Forge Home

systemd_journal_remote

Installs, configures, and manages the systemd journal remote service

740 downloads

548 latest version

5.0 quality score

Version information

  • 0.2.0 (latest)
  • 0.1.0
released Jan 30th 2022
This version is compatible with:
  • Puppet Enterprise 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • , , , , Archlinux, ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'genv-systemd_journal_remote', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add genv-systemd_journal_remote
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install genv-systemd_journal_remote --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

genv/systemd_journal_remote — version 0.2.0 Jan 30th 2022

systemd journal remote

Build Status Release Apache-2 License

Overview

This module installs, configures and manages the following remote journald services:

  • systemd-journal-remote
  • systemd-journal-upload
  • systemd-journal-gatewayd

Package Management

By default, depending on the distribution, the systemd-journal-remote package is managed. The ::systemd_journal_remote class is required by all other services managed by this module.

# Default package management
class { '::systemd_journal_remote':
  manage_package => true,
  package_name   => 'systemd-journal-remote',
  package_ensure => present,
}

Example Usage

Remote Service

The systemd-journal-remote service can be used to receive journal messages over the network with the ::systemd_journal_remote::remote class.

include ::systemd_journal_remote::remote

By default, to ensure the service runs without configuration, journal-remote listens over HTTP and outputs to /var/log/journal/remote/.

To receive over HTTPS (recommended) and use trusted connections with Puppet certificates:

# Passive configuration example
class { '::systemd_journal_remote::remote':
  command_flags => {
    'listen-https' => '0.0.0.0:19532',
    'compress'     => 'yes',
    'output'       => '/var/log/journal/remote/',
  },
  options       => {
    'SplitMode'              => 'host',
    'ServerKeyFile'          => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
    'ServerCertificateFile'  => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
    'TrustedCertificateFile' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
  }
}

To pull data from another source in:

# Active configuration example
class { '::systemd_journal_remote::remote':
  command_flags => {
    'url'    => 'https://some.host:19531/',
    'getter' => "'curl \"-HAccept: application/vnd.fdo.journal\" https://some.host:19531/'",
    'output' => '/var/log/journal/remote/',
  },
  options       => {
    'SplitMode' => 'host',
  }
}

The command_flags and options parameters available mirror those documented in man systemd-journal-remote and man journal-remote.conf.

Upload Service

The systemd-journal-upload service can be used to upload (send) journal messages over the network with the ::systemd_journal_remote::upload class.

By default this class is configured to upload over HTTP to http://0.0.0.0:19532 and save its current state to /var/lib/systemd/journal-upload/state.

To send journal events over HTTPS using Puppet certificates:

# Upload over HTTPS with Puppet certificates
class { '::systemd_journal_remote::upload':
  command_flags => {
    'save-state' => '/var/lib/systemd/journal-upload/state',
  },
  options       => {
    'URL'                    => 'https://0.0.0.0:19532',
    'ServerKeyFile'          => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
    'ServerCertificateFile'  => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
    'TrustedCertificateFile' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
    'NetworkTimeoutSec'      => '30',
  }
}

Gateway Daemon Service

The systemd-journal-gatewayd service can be used as a HTTP server to request journal logs as server-sent events, binary or in text/JSON using the ::systemd_journal_remote::gatewayd class.

By default the server listens on all interfaces over HTTP on port 19531. To use HTTPS add the cert option.

# Expect HTTPS connection using Puppet certificates
class { '::systemd_journal_remote::gatewayd':
  command_flags => {
    'key'   => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
    'cert'  => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
    'trust' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
  }
}

Limitations

SSL certificates are not managed by this module. You will need to ensure the systemd-journal-(remote|upload|gateway) users have the correct access to the necessary files.

This module only manages the systemd-journal-(remote|upload|gatewayd) systemd service ExecStart, journal-remote.conf and journal-upload.conf configuration files and the initial package installation.