summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--puppet/modules/leap/manifests/init.pp3
-rw-r--r--puppet/modules/leap/manifests/logfile.pp26
-rw-r--r--puppet/modules/leap_mx/manifests/init.pp23
-rw-r--r--puppet/modules/leap_mx/manifests/syslog.pp17
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg2
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg (renamed from puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg)1
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/stunnel.cfg (renamed from puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg)1
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/tapicero.cfg (renamed from puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg)1
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/webapp.cfg (renamed from puppet/modules/site_check_mk/files/agent/logwatch/syslog/webapp.cfg)1
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/mx.pp2
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/openvpn.pp2
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/stunnel.pp2
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/tapicero.pp9
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/webapp.pp8
-rw-r--r--puppet/modules/site_config/manifests/default.pp1
-rw-r--r--puppet/modules/site_config/manifests/remove_files.pp36
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp1
-rw-r--r--puppet/modules/site_stunnel/manifests/client.pp19
-rw-r--r--puppet/modules/site_stunnel/manifests/init.pp14
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp7
-rw-r--r--puppet/modules/site_webapp/manifests/logging.pp16
-rw-r--r--puppet/modules/tapicero/manifests/init.pp19
22 files changed, 147 insertions, 64 deletions
diff --git a/puppet/modules/leap/manifests/init.pp b/puppet/modules/leap/manifests/init.pp
new file mode 100644
index 00000000..bbae3781
--- /dev/null
+++ b/puppet/modules/leap/manifests/init.pp
@@ -0,0 +1,3 @@
+class leap {
+
+} \ No newline at end of file
diff --git a/puppet/modules/leap/manifests/logfile.pp b/puppet/modules/leap/manifests/logfile.pp
new file mode 100644
index 00000000..c5c185f6
--- /dev/null
+++ b/puppet/modules/leap/manifests/logfile.pp
@@ -0,0 +1,26 @@
+#
+# make syslog log to a particular file for a particular process.
+#
+
+define leap::logfile($process=$name) {
+ $logfile = "/var/log/leap/${name}.log"
+
+ rsyslog::snippet { "50-${name}":
+ content => "if \$programname startswith '${process}' then ${logfile}
+&~"
+ }
+
+ augeas {
+ "logrotate_${name}":
+ context => "/files/etc/logrotate.d/${name}/rule",
+ changes => [
+ "set file ${logfile}",
+ 'set rotate 5',
+ 'set schedule daily',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set ifempty notifempty',
+ 'set copytruncate copytruncate'
+ ]
+ }
+}
diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp
index 78065f56..6bcdd19a 100644
--- a/puppet/modules/leap_mx/manifests/init.pp
+++ b/puppet/modules/leap_mx/manifests/init.pp
@@ -11,7 +11,6 @@ class leap_mx {
include soledad::common
include site_apt::preferences::twisted
- include leap_mx::syslog
#
# USER AND GROUP
@@ -42,6 +41,14 @@ class leap_mx {
notify => Service['leap-mx'];
}
+ file { '/etc/default/leap_mx':
+ content => 'LOGFILE=/var/log/leap/mx.log',
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ notify => Service['leap-mx'];
+ }
+
#
# LEAP-MX CODE AND DEPENDENCIES
#
@@ -68,4 +75,18 @@ class leap_mx {
hasrestart => true,
require => [ Package['leap-mx'] ];
}
+
+ augeas {
+ "logrotate_mx":
+ context => "/files/etc/logrotate.d/leap-mx/rule",
+ changes => [
+ "set file /var/log/leap/mx.log",
+ 'set rotate 5',
+ 'set schedule daily',
+ 'set compress compress',
+ 'set missingok missingok',
+ 'set ifempty notifempty',
+ 'set copytruncate copytruncate'
+ ]
+ }
}
diff --git a/puppet/modules/leap_mx/manifests/syslog.pp b/puppet/modules/leap_mx/manifests/syslog.pp
deleted file mode 100644
index 0247a392..00000000
--- a/puppet/modules/leap_mx/manifests/syslog.pp
+++ /dev/null
@@ -1,17 +0,0 @@
-class leap_mx::syslog {
-
- rsyslog::snippet { '99-leap-mx':
- content => 'if $programname startswith \'leap-mx\' then /var/log/leap/mx.log
-&~'
- }
-
- augeas {
- 'logrotate_leap-mx':
- context => '/files/etc/logrotate.d/leap-mx/rule',
- changes => [ 'set file /var/log/leap/mx*.log', 'set rotate 7',
- 'set schedule daily', 'set compress compress',
- 'set missingok missingok', 'set ifempty notifempty',
- 'set copytruncate copytruncate' ]
- }
-
-}
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg
index c71c5392..166d0230 100644
--- a/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg
@@ -1,4 +1,4 @@
-/var/log/leap_mx.log
+/var/log/leap/mx.log
W Don't know how to deliver mail
W No public key, stopping the processing chain
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
index ac17c0ca..ed50f420 100644
--- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg
@@ -1,3 +1,4 @@
+/var/log/leap/openvpn.log
# ignore openvpn TLS initialization errors when clients
# suddenly hangup before properly establishing
# a tls connection
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/stunnel.cfg
index eb3131f2..b1e6cf2f 100644
--- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/stunnel.cfg
@@ -1,3 +1,4 @@
+/var/log/leap/stunnel.log
# check for stunnel failures
#
# these are temporary failures and happen very often, so we
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/tapicero.cfg
index e5721eea..f527f120 100644
--- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/tapicero.cfg
@@ -1,3 +1,4 @@
+/var/log/leap/tapicero.log
# Ignore transient Tapicero errors when creating a db (#6511)
I tapicero.*(Creating database|Checking security of|Writing security to|Uploading design doc to) user-.* failed (\(trying again soon\)|(twice )?due to): (RestClient::Resource Not Found|RestClient::InternalServerError): (404 Resource Not Found|500 Internal Server Error)
C tapicero.*RestClient::InternalServerError:
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/webapp.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/webapp.cfg
index 00f9c7fd..008e9e09 100644
--- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/webapp.cfg
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/webapp.cfg
@@ -1,3 +1,4 @@
+/var/log/leap/webapp.log
# check for webapp errors
C webapp.*Could not connect to couch database messages due to 401 Unauthorized: {"error":"unauthorized","reason":"You are not a server admin."}
# ignore RoutingErrors that rails throw when it can't handle a url
diff --git a/puppet/modules/site_check_mk/manifests/agent/mx.pp b/puppet/modules/site_check_mk/manifests/agent/mx.pp
index da66c549..98757b59 100644
--- a/puppet/modules/site_check_mk/manifests/agent/mx.pp
+++ b/puppet/modules/site_check_mk/manifests/agent/mx.pp
@@ -12,7 +12,7 @@ class site_check_mk::agent::mx {
lens => 'Spacevars.lns',
changes => [
'rm /files/etc/check_mk/mrpe.cfg/Leap_MX_Procs',
- 'set Leap_MX_Procs \'/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a "/usr/bin/python /usr/bin/twistd --pidfile=/var/run/leap_mx.pid --rundir=/var/lib/leap_mx/ --python=/usr/share/app/leap_mx.tac --logfile=/var/log/leap_mx.log"\'' ],
+ 'set Leap_MX_Procs \'/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a "/usr/bin/python /usr/bin/twistd --pidfile=/var/run/leap_mx.pid --rundir=/var/lib/leap_mx/ --python=/usr/share/app/leap_mx.tac --logfile=/var/log/leap/mx.log"\'' ],
require => File['/etc/check_mk/mrpe.cfg'];
}
diff --git a/puppet/modules/site_check_mk/manifests/agent/openvpn.pp b/puppet/modules/site_check_mk/manifests/agent/openvpn.pp
index 919a408d..0596a497 100644
--- a/puppet/modules/site_check_mk/manifests/agent/openvpn.pp
+++ b/puppet/modules/site_check_mk/manifests/agent/openvpn.pp
@@ -2,7 +2,7 @@ class site_check_mk::agent::openvpn {
# check syslog
concat::fragment { 'syslog_openpvn':
- source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/openvpn.cfg',
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/openvpn.cfg',
target => '/etc/check_mk/logwatch.d/syslog.cfg',
order => '02';
}
diff --git a/puppet/modules/site_check_mk/manifests/agent/stunnel.pp b/puppet/modules/site_check_mk/manifests/agent/stunnel.pp
index 64022824..7f765771 100644
--- a/puppet/modules/site_check_mk/manifests/agent/stunnel.pp
+++ b/puppet/modules/site_check_mk/manifests/agent/stunnel.pp
@@ -1,7 +1,7 @@
class site_check_mk::agent::stunnel {
concat::fragment { 'syslog_stunnel':
- source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/stunnel.cfg',
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/stunnel.cfg',
target => '/etc/check_mk/logwatch.d/syslog.cfg',
order => '02';
}
diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
index 5c14b460..4a5ec68e 100644
--- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
+++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp
@@ -2,10 +2,9 @@ class site_check_mk::agent::tapicero {
include ::site_nagios::plugins
- concat::fragment { 'syslog_tapicero':
- source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/tapicero.cfg',
- target => '/etc/check_mk/logwatch.d/syslog.cfg',
- order => '02';
+ # watch logs
+ file { '/etc/check_mk/logwatch.d/tapicero.cfg':
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/tapicero.cfg',
}
# local nagios plugin checks via mrpe
@@ -20,7 +19,7 @@ class site_check_mk::agent::tapicero {
'Tapicero_Heartbeat':
incl => '/etc/check_mk/mrpe.cfg',
lens => 'Spacevars.lns',
- changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/syslog -r "tapicero" -w 300 -c 600\'',
+ changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 300 -c 600\'',
require => File['/etc/check_mk/mrpe.cfg'];
}
}
diff --git a/puppet/modules/site_check_mk/manifests/agent/webapp.pp b/puppet/modules/site_check_mk/manifests/agent/webapp.pp
index 88c3da30..9bf3b197 100644
--- a/puppet/modules/site_check_mk/manifests/agent/webapp.pp
+++ b/puppet/modules/site_check_mk/manifests/agent/webapp.pp
@@ -7,11 +7,9 @@ class site_check_mk::agent::webapp {
ensure => absent
}
- # check syslog
- concat::fragment { 'syslog_webapp':
- source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/webapp.cfg',
- target => '/etc/check_mk/logwatch.d/syslog.cfg',
- order => '02';
+ # watch logs
+ file { '/etc/check_mk/logwatch.d/webapp.cfg':
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/webapp.cfg',
}
}
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index c15080f5..e69e4b7b 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -58,6 +58,7 @@ class site_config::default {
# set up core leap files and directories
include site_config::files
+ include site_config::remove_files
if ! member($services, 'mx') {
include site_postfix::satellite
diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp
new file mode 100644
index 00000000..44e3e47b
--- /dev/null
+++ b/puppet/modules/site_config/manifests/remove_files.pp
@@ -0,0 +1,36 @@
+#
+# Sometimes when we upgrade the platform, we need to ensure that files that
+# the platform previously created will get removed.
+#
+# These file removals don't need to be kept forever: we only need to remove
+# files that are present in the prior platform release.
+#
+# We can assume that the every node is upgraded from the previous platform
+# release.
+#
+
+class site_config::remove_files {
+
+ #
+ # Platform 0.7 removals
+ #
+
+ tidy {
+ '/etc/rsyslog.d/99-tapicero.conf':;
+ '/etc/rsyslog.d/99-leap-mx.conf':;
+ '/etc/rsyslog.d/01-webapp.conf':;
+ '/etc/rsyslog.d/50-stunnel.conf':;
+ '/etc/logrotate.d/mx':;
+ '/etc/logrotate.d/stunnel':;
+ '/var/log/stunnel4/stunnel.log':;
+ 'leap_mx':
+ path => '/var/log/',
+ recurse => true,
+ matches => 'leap_mx*';
+ '/srv/leap/webapp/public/provider.json':;
+ '/srv/leap/couchdb/designs/tmp_users':
+ recurse => true,
+ rmdirs => true;
+ }
+
+}
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index d6f9150b..e2a3124e 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -228,6 +228,7 @@ class site_openvpn {
order => 10;
}
+ leap::logfile { 'openvpn': }
include site_check_mk::agent::openvpn
}
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp
index 3b10ecb8..c9e034f1 100644
--- a/puppet/modules/site_stunnel/manifests/client.pp
+++ b/puppet/modules/site_stunnel/manifests/client.pp
@@ -14,7 +14,9 @@ define site_stunnel::client (
$verify = '2',
$pid = $name,
$rndfile = '/var/lib/stunnel4/.rnd',
- $debuglevel = '4' ) {
+ $debuglevel = 'warning' ) {
+
+ $logfile = "/var/log/stunnel4/${name}.log"
include site_config::x509::cert
include site_config::x509::key
@@ -35,7 +37,20 @@ define site_stunnel::client (
pid => "/var/run/stunnel4/${pid}.pid",
rndfile => $rndfile,
debuglevel => $debuglevel,
- sslversion => 'TLSv1';
+ sslversion => 'TLSv1',
+ syslog => 'no',
+ output => $logfile;
+ }
+
+ # define the log files so that we can purge the
+ # files from /var/log/stunnel4 that are not defined.
+ file {
+ $logfile:;
+ "${logfile}.1.gz":;
+ "${logfile}.2.gz":;
+ "${logfile}.3.gz":;
+ "${logfile}.4.gz":;
+ "${logfile}.5.gz":;
}
site_shorewall::stunnel::client { $name:
diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp
index 2e0cf5b8..d919a072 100644
--- a/puppet/modules/site_stunnel/manifests/init.pp
+++ b/puppet/modules/site_stunnel/manifests/init.pp
@@ -29,6 +29,20 @@ class site_stunnel {
$client_sections = keys($clients)
site_stunnel::clients { $client_sections: }
+ # remove any old stunnel logs that are not
+ # defined by this puppet run
+ file {'/var/log/stunnel4': purge => true;}
+
+ # the default is to keep 356 log files for each stunnel.
+ # here we set a more reasonable number.
+ augeas {
+ "logrotate_stunnel":
+ context => "/files/etc/logrotate.d/stunnel4/rule",
+ changes => [
+ 'set rotate 5',
+ ]
+ }
+
include site_stunnel::override_service
}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index ea64048b..ec94c090 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -18,7 +18,6 @@ class site_webapp {
include site_config::ruby::dev
include site_webapp::apache
include site_webapp::couchdb
- include site_webapp::logging
include site_haproxy
include site_webapp::cron
include site_config::x509::cert
@@ -93,10 +92,6 @@ class site_webapp {
require => Vcsrepo['/srv/leap/webapp'],
owner => leap-webapp, group => leap-webapp, mode => '0644';
- # old provider.json location. this can be removed after everyone upgrades.
- '/srv/leap/webapp/public/provider.json':
- ensure => absent;
-
'/srv/leap/webapp/public/ca.crt':
ensure => link,
require => Vcsrepo['/srv/leap/webapp'],
@@ -173,6 +168,8 @@ class site_webapp {
ensure => latest,
}
+ leap::logfile { 'webapp': }
+
include site_shorewall::webapp
include site_check_mk::agent::webapp
}
diff --git a/puppet/modules/site_webapp/manifests/logging.pp b/puppet/modules/site_webapp/manifests/logging.pp
deleted file mode 100644
index b414b82c..00000000
--- a/puppet/modules/site_webapp/manifests/logging.pp
+++ /dev/null
@@ -1,16 +0,0 @@
-class site_webapp::logging {
-
- rsyslog::snippet { '01-webapp':
- content => 'if $programname == "webapp" then /var/log/leap/webapp.log
-&~'
- }
-
- augeas {
- 'logrotate_webapp':
- context => '/files/etc/logrotate.d/webapp/rule',
- changes => [ 'set file /var/log/leap/webapp.log', 'set rotate 7',
- 'set schedule daily', 'set compress compress',
- 'set missingok missingok', 'set ifempty notifempty',
- 'set copytruncate copytruncate' ]
- }
-}
diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp
index 8afb18b8..ca8488c8 100644
--- a/puppet/modules/tapicero/manifests/init.pp
+++ b/puppet/modules/tapicero/manifests/init.pp
@@ -44,9 +44,9 @@ class tapicero {
file {
- ##
- ## TAPICERO DIRECTORIES
- ##
+ #
+ # TAPICERO DIRECTORIES
+ #
'/srv/leap/tapicero':
ensure => directory,
@@ -67,9 +67,9 @@ class tapicero {
group => 'tapicero',
require => User['tapicero'];
- ##
- ## TAPICERO CONFIG
- ##
+ #
+ # TAPICERO CONFIG
+ #
'/etc/leap/tapicero.yaml':
content => template('tapicero/tapicero.yaml.erb'),
@@ -78,9 +78,9 @@ class tapicero {
mode => '0600',
notify => Service['tapicero'];
- ##
- ## TAPICERO INIT
- ##
+ #
+ # TAPICERO INIT
+ #
'/etc/init.d/tapicero':
source => 'puppet:///modules/tapicero/tapicero.init',
@@ -133,4 +133,5 @@ class tapicero {
Couchdb::Add_user[$::site_couchdb::couchdb_tapicero_user] ];
}
+ leap::logfile { 'tapicero': }
}