From 7f069dc47c318e9047a3ae7a29a90f3471610e34 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 15 Apr 2015 09:36:30 -0700 Subject: fix tapicero & webapp logs: remove heartbeat log check, move to /var/log/tapicero, fix webapp logwatch location. --- .../files/agent/logwatch/syslog/tapicero.cfg | 10 ------- .../files/agent/logwatch/syslog/webapp.cfg | 5 ---- .../files/agent/logwatch/tapicero.cfg | 11 ++++++++ .../site_check_mk/files/agent/logwatch/webapp.cfg | 6 +++++ .../site_check_mk/manifests/agent/tapicero.pp | 12 +++------ .../site_check_mk/manifests/agent/webapp.pp | 8 +++--- puppet/modules/tapicero/manifests/init.pp | 31 +++++++++++++++------- 7 files changed, 45 insertions(+), 38 deletions(-) delete mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg delete mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/syslog/webapp.cfg create mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/tapicero.cfg create mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/webapp.cfg diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg deleted file mode 100644 index e5721eea..00000000 --- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/tapicero.cfg +++ /dev/null @@ -1,10 +0,0 @@ -# Ignore transient Tapicero errors when creating a db (#6511) - I tapicero.*(Creating database|Checking security of|Writing security to|Uploading design doc to) user-.* failed (\(trying again soon\)|(twice )?due to): (RestClient::Resource Not Found|RestClient::InternalServerError): (404 Resource Not Found|500 Internal Server Error) - C tapicero.*RestClient::InternalServerError: -# possible race condition between multiple tapicero -# instances, so we ignore it -# see https://leap.se/code/issues/5168 - I tapicero.*RestClient::PreconditionFailed: - C tapicero.*Creating database.*failed due to: - C tapicero.*failed - W tapicero.*Couch stream ended unexpectedly. diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/webapp.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/webapp.cfg deleted file mode 100644 index 00f9c7fd..00000000 --- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/webapp.cfg +++ /dev/null @@ -1,5 +0,0 @@ -# check for webapp errors - C webapp.*Could not connect to couch database messages due to 401 Unauthorized: {"error":"unauthorized","reason":"You are not a server admin."} -# ignore RoutingErrors that rails throw when it can't handle a url -# see https://leap.se/code/issues/5173 - I webapp.*ActionController::RoutingError diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/tapicero.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/tapicero.cfg new file mode 100644 index 00000000..f527f120 --- /dev/null +++ b/puppet/modules/site_check_mk/files/agent/logwatch/tapicero.cfg @@ -0,0 +1,11 @@ +/var/log/leap/tapicero.log +# Ignore transient Tapicero errors when creating a db (#6511) + I tapicero.*(Creating database|Checking security of|Writing security to|Uploading design doc to) user-.* failed (\(trying again soon\)|(twice )?due to): (RestClient::Resource Not Found|RestClient::InternalServerError): (404 Resource Not Found|500 Internal Server Error) + C tapicero.*RestClient::InternalServerError: +# possible race condition between multiple tapicero +# instances, so we ignore it +# see https://leap.se/code/issues/5168 + I tapicero.*RestClient::PreconditionFailed: + C tapicero.*Creating database.*failed due to: + C tapicero.*failed + W tapicero.*Couch stream ended unexpectedly. diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/webapp.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/webapp.cfg new file mode 100644 index 00000000..008e9e09 --- /dev/null +++ b/puppet/modules/site_check_mk/files/agent/logwatch/webapp.cfg @@ -0,0 +1,6 @@ +/var/log/leap/webapp.log +# check for webapp errors + C webapp.*Could not connect to couch database messages due to 401 Unauthorized: {"error":"unauthorized","reason":"You are not a server admin."} +# ignore RoutingErrors that rails throw when it can't handle a url +# see https://leap.se/code/issues/5173 + I webapp.*ActionController::RoutingError diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp index 5c14b460..9bdebe2a 100644 --- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp +++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp @@ -2,10 +2,9 @@ class site_check_mk::agent::tapicero { include ::site_nagios::plugins - concat::fragment { 'syslog_tapicero': - source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/tapicero.cfg', - target => '/etc/check_mk/logwatch.d/syslog.cfg', - order => '02'; + # watch logs + file { '/etc/check_mk/logwatch.d/tapicero.cfg': + source => 'puppet:///modules/site_check_mk/agent/logwatch/tapicero.cfg', } # local nagios plugin checks via mrpe @@ -17,10 +16,5 @@ class site_check_mk::agent::tapicero { 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', 'set Tapicero_Procs "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero"' ], require => File['/etc/check_mk/mrpe.cfg']; - 'Tapicero_Heartbeat': - incl => '/etc/check_mk/mrpe.cfg', - lens => 'Spacevars.lns', - changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/syslog -r "tapicero" -w 300 -c 600\'', - require => File['/etc/check_mk/mrpe.cfg']; } } diff --git a/puppet/modules/site_check_mk/manifests/agent/webapp.pp b/puppet/modules/site_check_mk/manifests/agent/webapp.pp index 88c3da30..9bf3b197 100644 --- a/puppet/modules/site_check_mk/manifests/agent/webapp.pp +++ b/puppet/modules/site_check_mk/manifests/agent/webapp.pp @@ -7,11 +7,9 @@ class site_check_mk::agent::webapp { ensure => absent } - # check syslog - concat::fragment { 'syslog_webapp': - source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/webapp.cfg', - target => '/etc/check_mk/logwatch.d/syslog.cfg', - order => '02'; + # watch logs + file { '/etc/check_mk/logwatch.d/webapp.cfg': + source => 'puppet:///modules/site_check_mk/agent/logwatch/webapp.cfg', } } diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp index 8afb18b8..d4ff1acb 100644 --- a/puppet/modules/tapicero/manifests/init.pp +++ b/puppet/modules/tapicero/manifests/init.pp @@ -44,9 +44,9 @@ class tapicero { file { - ## - ## TAPICERO DIRECTORIES - ## + # + # TAPICERO DIRECTORIES + # '/srv/leap/tapicero': ensure => directory, @@ -67,9 +67,9 @@ class tapicero { group => 'tapicero', require => User['tapicero']; - ## - ## TAPICERO CONFIG - ## + # + # TAPICERO CONFIG + # '/etc/leap/tapicero.yaml': content => template('tapicero/tapicero.yaml.erb'), @@ -78,9 +78,9 @@ class tapicero { mode => '0600', notify => Service['tapicero']; - ## - ## TAPICERO INIT - ## + # + # TAPICERO INIT + # '/etc/init.d/tapicero': source => 'puppet:///modules/tapicero/tapicero.init', @@ -133,4 +133,17 @@ class tapicero { Couchdb::Add_user[$::site_couchdb::couchdb_tapicero_user] ]; } + rsyslog::snippet { '99-tapicero': + content => 'if $programname startswith \'tapicero\' then /var/log/leap/tapicero.log +&~' + } + + augeas { + 'logrotate_tapicero': + context => '/files/etc/logrotate.d/tapicero/rule', + changes => [ 'set file /var/log/leap/tapicero*.log', 'set rotate 7', + 'set schedule daily', 'set compress compress', + 'set missingok missingok', 'set ifempty notifempty', + 'set copytruncate copytruncate' ] + } } -- cgit v1.2.3 From bb07407485ed1626221a1190cc2fb2789f95ed22 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 15 Apr 2015 16:12:11 -0700 Subject: clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to their own files, fix mx logwatch path. --- puppet/modules/leap/manifests/init.pp | 3 +++ puppet/modules/leap/manifests/logfile.pp | 26 ++++++++++++++++++++++ puppet/modules/leap_mx/manifests/init.pp | 3 ++- puppet/modules/leap_mx/manifests/syslog.pp | 17 -------------- .../site_check_mk/files/agent/logwatch/leap_mx.cfg | 2 +- .../site_check_mk/files/agent/logwatch/openvpn.cfg | 14 ++++++++++++ .../site_check_mk/files/agent/logwatch/stunnel.cfg | 10 +++++++++ .../files/agent/logwatch/syslog/openvpn.cfg | 13 ----------- .../files/agent/logwatch/syslog/stunnel.cfg | 9 -------- puppet/modules/site_check_mk/manifests/agent/mx.pp | 2 +- .../site_check_mk/manifests/agent/openvpn.pp | 2 +- .../site_check_mk/manifests/agent/stunnel.pp | 2 +- puppet/modules/site_openvpn/manifests/init.pp | 1 + puppet/modules/site_stunnel/manifests/init.pp | 1 + puppet/modules/site_webapp/manifests/init.pp | 3 ++- puppet/modules/site_webapp/manifests/logging.pp | 16 ------------- puppet/modules/tapicero/manifests/init.pp | 14 +----------- 17 files changed, 64 insertions(+), 74 deletions(-) create mode 100644 puppet/modules/leap/manifests/init.pp create mode 100644 puppet/modules/leap/manifests/logfile.pp delete mode 100644 puppet/modules/leap_mx/manifests/syslog.pp create mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg create mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/stunnel.cfg delete mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg delete mode 100644 puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg delete mode 100644 puppet/modules/site_webapp/manifests/logging.pp diff --git a/puppet/modules/leap/manifests/init.pp b/puppet/modules/leap/manifests/init.pp new file mode 100644 index 00000000..bbae3781 --- /dev/null +++ b/puppet/modules/leap/manifests/init.pp @@ -0,0 +1,3 @@ +class leap { + +} \ No newline at end of file diff --git a/puppet/modules/leap/manifests/logfile.pp b/puppet/modules/leap/manifests/logfile.pp new file mode 100644 index 00000000..42a82943 --- /dev/null +++ b/puppet/modules/leap/manifests/logfile.pp @@ -0,0 +1,26 @@ +# +# make syslog log to a particular file for a particular process. +# + +define leap::logfile($process=$title) { + $logfile = "/var/log/leap/${title}.log" + + rsyslog::snippet { "50-${name}": + content => "if \$programname startswith '${process}' then ${logfile} +&~" + } + + augeas { + "logrotate_${name}": + context => "/files/etc/logrotate.d/${name}/rule", + changes => [ + "set file ${logfile}", + 'set rotate 7', + 'set schedule daily', + 'set compress compress', + 'set missingok missingok', + 'set ifempty notifempty', + 'set copytruncate copytruncate' + ] + } +} diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp index 78065f56..a0590ee1 100644 --- a/puppet/modules/leap_mx/manifests/init.pp +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -11,7 +11,8 @@ class leap_mx { include soledad::common include site_apt::preferences::twisted - include leap_mx::syslog + + leap::logfile { 'mx': process => 'leap-mx'} # # USER AND GROUP diff --git a/puppet/modules/leap_mx/manifests/syslog.pp b/puppet/modules/leap_mx/manifests/syslog.pp deleted file mode 100644 index 0247a392..00000000 --- a/puppet/modules/leap_mx/manifests/syslog.pp +++ /dev/null @@ -1,17 +0,0 @@ -class leap_mx::syslog { - - rsyslog::snippet { '99-leap-mx': - content => 'if $programname startswith \'leap-mx\' then /var/log/leap/mx.log -&~' - } - - augeas { - 'logrotate_leap-mx': - context => '/files/etc/logrotate.d/leap-mx/rule', - changes => [ 'set file /var/log/leap/mx*.log', 'set rotate 7', - 'set schedule daily', 'set compress compress', - 'set missingok missingok', 'set ifempty notifempty', - 'set copytruncate copytruncate' ] - } - -} diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg index c71c5392..166d0230 100644 --- a/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg +++ b/puppet/modules/site_check_mk/files/agent/logwatch/leap_mx.cfg @@ -1,4 +1,4 @@ -/var/log/leap_mx.log +/var/log/leap/mx.log W Don't know how to deliver mail W No public key, stopping the processing chain diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg new file mode 100644 index 00000000..ed50f420 --- /dev/null +++ b/puppet/modules/site_check_mk/files/agent/logwatch/openvpn.cfg @@ -0,0 +1,14 @@ +/var/log/leap/openvpn.log +# ignore openvpn TLS initialization errors when clients +# suddenly hangup before properly establishing +# a tls connection + I ovpn-.*TLS Error: Unroutable control packet received from + I ovpn-.*TLS Error: TLS key negotiation failed to occur within 60 seconds \(check your network connectivity\) + I ovpn-.*TLS Error: TLS handshake failed + I ovpn-.*TLS Error: TLS object -> incoming plaintext read error + I ovpn-.*Fatal TLS error \(check_tls_errors_co\), restarting + I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate + + I ovpn-.*SIGUSR1\[soft,tls-error\] received, client-instance restarting + I ovpn-.*VERIFY ERROR: depth=0, error=certificate has expired + diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/stunnel.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/stunnel.cfg new file mode 100644 index 00000000..b1e6cf2f --- /dev/null +++ b/puppet/modules/site_check_mk/files/agent/logwatch/stunnel.cfg @@ -0,0 +1,10 @@ +/var/log/leap/stunnel.log +# check for stunnel failures +# +# these are temporary failures and happen very often, so we +# ignore them until we tuned stunnel timeouts/logging, +# see https://leap.se/code/issues/5218 + I stunnel:.*Connection reset by peer + I stunnel:.*Peer suddenly disconnected + I stunnel:.*Connection refused + diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg deleted file mode 100644 index ac17c0ca..00000000 --- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg +++ /dev/null @@ -1,13 +0,0 @@ -# ignore openvpn TLS initialization errors when clients -# suddenly hangup before properly establishing -# a tls connection - I ovpn-.*TLS Error: Unroutable control packet received from - I ovpn-.*TLS Error: TLS key negotiation failed to occur within 60 seconds \(check your network connectivity\) - I ovpn-.*TLS Error: TLS handshake failed - I ovpn-.*TLS Error: TLS object -> incoming plaintext read error - I ovpn-.*Fatal TLS error \(check_tls_errors_co\), restarting - I ovpn-.*TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate - - I ovpn-.*SIGUSR1\[soft,tls-error\] received, client-instance restarting - I ovpn-.*VERIFY ERROR: depth=0, error=certificate has expired - diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg deleted file mode 100644 index eb3131f2..00000000 --- a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/stunnel.cfg +++ /dev/null @@ -1,9 +0,0 @@ -# check for stunnel failures -# -# these are temporary failures and happen very often, so we -# ignore them until we tuned stunnel timeouts/logging, -# see https://leap.se/code/issues/5218 - I stunnel:.*Connection reset by peer - I stunnel:.*Peer suddenly disconnected - I stunnel:.*Connection refused - diff --git a/puppet/modules/site_check_mk/manifests/agent/mx.pp b/puppet/modules/site_check_mk/manifests/agent/mx.pp index da66c549..98757b59 100644 --- a/puppet/modules/site_check_mk/manifests/agent/mx.pp +++ b/puppet/modules/site_check_mk/manifests/agent/mx.pp @@ -12,7 +12,7 @@ class site_check_mk::agent::mx { lens => 'Spacevars.lns', changes => [ 'rm /files/etc/check_mk/mrpe.cfg/Leap_MX_Procs', - 'set Leap_MX_Procs \'/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a "/usr/bin/python /usr/bin/twistd --pidfile=/var/run/leap_mx.pid --rundir=/var/lib/leap_mx/ --python=/usr/share/app/leap_mx.tac --logfile=/var/log/leap_mx.log"\'' ], + 'set Leap_MX_Procs \'/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a "/usr/bin/python /usr/bin/twistd --pidfile=/var/run/leap_mx.pid --rundir=/var/lib/leap_mx/ --python=/usr/share/app/leap_mx.tac --logfile=/var/log/leap/mx.log"\'' ], require => File['/etc/check_mk/mrpe.cfg']; } diff --git a/puppet/modules/site_check_mk/manifests/agent/openvpn.pp b/puppet/modules/site_check_mk/manifests/agent/openvpn.pp index 919a408d..0596a497 100644 --- a/puppet/modules/site_check_mk/manifests/agent/openvpn.pp +++ b/puppet/modules/site_check_mk/manifests/agent/openvpn.pp @@ -2,7 +2,7 @@ class site_check_mk::agent::openvpn { # check syslog concat::fragment { 'syslog_openpvn': - source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/openvpn.cfg', + source => 'puppet:///modules/site_check_mk/agent/logwatch/openvpn.cfg', target => '/etc/check_mk/logwatch.d/syslog.cfg', order => '02'; } diff --git a/puppet/modules/site_check_mk/manifests/agent/stunnel.pp b/puppet/modules/site_check_mk/manifests/agent/stunnel.pp index 64022824..7f765771 100644 --- a/puppet/modules/site_check_mk/manifests/agent/stunnel.pp +++ b/puppet/modules/site_check_mk/manifests/agent/stunnel.pp @@ -1,7 +1,7 @@ class site_check_mk::agent::stunnel { concat::fragment { 'syslog_stunnel': - source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/stunnel.cfg', + source => 'puppet:///modules/site_check_mk/agent/logwatch/stunnel.cfg', target => '/etc/check_mk/logwatch.d/syslog.cfg', order => '02'; } diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index d6f9150b..e2a3124e 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -228,6 +228,7 @@ class site_openvpn { order => 10; } + leap::logfile { 'openvpn': } include site_check_mk::agent::openvpn } diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index 2e0cf5b8..176b8618 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -29,6 +29,7 @@ class site_stunnel { $client_sections = keys($clients) site_stunnel::clients { $client_sections: } + leap::logfile { "stunnel": process => "stunnel4" } include site_stunnel::override_service } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ea64048b..f10ef00d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -18,7 +18,6 @@ class site_webapp { include site_config::ruby::dev include site_webapp::apache include site_webapp::couchdb - include site_webapp::logging include site_haproxy include site_webapp::cron include site_config::x509::cert @@ -173,6 +172,8 @@ class site_webapp { ensure => latest, } + leap::logfile { 'webapp': } + include site_shorewall::webapp include site_check_mk::agent::webapp } diff --git a/puppet/modules/site_webapp/manifests/logging.pp b/puppet/modules/site_webapp/manifests/logging.pp deleted file mode 100644 index b414b82c..00000000 --- a/puppet/modules/site_webapp/manifests/logging.pp +++ /dev/null @@ -1,16 +0,0 @@ -class site_webapp::logging { - - rsyslog::snippet { '01-webapp': - content => 'if $programname == "webapp" then /var/log/leap/webapp.log -&~' - } - - augeas { - 'logrotate_webapp': - context => '/files/etc/logrotate.d/webapp/rule', - changes => [ 'set file /var/log/leap/webapp.log', 'set rotate 7', - 'set schedule daily', 'set compress compress', - 'set missingok missingok', 'set ifempty notifempty', - 'set copytruncate copytruncate' ] - } -} diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp index d4ff1acb..ca8488c8 100644 --- a/puppet/modules/tapicero/manifests/init.pp +++ b/puppet/modules/tapicero/manifests/init.pp @@ -133,17 +133,5 @@ class tapicero { Couchdb::Add_user[$::site_couchdb::couchdb_tapicero_user] ]; } - rsyslog::snippet { '99-tapicero': - content => 'if $programname startswith \'tapicero\' then /var/log/leap/tapicero.log -&~' - } - - augeas { - 'logrotate_tapicero': - context => '/files/etc/logrotate.d/tapicero/rule', - changes => [ 'set file /var/log/leap/tapicero*.log', 'set rotate 7', - 'set schedule daily', 'set compress compress', - 'set missingok missingok', 'set ifempty notifempty', - 'set copytruncate copytruncate' ] - } + leap::logfile { 'tapicero': } } -- cgit v1.2.3 From 43fb605eebadb18abc62abb5a2fb5bbce41d0334 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 15 Apr 2015 16:22:16 -0700 Subject: restore tapicero heartbeat. --- puppet/modules/site_check_mk/manifests/agent/tapicero.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp index 9bdebe2a..4a5ec68e 100644 --- a/puppet/modules/site_check_mk/manifests/agent/tapicero.pp +++ b/puppet/modules/site_check_mk/manifests/agent/tapicero.pp @@ -16,5 +16,10 @@ class site_check_mk::agent::tapicero { 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs', 'set Tapicero_Procs "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 -a tapicero"' ], require => File['/etc/check_mk/mrpe.cfg']; + 'Tapicero_Heartbeat': + incl => '/etc/check_mk/mrpe.cfg', + lens => 'Spacevars.lns', + changes => 'set Tapicero_Heartbeat \'/usr/local/lib/nagios/plugins/check_last_regex_in_log -f /var/log/leap/tapicero.log -r "tapicero" -w 300 -c 600\'', + require => File['/etc/check_mk/mrpe.cfg']; } } -- cgit v1.2.3 From 1530a85da3415bc000635d62882d9ba7082a793b Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 16 Apr 2015 20:42:09 -0700 Subject: properly clean up unused files --- puppet/modules/site_config/manifests/default.pp | 1 + .../modules/site_config/manifests/remove_files.pp | 36 ++++++++++++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 4 --- 3 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 puppet/modules/site_config/manifests/remove_files.pp diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index c15080f5..e69e4b7b 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -58,6 +58,7 @@ class site_config::default { # set up core leap files and directories include site_config::files + include site_config::remove_files if ! member($services, 'mx') { include site_postfix::satellite diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp new file mode 100644 index 00000000..cc5fc174 --- /dev/null +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -0,0 +1,36 @@ +# +# Sometimes when we upgrade the platform, we need to ensure that files that +# the platform previously created will get removed. +# +# These file removals don't need to be kept forever: we only need to remove +# files that are present in the prior platform release. +# +# We can assume that the every node is upgraded from the previous platform +# release. +# + +class site_config::remove_files { + + # + # Platform 0.7 removals + # + + tidy { + '/etc/rsyslog.d/99-tapicero.conf':; + '/etc/rsyslog.d/99-leap-mx.conf':; + '/etc/rsyslog.d/01-webapp.conf':; + '/etc/rsyslog.d/50-stunnel.conf':; + '/etc/logrotate.d/leap-mx':; + '/etc/logrotate.d/stunnel':; + '/var/log/stunnel4/stunnel.log':; + 'leap_mx': + path => '/var/log/', + recurse => true, + matches => 'leap_mx*'; + '/srv/leap/webapp/public/provider.json':; + '/srv/leap/couchdb/designs/tmp_users': + recurse => true, + rmdirs => true; + } + +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f10ef00d..ec94c090 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -92,10 +92,6 @@ class site_webapp { require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; - # old provider.json location. this can be removed after everyone upgrades. - '/srv/leap/webapp/public/provider.json': - ensure => absent; - '/srv/leap/webapp/public/ca.crt': ensure => link, require => Vcsrepo['/srv/leap/webapp'], -- cgit v1.2.3 From c7e12fd3cfe482e22e337eaea80ca7994dea7524 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 16 Apr 2015 20:57:11 -0700 Subject: stunnel shouldn't use syslog, and leap_mx can't. --- puppet/modules/leap_mx/manifests/init.pp | 24 ++++++++++++++++++++++-- puppet/modules/site_stunnel/manifests/client.pp | 19 +++++++++++++++++-- puppet/modules/site_stunnel/manifests/init.pp | 15 ++++++++++++++- 3 files changed, 53 insertions(+), 5 deletions(-) diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp index a0590ee1..0d15d053 100644 --- a/puppet/modules/leap_mx/manifests/init.pp +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -12,8 +12,6 @@ class leap_mx { include soledad::common include site_apt::preferences::twisted - leap::logfile { 'mx': process => 'leap-mx'} - # # USER AND GROUP # @@ -43,6 +41,14 @@ class leap_mx { notify => Service['leap-mx']; } + file { '/etc/default/leap_mx': + content => 'LOGFILE=/var/log/leap/mx.log', + owner => 'root', + group => 'root', + mode => '0644', + notify => Service['leap-mx']; + } + # # LEAP-MX CODE AND DEPENDENCIES # @@ -69,4 +75,18 @@ class leap_mx { hasrestart => true, require => [ Package['leap-mx'] ]; } + + augeas { + "logrotate_mx": + context => "/files/etc/logrotate.d/mx/rule", + changes => [ + "set file /var/log/leap/mx.log", + 'set rotate 5', + 'set schedule daily', + 'set compress compress', + 'set missingok missingok', + 'set ifempty notifempty', + 'set copytruncate copytruncate' + ] + } } diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 3b10ecb8..c9e034f1 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -14,7 +14,9 @@ define site_stunnel::client ( $verify = '2', $pid = $name, $rndfile = '/var/lib/stunnel4/.rnd', - $debuglevel = '4' ) { + $debuglevel = 'warning' ) { + + $logfile = "/var/log/stunnel4/${name}.log" include site_config::x509::cert include site_config::x509::key @@ -35,7 +37,20 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, - sslversion => 'TLSv1'; + sslversion => 'TLSv1', + syslog => 'no', + output => $logfile; + } + + # define the log files so that we can purge the + # files from /var/log/stunnel4 that are not defined. + file { + $logfile:; + "${logfile}.1.gz":; + "${logfile}.2.gz":; + "${logfile}.3.gz":; + "${logfile}.4.gz":; + "${logfile}.5.gz":; } site_shorewall::stunnel::client { $name: diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index 176b8618..d919a072 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -29,7 +29,20 @@ class site_stunnel { $client_sections = keys($clients) site_stunnel::clients { $client_sections: } - leap::logfile { "stunnel": process => "stunnel4" } + # remove any old stunnel logs that are not + # defined by this puppet run + file {'/var/log/stunnel4': purge => true;} + + # the default is to keep 356 log files for each stunnel. + # here we set a more reasonable number. + augeas { + "logrotate_stunnel": + context => "/files/etc/logrotate.d/stunnel4/rule", + changes => [ + 'set rotate 5', + ] + } + include site_stunnel::override_service } -- cgit v1.2.3 From e97a00725c80a4067d5bba24d931b1a3bcf2ad96 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 16 Apr 2015 20:57:26 -0700 Subject: keep five log files instead of seven. --- puppet/modules/leap/manifests/logfile.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/leap/manifests/logfile.pp b/puppet/modules/leap/manifests/logfile.pp index 42a82943..4deafacb 100644 --- a/puppet/modules/leap/manifests/logfile.pp +++ b/puppet/modules/leap/manifests/logfile.pp @@ -15,7 +15,7 @@ define leap::logfile($process=$title) { context => "/files/etc/logrotate.d/${name}/rule", changes => [ "set file ${logfile}", - 'set rotate 7', + 'set rotate 5', 'set schedule daily', 'set compress compress', 'set missingok missingok', -- cgit v1.2.3 From 64cc83793aa35b84b60dd40305c7edf8369a187b Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 17 Apr 2015 10:19:37 -0700 Subject: rename leap-mx logrotate file; minor style change. --- puppet/modules/leap/manifests/logfile.pp | 4 ++-- puppet/modules/leap_mx/manifests/init.pp | 2 +- puppet/modules/site_config/manifests/remove_files.pp | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/puppet/modules/leap/manifests/logfile.pp b/puppet/modules/leap/manifests/logfile.pp index 4deafacb..c5c185f6 100644 --- a/puppet/modules/leap/manifests/logfile.pp +++ b/puppet/modules/leap/manifests/logfile.pp @@ -2,8 +2,8 @@ # make syslog log to a particular file for a particular process. # -define leap::logfile($process=$title) { - $logfile = "/var/log/leap/${title}.log" +define leap::logfile($process=$name) { + $logfile = "/var/log/leap/${name}.log" rsyslog::snippet { "50-${name}": content => "if \$programname startswith '${process}' then ${logfile} diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp index 0d15d053..6bcdd19a 100644 --- a/puppet/modules/leap_mx/manifests/init.pp +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -78,7 +78,7 @@ class leap_mx { augeas { "logrotate_mx": - context => "/files/etc/logrotate.d/mx/rule", + context => "/files/etc/logrotate.d/leap-mx/rule", changes => [ "set file /var/log/leap/mx.log", 'set rotate 5', diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp index cc5fc174..44e3e47b 100644 --- a/puppet/modules/site_config/manifests/remove_files.pp +++ b/puppet/modules/site_config/manifests/remove_files.pp @@ -20,7 +20,7 @@ class site_config::remove_files { '/etc/rsyslog.d/99-leap-mx.conf':; '/etc/rsyslog.d/01-webapp.conf':; '/etc/rsyslog.d/50-stunnel.conf':; - '/etc/logrotate.d/leap-mx':; + '/etc/logrotate.d/mx':; '/etc/logrotate.d/stunnel':; '/var/log/stunnel4/stunnel.log':; 'leap_mx': -- cgit v1.2.3