debops.journald default variables¶
Sections
General options¶
-
journald__enabled
¶
Enable or disable management of the systemd-journald service by the role.
journald__enabled: '{{ True
if (ansible_service_mgr == "systemd")
else False }}'
-
journald__version
¶
The version of the systemd-journald service installed on the host. It will be automatically defined by the Ansible local fact script.
journald__version: '{{ ansible_local.journald.version | d("0") }}'
Journal storage configuration¶
-
journald__storage
¶
Select the storage type of the journal logs. Supported types: auto
,
persistent
, volatile
, none
.
journald__storage: 'auto'
-
journald__persistent_state
¶
Set the desired state of the persistent journal storage directory
(/var/log/journal/
). If set to absent
, the directory will be
removed by the role.
By default the role will not enable persistent journal if the
/var/log/journal/
directory is not already present, but it will be
kept persistent if it is used. This is due to slow journalctl and
systemctl command operation with large persistent journals.
See https://github.com/systemd/systemd/issues/2460 for more details.
journald__persistent_state: '{{ "absent"
if (journald__storage == "none")
else ("present"
if (ansible_local.journald.persistent|d())|bool
else "absent") }}'
Forward Secure Sealing¶
-
journald__fss_enabled
¶
Enable or disable Forward Secure Sealing done by the
systemd-journald service. If enabled, the role will create the
sealing keys if they are not already present on the hosts, and will save the
verification keys in the secret/journal/fss/
directory on the Ansible
Controller. See Forward Secure Sealing for more details.
journald__fss_enabled: '{{ True
if (journald__persistent_state == "present")
else False }}'
-
journald__fss_interval
¶
Specify the interval between log sealing as well as the sealing key rotation. The default is 15 minutes; shorter times may incur more host resource usage.
journald__fss_interval: '15min'
-
journald__fss_verify_key_path
¶
Directory on the Ansible Host where the FSS verification key will be stored.
By default it's stored relative to the secret/
directory in the
DebOps project directory. See debops.secret role for more details.
journald__fss_verify_key_path: '{{ "journald/fss/" + inventory_hostname + "/verify_key" }}'
-
journald__fss_verify_key
¶
The contents of the FSS verification key file stored on the Ansible Controller, used by the log verification task (not run by the role by default).
journald__fss_verify_key: '{{ lookup("file", secret + "/" + journald__fss_verify_key_path) }}'
Main systemd-journald configuration¶
These variables define the contents of the
/etc/systemd/journald.conf.d/ansible.conf
which controls the
systemd-journald operation. See journald__configuration
for more details.
-
journald__default_configuration
¶
The systemd-journald configuration defined by the role.
journald__default_configuration:
- name: 'Storage'
value: '{{ journald__storage }}'
state: '{{ "init"
if (journald__storage == "auto")
else "present" }}'
- name: 'Compress'
value: True
state: 'init'
- name: 'Seal'
value: '{{ journald__fss_enabled }}'
state: '{{ "init" if journald__fss_enabled|bool else "present" }}'
- name: 'SplitMode'
value: 'uid'
state: 'init'
- name: 'SyncIntervalSec'
value: '5m'
state: 'init'
- name: 'RateLimitIntervalSec'
value: '30s'
state: 'init'
- name: 'RateLimitBurst'
value: 10000
state: 'init'
- name: 'SystemMaxUse'
value: ''
state: 'init'
- name: 'SystemKeepFree'
value: ''
state: 'init'
- name: 'SystemMaxFileSize'
value: ''
state: 'init'
- name: 'SystemMaxFiles'
value: 100
state: 'init'
- name: 'RuntimeMaxUse'
value: ''
state: 'init'
- name: 'RuntimeKeepFree'
value: ''
state: 'init'
- name: 'RuntimeMaxFileSize'
value: ''
state: 'init'
- name: 'RuntimeMaxFiles'
value: 100
state: 'init'
- name: 'MaxRetentionSec'
value: ''
state: 'init'
- name: 'MaxFileSec'
value: '1month'
state: 'init'
- name: 'ForwardToSyslog'
value: True
state: 'init'
- name: 'ForwardToKMsg'
value: False
state: 'init'
- name: 'ForwardToConsole'
value: False
state: 'init'
- name: 'ForwardToWall'
value: True
state: 'init'
- name: 'TTYPath'
value: '/dev/console'
state: 'init'
- name: 'MaxLevelStore'
value: 'debug'
state: 'init'
- name: 'MaxLevelSyslog'
value: 'debug'
state: 'init'
- name: 'MaxLevelKMsg'
value: 'notice'
state: 'init'
- name: 'MaxLevelConsole'
value: 'info'
state: 'init'
- name: 'MaxLevelWall'
value: 'emerg'
state: 'init'
- name: 'LineMax'
value: '48K'
state: 'init'
- name: 'ReadKMsg'
value: True
state: 'init'
-
journald__configuration
¶
The systemd-journald configuration defined on all hosts in the Ansible inventory.
journald__configuration: []
-
journald__group_configuration
¶
The systemd-journald configuration defined on hosts in a specific Ansible inventory group.
journald__group_configuration: []
-
journald__host_configuration
¶
The systemd-journald configuration defined on specific hosts in the Ansible inventory.
journald__host_configuration: []
-
journald__combined_configuration
¶
The variable which combines all other systemd-journald configuration variables and is used in the role tasks and templates.
journald__combined_configuration: '{{ journald__default_configuration
+ journald__configuration
+ journald__group_configuration
+ journald__host_configuration }}'