debops.journald default variables
Sections
General options
- journald__enabled
Enable or disable management of the systemd-journald service by the role.
journald__enabled: '{{ True
if (ansible_service_mgr == "systemd")
else False }}'
- journald__version
The version of the systemd-journald service installed on the host. It will be automatically defined by the Ansible local fact script.
journald__version: '{{ ansible_local.journald.version | d("0") }}'
Journal storage configuration
- journald__storage
Select the storage type of the journal logs. Supported types: auto
,
persistent
, volatile
, none
.
journald__storage: 'auto'
- journald__persistent_state
Set the desired state of the persistent journal storage directory
(/var/log/journal/
). If set to absent
, the directory will be
removed by the role.
By default the role will not enable persistent journal if the
/var/log/journal/
directory is not already present, but it will be
kept persistent if it is used. This is due to slow journalctl and
systemctl command operation with large persistent journals.
See https://github.com/systemd/systemd/issues/2460 for more details.
journald__persistent_state: '{{ "absent"
if (journald__storage == "none")
else ("present"
if (ansible_local.journald.persistent | d()) | bool
else "absent") }}'
Forward Secure Sealing
- journald__fss_enabled
Enable or disable Forward Secure Sealing done by the
systemd-journald service. If enabled, the role will create the
sealing keys if they are not already present on the hosts, and will save the
verification keys in the secret/journal/fss/
directory on the Ansible
Controller. See Forward Secure Sealing for more details.
journald__fss_enabled: '{{ True
if (journald__persistent_state == "present")
else False }}'
- journald__fss_interval
Specify the interval between log sealing as well as the sealing key rotation. The default is 15 minutes; shorter times may incur more host resource usage.
journald__fss_interval: '15min'
- journald__fss_verify_key_path
Directory on the Ansible Host where the FSS verification key will be stored.
By default it's stored relative to the secret/
directory in the
DebOps project directory. See debops.secret role for more details.
journald__fss_verify_key_path: '{{ "journald/fss/" + inventory_hostname + "/verify_key" }}'
- journald__fss_verify_key
The contents of the FSS verification key file stored on the Ansible Controller, used by the log verification task (not run by the role by default).
journald__fss_verify_key: '{{ lookup("file", secret + "/" + journald__fss_verify_key_path) }}'
Main systemd-journald configuration
These variables define the contents of the
/etc/systemd/journald.conf.d/ansible.conf
which controls the
systemd-journald operation. See journald__configuration
for more details.
- journald__default_configuration
The systemd-journald configuration defined by the role.
journald__default_configuration:
- name: 'Storage'
value: '{{ journald__storage }}'
state: '{{ "init"
if (journald__storage == "auto")
else "present" }}'
- name: 'Compress'
value: True
state: 'init'
- name: 'Seal'
value: '{{ journald__fss_enabled }}'
state: '{{ "init" if journald__fss_enabled | bool else "present" }}'
- name: 'SplitMode'
value: 'uid'
state: 'init'
- name: 'SyncIntervalSec'
value: '5m'
state: 'init'
- name: 'RateLimitIntervalSec'
value: '30s'
state: 'init'
- name: 'RateLimitBurst'
value: 10000
state: 'init'
- name: 'SystemMaxUse'
value: ''
state: 'init'
- name: 'SystemKeepFree'
value: ''
state: 'init'
- name: 'SystemMaxFileSize'
value: ''
state: 'init'
- name: 'SystemMaxFiles'
value: 100
state: 'init'
- name: 'RuntimeMaxUse'
value: ''
state: 'init'
- name: 'RuntimeKeepFree'
value: ''
state: 'init'
- name: 'RuntimeMaxFileSize'
value: ''
state: 'init'
- name: 'RuntimeMaxFiles'
value: 100
state: 'init'
- name: 'MaxRetentionSec'
value: ''
state: 'init'
- name: 'MaxFileSec'
value: '1month'
state: 'init'
- name: 'ForwardToSyslog'
value: True
state: 'init'
- name: 'ForwardToKMsg'
value: False
state: 'init'
- name: 'ForwardToConsole'
value: False
state: 'init'
- name: 'ForwardToWall'
value: True
state: 'init'
- name: 'TTYPath'
value: '/dev/console'
state: 'init'
- name: 'MaxLevelStore'
value: 'debug'
state: 'init'
- name: 'MaxLevelSyslog'
value: 'debug'
state: 'init'
- name: 'MaxLevelKMsg'
value: 'notice'
state: 'init'
- name: 'MaxLevelConsole'
value: 'info'
state: 'init'
- name: 'MaxLevelWall'
value: 'emerg'
state: 'init'
- name: 'LineMax'
value: '48K'
state: 'init'
- name: 'ReadKMsg'
value: True
state: 'init'
- journald__configuration
The systemd-journald configuration defined on all hosts in the Ansible inventory.
journald__configuration: []
- journald__group_configuration
The systemd-journald configuration defined on hosts in a specific Ansible inventory group.
journald__group_configuration: []
- journald__host_configuration
The systemd-journald configuration defined on specific hosts in the Ansible inventory.
journald__host_configuration: []
- journald__combined_configuration
The variable which combines all other systemd-journald configuration variables and is used in the role tasks and templates.
journald__combined_configuration: '{{ journald__default_configuration
+ journald__configuration
+ journald__group_configuration
+ journald__host_configuration }}'