summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/clamav/manifests/daemon.pp3
-rw-r--r--puppet/modules/leap_mx/manifests/init.pp3
-rw-r--r--puppet/modules/obfsproxy/manifests/init.pp17
-rw-r--r--puppet/modules/site_config/manifests/caching_resolver.pp3
-rw-r--r--puppet/modules/site_config/manifests/dhclient.pp18
-rw-r--r--puppet/modules/site_couchdb/manifests/logrotate.pp10
-rw-r--r--puppet/modules/site_couchdb/manifests/mirror.pp19
-rw-r--r--puppet/modules/site_couchdb/manifests/upload_design.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtp_tls.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/obfsproxy.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/service/webapp_api.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/sshd.pp3
-rw-r--r--puppet/modules/site_shorewall/manifests/tor.pp3
-rw-r--r--puppet/modules/site_sshd/manifests/authorized_keys.pp32
-rw-r--r--puppet/modules/site_static/manifests/domain.pp7
-rw-r--r--puppet/modules/site_static/manifests/init.pp5
-rw-r--r--puppet/modules/site_static/manifests/location.pp9
-rw-r--r--puppet/modules/site_stunnel/manifests/init.pp4
-rw-r--r--puppet/modules/site_stunnel/manifests/override_service.pp5
-rw-r--r--puppet/modules/site_webapp/manifests/cron.pp5
-rw-r--r--puppet/modules/try/manifests/file.pp26
22 files changed, 106 insertions, 81 deletions
diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp
index bf232e2c..2e13a8fb 100644
--- a/puppet/modules/clamav/manifests/daemon.pp
+++ b/puppet/modules/clamav/manifests/daemon.pp
@@ -1,3 +1,4 @@
+# deploy clamav daemon
class clamav::daemon {
$domain_hash = hiera('domain')
@@ -55,7 +56,7 @@ class clamav::daemon {
require => Package['clamav-daemon'],
notify => Service['clamav-daemon'];
- 'enable_phishscanurls':
+ 'enable_phishscanurls':
path => '/etc/clamav/clamd.conf',
match => 'PhishingScanURLs no',
line => 'PhishingScanURLs yes',
diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp
index 6dfee44d..d758e3ab 100644
--- a/puppet/modules/leap_mx/manifests/init.pp
+++ b/puppet/modules/leap_mx/manifests/init.pp
@@ -1,3 +1,4 @@
+# deploy leap mx service
class leap_mx {
$leap_mx = hiera('couchdb_leap_mx_user')
@@ -85,7 +86,7 @@ class leap_mx {
}
leap::logfile { 'leap-mx':
- log => '/var/log/leap/mx.log',
+ log => '/var/log/leap/mx.log',
process => 'leap-mx'
}
diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp
index 5c78560a..6a3d2c72 100644
--- a/puppet/modules/obfsproxy/manifests/init.pp
+++ b/puppet/modules/obfsproxy/manifests/init.pp
@@ -1,3 +1,4 @@
+# deploy obfsproxy service
class obfsproxy (
$transport,
$bind_address,
@@ -23,18 +24,18 @@ class obfsproxy (
}
file { '/etc/init.d/obfsproxy':
- path => '/etc/init.d/obfsproxy',
- ensure => present,
- source => 'puppet:///modules/obfsproxy/obfsproxy_init',
- owner => 'root',
- group => 'root',
- mode => '0750',
- require => File[$conf],
+ ensure => present,
+ path => '/etc/init.d/obfsproxy',
+ source => 'puppet:///modules/obfsproxy/obfsproxy_init',
+ owner => 'root',
+ group => 'root',
+ mode => '0750',
+ require => File[$conf],
}
file { $conf :
- path => $conf,
ensure => present,
+ path => $conf,
owner => 'root',
group => 'root',
mode => '0600',
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp
index 50824fdd..8bf465c1 100644
--- a/puppet/modules/site_config/manifests/caching_resolver.pp
+++ b/puppet/modules/site_config/manifests/caching_resolver.pp
@@ -1,3 +1,4 @@
+# deploy local caching resolver
class site_config::caching_resolver {
tag 'leap_base'
@@ -6,7 +7,7 @@ class site_config::caching_resolver {
anchor => false,
ssl => false,
settings => {
- server => {
+ server => {
verbosity => '1',
interface => [ '127.0.0.1', '::1' ],
port => '53',
diff --git a/puppet/modules/site_config/manifests/dhclient.pp b/puppet/modules/site_config/manifests/dhclient.pp
index 7755413b..a1f87d41 100644
--- a/puppet/modules/site_config/manifests/dhclient.pp
+++ b/puppet/modules/site_config/manifests/dhclient.pp
@@ -1,10 +1,10 @@
+# Unfortunately, there does not seem to be a way to reload the dhclient.conf
+# config file, or a convenient way to disable the modifications to
+# /etc/resolv.conf. So the following makes the functions involved noops and
+# ships a script to kill and restart dhclient. See the debian bugs:
+# #681698, #712796
class site_config::dhclient {
- # Unfortunately, there does not seem to be a way to reload the dhclient.conf
- # config file, or a convenient way to disable the modifications to
- # /etc/resolv.conf. So the following makes the functions involved noops and
- # ships a script to kill and restart dhclient. See the debian bugs:
- # #681698, #712796
include site_config::params
@@ -23,10 +23,10 @@ class site_config::dhclient {
}
file { '/etc/dhcp/dhclient-enter-hooks.d':
- ensure => directory,
- mode => '0755',
- owner => 'root',
- group => 'root',
+ ensure => directory,
+ mode => '0755',
+ owner => 'root',
+ group => 'root',
}
file { '/etc/dhcp/dhclient-enter-hooks.d/disable_resolvconf':
diff --git a/puppet/modules/site_couchdb/manifests/logrotate.pp b/puppet/modules/site_couchdb/manifests/logrotate.pp
index e1039d49..bb8843bb 100644
--- a/puppet/modules/site_couchdb/manifests/logrotate.pp
+++ b/puppet/modules/site_couchdb/manifests/logrotate.pp
@@ -1,12 +1,14 @@
+# configure couchdb logrotation
class site_couchdb::logrotate {
augeas {
'logrotate_bigcouch':
context => '/files/etc/logrotate.d/bigcouch/rule',
- changes => [ 'set file /opt/bigcouch/var/log/*.log', 'set rotate 7',
- 'set schedule daily', 'set compress compress',
- 'set missingok missingok', 'set ifempty notifempty',
- 'set copytruncate copytruncate' ]
+ changes => [
+ 'set file /opt/bigcouch/var/log/*.log', 'set rotate 7',
+ 'set schedule daily', 'set compress compress',
+ 'set missingok missingok', 'set ifempty notifempty',
+ 'set copytruncate copytruncate' ]
}
}
diff --git a/puppet/modules/site_couchdb/manifests/mirror.pp b/puppet/modules/site_couchdb/manifests/mirror.pp
index abe35c4c..fb82b897 100644
--- a/puppet/modules/site_couchdb/manifests/mirror.pp
+++ b/puppet/modules/site_couchdb/manifests/mirror.pp
@@ -1,3 +1,4 @@
+# configure mirroring of couch nodes
class site_couchdb::mirror {
Class['site_couchdb::add_users']
@@ -22,55 +23,55 @@ class site_couchdb::mirror {
### customer database
couchdb::mirror_db { 'customers':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## identities database
couchdb::mirror_db { 'identities':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## keycache database
couchdb::mirror_db { 'keycache':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## sessions database
couchdb::mirror_db { 'sessions':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## shared database
couchdb::mirror_db { 'shared':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## tickets database
couchdb::mirror_db { 'tickets':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## tokens database
couchdb::mirror_db { 'tokens':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## users database
couchdb::mirror_db { 'users':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
## messages db
couchdb::mirror_db { 'messages':
- from => $from,
+ from => $from,
require => Couchdb::Query::Setup['localhost']
}
diff --git a/puppet/modules/site_couchdb/manifests/upload_design.pp b/puppet/modules/site_couchdb/manifests/upload_design.pp
index 7b0cabd7..bd73ebf2 100644
--- a/puppet/modules/site_couchdb/manifests/upload_design.pp
+++ b/puppet/modules/site_couchdb/manifests/upload_design.pp
@@ -1,4 +1,5 @@
-define site_couchdb::upload_design($db = $title, $design) {
+# upload a design doc to a db
+define site_couchdb::upload_design($design, $db = $title) {
$design_name = regsubst($design, '^.*\/(.*)\.json$', '\1')
$id = "_design/${design_name}"
$file = "/srv/leap/couchdb/designs/${design}"
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
index b27c0e3c..c93c3ba2 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
@@ -1,3 +1,4 @@
+# configure smtp tls
class site_postfix::mx::smtp_tls {
include site_config::x509::ca
@@ -24,7 +25,7 @@ class site_postfix::mx::smtp_tls {
'smtp_tls_fingerprint_digest':
value => 'sha1';
'smtp_tls_session_cache_database':
- value => 'btree:${data_directory}/smtp_cache';
+ value => "btree:\${data_directory}/smtp_cache";
# see issue #4011
'smtp_tls_protocols':
value => '!SSLv2, !SSLv3';
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
index 02a59942..66297f55 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
@@ -1,3 +1,4 @@
+# configure smtpd tls
class site_postfix::mx::smtpd_tls {
include x509::variables
@@ -19,7 +20,7 @@ class site_postfix::mx::smtpd_tls {
'smtpd_tls_eecdh_grade':
value => 'ultra';
'smtpd_tls_session_cache_database':
- value => 'btree:${data_directory}/smtpd_scache';
+ value => "btree:\${data_directory}/smtpd_scache";
# see issue #4011
'smtpd_tls_mandatory_protocols':
value => '!SSLv2, !SSLv3';
diff --git a/puppet/modules/site_shorewall/manifests/obfsproxy.pp b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
index 68fb9b9f..75846705 100644
--- a/puppet/modules/site_shorewall/manifests/obfsproxy.pp
+++ b/puppet/modules/site_shorewall/manifests/obfsproxy.pp
@@ -1,3 +1,4 @@
+# configure shorewell for obfsproxy
class site_shorewall::obfsproxy {
include site_shorewall::defaults
@@ -8,7 +9,7 @@ class site_shorewall::obfsproxy {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_obfsproxy':
- content => "PARAM - - tcp $scram_port ",
+ content => "PARAM - - tcp ${scram_port} ",
notify => Service['shorewall'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
index 0c6c824d..d3a1aeed 100644
--- a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
+++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
@@ -1,3 +1,4 @@
+# configure shorewall for webapp api
class site_shorewall::service::webapp_api {
$api = hiera('api')
@@ -5,7 +6,7 @@ class site_shorewall::service::webapp_api {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_webapp_api':
- content => "PARAM - - tcp $api_port ",
+ content => "PARAM - - tcp ${api_port} ",
notify => Service['shorewall'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/sshd.pp b/puppet/modules/site_shorewall/manifests/sshd.pp
index 88b4102c..e2332592 100644
--- a/puppet/modules/site_shorewall/manifests/sshd.pp
+++ b/puppet/modules/site_shorewall/manifests/sshd.pp
@@ -1,3 +1,4 @@
+# configure shorewall for sshd
class site_shorewall::sshd {
$ssh_config = hiera('ssh')
@@ -7,7 +8,7 @@ class site_shorewall::sshd {
# define macro for incoming sshd
file { '/etc/shorewall/macro.leap_sshd':
- content => "PARAM - - tcp $ssh_port",
+ content => "PARAM - - tcp ${ssh_port}",
notify => Service['shorewall'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp
index f35af985..324b4844 100644
--- a/puppet/modules/site_shorewall/manifests/tor.pp
+++ b/puppet/modules/site_shorewall/manifests/tor.pp
@@ -1,3 +1,4 @@
+# configure shorewall for tor
class site_shorewall::tor {
include site_shorewall::defaults
@@ -7,7 +8,7 @@ class site_shorewall::tor {
# define macro for incoming services
file { '/etc/shorewall/macro.leap_tor':
- content => "PARAM - - tcp $tor_port ",
+ content => "PARAM - - tcp ${tor_port} ",
notify => Service['shorewall'],
require => Package['shorewall']
}
diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
index 90a33d8d..a1fde3f6 100644
--- a/puppet/modules/site_sshd/manifests/authorized_keys.pp
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -1,20 +1,22 @@
+# We want to purge unmanaged keys from the authorized_keys file so that only
+# keys added in the provider are valid. Any manually added keys will be
+# overridden.
+#
+# In order to do this, we have to use a custom define to deploy the
+# authorized_keys file because puppet's internal resource doesn't allow
+# purging before populating this file.
+#
+# See the following for more information:
+# https://tickets.puppetlabs.com/browse/PUP-1174
+# https://leap.se/code/issues/2990
+# https://leap.se/code/issues/3010
+#
define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
- # We want to purge unmanaged keys from the authorized_keys file so that only
- # keys added in the provider are valid. Any manually added keys will be
- # overridden.
- #
- # In order to do this, we have to use a custom define to deploy the
- # authorized_keys file because puppet's internal resource doesn't allow
- # purging before populating this file.
- #
- # See the following for more information:
- # https://tickets.puppetlabs.com/browse/PUP-1174
- # https://leap.se/code/issues/2990
- # https://leap.se/code/issues/3010
- #
# This line allows default homedir based on $title variable.
# If $home is empty, the default is used.
$homedir = $home ? {'' => "/home/${title}", default => $home}
+ $owner = $ensure ? {'present' => $title, default => undef }
+ $group = $ensure ? {'present' => $title, default => undef }
file {
"${homedir}/.ssh":
ensure => 'directory',
@@ -23,8 +25,8 @@ define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
mode => '0700';
"${homedir}/.ssh/authorized_keys":
ensure => $ensure,
- owner => $ensure ? {'present' => $title, default => undef },
- group => $ensure ? {'present' => $title, default => undef },
+ owner => $owner,
+ group => $group,
mode => '0600',
require => File["${homedir}/.ssh"],
content => template('site_sshd/authorized_keys.erb');
diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
index 5537d247..8b9378f2 100644
--- a/puppet/modules/site_static/manifests/domain.pp
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -1,3 +1,4 @@
+# configure static service for domain
define site_static::domain (
$ca_cert,
$key,
@@ -16,15 +17,15 @@ define site_static::domain (
x509::cert { $domain:
content => $cert,
- notify => Service[apache]
+ notify => Service[apache]
}
x509::key { $domain:
content => $key,
- notify => Service[apache]
+ notify => Service[apache]
}
x509::ca { "${domain}_ca":
content => $ca_cert,
- notify => Service[apache]
+ notify => Service[apache]
}
apache::vhost::file { $domain:
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 76ee6e19..4a722d62 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -1,3 +1,4 @@
+# deploy static service
class site_static {
tag 'leap_service'
@@ -48,8 +49,8 @@ class site_static {
if (member($formats, 'amber')) {
rubygems::gem{'amber-0.3.8':
- require => Package['zlib1g-dev']
- }
+ require => Package['zlib1g-dev']
+ }
package { 'zlib1g-dev':
ensure => installed
diff --git a/puppet/modules/site_static/manifests/location.pp b/puppet/modules/site_static/manifests/location.pp
index ce2af9af..d116de2f 100644
--- a/puppet/modules/site_static/manifests/location.pp
+++ b/puppet/modules/site_static/manifests/location.pp
@@ -1,3 +1,4 @@
+# configure static service for location
define site_static::location($path, $format, $source) {
$file_path = "/srv/static/${name}"
@@ -14,10 +15,10 @@ define site_static::location($path, $format, $source) {
if ($format == 'amber') {
exec {"amber_build_${name}":
- cwd => $file_path,
- command => 'amber rebuild',
- user => 'www-data',
- timeout => 600,
+ cwd => $file_path,
+ command => 'amber rebuild',
+ user => 'www-data',
+ timeout => 600,
subscribe => Vcsrepo[$file_path]
}
}
diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp
index d919a072..a874721f 100644
--- a/puppet/modules/site_stunnel/manifests/init.pp
+++ b/puppet/modules/site_stunnel/manifests/init.pp
@@ -36,8 +36,8 @@ class site_stunnel {
# the default is to keep 356 log files for each stunnel.
# here we set a more reasonable number.
augeas {
- "logrotate_stunnel":
- context => "/files/etc/logrotate.d/stunnel4/rule",
+ 'logrotate_stunnel':
+ context => '/files/etc/logrotate.d/stunnel4/rule',
changes => [
'set rotate 5',
]
diff --git a/puppet/modules/site_stunnel/manifests/override_service.pp b/puppet/modules/site_stunnel/manifests/override_service.pp
index 96187048..435b9aa0 100644
--- a/puppet/modules/site_stunnel/manifests/override_service.pp
+++ b/puppet/modules/site_stunnel/manifests/override_service.pp
@@ -1,4 +1,9 @@
+# override stunnel::debian defaults
+#
+# ignore puppet lint error about inheriting from different namespace
+# lint:ignore:inherits_across_namespaces
class site_stunnel::override_service inherits stunnel::debian {
+# lint:endignore
include site_config::x509::cert
include site_config::x509::key
diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp
index 7147a0d2..70b9da04 100644
--- a/puppet/modules/site_webapp/manifests/cron.pp
+++ b/puppet/modules/site_webapp/manifests/cron.pp
@@ -1,3 +1,4 @@
+# setup webapp cronjobs
class site_webapp::cron {
# cron tasks that need to be performed to cleanup the database
@@ -19,12 +20,12 @@ class site_webapp::cron {
# there is no longer a need to remove expired sessions, since the database
# will get destroyed.
'remove_expired_sessions':
+ ensure => absent,
command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions',
environment => 'RAILS_ENV=production',
user => 'leap-webapp',
hour => 2,
- minute => 30,
- ensure => absent;
+ minute => 30;
'remove_expired_tokens':
command => 'cd /srv/leap/webapp && bundle exec rake cleanup:tokens',
diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp
index cd1bb035..2493d343 100644
--- a/puppet/modules/try/manifests/file.pp
+++ b/puppet/modules/try/manifests/file.pp
@@ -32,17 +32,17 @@ define try::file (
exec {
"chmod_${name}":
command => "/bin/chmod -R ${mode} '${name}'",
- onlyif => "/usr/bin/test $mode",
+ onlyif => "/usr/bin/test ${mode}",
refreshonly => true,
loglevel => debug;
"chown_${name}":
command => "/bin/chown -R ${owner} '${name}'",
- onlyif => "/usr/bin/test $owner",
+ onlyif => "/usr/bin/test ${owner}",
refreshonly => true,
loglevel => debug;
"chgrp_${name}":
command => "/bin/chgrp -R ${group} '${name}'",
- onlyif => "/usr/bin/test $group",
+ onlyif => "/usr/bin/test ${group}",
refreshonly => true,
loglevel => debug;
}
@@ -50,31 +50,31 @@ define try::file (
if $target {
exec { "symlink_${name}":
command => "/bin/ln -s ${target} ${name}",
- onlyif => "/usr/bin/test -d '${target}'",
+ onlyif => "/usr/bin/test -d '${target}'",
}
} elsif $source {
if $ensure == 'directory' {
if $purge {
exec { "rsync_${name}":
command => "/usr/bin/rsync -r --delete '${source}/' '${name}'",
- onlyif => "/usr/bin/test -d '${source}'",
- unless => "/usr/bin/diff -rq '${source}' '${name}'",
- notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
+ onlyif => "/usr/bin/test -d '${source}'",
+ unless => "/usr/bin/diff -rq '${source}' '${name}'",
+ notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
}
} else {
exec { "cp_r_${name}":
command => "/bin/cp -r '${source}' '${name}'",
- onlyif => "/usr/bin/test -d '${source}'",
- unless => "/usr/bin/diff -rq '${source}' '${name}'",
- notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
+ onlyif => "/usr/bin/test -d '${source}'",
+ unless => "/usr/bin/diff -rq '${source}' '${name}'",
+ notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
}
}
} else {
exec { "cp_${name}":
command => "/bin/cp --remove-destination '${source}' '${name}'",
- onlyif => "/usr/bin/test -e '${source}'",
- unless => "/usr/bin/test ! -h '${name}' && /usr/bin/diff -q '${source}' '${name}'",
- notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
+ onlyif => "/usr/bin/test -e '${source}'",
+ unless => "/usr/bin/test ! -h '${name}' && /usr/bin/diff -q '${source}' '${name}'",
+ notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
}
}
}