.github/workflows/ci.yml

@@ -57,9 +57,33 @@ jobs:
       - name: Run tests
         run: bundle exec rake parallel_spec
 
+  acceptance:
+    needs: setup_matrix
+    runs-on: ubuntu-latest
+    env:
+      BUNDLE_WITHOUT: development:test:release
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{fromJson(needs.setup_matrix.outputs.github_action_test_matrix)}}
+    name: ${{ matrix.puppet.name }} - ${{ matrix.setfile.name }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.0'
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rake beaker
+        env:
+          BEAKER_PUPPET_COLLECTION: ${{ matrix.puppet.collection }}
+          BEAKER_setfile: ${{ matrix.setfile.value }}
+
   tests:
     needs:
       - unit
+      - acceptance
     runs-on: ubuntu-latest
     name: Test suite
     steps:

.sync.yml

@@ -3,3 +3,7 @@
   enabled_lint_checks:
     - parameter_documentation
     - parameter_types
+
+spec/spec_helper_acceptance.rb:
+  unmanaged: false
+

CHANGELOG.md

@@ -4,6 +4,32 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v3.7.0](https://github.com/voxpupuli/puppet-systemd/tree/v3.7.0) (2022-02-22)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/v3.6.0...v3.7.0)
+
+**Implemented enhancements:**
+
+- Install systemd-resolved on RedHat 7 [\#257](https://github.com/voxpupuli/puppet-systemd/pull/257) ([traylenator](https://github.com/traylenator))
+- New parmater manage\_resolv\_conf for /etc/resolv.conf [\#256](https://github.com/voxpupuli/puppet-systemd/pull/256) ([traylenator](https://github.com/traylenator))
+- Manage systemd-coredump config and setup [\#251](https://github.com/voxpupuli/puppet-systemd/pull/251) ([traylenator](https://github.com/traylenator))
+
+**Fixed bugs:**
+
+- systemd-resolved cannot be fully disabled because /etc/resolv.conf is managed [\#203](https://github.com/voxpupuli/puppet-systemd/issues/203)
+- Do not install  systemd-resolved RedHat 8 [\#254](https://github.com/voxpupuli/puppet-systemd/pull/254) ([traylenator](https://github.com/traylenator))
+- timer: timer unit must depend on service unit. [\#253](https://github.com/voxpupuli/puppet-systemd/pull/253) ([olifre](https://github.com/olifre))
+- Don't manage /etc/resolv.conf if systemd-resolved is stopped [\#252](https://github.com/voxpupuli/puppet-systemd/pull/252) ([traylenator](https://github.com/traylenator))
+
+**Closed issues:**
+
+- missing hiera lookup\_options [\#196](https://github.com/voxpupuli/puppet-systemd/issues/196)
+
+**Merged pull requests:**
+
+- Addition of Trivial Acceptance Tests [\#255](https://github.com/voxpupuli/puppet-systemd/pull/255) ([traylenator](https://github.com/traylenator))
+- document systemd::unit\_file example with puppet-strings [\#250](https://github.com/voxpupuli/puppet-systemd/pull/250) ([bastelfreak](https://github.com/bastelfreak))
+
 ## [v3.6.0](https://github.com/voxpupuli/puppet-systemd/tree/v3.6.0) (2022-02-15)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-systemd/compare/v3.5.2...v3.6.0)

README.md

@@ -53,9 +53,9 @@ You can also use this module to more fully manage the new unit. This example dep
 
 ```puppet
 systemd::unit_file { 'foo.service':
- source => "puppet:///modules/${module_name}/foo.service",
- enable => true,
- active => true,
+  content => file("${module_name}/foo.service"),
+  enable => true,
+  active => true,
 }
 ```
 
@@ -260,7 +260,8 @@ systemd::network{'eth0.network':
 ### Services
 
 Systemd provides multiple services. Currently you can manage `systemd-resolved`,
-`systemd-timesyncd`, `systemd-networkd`, `systemd-journald` and `systemd-logind`
+`systemd-timesyncd`, `systemd-networkd`, `systemd-journald`, `systemd-coredump`
+and `systemd-logind`
 via the main class:
 
 ```puppet
@@ -271,6 +272,7 @@ class{'systemd':
   manage_journald  => true,
   manage_udevd     => true,
   manage_logind    => true,
+  manage_coredump  => true,
 }
 ```
 
@@ -282,6 +284,18 @@ When configuring `systemd::resolved` you could set `use_stub_resolver` to false
 
 Systemd has introduced `DNS Over TLS` in the release 239. Currently three states are supported `yes` (since systemd 243), `opportunistic` (true) and `no` (false, default). When enabled with `yes` or `opportunistic` `systemd-resolved` will start a TCP-session to a DNS server with `DNS Over TLS` support. When enabled with `yes` (strict mode), queries will fail if the configured DNS servers do not support `DNS Over TLS`. Note that there will be no host checking for `DNS Over TLS` due to missing implementation in `systemd-resolved`.
 
+Stopping `systemd-resolved` once running can be problematic and care should be taken.
+
+```puppet
+class{'systemd':
+  manage_resolved => true,
+  resolved_ensure => false,
+}
+```
+
+will stop the service and should also copy `/run/systemd/resolve/resolv.conf` to `/etc/resolve.conf`.
+* Writing your own file to `/etc/resolv.conf` is also possible.
+
 It is possible to configure the default ntp servers in `/etc/systemd/timesyncd.conf`:
 
 ```puppet
@@ -292,11 +306,13 @@ class{'systemd':
 }
 ```
 
-when `manage_systemd` is true any required sub package, e.g. `systemd-resolved` on CentOS 8, will be installed. However configuration of
+when `manage_systemd` is true any required sub package, e.g. `systemd-resolved` on CentOS 9, will be installed. However configuration of
 systemd-resolved will only occur on second puppet run after that installation.
 
 This requires [puppetlabs-inifile](https://forge.puppet.com/puppetlabs/inifile), which is only a soft dependency in this module (you need to explicitly install it). Both parameters accept a string or an array.
 
+
+
 ### Resource Accounting
 
 Systemd has support for different accounting option. It can track
@@ -362,6 +378,25 @@ systemd::udev::rule:
     - 'ACTION=="add", KERNEL=="sdb", RUN+="/bin/raw /dev/raw/raw2 %N"',
 ```
 
+### coredump configuration
+The `systemd-coredump `system can be configured.
+
+```puppet
+class{'systemd':
+  manage_coredump    => true,
+  coredump_backtrace => true,
+  coredump_settings  => {
+    'Storage'         => 'external',
+    'Compress'        => 'yes',
+    'ProcessSizeMax'  => '2G',
+    'ExternalSizeMax' => '10G',
+    'JournalSizeMax'  => '20T',
+    'MaxUse'          => '1E',
+    "MaxFree'         => '1P',
+  }
+}
+```
+
 ### logind configuration
 
 It also allows you to manage logind settings. You can manage logind settings through setting the `logind_settings` parameter. If you want a parameter to be removed, you can pass its value as params.

REFERENCE.md

@@ -13,6 +13,7 @@
 
 #### Private Classes
 
+* `systemd::coredump`: This class manages the systemd-coredump configuration.
 * `systemd::install`: Install any systemd sub packages
 * `systemd::journald`: This class manages and configures journald.
 * `systemd::logind`: This class manages systemd's login manager configuration.
@@ -44,6 +45,7 @@
 
 ### Data types
 
+* [`Systemd::CoredumpSettings`](#systemdcoredumpsettings): Configurations for coredump.conf
 * [`Systemd::Dropin`](#systemddropin): custom datatype that validates filenames/paths for valid systemd dropin files
 * [`Systemd::JournaldSettings`](#systemdjournaldsettings): Matches Systemd journald config Struct
 * [`Systemd::JournaldSettings::Ensure`](#systemdjournaldsettingsensure): defines allowed ensure states for systemd-journald settings
@@ -79,6 +81,7 @@ The following parameters are available in the `systemd` class:
 * [`dnsovertls`](#dnsovertls)
 * [`cache`](#cache)
 * [`dns_stub_listener`](#dns_stub_listener)
+* [`manage_resolv_conf`](#manage_resolv_conf)
 * [`use_stub_resolver`](#use_stub_resolver)
 * [`manage_networkd`](#manage_networkd)
 * [`networkd_ensure`](#networkd_ensure)
@@ -105,6 +108,9 @@ The following parameters are available in the `systemd` class:
 * [`manage_accounting`](#manage_accounting)
 * [`accounting`](#accounting)
 * [`purge_dropin_dirs`](#purge_dropin_dirs)
+* [`manage_coredump`](#manage_coredump)
+* [`coredump_settings`](#coredump_settings)
+* [`coredump_backtrace`](#coredump_backtrace)
 
 ##### <a name="service_limits"></a>`service_limits`
 
@@ -159,7 +165,9 @@ Default value: ``false``
 
 Data type: `Enum['stopped','running']`
 
-The state that the ``resolved`` service should be in
+The state that the ``resolved`` service should be in. When migrating from 'running' to
+'stopped' an attempt will be made to restore a working `/etc/resolv.conf` using
+`/run/systemd/resolved/resolv.conf`.
 
 Default value: `'running'`
 
@@ -250,12 +258,21 @@ Takes a boolean argument or one of "udp" and "tcp".
 
 Default value: ``undef``
 
+##### <a name="manage_resolv_conf"></a>`manage_resolv_conf`
+
+Data type: `Boolean`
+
+For when `manage_resolved` is `true` should the file `/etc/resolv.conf` be managed.
+
+Default value: ``true``
+
 ##### <a name="use_stub_resolver"></a>`use_stub_resolver`
 
 Data type: `Boolean`
 
 Takes a boolean argument. When "false" (default) it uses /run/systemd/resolve/resolv.conf
 as /etc/resolv.conf. When "true", it uses /run/systemd/resolve/stub-resolv.conf
+When `resolved_ensure` is `stopped` this parameter is ignored.
 
 Default value: ``false``
 
@@ -464,6 +481,30 @@ When enabled, unused directories for dropin files will be purged
 
 Default value: ``true``
 
+##### <a name="manage_coredump"></a>`manage_coredump`
+
+Data type: `Boolean`
+
+Should systemd-coredump configuration be managed
+
+Default value: ``false``
+
+##### <a name="coredump_settings"></a>`coredump_settings`
+
+Data type: `Systemd::CoredumpSettings`
+
+Hash of systemd-coredump configurations for coredump.conf
+
+Default value: `{}`
+
+##### <a name="coredump_backtrace"></a>`coredump_backtrace`
+
+Data type: `Boolean`
+
+Add --backtrace to systemd-coredump call systemd-coredump@.service unit
+
+Default value: ``false``
+
 ### <a name="systemdtmpfiles"></a>`systemd::tmpfiles`
 
 Update the systemd temp files
@@ -1151,6 +1192,18 @@ Creates a systemd unit file
 * **See also**
   * systemd.unit(5)
 
+#### Examples
+
+##### manage unit file + service
+
+```puppet
+systemd::unit_file { 'foo.service':
+  content => file("${module_name}/foo.service"),
+  enable  => true,
+  active  => true,
+}
+```
+
 #### Parameters
 
 The following parameters are available in the `systemd::unit_file` defined type:
@@ -1396,6 +1449,27 @@ Use path (-p) ornon-path  style escaping.
 
 ## Data types
 
+### <a name="systemdcoredumpsettings"></a>`Systemd::CoredumpSettings`
+
+Configurations for coredump.conf
+
+* **See also**
+  * https://www.freedesktop.org/software/systemd/man/coredump.conf.html
+
+Alias of
+
+```puppet
+Struct[{
+    Optional['Storage']         => Enum['none', 'external', 'journal'],
+    Optional['Compress']        => Enum['yes','no'],
+    Optional['ProcessSizeMax']  => Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],
+    Optional['ExternalSizeMax'] => Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],
+    Optional['JournalSizeMax']  => Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],
+    Optional['MaxUse']          => Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],
+    Optional['MaxFree']         => Pattern[/^[0-9]+(K|M|G|T|P|E)?$/],
+  }]
+```
+
 ### <a name="systemddropin"></a>`Systemd::Dropin`
 
 custom datatype that validates filenames/paths for valid systemd dropin files

data/RedHat-7.yaml

@@ -1,4 +1,6 @@
 ---
+systemd::resolved_package: 'systemd-resolved'
+
 systemd::accounting:
   DefaultCPUAccounting: 'yes'
   DefaultBlockIOAccounting: 'yes'

data/RedHat-8.yaml

@@ -1,6 +1,4 @@
 ---
-systemd::resolved_package: 'systemd-resolved'
-
 systemd::accounting:
   DefaultCPUAccounting: 'yes'
   DefaultBlockIOAccounting: 'yes'

manifests/coredump.pp

@@ -0,0 +1,22 @@
+# @api private
+# @summary This class manages the systemd-coredump configuration.
+# @see https://www.freedesktop.org/software/systemd/man/systemd-coredump.html
+class systemd::coredump {
+  assert_private()
+
+  $systemd::coredump_settings.each |$option, $value| {
+    ini_setting {
+      "coredump_${option}":
+        path    => '/etc/systemd/coredump.conf',
+        section => 'Coredump',
+        setting => $option,
+        value   => $value,
+    }
+  }
+
+  systemd::dropin_file { 'coredump_backtrace.conf':
+    ensure  => bool2str($systemd::coredump_backtrace, 'file', 'absent'),
+    unit    => 'systemd-coredump@.service',
+    content => "# Puppet\n[Service]\nExecStart=\nExecStart=-/usr/lib/systemd/systemd-coredump --backtrace\n",
+  }
+}