systemd

Manages systemd-specific things (so everything).

Kai Burghardt

kb

5,135 downloads

5,135 latest version

1.3 quality score

Version information

  • 0.0.0 (latest)
released Jan 7th 2018
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 4.0.0 < 5.0.0
  • Debian
    ,
    Ubuntu

Start using this module

Documentation

kb/systemd — version 0.0.0 Jan 7th 2018

systemd

overview

This module manages systemd – the EMACS without the editor.

module description

This module does not cure systemdisease. It may allay the symptoms of it, but a professional treatment is advised.

As systemdisease is under research as is this module. Anyway, since it's first public release it is considered to notably ease the pain of affected sysadmins. However, further tests have to be conducted.

My guaranty: This module is as bad as what it manages (or even worse). I mean, c'mon, let's take over everything that's possible – what a dumb idea (instead of contributing to existing projects, you know).

setup

what systemd affects

Haha, what doesn't it?

setup requirements

Following software is not managed by any means through this module.

  • Several things require a shell.
  • Some things require coreutils.
  • Some things require grep(1).

Furthermore, your system has to run on the systemd operating system. It is not checked, whether the current runtime is actually powered by systemd.

reference

Enough for the systemd bashing (we'll come to that back later). Here comes the reference.

My policy regarding case-sensitive languages (like ruby): identifiers are written in snake_case, all letters in lower-case [in case in-sensitive language I do use camelCase]. Therefore systemd.directives(7) are adapted accordingly. Usually they're prefixed with the [section] name they belong to. Furthermore identifiers are limited to a length of 29 characters. So sometimes I've arbitrarily shortened the names from systemd.

This module is primarily aimed to prevent obvious mistakes. It does not prevent you from doing stupid things.



classes

  • systemd
  • systemd::params: holds defaults
  • systemd::install: installs systemd, optionally uninstalls some conflicting software
  • systemd::config: resource collectors and systemd(1) configuration per se
  • systemd::daemon: [since ::service is taken]

parameters

All the following parameters are for the systemd basis class.

Note: No configuration (determined by the following class parameters) is performed, if systemd_package_version is either 'absent' or 'purged'. This note is not repeated at each individual configuration parameter.


systemd_package_name
  • abstract: The name of the systemd package.

  • behavior:

    • any string: the Package['systemd'] gets managed by this module, where Package['systemd']['name'] = systemd_package_name.

    • undef: Package['systemd'] isn't be managed by this module

  • allowed values: a non-empty string or undef

  • default: 'systemd' on all platforms


systemd_package_version
  • abstract: the version of the package specified by systemd_package_name

  • behavior:

    • 'absent', 'purged': Remove or purge the package specified by systemd_package_name [Class] configuration files aren't managed anymore.

    • any other string: the package version is updated accordingly and all (class) configuration files are managed (provided their manage_XYZ_conf is true)

  • allowed values: any non-empty string

  • default: present


systemd_local_gens_dir
  • abstract: whether the directory /etc/systemd/system-generators/ shall be created

  • behavior:

    • true: the directory becomes managed. Any un-managed files in there are purged. Changes in this directory trigger a generator re-run. See systemd.generator(7) for more information.

    • false: no additional behavior

  • acceptable values: true, false

  • default value: false


collect_systemd_resources
  • abstract: whether systemd::config collects all systemd::* defined type resources

  • behavior

    • true: In systemd::config all defined type resources are collected with a resource collector. This is used to trigger a systemctl daemon-reload in systemd::daemon.

    • false: The functionality described at true is not added. On more complex set-ups you'd get quite fast into trouble with dependency cycles.

  • Note: The defined resource types establish the link unit_file ↝ associated_service. This only works as expected, if systemd doesn't use cached units. The catch-all solution is to leave this parameter to true.

  • acceptable values: true, false

  • default value: true


remove_rather_purge_conflicts
  • abstract: whether packages conflicting with systemd annexed services ar just removed instead of purged

  • behavior:

    • true: remove conflicting packages (ensure => absent)

    • false: purge conflicting packages (ensure => purged)

  • allowed values: true and false

  • default: false


systemd_networkd_ensure
  • abstract: Service['networkd']['ensure']

  • behavior

    • 'running'/'stopped': stop or run the systemd-networkd(8) service

    • undef: the network daemon is not managed by this module

  • allowed values: 'running', 'stopped', and undef

  • default: undef


systemd_networkd_enable
  • abstract: Service['networkd']['enable']

  • behavior:

    • true/false: the systemd-networkd does or does not start on boot

    • undef: this setting is not modified. The “vendor preset” seems to be disabled (do not start at boottime).

  • allowed values: true, false and undef

  • default: undef


manage_networkd_competitors
  • abstract: whether to take care of other network management packages

  • behavior

    • true: purge packages specified by networkd_competitors_packages. Beware: Some network managers de_configure the network, if they're asked to sign off (because of the de-installation) This leads to you losing network connectivity _during the puppet run, possibly ending up in a mis-configured machine.

    • false: do not remove any package. Note: You have to take care of other competing network management programs by yourself, if you'd like to give systemd-networkd(8) the sole control. Just disabling the service { 'networking': enable => false} [or mask], so they aren't started at the next boot, seems to be the most clean solution.

  • allowed values: false, true

  • default: false


networkd_competitors_packages
  • abstract: the package to remove, if manage_networkd_competitors

  • allowed values: an array of non-empty strings

  • default: $systemd::params::networkd_competitors_packages, which is platform-independently ['ifupdown', 'ifupdown2', 'libnm-glib4'] (hint: nm = NetworkManager)


systemd_resolved_ensure
  • abstract: Service['resolved']['ensure']

  • behavior

    • 'running'/'stopped': stop or run the systemd-resolved(8) service

    • undef: Service['resolved'] ain't managed by this module

  • allowed values: 'running', 'stopped' and undef

  • default: undef


systemd_resolved_enable
  • abstract: Service['resolved']['enable']

  • behavior:

    • true/false: the systemd-resolved will or will not start on boot

    • undef: this setting isn't be modified. the “vendor preset” seems to be enabled (start on boot)

  • allowed values: true, false and undef

  • default: undef


manage_resolv_conf_symlink
  • abstract: make symlink /etc/resolv.conf → /run/systemd/resolve/resolv.conf

  • behavior:

  • allowed values: true and false

  • default: false


systemd_timesyncd_ensure
  • abstract: Service['timesyncd']['ensure']

  • behavior:

    • 'running': it is ensured, that the systemd-timesyncd is running

    • 'stopped': it is ensured, that the systemd-timesyncd is stopped

    • undef the systemd-timesyncd(8) doesn't get managed by this module

  • allowed values: true, false, and undef

  • default value: undef


systemd_timesyncd_enable
  • abstract: Service['timesyncd']['enable']

  • behavior:

    • true: the systemd-timesyncd starts on boot

    • false: the systemd-timesyncd won't start on boot

    • undef: do not touch this setting the “vendor preset” seems to be enabled (start on boot)

  • allowed values: true, false and undef

  • default: undef


manage_timesyncd_conflicts
  • abstract: whether to “take care of” other NTPds

  • behavior

    • true: in '/lib/systemd/system/systemd-timesyncd.service.d/disable-with-time-daemon.conf' (a drop-in configuration file) systemd-timesyncd(8) refuses to start, in case there are any other executable NTPds (not necessarily running). This module can take care of them by removing the relevant packages specified by timesyncd_package_conflicts. See also remove_rather_purge_conflicts.

    • false: You have to resolve the situation on your own, if you'd like to use the systemd-timesyncd(8).

  • allowed values: true and false

  • default: false


timesyncd_package_conflicts
  • abstract: a list of packages conflicting with systemd-timesyncd(8)

  • allowed values: an array of non-empty strings

  • default: ['chrony', 'ntp', 'openntpd']


manage_loc_systemd_conf

purge_loc_systemd_conf_dir
  • abstract: enable recursive purge in /etc/systemd/system.conf.d/

  • behavior

    • false: do not touch /etc/systemd/system.conf.d/

    • If true, files (and directories) in /etc/systemd/system.conf.d/ already present, but not managed by puppet, get deleted. It ensures the directory system.conf.d/ is existent, and only contains files you want, since “[t]he main configuration file [system.conf] is read before any of the configuration directories, and has the lowest precedence” (quote from systemd-system.conf(5)). There's no distinction being made between *.conf files and others.

  • allowed values: true and false

  • default: false


manage_loc_journald_conf
  • abstract: whether to manage /etc/systemd/journald.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_journald_conf_dir
  • abstract: whether to manage /etc/systemd/journald.conf.d/

  • behavior

    • true: the directory /etc/systemd/journald.conf.d/ is created and emptied of any unmanaged files. You definitely want that if you manage_loc_journald_conf, because /etc/systemd/journald.conf takes lowest precedence.

    • false: the directory /etc/systemd/journald.conf.d/ is neither created, modified, nor emptied

  • allowed values: true and false

  • default: false


manage_loc_logind_conf
  • abstract: whether to manage /etc/systemd/logind.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_logind_conf_dir
  • abstract: whether to free /etc/systemd/logind.conf.d/ from unmanaged files

  • behavior

    • true: everything in the folder /etc/systemd/logind.conf.d/ is deleted, unless it's managed by puppet.

    • false: don't worry about /etc/systemd/logind.conf.d/

  • allowed values: true and false

  • default: false


manage_loc_resolved_conf
  • abstract: whether to manage /etc/systemd/resolved.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_resolved_conf_dir
  • abstract: whether to manage /etc/systemd/resolved.conf.d/

  • behavior

    • true: ensure the directory /etc/systemd/resolved.conf.d/ is present and only contains files managed by puppet. You want that, since /etc/systemd/resolved.conf (the local configuration file) takes lowest precendence.

    • false: don't give a fuck about /etc/systemd/resolved.conf.d/

  • allowed values: true and false

  • default value: false


manage_loc_timesyncd_conf
  • abstract: whether to manage /etc/systemd/timesyncd.conf

  • behavior

  • allowed values: true and false

  • default: false


purge_loc_timesyncd_conf_dir
  • abstract: whether the folder /etc/systemd/timesyncd.conf.d/ is freed from unmanaged files

  • behavior:

    • true: ensure the directory /etc/systemd/timesyncd.conf.d/ is present, and does not contain any unmanaged files (= files not managed via puppet)

    • false: ignore any presence or absence of the directory or files in there

  • allowed values: true and false

  • default: false


manage_loc_system_preset_dir
  • abstract: whether the directory /etc/systemd/system-preset/ becomes managed

  • behavior

    • true: the directory /etc/systemd/system-preset/ is created. This does not free the directory from unmanaged files. For that see purge_loc_system_preset_dir.

    • false: don't care about the directory /etc/systemd/system-preset/

  • allowed values: true and false

  • default: false


purge_loc_system_preset_dir
  • abstract: whether anything below purge_loc_system_preset_dir, that's not managed by puppet, is deleted

  • behavior

    • true: delete any unmanaged files/directories below /etc/systemd/system-preset/.

    • false: don't care about any files and or directories in /etc/systemd/system-preset/.

  • note: This parameter only has an effect, if manage_loc_system_preset_dir is true.

  • allowed values: true and false

  • default: false


manage_loc_bootchart_conf
  • abstract: whether to manage /etc/systemd/bootchart.conf

  • behavior

    • true: the file is /etc/systemd/bootchart.conf is created with template systemd_bootchart_conf_erb

    • false: do not locally configure systemd-bootchart(1)

  • allowed values: true and false

  • default: false


purge_loc_bootchart_conf_dir
  • abstract: manage /etc/systemd/bootchart.conf.d/

  • behavior

    • true: the directory /etc/systemd/bootchart.conf.d/ is managed by this module. It is freed from any unmanaged files.

    • false: do not do anything regarding /etc/systemd/bootchart.conf.d/

  • allowed values: true and false

  • default: false


manage_loc_sleep_conf
  • abstract: do manage /etc/systemd/sleep.conf

  • behavior

    • true: the file /etc/systemd/sleep.conf becomes managed by this module and is filled with the template specified by systemd_sleep_conf_erb

    • false: do not care about /etc/systemd/sleep.conf

  • allowed values: true and false

  • default: false


purge_loc_sleep_conf_dir
  • abstract: whether to manage /etc/systemd/sleep.conf.d/

  • behavior

    • true: the directory /etc/systemd/sleep.conf.d/ is present and does not contain any unmanaged files

    • false: nothing happens

  • allowed values: true and false

  • default: false


manage_modules_load_dir
  • abstract: whether to manage /etc/modules-load.d/

  • behavior

    • true: if not present, the directory /etc/modules-load.d/ is created, and is held free from any unmanaged files

    • false: no additional behavior

  • allowed values: true and false

  • default: false


manage_machine_info
  • abstract: whether to manage /etc/machine-info

  • behavior

  • allowed values: true and false

  • default: false


machine_info_provider
  • abstract: how to manage machine-info(5), assumed it is managed

  • behavior

    • 'hostnamectl': the machine-info(5) are manipulated by proper hostnamectl(1) calls

    • 'template': the file /etc/machine-info is filled with the contents of a template

  • allowed values: 'hostnamectl', 'template'

  • default: 'hostnamectl'


manage_sysusers_dir
  • abstract: whether to manage /etc/sysusers.d/

  • behavior

    • true: ensures the directory /etc/sysusers.d/ is present and does not contain any unmanaged files

    • false: do not do anything related to sysusers.d(5)

  • allowed values: true and false

  • default: false


etc_network_interfaces_note
  • abstract: whether to place a note in /etc/network/interfaces

  • behavior

  • allowed values: true and false

  • default: false


etc_network_interfaces_erb
  • abstract: the template used to render the note for etc_network_interfaces_note

  • allowed values: a non-empty string

  • default: 'systemd/etc_network_interfaces.erb'


manage_sysctl_conf
  • abstract: whether to manage /etc/sysctl.conf

  • behavior

    • true: the sysctl.conf(5) is generated by the template sysctl_conf_template (there's no default template!)

    • false: do not manage sysctl.conf(5)

  • allowed values: true and false

  • default: false


manage_sysctl_directory
  • abstract: whether to manage directory /etc/sysctl.d/

  • behavior

    • true: there is a directory /etc/sysctl.d/ and it does not contain any unmanaged files

    • false: do not do anything regarding sysctl.d

  • allowed values: true and false

  • default: false


manage_udev_conf
  • abstract: whether to manage /etc/udev/udev.conf

    • true: ensures the contents of /etc/udev/udev.conf comply with the rendered template udev_conf_template

    • false: nothing's done

  • allowed values: true and false

  • default: false


manage_locale_conf
  • abstract: whether to manage /etc/locale.conf

  • note: the generation of locales is not (yet) triggered. Configuring systemd to use non-present locales can lead to strange effects.

  • allowed values: true and false

  • default: false


locale_conf_provider
  • behavior

    • 'localectl': manipulation of /etc/locale.conf is done via a localectl(1) call. Apparently localectl(1) does not create the /etc/locale.conf resulting in the exec-resource being applied each run.

    • 'template': the locale.conf(5) is created by template

  • allowed values: 'localectl' and 'template'

  • default: 'template'


manage_localtime
  • abstract: whether to manage localtime(5)

  • behavior

  • allowed values: true and false

  • default: false


localtime_provider
  • abstract: how to manage /etc/localtime

  • behavior

    • 'timedatectl': the file /etc/localtime is managed by systemd's tool timedatectl(1). This is the preferred way, since timedatectl(1) fails, if the linked target does not exist.

    • 'file': the /etc/localtime is managed as a plain file resource. This method might be a tick faster. Specifying a non-existent timezone is not detected.

  • note: this class does not manage the tzdata package (where the data in /usr/share/zoneinfo/ originate from). It's pretty unlikely though, not having this package via some dependency.

  • allowed value: 'timedatectl' and 'file'

  • default: 'timedatectl'


systemd_system_conf_erb

systemd_journald_conf_erb

systemd_logind_conf_erb

systemd_resolved_conf_erb

systemd_timesyncd_conf_erb

systemd_bootchart_conf_erb
  • abstract: the template to use rendering a bootchart.conf(5)

  • behavior: see manage_loc_bootchart_conf

  • allowed values: any non-empty string

  • default: 'systemd/bootchart_conf.erb'


systemd_sleep_conf_erb

sysctl_conf_template
  • abstract: the template to use in order to render a sysctl.conf(5)

  • behavior: see manage_sysctl_conf

  • allowed values: any non-empty string or undef

  • default valued: undef (we can't provide a template for the great variety of kernels)


udev_conf_template
  • abstract: the template to generate a udev.conf(5) with

  • behavior: see manage_udev_conf

  • allowed values: any non-empty string

  • default: 'systemd/udev_conf.erb'


manager_log_level

manager_log_target

manager_log_color

manager_log_location

manager_dump_core
  • abstract: see for DumpCore= in systemd-system.conf(5) and --dump-core in systemd(1) for more information

  • behavior:

    • This parameter controls the values in system.conf if it's managed by this module with the default template. It does not change the kernel command line.
  • allowed values: true, false, and undef

  • default: undef


manager_crash_shell

manager_show_status

manager_crash_ch_vt

manager_default_stdout
  • abstract: see --default-standard-output= in systemd(1)

  • allowed values: 'inherit', 'null', 'tty', 'journal', 'journal+console', 'syslog', 'syslog+console', 'kmsg', 'kmsg+console', and undef

  • default: undef


manager_default_stderr
  • abstract: see --default-standard-error= in systemd(1)

  • allowed values: 'inherit', 'null', 'tty', 'journal', 'journal+console', 'syslog', 'syslog+console', 'kmsg', 'kmsg+console', and undef

  • default value: undef


manager_cpu_affinity

manager_join_controllers
  • abstract: see JoinControllers= in systemd-system.conf(5)

  • allowed values: undef and temporarily an array of plain strings with at least one element (TODO: shall become a hash with proper named keys)

  • default: undef


manager_runtime_watchdog_sec

manager_shutdown_watchdog_sec

manager_capability_bound_set
  • abstract: see CapabilityBoundingSet= in `systemd-system.conf(5)

  • allowed values: undef and a properly formed hash: The hash has two keys: ['inverted_selection', 'capabilities']. 'inverted_selection' has to be a boolean values. 'capabilities' has to be an array of capability names holding at least one element.

  • example: {inverted_selection => true, capabilities => ['CAP_SYSLOG']}

  • default: undef


manager_syscall_architectures

manager_timer_slack_nanosec

manager_default_timer_accurac

manager_default_to_start_sec

manager_default_to_stop_sec

manager_default_restart_sec

manager_default_start_lim_int

manager_default_start_lim_brs

manager_default_environment
  • abstract: see DefaultEnvironment= in systemd-system.conf(5)

  • behavior

    • the default system.conf template uses this parameter

    • values containing blanks are automatically surrounded by inch-signs ("). do not include them

  • allowed values

    • undef

    • a non-empty hash with a non-empty string as key and either a string, a integer (rendered as decimal), or a non-empty array of non-empty strings and/or integers

  • example: {'foo' => 'bar', 'answer' => 42, 'things' => ['X', 'Y', 3], 'flag' => ''} renders as DefaultEnvironment = foo=bar answer=42 "things=X Y 3" foo=\n

  • default: undef


manager_default_cpu_acct

manager_default_block_io_acct

manager_default_memory_acct

manager_default_lim_cpu

manager_default_lim_fsize

manager_default_lim_data

manager_default_lim_stack

manager_default_lim_core

manager_default_lim_rss

manager_default_lim_nofile

manager_default_lim_as

manager_default_lim_nproc

manager_default_lim_memlock

manager_default_lim_locks

manager_default_lim_sigpendin

manager_default_lim_msgqueue

manager_default_lim_nice

manager_default_lim_rtprio

manager_default_lim_rttime

journal_storage

journal_compress

journal_seal

journal_split_mode

journal_rate_limit_interval
  • abstract: see RateLimitInterval= in journald.conf(5)

  • allowed values: a non-negative integer, and undef

  • default: undef


journal_rate_limit_burst

journal_system_max_use

journal_system_keep_free

journal_system_max_file_size

journal_runtime_max_use

journal_runtime_keep_free

journal_runtime_max_file_size

journal_max_file_sec

journal_max_retention_sec

journal_sync_interval_sec

journal_forward_to_syslog

journal_forward_to_kmsg

journal_forward_to_console

journal_forward_to_wall

journal_max_level_store
  • abstract: see MaxLevelStore= in journald.conf(5)

  • allowed values: 0, 1, 2, 3, 4, 5, 6, 7, 'emerg', 'alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug', and undef

  • default: undef


journal_max_level_syslog

journal_max_level_kmsg

journal_max_level_console

journal_max_level_wall

journal_tty_path

login_n_auto_vts

login_reserve_vt

login_kill_user_processes

login_kill_only_users
  • abstract: limit the contract killer's subjects. See KillOnlyUsers= in logind.conf(5) for more about the contract killers modalities.

  • allowed values: undef, a non-empty array of strings (w/o blanks but at least one character), or ['']

  • example: undef (KillOnlyUsers= is checked after KillExcludeUsers=)

  • default: undef


login_kill_exclude_users
  • abstract: see KillExcludeUsers= in logind.conf(5)

  • allowed values: undef, an array with an empty string, or a non-empty array of non-empty strings

  • examples: ['root', 'someOtherImportantUser'] (processes by root and someOtherImportantUser aren't killed), [''] (even root gets killed)

  • default: undef


login_idle_action
  • abstract: see IdleAction= in logind.conf(5)

  • acceptable values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef


login_idle_action_sec

login_inhibit_delay_max_sec

login_handle_power_key
  • abstract: see HandlePowerKey= in logind.conf(5)

  • allowed values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef


login_handle_suspend_key
  • abstract: see HandleSuspendKey= in logind.conf(5)

  • acceptable values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default


login_handle_hibernate_key
  • abstract: see HandleHibernateKey= in logind.conf(5)

  • allowed values: 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default value: undef


login_handle_lid_sw
  • abstract: see HandleLidSwitch= in journald.conf

  • allowed values: 'ignore', 'poweroff', 'reboot', 'halt', 'kexec', 'suspend', 'hibernate', 'hybrid-sleep', 'lock', or undef

  • default: undef


login_handle_lid_sw_docked

login_power_key_ign_inhib

login_suspend_key_ign_inhib

login_hibernate_key_ign_inhib

login_lid_switch_ign_inhib

login_holdoff_timeout_sec

login_runtime_directory_size
  • abstract: corresponds to the RuntimeDirectorySize setting in journald.conf(5)

  • example: login_runtime_directory_size => Integer($::facts['memory']['system']['available_bytes'] * 0.08)

  • valid values: undef and any non-negative integer

  • default: undef


login_remove_ipc

resolve_dns
  • abstract: see DNS= in resolved.conf(5)

  • allowed values: undef, or an array. The array can contain arrays of four integers between 0 and 255, or eight integers 0x0 and 0xFFFF.

  • example: [[10,1,2,240], [10,2,2,240]]

  • default: undef


resolve_fallback_dns

resolve_domains
  • abstract: see Domains= in resolved.conf(5)

  • allowed values: undef, or a non-empty array of non-empty strings containing no blanks

  • example: ['acmenet']

  • default: undef


resolve_llmnr

resolve_dnssec

resolve_cache

time_ntp
  • abstract: see NTP= in timesyncd.conf(5)

  • allowed values: undef, or an array. The array can contain non-empty strings, array of four integers between 0 and 255, or an array of eight integers between 0x0 and 0xFFFF

  • example: ['ntp.acmenet']

  • default: undef


time_fallback_ntp

sleep_suspend_mode

sleep_hibernate_mode

sleep_hybrid_sleep_mode

sleep_suspend_state

sleep_hibernate_state

sleep_hybrid_sleep_state

bootchart_samples
  • abstract: see Samples= in bootchart.conf(5)

  • allowed values: non-negative integers, or undef

  • default: undef


bootchart_frequency
  • abstract: see Frequency= in bootchart.conf(5)

  • allowed values: a positive integer or float, and undef

  • default: undef


bootchart_relative
  • abstract: see Relative= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_filter
  • abstract: see Filter= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_output
  • abstract: see Output= in bootchart.conf(5)

  • allowed values: undef, or an absolute path (no spaces)

  • default: undef


bootchart_init
  • abstract: see Init= in bootchart.conf(5) for details

  • allowed values: undef, or an absolute path (no spaces)

  • default: undef


bootchart_plot_memory_usage
  • abstract: see PlotMemoryUsage= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_plot_entropy_graph
  • abstract: see PlotEntropyGraph= in bootchart.conf(5)

  • acceptable values: true, false, and undef

  • default: undef


bootchart_scale_x
  • abstract: see ScaleX= in bootchart.conf(5)

  • allowed values: a positive integer, and undef

  • default: undef


bootchart_scale_y
  • abstract: see ScaleY= in bootchart.conf(5)

  • allowed values: a positive integer, and undef

  • default: undef


bootchart_control_group
  • abstract: see ControlGroup= in bootchart.conf(5)

  • allowed values: true, false, or undef

  • default: undef


bootchart_per_cpu
  • abstract: see PerCPU= in bootchart.conf(5)

  • allowed values: false, true, and undef

  • default: undef


machine_info_pretty_hostname

machine_info_icon_name

machine_info_chassis
  • abstract: see CHASSIS= in machine-info(5)

  • allowed values: undef, default, 'desktop', 'laptop', 'tablet', 'handset', 'watch', 'embedded', 'vm', 'container', 'server'

  • default: undef


machine_info_deployment

machine_info_location

locale_conf_lang
  • abstract: sets LANG= in locale.conf(5)

  • allowed values: undef, or an ASCII word (possibly including underscores, dots, and dashes)

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_language
  • abstract: sets LANGUAGE= in locale.conf(5)

  • allowed values: undef, or locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_ctype
  • abstract: sets LC_CTYPE= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_numeric
  • abstract: sets LC_NUMERIC= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_time
  • abstract: sets LC_TIME= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_collate
  • abstract: sets LC_COLLATE= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_monetary
  • abstract: sets LC_MONETARY= in locale.conf(5)

  • allowed values: undef, or a name of a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_messages
  • abstract: sets LC_MESSAGES= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_paper
  • abstract: sets LC_PAPER= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef


locale_conf_lc_name
  • abstract: sets LC_NAME= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_address
  • abstract: sets LC_ADDRESS= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


locale_conf_lc_telephone
  • abstract: sets LC_TELEPHONE= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef


locale_conf_lc_measurement
  • abstract: sets LC_MEASUREMENT= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'de_DE.UTF-8'

  • default: undef


locale_conf_lc_identification
  • abstract: sets LC_IDENTIFICATION= in locale.conf(5)

  • allowed values: undef, or a locale as string

  • example: 'en_US.UTF-8'

  • default: undef


localtime
  • abstract: the timezone name for localtime(5)

  • behavior:

  • allowed values: undef or a non-empty string of the ASCII characters in [a-zA-Z0-9+-_/]. The string must not end on a slash.

  • example: 'UTC' (recommended, set TZ="Europe/Berlin" [or whatever] via pam_env.so for uid > 999)

  • default value: 'UTC'


udev_conf_udev_log
  • abstract: see udev_log in udev.conf(5)

  • allowed values: 'err', 'info', 'debug', a non-negative integer smaller than eight, and undef

  • default: undef



Types

You can use any of those types, without having to use my Class['systemd']. So you can manage your systemd somehow else, or not at all.

However, defined types, which end up in creating unit files, should be reloaded with systemctl daemon-reload. You can use collect_systemd_resources from the systemd class for this.


systemd::unit

Limitations:

  • Currently you cannot sort Condition*=/Assert*= statements (plural!). See the proper section in systemd.unit(5) what implications this has.

ensure
  • abstract: What to do with this resource.

  • value behaviors:

    • undef disables any management of any child resource. Only compilation has to succeed.

    • default automatically determines the default $ensure, which is 'present'.

    • 'absent' ensures the unit file is absent.

    • 'present' ensures the unit file is present and filled with proper content.

  • accepted values: undef, default, 'absent', 'present'

  • default value: default


path
  • abstract: Where to place the unit file.

  • value behaviors:

    • default determines the path by using $title. For that $title may not contain spaces or slashes. The proper unit type suffix .unit is automatically appended.

    • a string: the unit file gets placed at the specified path. The directories for manage_conf_dir, manage_wants_dir, and manage_requires_dir are placed accordingly.

  • accepted values: default, and an absolute path, not containing any spaces, and not ending on a slash

  • default: default


mode
  • abstract: The file mode of regular files.

  • value behaviors:

    • default loads $systemd::params::systemd_unit_default_mode (which is 0644)

    • undef passes undef as mode to regular file resources

  • accepted values: undef, default, and any string of positive length

  • default value: default


owner
  • abstract: The owner of regular files.

  • value behaviors:

    • default loads $systemd::params::systemd_unit_default_owner By now it is 'root' on some platforms and falls back to uid 0 for any other.
  • accepted values: undef, default, non-negative integers, and any string of positive length

  • default value: default


group
  • abstract: The group of regular files.

  • value behaviours:

    • default loads $systemd::params::systemd_unit_default_group. This value may be OS-specific. Currently known are 'root' and 'wheel' for some platforms. It falls back to uid 0 for unknown platforms.
  • accepted values: undef, default, non-negative integers, and any string of positive length

  • default value: default


content_template
  • abstract: the *.erb template to use, in order to render the *.unit file

  • behavior:

    • default: the proper default template is loaded

    • a non-empty string: your specified template is used

  • allowed values: default, or a non-empty string

  • default value: default


validate_cmd
  • abstract: This is a pass-through to all (by the defined type) managed unit files.

  • value behaviors:

    • default: Loads the default $systemd::params::systemd_unit_validate_cmd, which currently is /usr/bin/systemd-analyze verify %.

    • undef: do not perform any validation

    • any non-empty string: validate with the specified command

  • Note: systemd-analyze verify checks for dependencies, too. You have to add proper ordering to your resource declarations to make validation succeed. There are also implicit dependencies and default dependencies. You have to take extra care, if your unit depends on a generated unit (compare systemd.generator(7)).

  • recommendation: if you work with multiple systemd versions, set this parameter (possibly using a resource defaults statement) to default (or other reasonable string)

  • accepted values: undef, default, and any string of positive length

  • default: undef


validate_replacement
  • This is direct pass-through to all (by the defined type) managed file resources.

  • accepted values: undef, and any string of positive length

  • default: undef


checksum
  • abstract: this is passed through to all child file resources

  • allowed values: undef, 'md5', 'md5lite', 'sha256', 'sha256lite', 'mtime', 'ctime', 'none'

  • default: undef


show_diff
  • direct pass-through to all files

  • accepted values: undef, true and false

  • default value: undef


backup
  • direct pass-through to all files

  • allowed values: undef, true, false, and any string

  • default value: undef


blame
  • abstract: attributes blame in the standard template

  • behavior: puts this value in the line starting with # auth: (author)

  • allowed values: a string

  • default: $systemd::params::systemd_unit_default_owner


manage_wants_dir
  • abstract: whether the <unit_name>.wants/ directory is managed

  • behavior

    • false: do not care about <unit_name>.wants/ directory

    • true: the file resource with the .wants suffix is managed

  • acceptable values: true, false

  • default: false


wants_dir_mode
  • abstract: what file mode the .wants/ directory has (if manage_wants_dir)

  • allowed values: undef, a non-empty string, or default

  • default: default


wants_dir_owner
  • abstract: the owner of the .wants/ directory (if manage_wants_dir)

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default


wants_dir_group
  • abstract: the owning group of the .wants/ directory (if manage_wants_dir)

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default


wants_dir_complete_control
  • abstract: only explicit file resources residing in the .wants/ directory are allowed

  • behavior:

    • false: ignore files in the .wants/ directory, which aren't managed by puppet

    • true: recurse and purge with force (only has an effect if manage_wants_dir)

  • acceptable value: false, true

  • default: false


manage_requires_dir
  • abstract: whether to manage the <unit_name>.requires/ directory

  • behavior

    • false: the absence or presence of the .requires/ directory, or anything in it, is ignored

    • true: the .requires/ directory is present (or absent depending on ensure)

  • acceptable values: true, false

  • default: false


requires_dir_mode
  • abstract: the directory mode of the .requires/ directory (if managed and present)

  • allowed values: undef, a non-empty string, or default

  • default: default


requires_dir_owner
  • abstract: the owner of the .requires/ directory, if managed

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default: default


requires_dir_group
  • abstract: the group of the .requires/ directory, if managed

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default: default


requires_dir_complete_control
  • abstract: only file resources explicitely managed by puppet inside the .requires/ directory

  • behavior

    • false: unmanaged files in the .requires/ directory are not deleted (unless manage_requires_dir and ensure is 'absent')

    • true: unmanaged files in the .requires/ directory are deleted

  • allowed values: true, or false

  • default: false


manage_conf_dir
  • abstract: whether to manage the <unit_name>.d/ directory

  • behavior

    • true: the .d/ directory presence depends on ensure

    • false: do not care about the .d/ directory

  • allowed values: yea (true), or nay (false)

  • default: false


conf_dir_mode
  • abstract: the .d/ directory's file mode (if managed by this resource)

  • allowed values: undef, a non-empty string, or default

  • default value: default


conf_dir_owner
  • abstract: the owner of the .d/ directory

  • allowed values: undef, a non-negative integer, a non-empty string, default

  • default value: default


conf_dir_group
  • abstract: the group of the .d/ directory

  • behavior

    • undef: no explicit group assigned

    • default: the default group is loaded. This is 'root' on debian-like systems. It is 'wheel' on FreeBSD-like systems. Otherwise 0 (zero).

    • any other literal: the group you specified is enforced

  • allowed values: undef, a non-negative integer, a non-empty string, or default

  • default value: default


conf_dir_complete_control
  • abstract: whether to take care of unmanaged files/directories inside the .d/ directory

  • allowed values: false, true

  • default: false


unit_description

unit_documentation
  • abstract: see Documentation= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, starting with http://, https://, file:, info:, man:. These strings require at least one non-blank character after the file specifier. Also the empty string '' is allowed.

  • example: ['https://wiki.acme.lan/wiki/DocumentedThing']

  • default: undef


unit_requires
  • abstract: see Requires= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain any spaces

  • example: ['data.mount']

  • default: undef


unit_requires_overridable

unit_requisite

unit_requisite_overridable

unit_wants
  • abstract: see Wants= in systemd.unit(5)

  • allowed values: a non-empty array of strings not bearing any spaces, or undef

  • default: undef


unit_binds_to
  • abstract: see BindsTo= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, containing no spaces

  • default: undef


unit_part_of
  • abstract: see PartOf= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain spaces

  • default value: undef


unit_conflicts
  • abstract: see Conflicts= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which do not contain any spaces

  • example: ['init.service']

  • default: undef


unit_before
  • abstract: see Before= in systemd.unit(5)

  • acceptable values: undef, or a non-empty array of strings having no spaces

  • default: undef


unit_after
  • abstract: see After= in systemd.unit(5)

  • allowed values: undef, or a non-empty array of strings, which don't contain spaces

  • default: undef


unit_on_failure

unit_propagates_reload_to

unit_reload_propagated_from

unit_joins_namespace_of

unit_requires_mount_for

unit_on_failure_job_mode
  • abstract: see OnFailureJobMode= in systemd.unit(5)

  • allowed values: 'fail', 'replace', 'replace-irreversibly', 'isolate', 'flush', 'ignore-dependencies', 'ignore-requirements', and undef

  • default: undef


unit_ignore_on_isolate

unit_ignore_on_snapshot

unit_stop_when_unneeded

unit_refuse_manual_start

unit_refuse_manual_stop

unit_allow_isolate

unit_default_dependencies

unit_job_timeout_sec

unit_job_timeout_action
  • abstract: see JobTimeoutAction= in systemd.unit(5)

  • allowed values: 'none', 'reboot', 'reboot-force', 'reboot-immediate', 'poweroff', 'poweroff-force', 'poweroff-immediate', and undef

  • default: undef


unit_job_timeout_reboot_arg

unit_condition_architecture

unit_condition_virtualization

unit_condition_host

unit_condition_kernel_cmdline

unit_condition_security

unit_condition_capability

unit_condition_ac_power

unit_condition_needs_update

unit_condition_first_boot

unit_condition_path_exists

unit_condition_path_exists_gl

unit_condition_path_is_dir

unit_condition_path_is_syml

unit_condition_path_is_mntpt

unit_condition_path_is_rw

unit_condition_dir_not_empty

unit_condition_file_not_empty

unit_condition_file_is_exec

unit_assert_architecture

unit_assert_virtualization

unit_assert_host

unit_assert_kernel_cmdline

unit_assert_security

unit_assert_capability

unit_assert_ac_power

unit_assert_needs_update

unit_assert_first_boot

unit_assert_path_exists

unit_assert_path_exists_gl

unit_assert_path_is_dir

unit_assert_path_is_syml

unit_assert_path_is_mntpt

unit_assert_path_is_rw

unit_assert_dir_not_empty

unit_assert_file_not_empty

unit_assert_file_is_exec

unit_source_path

install_alias
  • abstract: see Alias= in systemd.unit(5)

  • allowed values: a non-empty array of strings without spaces, and undef

  • default: undef


install_wanted_by

install_required_by

install_also
  • abstract: see Also= in systemd.unit(5)

  • allowed values: a non-empty array of strings without spaces, and undef

  • default: undef


install_default_instance

custom_options
  • abstract: A hash for custom options.

  • description:

    • Do not prefix section names or keys with an 'X-'. This is done by the template.

    • {'Unit' => {'key' => 'value'}}

    • The hashes their key matches one of the common systemd.unit names are sorted in accordingly. If the current systemd.unit is not supposed to contain a specific section, it is silently discarded: For example my opt-bin.mount is not supposed to contain a [Service] section. This check is done case-sensitively.

    • If value is an an array, each array[n] is treat as a line, so 'key' => ['', 'foo'] produces key = \nkey = foo\n ('key' might get automatically prefixed with 'X-', if it is in one the common systemd.unit sections)

  • default: undef


systemd::service

systemd::service accepts all parameters systemd::unit does.


service_type
  • abstract: see Type= in systemd.service(5)

  • allowed values: 'simple', 'forking', 'oneshot', 'dbus', 'notify', 'idle', and undef

  • default: undef


service_remain_after_exit

service_guess_main_pid

service_pid_file
  • abstract: see PIDFile= in systemd.service(5)

  • acceptable values: undef, or a string, resembling an absolute path

  • example: '/run/puppet/agent.pid'

  • default: undef


service_bus_name

service_bus_policy
  • abstract: see BusPolicy= in systemd.service(5)

  • allowed values: undef, or a non-empty array of hashes having the keys bus_name and permission. bus_name has to be some non-empty string containing no spaces. permission has to be one of 'see', 'talk', 'own'.

  • example: [{bus_name => 'foo', permission => 'talk'}, {bus_name => 'bar', permission => 'own'}]

  • default: undef


service_exec_start_pre

service_exec_start

service_exec_start_post

service_exec_reload

service_exec_stop

service_exec_stop_post

service_restart_sec

service_timeout_start_sec

service_timeout_stop_sec

service_timeout_sec

service_watchdog_sec

service_restart
  • abstract: see Restart= in systemd.service(5)

  • allowed values: 'no', 'on-success', 'on-failure', 'on-abnormal', 'on-watchdog', 'on-abort', 'always', and undef

  • default: undef


service_success_exit_status
  • abstract: see SuccessExitStatus= in systemd.service(5)

  • allowed values: undef, or an array of either non-negative integers up to 256, or one of the strings 'SIGHUP', 'SIGINT', 'SIGKILL', 'SIGPIPE', 'SIGALRM', 'SIGTERM',

  • default: undef


service_restart_prevnt_exit_s

service_force_exit_status

service_root_dir_start_only

service_non_blocking

service_notify_access

service_sockets

service_start_limit_interval

service_start_limit_burst

service_start_limit_action
  • abstract: see StartLimitAction= in systemd.service(5)

  • allowed values: 'none', 'reboot', 'reboot-force', 'reboot-immediate', 'poweroff', 'poweroff-force', 'poweroff-immediate', or undef

  • default: undef


service_failure_action
  • abstract: see FailureAction= in systemd.service(5)

  • allowed values: 'none', 'reboot', 'reboot-force', 'reboot-immediate', 'poweroff', 'poweroff-force', 'poweroff-immediate', or undef

  • default: undef


service_reboot_argument

service_fd_store_max

service_working_directory

service_root_directory

service_user
  • abstract: see User= in systemd.exec(5)

  • allowed values: undef, a non-empty string without spaces, or a non-negative integer

  • default: undef


service_group
  • abstract: see Group= in systemd.exec(5)

  • allowed values: a non-empty string wihout spaces, a non-negative integer, or undef

  • default: undef


service_supplementary_groups

service_nice

service_oom_score_adjust

service_io_scheduling_class

service_io_scheduling_prio

service_cpu_sched_policy

service_cpu_sched_priority

service_cpu_sched_rset_on_frk

service_cpu_affinity

service_umask

service_environment
  • abstract: see Environment= in systemd.exec(5)

  • allowed values: a non-empty array of '' or 'key=value' strings, where key has to be a string without spaces. If value contains spaces, the whole string has to contain " at the beginning and end, for instance '"foo=bar bar bar"'. undef is allowed, too.

  • default: undef


service_environment_file
  • abstract: see EnvironmentFile= in systemd.exec(5)

  • allowed values: a non-empty array of '' or strings without spaces starting with a slash or starting with -/. Alternatively just undef.

  • default: undef


service_standard_input

service_standard_output
  • abstract: see StandardOutput= in systemd.exec(5)

  • allowed values: 'inherit', 'tty', 'journal', 'syslog', 'kmsg', 'journal+console', 'syslog+console', 'kmsg+console', 'socket', 'null', and undef

  • default: undef


service_standard_error
  • abstract: see StandardError= in systemd.exec(5)

  • allowed values: 'inherit', 'tty', 'journal', 'syslog', 'kmsg', 'journal+console', 'syslog+console', 'kmsg+console', 'socket', 'null', and undef

  • default: undef


service_tty_path

service_tty_reset

service_ttyv_hangup

service_ttyvt_disallocate

service_syslog_identifier

service_syslog_facility
  • abstract: see SyslogFacility= in systemd.exec(5)

  • allowed values: 'kern', 'user', 'mail', 'daemon', 'auth', 'syslog', 'lpr', 'news', 'uucp', 'cron', 'authpriv', 'ftp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7', undef

  • default: undef


service_syslog_level
  • abstract: see SyslogLevel= in systemd.exec(5)

  • allowed values: 'emerg', 'alert', 'crit', 'err', 'warning', 'notice', 'info', 'debug', undef

  • default: undef


service_syslog_level_prefix

service_timer_slack_nsec

service_limit_cpu

service_limit_fsize

service_limit_data

service_limit_stack

service_limit_core

service_limit_rss

service_limit_nofile

service_limit_as

service_limit_nproc

service_limit_memlock

service_limit_locks

service_limit_sigpending

service_limit_msgqueue

service_limit_nice

service_limit_rtprio

service_limit_rttime

service_pam_name

service_capability_boundn_set
  • abstract: see CapabilityBoundingSet= in systemd.exec(5)

  • allowed values: a non-empty array of hashes, or undef. The hashes have the keys invert_selection and capabilities. invert_selection is a boolean. capabilities is an array of capability names.

  • example: [{invert_selection => false, capabilities => ['CAP_NET_ADMIN']}]

  • default: undef


service_secure_bits
  • abstract: see SecureBits= in systemd.exec(5)

  • allowed values: undef, or a non-empty array of the strings 'keep-caps', 'keep-caps-locked', 'no-setuid-fixup', 'no-setuid-fixup-locked', 'noroot', 'noroot-locked', or the empty string ''

  • example: ['noroot-locked']

  • default: undef


service_capabilities
  • abstract: see Capabilities= in systemd.exec(5)

  • allowed values: undef, or a non-empty array of hashes. The hashes have the keys capabilities and action_list. capabilities has to be a non-empty array. It can contain non-negative integers or capability names. Alternativly ['all'] is allowed. action_list is a non-empty array of hashes. These hashes have the keys operator and flag. operator has to be one of '=', '+' and '-'. flag has to be a non-empty string consisting of the characters 'e', 'i' and 'p' (in that order). If operator is '=', flag is optional.

  • example: [{capabilities => ['all'], action_list => [{operator => '='}]]

  • default: undef


service_read_write_dirs
  • abstract: see ReadWriteDirectories= in systemd.exec(5)

  • allowed values: a non-empty array of strings, either '' or a string without blanks representing an absoulte path to a directory (thus starting and ending on a slash); or undef

  • example: ['/var/run/my_service/']

  • default: undef


service_read_only_dirs
  • abstract: see ReadOnlyDirectories= in systemd.exec(5)

  • allowed values: undef or a non-empty array of strings, either empty ones '' or strings representing an absolute path to a directory (without any blanks, starting and ending on a slash /) optionally starting with a dash -

  • example: ['/']

  • default: undef


service_inaccessible_dirs

service_private_tmp

service_private_devices

service_private_network

service_protect_system

service_protect_home

service_mount_flags

service_utmp_identifier

service_utmp_mode

service_se_linux_context

service_app_armor_profile

service_smack_process_label
  • abstract: see SmackProcessLabel= in systemd.exec(5)

  • allowed values: a non-empty string without any blanks optionally preceded by a dash -, or the empty string '', or undef

  • default: undef


service_ignore_sigpipe

service_no_new_privileges

service_system_call_filter
  • abstract: see SystemCallFilter= in systemd.exec(5)

  • allowed values: a non-empty array of hashes, where invert_selection and system_calls are keys. invert_selection requires a boolean values, whereas system_calls is yet another non-empty array. That array is either [''], or an array of non-empty strings without any blanks. Alternatively just undef.

  • example: [{invert_selection => true, system_calls => ['seccomp']}] blacklists the seccomp(2) system call

  • default: undef


service_system_call_error_no

service_system_call_archs
  • abstract: see SystemCallArchitectures= in systemd.exec(5)

  • allowed values: a non-empty array of the following strings: 'x86', 'x86-64', 'x32', 'arm', and 'native'. Alternatively just undef.

  • example: ['x86-64', 'arm', 'native']

  • default: undef


service_restrict_address_fam
  • abstract: see RestrictAddressFamilies= in systemd.exec(5)

  • allowed values: a non-empty array of hashes with the two keys invert_selection and address_families. invert_selection has to be a boolean value. address_families has to be a non-empty array of address family names, or an array just with the empty string ['']. Alternatively the whole parameter is undef.

  • example: [{invert_selection => false, address_families => ['AF_INET6', 'AF_UNIX']}]

  • default: undef


service_personality

service_runtime_dir
  • abstract: see RuntimeDirectory= in systemd.exec(5)

  • allowed values: a non-empty array of strings representing a directory name, that means it cannot contain blanks or slashes. Alternatively just undef.

  • default: undef


service_runtime_dir_mode

service_kill_mode

service_kill_signal
  • abstract: see KillSignal= in systemd.kill(5)

  • allowed values: 'SIGHUP', 'SIGINT', 'SIGPIPE', 'SIGALRM', 'SIGTERM', 'SIGUSR1', 'SIGUSR2', 'SIGKILL', undef

  • default: undef


service_send_sighup

service_send_sigkill

service_cpu_accounting

service_cpu_shares

service_startup_cpu_shares

service_cpu_quota

service_memory_accounting

service_memory_limit

service_blk_io_accounting

service_blk_io_weight

service_startup_blk_io_weight

service_blk_io_device_weight
  • abstract: see BlockIODeviceWeight=device weight in systemd.resource-control(5)

  • allowed values: A non-empty array of hashes or undef. The hashes have the keys device and weight. device has to be a non-empty string. weight has to be an integer within the range 10 to 1000.

  • example: [{device => '/dev/sda', weight => 500}]

  • default: undef


service_blk_io_read_bw
  • abstract: see BlockIOReadBandwidth=device bytes in systemd.resource-control(5)

  • allowed values: A non-empty array of hashes or undef. The hashes have to have the keys device and bandwidth_bytes_per_second. device has to be a non-empty string. bandwidth_bytes_per_second has to be a non-negative integer.

  • example: [{device => '/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0', bandwidth_bytes_per_second => 4194304}]

  • default: undef


service_blk_io_write_bw

service_device_allow
  • abstract: see DeviceAllow= in systemd.resource-control(5)

  • allowed values: A hash or undef. The hash has to have the keys device and access. device is a non-empty string. access is a string containing at least one character of 'r', 'w' and 'm' (in that order).

  • example: {device => 'char-cpu/*', access => 'rw'}

  • default: undef


service_device_policy

service_slice

service_delegate

manage_service_resource
  • abstract: whether to manage the corresponding Service puppet resource

  • behavior

    • false: do not manage the Service of the appropriate name

    • true: a service resource is created. This only works, if path is default.

  • default: false


ensure_service
  • abstract: if managed, the value of the Service[]s ensure attribute

  • behavior

    • 'stopped': ensures the service's stopped

    • 'running': ensures the service's running

    • default: 'stopped' or 'running' is determined by ensure

  • allowed values: 'stopped', 'running', default

  • default value: default


enable_service
  • abstract: if managed, the value of the Service[]s enable attribute

  • allowed values: true, false, 'manual', or undef

  • default: undef


hasrestart
  • abstract: if managed, the Service[]s hasrestart attribute

  • allowed values: false, undef, true

  • default: undef


hasstatus
  • abstract: if managed, the Service[]s hasstatus attribute

  • allowed values: undef, true, false

  • default: undef


explicit_provider
  • abstract: whether to explicitly state the provider => 'systemd' for a managed Service resource

  • allowed values: false, true

  • default: false


refresh_service_unit_update
  • abstract: whether a change of the *.service file notifies the managed Service.

  • behavior: This only affects Services which have to be ensured running (ensure_service). If true, a change of the underlying *.service unit file refreshes the associated Service. You want to perform a service restart after a daemon-reload. For that in systemd::daemon all Service resources are collected: Exec['systemd_reload_configuration'] -> Service <| |>. If you don't use the systemd class you have take care about that on your own.

  • allowed values: false, true

  • default: false


systemd::socket

systemd::socket shares the same attributes as systemd::unit has in some regards:


socket_listen_stream
  • abstract: see ListenStream= in systemd.socket(5)

  • allowed values: a non-empty array or undef. The array has to contain empty strings or structures. The structure has to have one of the following sets of keys: {{fs_socket}, {abstract_ns}, {port}, {ipv4_address_octets, port}, {ipv6_address_words, port}}. fs_socket can be a non-empty string starting with a slash /. abstract_ns can be a word out of the ASCII character set. port is a non-negative integer up to and including 65535. ipv4_address_octets is an array of four integers within [0, 255]. ipv6_address_words is an array of eight integers within [0, 0xFFFF].

  • example: ['', {ipv4_address_octets => [128, 0, 0, 1], port => 1337}]

  • default: undef


socket_listen_datagram

socket_listen_seq_packet

socket_listen_fifo

socket_listen_special

socket_listen_netlink
  • abstract: see ListenNetlink= in systemd.socket(5)

  • allowed values: a hash having the keys family and multicast_group, where family is a non-empty string, and multicast_group an optional integer; or undef

  • example: {family => 'kobject-uevent'}

  • default: undef


socket_listen_message_queue

socket_bind_ipv6_only

socket_backlog

socket_bind_to_device

socket_socket_user

socket_socket_group

socket_socket_mode

socket_directory_mode

socket_accept

socket_max_connections

socket_keep_alive

socket_keep_alive_time_sec

socket_keep_alive_interval_s

socket_keep_alive_probes

socket_no_delay

socket_priority

socket_defer_accept_sec

socket_receive_buffer

socket_send_buffer

socket_ip_tos
  • abstract: see IPTOS= in systemd.socket(5)

  • allowed values: an eight-bit integer, 'low-delay', 'throughput', 'reliability', 'low-cost', undef

  • default: undef


socket_ip_ttl

socket_mark

socket_reuse_port

socket_smack_label

socket_smack_label_ip_in

socket_smack_label_ip_out

socket_se_linux_contxt_fr_net

socket_pipe_size

socket_message_queue_max_msgs

socket_message_queue_msg_size

socket_free_bind

socket_transparent

socket_broadcast

socket_pass_credentials

socket_pass_security

socket_tcp_congestion

socket_exec_start_pre

socket_exec_start_post

socket_exec_stop_pre

socket_exec_stop_post

socket_timeout_sec

socket_service

socket_remove_on_stop

socket_symlinks
  • abstract: see Symlinks= in systemd.socket(5)

  • allowed values: a non-empty array of strings, representing absolute file paths, or just undef

  • default: undef


socket_working_directory

socket_root_directory

socket_user

socket_group

socket_supplementary_groups

socket_nice

socket_oom_score_adjust

socket_io_scheduling_class

socket_io_scheduling_prio

socket_cpu_sched_policy

socket_cpu_sched_priority

socket_cpu_sched_rset_on_frk

socket_cpu_affinity

socket_umask

socket_environment

socket_environment_file

socket_standard_input

socket_standard_output

socket_standard_error

socket_tty_path

socket_tty_reset

socket_ttyv_hangup

socket_ttyvt_disallocate

socket_syslog_identifier

socket_syslog_facility

socket_syslog_level

socket_syslog_level_prefix

socket_timer_slack_nsec

socket_limit_cpu

socket_limit_fsize

socket_limit_data

socket_limit_stack

socket_limit_core

socket_limit_rss

socket_limit_nofile

socket_limit_as

socket_limit_nproc

socket_limit_memlock

socket_limit_locks

socket_limit_sigpending

socket_limit_msgqueue

socket_limit_nice

socket_limit_rtprio

socket_limit_rttime

socket_pam_name

socket_capability_boundn_set

socket_secure_bits

socket_capabilities

socket_read_write_dirs

socket_read_only_dirs

socket_inaccessible_dirs

socket_private_tmp

socket_private_devices

socket_private_network

socket_protect_system

socket_protect_home

socket_mount_flag

socket_utmp_identifier

socket_utmp_mode

socket_se_linux_context

socket_app_armor_profile

socket_smack_process_label

socket_ignore_sigpipe

socket_no_new_privileges

socket_system_call_filter

socket_system_call_error_no

socket_system_call_archs

socket_restrict_address_fam

socket_personality

socket_runtime_dir

socket_runtime_dir_mode

socket_cpu_accounting

socket_cpu_shares

socket_startup_cpu_shares

socket_cpu_quota

socket_memory_accounting

socket_memory_limit

socket_blk_io_accounting

socket_blk_io_weight

socket_startup_blk_io_weight

socket_blk_io_device_weight

socket_blk_io_read_bw

socket_blk_io_write_bw

socket_device_allow

socket_device_policy

socket_slice

socket_delegate

systemd::device

systemd::device shares the same attributes as systemd::unit has. It does not have any further specific attributes.

Unlike systemd::mount the $title is not automatically transformed to systemd's path representation. If you want to create a .device file for /dev/sdb1, you have to translate it to 'dev-sdb1' on your own. This is due to the facts, that you can specify path, and there is no mount_where equivalent.


systemd::mount

As a heads-up:

In general, configuring mount points through /etc/fstab is the preferred approach.

Quote from systemd.mount(5). Everything what shall remain mountable without the aide of systemd belongs into the fstab(5).

This defined type creates a proper .mount unit file, and optionally ensures via a mount resource, that it ain't defined in fstab(5), too.

The mount itself's then (optionally) managed via a corresponding service.

systemd::mount tries to mimic the behavior of puppet's native mount resource type: The mountpoint defaults to the resource title unless an explicit mount_where was specified.

As other types, this defined type accepts all paramaters systemd::unit does.


mount_what
  • abstract: see What= in systemd.mount(5)

  • value behavior

  • valid values: A string of positive length containing no blanks.

  • default: undef


mount_where
  • abstract: see Where= in systemd.mount(5)

  • behavior:

    • This parameter has to be a string starting and ending with a slash (indicating a directory). It may not contain any blanks.

    • The default value is default. In this case $title is taken as mount_where.

  • acceptable values: default, any string of positive length containing no blank

  • default: default.


mount_type
  • abstract: see Type= in systemd.mount(5)

  • accepted values: undef or a string with no blanks of positive length

  • default: undef


mount_options
  • abstract: see Options= in systemd.mount(5)

  • accepted values: undef, or an array of strings. The array has to contain at least one element. Each element is a string of positive length. Strings may not contain spaces or , (commas).

  • example: ['defaults', 'noauto', 'user_xattr', 'user']

  • default: undef


mount_sloppy_options

mount_directory_mode
  • abstract: see DirectoryMode= in systemd.mount(5)

  • value behavior: Mount point directories already present aren't changed (by systemd). If you'd like to ensure the mount point directory's mode is set, see manage_mount_point.

  • accepted values: undef, four octal digits (as string)

  • default: undef


mount_timeout_sec

mount_working_directory

mount_root_directory

mount_user

mount_group

mount_supplementary_groups

mount_nice

mount_oom_score_adjust

mount_io_scheduling_class

mount_io_scheduling_prio

mount_cpu_sched_policy

mount_cpu_sched_priority

mount_cpu_sched_rset_on_frk

mount_cpu_affinity

mount_umask

mount_environment

mount_environment_file

mount_standard_input

mount_standard_output

mount_standard_error

mount_tty_path

mount_tty_reset

mount_ttyv_hangup

mount_ttyvt_disallocate

mount_syslog_identifier

mount_syslog_facility

mount_syslog_level

mount_syslog_level_prefix

mount_timer_slack_nsec

mount_limit_cpu

mount_limit_fsize

mount_limit_data

mount_limit_stack

mount_limit_core

mount_limit_rss

mount_limit_nofile

mount_limit_as

mount_limit_nproc

mount_limit_memlock

mount_limit_locks

mount_limit_sigpending

mount_limit_msgqueue

mount_limit_nice

mount_limit_rtprio

mount_limit_rttime

mount_pam_name

mount_capability_boundn_set

mount_secure_bits

mount_capabilities

mount_read_write_dirs

mount_read_only_dirs

mount_inaccessible_dirs

mount_private_tmp

mount_private_devices

mount_private_network

mount_protect_system

mount_protect_home

mount_mount_flag

mount_utmp_identifier

mount_utmp_mode

mount_se_linux_context

mount_app_armor_profile

mount_smack_process_label

mount_ignore_sigpipe

mount_no_new_privileges

mount_system_call_filter

mount_system_call_error_no

mount_system_call_archs

mount_restrict_address_fam

mount_personality

mount_runtime_dir

mount_runtime_dir_mode

mount_kill_mode

mount_kill_signal

mount_send_sighup

mount_send_sigkill

mount_cpu_accounting

mount_cpu_shares

mount_startup_cpu_shares

mount_cpu_quota

mount_memory_accounting

mount_memory_limit

mount_blk_io_accounting

mount_blk_io_weight

mount_startup_blk_io_weight

mount_blk_io_device_weight

mount_blk_io_read_bw

mount_blk_io_write_bw

mount_device_allow

mount_device_policy

mount_slice

mount_delegate

manage_mount_resource
  • abstract: whether to manage the corresponding mount resource

  • behavior

    • if false nothing changes

    • if true, this resource ensures, that the corresponding mount resource is absent. The mount resource is made absent, before we add the systemd mount unit file.

  • type: Boolean

  • default: false


manage_mount_point
  • abstract: Whether to manage the directory mount_where.

  • behavior

    • note: To set its mode, see mount_directory_mode. Only systemd takes care of non-existant parent directories.
  • value type: Boolean

  • default: false


manage_service_resource
  • abstract: whether to manage the corresponding service resource

  • type: Boolean

  • default: false


ensure_mounted

systemd::automount

The systemd::automount resource accepts all parameters systemd::unit does.

Like with systemd::mount, you can specify the mount target as $title, for instance '/mnt/thing', and it is automatically transformed into systemd's representation of paths required for mount related units, so given the example the file's basename will be 'mnt-thing.automount'. This value is only used, if automount_where is left at default. If its value is specified, then $title is used directly without any modifications as the file's basename in conjunction with the suffix '.automount', provided path was left as default.


automount_where
  • abstract: see Where= in systemd.automount(5)

  • behavior:

    • default: Where= defaults to the $title

    • any string: the string is as the Where= value

  • allowed values: a string representing an absolute path, or default

  • default value: default


automount_directory_mode

automount_timeout_idle_sec

systemd::swap

All parameters systemd::unit accepts this defined type accepts, too.


swap_what
  • abstract: see What= in systemd.swap(5)

  • behavior:

    • a string: the string is used

    • default: $title is taken, presumed its representing an absolute path

  • allowed values: default, or a string without blanks starting with a slash

  • default value: default


swap_priority

swap_options
  • abstract: see Options= in systemd.swap(5)

  • allowed values: undef, or a non-empty array of non-empty strings not containing any blanks or commas

  • example: ['discard=pages', 'nofail']

  • dafault: undef


swap_timeout_sec

swap_working_directory

swap_root_directory

swap_user

swap_group

swap_supplementary_groups

swap_nice

swap_oom_score_adjust

swap_io_scheduling_class

swap_io_scheduling_prio

swap_cpu_sched_policy

swap_cpu_sched_priority

swap_cpu_sched_rset_on_frk

swap_cpu_affinity

swap_umask

swap_environment

swap_environment_file

swap_standard_input

swap_standard_output

swap_standard_error

swap_tty_path

swap_tty_reset

swap_ttyv_hangup

swap_ttyvt_disallocate

swap_syslog_identifier

swap_syslog_facility

swap_syslog_level

swap_syslog_level_prefix

swap_timer_slack_nsec

swap_limit_cpu

swap_limit_fsize

swap_limit_data

swap_limit_stack

swap_limit_core

swap_limit_rss

swap_limit_nofile

swap_limit_as

swap_limit_nproc

swap_limit_memlock

swap_limit_locks

swap_limit_sigpending

swap_limit_msgqueue

swap_limit_nice

swap_limit_rtprio

swap_limit_rttime

swap_pam_name

swap_capability_boundn_set

swap_secure_bits

swap_capabilities

swap_read_write_dirs

swap_read_only_dirs

swap_inaccessible_dirs

swap_private_tmp

swap_private_devices

swap_private_network

swap_protect_system

swap_protect_home

swap_mount_flag

swap_utmp_identifier

swap_utmp_mode

swap_se_linux_context

swap_app_armor_profile

swap_smack_process_label

swap_ignore_sigpipe

swap_no_new_privileges

swap_system_call_filter

swap_system_call_error_no

swap_system_call_archs

swap_restrict_address_fam

swap_personality

swap_runtime_dir

swap_runtime_dir_mode

swap_kill_mode

swap_kill_signal

swap_send_sighup

swap_send_sigkill

swap_cpu_accounting

swap_cpu_shares

swap_startup_cpu_shares

swap_cpu_quota

swap_memory_accounting

swap_memory_limit

swap_blk_io_accounting

swap_blk_io_weight

swap_startup_blk_io_weight

swap_blk_io_device_weight

swap_blk_io_read_bw

swap_blk_io_write_bw

swap_device_allow

swap_device_policy

swap_slice

swap_delegate

manage_mount_resource
  • abstract: whether to manage the corresponding mount resource

  • behavior

    • if false nothing changes

    • if true, this resource ensures, that the corresponding mount resource is absent. The mount resource is made absent, before we add the systemd mount unit file.

  • type: Boolean

  • default: false


manage_service_resource
  • abstract: whether to manage the service

  • note: this parameter's required to be true in order to have ensure_swapon have an effect

  • allowed values: false, true

  • default: false


ensure_swapon
  • abstract:

  • behavior:

  • allowed values: true, false, undef

  • default: undef


systemd::target

  • see systemd::unit

  • just the file name's suffix for the default path is adjusted accordingly to '.target'


systemd::path

The systemd.path(5) unit type is a neat interface to Linux' inotify(7) functionality. [However, it still ain't an objective of an init-system.]


path_path_exists
  • abstract: see PathExists= in systemd.path(5)

  • allowed values: undef, or a non-empty array of strings representing absolute paths (without blanks) or empty strings

  • default: undef


path_path_exists_glob
  • abstract: see PathExistsGlob= in systemd.path(5)

  • allowed values: a non-empty array of strings representing absolute paths (without blanks) or empty strings, or just undef

  • default: undef


path_path_changed
  • abstract: see PathChanged= in systemd.path(5)

  • allowed values: undef, or a non-empty array of strings representing absolute paths (without blanks) or empty strings

  • default: undef


path_path_modified
  • abstract: see PathModified= in systemd.path(5)

  • allowed values: undef, or a non-empty array of strings representing absolute paths (without blanks) or empty strings

  • default: undef


path_directory_not_empty
  • abstract: see DirectoryNotEmpty= in systemd.path(5)

  • allowed values: undef, or a non-empty array of strings representing absolute paths to directories, thus starting and ending on a slash, and not containing any blanks, or empty strings as elements

  • example: ['/run/systemd/ask-password/']


path_unit

path_make_directory

path_directory_mode

systemd::timer


timer_on_active_sec

timer_on_boot_sec

timer_on_startup_sec

timer_on_unit_active_sec

timer_on_unit_inactive_sec

timer_on_calendar
  • abstract: see OnCalendar= in systemd.timer(5)

  • allowed values: undef, or a hash with the optional keys weekdays, years, months, days, hours, minutes and seconds. All of them accept hashes. The weekdays hash can have the optional keys mondays, tuesdays, wednesdays, thursdays, fridays, saturdays, and sundays. Their values are optional boolean values. The years hash can have keys which are integers starting with 1970. The months hash can have keys which are integers from 1 to 12. The days hash can have keys which are integers from 1 to 31. The hours hash can have keys which are integers from 0 to 23. The minutes hash can have keys which are integers from 0 to 59. The seconds hash can have keys which are integers from 0 to 59. The years, months, days, hours, minutes, seconds and years hash's values can be natural numbers or undef. Specifying a number means repetition. So timer_on_calendar => {minutes => {30 => 2}} means, “trigger every two minutes starting with minute 30”.

  • examples:

    • Thu,Fri 2012-*-1,5 11:12:13: {weekdays => {thursdays => true, fridays => true}, years => {2012 => undef}, days => {1 => undef, 5 => undef}, hours => {11 => undef}, minutes => {12 => undef}, seconds => {13 => undef}}
  • default: undef


timer_accuracy_sec

timer_unit

timer_persistent

timer_wake_system

manage_service_resource
  • abstract: whether to manage the service associated with the *.timer unit

  • behavior:

    • true: provided path remains default the service resource associated with the timer unit becomes managed

    • false: no additional behavior

  • default: false


ensure_service
  • abstract: the ensure attribute of the service resource introduced by this resource

  • behavior:

    • default: the value depends on ensure. If it's 'present', the default value of ensure, the service will be 'running', if it's 'absent', it'll be 'stopped'.

    • 'running', 'stopped': the specified value is used directly

  • allowed values: default, 'running', 'stopped'

  • default value: default


enable_service
  • abstract: the enable attribute of the service resource introduced by this resource

  • allowed values: undef, true, false, 'mask'

  • default: undef


explicit_provider
  • abstract: whether the provider attribute of the service resource introduced by this resource explicitely states 'systemd'

  • allowed values: false, true

  • default: false


refresh_service_unit_update
  • abstract: whether changes of the *.timer unit File notifies the service resource introduced by this resource

  • allowed values: true, false

  • default: false


systemd::snapshot

This defined type always fail()s.


systemd::slice


slice_cpu_accounting

slice_cpu_shares

slice_startup_cpu_shares

slice_cpu_quota

slice_memory_accounting

slice_memory_limit

slice_blk_io_accounting

slice_blk_io_weight

slice_startup_blk_io_weight

slice_blk_io_device_weight

slice_blk_io_read_bw

slice_blk_io_write_bw

slice_device_allow

slice_device_policy

slice_slice

slice_delegate

systemd::scope

Scopes are not defined via unit files. This resource type always fail()s. It just exists to reserve the identifier. It does not have any parameters.


systemd::systemctl::enable

Sometimes, you need to ensure a unit is enabled, without starting nor stopping it. For example a *.target unit which just gathers a whole bunch of service units together but they don't have to get started right away – at worst it would even be counter-productive. That's what this defined type is for.

As you have guessed it, this type invokes systemctl enable $title. The reverse action can be achieved via systemd::systemctl::disable. Note, that enable and disable aren't necessarily symmetric [systemctl(1)](https://freedesktop.org/software/systemd/man/systemctl.html#disable NAME…).

Caveat: Unit titles their prefix names contain at least one dot are not supported. So Systemd::Systemctl::Enable['foo.bar.service'] would attempt to enable foo.service. This restriction is due to the implementation how uniqueness is ensured: Systemd::Systemctl::Enable['ssh'] and Systemd::Systemctl::Enable['ssh.service'] would act on the same unit, but is caught as an error.


trivial_is_enabled_check
  • abstract: whether a trivial is-enabled check is sufficient

  • behavior:

    • true: systemctl is-enabled $title just has to return 0 being consided enabled. Note, there are numerous states being considerd as “enabled” then, see the table at [is-enabled in systemctl(1)](https://freedesktop.org/software/systemd/man/systemctl.html#is-enabled NAME…).

    • false: systemctl is-enabled $title has to return the string 'enabled', or 'enabled-runtime' if the scope dictates so. Everything else is considerd as “not enabled” and triggers invocation of systemctl enable $title.

  • allowed values: false, true

  • default: true


unmask_if_necessary
  • reserved, until systemd::systemctl::unmask is implemented

now
  • abstract: whether enable effects --now

  • allowed values: false, true

  • default: false


now_implementation
  • abstract: how to achieve the effect of “now”

  • behavior:

    • 'flag': the flag --now is added to the enable call

    • 'start': not implemented, reserved to create a systemd::systemctl::start resource

  • allowed values: 'flag', 'start'

  • default: 'flag'


scope
  • abstract: in which scope to act

  • allowed values: 'system', 'user', 'runtime', 'global', or undef

  • default: undef


force
  • abstract: whether the command uses force

  • allowed values: false, true

  • default: false


reload
  • abstract: whether to reload

  • behavior:

    • false: --no-reload is added

    • true: the implicit reload remains in place

  • allowed values: false, true


host
  • abstract: specify a remote host

  • allowed values: a structure having the keys username, hostname and container_name, or undef. username is an optional ASCII word. hostname has to be an ASCII word container_name is an optional ASCII word.

  • example: {username => 'support', hostname => "${trusted[hostname]}-host"}

  • default: undef


machine
  • abstract: specify a container

  • allowed values: an ASCII word, or undef

  • default: undef


root
  • abstract: specify root path to look for units root

  • allowed values: a string representing an absolute path to a directory, thus starting and ending on a slash, without any blanks allowed, or just undef

  • default: undef


user
  • abstract: the user to run the commands as

  • behavior: directly corresponds to the user attribute of underlying Exec resources

  • allowed values: an ASCII word, or undef

  • default: undef


logoutput
  • abstract: corresponds to logoutput attribute of exec resources

  • allowed values: false, true, 'on_failure', undef

  • default: undef


refreshonly
  • abstract: corresponds to the refreshonly

  • allowed values: false, undef, true

  • default: undef


trigger_daemon_reload
  • abstract: whether the enable call triggers a daemon-reload

  • behavior

    • true: the enable exec refreshes Exec['systemd_reload_configuration'] which is defined in the systemd class (systemd::daemon to be specific)

    • false: no such relation is added

  • allowed values: false, true

  • default: false


systemd::systemctl::disable

The systemd::systemctl::disable resource knows the following attributes systemd::systemctl::enable has.


masked_is_disabled
  • abstract: whether a masked status is considered as “disabled”

  • allowed values: false, true

  • default: true


runtime_masked_is_disabled
  • abstract: whether a runtime-masked status is considered as “disabled”

  • allowed values: false, true

  • default: true


static_is_disabled
  • abstract: whether the status static is considered as “disabled”

  • allowed values: false, true

  • default: true


indirect_is_disabled
  • abstract: whether the status indirect is considered as “disabled”

  • allowed values: true, false

  • default: true


systemd::systemctl::able

For increased flexibility both resources systemd::systemctl::enable and systemd::systemctl::disable are bound together to a single resource type. This gives you the opportunity to just specify a variable in $able selecting the proper resource.

This resources knows some attributes both systemd::systemctl::enable and systemd::systemctl::disable have. However, some attributes have an extension in their allowed data types. They accept twice, meaning as two-tuple, an adequate value. This allows you, to distinct between an enabling versus disabling command. For instance, you want disable to have an immediate effect, but enable not. You then specify now => [false, true]. You can still specify simply false, though, not distinguishing between able and affecting both enable or disable calls. This feature's available for:

The remaining attributes are accepted without any change:


able
  • abstract: chooses between and enable or disable resource

  • note: undef is technically allowed, because you most probably feed this attribute with the evaluation of some dynamic expression. However reject_undef_able restricts this by default.

  • allowed values: false, true, undef

  • default: undef


reject_undef_able
  • abstract: whether an undef able value isn't accepted

  • note: undef might simply result by some stupid misspelling

  • allowed values: true, false

  • default: true


reject_undef_able_unless_noop
  • abstract: whether in noop mode undef is still wrong

  • behavior

    • true: even in noop mode an undef able isn't accepted

    • false: in noop mode undef is OK

  • allowed values: false, true

  • default: false



Functions


systemd::bytes

  • abstract: calculate filesize by given prefixed integers

  • parameters

    • the first parameters is the file size hash. Following keys are allowed: ['bytes', 'kibibytes', 'mebibytes', 'gibibytes', 'mebibytes'] Their values can be Integers. This parameter is optional. The function defaults to a value of 0.

    • the second parameter $restrict_input_values determines, whether negative sizes in the first parameter are allowed. The default is true, so {'kibibytes' => 42, 'bytes' => -5} fails. Also {'mebibytes' => 1024, 'gibibytes' => 1} fails, since values a larger prefix is available for have to be used.

    • the third parameter $restrict_non_negative_result makes the function fail, when the calculated result is negative. The default is true. This functionality is redundant, since everywhere in this module, where a file size is expected, their value type is restricted to Integer[0]. This function prints a more explanatory error message though.

  • returns: an integer

  • default: 0

systemd::time_span

    systemd::time_span({
            duopental_weeks                => 0,
            quad_weeks                     => 0,
            weeks                          => 0,
            days                           => 0,
            hours                          => 0,
            minutes                        => 0,
            seconds                        => 0,
        },
        true,
        true,
    )

years has been renamed to duopental_weeks to avoid the vagueness of the term “year”.

months has been renamed to quad_weeks to avoid confusion with calendar months.

All parameters are optional, except it's gotta at least supplied with an empty hash {}. The function defaults to a value of zero 0.

Set restrict_normalized to enforce the function only accepting a range of values. The restrictions are:

  • no negative values
  • quad_weeks up to and including 11
  • weeks up to and including 51
  • days up to and including 6
  • hours up to and including 23
  • minutes up to and including 59
  • seconds up to and including 59
  • milliseconds up to and including 999
  • microseconds up to and including 999

systemd::timestamp

systemd::calender_event

Limitations

  • Ruby Hashes weren't always sorted. Upgrade your ruby version, if you experience Systemd resources change on every puppet run, though your manifests stayed the same.

  • systemd(1) does not (yet) include a bootloader. :-( [ironic frownie] Some services are configured via the kernel boot cmdline only. E.g. systemd-fsck(8) or systemd-backlight(8). To configure them, you have to tweak your boot cmdline, for instance – if GRUB2 is your bootloader – by setting the GRUB_CMDLINE_LINUX_DEFAULT variable accordingly in /etc/default/grub (and grub-mkconfig -o /boot/grub/grub.cfg of course). See [systemd.directives(7) § “options on the kernel command line”](https://freedesktop.org/software/systemd/man/systemd.directives.html#Options on the kernel command line) for a complete list.

  • There's no native way to mask unit files. E.g. your distribution came with the file /lib/systemd/system/annoying.unit. You have to write a file resource on your own, where content => '', or target => '/dev/null' (whatever your preference to mask units is). See systemd.unit(5), systemd.network(5), systemd.netdev(5), systemd.link(5). Only with service resources enable => 'mask' masks service units.

  • As noticed in the entry statement systemd is under heavy development. Various things have appeared and disappeared. It's beyond this module's scope to document which versions supported a specific attribute. Have a look into your specific systemd version, if something doesn't work out.

  • A systemd version fact has not yet been implemented. I don't wanna collect unnecessary facts, that don't get used. At least in my set-up there's no need for such a fact.

Links

  • suckless.org/sucks/systemd (why suicidedaemon is a better name)

  • Kai Burghardt recommends, have a serious look into software with no known history of systemdisease. E.g. FreeBSD or Microsoft Windows (^o^).

  • A species that's developed immunity against systemdisease has been discovered: It's called Devuan. However, better have something, that's never been contaminated with systemdisease pathogens.

Development

I don't like systemd. Do not annoy me, if systemd broke something (sigh, again). Some dudes at my workplace (unfortunately my superior) want to use Debian (stable, as of 2016 “Jessie”). Well, touché, you don't switch distributions just like that, from one day to another, especially on a big system. So I'm primarily concerned about bugfixes to work with the Debian stable release (“ancient” would be a more proper term).

Don't tell me this module should be split up into multiple ones. The feebs at systemd didn't do so either. My rationale: I have got a package named systemd here. Everything originating from a single package shall be managed by a single puppet module. And that's that.


Authors of this document: see comments in readme.md