From bb07407485ed1626221a1190cc2fb2789f95ed22 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 15 Apr 2015 16:12:11 -0700 Subject: clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to their own files, fix mx logwatch path. --- puppet/modules/site_stunnel/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_stunnel') diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index 2e0cf5b8..176b8618 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -29,6 +29,7 @@ class site_stunnel { $client_sections = keys($clients) site_stunnel::clients { $client_sections: } + leap::logfile { "stunnel": process => "stunnel4" } include site_stunnel::override_service } -- cgit v1.2.3 From c7e12fd3cfe482e22e337eaea80ca7994dea7524 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 16 Apr 2015 20:57:11 -0700 Subject: stunnel shouldn't use syslog, and leap_mx can't. --- puppet/modules/site_stunnel/manifests/client.pp | 19 +++++++++++++++++-- puppet/modules/site_stunnel/manifests/init.pp | 15 ++++++++++++++- 2 files changed, 31 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_stunnel') diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 3b10ecb8..c9e034f1 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -14,7 +14,9 @@ define site_stunnel::client ( $verify = '2', $pid = $name, $rndfile = '/var/lib/stunnel4/.rnd', - $debuglevel = '4' ) { + $debuglevel = 'warning' ) { + + $logfile = "/var/log/stunnel4/${name}.log" include site_config::x509::cert include site_config::x509::key @@ -35,7 +37,20 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, - sslversion => 'TLSv1'; + sslversion => 'TLSv1', + syslog => 'no', + output => $logfile; + } + + # define the log files so that we can purge the + # files from /var/log/stunnel4 that are not defined. + file { + $logfile:; + "${logfile}.1.gz":; + "${logfile}.2.gz":; + "${logfile}.3.gz":; + "${logfile}.4.gz":; + "${logfile}.5.gz":; } site_shorewall::stunnel::client { $name: diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index 176b8618..d919a072 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -29,7 +29,20 @@ class site_stunnel { $client_sections = keys($clients) site_stunnel::clients { $client_sections: } - leap::logfile { "stunnel": process => "stunnel4" } + # remove any old stunnel logs that are not + # defined by this puppet run + file {'/var/log/stunnel4': purge => true;} + + # the default is to keep 356 log files for each stunnel. + # here we set a more reasonable number. + augeas { + "logrotate_stunnel": + context => "/files/etc/logrotate.d/stunnel4/rule", + changes => [ + 'set rotate 5', + ] + } + include site_stunnel::override_service } -- cgit v1.2.3