make service restart more failsafe

author mh <mh@immerda.ch>

Fri, 20 Nov 2015 21:43:06 +0000 (22:43 +0100)

committer mh <mh@immerda.ch>

Sat, 5 Dec 2015 10:36:31 +0000 (11:36 +0100)
author mh <mh@immerda.ch>
Fri, 20 Nov 2015 21:43:06 +0000 (22:43 +0100)
committer mh <mh@immerda.ch>
Sat, 5 Dec 2015 10:36:31 +0000 (11:36 +0100)
diff --git a/manifests/base.pp b/manifests/base.pp

index b5899fce3e952163a5c947ae70da6a7015b97881..db6852ac062c951e3910607092cabbd3a544c5bc 100644 (file)
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -8,14 +8,14 @@ class shorewall::base {
    # This file has to be managed in place, so shorewall can find it
    file {
      '/etc/shorewall/shorewall.conf':
-      require => Package[shorewall],
-      notify  => Service[shorewall],
+      require => Package['shorewall'],
+      notify  => Exec['shorewall_check'],
        owner   => 'root',
        group   => 'root',
        mode    => '0644';
      '/etc/shorewall/puppet':
        ensure  => directory,
-      require => Package[shorewall],
+      require => Package['shorewall'],
        owner   => 'root',
        group   => 'root',
        mode    => '0644';
@@ -33,11 +33,16 @@ class shorewall::base {
        changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
        lens    => 'Shellvars.lns',
        incl    => '/etc/shorewall/shorewall.conf',
-      notify  => Service['shorewall'],
+      notify  => Exec['shorewall_check'],
        require => Package['shorewall'];
      }
    }
  
+  exec{'shorewall_check':
+    command     => 'shorewall check',
+    refreshonly => true,
+    notify      => Service['shorewall'],
+  }
    service{'shorewall':
      ensure      => running,
      enable      => true,
diff --git a/manifests/centos.pp b/manifests/centos.pp

index 95b7759306c840fe87c5e3bf9b0b930259a9e8bd..1f8b37dd951b00efa0019c652e8a47521643e1fd 100644 (file)
--- a/manifests/centos.pp
+++ b/manifests/centos.pp
@@ -7,7 +7,7 @@ class shorewall::centos inherits shorewall::base {
        lens    => 'Shellvars.lns',
        incl    => '/etc/sysconfig/shorewall',
        require => Package['shorewall'],
-      notify  => Service['shorewall'],
+      notify  => Exec['shorewall_check'],
      }
    }
  }
diff --git a/manifests/debian.pp b/manifests/debian.pp

index 01d108f51c0fea806c567124e7c4b72f7f4fbbb3..326b42be40366d19fdeafa357b59ba3a4742cd05 100644 (file)
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -2,8 +2,8 @@ class shorewall::debian inherits shorewall::base {
    file{'/etc/default/shorewall':
      content => template("shorewall/debian_default.erb"),
      require => Package['shorewall'],
-    notify => Service['shorewall'],
-    owner => 'root', group => 'root', mode => '0644';
+    notify  => Exec['shorewall_check'],
+    owner   => 'root', group => 'root', mode => '0644';
    }
    Service['shorewall']{
      status => '/sbin/shorewall status'
diff --git a/manifests/extension_script.pp b/manifests/extension_script.pp

index 569fcbf8b24ca4c37fa1845e0c49e13376661115..4abc6b18ed36a5f4632acf7a5b75fe08bb683b3b 100644 (file)
--- a/manifests/extension_script.pp
+++ b/manifests/extension_script.pp
@@ -4,7 +4,7 @@ define shorewall::extension_script($script = '') {
          'init', 'initdone', 'start', 'started', 'stop', 'stopped', 'clear', 'refresh', 'continue', 'maclog': {
            file { "/etc/shorewall/puppet/${name}":
              content => "${script}\n",
-            notify => Service[shorewall];
+            notify  => Exec['shorewall_check'];
            }
          }
          '', default: {
diff --git a/manifests/managed_file.pp b/manifests/managed_file.pp

index 7061721a747065d27ed0662447b352d30f70de7c..b3538145e02b344c6b89a85f65318aa07e5df840 100644 (file)
--- a/manifests/managed_file.pp
+++ b/manifests/managed_file.pp
@@ -1,17 +1,20 @@
-define shorewall::managed_file () {
+# manage a certain file
+define shorewall::managed_file() {
    concat{ "/etc/shorewall/puppet/${name}":
-    notify => Service['shorewall'],
+    notify  => Exec['shorewall_check'],
      require => File['/etc/shorewall/puppet'],
-    owner => 'root', group => 'root', mode => '0600';
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0600';
    }
    concat::fragment {
      "${name}-header":
        source => "puppet:///modules/shorewall/boilerplate/${name}.header",
        target => "/etc/shorewall/puppet/${name}",
-      order => '000';
+      order  => '000';
      "${name}-footer":
        source => "puppet:///modules/shorewall/boilerplate/${name}.footer",
        target => "/etc/shorewall/puppet/${name}",
-      order => '999';
+      order  => '999';
    }
  }
author	mh <mh@immerda.ch>
	Fri, 20 Nov 2015 21:43:06 +0000 (22:43 +0100)
committer	mh <mh@immerda.ch>
	Sat, 5 Dec 2015 10:36:31 +0000 (11:36 +0100)
manifests/base.pp		patch \| blob \| history
manifests/centos.pp		patch \| blob \| history
manifests/debian.pp		patch \| blob \| history
manifests/extension_script.pp		patch \| blob \| history
manifests/managed_file.pp		patch \| blob \| history