.fixtures.yml

@@ -1,4 +1,6 @@
 ---
 fixtures:
+  repositories:
+    stdlib: https://github.com/puppetlabs/puppetlabs-stdlib
   symlinks:
-    systemd: "#{source_dir}"
+    systemd: "#{source_dir}"

.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--fail-fast

.travis.yml

@@ -13,14 +13,12 @@ script: ["bundle exec rake validate", "bundle exec rake lint", "bundle exec rake
 matrix:
   fast_finish: true
   include:
-  - rvm: 1.9.3
-    env: PUPPET_GEM_VERSION="~> 3.0"
-  - rvm: 2.0.0
-    env: PUPPET_GEM_VERSION="~> 3.0"
-  - rvm: 2.0.0
-    env: PUPPET_GEM_VERSION="~> 3.0" FUTURE_PARSER="yes"
-  - rvm: 2.1.7
+  - rvm: 2.1.9
     env: PUPPET_GEM_VERSION="~> 4.0"
+  - rvm: 2.4.1
+    env: PUPPET_GEM_VERSION="~> 4"
+  - rvm: 2.4.1
+    env: PUPPET_GEM_VERSION="~> 5"
 notifications:
   email: false
 deploy:
@@ -33,4 +31,4 @@ deploy:
     # all_branches is required to use tags
     all_branches: true
     # Only publish if our main Ruby target builds
-    rvm: 2.1.7
+    rvm: 2.1.9

CHANGELOG.md

@@ -1,5 +1,21 @@
 # Change Log
 
+## [1.0.0](https://forge.puppetlabs.com/camptocamp/systemd/1.0.0) (2017-09-04)
+[Full Changelog](https://github.com/camptocamp/puppet-systemd/compare/0.4.0...1.0.0)
+
+- Refactor systemd facts [\#12](https://github.com/camptocamp/puppet-systemd/pull/12) ([petems](https://github.com/petems))
+- Manage resource limits of services [\#13](https://github.com/camptocamp/puppet-systemd/pull/13) ([ruriky](https://github.com/ruriky))
+- Remove Puppet 3 tests
+- Add MemoryLimit to limits template [\#23](https://github.com/camptocamp/puppet-systemd/pull/23) ([pkilambi](https://github.com/pkilambi))
+- Linting
+- Add seltype to systemd directory [\#27](https://github.com/camptocamp/puppet-systemd/pull/27) ([petems](https://github.com/petems))
+- Add management for systemd-resolved [\#31](https://github.com/camptocamp/puppet-systemd/pull/31) ([bastelfreak](https://github.com/bastelfreak))
+- Add a network defined resource [\#30](https://github.com/camptocamp/puppet-systemd/pull/30) ([bastelfreak](https://github.com/bastelfreak))
+- Support for Puppet 4 [\#18](https://github.com/camptocamp/puppet-systemd/pull/18) ([trevor-vaughan](https://github.com/trevor-vaughan))
+- Add Puppet4 datatypes [\#32](https://github.com/camptocamp/puppet-systemd/pull/32) ([bastelfreak](https://github.com/bastelfreak))
+- Add control group limits to ServiceLimits [\#36](https://github.com/camptocamp/puppet-systemd/pull/36) ([trevor-vaughan](https://github.com/trevor-vaughan))
+- Add support for drop-in files [\#39](https://github.com/camptocamp/puppet-systemd/pull/39) ([countsudoku](https://github.com/countsudoku))
+
 ## [0.4.0](https://forge.puppetlabs.com/camptocamp/systemd/0.4.0) (2016-08-18)
 [Full Changelog](https://github.com/camptocamp/puppet-systemd/compare/0.3.0...0.4.0)
 

Gemfile

@@ -10,7 +10,6 @@ group :development, :unit_tests do
   gem 'puppet-lint-unquoted_string-check',                 :require => false
   gem 'puppet-lint-empty_string-check',                    :require => false
   gem 'puppet-lint-spaceship_operator_without_tag-check',  :require => false
-  gem 'puppet-lint-variable_contains_upcase',              :require => false
   gem 'puppet-lint-absolute_classname-check',              :require => false
   gem 'puppet-lint-undef_in_function-check',               :require => false
   gem 'puppet-lint-leading_zero-check',                    :require => false
@@ -26,17 +25,18 @@ group :development, :unit_tests do
 end
 
 group :system_tests do
-  gem 'beaker',              :require => false
-  gem 'beaker-rspec',        :require => false
-  gem 'beaker_spec_helper',  :require => false
-  gem 'serverspec',          :require => false
-  gem 'specinfra',           :require => false
+  gem 'beaker',               :require => false
+  gem 'beaker-rspec', '> 5',  :require => false
+  gem 'beaker_spec_helper',   :require => false
+  gem 'serverspec',           :require => false
+  gem 'specinfra',            :require => false
 end
 
 if facterversion = ENV['FACTER_GEM_VERSION']
   gem 'facter', facterversion, :require => false
 else
-  gem 'facter', :require => false
+  # There are no facts in place for facter > 2.4 in rspec-puppet-facts yet
+  gem 'facter', '~> 2.4.0', :require => false
 end
 
 if puppetversion = ENV['PUPPET_GEM_VERSION']

README.md

@@ -24,15 +24,49 @@ Let this module handle file creation and systemd reloading.
 Or handle file creation yourself and trigger systemd.
 
 ```puppet
-include ::systemd
+include ::systemd::systemctl::daemon_reload
+
 file { '/usr/lib/systemd/system/foo.service':
   ensure => file,
   owner  => 'root',
   group  => 'root',
   mode   => '0644',
   source => "puppet:///modules/${module_name}/foo.service",
-} ~>
-Exec['systemctl-daemon-reload']
+}
+~> Class['systemd::systemctl::daemon_reload']
+```
+
+### drop-in files
+
+Drop-in files are used to add or alter settings of a unit without modifying the
+unit itself. As for the unit files, the module can handle the file and
+directory creation and systemd reloading:
+
+```puppet
+::systemd::dropin_file { 'foo.conf':
+  unit   => 'foo.service',
+  source => "puppet:///modules/${module_name}/foo.conf",
+}
+```
+
+Or handle file and directory creation yourself and trigger systemd:
+
+```puppet
+include ::systemd::systemctl::daemon_reload
+
+file { '/etc/systemd/system/foo.service.d':
+  ensure => directory,
+  owner  => 'root',
+  group  => 'root',
+}
+file { '/etc/systemd/system/foo.service.d/foo.conf':
+  ensure => file,
+  owner  => 'root',
+  group  => 'root',
+  mode   => '0644',
+  source => "puppet:///modules/${module_name}/foo.conf",
+}
+~> Class['systemd::systemctl::daemon_reload']
 ```
 
 ### tmpfiles
@@ -48,13 +82,64 @@ Let this module handle file creation and systemd reloading
 Or handle file creation yourself and trigger systemd.
 
 ```puppet
-include ::systemd
+include ::systemd::tmpfiles
+
 file { '/etc/tmpfiles.d/foo.conf':
   ensure => file,
   owner  => 'root',
   group  => 'root',
   mode   => '0644',
   source => "puppet:///modules/${module_name}/foo.conf",
-} ~>
-Exec['systemd-tmpfiles-create']
+}
+~> Class['systemd::tmpfiles']
 ```
+
+### service limits
+
+Manage soft and hard limits on various resources for executed processes.
+
+```puppet
+::systemd::service_limits { 'foo.service':
+  limits => {
+    LimitNOFILE => 8192,
+    LimitNPROC  => 16384,
+  }
+}
+```
+
+Or provide the configuration file yourself. Systemd reloading and restarting of the service are handled by the module.
+
+```puppet
+::systemd::service_limits { 'foo.service':
+  source => "puppet:///modules/${module_name}/foo.conf",
+}
+```
+
+### network
+
+systemd-networkd is able to manage your network configuration. We provide a
+defined resource which can write the interface configurations. systemd-networkd
+needs to be restarted to apply the configs. The defined resource can do this
+for you:
+
+```puppet
+::systemd::network{'eth0.network':
+  source          => "puppet:///modules/${module_name}/eth0.network",
+  restart_service => true,
+}
+```
+
+### Services
+
+Systemd provides multiple services. Currently you can manage `systemd-resolved`
+and `systemd-networkd` via the main class:
+
+```puppet
+class{'::systemd':
+  $manage_resolved => true,
+  $manage_networkd => true,
+```
+
+$manage_networkd is required if you want to reload it for new
+`::systemd::network` resources. Setting $manage_resolved will also manage your
+`/etc/resolv.conf`.

lib/facter/systemd.rb

@@ -1,7 +1,7 @@
 # Fact: systemd
 #
 # Purpose: 
-#   Determine whether SystemD is the init system on the node
+#   Determine whether systemd is the init system on the node
 #
 # Resolution:
 #   Check the name of the process 1 (ps -p 1)
@@ -23,13 +23,13 @@
 Facter.add(:systemd) do
   confine :kernel => :linux
   setcode do
-    Facter::Core::Execution.exec('ps -p 1 -o comm=') == 'systemd'
+    Facter::Util::Resolution.exec('ps -p 1 -o comm=') == 'systemd'
   end
 end
 
 Facter.add(:systemd_version) do
   confine :systemd => true
   setcode do
-    Facter::Core::Execution.exec("systemctl --version | awk '/systemd/{ print $2 }'")
+    Facter::Util::Resolution.exec("systemctl --version | awk '/systemd/{ print $2 }'")
   end
 end

manifests/dropin_file.pp

@@ -0,0 +1,69 @@
+# Creates a drop-in file for a systemd unit
+#
+# @api public
+#
+# @see systemd.unit(5)
+#
+# @attr name [Pattern['^.+\.conf$']]
+#   The target unit file to create
+#
+#   * Must not contain ``/``
+#
+# @attr path
+#   The main systemd configuration path
+#
+# @attr content
+#   The full content of the unit file
+#
+#   * Mutually exclusive with ``$source``
+#
+# @attr source
+#   The ``File`` resource compatible ``source``
+#
+#   * Mutually exclusive with ``$content``
+#
+# @attr target
+#   If set, will force the file to be a symlink to the given target
+#
+#   * Mutually exclusive with both ``$source`` and ``$content``
+#
+define systemd::dropin_file(
+  Systemd::Unit                     $unit,
+  Enum['present', 'absent', 'file'] $ensure  = 'present',
+  Stdlib::Absolutepath              $path    = '/etc/systemd/system',
+  Optional[String]                  $content = undef,
+  Optional[String]                  $source  = undef,
+  Optional[Stdlib::Absolutepath]    $target  = undef,
+) {
+  include ::systemd
+
+  assert_type(Systemd::Dropin, $name)
+
+  if $target {
+    $_ensure = 'link'
+  } else {
+    $_ensure = $ensure ? {
+      'present' => 'file',
+      default   => $ensure,
+    }
+  }
+
+  if $ensure != 'absent' {
+    ensure_resource('file', "${path}/${unit}.d", {
+      ensure => directory,
+      owner  => 'root',
+      group  => 'root',
+    })
+  }
+
+  file { "${path}/${unit}.d/${name}":
+    ensure  => $_ensure,
+    content => $content,
+    source  => $source,
+    target  => $target,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    notify  => Class['systemd::systemctl::daemon_reload'],
+  }
+}

manifests/init.pp

@@ -1,18 +1,42 @@
-class systemd {
+# This module allows triggering systemd commands once for all modules
+#
+# @api public
+#
+# @param service_limits
+#   May be passed a resource hash suitable for passing directly into the
+#   ``create_resources()`` function as called on ``systemd::service_limits``
+#
+# @param manage_resolved
+#   Manage the systemd resolver
+#
+# @param resolved_ensure
+#   The state that the ``resolved`` service should be in
+#
+# @param manage_networkd
+#   Manage the systemd network daemon
+#
+# @param networkd_ensure
+#   The state that the ``networkd`` service should be in
+#
+class systemd (
+  Optional[Systemd::ServiceLimits] $service_limits  = undef,
+  Boolean                          $manage_resolved = false,
+  Enum['stopped','running']        $resolved_ensure = 'running',
+  Boolean                          $manage_networkd = false,
+  Enum['stopped','running']        $networkd_ensure = 'running',
+){
 
-  Exec {
-    refreshonly => true,
-    path        => $::path,
-  }
+  contain ::systemd::systemctl::daemon_reload
 
-  exec {
-    'systemctl-daemon-reload':
-      command => 'systemctl daemon-reload',
+  if $service_limits {
+    create_resources('systemd::service_limits', $service_limits)
   }
 
-  exec {
-    'systemd-tmpfiles-create':
-      command => 'systemd-tmpfiles --create',
+  if $manage_resolved {
+    contain ::systemd::resolved
   }
 
+  if $manage_networkd {
+    contain ::systemd::networkd
+  }
 }

manifests/network.pp

@@ -0,0 +1,30 @@
+# -- Define: systemd::network
+# Creates network config for systemd-networkd
+define systemd::network (
+  Enum['file', 'absent'] $ensure         = file,
+  Stdlib::Absolutepath $path             = '/etc/systemd/network',
+  Optional[String] $content              = undef,
+  Optional[String] $source               = undef,
+  Optional[Stdlib::Absolutepath] $target = undef,
+  Boolean $restart_service               = true,
+){
+
+  include ::systemd
+
+  if $restart_service and $systemd::manage_networkd {
+    $notify = Service['systemd-networkd']
+  } else {
+    $notify = undef
+  }
+
+  file { "${path}/${name}":
+    ensure  => $ensure,
+    content => $content,
+    source  => $source,
+    target  => $target,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    notify  => $notify,
+  }
+}