journal: Add journal.storage credential

In mkosi CI, we want persistent journals when running interactively
and runtime journals when running in CI, so let's add a credential
that allows us to configure which one to use.

5 files changed, 68 insertions, 9 deletions

diff --git a/NEWS b/NEWS
index 566ee2a9d5..ba206afdfb 100644
--- a/NEWS
+++ b/NEWS
@@ -268,6 +268,9 @@ CHANGES WITH 256-rc1:
           added to control the maximum log levels for the messages sent to this
           socket.
 
+        * systemd-journald now also reads the journal.storage credential when
+          determining where to store journal files.
+
         * systemd-vmspawn gained a new --forward-journal= option to forward the
           virtual machine's journal entries to the host. This is done over a
           AF_VSOCK socket, i.e. it does not require networking in the guest.
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
index 1b07040da4..2d53eea137 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
@@ -103,6 +103,10 @@
         <para>Note that per-user journal files are not supported unless persistent storage is enabled, thus
         making <command>journalctl --user</command> unavailable.</para>
 
+        <para>The storage to use can also be specified via the <literal>journal.storage</literal>
+        credential. Values configured via configuration files take priority over values configured via the
+        credential.</para>
+
         <xi:include href="version-info.xml" xpointer="v186"/>
         </listitem>
       </varlistentry>
diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml
index 8eeb209b07..cb06b3b8f8 100644
--- a/man/systemd-journald.service.xml
+++ b/man/systemd-journald.service.xml
@@ -221,6 +221,37 @@ systemd-tmpfiles --create --prefix /var/log/journal</programlisting>
   </refsect1>
 
   <refsect1>
+    <title>Credentials</title>
+
+    <para><command>systemd-journald</command> supports the service credentials logic as implemented by
+    <varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
+    (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+    details). The following credentials are used when passed in:</para>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>journal.forward_to_socket</varname></term>
+
+        <listitem><para>May contain a socket address to which logs should be forwarded. See
+        <varname>ForwardToSocket=</varname> in
+        <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>journal.storage</varname></term>
+
+        <listitem><para>May be used to specify where journal files should be stored. See
+        <varname>Storage=</varname> in
+        <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
     <title>Kernel Command Line</title>
 
     <para>A few configuration parameters from
diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml
index e8e2985a42..d9fbae25ee 100644
--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@@ -310,6 +310,18 @@
       </varlistentry>
 
       <varlistentry>
+        <term><varname>journal.storage</varname></term>
+        <listitem>
+          <para>Used by
+          <citerefentry><refentrytitle>systemd-journald</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+          to determine where to store journal files, see
+          <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.</para>
+
+          <xi:include href="version-info.xml" xpointer="v256"/>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><varname>vmm.notify_socket</varname></term>
         <listitem>
           <para>Configures an
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index c78678f1f6..dfad063e47 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -2522,17 +2522,27 @@ static void server_load_credentials(Server *s) {
 
         assert(s);
 
-        /* if we already have a forward address from config don't load the credential */
-        if (s->forward_to_socket.sockaddr.sa.sa_family != AF_UNSPEC)
-                return log_debug("Socket forward address already set not loading journal.forward_to_socket");
-
         r = read_credential("journal.forward_to_socket", &data, NULL);
         if (r < 0)
-                return (void) log_debug_errno(r, "Failed to read credential journal.forward_to_socket, ignoring: %m");
+                log_debug_errno(r, "Failed to read credential journal.forward_to_socket, ignoring: %m");
+        else {
+                r = socket_address_parse(&s->forward_to_socket, data);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to parse socket address '%s' from credential journal.forward_to_socket, ignoring: %m", (char *) data);
+        }
+
+        data = mfree(data);
 
-        r = socket_address_parse(&s->forward_to_socket, data);
+        r = read_credential("journal.storage", &data, NULL);
         if (r < 0)
-                log_debug_errno(r, "Failed to parse credential journal.forward_to_socket, ignoring: %m");
+                log_debug_errno(r, "Failed to read credential journal.storage, ignoring: %m");
+        else {
+                r = storage_from_string(data);
+                if (r < 0)
+                        log_debug_errno(r, "Failed to parse storage '%s' from credential journal.storage, ignoring: %m", (char *) data);
+                else
+                        s->storage = r;
+        }
 }
 
 int server_new(Server **ret) {
@@ -2617,9 +2627,8 @@ int server_init(Server *s, const char *namespace) {
         journal_reset_metrics(&s->system_storage.metrics);
         journal_reset_metrics(&s->runtime_storage.metrics);
 
-        server_parse_config_file(s);
-
         server_load_credentials(s);
+        server_parse_config_file(s);
 
         if (!s->namespace) {
                 /* Parse kernel command line, but only if we are not a namespace instance */