From 36c9912430e4652fd08258881dc154fe7ddb966a Mon Sep 17 00:00:00 2001 From: Justin Wind Date: Thu, 14 Sep 2017 13:46:29 -0700 Subject: [PATCH] rotate vpn logs --- .../msca-openvpn/files/openvpn-user.logrotate | 12 +++++++++ .../msca-openvpn/files/openvpn-vpc.logrotate | 10 ++++++++ roles/msca-openvpn/tasks/main.yml | 25 ++++++++++++++++--- .../templates/user-server.conf.j2 | 1 + 4 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 roles/msca-openvpn/files/openvpn-user.logrotate create mode 100644 roles/msca-openvpn/files/openvpn-vpc.logrotate diff --git a/roles/msca-openvpn/files/openvpn-user.logrotate b/roles/msca-openvpn/files/openvpn-user.logrotate new file mode 100644 index 0000000..37e368a --- /dev/null +++ b/roles/msca-openvpn/files/openvpn-user.logrotate @@ -0,0 +1,12 @@ +/var/log/openvpn/openvpn.log +/var/log/openvpn/connect.log +/var/log/openvpn/disconnect.log { + weekly + size 100M + rotate 4 + compress + delaycompress + missingok + notifempty + copytruncate +} diff --git a/roles/msca-openvpn/files/openvpn-vpc.logrotate b/roles/msca-openvpn/files/openvpn-vpc.logrotate new file mode 100644 index 0000000..77625f1 --- /dev/null +++ b/roles/msca-openvpn/files/openvpn-vpc.logrotate @@ -0,0 +1,10 @@ +/var/log/openvpn/openvpn-vpc.log { + weekly + size 100M + rotate 4 + compress + delaycompress + missingok + notifempty + copytruncate +} diff --git a/roles/msca-openvpn/tasks/main.yml b/roles/msca-openvpn/tasks/main.yml index 92dec57..13ae87a 100644 --- a/roles/msca-openvpn/tasks/main.yml +++ b/roles/msca-openvpn/tasks/main.yml @@ -66,13 +66,32 @@ - openvpn.log - connect.log - disconnect.log - file: - state: touch - path: /var/log/openvpn/{{ item }} + copy: + content: "" + force: no + dest: /var/log/openvpn/{{ item }} owner: openvpn group: openvpn mode: "0644" +- name: rotate user logs + when: vpn_mode == 'user-server' + copy: + src: openvpn-user.logrotate + dest: /etc/logrotate.d/openvpn-user + owner: root + group: root + mode: "0644" + +- name: rotate vpc logs + when: vpn_mode == 'vpc-server' + copy: + src: openvpn-vpc.logrotate + dest: /etc/logrotate.d/openvpn-vpc + owner: root + group: root + mode: "0644" + - name: install scripts when: vpn_mode == 'user-server' with_items: diff --git a/roles/msca-openvpn/templates/user-server.conf.j2 b/roles/msca-openvpn/templates/user-server.conf.j2 index 4a59f57..02742d2 100644 --- a/roles/msca-openvpn/templates/user-server.conf.j2 +++ b/roles/msca-openvpn/templates/user-server.conf.j2 @@ -25,6 +25,7 @@ log /var/log/openvpn/openvpn.log status-version 3 status /var/log/openvpn/status.log client-connect /etc/openvpn/scripts/event-log.sh +client-disconnect /etc/openvpn/scripts/event-log.sh tmp-dir /dev/shm {% if phase|default() == 'prod' %} -- 2.45.2