Fix git-daemon refresh logic

Without this patch, the git-daemon init script file resource subscribes
to the systemd git-daemon socket file resource, and the exec that adds
or updates the git-daemon selinux port subscribes to changes in the
init script. The logic is broken here because a file resource cannot
subscribe to anything, only services and execs can subscribe to an
event. If the selinux exec needs to run again, for instance because the
git-daemon port has changed, it must wait for a change in the init
script. Since the init script is built from a static file and not a
template, it won't change if the git-daemon port changes, so the
selinux exec will not run.

This patch adds another subscribe relationship to the git-daemon
selinux exec on the git-daemon socket because if that changes, the
git-daemon exec needs to run again. We also replace the subscribe in
the init script resource with a require, which is a no-op change but
makes the relationship more clear.

Change-Id: Ia985dad81a95130ea55bb6479632375ac4ea6d24
This commit is contained in:
Colleen Murphy 2015-09-25 13:34:28 -07:00
parent 6c36488c23
commit 9800f44a41
2 changed files with 11 additions and 8 deletions

View File

@ -201,13 +201,13 @@ class cgit(
content => template('cgit/git-daemon.socket.erb'),
}
file { 'git-daemon-init-script':
ensure => present,
path => '/usr/lib/systemd/system/git-daemon@.service',
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/cgit/git-daemon.service',
subscribe => File['/usr/lib/systemd/system/git-daemon.socket'],
ensure => present,
path => '/usr/lib/systemd/system/git-daemon@.service',
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/cgit/git-daemon.service',
require => File['/usr/lib/systemd/system/git-daemon.socket'],
}
} else {
$git_daemon_service_name = 'git-daemon'

View File

@ -52,7 +52,10 @@ class cgit::selinux {
command => "semanage port -m -t git_port_t -p tcp ${::cgit::daemon_port}",
path => '/bin:/usr/sbin',
before => Service[$::cgit::git_daemon_service_name],
subscribe => File['git-daemon-init-script'],
subscribe => [
File['git-daemon-init-script'],
File['/usr/lib/systemd/system/git-daemon.socket'],
],
refreshonly => true,
}
}