diff options
| author | Micah Anderson <micah@riseup.net> | 2013-06-11 14:00:27 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2013-06-12 20:22:24 -0400 |
| commit | a336f39c441b7b3706278332cc63782d2de0e299 (patch) | |
| tree | 619e2a2e4aa0c117978a08485acda3becf01c2aa | |
| parent | 75d387fc8aff12232fdeae2efbbfccdd91f94656 (diff) | |
Previous to this commit, when a stunnel::service definition was removed, the
/etc/stunnel/${name}.conf was left, and the stunnel remained running. Also, if
you changed a parameter in a stunnel::service definition, the .conf file was
changed, but the service restart may not happen properly.
This commit adds functionality to properly clean up running stunnels that are no
longer managed, and restart managed ones whose parameters have changed
| -rw-r--r-- | manifests/init.pp | 34 | ||||
| -rw-r--r-- | manifests/service.pp | 19 | ||||
| -rw-r--r-- | templates/refresh_stunnel.sh.erb | 22 |
3 files changed, 67 insertions, 8 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index a176bf8..89788ed 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -29,4 +29,38 @@ class stunnel ( centos: { class { 'stunnel::centos': } } default: { class { 'stunnel::default': } } } + + $stunnel_staging = "${::puppet_vardir}/stunnel4" + $stunnel_compdir = "${stunnel_staging}/configs" + + file { + [ $stunnel_staging, "${stunnel_staging}/bin" ]: + ensure => directory, + owner => 0, + group => 0, + mode => '0750'; + + "${stunnel_staging}/configs": + ensure => directory, + owner => 0, + group => 0, + mode => '0750', + recurse => true, + purge => true, + force => true, + source => undef; + + "${stunnel_staging}/bin/refresh_stunnel.sh": + owner => 0, + group => 0, + mode => '0755', + content => template('stunnel/refresh_stunnel.sh.erb'); + } + + exec { 'refresh_stunnel': + refreshonly => true, + require => File[$stunnel_compdir], + subscribe => File[$stunnel_compdir], + command => "${stunnel_staging}/bin/refresh_stunnel.sh" + } } diff --git a/manifests/service.pp b/manifests/service.pp index fd64f9b..666826d 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -58,14 +58,17 @@ define stunnel::service ( $real_client = $client ? { default => 'yes' } $real_pid = $pid ? { false => "/${name}.pid", default => $pid } - file { "/etc/stunnel/${name}.conf": - ensure => $ensure, - content => template('stunnel/service.conf.erb'), - require => File['/etc/stunnel'], - notify => Service[stunnel], - owner => root, - group => 0, - mode => '0600'; + $stunnel_compdir = "${::puppet_vardir}/stunnel4/configs" + + file { + "${stunnel_compdir}/${name}.conf": + ensure => $ensure, + content => template('stunnel/service.conf.erb'), + require => Package['stunnel'], + notify => Exec['refresh_stunnel'], + owner => root, + group => 0, + mode => '0600'; } if $use_nagios { diff --git a/templates/refresh_stunnel.sh.erb b/templates/refresh_stunnel.sh.erb new file mode 100644 index 0000000..1af0cff --- /dev/null +++ b/templates/refresh_stunnel.sh.erb @@ -0,0 +1,22 @@ +#!/bin/sh -x + +for difference in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep differ | awk '{print $2}'` +do + old_config=`basename $difference` + /etc/init.d/stunnel4 stop $(basename $old_config .conf) + rm $difference +done + +for only in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep 'Only in /etc/stunnel:' | awk '{print $4}'` +do + old_config=`basename $only` + /etc/init.d/stunnel4 stop $(basename $only .conf) + rm /etc/stunnel/${only} +done + +cp <%= @stunnel_staging %>/configs/*.conf /etc/stunnel + +/etc/init.d/stunnel4 start + + + |