Use a drop-in config snippet instead of editing /etc/systemd/journald.conf directly

.github/workflows/build.yml

@@ -180,6 +180,16 @@ jobs:
         architecture:
           - amd64
           - arm64
+        exclude:
+          # TODO: systemd-journald.socket fails to start under QEMU
+          # emulation starting with systemd version 256, so starting
+          # with that version the systemd-journald service cannot be
+          # restarted either.  Right now we support this case, but we
+          # can't test it until we have native ARM64 runners.
+          #
+          # See issue #42 for more details.
+          - architecture: arm64
+            platform: debian13-systemd
         platform:
           - amazonlinux2023-systemd
           - debian10-systemd

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart systemd-journald
+  ansible.builtin.service:
+    name: systemd-journald.service
+    state: restarted

molecule/default/molecule.yml

@@ -85,15 +85,22 @@ platforms:
     privileged: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/cisagov/docker-debian13-ansible:latest
-    name: debian13-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # TODO: systemd-journald.socket fails to start under QEMU emulation
+  # starting with systemd version 256, so starting with that version
+  # the systemd-journald service cannot be restarted either.  Right
+  # now we support this case, but we can't test it until we have
+  # native ARM64 runners.
+  #
+  # See issue #42 for more details.
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/cisagov/docker-debian13-ansible:latest
+  #   name: debian13-systemd-arm64
+  #   platform: arm64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
   - cgroupns_mode: host
     command: /lib/systemd/systemd
     image: docker.io/cisagov/docker-kali-ansible:latest

molecule/default/prepare.yml

@@ -4,6 +4,3 @@
 
 - name: Import externally-managed-python playbook
   ansible.builtin.import_playbook: externally-managed-python.yml
-
-- name: Install systemctl
-  ansible.builtin.import_playbook: systemd.yml

molecule/default/tests/test_default.py

@@ -1,23 +1,21 @@
 """Module containing the tests for the default scenario."""
 
 # Standard Python Libraries
+import configparser
 import os
 
 # Third-Party Libraries
-import pytest
 import testinfra.utils.ansible_runner
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ["MOLECULE_INVENTORY_FILE"]
 ).get_hosts("all")
 
 
-@pytest.mark.parametrize(
-    "file,content", [("/etc/systemd/journald.conf", r"^Storage=persistent$")]
-)
-def test_files(host, file, content):
-    """Test that config files were modified as expected."""
-    f = host.file(file)
-
-    assert f.exists
-    assert f.contains(content)
+def test_config(host):
+    """Test that systemd-journald is configured as expected."""
+    cmd = host.run("systemd-analyze cat-config systemd/journald.conf")
+    assert cmd.rc == 0
+    config = configparser.ConfigParser(strict=False)
+    config.read_string(cmd.stdout)
+    assert config["Journal"]["Storage"] == "persistent"

tasks/main.yml

@@ -1,8 +1,25 @@
 ---
-- name: Configure journald to persist storage
-  ansible.builtin.lineinfile:
-    dest: /etc/systemd/journald.conf
-    regexp: '^#Storage='
-    state: present
-    backrefs: true
-    line: 'Storage=persistent'
+- name: >-
+    Ensure that the directory where the systemd-journald drop-in will
+    live actually exists
+  ansible.builtin.file:
+    group: root
+    mode: 0755
+    owner: root
+    path: /etc/systemd/journald.conf.d
+    state: directory
+
+- name: Configure systemd-journald to persist storage
+  community.general.ini_file:
+    group: root
+    mode: 0644
+    # This is just to maintain the look and feel of the
+    # /etc/systemd/journald.conf file as provided by systemd-journald.
+    no_extra_spaces: true
+    option: Storage
+    owner: root
+    path: /etc/systemd/journald.conf.d/99-ansible-role-persist-journald.conf
+    section: Journal
+    value: persistent
+  notify:
+    - Restart systemd-journald