summaryrefslogtreecommitdiff
path: root/puppet/modules/clamav
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2016-11-04 10:54:28 -0400
committerMicah Anderson <micah@riseup.net>2016-11-04 10:54:28 -0400
commit34a381efa8f6295080c843f86bfa07d4e41056af (patch)
tree9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/clamav
parent0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff)
parent5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff)
Merge branch 'develop'
Diffstat (limited to 'puppet/modules/clamav')
-rw-r--r--puppet/modules/clamav/files/clamav-daemon.path12
-rw-r--r--puppet/modules/clamav/manifests/daemon.pp21
-rw-r--r--puppet/modules/clamav/manifests/daemon/activation.pp24
3 files changed, 49 insertions, 8 deletions
diff --git a/puppet/modules/clamav/files/clamav-daemon.path b/puppet/modules/clamav/files/clamav-daemon.path
new file mode 100644
index 00000000..6e57d187
--- /dev/null
+++ b/puppet/modules/clamav/files/clamav-daemon.path
@@ -0,0 +1,12 @@
+[Unit]
+Description=Path Activation for Clam AntiVirus userspace daemon
+Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/
+
+[Path]
+# Check and wait for database existence before starting up
+PathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
+PathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
+
+[Install]
+WantedBy=sockets.target
+
diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp
index 2e13a8fb..322cb892 100644
--- a/puppet/modules/clamav/manifests/daemon.pp
+++ b/puppet/modules/clamav/manifests/daemon.pp
@@ -1,5 +1,6 @@
# deploy clamav daemon
class clamav::daemon {
+ include clamav::daemon::activation
$domain_hash = hiera('domain')
$domain = $domain_hash['full_suffix']
@@ -15,7 +16,6 @@ class clamav::daemon {
pattern => '/usr/sbin/clamd',
enable => true,
hasrestart => true,
- subscribe => File['/etc/default/clamav-daemon'],
require => Package['clamav-daemon'];
}
@@ -25,19 +25,23 @@ class clamav::daemon {
mode => '0750',
owner => clamav,
group => postfix,
- require => [Package['postfix'], Package['clamav-daemon']];
+ require => [Package['postfix'], Package['clamav-daemon']],
+ notify => Service['clamav-daemon'];
'/var/lib/clamav':
mode => '0755',
owner => clamav,
group => clamav,
- require => Package['clamav-daemon'];
+ require => Package['clamav-daemon'],
+ notify => Service['clamav-daemon'];
'/etc/default/clamav-daemon':
- source => 'puppet:///modules/clamav/clamav-daemon_default',
- mode => '0644',
- owner => root,
- group => root;
+ source => 'puppet:///modules/clamav/clamav-daemon_default',
+ mode => '0644',
+ owner => root,
+ group => root,
+ require => Package['clamav-daemon'],
+ notify => Service['clamav-daemon'];
# this file contains additional domains that we want the clamav
# phishing process to look for (our domain)
@@ -46,7 +50,8 @@ class clamav::daemon {
mode => '0644',
owner => clamav,
group => clamav,
- require => Package['clamav-daemon'];
+ require => Package['clamav-daemon'],
+ notify => Service['clamav-daemon'];
}
file_line {
diff --git a/puppet/modules/clamav/manifests/daemon/activation.pp b/puppet/modules/clamav/manifests/daemon/activation.pp
new file mode 100644
index 00000000..09c1e55e
--- /dev/null
+++ b/puppet/modules/clamav/manifests/daemon/activation.pp
@@ -0,0 +1,24 @@
+# ensure clamav starts after the definitions are downloaded
+# needed because sometimes clamd cannot get started by freshclam,
+# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827909
+class clamav::daemon::activation {
+
+ file { '/etc/systemd/system/clamav-daemon.path':
+ source => 'puppet:///modules/clamav/clamav-daemon.path',
+ mode => '0644',
+ owner => root,
+ group => root,
+ notify => [ Exec['systemctl-daemon-reload'], Systemd::Enable['clamav-daemon.path'] ]
+ }
+
+ systemd::enable { 'clamav-daemon.path':
+ require => Exec['systemctl-daemon-reload'],
+ notify => Exec['start_clamd_path_monitor']
+ }
+
+ exec { 'start_clamd_path_monitor':
+ command => '/bin/systemctl start clamav-daemon.path',
+ refreshonly => true,
+ before => Service['freshclam']
+ }
+}