From 6d815a72a4a0716db1f6e7dcaed420b6f4647d57 Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
Date: Tue, 21 May 2024 17:33:40 -0400
Subject: [PATCH 1/4] Use a drop-in vice editing /etc/systemd/journald.conf
 directly

This is the method that is preferred in the documentation:
https://man7.org/linux/man-pages/man5/journald.conf.5.html#CONFIGURATION_DIRECTORIES_AND_PRECEDENCE
---
 handlers/main.yml |  5 +++++
 tasks/main.yml    | 31 ++++++++++++++++++++++++-------
 2 files changed, 29 insertions(+), 7 deletions(-)
 create mode 100644 handlers/main.yml

diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..30a6bf1
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart systemd-journald
+  ansible.builtin.service:
+    name: systemd-journald.service
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
index 95ec2d6..8e1f815 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,8 +1,25 @@
 ---
-- name: Configure journald to persist storage
-  ansible.builtin.lineinfile:
-    dest: /etc/systemd/journald.conf
-    regexp: '^#Storage='
-    state: present
-    backrefs: true
-    line: 'Storage=persistent'
+- name: >-
+    Ensure that the directory where the systemd-journald drop-in will
+    live actually exists
+  ansible.builtin.file:
+    group: root
+    mode: 0755
+    owner: root
+    path: /etc/systemd/journald.conf.d
+    state: directory
+
+- name: Configure systemd-journald to persist storage
+  community.general.ini_file:
+    group: root
+    mode: 0644
+    # This is just to maintain the look and feel of the
+    # /etc/systemd/journald.conf file as provided by systemd-journald.
+    no_extra_spaces: true
+    option: Storage
+    owner: root
+    path: /etc/systemd/journald.conf.d/99-ansible-role-persist-journald.conf
+    section: Journal
+    value: persistent
+  notify:
+    - Restart systemd-journald

From 85fe1863685fab557870039b86b42c35c154596c Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
Date: Tue, 21 May 2024 17:36:32 -0400
Subject: [PATCH 2/4] Rework test code to use systemd-analyze cat-config vice
 checking conf files directly

This is a better way to test that the configuration changes are
actually being utilized by systemd-journald.
---
 molecule/default/tests/test_default.py | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py
index 0cd8a44..f49df3b 100644
--- a/molecule/default/tests/test_default.py
+++ b/molecule/default/tests/test_default.py
@@ -1,10 +1,10 @@
 """Module containing the tests for the default scenario."""
 
 # Standard Python Libraries
+import configparser
 import os
 
 # Third-Party Libraries
-import pytest
 import testinfra.utils.ansible_runner
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
@@ -12,12 +12,10 @@
 ).get_hosts("all")
 
 
-@pytest.mark.parametrize(
-    "file,content", [("/etc/systemd/journald.conf", r"^Storage=persistent$")]
-)
-def test_files(host, file, content):
-    """Test that config files were modified as expected."""
-    f = host.file(file)
-
-    assert f.exists
-    assert f.contains(content)
+def test_config(host):
+    """Test that systemd-journald is configured as expected."""
+    cmd = host.run("systemd-analyze cat-config systemd/journald.conf")
+    assert cmd.rc == 0
+    config = configparser.ConfigParser(strict=False)
+    config.read_string(cmd.stdout)
+    assert config["Journal"]["Storage"] == "persistent"

From d2410f26800460a4fb2f6a351887125e8cf1aec4 Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
Date: Sat, 8 Jun 2024 13:50:36 -0400
Subject: [PATCH 3/4] Remove unnecessary installation of systemd

All the Docker images we use for Molecule testing are now
systemd-enabled.
---
 molecule/default/prepare.yml |  3 ---
 molecule/default/systemd.yml | 10 ----------
 2 files changed, 13 deletions(-)
 delete mode 100644 molecule/default/systemd.yml

diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
index b7616d3..26bca50 100644
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@@ -4,6 +4,3 @@
 
 - name: Import externally-managed-python playbook
   ansible.builtin.import_playbook: externally-managed-python.yml
-
-- name: Install systemctl
-  ansible.builtin.import_playbook: systemd.yml
diff --git a/molecule/default/systemd.yml b/molecule/default/systemd.yml
deleted file mode 100644
index 4090302..0000000
--- a/molecule/default/systemd.yml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-# systemd is installed anywhere we would be applying this Ansible role
-- name: Install systemctl
-  hosts: all
-  gather_facts: false
-  tasks:
-    - name: Install systemd
-      ansible.builtin.package:
-        name: systemd
-        state: present

From 8999d6478798bbbc3da982ba11fef816ac7f9321 Mon Sep 17 00:00:00 2001
From: Jeremy Frasier <jeremy.frasier@gwe.cisa.dhs.gov>
Date: Tue, 18 Jun 2024 10:54:33 -0400
Subject: [PATCH 4/4] Exclude all Debian 13 ARM64 scenarios from Molecule
 testing

systemd-journald.socket fails to start under QEMU emulation starting
with systemd version 256, so starting with that version the
systemd-journald service cannot be restarted either. Right now we
support this case, but we can't test it until we have native ARM64
runners.

See issue #42 for more details.
---
 .github/workflows/build.yml   | 10 ++++++++++
 molecule/default/molecule.yml | 25 ++++++++++++++++---------
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3b88a29..1eb49c3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -180,6 +180,16 @@ jobs:
         architecture:
           - amd64
           - arm64
+        exclude:
+          # TODO: systemd-journald.socket fails to start under QEMU
+          # emulation starting with systemd version 256, so starting
+          # with that version the systemd-journald service cannot be
+          # restarted either.  Right now we support this case, but we
+          # can't test it until we have native ARM64 runners.
+          #
+          # See issue #42 for more details.
+          - architecture: arm64
+            platform: debian13-systemd
         platform:
           - amazonlinux2023-systemd
           - debian10-systemd
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 20b8324..033c51e 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -85,15 +85,22 @@ platforms:
     privileged: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/cisagov/docker-debian13-ansible:latest
-    name: debian13-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # TODO: systemd-journald.socket fails to start under QEMU emulation
+  # starting with systemd version 256, so starting with that version
+  # the systemd-journald service cannot be restarted either.  Right
+  # now we support this case, but we can't test it until we have
+  # native ARM64 runners.
+  #
+  # See issue #42 for more details.
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/cisagov/docker-debian13-ansible:latest
+  #   name: debian13-systemd-arm64
+  #   platform: arm64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
   - cgroupns_mode: host
     command: /lib/systemd/systemd
     image: docker.io/cisagov/docker-kali-ansible:latest