X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Finit.pp;h=196a39e9187133dd4c8e3aa19930ccb0b5faa220;hb=1cd5a0fc5ae58049e86911dedbb1f85a6b8e0da0;hp=340292b80ecec2aa2250051286c10f6a8aebca3a;hpb=6b6ccf4c56793981a29a8b1865716b27c09ff9b4;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 340292b80..196a39e91 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -28,6 +28,12 @@ class ferm {
 		hasstatus   => false,
 		status      => '/bin/true',
 	}
+	exec {
+		"ferm reload":
+			command     => "service ferm reload",
+			refreshonly => true,
+	}
+
 
 	$munin_ips = getfromhash($site::nodeinfo, 'misc', 'v4addrs')
 		.map |$addr| { "ip_${addr}" }
@@ -40,7 +46,7 @@ class ferm {
 
 	file { '/etc/ferm':
 		ensure  => directory,
-		notify  => Service['ferm'],
+		notify  => Exec['ferm reload'],
 		require => Package['ferm'],
 		mode    => '0755'
 	}
@@ -63,43 +69,48 @@ class ferm {
 	file { '/etc/default/ferm':
 		source  => 'puppet:///modules/ferm/ferm.default',
 		require => Package['ferm'],
-		notify  => Service['ferm'],
+		notify  => Exec['ferm reload'],
 		mode    => '0444',
 	}
 	file { '/etc/ferm/ferm.conf':
 		content => template('ferm/ferm.conf.erb'),
-		notify  => Service['ferm'],
+		notify  => Exec['ferm reload'],
 	}
 	file { '/etc/ferm/conf.d/00-init.conf':
 		content => template('ferm/00-init.conf.erb'),
-		notify  => Service['ferm'],
+		notify  => Exec['ferm reload'],
 	}
 	file { '/etc/ferm/conf.d/me.conf':
 		content => template('ferm/me.conf.erb'),
-		notify  => Service['ferm'],
+		notify  => Exec['ferm reload'],
 	}
 	file { '/etc/ferm/conf.d/defs.conf':
 		content => template('ferm/defs.conf.erb'),
-		notify  => Service['ferm'],
+		notify  => Exec['ferm reload'],
 	}
 
 	file { '/etc/ferm/conf.d/50-munin-interfaces.conf':
 		content => template('ferm/conf.d-munin-interfaces.conf.erb'),
-		notify  => Service['ferm'],
+		notify  => Exec['ferm reload'],
 	}
 	@ferm::rule { 'dsa-munin-interfaces-in':
 		prio        => '001',
 		description => 'munin accounting',
 		chain       => 'INPUT',
 		domain      => '(ip ip6)',
-		rule        => 'daddr ($MUNIN_IPS) NOP;'
+		rule        => 'daddr ($MUNIN_IPS) NOP'
 	}
 	@ferm::rule { 'dsa-munin-interfaces-out':
 		prio        => '001',
 		description => 'munin accounting',
 		chain       => 'OUTPUT',
 		domain      => '(ip ip6)',
-		rule        => 'saddr ($MUNIN_IPS) NOP;'
+		rule        => 'saddr ($MUNIN_IPS) NOP'
+	}
+
+	file { '/etc/ferm/dsa.d/010-base.conf':
+		content => template('ferm/dsa.d-010-base.conf.erb'),
+		notify  => Exec['ferm reload'],
 	}
 
 	augeas { 'logrotate_ulogd2':