reload ferm on changes instead of restart

author Peter Palfrader <peter@palfrader.org>

Mon, 17 Dec 2018 09:19:44 +0000 (10:19 +0100)

committer Peter Palfrader <peter@palfrader.org>

Mon, 17 Dec 2018 09:19:44 +0000 (10:19 +0100)
author Peter Palfrader <peter@palfrader.org>
Mon, 17 Dec 2018 09:19:44 +0000 (10:19 +0100)
committer Peter Palfrader <peter@palfrader.org>
Mon, 17 Dec 2018 09:19:44 +0000 (10:19 +0100)
diff --git a/modules/ferm/manifests/conf.pp b/modules/ferm/manifests/conf.pp

index d769194..7457094 100644 (file)
--- a/modules/ferm/manifests/conf.pp
+++ b/modules/ferm/manifests/conf.pp
@@ -28,14 +28,14 @@ define ferm::conf (
                                 ensure  => $ensure,
                                 mode    => '0400',
                                 content => $content,
-                               notify  => Service['ferm'],
+                               notify  => Exec['ferm reload'],
                 }
         } else {
                 file { $fname:
                                 ensure  => $ensure,
                                 mode    => '0400',
                                 source  => $source,
-                               notify  => Service['ferm'],
+                               notify  => Exec['ferm reload'],
                 }
         }
  }
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp

index f33c8ba..196a39e 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -28,6 +28,12 @@ class ferm {
                 hasstatus   => false,
                 status      => '/bin/true',
         }
+       exec {
+               "ferm reload":
+                       command     => "service ferm reload",
+                       refreshonly => true,
+       }
+
  
         $munin_ips = getfromhash($site::nodeinfo, 'misc', 'v4addrs')
                 .map |$addr| { "ip_${addr}" }
@@ -40,7 +46,7 @@ class ferm {
  
         file { '/etc/ferm':
                 ensure  => directory,
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
                 require => Package['ferm'],
                 mode    => '0755'
         }
@@ -63,29 +69,29 @@ class ferm {
         file { '/etc/default/ferm':
                 source  => 'puppet:///modules/ferm/ferm.default',
                 require => Package['ferm'],
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
                 mode    => '0444',
         }
         file { '/etc/ferm/ferm.conf':
                 content => template('ferm/ferm.conf.erb'),
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
         }
         file { '/etc/ferm/conf.d/00-init.conf':
                 content => template('ferm/00-init.conf.erb'),
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
         }
         file { '/etc/ferm/conf.d/me.conf':
                 content => template('ferm/me.conf.erb'),
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
         }
         file { '/etc/ferm/conf.d/defs.conf':
                 content => template('ferm/defs.conf.erb'),
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
         }
  
         file { '/etc/ferm/conf.d/50-munin-interfaces.conf':
                 content => template('ferm/conf.d-munin-interfaces.conf.erb'),
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
         }
         @ferm::rule { 'dsa-munin-interfaces-in':
                 prio        => '001',
@@ -104,7 +110,7 @@ class ferm {
  
         file { '/etc/ferm/dsa.d/010-base.conf':
                 content => template('ferm/dsa.d-010-base.conf.erb'),
-               notify  => Service['ferm'],
+               notify  => Exec['ferm reload'],
         }
  
         augeas { 'logrotate_ulogd2':
diff --git a/modules/ferm/manifests/module.pp b/modules/ferm/manifests/module.pp

index 076d3e5..ead8136 100644 (file)
--- a/modules/ferm/manifests/module.pp
+++ b/modules/ferm/manifests/module.pp
@@ -20,7 +20,7 @@ define ferm::module (
                         ensure  => $ensure,
                         content => template('ferm/load_module.erb'),
                         require => Package['ferm'],
-                       notify  => Service['ferm']
+                       notify  => Exec['ferm reload']
                 }
         }
  }
diff --git a/modules/ferm/manifests/rule.pp b/modules/ferm/manifests/rule.pp

index f5924f7..945f3dc 100644 (file)
--- a/modules/ferm/manifests/rule.pp
+++ b/modules/ferm/manifests/rule.pp
@@ -15,6 +15,6 @@ define ferm::rule (
                         ensure  => present,
                         mode    => '0400',
                         content => template('ferm/ferm_rule.erb'),
-                       notify  => Service['ferm'],
+                       notify  => Exec['ferm reload'],
         }
  }
diff --git a/modules/ipsec/manifests/init.pp b/modules/ipsec/manifests/init.pp

index 2cd0f9a..6952c06 100644 (file)
--- a/modules/ipsec/manifests/init.pp
+++ b/modules/ipsec/manifests/init.pp
@@ -59,6 +59,6 @@ class ipsec {
                 "/etc/ferm/dsa.d/10-ipsec":
                         mode    => '0400',
                         content => template("ipsec/ferm.erb"),
-                       notify  => Service['ferm'],
+                       notify  => Exec['ferm reload'],
         }
  }
author	Peter Palfrader <peter@palfrader.org>
	Mon, 17 Dec 2018 09:19:44 +0000 (10:19 +0100)
committer	Peter Palfrader <peter@palfrader.org>
	Mon, 17 Dec 2018 09:19:44 +0000 (10:19 +0100)
modules/ferm/manifests/conf.pp		patch \| blob \| history
modules/ferm/manifests/init.pp		patch \| blob \| history
modules/ferm/manifests/module.pp		patch \| blob \| history
modules/ferm/manifests/rule.pp		patch \| blob \| history
modules/ipsec/manifests/init.pp		patch \| blob \| history