diff --git a/handlers/main.yml b/handlers/main.yml index 0edb630..8ce0069 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -71,3 +71,14 @@ path: "/usr/sbin/policy-rc.d" state: absent changed_when: false + +- name: Create tmpfiles structure in journald + command: "systemd-tmpfiles --create --prefix /var/log/journal" + tags: + - skip_ansible_lint + +- name: Restart systemd-journald + service: + name: systemd-journald + state: restarted + enabled: yes diff --git a/tasks/main.yml b/tasks/main.yml index 3666836..6318b5a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -81,6 +81,26 @@ with_items: - /etc/systemd/nspawn - /etc/systemd/network + - /etc/systemd/journald.conf.d + - /var/log/journal + notify: + - Create tmpfiles structure in journald + +- name: Create journald tempfiles + template: + src: "systemd-journald-tmpfiles.j2" + dest: "/etc/tmpfiles.d/systemd-journald.conf" + notify: + - Create tmpfiles structure in journald + - Restart systemd-journald + +- name: Create journald tempfiles + template: + src: "systemd-journald-nspawn_host.conf.j2" + dest: "/etc/systemd/journald.conf.d/systemd-journald-nspawn_host.conf" + notify: + - Create tmpfiles structure in journald + - Restart systemd-journald - include: nspawn_cache_prestage.yml tags: diff --git a/tasks/nspawn_volume.yml b/tasks/nspawn_volume.yml index 676ebc0..8e145ce 100644 --- a/tasks/nspawn_volume.yml +++ b/tasks/nspawn_volume.yml @@ -73,7 +73,7 @@ - name: Disable the machinectl quota system block: - name: Disable the machinectl quota system - command: "btrfs quota {{ nspawn_host_machine_quota_disabled | bool | ternary('disable', 'enabled') }} /var/lib/machines" + command: "btrfs quota {{ nspawn_host_machine_quota_disabled | bool | ternary('disable', 'enable') }} /var/lib/machines" changed_when: false register: machines_create args: diff --git a/templates/prep-scripts/nspawn_centos_prep.sh.j2 b/templates/prep-scripts/nspawn_centos_prep.sh.j2 index 79d0168..33ba123 100644 --- a/templates/prep-scripts/nspawn_centos_prep.sh.j2 +++ b/templates/prep-scripts/nspawn_centos_prep.sh.j2 @@ -39,9 +39,12 @@ yum-complete-transaction --cleanup-only rm -f /tmp/package-transaction.txt rm -f /usr/bin/python || true - ln -s /usr/bin/python2.7 /usr/bin/python +rm /etc/machine-id || true +rm /var/lib/dbus/machine-id || true + +userdel --force --remove centos || true chage -I -1 -d -1 -m 0 -M 99999 -E -1 root {% for key, value in (container_networks | combine(nspawn_networks)).items() %} diff --git a/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2 b/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2 index 9077a96..d8f9c1a 100644 --- a/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2 +++ b/templates/prep-scripts/nspawn_ubuntu_prep.sh.j2 @@ -38,6 +38,9 @@ rm /var/cache/apt/archives/lock || true rm -f /usr/bin/python || true ln -s /usr/bin/python2.7 /usr/bin/python +rm /etc/machine-id || true +rm /var/lib/dbus/machine-id || true + mkdir -p /root/.ssh chmod 700 /root/.ssh diff --git a/templates/systemd-journald-nspawn_host.conf.j2 b/templates/systemd-journald-nspawn_host.conf.j2 new file mode 100644 index 0000000..ea412a2 --- /dev/null +++ b/templates/systemd-journald-nspawn_host.conf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +[Journal] +Storage=persistent +Compress=yes diff --git a/templates/systemd-journald-tmpfiles.j2 b/templates/systemd-journald-tmpfiles.j2 new file mode 100644 index 0000000..73ab784 --- /dev/null +++ b/templates/systemd-journald-tmpfiles.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +D /var/log/journal 0755 root systemd-journal diff --git a/templates/systemd-nspawn@.service.j2 b/templates/systemd-nspawn@.service.j2 index ebc479d..299ec82 100644 --- a/templates/systemd-nspawn@.service.j2 +++ b/templates/systemd-nspawn@.service.j2 @@ -16,9 +16,9 @@ After=network.target [Service] {% if nspawn_systemd_version | int > 219 %} -ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-guest --settings=override --machine=%I +ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host --settings=override --machine=%I {% else %} -ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-guest --machine=%I +ExecStart=/usr/bin/systemd-nspawn --keep-unit --boot --link-journal=try-host --machine=%I {% endif %} KillMode=mixed Type=notify @@ -26,7 +26,7 @@ RestartForceExitStatus=133 SuccessExitStatus=133 Slice=machine.slice Delegate=yes -TasksMax=8192 +TasksMax=16384 # Enforce a strict device policy, similar to the one nspawn configures # when it allocates its own scope unit. Make sure to keep these