summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_config/manifests/remove/files.pp2
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp3
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp6
3 files changed, 9 insertions, 2 deletions
diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp
index 5aa07e53..41d6462e 100644
--- a/puppet/modules/site_config/manifests/remove/files.pp
+++ b/puppet/modules/site_config/manifests/remove/files.pp
@@ -40,6 +40,8 @@ class site_config::remove::files {
recurse => true,
rmdirs => true;
'/etc/leap/soledad-server.conf':;
+ '/var/log/leap/openvpn.log':;
+ '/etc/rsyslog.d/50-openvpn.conf':;
}
# leax-mx logged to /var/log/leap_mx.log in the past
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index f5eb7fd0..f1ecefb9 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -224,7 +224,8 @@ class site_openvpn {
order => 10;
}
- leap::logfile { 'openvpn': }
+ leap::logfile { 'openvpn_tcp': }
+ leap::logfile { 'openvpn_udp': }
# Because we currently do not support ipv6 and instead block it (so no leaks
# happen), we get a large number of these messages, so we ignore them (#6540)
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index ca9926cc..6decc665 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -109,7 +109,7 @@ define site_openvpn::server_config(
"cert ${openvpn_configname}":
key => 'cert',
value => "${x509::variables::certs}/${site_config::params::cert_name}.crt",
- server => $openvpn_configname;
+ server => $openvpn_configname;
"key ${openvpn_configname}":
key => 'key',
value => "${x509::variables::keys}/${site_config::params::cert_name}.key",
@@ -203,6 +203,10 @@ define site_openvpn::server_config(
key => 'verb',
value => '3',
server => $openvpn_configname;
+ "log-append /var/log/leap/openvpn_${proto}.log":
+ key => 'log-append',
+ value => "/var/log/leap/openvpn_${proto}.log",
+ server => $openvpn_configname;
}
# register openvpn services at systemd on nodes newer than wheezy