From edde26f34f7fea1756fdf58b352329e61787b882 Mon Sep 17 00:00:00 2001 From: Christoph Kluenter Date: Mon, 6 Jun 2016 10:14:50 +0200 Subject: debian packages don't know AllowSupplementaryGroups if this is set in the config, the deamons do not start anymore. From the debian changelog: clamav (0.99.2+dfsg-0+deb8u1) stable; urgency=medium * Import new Upstream. * Drop AllowSupplementaryGroups option which is default now (Closes: #822444). --- puppet/modules/clamav/templates/clamav-milter.conf.erb | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/clamav') diff --git a/puppet/modules/clamav/templates/clamav-milter.conf.erb b/puppet/modules/clamav/templates/clamav-milter.conf.erb index 9bf7099e..50b4c620 100644 --- a/puppet/modules/clamav/templates/clamav-milter.conf.erb +++ b/puppet/modules/clamav/templates/clamav-milter.conf.erb @@ -4,7 +4,6 @@ FixStaleSocket true User clamav MilterSocketGroup clamav MilterSocketMode 666 -AllowSupplementaryGroups true ReadTimeout 120 Foreground false PidFile /var/run/clamav/clamav-milter.pid -- cgit v1.2.3 From d6e6b05c093bf6e3c2abc5dc40cda466760b5f32 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 7 Sep 2016 10:44:57 +0200 Subject: Fix dependencies for clamd service Sometimes, after a deploy from scratch `leap test` fails because clamd could not get started (even when the deploy log says so). This fixes the dependencies of all resources needed in order to let clamd start reliable. Resolves: #8431 --- puppet/modules/clamav/manifests/daemon.pp | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'puppet/modules/clamav') diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp index 2e13a8fb..c0a4a450 100644 --- a/puppet/modules/clamav/manifests/daemon.pp +++ b/puppet/modules/clamav/manifests/daemon.pp @@ -15,7 +15,6 @@ class clamav::daemon { pattern => '/usr/sbin/clamd', enable => true, hasrestart => true, - subscribe => File['/etc/default/clamav-daemon'], require => Package['clamav-daemon']; } @@ -25,19 +24,23 @@ class clamav::daemon { mode => '0750', owner => clamav, group => postfix, - require => [Package['postfix'], Package['clamav-daemon']]; + require => [Package['postfix'], Package['clamav-daemon']], + notify => Service['clamav-daemon']; '/var/lib/clamav': mode => '0755', owner => clamav, group => clamav, - require => Package['clamav-daemon']; + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; '/etc/default/clamav-daemon': - source => 'puppet:///modules/clamav/clamav-daemon_default', - mode => '0644', - owner => root, - group => root; + source => 'puppet:///modules/clamav/clamav-daemon_default', + mode => '0644', + owner => root, + group => root, + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; # this file contains additional domains that we want the clamav # phishing process to look for (our domain) @@ -46,7 +49,8 @@ class clamav::daemon { mode => '0644', owner => clamav, group => clamav, - require => Package['clamav-daemon']; + require => Package['clamav-daemon'], + notify => Service['clamav-daemon']; } file_line { -- cgit v1.2.3 From a3af8acba8cd479f47d76784082d95100c0833ef Mon Sep 17 00:00:00 2001 From: Christoph Kluenter Date: Wed, 7 Sep 2016 15:36:54 +0200 Subject: start clamav after definitions are downloaded freshclam might not be able to start clamav via the socket because the socket might not be there. This systemd unit watches for the definitions and then starts clamav. Resolves: #8431 --- puppet/modules/clamav/files/clamav-daemon.path | 12 +++++++++++ puppet/modules/clamav/manifests/daemon.pp | 1 + .../modules/clamav/manifests/daemon/activation.pp | 24 ++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 puppet/modules/clamav/files/clamav-daemon.path create mode 100644 puppet/modules/clamav/manifests/daemon/activation.pp (limited to 'puppet/modules/clamav') diff --git a/puppet/modules/clamav/files/clamav-daemon.path b/puppet/modules/clamav/files/clamav-daemon.path new file mode 100644 index 00000000..6e57d187 --- /dev/null +++ b/puppet/modules/clamav/files/clamav-daemon.path @@ -0,0 +1,12 @@ +[Unit] +Description=Path Activation for Clam AntiVirus userspace daemon +Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/ + +[Path] +# Check and wait for database existence before starting up +PathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} +PathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} + +[Install] +WantedBy=sockets.target + diff --git a/puppet/modules/clamav/manifests/daemon.pp b/puppet/modules/clamav/manifests/daemon.pp index 2e13a8fb..b51a07e9 100644 --- a/puppet/modules/clamav/manifests/daemon.pp +++ b/puppet/modules/clamav/manifests/daemon.pp @@ -1,5 +1,6 @@ # deploy clamav daemon class clamav::daemon { + include clamav::daemon::activation $domain_hash = hiera('domain') $domain = $domain_hash['full_suffix'] diff --git a/puppet/modules/clamav/manifests/daemon/activation.pp b/puppet/modules/clamav/manifests/daemon/activation.pp new file mode 100644 index 00000000..09c1e55e --- /dev/null +++ b/puppet/modules/clamav/manifests/daemon/activation.pp @@ -0,0 +1,24 @@ +# ensure clamav starts after the definitions are downloaded +# needed because sometimes clamd cannot get started by freshclam, +# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827909 +class clamav::daemon::activation { + + file { '/etc/systemd/system/clamav-daemon.path': + source => 'puppet:///modules/clamav/clamav-daemon.path', + mode => '0644', + owner => root, + group => root, + notify => [ Exec['systemctl-daemon-reload'], Systemd::Enable['clamav-daemon.path'] ] + } + + systemd::enable { 'clamav-daemon.path': + require => Exec['systemctl-daemon-reload'], + notify => Exec['start_clamd_path_monitor'] + } + + exec { 'start_clamd_path_monitor': + command => '/bin/systemctl start clamav-daemon.path', + refreshonly => true, + before => Service['freshclam'] + } +} -- cgit v1.2.3