From 0ca80b41060dd8046386f7e49d2ed5ad382948c4 Mon Sep 17 00:00:00 2001
From: Micah <micah@leap.se>
Date: Tue, 12 Apr 2016 10:37:56 -0400
Subject: Put openvpn logs into leap directory (#8021)

Have openvpn logs go to /var/log/leap/openvpn_$protocol, instead of to
/var/log/daemon.log.

Change-Id: I1fc33de660648ab0dba1ce98de2864649c104719
---
 puppet/modules/site_config/manifests/remove/files.pp   | 2 ++
 puppet/modules/site_openvpn/manifests/init.pp          | 3 ++-
 puppet/modules/site_openvpn/manifests/server_config.pp | 6 +++++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp
index 5aa07e53..41d6462e 100644
--- a/puppet/modules/site_config/manifests/remove/files.pp
+++ b/puppet/modules/site_config/manifests/remove/files.pp
@@ -40,6 +40,8 @@ class site_config::remove::files {
       recurse => true,
       rmdirs => true;
     '/etc/leap/soledad-server.conf':;
+    '/var/log/leap/openvpn.log':;
+    '/etc/rsyslog.d/50-openvpn.conf':;
   }
 
   # leax-mx logged to /var/log/leap_mx.log in the past
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index f5eb7fd0..f1ecefb9 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -224,7 +224,8 @@ class site_openvpn {
       order   => 10;
   }
 
-  leap::logfile { 'openvpn': }
+  leap::logfile { 'openvpn_tcp': }
+  leap::logfile { 'openvpn_udp': }
 
   # Because we currently do not support ipv6 and instead block it (so no leaks
   # happen), we get a large number of these messages, so we ignore them (#6540)
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index ca9926cc..6decc665 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -109,7 +109,7 @@ define site_openvpn::server_config(
     "cert ${openvpn_configname}":
       key     => 'cert',
       value   => "${x509::variables::certs}/${site_config::params::cert_name}.crt",
-        server  => $openvpn_configname;
+      server  => $openvpn_configname;
     "key ${openvpn_configname}":
       key     => 'key',
       value   => "${x509::variables::keys}/${site_config::params::cert_name}.key",
@@ -203,6 +203,10 @@ define site_openvpn::server_config(
       key    => 'verb',
       value  => '3',
       server => $openvpn_configname;
+    "log-append /var/log/leap/openvpn_${proto}.log":
+      key    => 'log-append',
+      value  => "/var/log/leap/openvpn_${proto}.log",
+      server => $openvpn_configname;
   }
 
   # register openvpn services at systemd on nodes newer than wheezy
-- 
cgit v1.2.3