Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

systemd

Manages systemd-specific things (so everything).
Project URLRSS FeedReport issues

6,493 downloads

6,493 latest version

1.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.0.0 (latest)
released Jan 7th 2018
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.0.0 < 5.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'kb-systemd', '0.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add kb-systemd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install kb-systemd --version 0.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: service, init, journald, emacs, systemd, anti-unix, logind, networkd, resolved, timedated, timesyncd, sucks

Documentation

kb/systemd — version 0.0.0 Jan 7th 2018

systemd

overview

This module manages systemd – the EMACS without the editor.

module description

This module does not cure systemdisease. It may allay the symptoms of it, but a professional treatment is advised.

As systemdisease is under research as is this module. Anyway, since it's first public release it is considered to notably ease the pain of affected sysadmins. However, further tests have to be conducted.

My guaranty: This module is as bad as what it manages (or even worse). I mean, c'mon, let's take over everything that's possible – what a dumb idea (instead of contributing to existing projects, you know).

setup

what systemd affects

Haha, what doesn't it?

setup requirements

Following software is not managed by any means through this module.

  • Several things require a shell.
  • Some things require coreutils.
  • Some things require grep(1).

Furthermore, your system has to run on the systemd operating system. It is not checked, whether the current runtime is actually powered by systemd.

reference

Enough for the systemd bashing (we'll come to that back later). Here comes the reference.

My policy regarding case-sensitive languages (like ruby): identifiers are written in snake_case, all letters in lower-case [in case in-sensitive language I do use camelCase]. Therefore systemd.directives(7) are adapted accordingly. Usually they're prefixed with the [section] name they belong to. Furthermore identifiers are limited to a length of 29 characters. So sometimes I've arbitrarily shortened the names from systemd.

This module is primarily aimed to prevent obvious mistakes. It does not prevent you from doing stupid things.

classes

  • systemd
  • systemd::params: holds defaults
  • systemd::install: installs systemd, optionally uninstalls some conflicting software
  • systemd::config: resource collectors and systemd(1) configuration per se
  • systemd::daemon: [since ::service is taken]

parameters

All the following parameters are for the systemd basis class.

Note: No configuration (determined by the following class parameters) is performed, if systemd_package_version is either 'absent' or 'purged'. This note is not repeated at each individual configuration parameter.

systemd_package_name

  • abstract: The name of the systemd package.

  • behavior:

    • any string: the Package['systemd'] gets managed by this module, where Package['systemd']['name'] = systemd_package_name.

    • undef: Package['systemd'] isn't be managed by this module

  • allowed values: a non-empty string or undef

  • default: 'systemd' on all platforms

systemd_package_version

  • abstract: the version of the package specified by systemd_package_name

  • behavior:

    • 'absent', 'purged': Remove or purge the package specified by systemd_package_name [Class] configuration files aren't managed anymore.

    • any other string: the package version is updated accordingly and all (class) configuration files are managed (provided their manage_XYZ_conf is true)

  • allowed values: any non-empty string

  • default: present

systemd_local_gens_dir

  • abstract: whether the directory /etc/systemd/system-generators/ shall be created

  • behavior:

    • true: the directory becomes managed. Any un-managed files in there are purged. Changes in this directory trigger a generator re-run. See systemd.generator(7) for more information.

    • false: no additional behavior

  • acceptable values: true, false

  • default value: false

collect_systemd_resources

  • abstract: whether systemd::config collects all systemd::* defined type resources

  • behavior

    • true: In systemd::config all defined type resources are collected with a resource collector. This is used to trigger a systemctl daemon-reload in systemd::daemon.

    • false: The functionality described at true is not added. On more complex set-ups you'd get quite fast into trouble with dependency cycles.

  • Note: The defined resource types establish the link unit_file ↝ associated_service. This only works as expected, if systemd doesn't use cached units. The catch-all solution is to leave this parameter to true.

  • acceptable values: true, false

  • default value: true

remove_rather_purge_conflicts

  • abstract: whether packages conflicting with systemd annexed services ar just removed instead of purged

  • behavior:

    • true: remove conflicting packages (ensure => absent)

    • false: purge conflicting packages (ensure => purged)

  • allowed values: true and false

  • default: false

systemd_networkd_ensure

  • abstract: Service['networkd']['ensure']

  • behavior

    • 'running'/'stopped': stop or run the systemd-networkd(8) service

    • undef: the network daemon is not managed by this module

  • allowed values: 'running', 'stopped', and undef

  • default: undef

systemd_networkd_enable

  • abstract: Service['networkd']['enable']

  • behavior:

    • true/false: the systemd-networkd does or does not start on boot

    • undef: this setting is not modified. The “vendor preset” seems to be disabled (do not start at boottime).

  • allowed values: true, false and undef

  • default: undef

manage_networkd_competitors

  • abstract: whether to take care of other network management packages

  • behavior

    • true: purge packages specified by networkd_competitors_packages. Beware: Some network managers de_configure the network, if they're asked to sign off (because of the de-installation) This leads to you losing network connectivity _during the puppet run, possibly ending up in a mis-configured machine.

    • false: do not remove any package. Note: You have to take care of other competing network management programs by yourself, if you'd like to give systemd-networkd(8) the sole control. Just disabling the service { 'networking': enable => false} [or mask], so they aren't started at the next boot, seems to be the most clean solution.

  • allowed values: false, true

  • default: false

networkd_competitors_packages

  • abstract: the package to remove, if manage_networkd_competitors

  • allowed values: an array of non-empty strings

  • default: $systemd::params::networkd_competitors_packages, which is platform-independently ['ifupdown', 'ifupdown2', 'libnm-glib4'] (hint: nm = NetworkManager)

systemd_resolved_ensure

  • abstract: Service['resolved']['ensure']

  • behavior

    • 'running'/'stopped': stop or run the systemd-resolved(8) service

    • undef: Service['resolved'] ain't managed by this module

  • allowed values: 'running', 'stopped' and undef

  • default: undef

systemd_resolved_enable

  • abstract: Service['resolved']['enable']

  • behavior:

    • true/false: the systemd-resolved will or will not start on boot

    • undef: this setting isn't be modified. the “vendor preset” seems to be enabled (start on boot)

  • allowed values: true, false and undef

  • default: undef

manage_resolv_conf_symlink

  • abstract: make symlink /etc/resolv.conf → /run/systemd/resolve/resolv.conf

  • behavior:

  • allowed values: true and false

  • default: false

systemd_timesyncd_ensure

  • abstract: Service['timesyncd']['ensure']

  • behavior:

    • 'running': it is ensured, that the systemd-timesyncd is running

    • 'stopped': it is ensured, that the systemd-timesyncd is stopped

    • undef the systemd-timesyncd(8) doesn't get managed by this module

  • allowed values: true, false, and undef

  • default value: undef

systemd_timesyncd_enable

  • abstract: Service['timesyncd']['enable']

  • behavior:

    • true: the systemd-timesyncd starts on boot

    • false: the systemd-timesyncd won't start on boot

    • undef: do not touch this setting the “vendor preset” seems to be enabled (start on boot)

  • allowed values: true, false and undef

  • default: undef

manage_timesyncd_conflicts

  • abstract: whether to “take care of” other NTPds

  • behavior

    • true: in '/lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf' (a drop-in configuration file) systemd-timesyncd(8) refuses to start, in case there are any other executable NTPds (not necessarily running). This module can take care of them by removing the relevant packages specified by timesyncd_package_conflicts. See also remove_rather_purge_conflicts.

    • false: You have to resolve the situation on your own, if you'd like to use the systemd-timesyncd(8).

  • allowed values: true and false

  • default: false

timesyncd_package_conflicts

  • abstract: a list of packages conflicting with systemd-timesyncd(8)

  • allowed values: an array of non-empty strings

  • default: ['chrony', 'ntp', 'openntpd']

manage_loc_systemd_conf
purge_loc_systemd_conf_dir

  • abstract: enable recursive purge in /etc/systemd/system.conf.d/

  • behavior

    • false: do not touch /etc/systemd/system.conf.d/

    • If true, files (and directories) in /etc/systemd/system.conf.d/ already present, but not managed by puppet, get deleted. It ensures the directory system.conf.d/ is existent, and only contains files you want, since “[t]he main configuration file [system.conf] is read before any of the configuration directories, and has the lowest precedence” (quote from systemd-system.conf(5)). There's no distinction being made between *.conf files and others.

  • allowed values: true and false

  • default: false

manage_loc_journald_conf

  • abstract: whether to manage /etc/systemd/journald.conf

  • behavior

  • allowed values: true and false

  • default: false

purge_loc_journald_conf_dir

  • abstract: whether to manage /etc/systemd/journald.conf.d/

  • behavior

    • true: the directory /etc/systemd/journald.conf.d/ is created and emptied of any unmanaged files. You definitely want that if you manage_loc_journald_conf, because /etc/systemd/journald.conf takes lowest precedence.

    • false: the directory /etc/systemd/journald.conf.d/ is neither created, modified, nor emptied

  • allowed values: true and false

  • default: false

manage_loc_logind_conf

  • abstract: whether to manage /etc/systemd/logind.conf

  • behavior

  • allowed values: true and false

  • default: false

purge_loc_logind_conf_dir

  • abstract: whether to free /etc/systemd/logind.conf.d/ from unmanaged files

  • behavior

    • true: everything in the folder /etc/systemd/logind.conf.d/ is deleted, unless it's managed by puppet.

    • false: don't worry about /etc/systemd/logind.conf.d/

  • allowed values: true and false

  • default: false

manage_loc_resolved_conf

  • abstract: whether to manage /etc/systemd/resolved.conf

  • behavior

  • allowed values: true and false

  • default: false

purge_loc_resolved_conf_dir

  • abstract: whether to manage /etc/systemd/resolved.conf.d/

  • behavior

    • true: ensure the directory /etc/systemd/resolved.conf.d/ is present and only contains files managed by puppet. You want that, since /etc/systemd/resolved.conf (the local configuration file) takes lowest precendence.

    • false: don't give a fuck about /etc/systemd/resolved.conf.d/

  • allowed values: true and false

  • default value: false

manage_loc_timesyncd_conf

  • abstract: whether to manage /etc/systemd/timesyncd.conf

  • behavior

  • allowed values: true and false

  • default: false

purge_loc_timesyncd_conf_dir

  • abstract: whether the folder /etc/systemd/timesyncd.conf.d/ is freed from unmanaged files

  • behavior:

    • true: ensure the directory /etc/systemd/timesyncd.conf.d/ is present, and does not contain any unmanaged files (= files not managed via puppet)

    • false: ignore any presence or absence of the directory or files in there

  • allowed values: true and false

  • default: false

manage_loc_system_preset_dir

  • abstract: whether the directory /etc/systemd/system-preset/ becomes managed

  • behavior

    • true: the directory /etc/systemd/system-preset/ is created. This does not free the directory from unmanaged files. For that see purge_loc_system_preset_dir.

    • false: don't care about the directory /etc/systemd/system-preset/

  • allowed values: true and false

  • default: false

purge_loc_system_preset_dir

  • abstract: whether anything below purge_loc_system_preset_dir, that's not managed by puppet, is deleted

  • behavior

    • true: delete any unmanaged files/directories below /etc/systemd/system-preset/.

    • false: don't care about any files and or directories in /etc/systemd/system-preset/.

  • note: This parameter only has an effect, if manage_loc_system_preset_dir is true.

  • allowed values: true and false

  • default: false

manage_loc_bootchart_conf

  • abstract: whether to manage /etc/systemd/bootchart.conf

  • behavior

    • true: the file is /etc/systemd/bootchart.conf is created with template systemd_bootchart_conf_erb

    • false: do not locally configure systemd-bootchart(1)

  • allowed values: true and false

  • default: false

purge_loc_bootchart_conf_dir

  • abstract: manage /etc/systemd/bootchart.conf.d/

  • behavior

    • true: the directory /etc/systemd/bootchart.conf.d/ is managed by this module. It is freed from any unmanaged files.

    • false: do not do anything regarding /etc/systemd/bootchart.conf.d/

  • allowed values: true and false

  • default: false

manage_loc_sleep_conf

  • abstract: do manage /etc/systemd/sleep.conf

  • behavior

    • true: the file /etc/systemd/sleep.conf becomes managed by this module and is filled with the template specified by systemd_sleep_conf_erb

    • false: do not care about /etc/systemd/sleep.conf

  • allowed values: true and false

  • default: false

purge_loc_sleep_conf_dir

  • abstract: whether to manage /etc/systemd/sleep.conf.d/

  • behavior

    • true: the directory /etc/systemd/sleep.conf.d/ is present and does not contain any unmanaged files

    • false: nothing happens

  • allowed values: true and false

  • default: false

manage_modules_load_dir

  • abstract: whether to manage /etc/modules-load.d/

  • behavior

    • true: if not present, the directory /etc/modules-load.d/ is created, and is held free from any unmanaged files

    • false: no additional behavior

  • allowed values: true and false

  • default: false

manage_machine_info

  • abstract: whether to manage /etc/machine-info

  • behavior

  • allowed values: true and false

  • default: false

machine_info_provider

  • abstract: how to manage machine-info(5), assumed it is managed

  • behavior

    • 'hostnamectl': the machine-info(5) are manipulated by proper hostnamectl(1) calls

    • 'template': the file /etc/machine-info is filled with the contents of a template

  • allowed values: 'hostnamectl', 'template'

  • default: 'hostnamectl'

manage_sysusers_dir

  • abstract: whether to manage /etc/sysusers.d/

  • behavior

    • true: ensures the directory /etc/sysusers.d/ is present and does not contain any unmanaged files

    • false: do not do anything related to sysusers.d(5)

  • allowed values: true and false

  • default: false

etc_network_interfaces_note

  • abstract: whether to place a note in /etc/network/interfaces

  • behavior

  • allowed values: true and false

  • default: false

etc_network_interfaces_erb

  • abstract: the template used to render the note for etc_network_interfaces_note

  • allowed values: a non-empty string

  • default: 'systemd/etc_network_interfaces.erb'

manage_sysctl_conf

  • abstract: whether to manage /etc/sysctl.conf

  • behavior

    • true: the sysctl.conf(5) is generated by the template sysctl_conf_template (there's no default template!)

    • false: do not manage sysctl.conf(5)

  • allowed values: true and false

  • default: false

manage_sysctl_directory

  • abstract: whether to manage directory /etc/sysctl.d/

  • behavior

    • true: there is a directory /etc/sysctl.d/ and it does not contain any unmanaged files

    • false: do not do anything regarding sysctl.d

  • allowed values: true and false

  • default: false

manage_udev_conf

  • abstract: whether to manage /etc/udev/udev.conf

    • true: ensures the contents of /etc/udev/udev.conf comply with the rendered template udev_conf_template

    • false: nothing's done

  • allowed values: true and false

  • default: false

manage_locale_conf

  • abstract: whether to manage /etc/locale.conf

  • note: the generation of locales is not (yet) triggered. Configuring systemd to use non-present locales can lead to strange effects.

  • allowed values: true and false

  • default: false

locale_conf_provider

  • behavior

    • 'localectl': manipulation of /etc/locale.conf is done via a localectl(1) call. Apparently localectl(1) does not create the /etc/locale.conf resulting in the exec-resource being applied each run.

    • 'template': the locale.conf(5) is created by template

  • allowed values: 'localectl' and 'template'

  • default: 'template'

manage_localtime

  • abstract: whether to manage localtime(5)

  • behavior

  • allowed values: true and false

  • default: false

localtime_provider

  • abstract: how to manage /etc/localtime

  • behavior

    • 'timedatectl': the file /etc/localtime is managed by systemd's tool timedatectl(1). This is the preferred way, since timedatectl(1) fails, if the linked target does not exist.

    • 'file': the /etc/localtime is managed as a plain file resource. This method might be a tick faster. Specifying a non-existent timezone is not detected.

  • note: this class does not manage the tzdata package (where the data in /usr/share/zoneinfo/ originate from). It's pretty unlikely though, not having this package via some dependency.

  • allowed value: 'timedatectl' and 'file'

  • default: 'timedatectl'

systemd_system_conf_erb
systemd_journald_conf_erb
systemd_logind_conf_erb
systemd_resolved_conf_erb
systemd_timesyncd_conf_erb
systemd_bootchart_conf_erb

  • abstract: the template to use rendering a bootchart.conf(5)

  • behavior: see manage_loc_bootchart_conf

  • allowed values: any non-empty string

  • default: 'systemd/bootchart_conf.erb'

systemd_sleep_conf_erb
sysctl_conf_template

  • abstract: the template to use in order to render a sysctl.conf(5)

  • behavior: see manage_sysctl_conf

  • allowed values: any non-empty string or undef

  • default valued: undef (we can't provide a template for the great variety of kernels)

udev_conf_template

  • abstract: the template to generate a udev.conf(5) with

  • behavior: see manage_udev_conf

  • allowed values: any non-empty string

  • default: 'systemd/udev_conf.erb'

manager_log_level
manager_log_target
manager_log_color
manager_log_location
manager_dump_core

  • abstract: see for DumpCore= in systemd-system.conf(5) and --dump-core in systemd(1) for more information

  • behavior:

    • This parameter controls the values in system.conf if it's managed by this module with the default template. It does not change the kernel command line.

  • allowed values: true, false, and undef

  • default: undef

manager_crash_shell
manager_show_status
manager_crash_ch_vt
manager_default_stdout

  • abstract: see --default-standard-output= in systemd(1)

  • allowed values: 'inherit', 'null', 'tty', 'journal', 'journal+console', 'syslog', 'syslog+console', 'kmsg', 'kmsg+console', and undef

  • default: undef

manager_default_stderr

  • abstract: see --default-standard-error= in systemd(1)

  • allowed values: 'inherit', 'null', 'tty', 'journal', 'journal+console', 'syslog', 'syslog+console', 'kmsg', 'kmsg+console', and undef

  • default value: undef

manager_cpu_affinity
manager_join_controllers

  • abstract: see JoinControllers= in systemd-system.conf(5)

  • allowed values: undef and temporarily an array of plain strings with at least one element (TODO: shall become a hash with proper named keys)

  • default: undef

manager_runtime_watchdog_sec
manager_shutdown_watchdog_sec
manager_capability_bound_set

  • abstract: see CapabilityBoundingSet= in `systemd-system.conf(5)

  • allowed values: undef and a properly formed hash: The hash has two keys: ['inverted_selection', 'capabilities']. 'inverted_selection' has to be a boolean values. 'capabilities' has to be an array of capability names holding at least one element.

  • example: {inverted_selection => true, capabilities => ['CAP_SYSLOG']}

  • default: undef

manager_syscall_architectures
manager_timer_slack_nanosec
manager_default_timer_accurac
manager_default_to_start_sec
manager_default_to_stop_sec
manager_default_restart_sec
manager_default_start_lim_int
manager_default_start_lim_brs
manager_default_environment

  • abstract: see DefaultEnvironment= in systemd-system.conf(5)

  • behavior

    • the default system.conf template uses this parameter

    • values containing blanks are automatically surrounded by inch-signs ("). do not include them

  • allowed values

    • undef

    • a non-empty hash with a non-empty string as key and either a string, a integer (rendered as decimal), or a non-empty array of non-empty strings and/or integers

  • example: {'foo' => 'bar', 'answer' => 42, 'things' => ['X', 'Y', 3], 'flag' => ''} renders as DefaultEnvironment = foo=bar answer=42 "things=X Y 3" foo=\n

  • default: undef

manager_default_cpu_acct
manager_default_block_io_acct
manager_default_memory_acct
manager_default_lim_cpu
manager_default_lim_fsize
manager_default_lim_data
manager_default_lim_stack
manager_default_lim_core
manager_default_lim_rss
manager_default_lim_nofile
manager_default_lim_as
manager_default_lim_nproc
manager_default_lim_memlock
manager_default_lim_locks
manager_default_lim_sigpendin
manager_default_lim_msgqueue
manager_default_lim_nice
manager_default_lim_rtprio
manager_default_lim_rttime
journal_storage
journal_compress
journal_seal
journal_split_mode
journal_rate_limit_interval

  • abstract: see RateLimitInterval= in journald.conf(5)

  • allowed values: a non-negative integer, and undef

  • default: undef

journal_rate_limit_burst
journal_system_max_use
journal_system_keep_free
journal_system_max_file_size
journal_runtime_max_use
journal_runtime_keep_free
journal_runtime_max_file_size
journal_max_file_sec
journal_max_retention_sec
journal_sync_interval_sec
journal_forward_to_syslog
journal_forward_to_kmsg
journal_forward_to_console
journal_forward_to_wall
journal_max_level_store

  • abstract: see MaxLevelStore= in journald.conf(5)

  • allowed values: 0, 1, 2, 3, 4, 5, 6, 7, 'emerg', 'alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug', and undef

  • default: undef

journal_max_level_syslog
journal_max_level_kmsg
journal_max_level_console
journal_max_level_wall
journal_tty_path
login_n_auto_vts
login_reserve_vt
login_kill_user_processes
login_kill_only_users

  • abstract: limit the contract killer's subjects. See KillOnlyUsers= in logind.conf(5) for more about the contract killers modalities.

  • allowed values: undef, a non-empty array of strings (w/o blanks but at least one character), or ['']

  • example: undef (KillOnlyUsers= is checked after KillExcludeUsers=)

  • default: undef

login_kill_exclude_users

  • abstract: see KillExcludeUsers= in logind.conf(5)

  • allowed values: undef, an array with an empty string, or a non-empty array of non-empty strings

  • examples: ['root', 'someOtherImportantUser'] (processes by root and someOtherImportantUser aren't killed), [''] (even root gets killed)

  • default: undef

login_idle_action

  • abstract: see IdleAction= in logind.conf(5)

  • acceptable values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef

login_idle_action_sec
login_inhibit_delay_max_sec
login_handle_power_key

  • abstract: see HandlePowerKey= in logind.conf(5)

  • allowed values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef

login_handle_suspend_key

  • abstract: see HandleSuspendKey= in logind.conf(5)

  • acceptable values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default

login_handle_hibernate_key

  • abstract: see HandleHibernateKey= in logind.conf(5)

  • allowed values: 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default value: undef

login_handle_lid_sw

  • abstract: see HandleLidSwitch= in journald.conf

  • allowed values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef

login_handle_lid_sw_docked
login_power_key_ign_inhib
login_suspend_key_ign_inhib
login_hibernate_key_ign_inhib
login_lid_switch_ign_inhib
login_holdoff_timeout_sec
login_runtime_directory_size

  • abstract: corresponds to the RuntimeDirectorySize setting in journald.conf(5)

  • example: login_runtime_directory_size => Integer($::facts['memory']['system']['available_bytes'] * 0.08)

  • valid values: undef and any non-negative integer

  • default: undef

login_remove_ipc
resolve_dns

  • abstract: see DNS= in resolved.conf(5)

  • allowed values: undef, or an array. The array can contain arrays of four integers between 0 and 255, or eight integers 0x0 and 0xFFFF.

  • example: [[10,1,2,240], [10,2,2,240]]

  • default: undef

resolve_fallback_dns
resolve_domains

  • abstract: see Domains= in resolved.conf(5)

  • allowed values: undef, or a non-empty array of non-empty strings containing no blanks

  • example: ['acmenet']

  • default: undef

resolve_llmnr
resolve_dnssec
resolve_cache
time_ntp

  • abstract: see NTP= in timesyncd.conf(5)

  • allowed values: undef, or an array. The array can contain non-empty strings, array of four integers between 0 and 255, or an array of eight integers between 0x0 and 0xFFFF

  • example: ['ntp.acmenet']

  • default: undef

time_fallback_ntp
sleep_suspend_mode
sleep_hibernate_mode
sleep_hybrid_sleep_mode
sleep_suspend_state
sleep_hibernate_state
sleep_hybrid_sleep_state
bootchart_samples

  • abstract: see Samples= in bootchart.conf(5)

  • allowed values: non-negative integers, or undef

  • default: undef

bootchart_frequency

  • abstract: see Frequency= in bootchart.conf(5)

  • allowed values: a positive integer or float, and undef

  • default: undef

bootchart_relative

  • abstract: see Relative= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef

bootchart_filter

  • abstract: see Filter= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef

bootchart_output

  • abstract: see Output= in bootchart.conf(5)

  • allowed values: undef, or an absolute path (no spaces)

  • default: undef

bootchart_init

  • abstract: see Init= in bootchart.conf(5) for details

  • allowed values: undef, or an absolute path (no spaces)

  • default: undef

bootchart_plot_memory_usage

  • abstract: see PlotMemoryUsage= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef

bootchart_plot_entropy_graph

  • abstract: see PlotEntropyGraph= in bootchart.conf(5)

  • acceptable values: true, false, and undef

  • default: undef

bootchart_scale_x

  • abstract: see ScaleX= in bootchart.conf(5)

  • allowed values: a positive integer, and undef

  • default: undef

bootchart_scale_y

  • abstract: see ScaleY= in bootchart.conf(5)

  • allowed values: a positive integer, and undef

  • default: undef

bootchart_control_group

  • abstract: see ControlGroup= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef

bootchart_per_cpu

  • abstract: see PerCPU= in bootchart.conf(5)

  • allowed values: false, true, and undef

  • default: undef

machine_info_pretty_hostname
machine_info_icon_name
machine_info_chassis

  • abstract: see CHASSIS= in machine-info(5)

  • allowed values: undef, default, 'desktop', 'laptop', 'tablet', 'handset', 'watch', 'embedded', 'vm', 'container', 'server'

  • default: undef

machine_info_deployment
machine_info_location
locale_conf_lang

  • abstract: sets LANG= in locale.conf(5)

  • allowed values: undef, or an ASCII word (possibly including underscores, dots, and dashes)

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_language

  • abstract: sets LANGUAGE= in locale.conf(5)

  • allowed values: undef, or locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_ctype

  • abstract: sets LC_CTYPE= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_numeric

  • abstract: sets LC_NUMERIC= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_time

  • abstract: sets LC_TIME= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_collate

  • abstract: sets LC_COLLATE= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_monetary

  • abstract: sets LC_MONETARY= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_messages

  • abstract: sets LC_MESSAGES= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_paper

  • abstract: sets LC_PAPER= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef

locale_conf_lc_name

  • abstract: sets LC_NAME= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_address

  • abstract: sets LC_ADDRESS= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

locale_conf_lc_telephone

  • abstract: sets LC_TELEPHONE= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef

locale_conf_lc_measurement

  • abstract: sets LC_MEASUREMENT= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef

locale_conf_lc_identification

  • abstract: sets LC_IDENTIFICATION= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef

localtime

  • abstract: the timezone name for localtime(5)

  • behavior:

  • allowed values: undef or a non-empty string of the ASCII characters in [a-zA-Z0-9+-_/]. The string must not end on a slash.

  • example: 'UTC' (recommended, set TZ="Europe/Berlin" [or whatever] via pam_env.so for uid > 999)

  • default value: 'UTC'

udev_conf_udev_log

  • abstract: see udev_log in udev.conf(5)

  • allowed values: 'err', 'info', 'debug', a non-negative integer smaller than eight, and undef

  • default: undef

Types

You can use any of those types, without having to use my Class['systemd']. So you can manage your systemd somehow else, or not at all.

However, defined types, which end up in creating unit files, should be reloaded with systemctl daemon-reload. You can use collect_systemd_resources from the systemd class for this.

systemd::unit

Limitations:

  • Currently you cannot sort Condition*=/Assert*= statements (plural!). See the proper section in systemd.unit(5) what implications this has.
ensure

  • abstract: What to do with this resource.

  • value behaviors:

    • undef disables any management of any child resource. Only compilation has to succeed.

    • default automatically determines the default $ensure, which is 'present'.

    • 'absent' ensures the unit file is absent.

    • 'present' ensures the unit file is present and filled with proper content.

  • accepted values: undef, default, 'absent', 'present'

  • default value: default

path

  • abstract: Where to place the unit file.

  • value behaviors:

    • default determines the path by using $title. For that $title may not contain spaces or slashes. The proper unit type suffix .unit is automatically appended.

    • a string: the unit file gets placed at the specified path. The directories for manage_conf_dir, manage_wants_dir, and manage_requires_dir are placed accordingly.

  • accepted values: default, and an absolute path, not containing any spaces, and not ending on a slash

  • default: default

mode

  • abstract: The file mode of regular files.

  • value behaviors:

    • default loads $systemd::params::systemd_unit_default_mode (which is 0644)

    • undef passes undef as mode to regular file resources

  • accepted values: undef, default, and any string of positive length

  • default value: default

owner

  • abstract: The owner of regular files.

  • value behaviors:

    • default loads $systemd::params::systemd_unit_default_owner By now it is 'root' on some platforms and falls back to uid 0 for any other.

  • accepted values: undef, default, non-negative integers, and any string of positive length

  • default value: default

group

  • abstract: The group of regular files.

  • value behaviours:

    • default loads $systemd::params::systemd_unit_default_group. This value may be OS-specific. Currently known are 'root' and 'wheel' for some platforms. It falls back to uid 0 for unknown platforms.

  • accepted values: undef, default, non-negative integers, and any string of positive length

  • default value: default

content_template

  • abstract: the *.erb template to use, in order to render the *.unit file

  • behavior:

    • default: the proper default template is loaded

    • a non-empty string: your specified template is used

  • allowed values: default, or a non-empty string

  • default value: default

validate_cmd

  • abstract: This is a pass-through to all (by the defined type) managed unit files.

  • value behaviors:

    • default: Loads the default $systemd::params::systemd_unit_validate_cmd, which currently is /usr/bin/systemd-analyze verify %.

    • undef: do not perform any validation

    • any non-empty string: validate with the specified command

  • Note: systemd-analyze verify checks for dependencies, too. You have to add proper ordering to your resource declarations to make validation succeed. There are also implicit dependencies and default dependencies. You have to take extra care, if your unit depends on a generated unit (compare systemd.generator(7)).

  • recommendation: if you work with multiple systemd versions, set this parameter (possibly using a resource defaults statement) to default (or other reasonable string)

  • accepted values: undef, default, and any string of positive length

  • default: undef

validate_replacement

  • This is direct pass-through to all (by the defined type) managed file resources.

  • accepted values: undef, and any string of positive length

  • default: undef

checksum

  • abstract: this is passed through to all child file resources

  • allowed values: undef, 'md5', 'md5lite', 'sha256', 'sha256lite', 'mtime', 'ctime', 'none'

  • default: undef

show_diff

  • direct pass-through to all files

  • accepted values: undef, true and false

  • default value: undef

backup

  • direct pass-through to all files

  • allowed values: undef, true, false, and any string

  • default value: undef

blame

  • abstract: attributes blame in the standard template

  • behavior: puts this value in the line starting with # auth: (author)

  • allowed values: a string

  • default: $systemd::params::systemd_unit_default_owner

manage_wants_dir

  • abstract: whether the <unit_name>.wants/ directory is managed

  • behavior

    • false: do not care about <unit_name>.wants/ directory

    • true: the file resource with the .wants suffix is managed

  • acceptable values: true, false

  • default: false

wants_dir_mode

  • abstract: what file mode the .wants/ directory has (if manage_wants_dir)

  • allowed values: undef, a non-empty string, or default

  • default: default

wants_dir_owner

  • abstract: the owner of the .wants/ directory (if manage_wants_dir)

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default

wants_dir_group

  • abstract: the owning group of the .wants/ directory (if manage_wants_dir)

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default

wants_dir_complete_control

  • abstract: only explicit file resources residing in the .wants/ directory are allowed

  • behavior:

    • false: ignore files in the .wants/ directory, which aren't managed by puppet

    • true: recurse and purge with force (only has an effect if manage_wants_dir)

  • acceptable value: false, true

  • default: false

manage_requires_dir

  • abstract: whether to manage the <unit_name>.requires/ directory

  • behavior

    • false: the absence or presence of the .requires/ directory, or anything in it, is ignored

    • true: the .requires/ directory is present (or absent depending on ensure)

  • acceptable values: true, false

  • default: false

requires_dir_mode

  • abstract: the directory mode of the .requires/ directory (if managed and present)

  • allowed values: undef, a non-empty string, or default

  • default: default

requires_dir_owner

  • abstract: the owner of the .requires/ directory, if managed

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default: default

requires_dir_group

  • abstract: the group of the .requires/ directory, if managed

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default: default

requires_dir_complete_control

  • abstract: only file resources explicitely managed by puppet inside the .requires/ directory

  • behavior

    • false: unmanaged files in the .requires/ directory are not deleted (unless manage_requires_dir and ensure is 'absent')

    • true: unmanaged files in the .requires/ directory are deleted

  • allowed values: true, or false

  • default: false

manage_conf_dir

  • abstract: whether to manage the <unit_name>.d/ directory

  • behavior

    • true: the .d/ directory presence depends on ensure

    • false: do not care about the .d/ directory

  • allowed values: yea (true), or nay (false)

  • default: false

conf_dir_mode

  • abstract: the .d/ directory's file mode (if managed by this resource)

  • allowed values: undef, a non-empty string, or default

  • default value: default

conf_dir_owner

  • abstract: the owner of the .d/ directory

  • allowed values: undef, a non-negative integer, a non-empty string, default

  • default value: default

conf_dir_group

  • abstract: the group of the .d/ directory

  • behavior

    • undef: no explicit group assigned

    • default: the default group is loaded. This is 'root' on debian-like systems. It is 'wheel' on FreeBSD-like systems. Otherwise 0 (zero).

    • any other literal: the group you specified is enforced

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default

conf_dir_complete_control

  • abstract: whether to take care of unmanaged files/directories inside the .d/ directory

  • allowed values: false, true

  • default: false

unit_description
unit_documentation

  • abstract: see Documentation= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, starting with http://, https://, file:, info:, man:. These strings require at least one non-blank character after the file specifier. Also the empty string '' is allowed.

  • example: ['https://wiki.acme.lan/wiki/DocumentedThing']

  • default: undef

unit_requires

  • abstract: see Requires= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain any spaces

  • example: ['data.mount']

  • default: undef

unit_requires_overridable
unit_requisite
unit_requisite_overridable
unit_wants

  • abstract: see Wants= in systemd.unit(5)

  • allowed values: a non-empty array of strings not bearing any spaces, or undef

  • default: undef

unit_binds_to

  • abstract: see BindsTo= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, containing no spaces

  • default: undef

unit_part_of

  • abstract: see PartOf= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain spaces

  • default value: undef

unit_conflicts

  • abstract: see Conflicts= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain any spaces

  • example: ['init.service']

  • default: undef

unit_before

  • abstract: see Before= in systemd.unit(5)

  • acceptable values: undef, or a non-empty array of strings having no spaces

  • default: undef

unit_after

  • abstract: see After= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which don't contain spaces

  • default: undef

unit_on_failure
unit_propagates_reload_to
unit_reload_propagated_from
unit_joins_namespace_of
unit_requires_mount_for
unit_on_failure_job_mode

  • abstract: see OnFailureJobMode= in systemd.unit(5)

  • allowed values: 'fail', 'replace', 'replace-irreversibly', 'isolate', 'flush', 'ignore-dependencies', 'ignore-requirements', and undef

  • default: undef

unit_ignore_on_isolate
unit_ignore_on_snapshot
unit_stop_when_unneeded
unit_refuse_manual_start
unit_refuse_manual_stop
unit_allow_isolate
unit_default_dependencies
unit_job_timeout_sec
unit_job_timeout_action

  • abstract: see JobTimeoutAction= in systemd.unit(5)

  • allowed values: 'none', 'reboot', 'reboot-force', 'reboot-immediate', 'poweroff', 'poweroff-force', 'poweroff-immediate', and undef

  • default: undef

unit_job_timeout_reboot_arg
unit_condition_architecture
unit_condition_virtualization
unit_condition_host
unit_condition_kernel_cmdline
unit_condition_security
unit_condition_capability
unit_condition_ac_power
unit_condition_needs_update
unit_condition_first_boot
unit_condition_path_exists
unit_condition_path_exists_gl
unit_condition_path_is_dir
unit_condition_path_is_syml
unit_condition_path_is_mntpt
unit_condition_path_is_rw
unit_condition_dir_not_empty
unit_condition_file_not_empty
unit_condition_file_is_exec
unit_assert_architecture
unit_assert_virtualization
unit_assert_host
unit_assert_kernel_cmdline
unit_assert_security
unit_assert_capability
unit_assert_ac_power
unit_assert_needs_update