Forge Home

systemd_journal_remote

Installs, configures, and manages the systemd journal remote service

1,771 downloads

341 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.1.0 (latest)
  • 1.0.0
  • 0.2.0
  • 0.1.0
released Nov 26th 2022
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • , , , , Archlinux, ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'genv-systemd_journal_remote', '1.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add genv-systemd_journal_remote
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install genv-systemd_journal_remote --version 1.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

genv/systemd_journal_remote — version 1.1.0 Nov 26th 2022

systemd journal remote

Build Status Release Puppet Forge Apache-2 License

Overview

This module installs, configures and manages the following remote journald services:

  • systemd-journal-remote
  • systemd-journal-upload
  • systemd-journal-gatewayd

Package Management

By default, depending on the distribution, the systemd-journal-remote package is managed. The ::systemd_journal_remote class is required by all other services managed by this module.

# Default package management
class { '::systemd_journal_remote':
  manage_package => true,
  package_name   => 'systemd-journal-remote',
  package_ensure => present,
}

Example Usage

Remote Service

The systemd-journal-remote service can be used to receive journal messages over the network with the ::systemd_journal_remote::remote class.

include ::systemd_journal_remote::remote

By default, to ensure the service runs without configuration, journal-remote listens over HTTP and outputs to /var/log/journal/remote/.

To receive over HTTPS (recommended) and use trusted connections with Puppet certificates:

# Passive configuration example
class { '::systemd_journal_remote::remote':
  command_flags => {
    'listen-https' => '0.0.0.0:19532',
    'compress'     => 'yes',
    'output'       => '/var/log/journal/remote/',
  },
  options       => {
    'SplitMode'              => 'host',
    'ServerKeyFile'          => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
    'ServerCertificateFile'  => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
    'TrustedCertificateFile' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
  }
}

To pull data from another source in:

# Active configuration example
class { '::systemd_journal_remote::remote':
  command_flags => {
    'url'    => 'https://some.host:19531/',
    'getter' => "'curl \"-HAccept: application/vnd.fdo.journal\" https://some.host:19531/'",
    'output' => '/var/log/journal/remote/',
  },
  options       => {
    'SplitMode' => 'host',
  }
}

The command_flags and options parameters available mirror those documented in man systemd-journal-remote and man journal-remote.conf.

Upload Service

The systemd-journal-upload service can be used to upload (send) journal messages over the network with the ::systemd_journal_remote::upload class.

By default this class is configured to upload over HTTP to http://0.0.0.0:19532 and save its current state to /var/lib/systemd/journal-upload/state.

To send journal events over HTTPS using Puppet certificates:

# Upload over HTTPS with Puppet certificates
class { '::systemd_journal_remote::upload':
  command_flags => {
    'save-state' => '/var/lib/systemd/journal-upload/state',
  },
  options       => {
    'URL'                    => 'https://0.0.0.0:19532',
    'ServerKeyFile'          => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
    'ServerCertificateFile'  => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
    'TrustedCertificateFile' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
    'NetworkTimeoutSec'      => '30',
  }
}

Gateway Daemon Service

The systemd-journal-gatewayd service can be used as a HTTP server to request journal logs as server-sent events, binary or in text/JSON using the ::systemd_journal_remote::gatewayd class.

By default the server listens on all interfaces over HTTP on port 19531. To use HTTPS add the cert option.

# Expect HTTPS connection using Puppet certificates
class { '::systemd_journal_remote::gatewayd':
  command_flags => {
    'key'   => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
    'cert'  => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
    'trust' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
  }
}

Limitations

SSL certificates are not managed by this module. You will need to ensure the systemd-journal-(remote|upload|gateway) users have the correct access to the necessary files.

This module only manages the systemd-journal-(remote|upload|gatewayd) systemd service ExecStart, journal-remote.conf and journal-upload.conf configuration files and the initial package installation.