Skip to content

Commit

Permalink
Merge pull request #495 from jay7x/system_conf
Browse files Browse the repository at this point in the history
Manage {system,user}.conf values
  • Loading branch information
jay7x authored Oct 30, 2024
2 parents af1dceb + 3624d7a commit 291b9e1
Show file tree
Hide file tree
Showing 14 changed files with 499 additions and 26 deletions.
198 changes: 195 additions & 3 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
* `systemd::networkd`: This class provides an abstract way to trigger systemd-networkd
* `systemd::oomd`: This class manages and configures oomd.
* `systemd::resolved`: This class provides an abstract way to trigger resolved.
* `systemd::system`: This class provides a solution to enable accounting
* `systemd::service_manager`: This class provides a solution to manage system and/or user service manager settings
* `systemd::timedatectl`: This class provides an abstract way to set elements with timedatectl
* `systemd::timesyncd`: This class provides an abstract way to trigger systemd-timesyncd
* `systemd::udevd`: This class manages systemd's udev config
Expand Down Expand Up @@ -54,15 +54,24 @@

### Data types

* [`Systemd::Boolean`](#Systemd--Boolean): Defines systemd boolean type representation
* [`Systemd::Boolean::False`](#Systemd--Boolean--False): Defines systemd boolean "false" type representation
* [`Systemd::Boolean::True`](#Systemd--Boolean--True): Defines systemd boolean "true" type representation
* [`Systemd::Capabilities`](#Systemd--Capabilities): Defines allowed capabilities
* [`Systemd::CoredumpSettings`](#Systemd--CoredumpSettings): Configurations for coredump.conf
* [`Systemd::Dropin`](#Systemd--Dropin): custom datatype that validates filenames/paths for valid systemd dropin files
* [`Systemd::JournaldSettings`](#Systemd--JournaldSettings): Matches Systemd journald config Struct
* [`Systemd::JournaldSettings::Ensure`](#Systemd--JournaldSettings--Ensure): defines allowed ensure states for systemd-journald settings
* [`Systemd::LogLevel`](#Systemd--LogLevel): Defines allowed log levels
* [`Systemd::LogindSettings`](#Systemd--LogindSettings): Matches Systemd Login Manager Struct
* [`Systemd::LogindSettings::Ensure`](#Systemd--LogindSettings--Ensure): defines allowed ensure states for systemd-logind settings
* [`Systemd::MachineInfoSettings`](#Systemd--MachineInfoSettings): Matches Systemd machine-info (hostnamectl) file Struct
* [`Systemd::OomdSettings`](#Systemd--OomdSettings): Configurations for oomd.conf
* [`Systemd::Output`](#Systemd--Output): Defines allowed output values
* [`Systemd::ServiceLimits`](#Systemd--ServiceLimits): Deprecated - Matches Systemd Service Limit Struct
* [`Systemd::ServiceManagerSettings`](#Systemd--ServiceManagerSettings): Matches Systemd system.conf/user.conf settings
* [`Systemd::SettingEnsure`](#Systemd--SettingEnsure): Defines allowed ensure states for an ini_setting
* [`Systemd::Timespan`](#Systemd--Timespan): Defines a timespan type
* [`Systemd::Unit`](#Systemd--Unit): custom datatype that validates different filenames for systemd units and unit templates
* [`Systemd::Unit::Amount`](#Systemd--Unit--Amount): Systemd definition of amount, often bytes or united bytes
* [`Systemd::Unit::AmountOrPercent`](#Systemd--Unit--AmountOrPercent): Systemd definition of amount, often bytes or united bytes
Expand Down Expand Up @@ -156,6 +165,10 @@ The following parameters are available in the `systemd` class:
* [`oomd_ensure`](#-systemd--oomd_ensure)
* [`oomd_settings`](#-systemd--oomd_settings)
* [`udev_purge_rules`](#-systemd--udev_purge_rules)
* [`manage_system_conf`](#-systemd--manage_system_conf)
* [`system_settings`](#-systemd--system_settings)
* [`manage_user_conf`](#-systemd--manage_user_conf)
* [`user_settings`](#-systemd--user_settings)

##### <a name="-systemd--default_target"></a>`default_target`

Expand Down Expand Up @@ -612,15 +625,18 @@ Default value: `'/etc/systemd/network'`

Data type: `Boolean`

when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units
When enabled, the different accounting options (network traffic, IO,
CPU util...) are enabled for units.

Default value: `false`

##### <a name="-systemd--accounting"></a>`accounting`

Data type: `Hash[String,String]`

Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera.
Hash of the different accounting options. This highly depends on the used
systemd version. The module provides sane defaults per operating system
using Hiera.

Default value: `{}`

Expand Down Expand Up @@ -696,6 +712,42 @@ Toggle if unmanaged files in /etc/udev/rules.d should be purged if manage_udevd

Default value: `false`

##### <a name="-systemd--manage_system_conf"></a>`manage_system_conf`

Data type: `Boolean`

Should system service manager configurations be managed

Default value: `false`

##### <a name="-systemd--system_settings"></a>`system_settings`

Data type: `Systemd::ServiceManagerSettings`

Config Hash that is used to configure settings in system.conf
NOTE: It's currently impossible to have multiple entries of the same key in
the settings.

Default value: `{}`

##### <a name="-systemd--manage_user_conf"></a>`manage_user_conf`

Data type: `Boolean`

Should user service manager configurations be managed

Default value: `false`

##### <a name="-systemd--user_settings"></a>`user_settings`

Data type: `Systemd::ServiceManagerSettings`

Config Hash that is used to configure settings in user.conf
NOTE: It's currently impossible to have multiple entries of the same key in
the settings.

Default value: `{}`

### <a name="systemd--tmpfiles"></a>`systemd::tmpfiles`

Update the systemd temp files
Expand Down Expand Up @@ -2587,6 +2639,30 @@ Use path (-p) ornon-path style escaping.

## Data types

### <a name="Systemd--Boolean"></a>`Systemd::Boolean`

Defines systemd boolean type representation

Alias of `Variant[Systemd::Boolean::True, Systemd::Boolean::False]`

### <a name="Systemd--Boolean--False"></a>`Systemd::Boolean::False`

Defines systemd boolean "false" type representation

Alias of `Variant[Integer[0,0], Enum['no', 'false'], Boolean[false]]`

### <a name="Systemd--Boolean--True"></a>`Systemd::Boolean::True`

Defines systemd boolean "true" type representation

Alias of `Variant[Integer[1], Enum['yes', 'true'], Boolean[true]]`

### <a name="Systemd--Capabilities"></a>`Systemd::Capabilities`

Defines allowed capabilities

Alias of `Variant[Pattern[/^~?(CAP_[A-Z_]+ *)+$/]]`

### <a name="Systemd--CoredumpSettings"></a>`Systemd::CoredumpSettings`

Configurations for coredump.conf
Expand Down Expand Up @@ -2661,6 +2737,12 @@ defines allowed ensure states for systemd-journald settings

Alias of `Struct[{ 'ensure' => Enum['present','absent'] }]`

### <a name="Systemd--LogLevel"></a>`Systemd::LogLevel`

Defines allowed log levels

Alias of `Variant[Enum['emerg','alert','crit','err','warning','notice','info','debug'], Integer[0,7]]`

### <a name="Systemd--LogindSettings"></a>`Systemd::LogindSettings`

Matches Systemd Login Manager Struct
Expand Down Expand Up @@ -2738,6 +2820,12 @@ Struct[{
}]
```

### <a name="Systemd--Output"></a>`Systemd::Output`

Used in DefaultStandardOutput/DefaultStandardError e.g.

Alias of `Enum['inherit', 'null', 'tty', 'journal', 'journal+console', 'kmsg', 'kmsg+console']`

### <a name="Systemd--ServiceLimits"></a>`Systemd::ServiceLimits`

Deprecated - Matches Systemd Service Limit Struct
Expand Down Expand Up @@ -2791,6 +2879,110 @@ Struct[{
}]
```

### <a name="Systemd--ServiceManagerSettings"></a>`Systemd::ServiceManagerSettings`

NOTE: Systemd::SettingEnsure here allows to delete the setting from the INI
file. See the example below for Hiera:

```yaml
systemd::system_settings:
LogLevel:
ensure: absent
```
* **See also**
* https://www.freedesktop.org/software/systemd/man/latest/systemd-system.conf.html
Alias of
```puppet
Struct[{
Optional['LogLevel'] => Variant[Systemd::LogLevel, Systemd::SettingEnsure],
Optional['LogTarget'] => Variant[Enum['console','console-prefixed','kmsg','journal','journal-or-kmsg','auto','null'], Systemd::SettingEnsure],
Optional['LogColor'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['LogLocation'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['LogTime'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['DumpCore'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['ShowStatus'] => Variant[Systemd::Boolean, Enum['auto','error'], Systemd::SettingEnsure],
Optional['CrashChangeVT'] => Variant[Systemd::Boolean, Integer[1,63], Systemd::SettingEnsure],
Optional['CrashShell'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['CrashReboot'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Obsoleted by CrashAction in v256, delete after Debian 12 EOL
Optional['CrashAction'] => Variant[Enum['freeze', 'reboot', 'poweroff'], Systemd::SettingEnsure],
Optional['CtrlAltDelBurstAction'] => Variant[Enum['reboot-force','poweroff-force','reboot-immediate','poweroff-immediate','none'], Systemd::SettingEnsure],
Optional['CPUAffinity'] => Variant[Enum['numa'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure],
Optional['NUMAPolicy'] => Variant[Enum['default','preferred','bind','interleave','local'], Systemd::SettingEnsure],
Optional['NUMAMask'] => Variant[Enum['all'], Pattern['^[0-9, -]+$'], Systemd::SettingEnsure],
Optional['RuntimeWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
Optional['RuntimeWatchdogPreSec'] => Variant[Enum['off'], Systemd::Timespan, Systemd::SettingEnsure],
Optional['RuntimeWatchdogPreGovernor'] => Variant[Enum['noop', 'panic'], String[1], Systemd::SettingEnsure],
Optional['RebootWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
Optional['KExecWatchdogSec'] => Variant[Enum['off','default'], Systemd::Timespan, Systemd::SettingEnsure],
Optional['WatchdogDevice'] => Variant[Stdlib::Absolutepath, Systemd::SettingEnsure],
Optional['CapabilityBoundingSet'] => Variant[Systemd::Capabilities, Systemd::SettingEnsure],
Optional['NoNewPrivileges'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['ProtectSystem'] => Variant[Enum['auto'], Systemd::Boolean, Systemd::SettingEnsure],
Optional['SystemCallArchitectures'] => Variant[String[1], Systemd::SettingEnsure],
Optional['TimerSlackNSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
Optional['StatusUnitFormat'] => Variant[Enum['combined','description','name'], Systemd::SettingEnsure],
Optional['DefaultTimerAccuracySec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
Optional['DefaultStandardOutput'] => Variant[Systemd::Output, Systemd::SettingEnsure],
Optional['DefaultStandardError'] => Variant[Systemd::Output, Systemd::SettingEnsure],
Optional['DefaultTimeoutStartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
Optional['DefaultTimeoutStopSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
Optional['DefaultTimeoutAbortSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
Optional['DefaultDeviceTimeoutSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
Optional['DefaultRestartSec'] => Variant[Systemd::Timespan, Systemd::SettingEnsure],
Optional['DefaultStartLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure],
Optional['DefaultStartLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure],
Optional['DefaultEnvironment'] => Variant[String, Systemd::SettingEnsure],
Optional['ManagerEnvironment'] => Variant[String, Systemd::SettingEnsure],
Optional['DefaultCPUAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['DefaultBlockIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure], # Deprecated in v252. Delete after Debian 11 EOL
Optional['DefaultIOAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['DefaultIPAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['DefaultMemoryAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['DefaultTasksAccounting'] => Variant[Systemd::Boolean, Systemd::SettingEnsure],
Optional['DefaultTasksMax'] => Variant[Enum['infinity'], Integer[0], Systemd::Unit::Percent, Systemd::SettingEnsure],
Optional['DefaultLimitCPU'] => Variant[Enum['infinity'], Pattern['^\d+(s|m|h|d|w|M|y)?(:\d+(s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure],
Optional['DefaultLimitFSIZE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitDATA'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitSTACK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitCORE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitRSS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitNOFILE'] => Variant[Integer[-1], Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure],
Optional['DefaultLimitAS'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitNPROC'] => Variant[Integer[-1],Pattern['^(infinity|\d+(:(infinity|\d+))?)$'], Systemd::SettingEnsure],
Optional['DefaultLimitMEMLOCK'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitLOCKS'] => Variant[Integer[1], Systemd::SettingEnsure],
Optional['DefaultLimitSIGPENDING'] => Variant[Integer[1], Systemd::SettingEnsure],
Optional['DefaultLimitMSGQUEUE'] => Variant[Pattern['^(infinity|((\d+(K|M|G|T|P|E)?(:\d+(K|M|G|T|P|E)?)?)))$'], Systemd::SettingEnsure],
Optional['DefaultLimitNICE'] => Variant[Integer[0,40], Pattern['^(-\+([0-1]?[0-9]|20))|([0-3]?[0-9]|40)$'], Systemd::SettingEnsure],
Optional['DefaultLimitRTPRIO'] => Variant[Integer[0], Systemd::SettingEnsure],
Optional['DefaultLimitRTTIME'] => Variant[Pattern['^\d+(ms|s|m|h|d|w|M|y)?(:\d+(ms|s|m|h|d|w|M|y)?)?$'], Systemd::SettingEnsure],
Optional['DefaultOOMPolicy'] => Variant[Enum['continue', 'stop','kill'], Systemd::SettingEnsure],
Optional['DefaultSmackProcessLabel'] => Variant[String, Systemd::SettingEnsure],
Optional['ReloadLimitIntervalSec'] => Variant[Enum['infinity'], Systemd::Timespan, Systemd::SettingEnsure],
Optional['ReloadLimitBurst'] => Variant[Integer[0], Systemd::SettingEnsure],
Optional['DefaultMemoryPressureWatch'] => Variant[Systemd::SettingEnsure],
Optional['DefaultMemoryPressureThresholdSec'] => Variant[Systemd::SettingEnsure],
}]
```

### <a name="Systemd--SettingEnsure"></a>`Systemd::SettingEnsure`

Defines allowed ensure states for an ini_setting

Alias of `Struct[{ 'ensure' => Enum['absent'] }]`

### <a name="Systemd--Timespan"></a>`Systemd::Timespan`

Defines a timespan type

* **See also**
* https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html

Alias of `Variant[Integer[0], Pattern[/^([0-9]+ *(usec|us|msec|ms|seconds?|sec|s|minutes?|min|m|hours?|hr|h|days?|d|weeks?|w|months?|M|years?|y)? *)+$/]]`

### <a name="Systemd--Unit"></a>`Systemd::Unit`

custom datatype that validates different filenames for systemd units and unit templates
Expand Down
32 changes: 28 additions & 4 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -188,10 +188,13 @@
# where all networkd files are placed in
#
# @param manage_accounting
# when enabled, the different accounting options (network traffic, IO, CPU util...) are enabled for units
# When enabled, the different accounting options (network traffic, IO,
# CPU util...) are enabled for units.
#
# @param accounting
# Hash of the different accounting options. This highly depends on the used systemd version. The module provides sane defaults per operating system using Hiera.
# Hash of the different accounting options. This highly depends on the used
# systemd version. The module provides sane defaults per operating system
# using Hiera.
#
# @param purge_dropin_dirs
# When enabled, unused directories for dropin files will be purged
Expand Down Expand Up @@ -219,6 +222,22 @@
#
# @param udev_purge_rules
# Toggle if unmanaged files in /etc/udev/rules.d should be purged if manage_udevd is enabled
#
# @param manage_system_conf
# Should system service manager configurations be managed
#
# @param system_settings
# Config Hash that is used to configure settings in system.conf
# NOTE: It's currently impossible to have multiple entries of the same key in
# the settings.
#
# @param manage_user_conf
# Should user service manager configurations be managed
#
# @param user_settings
# Config Hash that is used to configure settings in user.conf
# NOTE: It's currently impossible to have multiple entries of the same key in
# the settings.
class systemd (
Optional[Pattern['^.+\.target$']] $default_target = undef,
Hash[String,String] $accounting = {},
Expand Down Expand Up @@ -284,6 +303,10 @@
Enum['stopped','running'] $oomd_ensure = 'running',
Systemd::OomdSettings $oomd_settings = {},
Boolean $udev_purge_rules = false,
Boolean $manage_system_conf = false,
Systemd::ServiceManagerSettings $system_settings = {},
Boolean $manage_user_conf = false,
Systemd::ServiceManagerSettings $user_settings = {},
) {
contain systemd::install

Expand Down Expand Up @@ -347,8 +370,9 @@
contain systemd::udevd
}

if $manage_accounting {
contain systemd::system
# $manage_accounting is retained for backward compatibility
if $manage_accounting or $manage_system_conf or $manage_user_conf {
contain systemd::service_manager
}

unless empty($machine_info_settings) {
Expand Down
Loading

0 comments on commit 291b9e1

Please sign in to comment.