Fix git-daemon refresh logic

Without this patch, the git-daemon init script file resource subscribes to the systemd git-daemon socket file resource, and the exec that adds or updates the git-daemon selinux port subscribes to changes in the init script. The logic is broken here because a file resource cannot subscribe to anything, only services and execs can subscribe to an event. If the selinux exec needs to run again, for instance because the git-daemon port has changed, it must wait for a change in the init script. Since the init script is built from a static file and not a template, it won't change if the git-daemon port changes, so the selinux exec will not run. This patch adds another subscribe relationship to the git-daemon selinux exec on the git-daemon socket because if that changes, the git-daemon exec needs to run again. We also replace the subscribe in the init script resource with a require, which is a no-op change but makes the relationship more clear. Change-Id: Ia985dad81a95130ea55bb6479632375ac4ea6d24
2015-09-25 13:34:28 -07:00 · 2015-09-25 13:34:28 -07:00 · 9800f44a41
commit 9800f44a41
parent 6c36488c23
2 changed files with 11 additions and 8 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -201,13 +201,13 @@ class cgit(
      content => template('cgit/git-daemon.socket.erb'),
    }
    file { 'git-daemon-init-script':
-      ensure    => present,
-      path      => '/usr/lib/systemd/system/git-daemon@.service',
-      owner     => 'root',
-      group     => 'root',
-      mode      => '0644',
-      source    => 'puppet:///modules/cgit/git-daemon.service',
-      subscribe => File['/usr/lib/systemd/system/git-daemon.socket'],
+      ensure  => present,
+      path    => '/usr/lib/systemd/system/git-daemon@.service',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      source  => 'puppet:///modules/cgit/git-daemon.service',
+      require => File['/usr/lib/systemd/system/git-daemon.socket'],
    }
  } else {
    $git_daemon_service_name = 'git-daemon'
--- a/manifests/selinux.pp
+++ b/manifests/selinux.pp
@ -52,7 +52,10 @@ class cgit::selinux {
    command     => "semanage port -m -t git_port_t -p tcp ${::cgit::daemon_port}",
    path        => '/bin:/usr/sbin',
    before      => Service[$::cgit::git_daemon_service_name],
-    subscribe   => File['git-daemon-init-script'],
+    subscribe   => [
+      File['git-daemon-init-script'],
+      File['/usr/lib/systemd/system/git-daemon.socket'],
+    ],
    refreshonly => true,
  }
 }