From: David Galloway <dgallowa@redhat.com>
Date: Fri, 9 Mar 2018 16:46:31 +0000 (-0500)
Subject: gateway: Properly configure rotating logs
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=03b926d6192cc8405dd71270a8be472cffc44a57;p=ceph-cm-ansible.git

gateway: Properly configure rotating logs

Signed-off-by: David Galloway <dgallowa@redhat.com>
---

diff --git a/roles/gateway/files/openvpn.logrotate b/roles/gateway/files/openvpn.logrotate
index e629e093..817253d6 100644
--- a/roles/gateway/files/openvpn.logrotate
+++ b/roles/gateway/files/openvpn.logrotate
@@ -1,9 +1,10 @@
-/var/log/openvpn.log {
+/var/log/openvpn/*.log {
 	daily
 	size 100M
-	rotate 14
+	rotate 90
 	compress
 	missingok
 	copytruncate
+	notifempty
 	create 644 nobody nobody
 }
diff --git a/roles/gateway/files/openvpn.rsyslog b/roles/gateway/files/openvpn.rsyslog
new file mode 100644
index 00000000..97983006
--- /dev/null
+++ b/roles/gateway/files/openvpn.rsyslog
@@ -0,0 +1,5 @@
+# Log syslog messages matching 'ovpn-' or 'openvpn' to /var/log/openvpn/openvpn.log
+if $programname startswith 'ovpn-' or $programname startswith 'openvpn' then /var/log/openvpn/openvpn.log
+
+# Stop processing matched logs (don't log them anywhere else)
+if $programname startswith 'ovpn-' or $programname startswith 'openvpn' then stop
diff --git a/roles/gateway/tasks/logging.yml b/roles/gateway/tasks/logging.yml
new file mode 100644
index 00000000..8c7126b6
--- /dev/null
+++ b/roles/gateway/tasks/logging.yml
@@ -0,0 +1,20 @@
+---
+- name: Create log directory
+  file:
+    path: /var/log/openvpn
+    state: directory
+
+- name: Set log dir SELinux context
+  command: restorecon -R /var/log/openvpn
+
+- name: Write logrotate conf file
+  copy:
+    src: files/openvpn.logrotate
+    dest: /etc/logrotate.d/openvpn
+  notify: restart rsyslog
+
+- name: Write rsyslog conf file
+  copy:
+    src: files/openvpn.rsyslog
+    dest: /etc/rsyslog.d/20-openvpn.conf
+  notify: restart rsyslog
diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml
index e45b410b..d993f94e 100644
--- a/roles/gateway/tasks/main.yml
+++ b/roles/gateway/tasks/main.yml
@@ -45,13 +45,13 @@
   no_log: true
   notify: restart openvpn
 
+# Configure logging
+- import_tasks: logging.yml
+  tags:
+    - logging
+
 - name: Make sure OpenVPN service is running and enabled
   service:
     name: "openvpn@{{ openvpn_server_name }}"
     state: started
     enabled: yes
-
-- name: Write logrotate conf file
-  copy:
-    src: files/openvpn.logrotate
-    dest: /etc/logrotate.d/openvpn