diff options
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | puppet/modules/clamav/files/clamav-daemon.path | 12 | ||||
| -rw-r--r-- | puppet/modules/clamav/manifests/daemon.pp | 1 | ||||
| -rw-r--r-- | puppet/modules/clamav/manifests/daemon/activation.pp | 24 | ||||
| -rw-r--r-- | puppet/modules/site_check_mk/files/ignored_services.mk | 4 | ||||
| -rw-r--r-- | puppet/modules/systemd/manifests/enable.pp | 8 |
6 files changed, 51 insertions, 1 deletions
@@ -82,6 +82,9 @@ Contributing In order to validate the syntax and style guide compliance before you commit, see https://github.com/pixelated-project/puppet-git-hooks#installation +Please fork https://0xacab.org/leap/platform to open a merge request, +and pick the `Platform runner (greyhound)` at https://0xacab.org/YOUR_USERNAME/platform/runners +in order to run a CI build for your merge request. Changes ================================ diff --git a/puppet/modules/clamav/files/clamav-daemon.path b/puppet/modules/clamav/files/clamav-daemon.path new file mode 100644 index 00000000..6e57d187 --- /dev/null +++ b/puppet/modules/clamav/files/clamav-daemon.path @@ -0,0 +1,12 @@ +[Unit] +Description=Path Activation for Clam AntiVirus userspace daemon +Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/ + +[Path] +# Check and wait for database existence before starting up +PathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} +PathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} + +[Install] +WantedBy=sockets.target + diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp index c0a4a450..322cb892 100644 --- a/puppet/modules/clamav/manifests/daemon.pp +++ b/puppet/modules/clamav/manifests/daemon.pp @@ -1,5 +1,6 @@ # deploy clamav daemon class clamav::daemon { + include clamav::daemon::activation $domain_hash = hiera('domain') $domain = $domain_hash['full_suffix'] diff --git a/puppet/modules/clamav/manifests/daemon/activation.pp b/puppet/modules/clamav/manifests/daemon/activation.pp new file mode 100644 index 00000000..09c1e55e --- /dev/null +++ b/puppet/modules/clamav/manifests/daemon/activation.pp @@ -0,0 +1,24 @@ +# ensure clamav starts after the definitions are downloaded +# needed because sometimes clamd cannot get started by freshclam, +# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827909 +class clamav::daemon::activation { + + file { '/etc/systemd/system/clamav-daemon.path': + source => 'puppet:///modules/clamav/clamav-daemon.path', + mode => '0644', + owner => root, + group => root, + notify => [ Exec['systemctl-daemon-reload'], Systemd::Enable['clamav-daemon.path'] ] + } + + systemd::enable { 'clamav-daemon.path': + require => Exec['systemctl-daemon-reload'], + notify => Exec['start_clamd_path_monitor'] + } + + exec { 'start_clamd_path_monitor': + command => '/bin/systemctl start clamav-daemon.path', + refreshonly => true, + before => Service['freshclam'] + } +} diff --git a/puppet/modules/site_check_mk/files/ignored_services.mk b/puppet/modules/site_check_mk/files/ignored_services.mk index 35dc4433..8a6705ac 100644 --- a/puppet/modules/site_check_mk/files/ignored_services.mk +++ b/puppet/modules/site_check_mk/files/ignored_services.mk @@ -1,3 +1,5 @@ -ignored_services = [ +# ignore NTP Time because this check was +# very flaky in the past (see https://leap.se/code/issues/6407) +ignored_services += [ ( ALL_HOSTS, [ "NTP Time" ] ) ] diff --git a/puppet/modules/systemd/manifests/enable.pp b/puppet/modules/systemd/manifests/enable.pp new file mode 100644 index 00000000..e1bee18a --- /dev/null +++ b/puppet/modules/systemd/manifests/enable.pp @@ -0,0 +1,8 @@ +# enables a systemd resource +define systemd::enable () { + + exec { "enable_systemd_${name}": + refreshonly => true, + command => "/bin/systemctl enable ${name}" + } +} |