Enable less noisy journaling

Enable persistent journals and link the container journal to the host by
default.

Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

handlers/main.yml

@@ -71,3 +71,14 @@
     path: "/usr/sbin/policy-rc.d"
     state: absent
   changed_when: false
+
+- name: Create tmpfiles structure in journald
+  command: "systemd-tmpfiles --create --prefix /var/log/journal"
+  tags:
+    - skip_ansible_lint
+
+- name: Restart systemd-journald
+  service:
+    name: systemd-journald
+    state: restarted
+    enabled: yes

tasks/main.yml

@@ -81,6 +81,26 @@
   with_items:
     - /etc/systemd/nspawn
     - /etc/systemd/network
+    - /etc/systemd/journald.conf.d
+    - /var/log/journal
+  notify:
+    - Create tmpfiles structure in journald
+
+- name: Create journald tempfiles
+  template:
+    src: "systemd-journald-tmpfiles.j2"
+    dest: "/etc/tmpfiles.d/systemd-journald.conf"
+  notify:
+    - Create tmpfiles structure in journald
+    - Restart systemd-journald
+
+- name: Create journald tempfiles
+  template:
+    src: "systemd-journald-nspawn_host.conf.j2"
+    dest: "/etc/systemd/journald.conf.d/systemd-journald-nspawn_host.conf"
+  notify:
+    - Create tmpfiles structure in journald
+    - Restart systemd-journald
 
 - include: nspawn_cache_prestage.yml
   tags:

tasks/nspawn_volume.yml

@@ -73,7 +73,7 @@
 - name: Disable the machinectl quota system
   block:
     - name: Disable the machinectl quota system
-      command: "btrfs quota {{ nspawn_host_machine_quota_disabled | bool | ternary('disable', 'enabled') }} /var/lib/machines"
+      command: "btrfs quota {{ nspawn_host_machine_quota_disabled | bool | ternary('disable', 'enable') }} /var/lib/machines"
       changed_when: false
       register: machines_create
       args:

templates/prep-scripts/nspawn_centos_prep.sh.j2

@@ -39,9 +39,12 @@ yum-complete-transaction --cleanup-only
 rm -f /tmp/package-transaction.txt
 
 rm -f /usr/bin/python || true
-
 ln -s /usr/bin/python2.7 /usr/bin/python
 
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+
+userdel --force --remove centos || true
 chage -I -1 -d -1 -m 0 -M 99999 -E -1 root
 
 {% for key, value in (container_networks | combine(nspawn_networks)).items() %}

templates/prep-scripts/nspawn_ubuntu_prep.sh.j2

@@ -38,6 +38,9 @@ rm /var/cache/apt/archives/lock || true
 rm -f /usr/bin/python || true
 ln -s /usr/bin/python2.7 /usr/bin/python
 
+rm /etc/machine-id || true
+rm /var/lib/dbus/machine-id || true
+
 mkdir -p /root/.ssh
 chmod 700 /root/.ssh
 

templates/systemd-journald-nspawn_host.conf.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+[Journal]
+Storage=persistent
+Compress=yes

templates/systemd-journald-tmpfiles.j2

@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+D /var/log/journal 0755 root systemd-journal

templates/systemd-nspawn@.service.j2

@@ -16,9 +16,9 @@ After=network.target
 
 [Service]
 {% if nspawn_systemd_version | int > 219 %}
-ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-guest --settings=override --machine=%I
+ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host --settings=override --machine=%I
 {% else %}
-ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-guest --machine=%I
+ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host --machine=%I
 {% endif %}
 KillMode=mixed
 Type=notify
@@ -26,7 +26,7 @@ RestartForceExitStatus=133
 SuccessExitStatus=133
 Slice=machine.slice
 Delegate=yes
-TasksMax=8192
+TasksMax=16384
 
 # Enforce a strict device policy, similar to the one nspawn configures
 # when it allocates its own scope unit. Make sure to keep these