添加

journald_configure.yml

@@ -0,0 +1,74 @@
+---
+- name: 配置 systemd-journald
+  hosts: all
+  become: yes
+
+  vars:
+    journald_config:
+      system_max_use: "500M"
+      system_max_file_size: "100M"
+      max_retention_sec: "7day"
+      rate_limit_interval_sec: "30s"
+      rate_limit_burst: "10000"
+
+    backup_journald: true
+
+  tasks:
+    - name: 备份原有 journald.conf
+      ansible.builtin.copy:
+        src: /etc/systemd/journald.conf
+        dest: "/etc/systemd/journald.conf.backup.{{ ansible_date_time.iso8601_basic_short }}"
+        remote_src: yes
+        force: no
+      when: backup_journald
+
+    - name: 部署 journald.conf 配置
+      ansible.builtin.copy:
+        dest: /etc/systemd/journald.conf
+        owner: root
+        group: root
+        mode: "0644"
+        backup: yes
+        content: |
+          # This file is managed by Ansible
+          # Manual changes will be overwritten
+          # See journald.conf(5) for details.
+          
+          [Journal]
+          # 限制日志最大使用空间（所有服务总和）
+          SystemMaxUse={{ journald_config.system_max_use }}
+          
+          # 单个日志文件最大大小
+          SystemMaxFileSize={{ journald_config.system_max_file_size }}
+          
+          # 保留日志的时间
+          MaxRetentionSec={{ journald_config.max_retention_sec }}
+          
+          # 限制单个服务的日志速率（防止日志炸弹）
+          RateLimitIntervalSec={{ journald_config.rate_limit_interval_sec }}
+          RateLimitBurst={{ journald_config.rate_limit_burst }}
+      notify: 重启 systemd-journald
+
+    - name: 验证 journald 服务状态
+      ansible.builtin.systemd:
+        name: systemd-journald
+      register: journald_status
+
+    - name: 显示 journald 服务状态
+      ansible.builtin.debug:
+        msg: "journald 状态: {{ journald_status.status.ActiveState }}"
+
+    - name: 显示日志磁盘使用情况
+      ansible.builtin.command: journalctl --disk-usage
+      register: disk_usage
+      changed_when: false
+
+    - name: 显示磁盘使用
+      ansible.builtin.debug:
+        var: disk_usage.stdout
+
+  handlers:
+    - name: 重启 systemd-journald
+      ansible.builtin.systemd:
+        name: systemd-journald
+        state: restarted