This module installs, configures and manages the following remote journald services:
systemd-journal-remote
systemd-journal-upload
systemd-journal-gatewayd
By default, depending on the distribution, the systemd-journal-remote
package
is managed. The ::systemd_journal_remote
class is required by all other
services managed by this module.
# Default package management
class { '::systemd_journal_remote':
manage_package => true,
package_name => 'systemd-journal-remote',
package_ensure => present,
}
The systemd-journal-remote
service can be used to receive journal messages
over the network with the ::systemd_journal_remote::remote
class.
include ::systemd_journal_remote::remote
By default, to ensure the service runs without configuration, journal-remote
listens over HTTP and outputs to /var/log/journal/remote/
.
To receive over HTTPS (recommended) and use trusted connections with Puppet certificates:
# Passive configuration example
class { '::systemd_journal_remote::remote':
command_flags => {
'listen-https' => '0.0.0.0:19532',
'compress' => 'yes',
'output' => '/var/log/journal/remote/',
},
options => {
'SplitMode' => 'host',
'ServerKeyFile' => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
'ServerCertificateFile' => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
'TrustedCertificateFile' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
}
}
To pull data from another source in:
# Active configuration example
class { '::systemd_journal_remote::remote':
command_flags => {
'url' => 'https://some.host:19531/',
'getter' => "'curl \"-HAccept: application/vnd.fdo.journal\" https://some.host:19531/'",
'output' => '/var/log/journal/remote/',
},
options => {
'SplitMode' => 'host',
}
}
The command_flags
and options
parameters available mirror those documented
in man systemd-journal-remote
and man journal-remote.conf
.
The systemd-journal-upload
service can be used to upload (send) journal
messages over the network with the ::systemd_journal_remote::upload
class.
By default this class is configured to upload over HTTP to
http://0.0.0.0:19532
and save its current state to
/var/lib/systemd/journal-upload/state
.
To send journal events over HTTPS using Puppet certificates:
# Upload over HTTPS with Puppet certificates
class { '::systemd_journal_remote::upload':
command_flags => {
'save-state' => '/var/lib/systemd/journal-upload/state',
},
options => {
'URL' => 'https://0.0.0.0:19532',
'ServerKeyFile' => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
'ServerCertificateFile' => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
'TrustedCertificateFile' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
'NetworkTimeoutSec' => '30',
}
}
The systemd-journal-gatewayd
service can be used as a HTTP server to request
journal logs as server-sent events, binary or in text/JSON using the
::systemd_journal_remote::gatewayd
class.
By default the server listens on all interfaces over HTTP on port 19531. To use
HTTPS add the cert
option.
# Expect HTTPS connection using Puppet certificates
class { '::systemd_journal_remote::gatewayd':
command_flags => {
'key' => "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
'cert' => "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
'trust' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
}
}
SSL certificates are not managed by this module. You will need to ensure
the systemd-journal-(remote|upload|gateway)
users have the correct access
to the necessary files.
This module only manages the systemd-journal-(remote|upload|gatewayd)
systemd
service ExecStart
, journal-remote.conf
and journal-upload.conf
configuration files and the initial package installation.