthermore identifiers are limited to a length of 29 characters. So sometimes I've arbitrarily shortened the names from systemd.

This module is primarily aimed to prevent obvious mistakes. It does not prevent you from doing stupid things.



classes

  • systemd
  • systemd::params: holds defaults
  • systemd::install: installs systemd, optionally uninstalls some conflicting software
  • systemd::config: resource collectors and systemd(1) configuration per se
  • systemd::daemon: [since ::service is taken]

parameters

All the following parameters are for the systemd basis class.

Note: No configuration (determined by the following class parameters) is performed, if systemd_package_version is either 'absent' or 'purged'. This note is not repeated at each individual configuration parameter.


systemd_package_name
  • abstract: The name of the systemd package.

  • behavior:

    • any string: the Package['systemd'] gets managed by this module, where Package['systemd']['name'] = systemd_package_name.

    • undef: Package['systemd'] isn't be managed by this module

  • allowed values: a non-empty string or undef

  • default: 'systemd' on all platforms


systemd_package_version
  • abstract: the version of the package specified by systemd_package_name

  • behavior:

    • 'absent', 'purged': Remove or purge the package specified by systemd_package_name [Class] configuration files aren't managed anymore.

    • any other string: the package version is updated accordingly and all (class) configuration files are managed (provided their manage_XYZ_conf is true)

  • allowed values: any non-empty string

  • default: present


systemd_local_gens_dir
  • abstract: whether the directory /etc/systemd/system-generators/ shall be created

  • behavior:

    • true: the directory becomes managed. Any un-managed files in there are purged. Changes in this directory trigger a generator re-run. See systemd.generator(7) for more information.

    • false: no additional behavior

  • acceptable values: true, false

  • default value: false


collect_systemd_resources
  • abstract: whether systemd::config collects all systemd::* defined type resources

  • behavior

    • true: In systemd::config all defined type resources are collected with a resource collector. This is used to trigger a systemctl daemon-reload in systemd::daemon.

    • false: The functionality described at true is not added. On more complex set-ups you'd get quite fast into trouble with dependency cycles.

  • Note: The defined resource types establish the link unit_file ↝ associated_service. This only works as expected, if systemd doesn't use cached units. The catch-all solution is to leave this parameter to true.

  • acceptable values: true, false

  • default value: true


remove_rather_purge_conflicts
  • abstract: whether packages conflicting with systemd annexed services ar just removed instead of purged

  • behavior:

    • true: remove conflicting packages (ensure => absent)

    • false: purge conflicting packages (ensure => purged)

  • allowed values: true and false

  • default: false


systemd_networkd_ensure
  • abstract: Service['networkd']['ensure']

  • behavior

    • 'running'/'stopped': stop or run the systemd-networkd(8) service

    • undef: the network daemon is not managed by this module

  • allowed values: 'running', 'stopped', and undef

  • default: undef


systemd_networkd_enable
  • abstract: Service['networkd']['enable']

  • behavior:

    • true/false: the systemd-networkd does or does not start on boot

    • undef: this setting is not modified. The “vendor preset” seems to be disabled (do not start at boottime).

  • allowed values: true, false and undef

  • default: undef


manage_networkd_competitors
  • abstract: whether to take care of other network management packages

  • behavior

    • true: purge packages specified by networkd_competitors_packages. Beware: Some network managers de_configure the network, if they're asked to sign off (because of the de-installation) This leads to you losing network connectivity _during the puppet run, possibly ending up in a mis-configured machine.

    • false: do not remove any package. Note: You have to take care of other competing network management programs by yourself, if you'd like to give systemd-networkd(8) the sole control. Just disabling the service { 'networking': enable => false} [or mask], so they aren't started at the next boot, seems to be the most clean solution.

  • allowed values: false, true

  • default: false


networkd_competitors_packages
  • abstract: the package to remove, if manage_networkd_competitors

  • allowed values: an array of non-empty strings

  • default: $systemd::params::networkd_competitors_packages, which is platform-independently ['ifupdown', 'ifupdown2', 'libnm-glib4'] (hint: nm = NetworkManager)


systemd_resolved_ensure
  • abstract: Service['resolved']['ensure']

  • behavior

    • 'running'/'stopped': stop or run the systemd-resolved(8) service

    • undef: Service['resolved'] ain't managed by this module

  • allowed values: 'running', 'stopped' and undef

  • default: undef


systemd_resolved_enable
  • abstract: Service['resolved']['enable']

  • behavior:

    • true/false: the systemd-resolved will or will not start on boot

    • undef: this setting isn't be modified. the “vendor preset” seems to be enabled (start on boot)

  • allowed values: true, false and undef

  • default: undef


manage_resolv_conf_symlink
  • abstract: make symlink /etc/resolv.conf → /run/systemd/resolve/resolv.conf

  • behavior:

  • allowed values: true and false

  • default: false


systemd_timesyncd_ensure
  • abstract: Service['timesyncd']['ensure']

  • behavior:

    • 'running': it is ensured, that the systemd-timesyncd is running

    • 'stopped': it is ensured, that the systemd-timesyncd is stopped

    • undef the systemd-timesyncd(8) doesn't get managed by this module

  • allowed values: true, false, and undef

  • default value: undef


systemd_timesyncd_enable
  • abstract: Service['timesyncd']['enable']

  • behavior:

    • true: the systemd-timesyncd starts on boot

    • false: the systemd-timesyncd won't start on boot

    • undef: do not touch this setting the “vendor preset” seems to be enabled (start on boot)

  • allowed values: true, false and undef

  • default: undef


manage_timesyncd_conflicts
  • abstract: whether to “take care of” other NTPds

  • behavior

    • true: in '/lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf' (a drop-in configuration file) systemd-timesyncd(8) refuses to start, in case there are any other executable NTPds (not necessarily running). This module can take care of them by removing the relevant packages specified by timesyncd_package_conflicts. See also remove_rather_purge_conflicts.

    • false: You have to resolve the situation on your own, if you'd like to use the systemd-timesyncd(8).

  • allowed values: true and false

  • default: false


timesyncd_package_conflicts
  • abstract: a list of packages conflicting with systemd-timesyncd(8)

  • allowed values: an array of non-empty strings

  • default: ['chrony', 'ntp', 'openntpd']


manage_loc_systemd_conf

purge_loc_systemd_conf_dir
  • abstract: enable recursive purge in /etc/systemd/system.conf.d/

  • behavior

    • false: do not touch /etc/systemd/system.conf.d/

    • If true, files (and directories) in /etc/systemd/system.conf.d/ already present, but not managed by puppet, get deleted. It ensures the directory system.conf.d/ is existent, and only contains files you want, since “[t]he main configuration file [system.conf] is read before any of the configuration directories, and has the lowest precedence” (quote from systemd-system.conf(5)). There's no distinction being made between *.conf files and others.

  • allowed values: true and false

  • default: false


manage_loc_journald_conf
  • abstract: whether to manage /etc/systemd/journald.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_journald_conf_dir
  • abstract: whether to manage /etc/systemd/journald.conf.d/

  • behavior

    • true: the directory /etc/systemd/journald.conf.d/ is created and emptied of any unmanaged files. You definitely want that if you manage_loc_journald_conf, because /etc/systemd/journald.conf takes lowest precedence.

    • false: the directory /etc/systemd/journald.conf.d/ is neither created, modified, nor emptied

  • allowed values: true and false

  • default: false


manage_loc_logind_conf
  • abstract: whether to manage /etc/systemd/logind.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_logind_conf_dir
  • abstract: whether to free /etc/systemd/logind.conf.d/ from unmanaged files

  • behavior

    • true: everything in the folder /etc/systemd/logind.conf.d/ is deleted, unless it's managed by puppet.

    • false: don't worry about /etc/systemd/logind.conf.d/

  • allowed values: true and false

  • default: false


manage_loc_resolved_conf
  • abstract: whether to manage /etc/systemd/resolved.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_resolved_conf_dir
  • abstract: whether to manage /etc/systemd/resolved.conf.d/

  • behavior

    • true: ensure the directory /etc/systemd/resolved.conf.d/ is present and only contains files managed by puppet. You want that, since /etc/systemd/resolved.conf (the local configuration file) takes lowest precendence.

    • false: don't give a fuck about /etc/systemd/resolved.conf.d/

  • allowed values: true and false

  • default value: false


manage_loc_timesyncd_conf
  • abstract: whether to manage /etc/systemd/timesyncd.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_timesyncd_conf_dir
  • abstract: whether the folder /etc/systemd/timesyncd.conf.d/ is freed from unmanaged files

  • behavior:

    • true: ensure the directory /etc/systemd/timesyncd.conf.d/ is present, and does not contain any unmanaged files (= files not managed via puppet)

    • false: ignore any presence or absence of the directory or files in there

  • allowed values: true and false

  • default: false


manage_loc_system_preset_dir
  • abstract: whether the directory /etc/systemd/system-preset/ becomes managed

  • behavior

    • true: the directory /etc/systemd/system-preset/ is created. This does not free the directory from unmanaged files. For that see purge_loc_system_preset_dir.

    • false: don't care about the directory /etc/systemd/system-preset/

  • allowed values: true and false

  • default: false


purge_loc_system_preset_dir
  • abstract: whether anything below purge_loc_system_preset_dir, that's not managed by puppet, is deleted

  • behavior

    • true: delete any unmanaged files/directories below /etc/systemd/system-preset/.

    • false: don't care about any files and or directories in /etc/systemd/system-preset/.

  • note: This parameter only has an effect, if manage_loc_system_preset_dir is true.

  • allowed values: true and false

  • default: false


manage_loc_bootchart_conf
  • abstract: whether to manage /etc/systemd/bootchart.conf

  • behavior

    • true: the file is /etc/systemd/bootchart.conf is created with template systemd_bootchart_conf_erb

    • false: do not locally configure systemd-bootchart(1)

  • allowed values: true and false

  • default: false


purge_loc_bootchart_conf_dir
  • abstract: manage /etc/systemd/bootchart.conf.d/

  • behavior

    • true: the directory /etc/systemd/bootchart.conf.d/ is managed by this module. It is freed from any unmanaged files.

    • false: do not do anything regarding /etc/systemd/bootchart.conf.d/

  • allowed values: true and false

  • default: false


manage_loc_sleep_conf
  • abstract: do manage /etc/systemd/sleep.conf

  • behavior

    • true: the file /etc/systemd/sleep.conf becomes managed by this module and is filled with the template specified by systemd_sleep_conf_erb

    • false: do not care about /etc/systemd/sleep.conf

  • allowed values: true and false

  • default: false


purge_loc_sleep_conf_dir
  • abstract: whether to manage /etc/systemd/sleep.conf.d/

  • behavior

    • true: the directory /etc/systemd/sleep.conf.d/ is present and does not contain any unmanaged files

    • false: nothing happens

  • allowed values: true and false

  • default: false


manage_modules_load_dir
  • abstract: whether to manage /etc/modules-load.d/

  • behavior

    • true: if not present, the directory /etc/modules-load.d/ is created, and is held free from any unmanaged files

    • false: no additional behavior

  • allowed values: true and false

  • default: false


manage_machine_info
  • abstract: whether to manage /etc/machine-info

  • behavior

  • allowed values: true and false

  • default: false


machine_info_provider
  • abstract: how to manage machine-info(5), assumed it is managed

  • behavior

    • 'hostnamectl': the machine-info(5) are manipulated by proper hostnamectl(1) calls

    • 'template': the file /etc/machine-info is filled with the contents of a template

  • allowed values: 'hostnamectl', 'template'

  • default: 'hostnamectl'


manage_sysusers_dir
  • abstract: whether to manage /etc/sysusers.d/

  • behavior

    • true: ensures the directory /etc/sysusers.d/ is present and does not contain any unmanaged files

    • false: do not do anything related to sysusers.d(5)

  • allowed values: true and false

  • default: false


etc_network_interfaces_note
  • abstract: whether to place a note in /etc/network/interfaces

  • behavior

  • allowed values: true and false

  • default: false


etc_network_interfaces_erb
  • abstract: the template used to render the note for etc_network_interfaces_note

  • allowed values: a non-empty string

  • default: 'systemd/etc_network_interfaces.erb'


manage_sysctl_conf
  • abstract: whether to manage /etc/sysctl.conf

  • behavior

    • true: the sysctl.conf(5) is generated by the template sysctl_conf_template (there's no default template!)

    • false: do not manage sysctl.conf(5)

  • allowed values: true and false

  • default: false


manage_sysctl_directory
  • abstract: whether to manage directory /etc/sysctl.d/

  • behavior

    • true: there is a directory /etc/sysctl.d/ and it does not contain any unmanaged files

    • false: do not do anything regarding sysctl.d

  • allowed values: true and false

  • default: false


manage_udev_conf
  • abstract: whether to manage /etc/udev/udev.conf

    • true: ensures the contents of /etc/udev/udev.conf comply with the rendered template udev_conf_template

    • false: nothing's done

  • allowed values: true and false

  • default: false


manage_locale_conf
  • abstract: whether to manage /etc/locale.conf

  • note: the generation of locales is not (yet) triggered. Configuring systemd to use non-present locales can lead to strange effects.

  • allowed values: true and false

  • default: false


locale_conf_provider
  • behavior

    • 'localectl': manipulation of /etc/locale.conf is done via a localectl(1) call. Apparently localectl(1) does not create the /etc/locale.conf resulting in the exec-resource being applied each run.

    • 'template': the locale.conf(5) is created by template

  • allowed values: 'localectl' and 'template'

  • default: 'template'


manage_localtime
  • abstract: whether to manage localtime(5)

  • behavior

  • allowed values: true and false

  • default: false


localtime_provider
  • abstract: how to manage /etc/localtime

  • behavior

    • 'timedatectl': the file /etc/localtime is managed by systemd's tool timedatectl(1). This is the preferred way, since timedatectl(1) fails, if the linked target does not exist.

    • 'file': the /etc/localtime is managed as a plain file resource. This method might be a tick faster. Specifying a non-existent timezone is not detected.

  • note: this class does not manage the tzdata package (where the data in /usr/share/zoneinfo/ originate from). It's pretty unlikely though, not having this package via some dependency.

  • allowed value: 'timedatectl' and 'file'

  • default: 'timedatectl'


systemd_system_conf_erb

systemd_journald_conf_erb

systemd_logind_conf_erb

systemd_resolved_conf_erb

systemd_timesyncd_conf_erb

systemd_bootchart_conf_erb
  • abstract: the template to use rendering a bootchart.conf(5)

  • behavior: see manage_loc_bootchart_conf

  • allowed values: any non-empty string

  • default: 'systemd/bootchart_conf.erb'


systemd_sleep_conf_erb

sysctl_conf_template
  • abstract: the template to use in order to render a sysctl.conf(5)

  • behavior: see manage_sysctl_conf

  • allowed values: any non-empty string or undef

  • default valued: undef (we can't provide a template for the great variety of kernels)


udev_conf_template
  • abstract: the template to generate a udev.conf(5) with

  • behavior: see manage_udev_conf

  • allowed values: any non-empty string

  • default: 'systemd/udev_conf.erb'


manager_log_level

manager_log_target

manager_log_color

manager_log_location

manager_dump_core
  • abstract: see for DumpCore= in systemd-system.conf(5) and --dump-core in systemd(1) for more information

  • behavior:

    • This parameter controls the values in system.conf if it's managed by this module with the default template. It does not change the kernel command line.
  • allowed values: true, false, and undef

  • default: undef


manager_crash_shell

manager_show_status

manager_crash_ch_vt

manager_default_stdout
  • abstract: see --default-standard-output= in systemd(1)

  • allowed values: 'inherit', 'null', 'tty', 'journal', 'journal+console', 'syslog', 'syslog+console', 'kmsg', 'kmsg+console', and undef

  • default: undef


manager_default_stderr
  • abstract: see --default-standard-error= in systemd(1)

  • allowed values: 'inherit', 'null', 'tty', 'journal', 'journal+console', 'syslog', 'syslog+console', 'kmsg', 'kmsg+console', and undef

  • default value: undef


manager_cpu_affinity

manager_join_controllers
  • abstract: see JoinControllers= in systemd-system.conf(5)

  • allowed values: undef and temporarily an array of plain strings with at least one element (TODO: shall become a hash with proper named keys)

  • default: undef


manager_runtime_watchdog_sec

manager_shutdown_watchdog_sec

manager_capability_bound_set
  • abstract: see CapabilityBoundingSet= in `systemd-system.conf(5)

  • allowed values: undef and a properly formed hash: The hash has two keys: ['inverted_selection', 'capabilities']. 'inverted_selection' has to be a boolean values. 'capabilities' has to be an array of capability names holding at least one element.

  • example: {inverted_selection => true, capabilities => ['CAP_SYSLOG']}

  • default: undef


manager_syscall_architectures

manager_timer_slack_nanosec

manager_default_timer_accurac

manager_default_to_start_sec

manager_default_to_stop_sec

manager_default_restart_sec

manager_default_start_lim_int

manager_default_start_lim_brs

manager_default_environment
  • abstract: see DefaultEnvironment= in systemd-system.conf(5)

  • behavior

    • the default system.conf template uses this parameter

    • values containing blanks are automatically surrounded by inch-signs ("). do not include them

  • allowed values

    • undef

    • a non-empty hash with a non-empty string as key and either a string, a integer (rendered as decimal), or a non-empty array of non-empty strings and/or integers

  • example: {'foo' => 'bar', 'answer' => 42, 'things' => ['X', 'Y', 3], 'flag' => ''} renders as DefaultEnvironment = foo=bar answer=42 "things=X Y 3" foo=\n

  • default: undef


manager_default_cpu_acct

manager_default_block_io_acct

manager_default_memory_acct

manager_default_lim_cpu

manager_default_lim_fsize

manager_default_lim_data

manager_default_lim_stack

manager_default_lim_core

manager_default_lim_rss

manager_default_lim_nofile

manager_default_lim_as

manager_default_lim_nproc

manager_default_lim_memlock

manager_default_lim_locks

manager_default_lim_sigpendin

manager_default_lim_msgqueue

manager_default_lim_nice

manager_default_lim_rtprio

manager_default_lim_rttime

journal_storage

journal_compress

journal_seal

journal_split_mode

journal_rate_limit_interval
  • abstract: see RateLimitInterval= in journald.conf(5)

  • allowed values: a non-negative integer, and undef

  • default: undef


journal_rate_limit_burst

journal_system_max_use

journal_system_keep_free

journal_system_max_file_size

journal_runtime_max_use

journal_runtime_keep_free

journal_runtime_max_file_size

journal_max_file_sec

journal_max_retention_sec

journal_sync_interval_sec

journal_forward_to_syslog

journal_forward_to_kmsg

journal_forward_to_console

journal_forward_to_wall

journal_max_level_store
  • abstract: see MaxLevelStore= in journald.conf(5)

  • allowed values: 0, 1, 2, 3, 4, 5, 6, 7, 'emerg', 'alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug', and undef

  • default: undef


journal_max_level_syslog

journal_max_level_kmsg

journal_max_level_console

journal_max_level_wall

journal_tty_path

login_n_auto_vts

login_reserve_vt

login_kill_user_processes

login_kill_only_users
  • abstract: limit the contract killer's subjects. See KillOnlyUsers= in logind.conf(5) for more about the contract killers modalities.

  • allowed values: undef, a non-empty array of strings (w/o blanks but at least one character), or ['']

  • example: undef (KillOnlyUsers= is checked after KillExcludeUsers=)

  • default: undef


login_kill_exclude_users
  • abstract: see KillExcludeUsers= in logind.conf(5)

  • allowed values: undef, an array with an empty string, or a non-empty array of non-empty strings

  • examples: ['root', 'someOtherImportantUser'] (processes by root and someOtherImportantUser aren't killed), [''] (even root gets killed)

  • default: undef


login_idle_action
  • abstract: see IdleAction= in logind.conf(5)

  • acceptable values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef


login_idle_action_sec

login_inhibit_delay_max_sec

login_handle_power_key
  • abstract: see HandlePowerKey= in logind.conf(5)

  • allowed values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef


login_handle_suspend_key
  • abstract: see HandleSuspendKey= in logind.conf(5)

  • acceptable values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default


login_handle_hibernate_key
  • abstract: see HandleHibernateKey= in logind.conf(5)

  • allowed values: 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default value: undef


login_handle_lid_sw
  • abstract: see HandleLidSwitch= in journald.conf

  • allowed values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef


login_handle_lid_sw_docked

login_power_key_ign_inhib

login_suspend_key_ign_inhib

login_hibernate_key_ign_inhib

login_lid_switch_ign_inhib

login_holdoff_timeout_sec

login_runtime_directory_size
  • abstract: corresponds to the RuntimeDirectorySize setting in journald.conf(5)

  • example: login_runtime_directory_size => Integer($::facts['memory']['system']['available_bytes'] * 0.08)

  • valid values: undef and any non-negative integer

  • default: undef


login_remove_ipc

resolve_dns
  • abstract: see DNS= in resolved.conf(5)

  • allowed values: undef, or an array. The array can contain arrays of four integers between 0 and 255, or eight integers 0x0 and 0xFFFF.

  • example: [[10,1,2,240], [10,2,2,240]]

  • default: undef


resolve_fallback_dns

resolve_domains
  • abstract: see Domains= in resolved.conf(5)

  • allowed values: undef, or a non-empty array of non-empty strings containing no blanks

  • example: ['acmenet']

  • default: undef


resolve_llmnr

resolve_dnssec

resolve_cache

time_ntp
  • abstract: see NTP= in timesyncd.conf(5)

  • allowed values: undef, or an array. The array can contain non-empty strings, array of four integers between 0 and 255, or an array of eight integers between 0x0 and 0xFFFF

  • example: ['ntp.acmenet']

  • default: undef


time_fallback_ntp

sleep_suspend_mode

sleep_hibernate_mode

sleep_hybrid_sleep_mode

sleep_suspend_state

sleep_hibernate_state

sleep_hybrid_sleep_state

bootchart_samples
  • abstract: see Samples= in bootchart.conf(5)

  • allowed values: non-negative integers, or undef

  • default: undef


bootchart_frequency
  • abstract: see Frequency= in bootchart.conf(5)

  • allowed values: a positive integer or float, and undef

  • default: undef


bootchart_relative
  • abstract: see Relative= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_filter
  • abstract: see Filter= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_output
  • abstract: see Output= in bootchart.conf(5)

  • allowed values: undef, or an absolute path (no spaces)

  • default: undef


bootchart_init
  • abstract: see Init= in bootchart.conf(5) for details

  • allowed values: undef, or an absolute path (no spaces)

  • default: undef


bootchart_plot_memory_usage
  • abstract: see PlotMemoryUsage= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_plot_entropy_graph
  • abstract: see PlotEntropyGraph= in bootchart.conf(5)

  • acceptable values: true, false, and undef

  • default: undef


bootchart_scale_x
  • abstract: see ScaleX= in bootchart.conf(5)

  • allowed values: a positive integer, and undef

  • default: undef


bootchart_scale_y
  • abstract: see ScaleY= in bootchart.conf(5)

  • allowed values: a positive integer, and undef

  • default: undef


bootchart_control_group
  • abstract: see ControlGroup= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_per_cpu
  • abstract: see PerCPU= in bootchart.conf(5)

  • allowed values: false, true, and undef

  • default: undef


machine_info_pretty_hostname

machine_info_icon_name

machine_info_chassis
  • abstract: see CHASSIS= in machine-info(5)

  • allowed values: undef, default, 'desktop', 'laptop', 'tablet', 'handset', 'watch', 'embedded', 'vm', 'container', 'server'

  • default: undef


machine_info_deployment

machine_info_location

locale_conf_lang
  • abstract: sets LANG= in locale.conf(5)

  • allowed values: undef, or an ASCII word (possibly including underscores, dots, and dashes)

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_language
  • abstract: sets LANGUAGE= in locale.conf(5)

  • allowed values: undef, or locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_ctype
  • abstract: sets LC_CTYPE= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_numeric
  • abstract: sets LC_NUMERIC= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_time
  • abstract: sets LC_TIME= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_collate
  • abstract: sets LC_COLLATE= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_monetary
  • abstract: sets LC_MONETARY= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_messages
  • abstract: sets LC_MESSAGES= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_paper
  • abstract: sets LC_PAPER= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef


locale_conf_lc_name
  • abstract: sets LC_NAME= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_address
  • abstract: sets LC_ADDRESS= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_telephone
  • abstract: sets LC_TELEPHONE= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef


locale_conf_lc_measurement
  • abstract: sets LC_MEASUREMENT= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef


locale_conf_lc_identification
  • abstract: sets LC_IDENTIFICATION= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


localtime
  • abstract: the timezone name for localtime(5)

  • behavior:

  • allowed values: undef or a non-empty string of the ASCII characters in [a-zA-Z0-9+-_/]. The string must not end on a slash.

  • example: 'UTC' (recommended, set TZ="Europe/Berlin" [or whatever] via pam_env.so for uid > 999)

  • default value: 'UTC'


udev_conf_udev_log
  • abstract: see udev_log in udev.conf(5)

  • allowed values: 'err', 'info', 'debug', a non-negative integer smaller than eight, and undef

  • default: undef



Types

You can use any of those types, without having to use my Class['systemd']. So you can manage your systemd somehow else, or not at all.

However, defined types, which end up in creating unit files, should be reloaded with systemctl daemon-reload. You can use collect_systemd_resources from the systemd class for this.


systemd::unit

Limitations:

  • Currently you cannot sort Condition*=/Assert*= statements (plural!). See the proper section in systemd.unit(5) what implications this has.

ensure
  • abstract: What to do with this resource.

  • value behaviors:

    • undef disables any management of any child resource. Only compilation has to succeed.

    • default automatically determines the default $ensure, which is 'present'.

    • 'absent' ensures the unit file is absent.

    • 'present' ensures the unit file is present and filled with proper content.

  • accepted values: undef, default, 'absent', 'present'

  • default value: default


path
  • abstract: Where to place the unit file.

  • value behaviors:

    • default determines the path by using $title. For that $title may not contain spaces or slashes. The proper unit type suffix .unit is automatically appended.

    • a string: the unit file gets placed at the specified path. The directories for manage_conf_dir, manage_wants_dir, and manage_requires_dir are placed accordingly.

  • accepted values: default, and an absolute path, not containing any spaces, and not ending on a slash

  • default: default


mode
  • abstract: The file mode of regular files.

  • value behaviors:

    • default loads $systemd::params::systemd_unit_default_mode (which is 0644)

    • undef passes undef as mode to regular file resources

  • accepted values: undef, default, and any string of positive length

  • default value: default


owner
  • abstract: The owner of regular files.

  • value behaviors:

    • default loads $systemd::params::systemd_unit_default_owner By now it is 'root' on some platforms and falls back to uid 0 for any other.
  • accepted values: undef, default, non-negative integers, and any string of positive length

  • default value: default


group
  • abstract: The group of regular files.

  • value behaviours:

    • default loads $systemd::params::systemd_unit_default_group. This value may be OS-specific. Currently known are 'root' and 'wheel' for some platforms. It falls back to uid 0 for unknown platforms.
  • accepted values: undef, default, non-negative integers, and any string of positive length

  • default value: default


content_template
  • abstract: the *.erb template to use, in order to render the *.unit file

  • behavior:

    • default: the proper default template is loaded

    • a non-empty string: your specified template is used

  • allowed values: default, or a non-empty string

  • default value: default


validate_cmd
  • abstract: This is a pass-through to all (by the defined type) managed unit files.

  • value behaviors:

    • default: Loads the default $systemd::params::systemd_unit_validate_cmd, which currently is /usr/bin/systemd-analyze verify %.

    • undef: do not perform any validation

    • any non-empty string: validate with the specified command

  • Note: systemd-analyze verify checks for dependencies, too. You have to add proper ordering to your resource declarations to make validation succeed. There are also implicit dependencies and default dependencies. You have to take extra care, if your unit depends on a generated unit (compare systemd.generator(7)).

  • recommendation: if you work with multiple systemd versions, set this parameter (possibly using a resource defaults statement) to default (or other reasonable string)

  • accepted values: undef, default, and any string of positive length

  • default: undef


validate_replacement
  • This is direct pass-through to all (by the defined type) managed file resources.

  • accepted values: undef, and any string of positive length

  • default: undef


checksum
  • abstract: this is passed through to all child file resources

  • allowed values: undef, 'md5', 'md5lite', 'sha256', 'sha256lite', 'mtime', 'ctime', 'none'

  • default: undef


show_diff
  • direct pass-through to all files

  • accepted values: undef, true and false

  • default value: undef


backup
  • direct pass-through to all files

  • allowed values: undef, true, false, and any string

  • default value: undef


blame
  • abstract: attributes blame in the standard template

  • behavior: puts this value in the line starting with # auth: (author)

  • allowed values: a string

  • default: $systemd::params::systemd_unit_default_owner


manage_wants_dir
  • abstract: whether the <unit_name>.wants/ directory is managed

  • behavior

    • false: do not care about <unit_name>.wants/ directory

    • true: the file resource with the .wants suffix is managed

  • acceptable values: true, false

  • default: false


wants_dir_mode
  • abstract: what file mode the .wants/ directory has (if manage_wants_dir)

  • allowed values: undef, a non-empty string, or default

  • default: default


wants_dir_owner
  • abstract: the owner of the .wants/ directory (if manage_wants_dir)

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default


wants_dir_group
  • abstract: the owning group of the .wants/ directory (if manage_wants_dir)

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default


wants_dir_complete_control
  • abstract: only explicit file resources residing in the .wants/ directory are allowed

  • behavior:

    • false: ignore files in the .wants/ directory, which aren't managed by puppet

    • true: recurse and purge with force (only has an effect if manage_wants_dir)

  • acceptable value: false, true

  • default: false


manage_requires_dir
  • abstract: whether to manage the <unit_name>.requires/ directory

  • behavior

    • false: the absence or presence of the .requires/ directory, or anything in it, is ignored

    • true: the .requires/ directory is present (or absent depending on ensure)

  • acceptable values: true, false

  • default: false


requires_dir_mode
  • abstract: the directory mode of the .requires/ directory (if managed and present)

  • allowed values: undef, a non-empty string, or default

  • default: default


requires_dir_owner
  • abstract: the owner of the .requires/ directory, if managed

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default: default


requires_dir_group
  • abstract: the group of the .requires/ directory, if managed

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default: default


requires_dir_complete_control
  • abstract: only file resources explicitely managed by puppet inside the .requires/ directory

  • behavior

    • false: unmanaged files in the .requires/ directory are not deleted (unless manage_requires_dir and ensure is 'absent')

    • true: unmanaged files in the .requires/ directory are deleted

  • allowed values: true, or false

  • default: false


manage_conf_dir
  • abstract: whether to manage the <unit_name>.d/ directory

  • behavior

    • true: the .d/ directory presence depends on ensure

    • false: do not care about the .d/ directory

  • allowed values: yea (true), or nay (false)

  • default: false


conf_dir_mode
  • abstract: the .d/ directory's file mode (if managed by this resource)

  • allowed values: undef, a non-empty string, or default

  • default value: default


conf_dir_owner
  • abstract: the owner of the .d/ directory

  • allowed values: undef, a non-negative integer, a non-empty string, default

  • default value: default


conf_dir_group
  • abstract: the group of the .d/ directory

  • behavior

    • undef: no explicit group assigned

    • default: the default group is loaded. This is 'root' on debian-like systems. It is 'wheel' on FreeBSD-like systems. Otherwise 0 (zero).

    • any other literal: the group you specified is enforced

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default


conf_dir_complete_control
  • abstract: whether to take care of unmanaged files/directories inside the .d/ directory

  • allowed values: false, true

  • default: false


unit_description

unit_documentation
  • abstract: see Documentation= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, starting with http://, https://, file:, info:, man:. These strings require at least one non-blank character after the file specifier. Also the empty string '' is allowed.

  • example: ['https://wiki.acme.lan/wiki/DocumentedThing']

  • default: undef


unit_requires
  • abstract: see Requires= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain any spaces

  • example: ['data.mount']

  • default: undef


unit_requires_overridable

unit_requisite

unit_requisite_overridable

unit_wants
  • abstract: see Wants= in systemd.unit(5)

  • allowed values: a non-empty array of strings not bearing any spaces, or undef

  • default: undef


unit_binds_to
  • abstract: see BindsTo= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, containing no spaces

  • default: undef


unit_part_of
  • abstract: see PartOf= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain spaces

  • default value: undef


unit_conflicts
  • abstract: see Conflicts= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain any spaces

  • example: ['init.service']

  • default: undef


unit_before
  • abstract: see Before= in systemd.unit(5)

  • acceptable values: undef, or a non-empty array of strings having no spaces

  • default: undef


unit_after
  • abstract: see After= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which don't contain spaces

  • default: undef


unit_on_failure

unit_propagates_reload_to

unit_reload_propagated_from

unit_joins_namespace_of

unit_requires_mount_for

unit_on_failure_job_mode
  • abstract: see OnFailureJobMode= in systemd.unit(5)

  • allowed values: 'fail', 'replace', 'replace-irreversibly', 'isolate', 'flush', 'ignore-dependencies', 'ignore-requirements', and undef

  • default: undef


unit_ignore_on_isolate

unit_ignore_on_snapshot

unit_stop_when_unneeded

unit_refuse_manual_start

unit_refuse_manual_stop

unit_allow_isolate

unit_default_dependencies

unit_job_timeout_sec

unit_job_timeout_action
  • abstract: see JobTimeoutAction= in systemd.unit(5)

  • allowed values: 'none', 'reboot', 'reboot-force', 'reboot-immediate', 'poweroff', 'poweroff-force', 'poweroff-immediate', and undef

  • default: undef


unit_job_timeout_reboot_arg

unit_condition_architecture

unit_condition_virtualization

unit_condition_host

unit_condition_kernel_cmdline

unit_condition_security

unit_condition_capability

unit_condition_ac_power

unit_condition_needs_update

unit_condition_first_boot

unit_condition_path_exists

unit_condition_path_exists_gl

unit_condition_path_is_dir

unit_condition_path_is_syml

unit_condition_path_is_mntpt

unit_condition_path_is_rw

unit_condition_dir_not_empty

unit_condition_file_not_empty

unit_condition_file_is_exec

unit_assert_architecture

unit_assert_virtualization

unit_assert_host

unit_assert_kernel_cmdline

unit_assert_security

unit_assert_capability

unit_assert_ac_power

unit_assert_needs_update