--- # Copyright 2018, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Gather facts hosts: hosts gather_facts: "{{ osa_gather_facts | default(True) }}" tags: - always - name: Install Journal-Remote hosts: hosts gather_facts: false become: true handlers: - name: Restart systemd-journald systemd: name: systemd-journald state: restarted pre_tasks: # At this time there's no suitable package available for systemd-journal-remote/gateway # When installing on SUSE 42.x. For now this playbook will omit suse when the package # manager is "zypper". When a suitable package is available on SUSE this should be removed. - name: Omit suse from this playbook meta: end_play when: - ansible_facts['pkg_mgr'] == 'zypper' - name: Skip playbook if log_hosts group is empty meta: end_play when: - groups['log_hosts'] | length == 0 - name: Install systemd-journal-remote package: name: "{{ systemd_journal_remote_distro_package[ansible_facts['pkg_mgr']] }}" state: "{{ package_state }}" - name: Ensure systemd-journal-remote socket is enabled on receiving host systemd: name: systemd-journal-remote.socket enabled: yes state: started when: - (ansible_host == systemd_journal_remote_target) - name: Create journal directory file: path: "/var/log/journal" state: "directory" owner: "root" group: "systemd-journal" - name: Create journal remote directory file: path: "/var/log/journal/remote" state: "directory" owner: "systemd-journal-remote" group: "systemd-journal" - name: Ensure receiving hosts are tuned ini_file: path: "/etc/systemd/journald.conf" section: Journal option: "{{ item.key }}" value: "{{ item.value }}" backup: yes with_items: - key: RuntimeMaxFiles value: "{{ ((((groups['hosts'] | length) * 1.5) + (groups['hosts'] | length)) // 1) | int }}" - key: RuntimeMaxFileSize value: "5G" - key: Compress value: "yes" - key: MaxFileSec value: "1d" - key: MaxRetentionSec value: "2d" when: - (ansible_host == systemd_journal_remote_target) notify: - Restart systemd-journald roles: - role: "systemd_service" systemd_tempd_prefix: "openstack" systemd_CPUAccounting: true systemd_BlockIOAccounting: true systemd_MemoryAccounting: true systemd_TasksAccounting: true systemd_services: - service_name: "systemd-journal-remote" enabled: "{{ (ansible_host != systemd_journal_remote_target) | ternary('no', 'yes') }}" state: "{{ (ansible_host != systemd_journal_remote_target) | ternary('stopped', 'started') }}" execstarts: >- {{ systemd_utils_prefix }}/systemd-journal-remote --listen-http=-3 --split-mode=host --compress --seal --output=/var/log/journal/remote/ config_overrides: Unit: Requires: "systemd-journal-remote.socket" - service_name: "systemd-journal-upload" enabled: "{{ (ansible_host == systemd_journal_remote_target) | ternary('no', 'yes') }}" state: "{{ (ansible_host == systemd_journal_remote_target) | ternary('stopped', 'started') }}" execstarts: >- {{ systemd_utils_prefix }}/systemd-journal-upload --save-state --merge --url=http://{{ systemd_journal_remote_target }}:19532 dynamic_user: true state_directory: systemd/journal-upload vars: systemd_journal_remote_target: "{{ hostvars[groups['log_hosts'][0]]['ansible_host'] }}" systemd_journal_remote_distro_package: apt: "systemd-journal-remote" yum: "systemd-journal-gateway" dnf: "systemd-journal-gateway" tags: - journal-remote