-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Systemd journal remote and related #189277
Systemd journal remote and related #189277
Conversation
afc775e
to
d0f867b
Compare
d0f867b
to
9bf2f11
Compare
9bf2f11
to
fbc90bf
Compare
As per the comment, I removed the "static" generation of certificates for the NixOS tests, and with some slight tweaking, managed to generate them in the |
added on my fork & synced occasionally |
It seems i didn't see this so far, apologies for the lack of response. For this to be merged, the section in the release notes would need to be moved to the next release. I'm also not sure if gnutls is still required for more recent versions of systemd, can you check if it's still needed? |
@minijackson Do you mind if I take this over and bring it to completion? |
This is needed to exploit multi-node journal centralization in netdata. |
move services.journald.enableHttpGateway -> services.journald.gateway.enable
Yes it does, gateway test will fail otherwise with:
|
move previous gateway test from systemd-journal -> systemd-journal-gateway
Resolved the conflicts, moved the RL, retested the introduced tests, locally. Ready to push on this PR or open a new PR if needed. |
@RaitoBezarius sure, go ahead! Sorry, I having been able to finish this, I have so much to do these days… |
fbc90bf
to
7112490
Compare
Thank you, done! |
Cross-linking to my comment at ae896e0#commitcomment-133828003: I asked about the maintenance state of it in https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg45126.html, upstream is hesitant to drop it, but the whole HTTP stack definitely is very untested. It's still using gnutls, and systemd plans to unify on openssl. I'm glad we now have VM tests to provide some regression testing downstream in NixOS at least, thank you for that! |
This disabled systemd-journal-upload and systemd-journal-remote. We didn't install the unit files anyways, so this was probably not used at all, and currently fails to build due to libmicrohttpd and systemd code being incompatible: ``` ../src/journal-remote/journal-remote-main.c: In function ‘setup_microhttpd_server’: ../src/journal-remote/journal-remote-main.c:431:38: error: passing argument 5 of ‘MHD_start_daemon’ from incompatible pointer type [-Werror=incompatible-pointer-types] ```
I can answer easily that systemd journald is going to very well maintained as it's now part of the core product of netdata and they have been contributing many fixes and changes: https://learn.netdata.cloud/docs/logs/systemd-journal/passive-journal-centralization-with-encryption-using-self-signed-certificates etc. |
Yes, this was no objection to merging this PR. I just wanted to make sure the threads are linked. If you intend to maintain this in NixOS, go ahead :-D Please add yourself as a maintainer for that NixOS module though ;-) |
Done. |
Description of changes
This adds NixOS services for systemd's journal remote/upload/gateway features, which allow for uploading the journal over the network.
GnuTLS was added in the systemd closure if
withRemote
is true. Without it, no certificate checking would be done.The added tests work on
master
, but I didn't test them when based off ofstaging
, due to the number of builds.The closure size of systemd is not increased, because libmicrohttpd already depends on GnuTLS.
Note that this only adds "push"-style journal uploads. I think the pull mode might need one service for each pull, and I wanted to keep it simple at first.
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes