Convert infra-journal-remote playbook to role
This creates a role that can be re-usable outside of the OSA and distributed now as collection instead of the playbook infra-journal-remote.yml that was handling all tasks and logic. This also adds some features like being able to provide multiple destinations for journal and makes things more configurable. Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/816531 Change-Id: Iacfa3ac92aba39e75934f3cf0814fc4cff20d262
This commit is contained in:
parent
c1ba8b729a
commit
9bfa2597ed
47
roles/journald_remote/defaults/main.yml
Normal file
47
roles/journald_remote/defaults/main.yml
Normal file
@ -0,0 +1,47 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
journald_remote_package_state: "{{ package_state | default('present') }}"
|
||||
|
||||
journald_remote_log_path: /var/log/journal/remote
|
||||
journald_remote_system_user: systemd-journal-remote
|
||||
journald_remote_system_group: systemd-journal-remote
|
||||
journald_remote_system_slice_name: systemd-journal-remote
|
||||
journald_remote_systemd_prefix: "/lib/systemd"
|
||||
|
||||
journald_remote_targets: "{{ groups['log_hosts'] | map('extract', hostvars, 'ansible_host') | list }}"
|
||||
|
||||
# Must be either a negative integer, in which case it will be interpreted as the (negated)
|
||||
# file descriptor number, or an address suitable for ListenStream.
|
||||
# Please reference doc: https://www.freedesktop.org/software/systemd/man/systemd-journal-remote.service.html
|
||||
journald_remote_target_listen_address: "{{ ansible_host }}"
|
||||
journald_remote_target_listen_port: 19532
|
||||
journald_remote_target_listen_proto: http
|
||||
|
||||
journald_remote_max_files: "{{ ((((ansible_play_hosts_all | length) * 1.5) + (ansible_play_hosts_all | length)) // 1) | int }}"
|
||||
journald_remote_config_options:
|
||||
- key: RuntimeMaxFiles
|
||||
value: "{{ journald_remote_max_files }}"
|
||||
- key: RuntimeMaxFileSize
|
||||
value: "5G"
|
||||
- key: Compress
|
||||
value: "yes"
|
||||
- key: MaxFileSec
|
||||
value: "1d"
|
||||
- key: MaxRetentionSec
|
||||
value: "2d"
|
||||
|
||||
journald_remote_services: "{{ (ansible_host in journald_remote_targets) | ternary(_journald_remote_target_services, _journald_remote_source_services) }}"
|
28
roles/journald_remote/handlers/main.yml
Normal file
28
roles/journald_remote/handlers/main.yml
Normal file
@ -0,0 +1,28 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure systemd-journal-remote socket enabled
|
||||
systemd:
|
||||
name: systemd-journal-remote.socket
|
||||
enabled: yes
|
||||
state: started
|
||||
when:
|
||||
- (ansible_host in journald_remote_targets)
|
||||
|
||||
- name: Restart systemd-journald
|
||||
systemd:
|
||||
name: systemd-journald
|
||||
state: restarted
|
31
roles/journald_remote/tasks/journald_remote_install.yml
Normal file
31
roles/journald_remote/tasks/journald_remote_install.yml
Normal file
@ -0,0 +1,31 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Install systemd-journal-remote
|
||||
package:
|
||||
name: "{{ journald_remote_distro_packages }}"
|
||||
state: "{{ journald_remote_package_state }}"
|
||||
notify:
|
||||
- Ensure systemd-journal-remote socket enabled
|
||||
|
||||
- name: Create journald-remote log directory
|
||||
file:
|
||||
path: "{{ journald_remote_log_path }}"
|
||||
state: "directory"
|
||||
owner: "{{ journald_remote_system_user }}"
|
||||
group: "{{ journald_remote_system_group }}"
|
||||
when:
|
||||
- (ansible_host in journald_remote_targets)
|
41
roles/journald_remote/tasks/journald_remote_post_install.yml
Normal file
41
roles/journald_remote/tasks/journald_remote_post_install.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Ensure receiving hosts are tuned
|
||||
ini_file:
|
||||
path: "/etc/systemd/journald.conf"
|
||||
section: "{{ item.section | default('Journal') }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
option: "{{ item.key }}"
|
||||
value: "{{ item.value }}"
|
||||
backup: yes
|
||||
with_items: "{{ journald_remote_config_options }}"
|
||||
when:
|
||||
- (ansible_host in journald_remote_targets)
|
||||
notify:
|
||||
- Restart systemd-journald
|
||||
|
||||
- name: Setup journald services
|
||||
import_role:
|
||||
name: systemd_service
|
||||
vars:
|
||||
systemd_tempd_prefix: "openstack"
|
||||
systemd_slice_name: "{{ journald_remote_system_slice_name }}"
|
||||
systemd_CPUAccounting: true
|
||||
systemd_BlockIOAccounting: true
|
||||
systemd_MemoryAccounting: true
|
||||
systemd_TasksAccounting: true
|
||||
systemd_services: "{{ journald_remote_services }}"
|
43
roles/journald_remote/tasks/main.yml
Normal file
43
roles/journald_remote/tasks/main.yml
Normal file
@ -0,0 +1,43 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Gather variables for each operating system
|
||||
include_vars: "{{ lookup('first_found', params) }}"
|
||||
vars:
|
||||
params:
|
||||
files:
|
||||
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
|
||||
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
||||
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
||||
- "{{ ansible_facts['distribution'] | lower }}.yml"
|
||||
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml"
|
||||
- "{{ ansible_facts['os_family'] | lower }}.yml"
|
||||
paths:
|
||||
- "{{ role_path }}/vars"
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Install journald-remote packages
|
||||
import_tasks: journald_remote_install.yml
|
||||
tags:
|
||||
- journald-remote-install
|
||||
- journald-remote
|
||||
|
||||
- name: Configure journald-remote
|
||||
import_tasks: journald_remote_post_install.yml
|
||||
tags:
|
||||
- journald-remote-config
|
||||
- journald-remote
|
18
roles/journald_remote/vars/debian.yml
Normal file
18
roles/journald_remote/vars/debian.yml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
journald_remote_distro_packages:
|
||||
- systemd-journal-remote
|
45
roles/journald_remote/vars/main.yml
Normal file
45
roles/journald_remote/vars/main.yml
Normal file
@ -0,0 +1,45 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
_journald_remote_source_services:
|
||||
- service_name: "systemd-journal-upload@"
|
||||
enabled: "{{ (ansible_host in journald_remote_targets) | ternary('no', 'yes') }}"
|
||||
state: "{{ (ansible_host in journald_remote_targets) | ternary('stopped', 'started') }}"
|
||||
masked: "{{ (ansible_host in journald_remote_targets) | ternary('yes', 'no') }}"
|
||||
execstarts: >-
|
||||
{{ systemd_utils_prefix }}/systemd-journal-upload
|
||||
--save-state
|
||||
--merge
|
||||
--url={{ journald_remote_target_listen_proto }}://%i
|
||||
dynamic_user: true
|
||||
state_directory: systemd/journal-upload
|
||||
template_arguments: "{{ journald_remote_targets | map('regex_replace', '$', ':' ~ journald_remote_target_listen_port) | list }}"
|
||||
|
||||
_journald_remote_target_services:
|
||||
- service_name: "systemd-journal-remote"
|
||||
enabled: "{{ (ansible_host in journald_remote_targets) | ternary('yes', 'no') }}"
|
||||
state: "{{ (ansible_host in journald_remote_targets) | ternary('started', 'stopped') }}"
|
||||
masked: "{{ (ansible_host in journald_remote_targets) | ternary('no', 'yes') }}"
|
||||
execstarts: >-
|
||||
{{ journald_remote_systemd_prefix }}/systemd-journal-remote
|
||||
--listen-{{ journald_remote_target_listen_proto }}={{ (journald_remote_target_listen_address | ansible.netcommon.ipaddr is string) | ternary([journald_remote_target_listen_address, journald_remote_target_listen_port] | join(':'), '-3') }}
|
||||
--split-mode=host
|
||||
--compress
|
||||
--seal
|
||||
--output={{ journald_remote_log_path }}/
|
||||
config_overrides:
|
||||
Unit:
|
||||
Requires: "systemd-journal-remote.socket"
|
18
roles/journald_remote/vars/redhat.yml
Normal file
18
roles/journald_remote/vars/redhat.yml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
# Copyright 2018, Rackspace US, Inc.
|
||||
# Copyright 2022, City Network International AB.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
journald_remote_distro_packages:
|
||||
- systemd-journal-gateway
|
Loading…
Reference in New Issue
Block a user