summaryrefslogtreecommitdiff
path: root/puppet/modules/site_stunnel/manifests
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2015-04-16 20:57:11 -0700
committerelijah <elijah@riseup.net>2015-04-16 20:57:11 -0700
commitc7e12fd3cfe482e22e337eaea80ca7994dea7524 (patch)
treeaf9dc12e55b17951dd194e0d4c6079233aba7146 /puppet/modules/site_stunnel/manifests
parent1530a85da3415bc000635d62882d9ba7082a793b (diff)
stunnel shouldn't use syslog, and leap_mx can't.
Diffstat (limited to 'puppet/modules/site_stunnel/manifests')
-rw-r--r--puppet/modules/site_stunnel/manifests/client.pp19
-rw-r--r--puppet/modules/site_stunnel/manifests/init.pp15
2 files changed, 31 insertions, 3 deletions
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp
index 3b10ecb8..c9e034f1 100644
--- a/puppet/modules/site_stunnel/manifests/client.pp
+++ b/puppet/modules/site_stunnel/manifests/client.pp
@@ -14,7 +14,9 @@ define site_stunnel::client (
$verify = '2',
$pid = $name,
$rndfile = '/var/lib/stunnel4/.rnd',
- $debuglevel = '4' ) {
+ $debuglevel = 'warning' ) {
+
+ $logfile = "/var/log/stunnel4/${name}.log"
include site_config::x509::cert
include site_config::x509::key
@@ -35,7 +37,20 @@ define site_stunnel::client (
pid => "/var/run/stunnel4/${pid}.pid",
rndfile => $rndfile,
debuglevel => $debuglevel,
- sslversion => 'TLSv1';
+ sslversion => 'TLSv1',
+ syslog => 'no',
+ output => $logfile;
+ }
+
+ # define the log files so that we can purge the
+ # files from /var/log/stunnel4 that are not defined.
+ file {
+ $logfile:;
+ "${logfile}.1.gz":;
+ "${logfile}.2.gz":;
+ "${logfile}.3.gz":;
+ "${logfile}.4.gz":;
+ "${logfile}.5.gz":;
}
site_shorewall::stunnel::client { $name:
diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp
index 176b8618..d919a072 100644
--- a/puppet/modules/site_stunnel/manifests/init.pp
+++ b/puppet/modules/site_stunnel/manifests/init.pp
@@ -29,7 +29,20 @@ class site_stunnel {
$client_sections = keys($clients)
site_stunnel::clients { $client_sections: }
- leap::logfile { "stunnel": process => "stunnel4" }
+ # remove any old stunnel logs that are not
+ # defined by this puppet run
+ file {'/var/log/stunnel4': purge => true;}
+
+ # the default is to keep 356 log files for each stunnel.
+ # here we set a more reasonable number.
+ augeas {
+ "logrotate_stunnel":
+ context => "/files/etc/logrotate.d/stunnel4/rule",
+ changes => [
+ 'set rotate 5',
+ ]
+ }
+
include site_stunnel::override_service
}