blob: 1efdc3cae0e3727dfeb4f981cf9b60551b782166 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
set -eux
# pipefail is disabled intentionally, as `curl | grep -q` is very SIGPIPE happy
if [[ ! -x /usr/lib/systemd/systemd-journal-gatewayd ]]; then
echo "Built without systemd-journal-gatewayd support, skipping the test"
exit 0
fi
TEST_MESSAGE="-= This is a test message $RANDOM =-"
TEST_TAG="$(systemd-id128 new)"
echo "$TEST_MESSAGE" | systemd-cat -t "$TEST_TAG"
journalctl --sync
TEST_CURSOR="$(journalctl -q -t "$TEST_TAG" -n 0 --show-cursor | awk '{ print $3; }')"
BOOT_CURSOR="$(journalctl -q -b -n 0 --show-cursor | awk '{ print $3; }')"
/usr/lib/systemd/systemd-journal-gatewayd --version
/usr/lib/systemd/systemd-journal-gatewayd --help
# Default configuration (HTTP, socket activated)
systemctl start systemd-journal-gatewayd.socket
# /browse
# We should get redirected to /browse by default
curl -Lfs http://localhost:19531 | grep -qF "<title>Journal</title>"
curl -Lfs http://localhost:19531/browse | grep -qF "<title>Journal</title>"
(! curl -Lfs http://localhost:19531/foo/bar/baz)
(! curl -Lfs http://localhost:19531/foo/../../../bar/../baz)
# /entries
# Accept: text/plain should be the default
curl -Lfs http://localhost:19531/entries | \
grep -qE " $TEST_TAG\[[0-9]+\]: $TEST_MESSAGE"
curl -Lfs --header "Accept: text/plain" http://localhost:19531/entries | \
grep -qE " $TEST_TAG\[[0-9]+\]: $TEST_MESSAGE"
curl -Lfs --header "Accept: application/json" http://localhost:19531/entries | \
jq -se ".[] | select(.MESSAGE == \"$TEST_MESSAGE\")"
# FIXME: drop the condition once https://github.com/systemd/systemd/issues/28059 is resolved
if ! systemd-detect-virt -cq; then
curl -Lfs --header "Accept: application/json" http://localhost:19531/entries?boot | \
jq -se ".[] | select(.MESSAGE == \"$TEST_MESSAGE\")"
fi
curl -Lfs --header "Accept: application/json" http://localhost:19531/entries?SYSLOG_IDENTIFIER="$TEST_TAG" | \
jq -se "length == 1 and select(.[].MESSAGE == \"$TEST_MESSAGE\")"
# Show 10 entries starting from $BOOT_CURSOR, skip the first 5
curl -Lfs --header "Accept: application/json" --header "Range: entries=$BOOT_CURSOR:5:10" http://localhost:19531/entries | \
jq -se "length == 10"
# Check if the specified cursor refers to an existing entry and return just that entry
curl -Lfs --header "Accept: application/json" --header "Range: entries=$TEST_CURSOR" http://localhost:19531/entries?discrete | \
jq -se "length == 1 and select(.[].MESSAGE == \"$TEST_MESSAGE\")"
# No idea how to properly parse this (jq won't cut it), so let's at least do some sanity checks that every
# line is either empty or begins with data:
curl -Lfs --header "Accept: text/event-stream" http://localhost:19531/entries | \
awk '!/^(data: \{.+\}|)$/ { exit 1; }'
# Same thing as journalctl --output=export
mkdir /tmp/remote-journal
curl -Lfs --header "Accept: application/vnd.fdo.journal" http://localhost:19531/entries | \
/usr/lib/systemd/systemd-journal-remote -o /tmp/remote-journal/system.journal --split-mode=none -
journalctl --directory=/tmp/remote-journal -t "$TEST_TAG" --grep "$TEST_MESSAGE"
rm -rf /tmp/remote-journal
# /machine
curl -Lfs http://localhost:19531/machine | jq
# /fields
curl -Lfs http://localhost:19531/fields/MESSAGE | grep -qE -- "$TEST_MESSAGE"
curl -Lfs http://localhost:19531/fields/_TRANSPORT
(! curl -Lfs http://localhost:19531/fields)
(! curl -Lfs http://localhost:19531/fields/foo-bar-baz)
systemctl stop systemd-journal-gatewayd.{socket,service}
if ! command -v openssl >/dev/null; then
echo "openssl command not available, skipping the HTTPS tests"
exit 0
fi
# Generate a self-signed certificate for systemd-journal-gatewayd
#
# Note: older OpenSSL requires a config file with some extra options, unfortunately
cat >/tmp/openssl.conf <<EOF
[ req ]
prompt = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
C = CZ
L = Brno
O = Foo
OU = Bar
CN = localhost
EOF
openssl req -x509 -nodes -newkey rsa:2048 -sha256 -days 7 \
-config /tmp/openssl.conf \
-keyout /tmp/key.pem -out /tmp/cert.pem
# Start HTTPS version of gatewayd via the systemd-socket-activate tool to give it some coverage as well
systemd-socket-activate --listen=19531 -- \
/usr/lib/systemd/systemd-journal-gatewayd \
--cert=/tmp/cert.pem \
--key=/tmp/key.pem \
--file="/var/log/journal/*/*.journal" &
GATEWAYD_PID=$!
sleep 1
# Do a limited set of tests, since the underlying code should be the same past the HTTPS transport
curl -Lfsk https://localhost:19531 | grep -qF "<title>Journal</title>"
curl -Lfsk https://localhost:19531/entries | \
grep -qE " $TEST_TAG\[[0-9]+\]: $TEST_MESSAGE"
curl -Lfsk --header "Accept: application/json" https://localhost:19531/entries | \
jq -se ".[] | select(.MESSAGE == \"$TEST_MESSAGE\")"
curl -Lfsk https://localhost:19531/machine | jq
curl -Lfsk https://localhost:19531/fields/_TRANSPORT
kill "$GATEWAYD_PID"
|