Merge branch 'bugfix/logs' into develop

2 files changed, 31 insertions, 2 deletions

diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp
index 3b10ecb8..c9e034f1 100644
--- a/puppet/modules/site_stunnel/manifests/client.pp
+++ b/puppet/modules/site_stunnel/manifests/client.pp
@@ -14,7 +14,9 @@ define site_stunnel::client (
   $verify     = '2',
   $pid        = $name,
   $rndfile    = '/var/lib/stunnel4/.rnd',
-  $debuglevel = '4' ) {
+  $debuglevel = 'warning' ) {
+
+  $logfile = "/var/log/stunnel4/${name}.log"
 
   include site_config::x509::cert
   include site_config::x509::key
@@ -35,7 +37,20 @@ define site_stunnel::client (
     pid        => "/var/run/stunnel4/${pid}.pid",
     rndfile    => $rndfile,
     debuglevel => $debuglevel,
-    sslversion => 'TLSv1';
+    sslversion => 'TLSv1',
+    syslog     => 'no',
+    output     => $logfile;
+  }
+
+  # define the log files so that we can purge the
+  # files from /var/log/stunnel4 that are not defined.
+  file {
+    $logfile:;
+    "${logfile}.1.gz":;
+    "${logfile}.2.gz":;
+    "${logfile}.3.gz":;
+    "${logfile}.4.gz":;
+    "${logfile}.5.gz":;
   }
 
   site_shorewall::stunnel::client { $name:
diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp
index 2e0cf5b8..d919a072 100644
--- a/puppet/modules/site_stunnel/manifests/init.pp
+++ b/puppet/modules/site_stunnel/manifests/init.pp
@@ -29,6 +29,20 @@ class site_stunnel {
   $client_sections = keys($clients)
   site_stunnel::clients { $client_sections: }
 
+  # remove any old stunnel logs that are not
+  # defined by this puppet run
+  file {'/var/log/stunnel4': purge => true;}
+
+  # the default is to keep 356 log files for each stunnel.
+  # here we set a more reasonable number.
+  augeas {
+    "logrotate_stunnel":
+      context => "/files/etc/logrotate.d/stunnel4/rule",
+      changes => [
+        'set rotate 5',
+      ]
+  }
+
   include site_stunnel::override_service
 }