diff options
Diffstat (limited to 'src/grp-journal')
23 files changed, 394 insertions, 16 deletions
diff --git a/src/grp-journal/Makefile b/src/grp-journal/Makefile index 6538713813..f1f3453d33 100644 --- a/src/grp-journal/Makefile +++ b/src/grp-journal/Makefile @@ -167,6 +167,9 @@ tests += \ test-compress-benchmark endif # HAVE_COMPRESSION +dist_tmpfiles_DATA = \ + tmpfiles.d/journal-nocow.conf + nested.subdirs += journalctl systemd-journald libjournal-core nested.subdirs += systemd-cat #nested.subdirs += grp-remote diff --git a/src/grp-journal/grp-remote/systemd-journal-gatewayd/Makefile b/src/grp-journal/grp-remote/systemd-journal-gatewayd/Makefile index 05df34a71d..f6e07621a8 100644 --- a/src/grp-journal/grp-remote/systemd-journal-gatewayd/Makefile +++ b/src/grp-journal/grp-remote/systemd-journal-gatewayd/Makefile @@ -60,6 +60,9 @@ nodist_systemunit_DATA += \ dist_gatewayddocumentroot_DATA = \ src/journal-remote/browse.html +dist_sysusers_DATA += \ + sysusers.d/systemd-journal-gateway.conf + endif # HAVE_MICROHTTPD EXTRA_DIST += \ diff --git a/src/grp-journal/grp-remote/systemd-remote.sysusers.m4 b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gateway.sysusers index 0e9d71cdd0..a60fcf4d42 100644 --- a/src/grp-journal/grp-remote/systemd-remote.sysusers.m4 +++ b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gateway.sysusers @@ -7,8 +7,3 @@ m4_ifdef(`HAVE_MICROHTTPD', u systemd-journal-gateway - "systemd Journal Gateway" -u systemd-journal-remote - "systemd Journal Remote" -)m4_dnl -m4_ifdef(`HAVE_LIBCURL', -u systemd-journal-upload - "systemd Journal Upload" -)m4_dnl diff --git a/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.service.in b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.service.in new file mode 100644 index 0000000000..f4f845841d --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.service.in @@ -0,0 +1,29 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service +Documentation=man:systemd-journal-gatewayd(8) +Requires=systemd-journal-gatewayd.socket + +[Service] +ExecStart=@rootlibexecdir@/systemd-journal-gatewayd +User=systemd-journal-gateway +Group=systemd-journal-gateway +SupplementaryGroups=systemd-journal +PrivateTmp=yes +PrivateDevices=yes +PrivateNetwork=yes +ProtectSystem=full +ProtectHome=yes + +# If there are many split upjournal files we need a lot of fds to +# access them all and combine +LimitNOFILE=16384 + +[Install] +Also=systemd-journal-gatewayd.socket diff --git a/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.socket b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.socket new file mode 100644 index 0000000000..79d9b04210 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.socket @@ -0,0 +1,16 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Gateway Service Socket +Documentation=man:systemd-journal-gatewayd(8) + +[Socket] +ListenStream=19531 + +[Install] +WantedBy=sockets.target diff --git a/src/grp-journal/grp-remote/systemd-journal-remote/Makefile b/src/grp-journal/grp-remote/systemd-journal-remote/Makefile index b75eeedae8..7a9d9b19df 100644 --- a/src/grp-journal/grp-remote/systemd-journal-remote/Makefile +++ b/src/grp-journal/grp-remote/systemd-journal-remote/Makefile @@ -63,6 +63,9 @@ endif # HAVE_GNUTLS dist_systemunit_DATA += \ units/systemd-journal-remote.socket +dist_sysusers_DATA += \ + sysusers.d/systemd-journal-remote.conf + nodist_systemunit_DATA += \ units/systemd-journal-remote.service diff --git a/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.service.in b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.service.in new file mode 100644 index 0000000000..fdf3da4b64 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.service.in @@ -0,0 +1,25 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Service +Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) +Requires=systemd-journal-remote.socket + +[Service] +ExecStart=@rootlibexecdir@/systemd-journal-remote \ + --listen-https=-3 \ + --output=/var/log/journal/remote/ +User=systemd-journal-remote +Group=systemd-journal-remote +PrivateTmp=yes +PrivateDevices=yes +PrivateNetwork=yes +WatchdogSec=3min + +[Install] +Also=systemd-journal-remote.socket diff --git a/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.socket b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.socket new file mode 100644 index 0000000000..076dcae8a3 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.socket @@ -0,0 +1,15 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Sink Socket + +[Socket] +ListenStream=19532 + +[Install] +WantedBy=sockets.target diff --git a/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.sysusers b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.sysusers new file mode 100644 index 0000000000..ca20c24896 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-journal-remote - "systemd Journal Remote" diff --git a/src/grp-journal/grp-remote/systemd-journal-upload/Makefile b/src/grp-journal/grp-remote/systemd-journal-upload/Makefile index c47fcf0128..845a3a566d 100644 --- a/src/grp-journal/grp-remote/systemd-journal-upload/Makefile +++ b/src/grp-journal/grp-remote/systemd-journal-upload/Makefile @@ -45,7 +45,11 @@ nodist_systemunit_DATA += \ nodist_pkgsysconf_DATA += \ src/journal-remote/journal-upload.conf -endif + +dist_sysusers_DATA += \ + sysusers.d/systemd-journal-upload.conf + +endif # HAVE_LIBCURL EXTRA_DIST += \ units/systemd-journal-upload.service.in \ diff --git a/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.service.in b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.service.in new file mode 100644 index 0000000000..1f488ff425 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.service.in @@ -0,0 +1,27 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Remote Upload Service +Documentation=man:systemd-journal-upload(8) +After=network.target + +[Service] +ExecStart=@rootlibexecdir@/systemd-journal-upload \ + --save-state +User=systemd-journal-upload +SupplementaryGroups=systemd-journal +PrivateTmp=yes +PrivateDevices=yes +WatchdogSec=3min + +# If there are many split up journal files we need a lot of fds to +# access them all and combine +LimitNOFILE=16384 + +[Install] +WantedBy=multi-user.target diff --git a/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.sysusers b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.sysusers new file mode 100644 index 0000000000..927d400279 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-journal-upload - "systemd Journal Upload" diff --git a/src/grp-journal/journal-nocow.tmpfiles b/src/grp-journal/journal-nocow.tmpfiles new file mode 100644 index 0000000000..e7938c8911 --- /dev/null +++ b/src/grp-journal/journal-nocow.tmpfiles @@ -0,0 +1,27 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Set the NOCOW attribute for directories of journal files. This flag +# is inheredited by their new files and sub-directories. Matters only +# for btrfs filesystems. +# +# WARNING: Enabling the NOCOW attribute improves journal performance +# substantially, but also disables the btrfs checksum logic. In +# btrfs RAID filesystems the checksums are needed for rebuilding +# corrupted files. Without checksums such rebuilds are not +# possible. +# +# In a single-disk filesystem (or a filesystem without redundancy) +# enabling the NOCOW attribute for journal files is safe, because +# they have their own checksums and a rebuilding wouldn't be possible +# in any case. + +h /var/log/journal - - - - +C +h /var/log/journal/%m - - - - +C +h /var/log/journal/remote - - - - +C diff --git a/src/grp-journal/journalctl/Makefile b/src/grp-journal/journalctl/Makefile index ce650ae733..a7aa51403e 100644 --- a/src/grp-journal/journalctl/Makefile +++ b/src/grp-journal/journalctl/Makefile @@ -49,6 +49,18 @@ journalctl_LDADD += \ $(QRENCODE_LIBS) endif # HAVE_QRENCODE +nodist_systemunit_DATA += \ + units/systemd-journal-flush.service \ + units/systemd-journal-catalog-update.service + +SYSINIT_TARGET_WANTS += \ + systemd-journal-flush.service \ + systemd-journal-catalog-update.service + +EXTRA_DIST += \ + units/systemd-journal-flush.service.in \ + units/systemd-journal-catalog-update.service.in + sd.CPPFLAGS += -DCATALOG_DATABASE=\"$(catalogstatedir)/database\" include $(topsrcdir)/build-aux/Makefile.tail.mk diff --git a/src/grp-journal/journalctl/systemd-journal-catalog-update.service.in b/src/grp-journal/journalctl/systemd-journal-catalog-update.service.in new file mode 100644 index 0000000000..6370dd478f --- /dev/null +++ b/src/grp-journal/journalctl/systemd-journal-catalog-update.service.in @@ -0,0 +1,21 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Rebuild Journal Catalog +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Conflicts=shutdown.target +After=local-fs.target +Before=sysinit.target shutdown.target systemd-update-done.service +ConditionNeedsUpdate=/etc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@rootbindir@/journalctl --update-catalog +TimeoutSec=90s diff --git a/src/grp-journal/journalctl/systemd-journal-flush.service.in b/src/grp-journal/journalctl/systemd-journal-flush.service.in new file mode 100644 index 0000000000..a0a2e3fdb4 --- /dev/null +++ b/src/grp-journal/journalctl/systemd-journal-flush.service.in @@ -0,0 +1,22 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Flush Journal to Persistent Storage +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Requires=systemd-journald.service +After=systemd-journald.service +After=systemd-remount-fs.service +Before=systemd-user-sessions.service systemd-tmpfiles-setup.service +RequiresMountsFor=/var/log/journal + +[Service] +ExecStart=@rootbindir@/journalctl --flush +Type=oneshot +RemainAfterExit=yes +TimeoutSec=90s diff --git a/src/grp-journal/systemd-journald/Makefile b/src/grp-journal/systemd-journald/Makefile index 640528bae4..62f19aa1b8 100644 --- a/src/grp-journal/systemd-journald/Makefile +++ b/src/grp-journal/systemd-journald/Makefile @@ -40,14 +40,13 @@ dist_systemunit_DATA += \ units/systemd-journald-audit.socket nodist_systemunit_DATA += \ - units/systemd-journald.service \ - units/systemd-journal-flush.service \ - units/systemd-journal-catalog-update.service + units/systemd-journald.service dist_pkgsysconf_DATA += \ src/journal/journald.conf -dist_catalog_DATA = \ +# TODO +_dist_catalog_DATA = \ catalog/systemd.bg.catalog \ catalog/systemd.be.catalog \ catalog/systemd.be@latin.catalog \ @@ -66,14 +65,10 @@ SOCKETS_TARGET_WANTS += \ systemd-journald-audit.socket SYSINIT_TARGET_WANTS += \ - systemd-journald.service \ - systemd-journal-flush.service \ - systemd-journal-catalog-update.service + systemd-journald.service EXTRA_DIST += \ - units/systemd-journald.service.in \ - units/systemd-journal-flush.service.in \ - units/systemd-journal-catalog-update.service.in + units/systemd-journald.service.in gperf_gperf_sources += \ src/journal/journald-gperf.gperf diff --git a/src/grp-journal/libjournal-core/journald.conf b/src/grp-journal/systemd-journald/journald.conf index 2541b949be..2541b949be 100644 --- a/src/grp-journal/libjournal-core/journald.conf +++ b/src/grp-journal/systemd-journald/journald.conf diff --git a/src/grp-journal/systemd-journald/systemd-journald-audit.socket b/src/grp-journal/systemd-journald/systemd-journald-audit.socket new file mode 100644 index 0000000000..541f2cf38d --- /dev/null +++ b/src/grp-journal/systemd-journald/systemd-journald-audit.socket @@ -0,0 +1,20 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Audit Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target +ConditionSecurity=audit +ConditionCapability=CAP_AUDIT_READ + +[Socket] +Service=systemd-journald.service +ReceiveBuffer=128M +ListenNetlink=audit 1 +PassCredentials=yes diff --git a/src/grp-journal/systemd-journald/systemd-journald-dev-log.socket b/src/grp-journal/systemd-journald/systemd-journald-dev-log.socket new file mode 100644 index 0000000000..ffd44bb507 --- /dev/null +++ b/src/grp-journal/systemd-journald/systemd-journald-dev-log.socket @@ -0,0 +1,32 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket (/dev/log) +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an +# isolate request the mount and swap units would be removed too, +# hence let's exclude this from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +Service=systemd-journald.service +ListenDatagram=/run/systemd/journal/dev-log +Symlinks=/dev/log +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes + +# Increase both the send and receive buffer, so that things don't +# block early. Note that journald internally uses the this socket both +# for receiving syslog messages, and for forwarding them to any other +# syslog, hence we bump both values. +ReceiveBuffer=8M +SendBuffer=8M diff --git a/src/grp-journal/systemd-journald/systemd-journald.service.in b/src/grp-journal/systemd-journald/systemd-journald.service.in new file mode 100644 index 0000000000..41bfde5be3 --- /dev/null +++ b/src/grp-journal/systemd-journald/systemd-journald.service.in @@ -0,0 +1,32 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Service +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Requires=systemd-journald.socket +After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket syslog.socket +Before=sysinit.target + +[Service] +Type=notify +Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket +ExecStart=@rootlibexecdir@/systemd-journald +Restart=always +RestartSec=0 +NotifyAccess=all +StandardOutput=null +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE +WatchdogSec=3min +FileDescriptorStoreMax=1024 + +# Increase the default a bit in order to allow many simultaneous +# services being run since we keep one fd open per service. Also, when +# flushing journal files to disk, we might need a lot of fds when many +# journal files are combined. +LimitNOFILE=16384 diff --git a/src/grp-journal/systemd-journald/systemd-journald.socket b/src/grp-journal/systemd-journald/systemd-journald.socket new file mode 100644 index 0000000000..71737014ca --- /dev/null +++ b/src/grp-journal/systemd-journald/systemd-journald.socket @@ -0,0 +1,26 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an +# isolate request the mount and swap units would be removed too, +# hence let's exclude this from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenStream=/run/systemd/journal/stdout +ListenDatagram=/run/systemd/journal/socket +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +Service=systemd-journald.service diff --git a/src/grp-journal/systemd-journald/systemd-journald.tmpfiles.m4 b/src/grp-journal/systemd-journald/systemd-journald.tmpfiles.m4 new file mode 100644 index 0000000000..2e8bd8cbef --- /dev/null +++ b/src/grp-journal/systemd-journald/systemd-journald.tmpfiles.m4 @@ -0,0 +1,55 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/log 0755 root root - + +z /run/log/journal 2755 root systemd-journal - - +Z /run/log/journal/%m ~2750 root systemd-journal - - +m4_ifdef(`HAVE_ACL',`m4_dnl +m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r-- +'',`` +a+ /run/log/journal/%m - - - - d:group:adm:r-x +a+ /run/log/journal/%m - - - - group:adm:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r-- +'')',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /run/log/journal/%m - - - - d:group:wheel:r-x +a+ /run/log/journal/%m - - - - group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r-- +'')')')m4_dnl + +z /var/log/journal 2755 root systemd-journal - - +z /var/log/journal/%m 2755 root systemd-journal - - +z /var/log/journal/%m/system.journal 0640 root systemd-journal - - +m4_ifdef(`HAVE_ACL',`m4_dnl +m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- +'', `` +a+ /var/log/journal - - - - d:group:adm:r-x +a+ /var/log/journal - - - - group:adm:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x +a+ /var/log/journal/%m - - - - group:adm:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- +'')',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /var/log/journal - - - - d:group:wheel:r-x +a+ /var/log/journal - - - - group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:wheel:r-x +a+ /var/log/journal/%m - - - - group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- +'')')')m4_dnl |