From 0ca80b41060dd8046386f7e49d2ed5ad382948c4 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 12 Apr 2016 10:37:56 -0400 Subject: Put openvpn logs into leap directory (#8021) Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to /var/log/daemon.log. Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719 --- puppet/modules/site_config/manifests/remove/files.pp | 2 ++ puppet/modules/site_openvpn/manifests/init.pp | 3 ++- puppet/modules/site_openvpn/manifests/server_config.pp | 6 +++++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp index 5aa07e53..41d6462e 100644 --- a/puppet/modules/site_config/manifests/remove/files.pp +++ b/puppet/modules/site_config/manifests/remove/files.pp @@ -40,6 +40,8 @@ class site_config::remove::files { recurse => true, rmdirs => true; '/etc/leap/soledad-server.conf':; + '/var/log/leap/openvpn.log':; + '/etc/rsyslog.d/50-openvpn.conf':; } # leax-mx logged to /var/log/leap_mx.log in the past diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index f5eb7fd0..f1ecefb9 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -224,7 +224,8 @@ class site_openvpn { order => 10; } - leap::logfile { 'openvpn': } + leap::logfile { 'openvpn_tcp': } + leap::logfile { 'openvpn_udp': } # Because we currently do not support ipv6 and instead block it (so no leaks # happen), we get a large number of these messages, so we ignore them (#6540) diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index ca9926cc..6decc665 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -109,7 +109,7 @@ define site_openvpn::server_config( "cert ${openvpn_configname}": key => 'cert', value => "${x509::variables::certs}/${site_config::params::cert_name}.crt", - server => $openvpn_configname; + server => $openvpn_configname; "key ${openvpn_configname}": key => 'key', value => "${x509::variables::keys}/${site_config::params::cert_name}.key", @@ -203,6 +203,10 @@ define site_openvpn::server_config( key => 'verb', value => '3', server => $openvpn_configname; + "log-append /var/log/leap/openvpn_${proto}.log": + key => 'log-append', + value => "/var/log/leap/openvpn_${proto}.log", + server => $openvpn_configname; } # register openvpn services at systemd on nodes newer than wheezy -- cgit v1.2.3