rotate vpn logs

author Justin Wind <j.wind@partner.samsung.com>

Thu, 14 Sep 2017 20:46:29 +0000 (13:46 -0700)

committer Justin Wind <j.wind@partner.samsung.com>

Thu, 14 Sep 2017 20:46:29 +0000 (13:46 -0700)
author Justin Wind <j.wind@partner.samsung.com>
Thu, 14 Sep 2017 20:46:29 +0000 (13:46 -0700)
committer Justin Wind <j.wind@partner.samsung.com>
Thu, 14 Sep 2017 20:46:29 +0000 (13:46 -0700)
diff --git a/roles/msca-openvpn/files/openvpn-user.logrotate b/roles/msca-openvpn/files/openvpn-user.logrotate

new file mode 100644 (file)

index 0000000..37e368a
--- /dev/null
+++ b/roles/msca-openvpn/files/openvpn-user.logrotate
@@ -0,0 +1,12 @@
+/var/log/openvpn/openvpn.log
+/var/log/openvpn/connect.log
+/var/log/openvpn/disconnect.log {
+       weekly
+       size 100M
+       rotate 4
+       compress
+       delaycompress
+       missingok
+       notifempty
+       copytruncate
+}
diff --git a/roles/msca-openvpn/files/openvpn-vpc.logrotate b/roles/msca-openvpn/files/openvpn-vpc.logrotate

new file mode 100644 (file)

index 0000000..77625f1
--- /dev/null
+++ b/roles/msca-openvpn/files/openvpn-vpc.logrotate
@@ -0,0 +1,10 @@
+/var/log/openvpn/openvpn-vpc.log {
+       weekly
+       size 100M
+       rotate 4
+       compress
+       delaycompress
+       missingok
+       notifempty
+       copytruncate
+}
diff --git a/roles/msca-openvpn/tasks/main.yml b/roles/msca-openvpn/tasks/main.yml

index 92dec57df48d9dd6a9bdb258d0272636f90fce49..13ae87af6393b2520d83db212ef5ad3d0ec8a068 100644 (file)
--- a/roles/msca-openvpn/tasks/main.yml
+++ b/roles/msca-openvpn/tasks/main.yml
@@ -66,13 +66,32 @@
    - openvpn.log
    - connect.log
    - disconnect.log
-  file:
-    state: touch
-    path: /var/log/openvpn/{{ item }}
+  copy:
+    content: ""
+    force: no
+    dest: /var/log/openvpn/{{ item }}
      owner: openvpn
      group: openvpn
      mode: "0644"
  
+- name: rotate user logs
+  when: vpn_mode == 'user-server'
+  copy:
+    src: openvpn-user.logrotate
+    dest: /etc/logrotate.d/openvpn-user
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: rotate vpc logs
+  when: vpn_mode == 'vpc-server'
+  copy:
+    src: openvpn-vpc.logrotate
+    dest: /etc/logrotate.d/openvpn-vpc
+    owner: root
+    group: root
+    mode: "0644"
+
  - name: install scripts
    when: vpn_mode == 'user-server'
    with_items:
diff --git a/roles/msca-openvpn/templates/user-server.conf.j2 b/roles/msca-openvpn/templates/user-server.conf.j2

index 4a59f572fbdf24bf3e33ba5ee774718ffac6908e..02742d2e47ea1ccd4a2028e3135e561a0558eb9e 100644 (file)
--- a/roles/msca-openvpn/templates/user-server.conf.j2
+++ b/roles/msca-openvpn/templates/user-server.conf.j2
@@ -25,6 +25,7 @@ log /var/log/openvpn/openvpn.log
  status-version 3
  status /var/log/openvpn/status.log
  client-connect /etc/openvpn/scripts/event-log.sh
+client-disconnect /etc/openvpn/scripts/event-log.sh
  
  tmp-dir /dev/shm
  {% if phase|default() == 'prod' %}
author	Justin Wind <j.wind@partner.samsung.com>
	Thu, 14 Sep 2017 20:46:29 +0000 (13:46 -0700)
committer	Justin Wind <j.wind@partner.samsung.com>
	Thu, 14 Sep 2017 20:46:29 +0000 (13:46 -0700)
roles/msca-openvpn/files/openvpn-user.logrotate	[new file with mode: 0644]	patch \| blob
roles/msca-openvpn/files/openvpn-vpc.logrotate	[new file with mode: 0644]	patch \| blob
roles/msca-openvpn/tasks/main.yml		patch \| blob \| history
roles/msca-openvpn/templates/user-server.conf.j2		patch \| blob \| history