From: Justin Wind <j.wind@partner.samsung.com>
Date: Thu, 14 Sep 2017 20:46:29 +0000 (-0700)
Subject: rotate vpn logs
X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=36c9912430e4652fd08258881dc154fe7ddb966a;p=awsible

rotate vpn logs
---

diff --git a/roles/msca-openvpn/files/openvpn-user.logrotate b/roles/msca-openvpn/files/openvpn-user.logrotate
new file mode 100644
index 0000000..37e368a
--- /dev/null
+++ b/roles/msca-openvpn/files/openvpn-user.logrotate
@@ -0,0 +1,12 @@
+/var/log/openvpn/openvpn.log
+/var/log/openvpn/connect.log
+/var/log/openvpn/disconnect.log {
+	weekly
+	size 100M
+	rotate 4
+	compress
+	delaycompress
+	missingok
+	notifempty
+	copytruncate
+}
diff --git a/roles/msca-openvpn/files/openvpn-vpc.logrotate b/roles/msca-openvpn/files/openvpn-vpc.logrotate
new file mode 100644
index 0000000..77625f1
--- /dev/null
+++ b/roles/msca-openvpn/files/openvpn-vpc.logrotate
@@ -0,0 +1,10 @@
+/var/log/openvpn/openvpn-vpc.log {
+	weekly
+	size 100M
+	rotate 4
+	compress
+	delaycompress
+	missingok
+	notifempty
+	copytruncate
+}
diff --git a/roles/msca-openvpn/tasks/main.yml b/roles/msca-openvpn/tasks/main.yml
index 92dec57..13ae87a 100644
--- a/roles/msca-openvpn/tasks/main.yml
+++ b/roles/msca-openvpn/tasks/main.yml
@@ -66,13 +66,32 @@
   - openvpn.log
   - connect.log
   - disconnect.log
-  file:
-    state: touch
-    path: /var/log/openvpn/{{ item }}
+  copy:
+    content: ""
+    force: no
+    dest: /var/log/openvpn/{{ item }}
     owner: openvpn
     group: openvpn
     mode: "0644"
 
+- name: rotate user logs
+  when: vpn_mode == 'user-server'
+  copy:
+    src: openvpn-user.logrotate
+    dest: /etc/logrotate.d/openvpn-user
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: rotate vpc logs
+  when: vpn_mode == 'vpc-server'
+  copy:
+    src: openvpn-vpc.logrotate
+    dest: /etc/logrotate.d/openvpn-vpc
+    owner: root
+    group: root
+    mode: "0644"
+
 - name: install scripts
   when: vpn_mode == 'user-server'
   with_items:
diff --git a/roles/msca-openvpn/templates/user-server.conf.j2 b/roles/msca-openvpn/templates/user-server.conf.j2
index 4a59f57..02742d2 100644
--- a/roles/msca-openvpn/templates/user-server.conf.j2
+++ b/roles/msca-openvpn/templates/user-server.conf.j2
@@ -25,6 +25,7 @@ log /var/log/openvpn/openvpn.log
 status-version 3
 status /var/log/openvpn/status.log
 client-connect /etc/openvpn/scripts/event-log.sh
+client-disconnect /etc/openvpn/scripts/event-log.sh
 
 tmp-dir /dev/shm
 {% if phase|default() == 'prod' %}