Convert infra-journal-remote playbook to role

This creates a role that can be re-usable outside of the OSA
and distributed now as collection instead of the playbook
infra-journal-remote.yml that was handling all tasks and logic.

This also adds some features like being able to provide multiple
destinations for journal and makes things more configurable.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/816531
Change-Id: Iacfa3ac92aba39e75934f3cf0814fc4cff20d262

roles/journald_remote/defaults/main.yml

@@ -0,0 +1,47 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+journald_remote_package_state: "{{ package_state | default('present') }}"
+
+journald_remote_log_path: /var/log/journal/remote
+journald_remote_system_user: systemd-journal-remote
+journald_remote_system_group: systemd-journal-remote
+journald_remote_system_slice_name: systemd-journal-remote
+journald_remote_systemd_prefix: "/lib/systemd"
+
+journald_remote_targets: "{{ groups['log_hosts'] | map('extract', hostvars, 'ansible_host') | list }}"
+
+# Must be either a negative integer, in which case it will be interpreted as the (negated)
+# file descriptor number, or an address suitable for ListenStream.
+# Please reference doc: https://www.freedesktop.org/software/systemd/man/systemd-journal-remote.service.html
+journald_remote_target_listen_address: "{{ ansible_host }}"
+journald_remote_target_listen_port: 19532
+journald_remote_target_listen_proto: http
+
+journald_remote_max_files: "{{ ((((ansible_play_hosts_all | length) * 1.5) + (ansible_play_hosts_all | length)) // 1) | int }}"
+journald_remote_config_options:
+  - key: RuntimeMaxFiles
+    value: "{{ journald_remote_max_files }}"
+  - key: RuntimeMaxFileSize
+    value: "5G"
+  - key: Compress
+    value: "yes"
+  - key: MaxFileSec
+    value: "1d"
+  - key: MaxRetentionSec
+    value: "2d"
+
+journald_remote_services: "{{ (ansible_host in journald_remote_targets) | ternary(_journald_remote_target_services, _journald_remote_source_services) }}"

roles/journald_remote/handlers/main.yml

@@ -0,0 +1,28 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure systemd-journal-remote socket enabled
+  systemd:
+    name: systemd-journal-remote.socket
+    enabled: yes
+    state: started
+  when:
+    - (ansible_host in journald_remote_targets)
+
+- name: Restart systemd-journald
+  systemd:
+    name: systemd-journald
+    state: restarted

roles/journald_remote/tasks/journald_remote_install.yml

@@ -0,0 +1,31 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install systemd-journal-remote
+  package:
+    name: "{{ journald_remote_distro_packages }}"
+    state: "{{ journald_remote_package_state }}"
+  notify:
+    - Ensure systemd-journal-remote socket enabled
+
+- name: Create journald-remote log directory
+  file:
+    path: "{{ journald_remote_log_path }}"
+    state: "directory"
+    owner: "{{ journald_remote_system_user }}"
+    group: "{{ journald_remote_system_group }}"
+  when:
+    - (ansible_host in journald_remote_targets)

roles/journald_remote/tasks/journald_remote_post_install.yml

@@ -0,0 +1,41 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure receiving hosts are tuned
+  ini_file:
+    path: "/etc/systemd/journald.conf"
+    section: "{{ item.section | default('Journal') }}"
+    state: "{{ item.state | default('present') }}"
+    option: "{{ item.key }}"
+    value: "{{ item.value }}"
+    backup: yes
+  with_items: "{{ journald_remote_config_options }}"
+  when:
+    - (ansible_host in journald_remote_targets)
+  notify:
+    - Restart systemd-journald
+
+- name: Setup journald services
+  import_role:
+    name: systemd_service
+  vars:
+    systemd_tempd_prefix: "openstack"
+    systemd_slice_name: "{{ journald_remote_system_slice_name }}"
+    systemd_CPUAccounting: true
+    systemd_BlockIOAccounting: true
+    systemd_MemoryAccounting: true
+    systemd_TasksAccounting: true
+    systemd_services: "{{ journald_remote_services }}"

roles/journald_remote/tasks/main.yml

@@ -0,0 +1,43 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Gather variables for each operating system
+  include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
+        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
+        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
+        - "{{ ansible_facts['distribution'] | lower }}.yml"
+        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml"
+        - "{{ ansible_facts['os_family'] | lower }}.yml"
+      paths:
+        - "{{ role_path }}/vars"
+  tags:
+    - always
+
+- name: Install journald-remote packages
+  import_tasks: journald_remote_install.yml
+  tags:
+    - journald-remote-install
+    - journald-remote
+
+- name: Configure journald-remote
+  import_tasks: journald_remote_post_install.yml
+  tags:
+    - journald-remote-config
+    - journald-remote

roles/journald_remote/vars/debian.yml

@@ -0,0 +1,18 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+journald_remote_distro_packages:
+  - systemd-journal-remote

roles/journald_remote/vars/main.yml

@@ -0,0 +1,45 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+_journald_remote_source_services:
+  - service_name: "systemd-journal-upload@"
+    enabled: "{{ (ansible_host in journald_remote_targets) | ternary('no', 'yes') }}"
+    state: "{{ (ansible_host in journald_remote_targets) | ternary('stopped', 'started') }}"
+    masked: "{{ (ansible_host in journald_remote_targets) | ternary('yes', 'no') }}"
+    execstarts: >-
+      {{ systemd_utils_prefix }}/systemd-journal-upload
+      --save-state
+      --merge
+      --url={{ journald_remote_target_listen_proto }}://%i
+    dynamic_user: true
+    state_directory: systemd/journal-upload
+    template_arguments: "{{ journald_remote_targets | map('regex_replace', '$', ':' ~ journald_remote_target_listen_port) | list }}"
+
+_journald_remote_target_services:
+  - service_name: "systemd-journal-remote"
+    enabled: "{{ (ansible_host in journald_remote_targets) | ternary('yes', 'no') }}"
+    state: "{{ (ansible_host in journald_remote_targets) | ternary('started', 'stopped') }}"
+    masked: "{{ (ansible_host in journald_remote_targets) | ternary('no', 'yes') }}"
+    execstarts: >-
+      {{ journald_remote_systemd_prefix }}/systemd-journal-remote
+      --listen-{{ journald_remote_target_listen_proto }}={{ (journald_remote_target_listen_address | ansible.netcommon.ipaddr is string) | ternary([journald_remote_target_listen_address, journald_remote_target_listen_port] | join(':'), '-3') }}
+      --split-mode=host
+      --compress
+      --seal
+      --output={{ journald_remote_log_path }}/
+    config_overrides:
+      Unit:
+        Requires: "systemd-journal-remote.socket"

roles/journald_remote/vars/redhat.yml

@@ -0,0 +1,18 @@
+---
+# Copyright 2018, Rackspace US, Inc.
+# Copyright 2022, City Network International AB.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+journald_remote_distro_packages:
+  - systemd-journal-gateway