diff options
| -rw-r--r-- | puppet/modules/site_config/manifests/remove/files.pp | 2 | ||||
| -rw-r--r-- | puppet/modules/site_openvpn/manifests/init.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 6 |
3 files changed, 9 insertions, 2 deletions
diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 5aa07e53..41d6462e 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -40,6 +40,8 @@ class site_config::remove::files { recurse => true, rmdirs => true; '/etc/leap/soledad-server.conf':; + '/var/log/leap/openvpn.log':; + '/etc/rsyslog.d/50-openvpn.conf':; } # leax-mx logged to /var/log/leap_mx.log in the past diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index f5eb7fd0..f1ecefb9 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -224,7 +224,8 @@ class site_openvpn { order => 10; } - leap::logfile { 'openvpn': } + leap::logfile { 'openvpn_tcp': } + leap::logfile { 'openvpn_udp': } # Because we currently do not support ipv6 and instead block it (so no leaks # happen), we get a large number of these messages, so we ignore them (#6540) diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index ca9926cc..6decc665 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -109,7 +109,7 @@ define site_openvpn::server_config( "cert ${openvpn_configname}": key => 'cert', value => "${x509::variables::certs}/${site_config::params::cert_name}.crt", - server => $openvpn_configname; + server => $openvpn_configname; "key ${openvpn_configname}": key => 'key', value => "${x509::variables::keys}/${site_config::params::cert_name}.key", @@ -203,6 +203,10 @@ define site_openvpn::server_config( key => 'verb', value => '3', server => $openvpn_configname; + "log-append /var/log/leap/openvpn_${proto}.log": + key => 'log-append', + value => "/var/log/leap/openvpn_${proto}.log", + server => $openvpn_configname; } # register openvpn services at systemd on nodes newer than wheezy |