From a3c9a1fd9417e125c9bcfb882a680253cabdd769 Mon Sep 17 00:00:00 2001
From: Cristian Falcas <cristi.falcas@gmail.com>
Date: Mon, 13 Jun 2016 12:22:19 +0300
Subject: [PATCH] add support to use forward-journald. This should fix
 SIGPIPE's sent to the daemon

---
 README.md                   | 35 ++++++++++++++++++++-
 manifests/config.pp         | 24 ++++++++++++--
 manifests/init.pp           | 63 ++++++++++++++++++++-----------------
 manifests/install.pp        |  2 +-
 manifests/params.pp         | 10 ++++++
 metadata.json               | 16 +++++-----
 templates/journald.conf.erb |  7 +++++
 7 files changed, 117 insertions(+), 40 deletions(-)
 create mode 100644 templates/journald.conf.erb

diff --git a/README.md b/README.md
index 7a57825..64c34ff 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,39 @@ Or:
     class { 'flannel':
       etcd_endpoints => "http://${::fqdn}:2379",
       etcd_prefix    => '/coreos.com/network',
-      configure_etcd => true,
       network        => '172.16.0.0/16',
     }
+
+Or using certificates:
+
+	  class { '::etcd':
+	    ensure                      => 'latest',
+	    etcd_name                   => $::hostname,
+	    # clients
+	    listen_client_urls          => 'https://0.0.0.0:2379',
+	    advertise_client_urls       => "https://${::fqdn}:2379",
+	    # clients ssl
+	    cert_file                   => '/etc/pki/puppet_certs/etcd/public_cert.pem',
+	    key_file                    => '/etc/pki/puppet_certs/etcd/private_cert.pem',
+	    trusted_ca_file             => '/etc/pki/puppet_certs/etcd/ca_cert.pem',
+	    # authorize clients
+	    client_cert_auth            => true,
+	    # cluster
+	    initial_cluster             => $initial_cluster,
+	    listen_peer_urls            => 'https://0.0.0.0:7001',
+	    initial_advertise_peer_urls => "https://${::fqdn}:7001",
+	    # peers ssl
+	    peer_cert_file              => '/etc/pki/puppet_certs/etcd/public_cert.pem',
+	    peer_key_file               => '/etc/pki/puppet_certs/etcd/private_cert.pem',
+	    peer_trusted_ca_file        => '/etc/pki/puppet_certs/etcd/ca_cert.pem',
+	    # authorize peers
+	    peer_client_cert_auth       => true,
+	  }
+
+## Journald forward:
+
+The class support a parameter called journald_forward_enable.
+
+This was added because of the PIPE signal that is sent to go programs when systemd-journald dies.
+
+For more information read here: https://github.com/projectatomic/forward-journald
diff --git a/manifests/config.pp b/manifests/config.pp
index fc0ebf0..eee9181 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,22 +1,23 @@
 # configures flannel
 class flannel::config {
-
   if $::osfamily == 'Debian' {
     file { '/etc/flanneld':
       ensure => directory,
       mode   => '0755',
     }
+
     file { '/etc/flanneld/flanneld.conf':
       ensure  => file,
       content => template("${module_name}/sysconfig/flanneld.erb"),
       mode    => '0644',
     }
+
     file { '/etc/default/flanneld':
       ensure  => file,
       content => template("${module_name}/default/flanneld.erb"),
       mode    => '0644',
     }
-  } else { # 'RedHat'
+  } elsif $::osfamily == 'RedHat' {
     file { '/etc/sysconfig/flanneld':
       ensure  => file,
       content => template("${module_name}/sysconfig/flanneld.erb"),
@@ -40,5 +41,24 @@
       command     => '/bin/systemctl daemon-reload',
       refreshonly => true,
     }
+
+    if $flannel::journald_forward_enable and $::operatingsystemmajrelease == 7 {
+      file { '/etc/systemd/system/flannel.service.d':
+        ensure => 'directory',
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+      }
+      file { '/etc/systemd/system/flannel.service.d/journald.conf':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        content => template("${module_name}/journald.conf.erb"),
+      } ~>
+      Exec['reload systemctl daemon for flannel']
+    }
+  } else {
+    fail("Unsupported OS: ${::osfamily}")
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
index 32a10ed..a5e5798 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -120,39 +120,44 @@
 #   what port to use for backend communication
 #   Defaults to 7890
 #
-
+# [*journald_forward_enable*]
+#   Enable log forwarding via journald_forward_enable
+#
 class flannel (
-  $ensure          = $flannel::params::ensure,
-  $service_state   = $flannel::params::service_state,
-  $service_enable  = $flannel::params::service_enable,
+  $ensure                  = $flannel::params::ensure,
+  $service_state           = $flannel::params::service_state,
+  $service_enable          = $flannel::params::service_enable,
   # flannel parameters
-  $manage_docker   = $flannel::params::manage_docker,
-  $alsologtostderr = $flannel::params::alsologtostderr,
-  $public_ip       = $flannel::params::public_ip,
-  $etcd_endpoints  = $flannel::params::etcd_endpoints,
-  $etcd_prefix     = $flannel::params::etcd_prefix,
-  $etcd_keyfile    = $flannel::params::etcd_keyfile,
-  $etcd_certfile   = $flannel::params::etcd_certfile,
-  $etcd_cafile     = $flannel::params::etcd_cafile,
-  $iface           = $flannel::params::iface,
-  $subnet_dir      = $flannel::params::subnet_dir,
-  $subnet_file     = $flannel::params::subnet_file,
-  $ip_masq         = $flannel::params::ip_masq,
-  $listen          = $flannel::params::listen,
-  $log_dir         = $flannel::params::log_dir,
-  $remote          = $flannel::params::remote,
-  $remote_keyfile  = $flannel::params::remote_keyfile,
-  $remote_certfile = $flannel::params::remote_certfile,
-  $remote_cafile   = $flannel::params::remote_cafile,
-  $networks        = $flannel::params::networks,
+  $manage_docker           = $flannel::params::manage_docker,
+  $alsologtostderr         = $flannel::params::alsologtostderr,
+  $public_ip               = $flannel::params::public_ip,
+  $etcd_endpoints          = $flannel::params::etcd_endpoints,
+  $etcd_prefix             = $flannel::params::etcd_prefix,
+  $etcd_keyfile            = $flannel::params::etcd_keyfile,
+  $etcd_certfile           = $flannel::params::etcd_certfile,
+  $etcd_cafile             = $flannel::params::etcd_cafile,
+  $iface                   = $flannel::params::iface,
+  $subnet_dir              = $flannel::params::subnet_dir,
+  $subnet_file             = $flannel::params::subnet_file,
+  $ip_masq                 = $flannel::params::ip_masq,
+  $listen                  = $flannel::params::listen,
+  $log_dir                 = $flannel::params::log_dir,
+  $remote                  = $flannel::params::remote,
+  $remote_keyfile          = $flannel::params::remote_keyfile,
+  $remote_certfile         = $flannel::params::remote_certfile,
+  $remote_cafile           = $flannel::params::remote_cafile,
+  $networks                = $flannel::params::networks,
   # etcd network definition
-  $network         = $flannel::params::network,
-  $subnetlen       = $flannel::params::subnetlen,
-  $subnetmin       = $flannel::params::subnetmin,
-  $subnetmax       = $flannel::params::subnetmax,
-  $backend_type    = $flannel::params::backend_type,
-  $backend_port    = $flannel::params::backend_port,
+  $network                 = $flannel::params::network,
+  $subnetlen               = $flannel::params::subnetlen,
+  $subnetmin               = $flannel::params::subnetmin,
+  $subnetmax               = $flannel::params::subnetmax,
+  $backend_type            = $flannel::params::backend_type,
+  $backend_port            = $flannel::params::backend_port,
+  $journald_forward_enable = $flannel::params::journald_forward_enable,
 ) inherits flannel::params {
+  validate_bool($service_enable, $manage_docker, $alsologtostderr, $journald_forward_enable)
+
   contain flannel::install
   contain flannel::config
   contain flannel::service
diff --git a/manifests/install.pp b/manifests/install.pp
index 447defe..10b337a 100644
--- a/manifests/install.pp
+++ b/manifests/install.pp
@@ -1,4 +1,4 @@
 # Installs default flannel packages
 class flannel::install {
-  package { ['flanneld',]: ensure => $flannel::ensure, }
+  package { [$flannel::package_name]: ensure => $flannel::ensure, }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 048bc83..86593a8 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -4,6 +4,14 @@
   $service_state = 'running'
   $service_enable = true
 
+  if $::osfamily == 'Debian' {
+    $package_name = 'flanneld'
+  } elsif $::osfamily == 'RedHat' {
+    $package_name = 'flannel'
+  } else {
+    fail("Unsupported OS: ${::osfamily}")
+  }
+
   $manage_docker = true
   $alsologtostderr = false
   $public_ip = undef
@@ -30,4 +38,6 @@
   $subnetmax = undef
   $backend_type = 'udp'
   $backend_port = 7890
+
+  $journald_forward_enable = false
 }
diff --git a/metadata.json b/metadata.json
index 58f21ae..cea61be 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "cristifalcas-flannel",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "author": "Cristian Falcas",
   "license": "Apache-2.0",
   "project_page": "https://github.com/cristifalcas/puppet-flannel",
@@ -15,7 +15,7 @@
     {
       "operatingsystem": "RedHat",
       "operatingsystemrelease": [
-        "7"
+        "6", "7"
       ]
     },
     {
@@ -50,10 +50,12 @@
     }
   ],
   "requirements": [],
-  "dependencies": [
-    {
-      "name": "cristifalcas/docker",
-      "version_requirement": "5.x"
-    }
+  "dependencies": [{
+  		"name": "puppetlabs/stdlib",
+  		"version_requirement": ">= 4.6.0 < 5.0.0"
+  	},{
+  		"name": "cristifalcas/docker",
+  		"version_requirement": "5.x"
+  	}
   ]
 }
diff --git a/templates/journald.conf.erb b/templates/journald.conf.erb
new file mode 100644
index 0000000..0ce6582
--- /dev/null
+++ b/templates/journald.conf.erb
@@ -0,0 +1,7 @@
+[Service]
+NotifyAccess=all
+Type=notify
+ExecStart=
+ExecStart=-/bin/sh -c "/usr/bin/flanneld -etcd-endpoints=${FLANNEL_ETCD} -etcd-prefix=${FLANNEL_ETCD_KEY} $FLANNEL_OPTIONS 2>&1 | /usr/bin/forward-journald -tag flanneld"
+StandardOutput=null
+StandardError=null