Previous to this commit, when a stunnel::service definition was removed, the
authorMicah Anderson <micah@riseup.net>
Tue, 11 Jun 2013 18:00:27 +0000 (14:00 -0400)
committerMicah Anderson <micah@riseup.net>
Thu, 13 Jun 2013 00:22:24 +0000 (20:22 -0400)
/etc/stunnel/${name}.conf was left, and the stunnel remained running. Also, if
you changed a parameter in a stunnel::service definition, the .conf file was
changed, but the service restart may not happen properly.

This commit adds functionality to properly clean up running stunnels that are no
longer managed, and restart managed ones whose parameters have changed

manifests/init.pp
manifests/service.pp
templates/refresh_stunnel.sh.erb [new file with mode: 0644]

index a176bf8..89788ed 100644 (file)
@@ -29,4 +29,38 @@ class stunnel (
     centos: { class {  'stunnel::centos': } }
     default: { class { 'stunnel::default': } }
   }
+
+  $stunnel_staging = "${::puppet_vardir}/stunnel4"
+  $stunnel_compdir = "${stunnel_staging}/configs"
+
+  file {
+    [ $stunnel_staging, "${stunnel_staging}/bin" ]:
+      ensure => directory,
+      owner  => 0,
+      group  => 0,
+      mode   => '0750';
+
+    "${stunnel_staging}/configs":
+      ensure  => directory,
+      owner   => 0,
+      group   => 0,
+      mode    => '0750',
+      recurse => true,
+      purge   => true,
+      force   => true,
+      source  => undef;
+
+    "${stunnel_staging}/bin/refresh_stunnel.sh":
+      owner   => 0,
+      group   => 0,
+      mode    => '0755',
+      content => template('stunnel/refresh_stunnel.sh.erb');
+  }
+
+  exec { 'refresh_stunnel':
+    refreshonly => true,
+    require     => File[$stunnel_compdir],
+    subscribe   => File[$stunnel_compdir],
+    command     => "${stunnel_staging}/bin/refresh_stunnel.sh"
+  }
 }
index fd64f9b..666826d 100644 (file)
@@ -58,14 +58,17 @@ define stunnel::service (
   $real_client = $client ? { default => 'yes' }
   $real_pid = $pid ? { false => "/${name}.pid", default => $pid }
 
-  file { "/etc/stunnel/${name}.conf":
-    ensure  => $ensure,
-    content => template('stunnel/service.conf.erb'),
-    require => File['/etc/stunnel'],
-    notify  => Service[stunnel],
-    owner   => root,
-    group   => 0,
-    mode    => '0600';
+  $stunnel_compdir = "${::puppet_vardir}/stunnel4/configs"
+
+  file {
+    "${stunnel_compdir}/${name}.conf":
+      ensure  => $ensure,
+      content => template('stunnel/service.conf.erb'),
+      require => Package['stunnel'],
+      notify  => Exec['refresh_stunnel'],
+      owner   => root,
+      group   => 0,
+      mode    => '0600';
   }
 
   if $use_nagios {
diff --git a/templates/refresh_stunnel.sh.erb b/templates/refresh_stunnel.sh.erb
new file mode 100644 (file)
index 0000000..1af0cff
--- /dev/null
@@ -0,0 +1,22 @@
+#!/bin/sh -x
+
+for difference in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep differ | awk '{print $2}'`
+do 
+    old_config=`basename $difference`
+    /etc/init.d/stunnel4 stop $(basename $old_config .conf)
+    rm $difference
+done
+
+for only in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep 'Only in /etc/stunnel:' | awk '{print $4}'`
+do
+    old_config=`basename $only`
+    /etc/init.d/stunnel4 stop $(basename $only .conf)
+    rm /etc/stunnel/${only}
+done
+
+cp <%= @stunnel_staging %>/configs/*.conf /etc/stunnel
+
+/etc/init.d/stunnel4 start
+
+
+