diff options
author | elijah <elijah@riseup.net> | 2015-04-16 20:57:11 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2015-04-16 20:57:11 -0700 |
commit | c7e12fd3cfe482e22e337eaea80ca7994dea7524 (patch) | |
tree | af9dc12e55b17951dd194e0d4c6079233aba7146 /puppet/modules/site_stunnel | |
parent | 1530a85da3415bc000635d62882d9ba7082a793b (diff) |
stunnel shouldn't use syslog, and leap_mx can't.
Diffstat (limited to 'puppet/modules/site_stunnel')
-rw-r--r-- | puppet/modules/site_stunnel/manifests/client.pp | 19 | ||||
-rw-r--r-- | puppet/modules/site_stunnel/manifests/init.pp | 15 |
2 files changed, 31 insertions, 3 deletions
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 3b10ecb8..c9e034f1 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -14,7 +14,9 @@ define site_stunnel::client ( $verify = '2', $pid = $name, $rndfile = '/var/lib/stunnel4/.rnd', - $debuglevel = '4' ) { + $debuglevel = 'warning' ) { + + $logfile = "/var/log/stunnel4/${name}.log" include site_config::x509::cert include site_config::x509::key @@ -35,7 +37,20 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, - sslversion => 'TLSv1'; + sslversion => 'TLSv1', + syslog => 'no', + output => $logfile; + } + + # define the log files so that we can purge the + # files from /var/log/stunnel4 that are not defined. + file { + $logfile:; + "${logfile}.1.gz":; + "${logfile}.2.gz":; + "${logfile}.3.gz":; + "${logfile}.4.gz":; + "${logfile}.5.gz":; } site_shorewall::stunnel::client { $name: diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index 176b8618..d919a072 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -29,7 +29,20 @@ class site_stunnel { $client_sections = keys($clients) site_stunnel::clients { $client_sections: } - leap::logfile { "stunnel": process => "stunnel4" } + # remove any old stunnel logs that are not + # defined by this puppet run + file {'/var/log/stunnel4': purge => true;} + + # the default is to keep 356 log files for each stunnel. + # here we set a more reasonable number. + augeas { + "logrotate_stunnel": + context => "/files/etc/logrotate.d/stunnel4/rule", + changes => [ + 'set rotate 5', + ] + } + include site_stunnel::override_service } |