summaryrefslogtreecommitdiff
path: root/puppet/modules/site_stunnel/manifests
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2015-04-17 10:24:37 -0700
committerelijah <elijah@riseup.net>2015-04-17 10:24:37 -0700
commitf3aa928a91e0172a7a3c940940ab864194cb85a7 (patch)
tree433c2784c878301dcc36478e32496b9140d4a407 /puppet/modules/site_stunnel/manifests
parent8bd7eca1913a8ca23e8b2c92b83aeac5a665131b (diff)
parent64cc83793aa35b84b60dd40305c7edf8369a187b (diff)
Merge branch 'bugfix/logs' into develop
Diffstat (limited to 'puppet/modules/site_stunnel/manifests')
-rw-r--r--puppet/modules/site_stunnel/manifests/client.pp19
-rw-r--r--puppet/modules/site_stunnel/manifests/init.pp14
2 files changed, 31 insertions, 2 deletions
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp
index 3b10ecb8..c9e034f1 100644
--- a/puppet/modules/site_stunnel/manifests/client.pp
+++ b/puppet/modules/site_stunnel/manifests/client.pp
@@ -14,7 +14,9 @@ define site_stunnel::client (
$verify = '2',
$pid = $name,
$rndfile = '/var/lib/stunnel4/.rnd',
- $debuglevel = '4' ) {
+ $debuglevel = 'warning' ) {
+
+ $logfile = "/var/log/stunnel4/${name}.log"
include site_config::x509::cert
include site_config::x509::key
@@ -35,7 +37,20 @@ define site_stunnel::client (
pid => "/var/run/stunnel4/${pid}.pid",
rndfile => $rndfile,
debuglevel => $debuglevel,
- sslversion => 'TLSv1';
+ sslversion => 'TLSv1',
+ syslog => 'no',
+ output => $logfile;
+ }
+
+ # define the log files so that we can purge the
+ # files from /var/log/stunnel4 that are not defined.
+ file {
+ $logfile:;
+ "${logfile}.1.gz":;
+ "${logfile}.2.gz":;
+ "${logfile}.3.gz":;
+ "${logfile}.4.gz":;
+ "${logfile}.5.gz":;
}
site_shorewall::stunnel::client { $name:
diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp
index 2e0cf5b8..d919a072 100644
--- a/puppet/modules/site_stunnel/manifests/init.pp
+++ b/puppet/modules/site_stunnel/manifests/init.pp
@@ -29,6 +29,20 @@ class site_stunnel {
$client_sections = keys($clients)
site_stunnel::clients { $client_sections: }
+ # remove any old stunnel logs that are not
+ # defined by this puppet run
+ file {'/var/log/stunnel4': purge => true;}
+
+ # the default is to keep 356 log files for each stunnel.
+ # here we set a more reasonable number.
+ augeas {
+ "logrotate_stunnel":
+ context => "/files/etc/logrotate.d/stunnel4/rule",
+ changes => [
+ 'set rotate 5',
+ ]
+ }
+
include site_stunnel::override_service
}