Comments (4)
Aaron,
I did a bit more experimenting by modifying the raw mysql_stunnel.conf file directly rather than through Puppet.
The reason why the log file is empty is because the generated .conf file contained the line:
debug = 0
which effectively told stunnel never to write anything in the log file.
A better debug setting is
debug = 5
which seems to log stunnel going up and down and errors and such without too
much noise.
See https://www.stunnel.org/static/stunnel.html for documentation of the debug parameter.
I also find out that if you do not specify a path for the logfile:
output = mysql_stunnel.log
then the logfile appears in
/etc/stunnel/conf.d/mysql_stunnel.log (i.e. the same directory as the configuration file).
Recommendation: arusso/puppet-stunnel should set the debug parameter to 5 (or 6).
For bonus points, add it as a parameter too. For extra bonus points, add the output
parameter as a parameter too.
Ross
from puppet-stunnel.
I just tried putting a debug line in the Puppet config file
stunnel::tun { 'mysql_stunnel':
...
debug => '5',
...}
and it worked fine, turning up in the .conf file as:
debug = 5
I just tried to specify:
output => '/var/log/stunnel/mysql_stunnel.log', # The stunnel log file.
and Puppet gave an error. So it seems that debug is implemented as a parameter, but output isn't.
Recommendation 1: Set the debug parameter to default to 5.
Recommendation 2: Document the debug parameter and say where the logfile is going to appear.
Ross
from puppet-stunnel.
Re 1: Looks like the stunnel default is 5, so that makes sense.
Re 2: Sounds reasonable. I'll also add the output parameter as well
from puppet-stunnel.
I have tested the debug argument and it works.
I have tested the output parameter and it works.
Thanks very much for these improvements,
Ross Williams
from puppet-stunnel.
Related Issues (19)
- puppet-ssl HOT 1
- Suggestion to amend documentation of arusso/puppet-stunnel HOT 1
- Suggestion: Provide an example where the tunnel crosses nodes HOT 11
- Here's some documentation HOT 6
- I would like to be able to set TIMEOUTidle HOT 4
- /var/lock/subsys does not exist HOT 2
- $client is not a boolean when using create_resources function HOT 1
- Add support for CAfile option HOT 2
- Globals options can be set more than once but not supported by the config HOT 1
- Doesn't work in Jessie HOT 2
- setuid and setgid should be overridable. HOT 1
- Ruby is a dependency
- File resource mode => '0555' in config.pp may cause SELinux denials
- cert and CAfile are not global options
- Add key option
- Service should restart when cert, CAfile, or key change
- pid directory on Debian is wrong
- log directory ownership on Debian
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-stunnel.