diff options
author | Micah Anderson <micah@leap.se> | 2015-06-11 12:10:09 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-06-11 12:10:09 -0400 |
commit | b429b30bda4dafc78cb02f6ece5d82f08e35de1f (patch) | |
tree | 37efc30a4fcb642dec583c3accea76f7a7de9c39 /puppet/modules/site_stunnel | |
parent | 67b2bea2dfcfb06191bf5ed562309f264c6aed8c (diff) | |
parent | d9146415db0e6b7dd0c945039c0a4ed4fd054a7d (diff) |
Merge tag '0.7.0'
Releasing 0.7.0
Diffstat (limited to 'puppet/modules/site_stunnel')
-rw-r--r-- | puppet/modules/site_stunnel/manifests/client.pp | 19 | ||||
-rw-r--r-- | puppet/modules/site_stunnel/manifests/init.pp | 14 |
2 files changed, 31 insertions, 2 deletions
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 3b10ecb8..c9e034f1 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -14,7 +14,9 @@ define site_stunnel::client ( $verify = '2', $pid = $name, $rndfile = '/var/lib/stunnel4/.rnd', - $debuglevel = '4' ) { + $debuglevel = 'warning' ) { + + $logfile = "/var/log/stunnel4/${name}.log" include site_config::x509::cert include site_config::x509::key @@ -35,7 +37,20 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, - sslversion => 'TLSv1'; + sslversion => 'TLSv1', + syslog => 'no', + output => $logfile; + } + + # define the log files so that we can purge the + # files from /var/log/stunnel4 that are not defined. + file { + $logfile:; + "${logfile}.1.gz":; + "${logfile}.2.gz":; + "${logfile}.3.gz":; + "${logfile}.4.gz":; + "${logfile}.5.gz":; } site_shorewall::stunnel::client { $name: diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index 2e0cf5b8..d919a072 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -29,6 +29,20 @@ class site_stunnel { $client_sections = keys($clients) site_stunnel::clients { $client_sections: } + # remove any old stunnel logs that are not + # defined by this puppet run + file {'/var/log/stunnel4': purge => true;} + + # the default is to keep 356 log files for each stunnel. + # here we set a more reasonable number. + augeas { + "logrotate_stunnel": + context => "/files/etc/logrotate.d/stunnel4/rule", + changes => [ + 'set rotate 5', + ] + } + include site_stunnel::override_service } |