From a3af8acba8cd479f47d76784082d95100c0833ef Mon Sep 17 00:00:00 2001
From: Christoph Kluenter <ckluente@thoughtworks.com>
Date: Wed, 7 Sep 2016 15:36:54 +0200
Subject: start clamav after definitions are downloaded

freshclam might not be able to start clamav via the socket because
the socket might not be there. This systemd unit watches for the
definitions and then starts clamav.

Resolves: #8431
---
 puppet/modules/clamav/files/clamav-daemon.path     | 12 +++++++++++
 puppet/modules/clamav/manifests/daemon.pp          |  1 +
 .../modules/clamav/manifests/daemon/activation.pp  | 24 ++++++++++++++++++++++
 3 files changed, 37 insertions(+)
 create mode 100644 puppet/modules/clamav/files/clamav-daemon.path
 create mode 100644 puppet/modules/clamav/manifests/daemon/activation.pp

diff --git a/puppet/modules/clamav/files/clamav-daemon.path b/puppet/modules/clamav/files/clamav-daemon.path
new file mode 100644
index 00000000..6e57d187
--- /dev/null
+++ b/puppet/modules/clamav/files/clamav-daemon.path
@@ -0,0 +1,12 @@
+[Unit]
+Description=Path Activation for Clam AntiVirus userspace daemon
+Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/
+
+[Path]
+# Check and wait for database existence before starting up
+PathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
+PathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}
+
+[Install]
+WantedBy=sockets.target
+
diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp
index 2e13a8fb..b51a07e9 100644
--- a/puppet/modules/clamav/manifests/daemon.pp
+++ b/puppet/modules/clamav/manifests/daemon.pp
@@ -1,5 +1,6 @@
 # deploy clamav daemon
 class clamav::daemon {
+  include clamav::daemon::activation
 
   $domain_hash           = hiera('domain')
   $domain                = $domain_hash['full_suffix']
diff --git a/puppet/modules/clamav/manifests/daemon/activation.pp b/puppet/modules/clamav/manifests/daemon/activation.pp
new file mode 100644
index 00000000..09c1e55e
--- /dev/null
+++ b/puppet/modules/clamav/manifests/daemon/activation.pp
@@ -0,0 +1,24 @@
+# ensure clamav starts after the definitions are downloaded
+# needed because sometimes clamd cannot get started by freshclam,
+# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827909
+class clamav::daemon::activation {
+
+  file { '/etc/systemd/system/clamav-daemon.path':
+    source => 'puppet:///modules/clamav/clamav-daemon.path',
+    mode   => '0644',
+    owner  => root,
+    group  => root,
+    notify => [ Exec['systemctl-daemon-reload'], Systemd::Enable['clamav-daemon.path'] ]
+  }
+
+  systemd::enable { 'clamav-daemon.path':
+    require => Exec['systemctl-daemon-reload'],
+    notify  => Exec['start_clamd_path_monitor']
+  }
+
+  exec { 'start_clamd_path_monitor':
+      command     => '/bin/systemctl start clamav-daemon.path',
+      refreshonly => true,
+      before      => Service['freshclam']
+  }
+}
-- 
cgit v1.2.3