diff options
author | elijah <elijah@riseup.net> | 2015-04-17 10:24:37 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2015-04-17 10:24:37 -0700 |
commit | f3aa928a91e0172a7a3c940940ab864194cb85a7 (patch) | |
tree | 433c2784c878301dcc36478e32496b9140d4a407 /puppet/modules/site_stunnel/manifests | |
parent | 8bd7eca1913a8ca23e8b2c92b83aeac5a665131b (diff) | |
parent | 64cc83793aa35b84b60dd40305c7edf8369a187b (diff) |
Merge branch 'bugfix/logs' into develop
Diffstat (limited to 'puppet/modules/site_stunnel/manifests')
-rw-r--r-- | puppet/modules/site_stunnel/manifests/client.pp | 19 | ||||
-rw-r--r-- | puppet/modules/site_stunnel/manifests/init.pp | 14 |
2 files changed, 31 insertions, 2 deletions
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 3b10ecb8..c9e034f1 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -14,7 +14,9 @@ define site_stunnel::client ( $verify = '2', $pid = $name, $rndfile = '/var/lib/stunnel4/.rnd', - $debuglevel = '4' ) { + $debuglevel = 'warning' ) { + + $logfile = "/var/log/stunnel4/${name}.log" include site_config::x509::cert include site_config::x509::key @@ -35,7 +37,20 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, - sslversion => 'TLSv1'; + sslversion => 'TLSv1', + syslog => 'no', + output => $logfile; + } + + # define the log files so that we can purge the + # files from /var/log/stunnel4 that are not defined. + file { + $logfile:; + "${logfile}.1.gz":; + "${logfile}.2.gz":; + "${logfile}.3.gz":; + "${logfile}.4.gz":; + "${logfile}.5.gz":; } site_shorewall::stunnel::client { $name: diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index 2e0cf5b8..d919a072 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -29,6 +29,20 @@ class site_stunnel { $client_sections = keys($clients) site_stunnel::clients { $client_sections: } + # remove any old stunnel logs that are not + # defined by this puppet run + file {'/var/log/stunnel4': purge => true;} + + # the default is to keep 356 log files for each stunnel. + # here we set a more reasonable number. + augeas { + "logrotate_stunnel": + context => "/files/etc/logrotate.d/stunnel4/rule", + changes => [ + 'set rotate 5', + ] + } + include site_stunnel::override_service } |