make service restart more failsafe

5 files changed, 21 insertions, 13 deletions

diff --git a/manifests/base.pp b/manifests/base.pp
index b5899fc..db6852a 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -8,14 +8,14 @@ class shorewall::base {
   # This file has to be managed in place, so shorewall can find it
   file {
     '/etc/shorewall/shorewall.conf':
-      require => Package[shorewall],
-      notify  => Service[shorewall],
+      require => Package['shorewall'],
+      notify  => Exec['shorewall_check'],
       owner   => 'root',
       group   => 'root',
       mode    => '0644';
     '/etc/shorewall/puppet':
       ensure  => directory,
-      require => Package[shorewall],
+      require => Package['shorewall'],
       owner   => 'root',
       group   => 'root',
       mode    => '0644';
@@ -33,11 +33,16 @@ class shorewall::base {
       changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
       lens    => 'Shellvars.lns',
       incl    => '/etc/shorewall/shorewall.conf',
-      notify  => Service['shorewall'],
+      notify  => Exec['shorewall_check'],
       require => Package['shorewall'];
     }
   }
 
+  exec{'shorewall_check':
+    command     => 'shorewall check',
+    refreshonly => true,
+    notify      => Service['shorewall'],
+  }
   service{'shorewall':
     ensure      => running,
     enable      => true,
diff --git a/manifests/centos.pp b/manifests/centos.pp
index 95b7759..1f8b37d 100644
--- a/manifests/centos.pp
+++ b/manifests/centos.pp
@@ -7,7 +7,7 @@ class shorewall::centos inherits shorewall::base {
       lens    => 'Shellvars.lns',
       incl    => '/etc/sysconfig/shorewall',
       require => Package['shorewall'],
-      notify  => Service['shorewall'],
+      notify  => Exec['shorewall_check'],
     }
   }
 }
diff --git a/manifests/debian.pp b/manifests/debian.pp
index 01d108f..326b42b 100644
--- a/manifests/debian.pp
+++ b/manifests/debian.pp
@@ -2,8 +2,8 @@ class shorewall::debian inherits shorewall::base {
   file{'/etc/default/shorewall':
     content => template("shorewall/debian_default.erb"),
     require => Package['shorewall'],
-    notify => Service['shorewall'],
-    owner => 'root', group => 'root', mode => '0644';
+    notify  => Exec['shorewall_check'],
+    owner   => 'root', group => 'root', mode => '0644';
   }
   Service['shorewall']{
     status => '/sbin/shorewall status'
diff --git a/manifests/extension_script.pp b/manifests/extension_script.pp
index 569fcbf..4abc6b1 100644
--- a/manifests/extension_script.pp
+++ b/manifests/extension_script.pp
@@ -4,7 +4,7 @@ define shorewall::extension_script($script = '') {
         'init', 'initdone', 'start', 'started', 'stop', 'stopped', 'clear', 'refresh', 'continue', 'maclog': {
           file { "/etc/shorewall/puppet/${name}":
             content => "${script}\n",
-            notify => Service[shorewall];
+            notify  => Exec['shorewall_check'];
           }
         }
         '', default: {
diff --git a/manifests/managed_file.pp b/manifests/managed_file.pp
index 7061721..b353814 100644
--- a/manifests/managed_file.pp
+++ b/manifests/managed_file.pp
@@ -1,17 +1,20 @@
-define shorewall::managed_file () {
+# manage a certain file
+define shorewall::managed_file() {
   concat{ "/etc/shorewall/puppet/${name}":
-    notify => Service['shorewall'],
+    notify  => Exec['shorewall_check'],
     require => File['/etc/shorewall/puppet'],
-    owner => 'root', group => 'root', mode => '0600';
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0600';
   }
   concat::fragment {
     "${name}-header":
       source => "puppet:///modules/shorewall/boilerplate/${name}.header",
       target => "/etc/shorewall/puppet/${name}",
-      order => '000';
+      order  => '000';
     "${name}-footer":
       source => "puppet:///modules/shorewall/boilerplate/${name}.footer",
       target => "/etc/shorewall/puppet/${name}",
-      order => '999';
+      order  => '999';
   }
 }